From 2c4c1e8e94f4ae4270df86e52ba576d1d2cda80b Mon Sep 17 00:00:00 2001 From: sgaddala-ks Date: Thu, 16 Jul 2026 22:20:43 +0530 Subject: [PATCH 1/2] formatted keeper sdk package using prettier --- KeeperSdk/README.md | 18 +- KeeperSdk/package-lock.json | 1244 ++++----- KeeperSdk/package.json | 60 +- KeeperSdk/src/auth/ConsoleAuthUI.ts | 357 +-- KeeperSdk/src/auth/ConsoleLogin.ts | 591 ++-- KeeperSdk/src/auth/SessionManager.ts | 547 ++-- .../EnterpriseReportManager.ts | 59 +- .../src/enterpriseReport/actionReport.ts | 985 ++++--- KeeperSdk/src/enterpriseReport/auditReport.ts | 1472 +++++----- KeeperSdk/src/enterpriseReport/index.ts | 99 +- .../src/enterpriseReport/passwordReport.ts | 861 +++--- KeeperSdk/src/enterpriseReport/reportTypes.ts | 690 ++--- KeeperSdk/src/enterpriseReport/reportUtils.ts | 48 +- KeeperSdk/src/folders/FolderManager.ts | 424 +-- KeeperSdk/src/folders/addFolder.ts | 612 +++-- KeeperSdk/src/folders/changeDirectory.ts | 367 +-- KeeperSdk/src/folders/deleteFolder.ts | 513 ++-- KeeperSdk/src/folders/folderHelpers.ts | 141 +- KeeperSdk/src/folders/folderTree.ts | 615 +++-- KeeperSdk/src/folders/getFolder.ts | 406 +-- KeeperSdk/src/folders/listFolder.ts | 708 ++--- KeeperSdk/src/folders/updateFolder.ts | 421 +-- KeeperSdk/src/index.ts | 1315 ++++----- .../NestedShareFolderManager.ts | 366 +-- .../src/nestedShareFolders/addNsfRecord.ts | 367 +-- KeeperSdk/src/nestedShareFolders/getNsf.ts | 1007 +++---- .../nestedShareFolders/getNsfRecordDetails.ts | 204 +- KeeperSdk/src/nestedShareFolders/index.ts | 485 ++-- .../src/nestedShareFolders/linkNsfRecord.ts | 251 +- KeeperSdk/src/nestedShareFolders/listNsf.ts | 260 +- KeeperSdk/src/nestedShareFolders/mkdirNsf.ts | 416 +-- .../src/nestedShareFolders/nsfConstants.ts | 486 ++-- .../src/nestedShareFolders/nsfHelpers.ts | 2413 ++++++++++------- .../src/nestedShareFolders/nsfRecordCrypto.ts | 201 +- .../src/nestedShareFolders/nsfRecordData.ts | 647 ++--- .../nestedShareFolders/nsfRecordPermission.ts | 1296 +++++---- .../src/nestedShareFolders/nsfRecordTypes.ts | 147 +- KeeperSdk/src/nestedShareFolders/nsfShare.ts | 1578 ++++++----- .../src/nestedShareFolders/nsfShareKeys.ts | 406 +-- .../src/nestedShareFolders/nsfShortcut.ts | 652 +++-- .../src/nestedShareFolders/nsfTeamShare.ts | 384 +-- .../nestedShareFolders/nsfTransferRecord.ts | 233 +- KeeperSdk/src/nestedShareFolders/nsfTypes.ts | 923 ++++--- .../src/nestedShareFolders/removeNsfFolder.ts | 415 +-- .../src/nestedShareFolders/removeNsfRecord.ts | 463 ++-- .../src/nestedShareFolders/updateNsfFolder.ts | 307 ++- .../src/nestedShareFolders/updateNsfRecord.ts | 365 +-- KeeperSdk/src/records/RecordOperations.ts | 998 +++---- KeeperSdk/src/records/RecordUtils.ts | 436 +-- KeeperSdk/src/records/Totp.ts | 186 +- KeeperSdk/src/roles/RoleManager.ts | 289 +- KeeperSdk/src/roles/addRole.ts | 456 ++-- KeeperSdk/src/roles/deleteRole.ts | 172 +- KeeperSdk/src/roles/index.ts | 120 +- KeeperSdk/src/roles/listRoles.ts | 601 ++-- KeeperSdk/src/roles/roleTypes.ts | 75 +- KeeperSdk/src/roles/roleUtils.ts | 399 +-- KeeperSdk/src/roles/updateRole.ts | 338 ++- KeeperSdk/src/roles/viewRole.ts | 804 +++--- .../src/sharedFolders/SharedFolderManager.ts | 95 +- .../src/sharedFolders/listSharedFolders.ts | 295 +- KeeperSdk/src/sharedFolders/shareFolder.ts | 885 +++--- KeeperSdk/src/sharing/Sharing.ts | 514 ++-- KeeperSdk/src/storage/InMemoryStorage.ts | 336 +-- KeeperSdk/src/teams/TeamManager.ts | 250 +- KeeperSdk/src/teams/addTeam.ts | 857 +++--- KeeperSdk/src/teams/deleteTeam.ts | 271 +- KeeperSdk/src/teams/enterpriseData.ts | 1304 +++++---- KeeperSdk/src/teams/listTeams.ts | 641 +++-- KeeperSdk/src/teams/teamUtils.ts | 396 +-- KeeperSdk/src/teams/updateTeam.ts | 406 +-- KeeperSdk/src/teams/viewTeam.ts | 445 +-- KeeperSdk/src/users/UserManager.ts | 344 ++- KeeperSdk/src/users/actionUser.ts | 649 +++-- KeeperSdk/src/users/addUser.ts | 544 ++-- KeeperSdk/src/users/aliasUser.ts | 249 +- KeeperSdk/src/users/deleteUser.ts | 241 +- KeeperSdk/src/users/listUsers.ts | 871 +++--- KeeperSdk/src/users/teamUser.ts | 1351 +++++---- KeeperSdk/src/users/updateUser.ts | 638 +++-- KeeperSdk/src/users/userTypes.ts | 559 ++-- KeeperSdk/src/users/viewUser.ts | 579 ++-- KeeperSdk/src/utils/Logger.ts | 102 +- KeeperSdk/src/utils/constants.ts | 425 +-- KeeperSdk/src/utils/errors.ts | 176 +- KeeperSdk/src/utils/guards.ts | 12 +- KeeperSdk/src/utils/index.ts | 77 +- KeeperSdk/src/utils/patterns.ts | 33 +- KeeperSdk/src/utils/types.ts | 10 +- KeeperSdk/src/vault/KeeperVault.ts | 2280 +++++++++------- KeeperSdk/tsconfig.json | 28 +- 91 files changed, 25939 insertions(+), 21623 deletions(-) diff --git a/KeeperSdk/README.md b/KeeperSdk/README.md index 62fa48b8..bb49b99d 100644 --- a/KeeperSdk/README.md +++ b/KeeperSdk/README.md @@ -13,17 +13,21 @@ npm install @keeper-security/keeper-sdk-javascript ## Quickstart ```typescript -import { KeeperVault, ConsoleAuthUI, FileConfigLoader } from '@keeper-security/keeper-sdk-javascript' +import { + KeeperVault, + ConsoleAuthUI, + FileConfigLoader, +} from "@keeper-security/keeper-sdk-javascript"; const vault = new KeeperVault({ - authUI: new ConsoleAuthUI(), - configLoader: new FileConfigLoader('./keeper-config.json'), -}) + authUI: new ConsoleAuthUI(), + configLoader: new FileConfigLoader("./keeper-config.json"), +}); -await vault.login() -await vault.syncDown() +await vault.login(); +await vault.syncDown(); -console.log(`Loaded ${vault.records.size} records`) +console.log(`Loaded ${vault.records.size} records`); ``` ## Supported functionality diff --git a/KeeperSdk/package-lock.json b/KeeperSdk/package-lock.json index c4740a6a..783ba11e 100644 --- a/KeeperSdk/package-lock.json +++ b/KeeperSdk/package-lock.json @@ -1,626 +1,626 @@ { - "name": "@keeper-security/keeper-sdk-javascript", - "version": "1.1.1", - "lockfileVersion": 3, - "requires": true, - "packages": { - "": { - "name": "@keeper-security/keeper-sdk-javascript", - "version": "1.1.1", - "license": "ISC", - "dependencies": { - "@keeper-security/keeperapi": "^18.0.4", - "ts-node": "^10.7.0", - "typescript": "^4.6.3" - }, - "devDependencies": { - "@types/node": "^25.6.0", - "prettier": "^3.8.1" - } - }, - "node_modules/@cspotcode/source-map-support": { - "version": "0.8.1", - "resolved": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz", - "integrity": "sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw==", - "license": "MIT", - "dependencies": { - "@jridgewell/trace-mapping": "0.3.9" - }, - "engines": { - "node": ">=12" - } - }, - "node_modules/@jridgewell/resolve-uri": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", - "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==", - "license": "MIT", - "engines": { - "node": ">=6.0.0" - } - }, - "node_modules/@jridgewell/sourcemap-codec": { - "version": "1.5.5", - "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz", - "integrity": "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==", - "license": "MIT" - }, - "node_modules/@jridgewell/trace-mapping": { - "version": "0.3.9", - "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz", - "integrity": "sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==", - "license": "MIT", - "dependencies": { - "@jridgewell/resolve-uri": "^3.0.3", - "@jridgewell/sourcemap-codec": "^1.4.10" - } - }, - "node_modules/@keeper-security/keeperapi": { - "version": "18.0.5", - "resolved": "https://registry.npmjs.org/@keeper-security/keeperapi/-/keeperapi-18.0.5.tgz", - "integrity": "sha512-13P0mDMgaeUsbsQxlUqV1SMX0X9VAQ5aGa2antZDJWifqNqkZbTQEX/5evuZQN/tsTBn30/2DANpsCQyB1uQmw==", - "license": "ISC", - "dependencies": { - "@noble/post-quantum": "^0.5.2", - "asmcrypto.js": "^2.3.2", - "faye-websocket": "^0.11.3", - "form-data": "^4.0.4", - "node-rsa": "^1.0.8" - }, - "engines": { - "node": ">=24.13.1" - } - }, - "node_modules/@noble/curves": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/@noble/curves/-/curves-2.0.1.tgz", - "integrity": "sha512-vs1Az2OOTBiP4q0pwjW5aF0xp9n4MxVrmkFBxc6EKZc6ddYx5gaZiAsZoq0uRRXWbi3AT/sBqn05eRPtn1JCPw==", - "license": "MIT", - "dependencies": { - "@noble/hashes": "2.0.1" - }, - "engines": { - "node": ">= 20.19.0" - }, - "funding": { - "url": "https://paulmillr.com/funding/" - } - }, - "node_modules/@noble/hashes": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-2.0.1.tgz", - "integrity": "sha512-XlOlEbQcE9fmuXxrVTXCTlG2nlRXa9Rj3rr5Ue/+tX+nmkgbX720YHh0VR3hBF9xDvwnb8D2shVGOwNx+ulArw==", - "license": "MIT", - "engines": { - "node": ">= 20.19.0" - }, - "funding": { - "url": "https://paulmillr.com/funding/" - } - }, - "node_modules/@noble/post-quantum": { - "version": "0.5.4", - "resolved": "https://registry.npmjs.org/@noble/post-quantum/-/post-quantum-0.5.4.tgz", - "integrity": "sha512-leww0zzIirrvwaYMPI9fj6aRIlA/c6Y0/lifQQ1YOOyHEr0MNH3yYpjXeiVG+tWdPps4XxGclFWX2INPO3Yo5w==", - "license": "MIT", - "dependencies": { - "@noble/curves": "~2.0.0", - "@noble/hashes": "~2.0.0" - }, - "engines": { - "node": ">= 20.19.0" - }, - "funding": { - "url": "https://paulmillr.com/funding/" - } - }, - "node_modules/@tsconfig/node10": { - "version": "1.0.12", - "resolved": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.12.tgz", - "integrity": "sha512-UCYBaeFvM11aU2y3YPZ//O5Rhj+xKyzy7mvcIoAjASbigy8mHMryP5cK7dgjlz2hWxh1g5pLw084E0a/wlUSFQ==", - "license": "MIT" - }, - "node_modules/@tsconfig/node12": { - "version": "1.0.11", - "resolved": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz", - "integrity": "sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag==", - "license": "MIT" - }, - "node_modules/@tsconfig/node14": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz", - "integrity": "sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow==", - "license": "MIT" - }, - "node_modules/@tsconfig/node16": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz", - "integrity": "sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA==", - "license": "MIT" - }, - "node_modules/@types/node": { - "version": "25.6.0", - "resolved": "https://registry.npmjs.org/@types/node/-/node-25.6.0.tgz", - "integrity": "sha512-+qIYRKdNYJwY3vRCZMdJbPLJAtGjQBudzZzdzwQYkEPQd+PJGixUL5QfvCLDaULoLv+RhT3LDkwEfKaAkgSmNQ==", - "license": "MIT", - "dependencies": { - "undici-types": "~7.19.0" - } - }, - "node_modules/acorn": { - "version": "8.16.0", - "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.16.0.tgz", - "integrity": "sha512-UVJyE9MttOsBQIDKw1skb9nAwQuR5wuGD3+82K6JgJlm/Y+KI92oNsMNGZCYdDsVtRHSak0pcV5Dno5+4jh9sw==", - "license": "MIT", - "bin": { - "acorn": "bin/acorn" - }, - "engines": { - "node": ">=0.4.0" - } - }, - "node_modules/acorn-walk": { - "version": "8.3.5", - "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.5.tgz", - "integrity": "sha512-HEHNfbars9v4pgpW6SO1KSPkfoS0xVOM/9UzkJltjlsHZmJasxg8aXkuZa7SMf8vKGIBhpUsPluQSqhJFCqebw==", - "license": "MIT", - "dependencies": { - "acorn": "^8.11.0" - }, - "engines": { - "node": ">=0.4.0" - } - }, - "node_modules/arg": { - "version": "4.1.3", - "resolved": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz", - "integrity": "sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==", - "license": "MIT" - }, - "node_modules/asmcrypto.js": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/asmcrypto.js/-/asmcrypto.js-2.3.2.tgz", - "integrity": "sha512-3FgFARf7RupsZETQ1nHnhLUUvpcttcCq1iZCaVAbJZbCZ5VNRrNyvpDyHTOb0KC3llFcsyOT/a99NZcCbeiEsA==", - "license": "MIT" - }, - "node_modules/asn1": { - "version": "0.2.6", - "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.6.tgz", - "integrity": "sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ==", - "license": "MIT", - "dependencies": { - "safer-buffer": "~2.1.0" - } - }, - "node_modules/asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==", - "license": "MIT" - }, - "node_modules/call-bind-apply-helpers": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz", - "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==", - "license": "MIT", - "dependencies": { - "es-errors": "^1.3.0", - "function-bind": "^1.1.2" - }, - "engines": { - "node": ">= 0.4" - } - }, - "node_modules/combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "license": "MIT", - "dependencies": { - "delayed-stream": "~1.0.0" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/create-require": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz", - "integrity": "sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ==", - "license": "MIT" - }, - "node_modules/delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==", - "license": "MIT", - "engines": { - "node": ">=0.4.0" - } - }, - "node_modules/diff": { - "version": "4.0.4", - "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.4.tgz", - "integrity": "sha512-X07nttJQkwkfKfvTPG/KSnE2OMdcUCao6+eXF3wmnIQRn2aPAHH3VxDbDOdegkd6JbPsXqShpvEOHfAT+nCNwQ==", - "license": "BSD-3-Clause", - "engines": { - "node": ">=0.3.1" - } - }, - "node_modules/dunder-proto": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz", - "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==", - "license": "MIT", - "dependencies": { - "call-bind-apply-helpers": "^1.0.1", - "es-errors": "^1.3.0", - "gopd": "^1.2.0" - }, - "engines": { - "node": ">= 0.4" - } - }, - "node_modules/es-define-property": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz", - "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==", - "license": "MIT", - "engines": { - "node": ">= 0.4" - } - }, - "node_modules/es-errors": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", - "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==", - "license": "MIT", - "engines": { - "node": ">= 0.4" - } - }, - "node_modules/es-object-atoms": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz", - "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==", - "license": "MIT", - "dependencies": { - "es-errors": "^1.3.0" - }, - "engines": { - "node": ">= 0.4" - } - }, - "node_modules/es-set-tostringtag": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz", - "integrity": "sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==", - "license": "MIT", - "dependencies": { - "es-errors": "^1.3.0", - "get-intrinsic": "^1.2.6", - "has-tostringtag": "^1.0.2", - "hasown": "^2.0.2" - }, - "engines": { - "node": ">= 0.4" - } - }, - "node_modules/faye-websocket": { - "version": "0.11.4", - "resolved": "https://registry.npmjs.org/faye-websocket/-/faye-websocket-0.11.4.tgz", - "integrity": "sha512-CzbClwlXAuiRQAlUyfqPgvPoNKTckTPGfwZV4ZdAhVcP2lh9KUxJg2b5GkE7XbjKQ3YJnQ9z6D9ntLAlB+tP8g==", - "license": "Apache-2.0", - "dependencies": { - "websocket-driver": ">=0.5.1" - }, - "engines": { - "node": ">=0.8.0" - } - }, - "node_modules/form-data": { - "version": "4.0.6", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.6.tgz", - "integrity": "sha512-vKatAh4SlVfgbv+YtmhiRjhEMJsYpsG1Y2rMQtR+SVSbytsSD1YGzDIcrAJmdFec88u/+VoGmxnl+80gL1tRCQ==", - "dependencies": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "es-set-tostringtag": "^2.1.0", - "hasown": "^2.0.4", - "mime-types": "^2.1.35" - }, - "engines": { - "node": ">= 6" - } - }, - "node_modules/function-bind": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", - "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", - "license": "MIT", - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/get-intrinsic": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz", - "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==", - "license": "MIT", - "dependencies": { - "call-bind-apply-helpers": "^1.0.2", - "es-define-property": "^1.0.1", - "es-errors": "^1.3.0", - "es-object-atoms": "^1.1.1", - "function-bind": "^1.1.2", - "get-proto": "^1.0.1", - "gopd": "^1.2.0", - "has-symbols": "^1.1.0", - "hasown": "^2.0.2", - "math-intrinsics": "^1.1.0" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/get-proto": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz", - "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==", - "license": "MIT", - "dependencies": { - "dunder-proto": "^1.0.1", - "es-object-atoms": "^1.0.0" - }, - "engines": { - "node": ">= 0.4" - } - }, - "node_modules/gopd": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz", - "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==", - "license": "MIT", - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/has-symbols": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz", - "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==", - "license": "MIT", - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/has-tostringtag": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz", - "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==", - "license": "MIT", - "dependencies": { - "has-symbols": "^1.0.3" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/hasown": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.4.tgz", - "integrity": "sha512-T2UbfbBEF32wiepXIsMlTW9+dDYC6wMh/t/vYA4tuOMKqWz/n3vr1NFSxQiyP+zk2mXsoMA/i/7qV6LKut1t1A==", - "dependencies": { - "function-bind": "^1.1.2" - }, - "engines": { - "node": ">= 0.4" - } - }, - "node_modules/http-parser-js": { - "version": "0.5.10", - "resolved": "https://registry.npmjs.org/http-parser-js/-/http-parser-js-0.5.10.tgz", - "integrity": "sha512-Pysuw9XpUq5dVc/2SMHpuTY01RFl8fttgcyunjL7eEMhGM3cI4eOmiCycJDVCo/7O7ClfQD3SaI6ftDzqOXYMA==", - "license": "MIT" - }, - "node_modules/make-error": { - "version": "1.3.6", - "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", - "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==", - "license": "ISC" - }, - "node_modules/math-intrinsics": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz", - "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==", - "license": "MIT", - "engines": { - "node": ">= 0.4" - } - }, - "node_modules/mime-db": { - "version": "1.52.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", - "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", - "license": "MIT", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/mime-types": { - "version": "2.1.35", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", - "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", - "license": "MIT", - "dependencies": { - "mime-db": "1.52.0" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/node-rsa": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/node-rsa/-/node-rsa-1.1.1.tgz", - "integrity": "sha512-Jd4cvbJMryN21r5HgxQOpMEqv+ooke/korixNNK3mGqfGJmy0M77WDDzo/05969+OkMy3XW1UuZsSmW9KQm7Fw==", - "license": "MIT", - "dependencies": { - "asn1": "^0.2.4" - } - }, - "node_modules/prettier": { - "version": "3.8.3", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.3.tgz", - "integrity": "sha512-7igPTM53cGHMW8xWuVTydi2KO233VFiTNyF5hLJqpilHfmn8C8gPf+PS7dUT64YcXFbiMGZxS9pCSxL/Dxm/Jw==", - "dev": true, - "license": "MIT", - "bin": { - "prettier": "bin/prettier.cjs" - }, - "engines": { - "node": ">=14" - }, - "funding": { - "url": "https://github.com/prettier/prettier?sponsor=1" - } - }, - "node_modules/safe-buffer": { - "version": "5.2.1", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", - "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/feross" - }, - { - "type": "patreon", - "url": "https://www.patreon.com/feross" - }, - { - "type": "consulting", - "url": "https://feross.org/support" - } - ], - "license": "MIT" - }, - "node_modules/safer-buffer": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", - "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", - "license": "MIT" - }, - "node_modules/ts-node": { - "version": "10.9.2", - "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz", - "integrity": "sha512-f0FFpIdcHgn8zcPSbf1dRevwt047YMnaiJM3u2w2RewrB+fob/zePZcrOyQoLMMO7aBIddLcQIEK5dYjkLnGrQ==", - "license": "MIT", - "dependencies": { - "@cspotcode/source-map-support": "^0.8.0", - "@tsconfig/node10": "^1.0.7", - "@tsconfig/node12": "^1.0.7", - "@tsconfig/node14": "^1.0.0", - "@tsconfig/node16": "^1.0.2", - "acorn": "^8.4.1", - "acorn-walk": "^8.1.1", - "arg": "^4.1.0", - "create-require": "^1.1.0", - "diff": "^4.0.1", - "make-error": "^1.1.1", - "v8-compile-cache-lib": "^3.0.1", - "yn": "3.1.1" - }, - "bin": { - "ts-node": "dist/bin.js", - "ts-node-cwd": "dist/bin-cwd.js", - "ts-node-esm": "dist/bin-esm.js", - "ts-node-script": "dist/bin-script.js", - "ts-node-transpile-only": "dist/bin-transpile.js", - "ts-script": "dist/bin-script-deprecated.js" - }, - "peerDependencies": { - "@swc/core": ">=1.2.50", - "@swc/wasm": ">=1.2.50", - "@types/node": "*", - "typescript": ">=2.7" - }, - "peerDependenciesMeta": { - "@swc/core": { - "optional": true - }, - "@swc/wasm": { - "optional": true - } - } - }, - "node_modules/typescript": { - "version": "4.9.5", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz", - "integrity": "sha512-1FXk9E2Hm+QzZQ7z+McJiHL4NW1F2EzMu9Nq9i3zAaGqibafqYwCVU6WyWAuyQRRzOlxou8xZSyXLEN8oKj24g==", - "license": "Apache-2.0", - "bin": { - "tsc": "bin/tsc", - "tsserver": "bin/tsserver" - }, - "engines": { - "node": ">=4.2.0" - } - }, - "node_modules/undici-types": { - "version": "7.19.2", - "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.19.2.tgz", - "integrity": "sha512-qYVnV5OEm2AW8cJMCpdV20CDyaN3g0AjDlOGf1OW4iaDEx8MwdtChUp4zu4H0VP3nDRF/8RKWH+IPp9uW0YGZg==", - "license": "MIT" - }, - "node_modules/v8-compile-cache-lib": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz", - "integrity": "sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg==", - "license": "MIT" - }, - "node_modules/websocket-driver": { - "version": "0.7.4", - "resolved": "https://registry.npmjs.org/websocket-driver/-/websocket-driver-0.7.4.tgz", - "integrity": "sha512-b17KeDIQVjvb0ssuSDF2cYXSg2iztliJ4B9WdsuB6J952qCPKmnVq4DyW5motImXHDC1cBT/1UezrJVsKw5zjg==", - "license": "Apache-2.0", - "dependencies": { - "http-parser-js": ">=0.5.1", - "safe-buffer": ">=5.1.0", - "websocket-extensions": ">=0.1.1" - }, - "engines": { - "node": ">=0.8.0" - } - }, - "node_modules/websocket-extensions": { - "version": "0.1.4", - "resolved": "https://registry.npmjs.org/websocket-extensions/-/websocket-extensions-0.1.4.tgz", - "integrity": "sha512-OqedPIGOfsDlo31UNwYbCFMSaO9m9G/0faIHj5/dZFDMFqPTcx6UwqyOy3COEaEOg/9VsGIpdqn62W5KhoKSpg==", - "license": "Apache-2.0", - "engines": { - "node": ">=0.8.0" - } - }, - "node_modules/yn": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", - "integrity": "sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==", - "license": "MIT", - "engines": { - "node": ">=6" - } + "name": "@keeper-security/keeper-sdk-javascript", + "version": "1.1.1", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "@keeper-security/keeper-sdk-javascript", + "version": "1.1.1", + "license": "ISC", + "dependencies": { + "@keeper-security/keeperapi": "^18.0.4", + "ts-node": "^10.7.0", + "typescript": "^4.6.3" + }, + "devDependencies": { + "@types/node": "^25.6.0", + "prettier": "^3.8.1" + } + }, + "node_modules/@cspotcode/source-map-support": { + "version": "0.8.1", + "resolved": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz", + "integrity": "sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw==", + "license": "MIT", + "dependencies": { + "@jridgewell/trace-mapping": "0.3.9" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/@jridgewell/resolve-uri": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==", + "license": "MIT", + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/sourcemap-codec": { + "version": "1.5.5", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz", + "integrity": "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==", + "license": "MIT" + }, + "node_modules/@jridgewell/trace-mapping": { + "version": "0.3.9", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz", + "integrity": "sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==", + "license": "MIT", + "dependencies": { + "@jridgewell/resolve-uri": "^3.0.3", + "@jridgewell/sourcemap-codec": "^1.4.10" + } + }, + "node_modules/@keeper-security/keeperapi": { + "version": "18.0.5", + "resolved": "https://registry.npmjs.org/@keeper-security/keeperapi/-/keeperapi-18.0.5.tgz", + "integrity": "sha512-13P0mDMgaeUsbsQxlUqV1SMX0X9VAQ5aGa2antZDJWifqNqkZbTQEX/5evuZQN/tsTBn30/2DANpsCQyB1uQmw==", + "license": "ISC", + "dependencies": { + "@noble/post-quantum": "^0.5.2", + "asmcrypto.js": "^2.3.2", + "faye-websocket": "^0.11.3", + "form-data": "^4.0.4", + "node-rsa": "^1.0.8" + }, + "engines": { + "node": ">=24.13.1" + } + }, + "node_modules/@noble/curves": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@noble/curves/-/curves-2.0.1.tgz", + "integrity": "sha512-vs1Az2OOTBiP4q0pwjW5aF0xp9n4MxVrmkFBxc6EKZc6ddYx5gaZiAsZoq0uRRXWbi3AT/sBqn05eRPtn1JCPw==", + "license": "MIT", + "dependencies": { + "@noble/hashes": "2.0.1" + }, + "engines": { + "node": ">= 20.19.0" + }, + "funding": { + "url": "https://paulmillr.com/funding/" + } + }, + "node_modules/@noble/hashes": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-2.0.1.tgz", + "integrity": "sha512-XlOlEbQcE9fmuXxrVTXCTlG2nlRXa9Rj3rr5Ue/+tX+nmkgbX720YHh0VR3hBF9xDvwnb8D2shVGOwNx+ulArw==", + "license": "MIT", + "engines": { + "node": ">= 20.19.0" + }, + "funding": { + "url": "https://paulmillr.com/funding/" + } + }, + "node_modules/@noble/post-quantum": { + "version": "0.5.4", + "resolved": "https://registry.npmjs.org/@noble/post-quantum/-/post-quantum-0.5.4.tgz", + "integrity": "sha512-leww0zzIirrvwaYMPI9fj6aRIlA/c6Y0/lifQQ1YOOyHEr0MNH3yYpjXeiVG+tWdPps4XxGclFWX2INPO3Yo5w==", + "license": "MIT", + "dependencies": { + "@noble/curves": "~2.0.0", + "@noble/hashes": "~2.0.0" + }, + "engines": { + "node": ">= 20.19.0" + }, + "funding": { + "url": "https://paulmillr.com/funding/" + } + }, + "node_modules/@tsconfig/node10": { + "version": "1.0.12", + "resolved": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.12.tgz", + "integrity": "sha512-UCYBaeFvM11aU2y3YPZ//O5Rhj+xKyzy7mvcIoAjASbigy8mHMryP5cK7dgjlz2hWxh1g5pLw084E0a/wlUSFQ==", + "license": "MIT" + }, + "node_modules/@tsconfig/node12": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz", + "integrity": "sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag==", + "license": "MIT" + }, + "node_modules/@tsconfig/node14": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz", + "integrity": "sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow==", + "license": "MIT" + }, + "node_modules/@tsconfig/node16": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz", + "integrity": "sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA==", + "license": "MIT" + }, + "node_modules/@types/node": { + "version": "25.6.0", + "resolved": "https://registry.npmjs.org/@types/node/-/node-25.6.0.tgz", + "integrity": "sha512-+qIYRKdNYJwY3vRCZMdJbPLJAtGjQBudzZzdzwQYkEPQd+PJGixUL5QfvCLDaULoLv+RhT3LDkwEfKaAkgSmNQ==", + "license": "MIT", + "dependencies": { + "undici-types": "~7.19.0" + } + }, + "node_modules/acorn": { + "version": "8.16.0", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.16.0.tgz", + "integrity": "sha512-UVJyE9MttOsBQIDKw1skb9nAwQuR5wuGD3+82K6JgJlm/Y+KI92oNsMNGZCYdDsVtRHSak0pcV5Dno5+4jh9sw==", + "license": "MIT", + "bin": { + "acorn": "bin/acorn" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/acorn-walk": { + "version": "8.3.5", + "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.5.tgz", + "integrity": "sha512-HEHNfbars9v4pgpW6SO1KSPkfoS0xVOM/9UzkJltjlsHZmJasxg8aXkuZa7SMf8vKGIBhpUsPluQSqhJFCqebw==", + "license": "MIT", + "dependencies": { + "acorn": "^8.11.0" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/arg": { + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz", + "integrity": "sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==", + "license": "MIT" + }, + "node_modules/asmcrypto.js": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/asmcrypto.js/-/asmcrypto.js-2.3.2.tgz", + "integrity": "sha512-3FgFARf7RupsZETQ1nHnhLUUvpcttcCq1iZCaVAbJZbCZ5VNRrNyvpDyHTOb0KC3llFcsyOT/a99NZcCbeiEsA==", + "license": "MIT" + }, + "node_modules/asn1": { + "version": "0.2.6", + "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.6.tgz", + "integrity": "sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ==", + "license": "MIT", + "dependencies": { + "safer-buffer": "~2.1.0" + } + }, + "node_modules/asynckit": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", + "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==", + "license": "MIT" + }, + "node_modules/call-bind-apply-helpers": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz", + "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/combined-stream": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", + "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", + "license": "MIT", + "dependencies": { + "delayed-stream": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/create-require": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz", + "integrity": "sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ==", + "license": "MIT" + }, + "node_modules/delayed-stream": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", + "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==", + "license": "MIT", + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/diff": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.4.tgz", + "integrity": "sha512-X07nttJQkwkfKfvTPG/KSnE2OMdcUCao6+eXF3wmnIQRn2aPAHH3VxDbDOdegkd6JbPsXqShpvEOHfAT+nCNwQ==", + "license": "BSD-3-Clause", + "engines": { + "node": ">=0.3.1" + } + }, + "node_modules/dunder-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz", + "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.1", + "es-errors": "^1.3.0", + "gopd": "^1.2.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-define-property": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz", + "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-errors": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-object-atoms": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz", + "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-set-tostringtag": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz", + "integrity": "sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.6", + "has-tostringtag": "^1.0.2", + "hasown": "^2.0.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/faye-websocket": { + "version": "0.11.4", + "resolved": "https://registry.npmjs.org/faye-websocket/-/faye-websocket-0.11.4.tgz", + "integrity": "sha512-CzbClwlXAuiRQAlUyfqPgvPoNKTckTPGfwZV4ZdAhVcP2lh9KUxJg2b5GkE7XbjKQ3YJnQ9z6D9ntLAlB+tP8g==", + "license": "Apache-2.0", + "dependencies": { + "websocket-driver": ">=0.5.1" + }, + "engines": { + "node": ">=0.8.0" + } + }, + "node_modules/form-data": { + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.6.tgz", + "integrity": "sha512-vKatAh4SlVfgbv+YtmhiRjhEMJsYpsG1Y2rMQtR+SVSbytsSD1YGzDIcrAJmdFec88u/+VoGmxnl+80gL1tRCQ==", + "dependencies": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.8", + "es-set-tostringtag": "^2.1.0", + "hasown": "^2.0.4", + "mime-types": "^2.1.35" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/function-bind": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-intrinsic": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz", + "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "es-define-property": "^1.0.1", + "es-errors": "^1.3.0", + "es-object-atoms": "^1.1.1", + "function-bind": "^1.1.2", + "get-proto": "^1.0.1", + "gopd": "^1.2.0", + "has-symbols": "^1.1.0", + "hasown": "^2.0.2", + "math-intrinsics": "^1.1.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz", + "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==", + "license": "MIT", + "dependencies": { + "dunder-proto": "^1.0.1", + "es-object-atoms": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/gopd": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz", + "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-symbols": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz", + "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-tostringtag": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz", + "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==", + "license": "MIT", + "dependencies": { + "has-symbols": "^1.0.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/hasown": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.4.tgz", + "integrity": "sha512-T2UbfbBEF32wiepXIsMlTW9+dDYC6wMh/t/vYA4tuOMKqWz/n3vr1NFSxQiyP+zk2mXsoMA/i/7qV6LKut1t1A==", + "dependencies": { + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/http-parser-js": { + "version": "0.5.10", + "resolved": "https://registry.npmjs.org/http-parser-js/-/http-parser-js-0.5.10.tgz", + "integrity": "sha512-Pysuw9XpUq5dVc/2SMHpuTY01RFl8fttgcyunjL7eEMhGM3cI4eOmiCycJDVCo/7O7ClfQD3SaI6ftDzqOXYMA==", + "license": "MIT" + }, + "node_modules/make-error": { + "version": "1.3.6", + "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==", + "license": "ISC" + }, + "node_modules/math-intrinsics": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz", + "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/node-rsa": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/node-rsa/-/node-rsa-1.1.1.tgz", + "integrity": "sha512-Jd4cvbJMryN21r5HgxQOpMEqv+ooke/korixNNK3mGqfGJmy0M77WDDzo/05969+OkMy3XW1UuZsSmW9KQm7Fw==", + "license": "MIT", + "dependencies": { + "asn1": "^0.2.4" + } + }, + "node_modules/prettier": { + "version": "3.8.3", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.3.tgz", + "integrity": "sha512-7igPTM53cGHMW8xWuVTydi2KO233VFiTNyF5hLJqpilHfmn8C8gPf+PS7dUT64YcXFbiMGZxS9pCSxL/Dxm/Jw==", + "dev": true, + "license": "MIT", + "bin": { + "prettier": "bin/prettier.cjs" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/prettier/prettier?sponsor=1" + } + }, + "node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, + "node_modules/safer-buffer": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", + "license": "MIT" + }, + "node_modules/ts-node": { + "version": "10.9.2", + "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz", + "integrity": "sha512-f0FFpIdcHgn8zcPSbf1dRevwt047YMnaiJM3u2w2RewrB+fob/zePZcrOyQoLMMO7aBIddLcQIEK5dYjkLnGrQ==", + "license": "MIT", + "dependencies": { + "@cspotcode/source-map-support": "^0.8.0", + "@tsconfig/node10": "^1.0.7", + "@tsconfig/node12": "^1.0.7", + "@tsconfig/node14": "^1.0.0", + "@tsconfig/node16": "^1.0.2", + "acorn": "^8.4.1", + "acorn-walk": "^8.1.1", + "arg": "^4.1.0", + "create-require": "^1.1.0", + "diff": "^4.0.1", + "make-error": "^1.1.1", + "v8-compile-cache-lib": "^3.0.1", + "yn": "3.1.1" + }, + "bin": { + "ts-node": "dist/bin.js", + "ts-node-cwd": "dist/bin-cwd.js", + "ts-node-esm": "dist/bin-esm.js", + "ts-node-script": "dist/bin-script.js", + "ts-node-transpile-only": "dist/bin-transpile.js", + "ts-script": "dist/bin-script-deprecated.js" + }, + "peerDependencies": { + "@swc/core": ">=1.2.50", + "@swc/wasm": ">=1.2.50", + "@types/node": "*", + "typescript": ">=2.7" + }, + "peerDependenciesMeta": { + "@swc/core": { + "optional": true + }, + "@swc/wasm": { + "optional": true } + } + }, + "node_modules/typescript": { + "version": "4.9.5", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz", + "integrity": "sha512-1FXk9E2Hm+QzZQ7z+McJiHL4NW1F2EzMu9Nq9i3zAaGqibafqYwCVU6WyWAuyQRRzOlxou8xZSyXLEN8oKj24g==", + "license": "Apache-2.0", + "bin": { + "tsc": "bin/tsc", + "tsserver": "bin/tsserver" + }, + "engines": { + "node": ">=4.2.0" + } + }, + "node_modules/undici-types": { + "version": "7.19.2", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.19.2.tgz", + "integrity": "sha512-qYVnV5OEm2AW8cJMCpdV20CDyaN3g0AjDlOGf1OW4iaDEx8MwdtChUp4zu4H0VP3nDRF/8RKWH+IPp9uW0YGZg==", + "license": "MIT" + }, + "node_modules/v8-compile-cache-lib": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz", + "integrity": "sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg==", + "license": "MIT" + }, + "node_modules/websocket-driver": { + "version": "0.7.4", + "resolved": "https://registry.npmjs.org/websocket-driver/-/websocket-driver-0.7.4.tgz", + "integrity": "sha512-b17KeDIQVjvb0ssuSDF2cYXSg2iztliJ4B9WdsuB6J952qCPKmnVq4DyW5motImXHDC1cBT/1UezrJVsKw5zjg==", + "license": "Apache-2.0", + "dependencies": { + "http-parser-js": ">=0.5.1", + "safe-buffer": ">=5.1.0", + "websocket-extensions": ">=0.1.1" + }, + "engines": { + "node": ">=0.8.0" + } + }, + "node_modules/websocket-extensions": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/websocket-extensions/-/websocket-extensions-0.1.4.tgz", + "integrity": "sha512-OqedPIGOfsDlo31UNwYbCFMSaO9m9G/0faIHj5/dZFDMFqPTcx6UwqyOy3COEaEOg/9VsGIpdqn62W5KhoKSpg==", + "license": "Apache-2.0", + "engines": { + "node": ">=0.8.0" + } + }, + "node_modules/yn": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", + "integrity": "sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==", + "license": "MIT", + "engines": { + "node": ">=6" + } } + } } diff --git a/KeeperSdk/package.json b/KeeperSdk/package.json index 755f8510..e8ab5648 100644 --- a/KeeperSdk/package.json +++ b/KeeperSdk/package.json @@ -1,32 +1,32 @@ { - "name": "@keeper-security/keeper-sdk-javascript", - "version": "1.1.1", - "description": "High-level wrapper for Keeper Security JavaScript SDK", - "repository": { - "type": "git", - "url": "git+https://github.com/Keeper-Security/keeper-sdk-javascript.git", - "directory": "KeeperSdk" - }, - "license": "ISC", - "main": "src/index.ts", - "scripts": { - "build": "tsc", - "clean": "rm -rf dist", - "link-local": "npm link ../keeperapi", - "format": "prettier --write .", - "format:check": "prettier --check .", - "test": "jest", - "types": "tsc --watch", - "types:ci": "tsc", - "prepublishOnly": "npm run build" - }, - "dependencies": { - "@keeper-security/keeperapi": "^18.0.4", - "ts-node": "^10.7.0", - "typescript": "^4.6.3" - }, - "devDependencies": { - "@types/node": "^25.6.0", - "prettier": "^3.8.1" - } + "name": "@keeper-security/keeper-sdk-javascript", + "version": "1.1.1", + "description": "High-level wrapper for Keeper Security JavaScript SDK", + "repository": { + "type": "git", + "url": "git+https://github.com/Keeper-Security/keeper-sdk-javascript.git", + "directory": "KeeperSdk" + }, + "license": "ISC", + "main": "src/index.ts", + "scripts": { + "build": "tsc", + "clean": "rm -rf dist", + "link-local": "npm link ../keeperapi", + "format": "prettier --write .", + "format:check": "prettier --check .", + "test": "jest", + "types": "tsc --watch", + "types:ci": "tsc", + "prepublishOnly": "npm run build" + }, + "dependencies": { + "@keeper-security/keeperapi": "^18.0.4", + "ts-node": "^10.7.0", + "typescript": "^4.6.3" + }, + "devDependencies": { + "@types/node": "^25.6.0", + "prettier": "^3.8.1" + } } diff --git a/KeeperSdk/src/auth/ConsoleAuthUI.ts b/KeeperSdk/src/auth/ConsoleAuthUI.ts index 69a53da1..b09c0c71 100644 --- a/KeeperSdk/src/auth/ConsoleAuthUI.ts +++ b/KeeperSdk/src/auth/ConsoleAuthUI.ts @@ -1,169 +1,208 @@ -import readline from 'readline/promises' -import { setTimeout as delay } from 'timers/promises' -import type { AuthUI3, DeviceApprovalChannel, TwoFactorChannelData } from '@keeper-security/keeperapi' -import { Authentication } from '@keeper-security/keeperapi' -import { logger, extractErrorMessage, KeeperSdkError, AuthDefaults, ResultCodes } from '../utils' +import readline from "readline/promises"; +import { setTimeout as delay } from "timers/promises"; +import type { + AuthUI3, + DeviceApprovalChannel, + TwoFactorChannelData, +} from "@keeper-security/keeperapi"; +import { Authentication } from "@keeper-security/keeperapi"; +import { + logger, + extractErrorMessage, + KeeperSdkError, + AuthDefaults, + ResultCodes, +} from "../utils"; export class ConsoleAuthUI implements AuthUI3 { - private static readonly DEVICE_VERIFICATION = { - Email: 0, - KeeperPush: 1, - TFA: 2, - AdminApproval: 3, - } as const - - private static channelName(channel: number): string { - switch (channel) { - case ConsoleAuthUI.DEVICE_VERIFICATION.Email: - return 'Email Verification' - case ConsoleAuthUI.DEVICE_VERIFICATION.KeeperPush: - return 'Keeper Push' - case ConsoleAuthUI.DEVICE_VERIFICATION.TFA: - return 'Two-Factor Authentication' - case ConsoleAuthUI.DEVICE_VERIFICATION.AdminApproval: - return 'Admin Approval' - default: - return `Channel ${channel}` - } + private static readonly DEVICE_VERIFICATION = { + Email: 0, + KeeperPush: 1, + TFA: 2, + AdminApproval: 3, + } as const; + + private static channelName(channel: number): string { + switch (channel) { + case ConsoleAuthUI.DEVICE_VERIFICATION.Email: + return "Email Verification"; + case ConsoleAuthUI.DEVICE_VERIFICATION.KeeperPush: + return "Keeper Push"; + case ConsoleAuthUI.DEVICE_VERIFICATION.TFA: + return "Two-Factor Authentication"; + case ConsoleAuthUI.DEVICE_VERIFICATION.AdminApproval: + return "Admin Approval"; + default: + return `Channel ${channel}`; } - - private static twoFactorChannelName(channelType: Authentication.TwoFactorChannelType): string { - switch (channelType) { - case Authentication.TwoFactorChannelType.TWO_FA_CT_TOTP: - return 'Authenticator App (TOTP)' - case Authentication.TwoFactorChannelType.TWO_FA_CT_SMS: - return 'SMS' - case Authentication.TwoFactorChannelType.TWO_FA_CT_DUO: - return 'Duo Security' - case Authentication.TwoFactorChannelType.TWO_FA_CT_RSA: - return 'RSA SecurID' - case Authentication.TwoFactorChannelType.TWO_FA_CT_DNA: - return 'Keeper DNA' - case Authentication.TwoFactorChannelType.TWO_FA_CT_U2F: - return 'U2F Security Key' - case Authentication.TwoFactorChannelType.TWO_FA_CT_WEBAUTHN: - return 'WebAuthn Security Key' - case Authentication.TwoFactorChannelType.TWO_FA_CT_KEEPER: - return 'Keeper' - default: - throw new KeeperSdkError( - `Unsupported 2FA channel type: ${channelType}`, - ResultCodes.UNSUPPORTED_2FA_CHANNEL - ) - } + } + + private static twoFactorChannelName( + channelType: Authentication.TwoFactorChannelType, + ): string { + switch (channelType) { + case Authentication.TwoFactorChannelType.TWO_FA_CT_TOTP: + return "Authenticator App (TOTP)"; + case Authentication.TwoFactorChannelType.TWO_FA_CT_SMS: + return "SMS"; + case Authentication.TwoFactorChannelType.TWO_FA_CT_DUO: + return "Duo Security"; + case Authentication.TwoFactorChannelType.TWO_FA_CT_RSA: + return "RSA SecurID"; + case Authentication.TwoFactorChannelType.TWO_FA_CT_DNA: + return "Keeper DNA"; + case Authentication.TwoFactorChannelType.TWO_FA_CT_U2F: + return "U2F Security Key"; + case Authentication.TwoFactorChannelType.TWO_FA_CT_WEBAUTHN: + return "WebAuthn Security Key"; + case Authentication.TwoFactorChannelType.TWO_FA_CT_KEEPER: + return "Keeper"; + default: + throw new KeeperSdkError( + `Unsupported 2FA channel type: ${channelType}`, + ResultCodes.UNSUPPORTED_2FA_CHANNEL, + ); } - - private static async waitWithCancel(timeoutMs: number, cancel?: Promise): Promise { - if (!cancel) { - await delay(timeoutMs) - return - } - await Promise.race([delay(timeoutMs), cancel]) + } + + private static async waitWithCancel( + timeoutMs: number, + cancel?: Promise, + ): Promise { + if (!cancel) { + await delay(timeoutMs); + return; } - - public async waitForDeviceApproval(channels: DeviceApprovalChannel[], isCloud: boolean): Promise { - const rl = readline.createInterface({ - input: process.stdin, - output: process.stdout, - }) - - try { - logger.info('\n--- Device Approval Required ---') - logger.info('This device needs to be approved before you can log in.') - logger.info('Available verification methods:') - channels.forEach((ch, i) => { - logger.info(` ${i + 1}. ${ConsoleAuthUI.channelName(ch.channel)}`) - }) - - const choice = (await rl.question('\nSelect method (number): ')).trim() - const idx = parseInt(choice, 10) - 1 - - if (isNaN(idx) || idx < 0 || idx >= channels.length) { - logger.warn('Invalid selection, cancelling.') - return false - } - - const selected = channels[idx] - logger.info(`\nSending ${ConsoleAuthUI.channelName(selected.channel)} request...`) - await selected.sendApprovalRequest() - - if (selected.validateCode) { - const code = (await rl.question('Enter verification code: ')).trim() - if (!code) return false - await selected.validateCode(code) - } else { - logger.info('Approval request sent. Waiting for approval on your other device...') - await ConsoleAuthUI.waitWithCancel(AuthDefaults.APPROVAL_TIMEOUT_MS) - } - - return true - } catch (e) { - logger.error('Device approval error:', extractErrorMessage(e)) - return false - } finally { - rl.close() - } + await Promise.race([delay(timeoutMs), cancel]); + } + + public async waitForDeviceApproval( + channels: DeviceApprovalChannel[], + isCloud: boolean, + ): Promise { + const rl = readline.createInterface({ + input: process.stdin, + output: process.stdout, + }); + + try { + logger.info("\n--- Device Approval Required ---"); + logger.info("This device needs to be approved before you can log in."); + logger.info("Available verification methods:"); + channels.forEach((ch, i) => { + logger.info(` ${i + 1}. ${ConsoleAuthUI.channelName(ch.channel)}`); + }); + + const choice = (await rl.question("\nSelect method (number): ")).trim(); + const idx = parseInt(choice, 10) - 1; + + if (isNaN(idx) || idx < 0 || idx >= channels.length) { + logger.warn("Invalid selection, cancelling."); + return false; + } + + const selected = channels[idx]; + logger.info( + `\nSending ${ConsoleAuthUI.channelName(selected.channel)} request...`, + ); + await selected.sendApprovalRequest(); + + if (selected.validateCode) { + const code = (await rl.question("Enter verification code: ")).trim(); + if (!code) return false; + await selected.validateCode(code); + } else { + logger.info( + "Approval request sent. Waiting for approval on your other device...", + ); + await ConsoleAuthUI.waitWithCancel(AuthDefaults.APPROVAL_TIMEOUT_MS); + } + + return true; + } catch (e) { + logger.error("Device approval error:", extractErrorMessage(e)); + return false; + } finally { + rl.close(); } - - public async waitForTwoFactorCode(channels: TwoFactorChannelData[], cancel: Promise): Promise { - const rl = readline.createInterface({ - input: process.stdin, - output: process.stdout, - }) - - try { - logger.info('\n--- Two-Factor Authentication Required ---') - logger.info('Available 2FA methods:') - channels.forEach((ch, i) => { - const name = ConsoleAuthUI.twoFactorChannelName(ch.channel.channelType!) - logger.info(` ${i + 1}. ${name}`) - }) - - const choice = (await rl.question('\nSelect method (number): ')).trim() - const idx = parseInt(choice, 10) - 1 - - if (isNaN(idx) || idx < 0 || idx >= channels.length) { - logger.warn('Invalid selection, cancelling.') - return false - } - - const selected = channels[idx] - const name = ConsoleAuthUI.twoFactorChannelName(selected.channel.channelType!) - - if (selected.availablePushes && selected.availablePushes.length > 0) { - const pushChoice = (await rl.question(`Send push notification for ${name}? (y/n): `)).trim() - if (pushChoice.toLowerCase() === 'y' && selected.sendPush) { - selected.sendPush(selected.availablePushes[0]) - logger.info('Push sent. Waiting for approval...') - await ConsoleAuthUI.waitWithCancel(AuthDefaults.APPROVAL_TIMEOUT_MS, cancel) - return true - } - } - - const code = (await rl.question(`Enter ${name} code: `)).trim() - if (!code) return false - - selected.sendCode(code) - await ConsoleAuthUI.waitWithCancel(AuthDefaults.CODE_VALIDATION_DELAY_MS, cancel) - return true - } catch (e) { - logger.error('2FA error:', extractErrorMessage(e)) - return false - } finally { - rl.close() + } + + public async waitForTwoFactorCode( + channels: TwoFactorChannelData[], + cancel: Promise, + ): Promise { + const rl = readline.createInterface({ + input: process.stdin, + output: process.stdout, + }); + + try { + logger.info("\n--- Two-Factor Authentication Required ---"); + logger.info("Available 2FA methods:"); + channels.forEach((ch, i) => { + const name = ConsoleAuthUI.twoFactorChannelName( + ch.channel.channelType!, + ); + logger.info(` ${i + 1}. ${name}`); + }); + + const choice = (await rl.question("\nSelect method (number): ")).trim(); + const idx = parseInt(choice, 10) - 1; + + if (isNaN(idx) || idx < 0 || idx >= channels.length) { + logger.warn("Invalid selection, cancelling."); + return false; + } + + const selected = channels[idx]; + const name = ConsoleAuthUI.twoFactorChannelName( + selected.channel.channelType!, + ); + + if (selected.availablePushes && selected.availablePushes.length > 0) { + const pushChoice = ( + await rl.question(`Send push notification for ${name}? (y/n): `) + ).trim(); + if (pushChoice.toLowerCase() === "y" && selected.sendPush) { + selected.sendPush(selected.availablePushes[0]); + logger.info("Push sent. Waiting for approval..."); + await ConsoleAuthUI.waitWithCancel( + AuthDefaults.APPROVAL_TIMEOUT_MS, + cancel, + ); + return true; } + } + + const code = (await rl.question(`Enter ${name} code: `)).trim(); + if (!code) return false; + + selected.sendCode(code); + await ConsoleAuthUI.waitWithCancel( + AuthDefaults.CODE_VALIDATION_DELAY_MS, + cancel, + ); + return true; + } catch (e) { + logger.error("2FA error:", extractErrorMessage(e)); + return false; + } finally { + rl.close(); } - - public async getPassword(isAlternate: boolean): Promise { - const rl = readline.createInterface({ - input: process.stdin, - output: process.stdout, - }) - try { - const label = isAlternate ? 'alternate master password' : 'master password' - return (await rl.question(`Enter your ${label}: `)).trim() - } finally { - rl.close() - } + } + + public async getPassword(isAlternate: boolean): Promise { + const rl = readline.createInterface({ + input: process.stdin, + output: process.stdout, + }); + try { + const label = isAlternate + ? "alternate master password" + : "master password"; + return (await rl.question(`Enter your ${label}: `)).trim(); + } finally { + rl.close(); } + } } diff --git a/KeeperSdk/src/auth/ConsoleLogin.ts b/KeeperSdk/src/auth/ConsoleLogin.ts index 3d0907e3..3c153c71 100644 --- a/KeeperSdk/src/auth/ConsoleLogin.ts +++ b/KeeperSdk/src/auth/ConsoleLogin.ts @@ -1,351 +1,382 @@ -import readline from 'readline/promises' -import type { AuthUI3 } from '@keeper-security/keeperapi' -import { KeeperVault } from '../vault/KeeperVault' +import readline from "readline/promises"; +import type { AuthUI3 } from "@keeper-security/keeperapi"; +import { KeeperVault } from "../vault/KeeperVault"; import { - logger, - extractResultCode, - extractErrorMessage, - KeeperSdkError, - SdkDefaults, - AuthDefaults, - ResultCodes, - KEEPER_PUBLIC_HOSTS, -} from '../utils' -import { ConsoleAuthUI } from './ConsoleAuthUI' -import { FileConfigLoader } from './SessionManager' -import type { KeeperJsonConfig } from './SessionManager' - -const DEFAULT_REGION = 'US' -const MASK_CHAR = '*' -const NOOP_WRITE = (() => true) as typeof process.stdout.write + logger, + extractResultCode, + extractErrorMessage, + KeeperSdkError, + SdkDefaults, + AuthDefaults, + ResultCodes, + KEEPER_PUBLIC_HOSTS, +} from "../utils"; +import { ConsoleAuthUI } from "./ConsoleAuthUI"; +import { FileConfigLoader } from "./SessionManager"; +import type { KeeperJsonConfig } from "./SessionManager"; + +const DEFAULT_REGION = "US"; +const MASK_CHAR = "*"; +const NOOP_WRITE = (() => true) as typeof process.stdout.write; enum CliCharAction { - Submit, - Cancel, - Backspace, - Append, + Submit, + Cancel, + Backspace, + Append, } type ConsoleHandlers = { - log: typeof console.log - warn: typeof console.warn - debug: typeof console.debug - error: typeof console.error - stdoutWrite: typeof process.stdout.write - stderrWrite: typeof process.stderr.write -} + log: typeof console.log; + warn: typeof console.warn; + debug: typeof console.debug; + error: typeof console.error; + stdoutWrite: typeof process.stdout.write; + stderrWrite: typeof process.stderr.write; +}; -const defaultConfigLoader = new FileConfigLoader() +const defaultConfigLoader = new FileConfigLoader(); -let rlManager: ReadlineManager | null = null -let suppressionDepth = 0 -let originals: ConsoleHandlers | null = null +let rlManager: ReadlineManager | null = null; +let suppressionDepth = 0; +let originals: ConsoleHandlers | null = null; function captureConsoleHandlers(): ConsoleHandlers { - return { - log: console.log, - warn: console.warn, - debug: console.debug, - error: console.error, - stdoutWrite: process.stdout.write.bind(process.stdout), - stderrWrite: process.stderr.write.bind(process.stderr), - } + return { + log: console.log, + warn: console.warn, + debug: console.debug, + error: console.error, + stdoutWrite: process.stdout.write.bind(process.stdout), + stderrWrite: process.stderr.write.bind(process.stderr), + }; } function applyConsoleHandlers(h: ConsoleHandlers): void { - console.log = h.log - console.warn = h.warn - console.debug = h.debug - console.error = h.error - process.stdout.write = h.stdoutWrite - process.stderr.write = h.stderrWrite + console.log = h.log; + console.warn = h.warn; + console.debug = h.debug; + console.error = h.error; + process.stdout.write = h.stdoutWrite; + process.stderr.write = h.stderrWrite; } function classifyInputChar(ch: string): CliCharAction { - if (ch === '\n' || ch === '\r') return CliCharAction.Submit - if (ch === '\u0003') return CliCharAction.Cancel - if (ch === '\u007F' || ch === '\b') return CliCharAction.Backspace - return CliCharAction.Append + if (ch === "\n" || ch === "\r") return CliCharAction.Submit; + if (ch === "\u0003") return CliCharAction.Cancel; + if (ch === "\u007F" || ch === "\b") return CliCharAction.Backspace; + return CliCharAction.Append; } class ReadlineManager { - private rl: readline.Interface | null = null - - private getOrCreate(): readline.Interface { - if (!this.rl) { - this.rl = readline.createInterface({ - input: process.stdin, - output: process.stdout, - }) - } - return this.rl + private rl: readline.Interface | null = null; + + private getOrCreate(): readline.Interface { + if (!this.rl) { + this.rl = readline.createInterface({ + input: process.stdin, + output: process.stdout, + }); } - - public async question(query: string): Promise { - const rl = this.getOrCreate() - const answer = await rl.question(query) - return answer.trim() - } - - public close(): void { - if (this.rl) { - this.rl.close() - this.rl = null - } + return this.rl; + } + + public async question(query: string): Promise { + const rl = this.getOrCreate(); + const answer = await rl.question(query); + return answer.trim(); + } + + public close(): void { + if (this.rl) { + this.rl.close(); + this.rl = null; } + } } function getReadlineManager(): ReadlineManager { - if (!rlManager) { - rlManager = new ReadlineManager() - } - return rlManager + if (!rlManager) { + rlManager = new ReadlineManager(); + } + return rlManager; } export function prompt(question: string, masked = false): Promise { - const mgr = getReadlineManager() - if (!masked) { - return mgr.question(question) + const mgr = getReadlineManager(); + if (!masked) { + return mgr.question(question); + } + + return new Promise((resolve, reject) => { + mgr.close(); + process.stdout.write(question); + let buf = ""; + process.stdin.setRawMode(true); + process.stdin.resume(); + process.stdin.setEncoding("utf8"); + + function exitRawMode() { + process.stdout.write("\n"); + process.stdin.setRawMode(false); + process.stdin.pause(); + process.stdin.removeListener("data", onData); } - return new Promise((resolve, reject) => { - mgr.close() - process.stdout.write(question) - let buf = '' - process.stdin.setRawMode(true) - process.stdin.resume() - process.stdin.setEncoding('utf8') - - function exitRawMode() { - process.stdout.write('\n') - process.stdin.setRawMode(false) - process.stdin.pause() - process.stdin.removeListener('data', onData) - } - - const onData = (str: string) => { - for (const ch of str) { - switch (classifyInputChar(ch)) { - case CliCharAction.Submit: - exitRawMode() - resolve(buf.trim()) - return - case CliCharAction.Cancel: - exitRawMode() - reject(new KeeperSdkError('Operation cancelled by user.', ResultCodes.USER_CANCELLED)) - return - case CliCharAction.Backspace: - if (buf.length > 0) { - buf = buf.slice(0, -1) - process.stdout.write('\b \b') - } - break - case CliCharAction.Append: - buf += ch - process.stdout.write(MASK_CHAR) - break - } + const onData = (str: string) => { + for (const ch of str) { + switch (classifyInputChar(ch)) { + case CliCharAction.Submit: + exitRawMode(); + resolve(buf.trim()); + return; + case CliCharAction.Cancel: + exitRawMode(); + reject( + new KeeperSdkError( + "Operation cancelled by user.", + ResultCodes.USER_CANCELLED, + ), + ); + return; + case CliCharAction.Backspace: + if (buf.length > 0) { + buf = buf.slice(0, -1); + process.stdout.write("\b \b"); } + break; + case CliCharAction.Append: + buf += ch; + process.stdout.write(MASK_CHAR); + break; } + } + }; - process.stdin.on('data', onData) - }) + process.stdin.on("data", onData); + }); } -export async function loadKeeperConfig(preloaded?: KeeperJsonConfig): Promise { - if (preloaded) return preloaded - return defaultConfigLoader.load() +export async function loadKeeperConfig( + preloaded?: KeeperJsonConfig, +): Promise { + if (preloaded) return preloaded; + return defaultConfigLoader.load(); } -export async function resolveServer(username?: string, preloadedConfig?: KeeperJsonConfig): Promise { - const config = await loadKeeperConfig(preloadedConfig) - const configServer = config.last_server || config.server - - if (username) { - const users = config.users || [] - const userEntry = users.find((u) => u.user?.toLowerCase() === username.toLowerCase()) - if (userEntry?.server) return userEntry.server - } - - if (configServer) return configServer - - logger.info('Select server region:') - const entries = Object.entries(KEEPER_PUBLIC_HOSTS) - entries.forEach(([region, host], i) => { - logger.info(` ${i + 1}. ${region} (${host})`) - }) - logger.info(` Or enter a hostname directly (e.g. dev.keepersecurity.com)`) - - const choice = await prompt(`Region [1 = ${DEFAULT_REGION}]: `) - if (!choice) return KEEPER_PUBLIC_HOSTS[DEFAULT_REGION] - - const idx = parseInt(choice, 10) - 1 - if (idx >= 0 && idx < entries.length) return entries[idx][1] - - return KEEPER_PUBLIC_HOSTS[choice.toUpperCase()] || choice +export async function resolveServer( + username?: string, + preloadedConfig?: KeeperJsonConfig, +): Promise { + const config = await loadKeeperConfig(preloadedConfig); + const configServer = config.last_server || config.server; + + if (username) { + const users = config.users || []; + const userEntry = users.find( + (u) => u.user?.toLowerCase() === username.toLowerCase(), + ); + if (userEntry?.server) return userEntry.server; + } + + if (configServer) return configServer; + + logger.info("Select server region:"); + const entries = Object.entries(KEEPER_PUBLIC_HOSTS); + entries.forEach(([region, host], i) => { + logger.info(` ${i + 1}. ${region} (${host})`); + }); + logger.info(` Or enter a hostname directly (e.g. dev.keepersecurity.com)`); + + const choice = await prompt(`Region [1 = ${DEFAULT_REGION}]: `); + if (!choice) return KEEPER_PUBLIC_HOSTS[DEFAULT_REGION]; + + const idx = parseInt(choice, 10) - 1; + if (idx >= 0 && idx < entries.length) return entries[idx][1]; + + return KEEPER_PUBLIC_HOSTS[choice.toUpperCase()] || choice; } export function suppressLogs(): () => void { - if (suppressionDepth === 0) { - originals = captureConsoleHandlers() - applyConsoleHandlers({ - log: () => {}, - warn: () => {}, - debug: () => {}, - error: () => {}, - stdoutWrite: NOOP_WRITE, - stderrWrite: NOOP_WRITE, - }) - } - suppressionDepth++ - - let restored = false - return () => { - if (restored) return - restored = true - suppressionDepth-- - if (suppressionDepth === 0 && originals) { - applyConsoleHandlers(originals) - originals = null - } + if (suppressionDepth === 0) { + originals = captureConsoleHandlers(); + applyConsoleHandlers({ + log: () => {}, + warn: () => {}, + debug: () => {}, + error: () => {}, + stdoutWrite: NOOP_WRITE, + stderrWrite: NOOP_WRITE, + }); + } + suppressionDepth++; + + let restored = false; + return () => { + if (restored) return; + restored = true; + suppressionDepth--; + if (suppressionDepth === 0 && originals) { + applyConsoleHandlers(originals); + originals = null; } + }; } async function withSuppressedOutput(fn: () => Promise): Promise { - const restore = suppressLogs() - try { - return await fn() - } finally { - restore() - } + const restore = suppressLogs(); + try { + return await fn(); + } finally { + restore(); + } } function unsuppressLogs(): () => void { - if (suppressionDepth === 0 || !originals) return () => {} + if (suppressionDepth === 0 || !originals) return () => {}; - const overrides = captureConsoleHandlers() - applyConsoleHandlers(originals) + const overrides = captureConsoleHandlers(); + applyConsoleHandlers(originals); - let restored = false - return () => { - if (restored) return - restored = true - applyConsoleHandlers(overrides) - } + let restored = false; + return () => { + if (restored) return; + restored = true; + applyConsoleHandlers(overrides); + }; } function unsuppressedAuthUI(): AuthUI3 { - const ui = new ConsoleAuthUI() - const wrap = (fn: (...args: A) => Promise) => - async (...args: A): Promise => { - const restore = unsuppressLogs() - try { - return await fn(...args) - } finally { - restore() - } - } - return { - waitForDeviceApproval: wrap(ui.waitForDeviceApproval.bind(ui)), - waitForTwoFactorCode: wrap(ui.waitForTwoFactorCode.bind(ui)), - getPassword: wrap(ui.getPassword.bind(ui)), - } + const ui = new ConsoleAuthUI(); + const wrap = + (fn: (...args: A) => Promise) => + async (...args: A): Promise => { + const restore = unsuppressLogs(); + try { + return await fn(...args); + } finally { + restore(); + } + }; + return { + waitForDeviceApproval: wrap(ui.waitForDeviceApproval.bind(ui)), + waitForTwoFactorCode: wrap(ui.waitForTwoFactorCode.bind(ui)), + getPassword: wrap(ui.getPassword.bind(ui)), + }; } export async function login(): Promise { - const config = await loadKeeperConfig() - const defaultUsername = config.last_login || config.user || '' - - const host = defaultUsername ? await resolveServer(defaultUsername, config) : undefined + const config = await loadKeeperConfig(); + const defaultUsername = config.last_login || config.user || ""; + + const host = defaultUsername + ? await resolveServer(defaultUsername, config) + : undefined; + + if (defaultUsername && host) { + const vault = await tryPersistentLogin(host, defaultUsername); + if (vault) return vault; + } + + let username: string; + if (defaultUsername) { + logger.info(`Enter master password for ${defaultUsername}`); + username = defaultUsername; + } else { + username = await prompt("Username (email): "); + } + + if (!username) { + throw new KeeperSdkError( + "Username is required.", + ResultCodes.MISSING_USERNAME, + ); + } - if (defaultUsername && host) { - const vault = await tryPersistentLogin(host, defaultUsername) - if (vault) return vault - } + const resolvedHost = host || (await resolveServer(username, config)); + return await interactiveLogin(resolvedHost, username); +} - let username: string - if (defaultUsername) { - logger.info(`Enter master password for ${defaultUsername}`) - username = defaultUsername - } else { - username = await prompt('Username (email): ') - } +async function tryPersistentLogin( + host: string, + username: string, +): Promise { + const vault = new KeeperVault({ + host, + clientVersion: SdkDefaults.CLIENT_VERSION, + authUI: unsuppressedAuthUI(), + }); + try { + await withSuppressedOutput(() => vault.resumeSession()); + logger.info(`Logging in to Keeper as ${username}`); + logger.info("Successfully authenticated with Persistent Login"); + return await syncVault(vault); + } catch (err) { + logger.debug("Persistent login failed:", extractErrorMessage(err)); + vault.disconnect(); + return null; + } +} - if (!username) { - throw new KeeperSdkError('Username is required.', ResultCodes.MISSING_USERNAME) +async function interactiveLogin( + host: string, + username: string, +): Promise { + const vault = new KeeperVault({ + host, + clientVersion: SdkDefaults.CLIENT_VERSION, + authUI: unsuppressedAuthUI(), + }); + + for (let attempt = 1; attempt <= AuthDefaults.MAX_LOGIN_ATTEMPTS; attempt++) { + const password = await prompt("Password: ", true); + + if (!password) { + throw new KeeperSdkError( + "Password is required.", + ResultCodes.MISSING_PASSWORD, + ); } - const resolvedHost = host || (await resolveServer(username, config)) - return await interactiveLogin(resolvedHost, username) -} - -async function tryPersistentLogin(host: string, username: string): Promise { - const vault = new KeeperVault({ - host, - clientVersion: SdkDefaults.CLIENT_VERSION, - authUI: unsuppressedAuthUI(), - }) try { - await withSuppressedOutput(() => vault.resumeSession()) - logger.info(`Logging in to Keeper as ${username}`) - logger.info('Successfully authenticated with Persistent Login') - return await syncVault(vault) + await withSuppressedOutput(() => vault.login(username, password)); + logger.info("Successfully authenticated with Master Password\n"); + return await syncVault(vault); } catch (err) { - logger.debug('Persistent login failed:', extractErrorMessage(err)) - vault.disconnect() - return null - } -} - -async function interactiveLogin(host: string, username: string): Promise { - const vault = new KeeperVault({ - host, - clientVersion: SdkDefaults.CLIENT_VERSION, - authUI: unsuppressedAuthUI(), - }) - - for (let attempt = 1; attempt <= AuthDefaults.MAX_LOGIN_ATTEMPTS; attempt++) { - const password = await prompt('Password: ', true) - - if (!password) { - throw new KeeperSdkError('Password is required.', ResultCodes.MISSING_PASSWORD) - } - - try { - await withSuppressedOutput(() => vault.login(username, password)) - logger.info('Successfully authenticated with Master Password\n') - return await syncVault(vault) - } catch (err) { - const resultCode = extractResultCode(err) - if (resultCode === ResultCodes.INVALID_CREDENTIALS) { - const remaining = AuthDefaults.MAX_LOGIN_ATTEMPTS - attempt - if (remaining > 0) { - logger.warn(`Invalid credentials (${remaining} attempt${remaining === 1 ? '' : 's'} remaining)`) - continue - } - throw new KeeperSdkError( - `Maximum login attempts (${AuthDefaults.MAX_LOGIN_ATTEMPTS}) exceeded.`, - ResultCodes.MAX_ATTEMPTS_EXCEEDED - ) - } - throw KeeperSdkError.from(err) + const resultCode = extractResultCode(err); + if (resultCode === ResultCodes.INVALID_CREDENTIALS) { + const remaining = AuthDefaults.MAX_LOGIN_ATTEMPTS - attempt; + if (remaining > 0) { + logger.warn( + `Invalid credentials (${remaining} attempt${remaining === 1 ? "" : "s"} remaining)`, + ); + continue; } + throw new KeeperSdkError( + `Maximum login attempts (${AuthDefaults.MAX_LOGIN_ATTEMPTS}) exceeded.`, + ResultCodes.MAX_ATTEMPTS_EXCEEDED, + ); + } + throw KeeperSdkError.from(err); } + } - throw new KeeperSdkError( - `Maximum login attempts (${AuthDefaults.MAX_LOGIN_ATTEMPTS}) exceeded.`, - ResultCodes.MAX_ATTEMPTS_EXCEEDED - ) + throw new KeeperSdkError( + `Maximum login attempts (${AuthDefaults.MAX_LOGIN_ATTEMPTS}) exceeded.`, + ResultCodes.MAX_ATTEMPTS_EXCEEDED, + ); } async function syncVault(vault: KeeperVault): Promise { - logger.info('Syncing vault...') - await withSuppressedOutput(() => vault.sync()) - logger.info(`Vault synced. ${vault.getSummary().recordCount} records loaded.\n`) - return vault + logger.info("Syncing vault..."); + await withSuppressedOutput(() => vault.sync()); + logger.info( + `Vault synced. ${vault.getSummary().recordCount} records loaded.\n`, + ); + return vault; } export function cleanup(vault: KeeperVault): void { - vault.disconnect() - getReadlineManager().close() + vault.disconnect(); + getReadlineManager().close(); } diff --git a/KeeperSdk/src/auth/SessionManager.ts b/KeeperSdk/src/auth/SessionManager.ts index ec3c7a9b..92734f8b 100644 --- a/KeeperSdk/src/auth/SessionManager.ts +++ b/KeeperSdk/src/auth/SessionManager.ts @@ -1,293 +1,332 @@ -import fs from 'fs/promises' -import path from 'path' -import os from 'os' +import fs from "fs/promises"; +import path from "path"; +import os from "os"; import { - normal64Bytes, - type DeviceConfig, - type SessionStorage, - type KeeperHost, - type SessionParams, -} from '@keeper-security/keeperapi' -import { logger, extractErrorMessage, SdkDefaults } from '../utils' -import type { Nullable } from '../utils' + normal64Bytes, + type DeviceConfig, + type SessionStorage, + type KeeperHost, + type SessionParams, +} from "@keeper-security/keeperapi"; +import { logger, extractErrorMessage, SdkDefaults } from "../utils"; +import type { Nullable } from "../utils"; export type ConfigurationUser = { - user?: string - server?: string - last_device?: { device_token?: string } -} + user?: string; + server?: string; + last_device?: { device_token?: string }; +}; export type ConfigurationServerConfig = { - server?: string - clone_code?: string -} + server?: string; + clone_code?: string; +}; export type ConfigurationDeviceConfig = { - device_token?: string - private_key?: string - server_info?: Array -} + device_token?: string; + private_key?: string; + server_info?: Array; +}; export type KeeperJsonConfig = { - last_login?: string - last_server?: string - user?: string - server?: string - device_token?: string - private_key?: string - clone_code?: string - users?: Array - devices?: Array -} + last_login?: string; + last_server?: string; + user?: string; + server?: string; + device_token?: string; + private_key?: string; + clone_code?: string; + users?: Array; + devices?: Array; +}; type ResolvedDevice = { - deviceToken: Uint8Array - privateKey: Uint8Array - serverInfo: Array> -} + deviceToken: Uint8Array; + privateKey: Uint8Array; + serverInfo: Array>; +}; type DeviceCacheEntry = { - username: string - device: Nullable -} + username: string; + device: Nullable; +}; export interface ConfigLoader { - load(): Promise - save(config: KeeperJsonConfig): Promise - readonly configDir: string + load(): Promise; + save(config: KeeperJsonConfig): Promise; + readonly configDir: string; } export class FileConfigLoader implements ConfigLoader { - public readonly configDir: string - - constructor(configDir?: string) { - this.configDir = configDir || path.join(os.homedir(), SdkDefaults.CONFIG_DIR) - } - - async load(): Promise { - const configPath = path.join(this.configDir, 'config.json') - try { - const content = await fs.readFile(configPath, 'utf-8') - const parsed: unknown = JSON.parse(content) - if (SessionManager.isValidKeeperConfig(parsed)) { - return parsed - } - } catch (err) { - logger.debug('Failed to load keeper config:', extractErrorMessage(err)) - } - return {} - } - - async save(config: KeeperJsonConfig): Promise { - const configPath = path.join(this.configDir, 'config.json') - await fs.writeFile(configPath, JSON.stringify(config, null, 2), { - mode: 0o600, - }) + public readonly configDir: string; + + constructor(configDir?: string) { + this.configDir = + configDir || path.join(os.homedir(), SdkDefaults.CONFIG_DIR); + } + + async load(): Promise { + const configPath = path.join(this.configDir, "config.json"); + try { + const content = await fs.readFile(configPath, "utf-8"); + const parsed: unknown = JSON.parse(content); + if (SessionManager.isValidKeeperConfig(parsed)) { + return parsed; + } + } catch (err) { + logger.debug("Failed to load keeper config:", extractErrorMessage(err)); } + return {}; + } + + async save(config: KeeperJsonConfig): Promise { + const configPath = path.join(this.configDir, "config.json"); + await fs.writeFile(configPath, JSON.stringify(config, null, 2), { + mode: 0o600, + }); + } } export class SessionManager implements SessionStorage { - private readonly configLoader: ConfigLoader - private sessionParams: Nullable = null - private _lastUsername?: string - private _keeperConfig: Nullable = null - private _deviceCache: Nullable = null - private sessionDevices = new Map() - private sessionCloneCodes = new Map() - - constructor(configDir?: string) - constructor(loader: ConfigLoader) - constructor(configDirOrLoader?: string | ConfigLoader) { - if (typeof configDirOrLoader === 'string' || configDirOrLoader === undefined) { - this.configLoader = new FileConfigLoader(configDirOrLoader as string | undefined) - } else { - this.configLoader = configDirOrLoader - } - } - - public get configDir(): string { - return this.configLoader.configDir + private readonly configLoader: ConfigLoader; + private sessionParams: Nullable = null; + private _lastUsername?: string; + private _keeperConfig: Nullable = null; + private _deviceCache: Nullable = null; + private sessionDevices = new Map(); + private sessionCloneCodes = new Map(); + + constructor(configDir?: string); + constructor(loader: ConfigLoader); + constructor(configDirOrLoader?: string | ConfigLoader) { + if ( + typeof configDirOrLoader === "string" || + configDirOrLoader === undefined + ) { + this.configLoader = new FileConfigLoader( + configDirOrLoader as string | undefined, + ); + } else { + this.configLoader = configDirOrLoader; } - - public get lastUsername(): string | undefined { - return this._lastUsername + } + + public get configDir(): string { + return this.configLoader.configDir; + } + + public get lastUsername(): string | undefined { + return this._lastUsername; + } + + public async getLastUsername(): Promise { + if (this._lastUsername) return this._lastUsername; + const keeperConfig = await this.loadKeeperConfig(); + return keeperConfig.last_login || keeperConfig.user || undefined; + } + + public async getDeviceConfig(host: string): Promise { + const username = await this.getLastUsername(); + if (username) { + const device = await this.findDeviceInKeeperConfig(username); + if (device) { + return { + deviceToken: device.deviceToken, + privateKey: device.privateKey, + }; + } } - public async getLastUsername(): Promise { - if (this._lastUsername) return this._lastUsername - const keeperConfig = await this.loadKeeperConfig() - return keeperConfig.last_login || keeperConfig.user || undefined + return this.sessionDevices.get(host) || {}; + } + + public createOnDeviceConfig( + host: string, + ): (deviceConfig: DeviceConfig) => Promise { + return async (deviceConfig: DeviceConfig) => { + this.sessionDevices.set(host, { ...deviceConfig }); + }; + } + + private cloneCodeKey(host: KeeperHost, username: string): string { + return `${host}::${username}`; + } + + public async getCloneCode( + host: KeeperHost, + username: string, + ): Promise> { + const hostStr = String(host); + + const key = this.cloneCodeKey(host, username); + const sessionCode = this.sessionCloneCodes.get(key); + if (sessionCode) return sessionCode; + + const device = await this.findDeviceInKeeperConfig(username); + if (device) { + const serverInfo = device.serverInfo.find( + (entry) => entry.server === hostStr, + ); + if (serverInfo) { + return normal64Bytes(serverInfo.clone_code); + } } - public async getDeviceConfig(host: string): Promise { - const username = await this.getLastUsername() - if (username) { - const device = await this.findDeviceInKeeperConfig(username) - if (device) { - return { - deviceToken: device.deviceToken, - privateKey: device.privateKey, - } - } + return null; + } + + public async saveCloneCode( + host: KeeperHost, + username: string, + cloneCode: Uint8Array, + ): Promise { + const key = this.cloneCodeKey(host, username); + this.sessionCloneCodes.set(key, cloneCode); + await this.updateKeeperConfigCloneCode(String(host), username, cloneCode); + } + + private async updateKeeperConfigCloneCode( + host: string, + username: string, + cloneCode: Uint8Array, + ): Promise { + try { + const parsed = await this.configLoader.load(); + if (!parsed || Object.keys(parsed).length === 0) return; + + let updated = false; + const encodedCloneCode = Buffer.from(cloneCode).toString("base64url"); + + const server = parsed.last_server || parsed.server; + if ( + parsed.user?.toLowerCase() === username.toLowerCase() && + server === host + ) { + parsed.clone_code = encodedCloneCode; + updated = true; + } + + const user = (parsed.users || []).find( + (configUser) => + configUser.user?.toLowerCase() === username.toLowerCase(), + ); + if (user?.last_device?.device_token) { + const device = (parsed.devices || []).find( + (configDevice) => + configDevice.device_token === user.last_device.device_token, + ); + if (device?.server_info) { + const serverInfo = device.server_info.find( + (entry) => entry.server === host, + ); + if (serverInfo) { + serverInfo.clone_code = encodedCloneCode; + updated = true; + } } - - return this.sessionDevices.get(host) || {} + } + + if (updated) { + await this.configLoader.save(parsed); + this._keeperConfig = null; + this._deviceCache = null; + } + } catch (err) { + logger.warn( + "Failed to update keeper config clone code:", + extractErrorMessage(err), + ); } - - public createOnDeviceConfig(host: string): (deviceConfig: DeviceConfig) => Promise { - return async (deviceConfig: DeviceConfig) => { - this.sessionDevices.set(host, { ...deviceConfig }) - } + } + + public async getSessionParameters(): Promise> { + return this.sessionParams; + } + + public async saveSessionParameters( + params: Partial, + ): Promise { + this.sessionParams = { ...this.sessionParams, ...params } as SessionParams; + if (params.username) { + this._lastUsername = params.username; } - - private cloneCodeKey(host: KeeperHost, username: string): string { - return `${host}::${username}` + } + + public setLastUsername(username: string): void { + this._lastUsername = username; + } + + private async loadKeeperConfig(): Promise { + if (this._keeperConfig) return this._keeperConfig; + this._keeperConfig = await this.configLoader.load(); + return this._keeperConfig; + } + + private async findDeviceInKeeperConfig( + username: string, + ): Promise> { + const normalizedUsername = username.toLowerCase(); + if (this._deviceCache?.username === normalizedUsername) { + return this._deviceCache.device; } - public async getCloneCode(host: KeeperHost, username: string): Promise> { - const hostStr = String(host) - - const key = this.cloneCodeKey(host, username) - const sessionCode = this.sessionCloneCodes.get(key) - if (sessionCode) return sessionCode - - const device = await this.findDeviceInKeeperConfig(username) - if (device) { - const serverInfo = device.serverInfo.find((entry) => entry.server === hostStr) - if (serverInfo) { - return normal64Bytes(serverInfo.clone_code) - } + const device = await this.lookupDeviceInKeeperConfig(normalizedUsername); + this._deviceCache = { username: normalizedUsername, device }; + return device; + } + + private async lookupDeviceInKeeperConfig( + normalizedUsername: string, + ): Promise> { + const keeperConfig = await this.loadKeeperConfig(); + + if (keeperConfig.users && keeperConfig.devices) { + const user = keeperConfig.users.find( + (configUser) => configUser.user?.toLowerCase() === normalizedUsername, + ); + if (user?.last_device?.device_token) { + const deviceTokenStr = user.last_device.device_token; + const device = keeperConfig.devices.find( + (configDevice) => configDevice.device_token === deviceTokenStr, + ); + if (device?.private_key) { + return { + deviceToken: normal64Bytes(deviceTokenStr), + privateKey: normal64Bytes(device.private_key), + serverInfo: (device.server_info || []).filter( + (entry): entry is Required => + !!entry.server && !!entry.clone_code, + ), + }; } - - return null + } } - public async saveCloneCode(host: KeeperHost, username: string, cloneCode: Uint8Array): Promise { - const key = this.cloneCodeKey(host, username) - this.sessionCloneCodes.set(key, cloneCode) - await this.updateKeeperConfigCloneCode(String(host), username, cloneCode) + if ( + keeperConfig.device_token && + keeperConfig.private_key && + keeperConfig.user?.toLowerCase() === normalizedUsername + ) { + const serverInfo: Array> = []; + const server = keeperConfig.last_server || keeperConfig.server; + if (server && keeperConfig.clone_code) { + serverInfo.push({ server, clone_code: keeperConfig.clone_code }); + } + return { + deviceToken: normal64Bytes(keeperConfig.device_token), + privateKey: normal64Bytes(keeperConfig.private_key), + serverInfo, + }; } - private async updateKeeperConfigCloneCode(host: string, username: string, cloneCode: Uint8Array): Promise { - try { - const parsed = await this.configLoader.load() - if (!parsed || Object.keys(parsed).length === 0) return - - let updated = false - const encodedCloneCode = Buffer.from(cloneCode).toString('base64url') - - const server = parsed.last_server || parsed.server - if (parsed.user?.toLowerCase() === username.toLowerCase() && server === host) { - parsed.clone_code = encodedCloneCode - updated = true - } - - const user = (parsed.users || []).find( - (configUser) => configUser.user?.toLowerCase() === username.toLowerCase() - ) - if (user?.last_device?.device_token) { - const device = (parsed.devices || []).find( - (configDevice) => configDevice.device_token === user.last_device.device_token - ) - if (device?.server_info) { - const serverInfo = device.server_info.find((entry) => entry.server === host) - if (serverInfo) { - serverInfo.clone_code = encodedCloneCode - updated = true - } - } - } - - if (updated) { - await this.configLoader.save(parsed) - this._keeperConfig = null - this._deviceCache = null - } - } catch (err) { - logger.warn('Failed to update keeper config clone code:', extractErrorMessage(err)) - } - } - - public async getSessionParameters(): Promise> { - return this.sessionParams - } - - public async saveSessionParameters(params: Partial): Promise { - this.sessionParams = { ...this.sessionParams, ...params } as SessionParams - if (params.username) { - this._lastUsername = params.username - } - } - - public setLastUsername(username: string): void { - this._lastUsername = username - } - - private async loadKeeperConfig(): Promise { - if (this._keeperConfig) return this._keeperConfig - this._keeperConfig = await this.configLoader.load() - return this._keeperConfig - } + return null; + } - private async findDeviceInKeeperConfig(username: string): Promise> { - const normalizedUsername = username.toLowerCase() - if (this._deviceCache?.username === normalizedUsername) { - return this._deviceCache.device - } - - const device = await this.lookupDeviceInKeeperConfig(normalizedUsername) - this._deviceCache = { username: normalizedUsername, device } - return device - } - - private async lookupDeviceInKeeperConfig(normalizedUsername: string): Promise> { - const keeperConfig = await this.loadKeeperConfig() - - if (keeperConfig.users && keeperConfig.devices) { - const user = keeperConfig.users.find( - (configUser) => configUser.user?.toLowerCase() === normalizedUsername - ) - if (user?.last_device?.device_token) { - const deviceTokenStr = user.last_device.device_token - const device = keeperConfig.devices.find((configDevice) => configDevice.device_token === deviceTokenStr) - if (device?.private_key) { - return { - deviceToken: normal64Bytes(deviceTokenStr), - privateKey: normal64Bytes(device.private_key), - serverInfo: (device.server_info || []).filter( - (entry): entry is Required => - !!entry.server && !!entry.clone_code - ), - } - } - } - } - - if ( - keeperConfig.device_token && - keeperConfig.private_key && - keeperConfig.user?.toLowerCase() === normalizedUsername - ) { - const serverInfo: Array> = [] - const server = keeperConfig.last_server || keeperConfig.server - if (server && keeperConfig.clone_code) { - serverInfo.push({ server, clone_code: keeperConfig.clone_code }) - } - return { - deviceToken: normal64Bytes(keeperConfig.device_token), - privateKey: normal64Bytes(keeperConfig.private_key), - serverInfo, - } - } - - return null - } - - public static isValidKeeperConfig(value: unknown): value is KeeperJsonConfig { - if (typeof value !== 'object' || value === null) return false - const obj = value as Record - if (obj.users !== undefined && !Array.isArray(obj.users)) return false - if (obj.devices !== undefined && !Array.isArray(obj.devices)) return false - return true - } + public static isValidKeeperConfig(value: unknown): value is KeeperJsonConfig { + if (typeof value !== "object" || value === null) return false; + const obj = value as Record; + if (obj.users !== undefined && !Array.isArray(obj.users)) return false; + if (obj.devices !== undefined && !Array.isArray(obj.devices)) return false; + return true; + } } diff --git a/KeeperSdk/src/enterpriseReport/EnterpriseReportManager.ts b/KeeperSdk/src/enterpriseReport/EnterpriseReportManager.ts index 92b28e2d..733ae1c0 100644 --- a/KeeperSdk/src/enterpriseReport/EnterpriseReportManager.ts +++ b/KeeperSdk/src/enterpriseReport/EnterpriseReportManager.ts @@ -1,35 +1,42 @@ -import type { Auth } from '@keeper-security/keeperapi' -import { KeeperSdkError, ResultCodes } from '../utils' -import { runAuditReport } from './auditReport' -import { runActionReport } from './actionReport' +import type { Auth } from "@keeper-security/keeperapi"; +import { KeeperSdkError, ResultCodes } from "../utils"; +import { runAuditReport } from "./auditReport"; +import { runActionReport } from "./actionReport"; import type { - ActionReportOptions, - ActionReportResult, - AuditReportOptions, - AuditReportResult, -} from './reportTypes' -import type { AuthProvider } from './reportUtils' + ActionReportOptions, + ActionReportResult, + AuditReportOptions, + AuditReportResult, +} from "./reportTypes"; +import type { AuthProvider } from "./reportUtils"; export class EnterpriseReportManager { - private readonly authProvider: AuthProvider + private readonly authProvider: AuthProvider; - constructor(authProvider: AuthProvider) { - this.authProvider = authProvider - } + constructor(authProvider: AuthProvider) { + this.authProvider = authProvider; + } - public async runAuditReport(options: AuditReportOptions = {}): Promise { - return runAuditReport(this.requireAuth(), options) - } + public async runAuditReport( + options: AuditReportOptions = {}, + ): Promise { + return runAuditReport(this.requireAuth(), options); + } - public async runActionReport(options: ActionReportOptions = {}): Promise { - return runActionReport(this.requireAuth(), options) - } + public async runActionReport( + options: ActionReportOptions = {}, + ): Promise { + return runActionReport(this.requireAuth(), options); + } - private requireAuth(): Auth { - const auth = this.authProvider() - if (!auth) { - throw new KeeperSdkError('You are not logged in. Please log in first.', ResultCodes.NOT_LOGGED_IN) - } - return auth + private requireAuth(): Auth { + const auth = this.authProvider(); + if (!auth) { + throw new KeeperSdkError( + "You are not logged in. Please log in first.", + ResultCodes.NOT_LOGGED_IN, + ); } + return auth; + } } diff --git a/KeeperSdk/src/enterpriseReport/actionReport.ts b/KeeperSdk/src/enterpriseReport/actionReport.ts index c59fb2d3..c54c8ca0 100644 --- a/KeeperSdk/src/enterpriseReport/actionReport.ts +++ b/KeeperSdk/src/enterpriseReport/actionReport.ts @@ -1,518 +1,605 @@ -import type { Auth } from '@keeper-security/keeperapi' -import { getAuditEventReportsCommand } from '@keeper-security/keeperapi' -import { KeeperSdkError, ResultCodes, extractErrorMessage } from '../utils' -import { actionUsers, UserAction } from '../users/actionUser' -import { deleteUsers } from '../users/deleteUser' +import type { Auth } from "@keeper-security/keeperapi"; +import { getAuditEventReportsCommand } from "@keeper-security/keeperapi"; +import { KeeperSdkError, ResultCodes, extractErrorMessage } from "../utils"; +import { actionUsers, UserAction } from "../users/actionUser"; +import { deleteUsers } from "../users/deleteUser"; import { - DeleteUserStatus, - EnterpriseUserStatus, - formatTransferStatus, - formatUserStatus, -} from '../users/userTypes' + DeleteUserStatus, + EnterpriseUserStatus, + formatTransferStatus, + formatUserStatus, +} from "../users/userTypes"; import { - EnterpriseDataInclude, - EnterpriseDataManager, - type EnterpriseNode, - type EnterpriseRoleTeamLink, - type EnterpriseRoleUserLink, - type EnterpriseTeamUserLink, - type EnterpriseUser, - type EnterpriseUserAliasLink, - type GetEnterpriseDataResponse, -} from '../teams/enterpriseData' + EnterpriseDataInclude, + EnterpriseDataManager, + type EnterpriseNode, + type EnterpriseRoleTeamLink, + type EnterpriseRoleUserLink, + type EnterpriseTeamUserLink, + type EnterpriseUser, + type EnterpriseUserAliasLink, + type GetEnterpriseDataResponse, +} from "../teams/enterpriseData"; import { - ACTION_COLUMN_LABELS, - ACTION_DEFAULT_DAYS, - ACTION_DEFAULT_DAYS_BY_TARGET, - ACTION_EVENT_SUMMARY_ROW_LIMIT, - ACTION_REPORT_COLUMN_ORDER, - ACTION_STATUS_EVENT_TYPES, - ACTION_USERNAME_BATCH_SIZE, - ActionReportColumn, - AdminAction, - DEFAULT_ACTION_REPORT_COLUMNS, - SECONDS_PER_DAY, - SUPPORTED_ACTION_REPORT_COLUMNS, - TargetUserStatus, - type ActionReportEntry, - type ActionReportOptions, - type ActionReportResult, - type ActionResult, - type AuditReportFilterPayload, -} from './reportTypes' -import { assertSucceeded, chunkArray, resolveTimezone } from './reportUtils' + ACTION_COLUMN_LABELS, + ACTION_DEFAULT_DAYS, + ACTION_DEFAULT_DAYS_BY_TARGET, + ACTION_EVENT_SUMMARY_ROW_LIMIT, + ACTION_REPORT_COLUMN_ORDER, + ACTION_STATUS_EVENT_TYPES, + ACTION_USERNAME_BATCH_SIZE, + ActionReportColumn, + AdminAction, + DEFAULT_ACTION_REPORT_COLUMNS, + SECONDS_PER_DAY, + SUPPORTED_ACTION_REPORT_COLUMNS, + TargetUserStatus, + type ActionReportEntry, + type ActionReportOptions, + type ActionReportResult, + type ActionResult, + type AuditReportFilterPayload, +} from "./reportTypes"; +import { assertSucceeded, chunkArray, resolveTimezone } from "./reportUtils"; const ACTION_REPORT_INCLUDES: EnterpriseDataInclude[] = [ - EnterpriseDataInclude.Nodes, - EnterpriseDataInclude.Users, - EnterpriseDataInclude.Teams, - EnterpriseDataInclude.TeamUsers, - EnterpriseDataInclude.Roles, - EnterpriseDataInclude.RoleUsers, - EnterpriseDataInclude.RoleTeams, - EnterpriseDataInclude.UserAliases, -] - -type AuditUsernameField = 'username' | 'to_username' + EnterpriseDataInclude.Nodes, + EnterpriseDataInclude.Users, + EnterpriseDataInclude.Teams, + EnterpriseDataInclude.TeamUsers, + EnterpriseDataInclude.Roles, + EnterpriseDataInclude.RoleUsers, + EnterpriseDataInclude.RoleTeams, + EnterpriseDataInclude.UserAliases, +]; + +type AuditUsernameField = "username" | "to_username"; type TargetAuditConfig = { - auditColumn: AuditUsernameField - auditFilterField: AuditUsernameField - pickCandidates: (users: EnterpriseUser[]) => EnterpriseUser[] - identity: (user: EnterpriseUser) => string -} - -const ALLOWED_ACTIONS: Readonly>> = { - [TargetUserStatus.NoLogon]: new Set([AdminAction.None, AdminAction.Lock]), - [TargetUserStatus.NoUpdate]: new Set([AdminAction.None]), - [TargetUserStatus.Locked]: new Set([AdminAction.None, AdminAction.Delete, AdminAction.Transfer]), - [TargetUserStatus.Invited]: new Set([AdminAction.None, AdminAction.Delete]), - [TargetUserStatus.NoRecovery]: new Set([AdminAction.None]), -} + auditColumn: AuditUsernameField; + auditFilterField: AuditUsernameField; + pickCandidates: (users: EnterpriseUser[]) => EnterpriseUser[]; + identity: (user: EnterpriseUser) => string; +}; + +const ALLOWED_ACTIONS: Readonly< + Record> +> = { + [TargetUserStatus.NoLogon]: new Set([AdminAction.None, AdminAction.Lock]), + [TargetUserStatus.NoUpdate]: new Set([AdminAction.None]), + [TargetUserStatus.Locked]: new Set([ + AdminAction.None, + AdminAction.Delete, + AdminAction.Transfer, + ]), + [TargetUserStatus.Invited]: new Set([AdminAction.None, AdminAction.Delete]), + [TargetUserStatus.NoRecovery]: new Set([AdminAction.None]), +}; function usernameTargetConfig( - pickCandidates: (users: EnterpriseUser[]) => EnterpriseUser[] + pickCandidates: (users: EnterpriseUser[]) => EnterpriseUser[], ): TargetAuditConfig { - return { - auditColumn: 'username', - auditFilterField: 'username', - pickCandidates, - identity: (user) => user.username, - } + return { + auditColumn: "username", + auditFilterField: "username", + pickCandidates, + identity: (user) => user.username, + }; } const TARGET_AUDIT_CONFIG: Record = { - [TargetUserStatus.NoLogon]: usernameTargetConfig((users) => - users.filter((user) => formatUserStatus(user) === 'Active') - ), - [TargetUserStatus.NoUpdate]: usernameTargetConfig((users) => - users.filter((user) => formatUserStatus(user) === 'Active') - ), - [TargetUserStatus.Locked]: { - auditColumn: 'to_username', - auditFilterField: 'to_username', - pickCandidates: (users) => users.filter((user) => formatUserStatus(user) === 'Locked'), - identity: (user) => user.username, - }, - [TargetUserStatus.Invited]: usernameTargetConfig((users) => - users.filter((user) => user.status === EnterpriseUserStatus.Invited) - ), - [TargetUserStatus.NoRecovery]: usernameTargetConfig((users) => - users.filter((user) => formatUserStatus(user) === 'Active') - ), -} + [TargetUserStatus.NoLogon]: usernameTargetConfig((users) => + users.filter((user) => formatUserStatus(user) === "Active"), + ), + [TargetUserStatus.NoUpdate]: usernameTargetConfig((users) => + users.filter((user) => formatUserStatus(user) === "Active"), + ), + [TargetUserStatus.Locked]: { + auditColumn: "to_username", + auditFilterField: "to_username", + pickCandidates: (users) => + users.filter((user) => formatUserStatus(user) === "Locked"), + identity: (user) => user.username, + }, + [TargetUserStatus.Invited]: usernameTargetConfig((users) => + users.filter((user) => user.status === EnterpriseUserStatus.Invited), + ), + [TargetUserStatus.NoRecovery]: usernameTargetConfig((users) => + users.filter((user) => formatUserStatus(user) === "Active"), + ), +}; export async function runActionReport( - auth: Auth, - options: ActionReportOptions = {} + auth: Auth, + options: ActionReportOptions = {}, ): Promise { - const target = options.target ?? TargetUserStatus.NoLogon - const daysSince = options.daysSince ?? ACTION_DEFAULT_DAYS_BY_TARGET[target] ?? ACTION_DEFAULT_DAYS - const applyAction = options.applyAction ?? AdminAction.None - - validateActionReportOptions(target, applyAction, options.targetUser) - - const enterpriseData = new EnterpriseDataManager(auth) - const data = await enterpriseData.getData(ACTION_REPORT_INCLUDES) - await enterpriseData.decryptNodeNames(data.nodes || []) - await enterpriseData.getDisplayNames() - - const entries = await generateActionReportEntries(auth, data, { - target, - daysSince, - timezone: resolveTimezone(options.timezone), - nodeIds: resolveNodeFilter(data.nodes || [], options.node), - }) - - const actionResult = await applyAdminAction(auth, entries, { - applyAction, - targetUser: options.targetUser, - dryRun: options.dryRun === true, - }) - - const columns = resolveActionReportColumns(options.columns) - const headers = columns.map((column) => ACTION_COLUMN_LABELS[column]) - const rows = entries.map((entry) => columns.map((column) => actionReportEntryCell(entry, column))) - - return { - target, - headers, - rows, - entries, - actionResult, - } + const target = options.target ?? TargetUserStatus.NoLogon; + const daysSince = + options.daysSince ?? + ACTION_DEFAULT_DAYS_BY_TARGET[target] ?? + ACTION_DEFAULT_DAYS; + const applyAction = options.applyAction ?? AdminAction.None; + + validateActionReportOptions(target, applyAction, options.targetUser); + + const enterpriseData = new EnterpriseDataManager(auth); + const data = await enterpriseData.getData(ACTION_REPORT_INCLUDES); + await enterpriseData.decryptNodeNames(data.nodes || []); + await enterpriseData.getDisplayNames(); + + const entries = await generateActionReportEntries(auth, data, { + target, + daysSince, + timezone: resolveTimezone(options.timezone), + nodeIds: resolveNodeFilter(data.nodes || [], options.node), + }); + + const actionResult = await applyAdminAction(auth, entries, { + applyAction, + targetUser: options.targetUser, + dryRun: options.dryRun === true, + }); + + const columns = resolveActionReportColumns(options.columns); + const headers = columns.map((column) => ACTION_COLUMN_LABELS[column]); + const rows = entries.map((entry) => + columns.map((column) => actionReportEntryCell(entry, column)), + ); + + return { + target, + headers, + rows, + entries, + actionResult, + }; } export function getAllowedActions(target: TargetUserStatus): AdminAction[] { - return [...ALLOWED_ACTIONS[target]] + return [...ALLOWED_ACTIONS[target]]; } export function getDefaultDaysSince(target: TargetUserStatus): number { - return ACTION_DEFAULT_DAYS_BY_TARGET[target] ?? ACTION_DEFAULT_DAYS + return ACTION_DEFAULT_DAYS_BY_TARGET[target] ?? ACTION_DEFAULT_DAYS; } async function generateActionReportEntries( - auth: Auth, - data: GetEnterpriseDataResponse, - options: { - target: TargetUserStatus - daysSince: number - timezone: string - nodeIds: Set | null - } + auth: Auth, + data: GetEnterpriseDataResponse, + options: { + target: TargetUserStatus; + daysSince: number; + timezone: string; + nodeIds: Set | null; + }, ): Promise { - const config = TARGET_AUDIT_CONFIG[options.target] - let candidates = config.pickCandidates(data.users || []) - - if (options.nodeIds) { - candidates = candidates.filter( - (user) => user.node_id != null && options.nodeIds!.has(user.node_id) - ) - } - if (candidates.length === 0) return [] - - const identities = candidates.map((user) => config.identity(user)).filter(Boolean) - const recentlyActive = await queryUsersWithRecentEvents( - auth, - config, - identities, - ACTION_STATUS_EVENT_TYPES[options.target], - options.daysSince, - options.timezone - ) - - const context = buildActionEntryContext(data) - return candidates - .filter((user) => { - const identity = config.identity(user).trim().toLowerCase() - return identity && !recentlyActive.has(identity) - }) - .map((user) => buildActionEntry(user, context)) + const config = TARGET_AUDIT_CONFIG[options.target]; + let candidates = config.pickCandidates(data.users || []); + + if (options.nodeIds) { + candidates = candidates.filter( + (user) => user.node_id != null && options.nodeIds!.has(user.node_id), + ); + } + if (candidates.length === 0) return []; + + const identities = candidates + .map((user) => config.identity(user)) + .filter(Boolean); + const recentlyActive = await queryUsersWithRecentEvents( + auth, + config, + identities, + ACTION_STATUS_EVENT_TYPES[options.target], + options.daysSince, + options.timezone, + ); + + const context = buildActionEntryContext(data); + return candidates + .filter((user) => { + const identity = config.identity(user).trim().toLowerCase(); + return identity && !recentlyActive.has(identity); + }) + .map((user) => buildActionEntry(user, context)); } async function queryUsersWithRecentEvents( - auth: Auth, - config: TargetAuditConfig, - identities: string[], - eventTypes: readonly string[], - daysSince: number, - timezone: string + auth: Auth, + config: TargetAuditConfig, + identities: string[], + eventTypes: readonly string[], + daysSince: number, + timezone: string, ): Promise> { - const active = new Set() - const createdFilter: AuditReportFilterPayload['created'] = { - min: Math.floor(Date.now() / 1000) - daysSince * SECONDS_PER_DAY, - } - - for (const batch of chunkArray(identities, ACTION_USERNAME_BATCH_SIZE)) { - const filter: AuditReportFilterPayload = { - created: createdFilter, - audit_event_type: [...eventTypes], - [config.auditFilterField]: batch, - } - - const response = await auth.executeRestCommand( - getAuditEventReportsCommand({ - report_type: 'span', - scope: 'enterprise', - timezone, - limit: ACTION_EVENT_SUMMARY_ROW_LIMIT, - aggregate: ['last_created'], - columns: [config.auditColumn], - filter, - }) - ) - assertSucceeded(response, 'get_audit_event_reports failed', ResultCodes.ACTION_REPORT_FAILED) - - for (const row of response.audit_event_overview_report_rows ?? []) { - const value = (row as Record)[config.auditColumn] - if (value == null || value === '') continue - active.add(String(value).trim().toLowerCase()) - } + const active = new Set(); + const createdFilter: AuditReportFilterPayload["created"] = { + min: Math.floor(Date.now() / 1000) - daysSince * SECONDS_PER_DAY, + }; + + for (const batch of chunkArray(identities, ACTION_USERNAME_BATCH_SIZE)) { + const filter: AuditReportFilterPayload = { + created: createdFilter, + audit_event_type: [...eventTypes], + [config.auditFilterField]: batch, + }; + + const response = await auth.executeRestCommand( + getAuditEventReportsCommand({ + report_type: "span", + scope: "enterprise", + timezone, + limit: ACTION_EVENT_SUMMARY_ROW_LIMIT, + aggregate: ["last_created"], + columns: [config.auditColumn], + filter, + }), + ); + assertSucceeded( + response, + "get_audit_event_reports failed", + ResultCodes.ACTION_REPORT_FAILED, + ); + + for (const row of response.audit_event_overview_report_rows ?? []) { + const value = (row as Record)[config.auditColumn]; + if (value == null || value === "") continue; + active.add(String(value).trim().toLowerCase()); } + } - return active + return active; } type ActionEntryContext = { - nodePaths: Map - userTeams: Map - userRoles: Map - userAliases: Map -} - -function buildActionEntryContext(data: GetEnterpriseDataResponse): ActionEntryContext { - const nodes = data.nodes || [] - const nodePaths = new Map( - nodes.map((node) => [ - node.node_id, - EnterpriseDataManager.getNodePath(nodes, node.node_id, { omitRoot: false }), - ]) - ) - const teamNames = new Map((data.teams || []).map((team) => [team.team_uid, team.name])) - const roleNames = new Map((data.roles || []).map((role) => [role.role_id, role.displayName || String(role.role_id)])) - - return { - nodePaths, - userTeams: buildUserTeamNames(data.team_users || [], teamNames), - userRoles: buildUserRoleNames(data.role_users || [], data.role_teams || [], data.team_users || [], roleNames), - userAliases: buildUserAliases(data.user_aliases || []), - } + nodePaths: Map; + userTeams: Map; + userRoles: Map; + userAliases: Map; +}; + +function buildActionEntryContext( + data: GetEnterpriseDataResponse, +): ActionEntryContext { + const nodes = data.nodes || []; + const nodePaths = new Map( + nodes.map((node) => [ + node.node_id, + EnterpriseDataManager.getNodePath(nodes, node.node_id, { + omitRoot: false, + }), + ]), + ); + const teamNames = new Map( + (data.teams || []).map((team) => [team.team_uid, team.name]), + ); + const roleNames = new Map( + (data.roles || []).map((role) => [ + role.role_id, + role.displayName || String(role.role_id), + ]), + ); + + return { + nodePaths, + userTeams: buildUserTeamNames(data.team_users || [], teamNames), + userRoles: buildUserRoleNames( + data.role_users || [], + data.role_teams || [], + data.team_users || [], + roleNames, + ), + userAliases: buildUserAliases(data.user_aliases || []), + }; } -function buildActionEntry(user: EnterpriseUser, context: ActionEntryContext): ActionReportEntry { - return { - enterpriseUserId: user.enterprise_user_id, - email: user.username, - fullName: user.full_name || '', - status: formatUserStatus(user), - transferStatus: formatTransferStatus(user), - nodePath: context.nodePaths.get(user.node_id || 0) || '', - teams: context.userTeams.get(user.enterprise_user_id) || [], - roles: context.userRoles.get(user.enterprise_user_id) || [], - aliases: context.userAliases.get(user.enterprise_user_id) || [], - tfaEnabled: user.tfa_enabled === true, - } +function buildActionEntry( + user: EnterpriseUser, + context: ActionEntryContext, +): ActionReportEntry { + return { + enterpriseUserId: user.enterprise_user_id, + email: user.username, + fullName: user.full_name || "", + status: formatUserStatus(user), + transferStatus: formatTransferStatus(user), + nodePath: context.nodePaths.get(user.node_id || 0) || "", + teams: context.userTeams.get(user.enterprise_user_id) || [], + roles: context.userRoles.get(user.enterprise_user_id) || [], + aliases: context.userAliases.get(user.enterprise_user_id) || [], + tfaEnabled: user.tfa_enabled === true, + }; } function buildUserTeamNames( - links: EnterpriseTeamUserLink[], - teamNames: Map + links: EnterpriseTeamUserLink[], + teamNames: Map, ): Map { - const map = new Map>() - for (const link of links) { - if (!link.team_uid) continue - const name = teamNames.get(link.team_uid) || link.team_uid - const names = map.get(link.enterprise_user_id) ?? new Set() - names.add(name) - map.set(link.enterprise_user_id, names) - } - return new Map([...map.entries()].map(([id, names]) => [id, [...names].sort()])) + const map = new Map>(); + for (const link of links) { + if (!link.team_uid) continue; + const name = teamNames.get(link.team_uid) || link.team_uid; + const names = map.get(link.enterprise_user_id) ?? new Set(); + names.add(name); + map.set(link.enterprise_user_id, names); + } + return new Map( + [...map.entries()].map(([id, names]) => [id, [...names].sort()]), + ); } function buildUserRoleNames( - roleUsers: EnterpriseRoleUserLink[], - roleTeams: EnterpriseRoleTeamLink[], - teamUsers: EnterpriseTeamUserLink[], - roleNames: Map + roleUsers: EnterpriseRoleUserLink[], + roleTeams: EnterpriseRoleTeamLink[], + teamUsers: EnterpriseTeamUserLink[], + roleNames: Map, ): Map { - const map = new Map>() - - for (const link of roleUsers) { - const roles = map.get(link.enterprise_user_id) ?? new Set() - roles.add(link.role_id) - map.set(link.enterprise_user_id, roles) - } - - const rolesForTeam = new Map>() - for (const link of roleTeams) { - if (!link.team_uid) continue - const roles = rolesForTeam.get(link.team_uid) ?? new Set() - roles.add(link.role_id) - rolesForTeam.set(link.team_uid, roles) - } - - for (const link of teamUsers) { - if (!link.team_uid) continue - const teamRoles = rolesForTeam.get(link.team_uid) - if (!teamRoles) continue - const userRoles = map.get(link.enterprise_user_id) ?? new Set() - teamRoles.forEach((roleId) => userRoles.add(roleId)) - map.set(link.enterprise_user_id, userRoles) - } - - return new Map( - [...map.entries()].map(([id, roleIds]) => [ - id, - [...roleIds].map((roleId) => roleNames.get(roleId) || String(roleId)).sort(), - ]) - ) + const map = new Map>(); + + for (const link of roleUsers) { + const roles = map.get(link.enterprise_user_id) ?? new Set(); + roles.add(link.role_id); + map.set(link.enterprise_user_id, roles); + } + + const rolesForTeam = new Map>(); + for (const link of roleTeams) { + if (!link.team_uid) continue; + const roles = rolesForTeam.get(link.team_uid) ?? new Set(); + roles.add(link.role_id); + rolesForTeam.set(link.team_uid, roles); + } + + for (const link of teamUsers) { + if (!link.team_uid) continue; + const teamRoles = rolesForTeam.get(link.team_uid); + if (!teamRoles) continue; + const userRoles = map.get(link.enterprise_user_id) ?? new Set(); + teamRoles.forEach((roleId) => userRoles.add(roleId)); + map.set(link.enterprise_user_id, userRoles); + } + + return new Map( + [...map.entries()].map(([id, roleIds]) => [ + id, + [...roleIds] + .map((roleId) => roleNames.get(roleId) || String(roleId)) + .sort(), + ]), + ); } -function buildUserAliases(links: EnterpriseUserAliasLink[]): Map { - const map = new Map() - for (const link of links) { - if (!link.username) continue - const aliases = map.get(link.enterprise_user_id) - if (aliases) aliases.push(link.username) - else map.set(link.enterprise_user_id, [link.username]) - } - return map +function buildUserAliases( + links: EnterpriseUserAliasLink[], +): Map { + const map = new Map(); + for (const link of links) { + if (!link.username) continue; + const aliases = map.get(link.enterprise_user_id); + if (aliases) aliases.push(link.username); + else map.set(link.enterprise_user_id, [link.username]); + } + return map; } async function applyAdminAction( - auth: Auth, - entries: ActionReportEntry[], - options: { applyAction: AdminAction; targetUser?: string; dryRun: boolean } + auth: Auth, + entries: ActionReportEntry[], + options: { applyAction: AdminAction; targetUser?: string; dryRun: boolean }, ): Promise { - const { applyAction, targetUser, dryRun } = options - - if (applyAction === AdminAction.None) { - return { action: AdminAction.None, status: 'none', affectedCount: 0, serverMessage: 'n/a' } - } - if (entries.length === 0) { - return { action: applyAction, status: 'no users matched', affectedCount: 0, serverMessage: 'n/a' } - } - if (dryRun) { - return { action: applyAction, status: 'dry run', affectedCount: entries.length, serverMessage: 'n/a' } - } + const { applyAction, targetUser, dryRun } = options; - const emails = entries.map((entry) => entry.email) - - try { - switch (applyAction) { - case AdminAction.Lock: { - const result = await actionUsers(auth, { action: UserAction.Lock, emails }) - return { - action: AdminAction.Lock, - status: result.success ? 'success' : 'partial', - affectedCount: result.succeeded, - serverMessage: `Succeeded: ${result.succeeded}, Skipped: ${result.skipped}, Failed: ${result.failed}`, - } - } - case AdminAction.Delete: { - const result = await deleteUsers(auth, { emails }) - const deleted = result.items.filter((item) => item.status === DeleteUserStatus.Deleted).length - return { - action: AdminAction.Delete, - status: result.success ? 'success' : 'partial', - affectedCount: deleted, - serverMessage: `Deleted: ${deleted}, Failed: ${result.failed}`, - } - } - case AdminAction.Transfer: { - if (!targetUser?.trim()) { - throw new KeeperSdkError( - '"targetUser" is required for transfer action.', - ResultCodes.ACTION_REPORT_TARGET_USER_REQUIRED - ) - } - throw new KeeperSdkError( - 'Account transfer is not yet supported in the JavaScript SDK.', - ResultCodes.ACTION_REPORT_TRANSFER_NOT_SUPPORTED - ) - } - default: - return { action: applyAction, status: 'unsupported', affectedCount: 0, serverMessage: 'n/a' } - } - } catch (err) { + if (applyAction === AdminAction.None) { + return { + action: AdminAction.None, + status: "none", + affectedCount: 0, + serverMessage: "n/a", + }; + } + if (entries.length === 0) { + return { + action: applyAction, + status: "no users matched", + affectedCount: 0, + serverMessage: "n/a", + }; + } + if (dryRun) { + return { + action: applyAction, + status: "dry run", + affectedCount: entries.length, + serverMessage: "n/a", + }; + } + + const emails = entries.map((entry) => entry.email); + + try { + switch (applyAction) { + case AdminAction.Lock: { + const result = await actionUsers(auth, { + action: UserAction.Lock, + emails, + }); + return { + action: AdminAction.Lock, + status: result.success ? "success" : "partial", + affectedCount: result.succeeded, + serverMessage: `Succeeded: ${result.succeeded}, Skipped: ${result.skipped}, Failed: ${result.failed}`, + }; + } + case AdminAction.Delete: { + const result = await deleteUsers(auth, { emails }); + const deleted = result.items.filter( + (item) => item.status === DeleteUserStatus.Deleted, + ).length; return { - action: applyAction, - status: 'failed', - affectedCount: 0, - serverMessage: extractErrorMessage(err), + action: AdminAction.Delete, + status: result.success ? "success" : "partial", + affectedCount: deleted, + serverMessage: `Deleted: ${deleted}, Failed: ${result.failed}`, + }; + } + case AdminAction.Transfer: { + if (!targetUser?.trim()) { + throw new KeeperSdkError( + '"targetUser" is required for transfer action.', + ResultCodes.ACTION_REPORT_TARGET_USER_REQUIRED, + ); } + throw new KeeperSdkError( + "Account transfer is not yet supported in the JavaScript SDK.", + ResultCodes.ACTION_REPORT_TRANSFER_NOT_SUPPORTED, + ); + } + default: + return { + action: applyAction, + status: "unsupported", + affectedCount: 0, + serverMessage: "n/a", + }; } + } catch (err) { + return { + action: applyAction, + status: "failed", + affectedCount: 0, + serverMessage: extractErrorMessage(err), + }; + } } function validateActionReportOptions( - target: TargetUserStatus, - applyAction: AdminAction, - targetUser: string | undefined + target: TargetUserStatus, + applyAction: AdminAction, + targetUser: string | undefined, ): void { - if (!ALLOWED_ACTIONS[target].has(applyAction)) { - throw new KeeperSdkError( - `Action "${applyAction}" is not allowed for target "${target}".`, - ResultCodes.ACTION_REPORT_INVALID_ACTION - ) - } - if (applyAction === AdminAction.Transfer && !targetUser?.trim()) { - throw new KeeperSdkError( - '"targetUser" is required when applyAction is "transfer".', - ResultCodes.ACTION_REPORT_TARGET_USER_REQUIRED - ) - } + if (!ALLOWED_ACTIONS[target].has(applyAction)) { + throw new KeeperSdkError( + `Action "${applyAction}" is not allowed for target "${target}".`, + ResultCodes.ACTION_REPORT_INVALID_ACTION, + ); + } + if (applyAction === AdminAction.Transfer && !targetUser?.trim()) { + throw new KeeperSdkError( + '"targetUser" is required when applyAction is "transfer".', + ResultCodes.ACTION_REPORT_TARGET_USER_REQUIRED, + ); + } } -function resolveNodeFilter(nodes: EnterpriseNode[], nodeFilter: string | undefined): Set | null { - if (!nodeFilter?.trim()) return null - - const trimmed = nodeFilter.trim() - const numericId = Number(trimmed) - let rootNode: EnterpriseNode | undefined - - if (Number.isInteger(numericId)) { - rootNode = nodes.find((node) => node.node_id === numericId) - } - if (!rootNode) { - const lowered = trimmed.toLowerCase() - const matches = nodes.filter((node) => (node.displayName || '').trim().toLowerCase() === lowered) - if (matches.length === 1) rootNode = matches[0] - else if (matches.length > 1) { - throw new KeeperSdkError(`Multiple nodes match "${trimmed}".`, ResultCodes.ACTION_REPORT_NODE_NOT_UNIQUE) - } - } - if (!rootNode) { - throw new KeeperSdkError(`Node "${trimmed}" was not found.`, ResultCodes.ACTION_REPORT_NODE_NOT_FOUND) - } - - const children = new Map() - for (const node of nodes) { - const parentId = node.parent_id || 0 - const siblings = children.get(parentId) ?? [] - siblings.push(node.node_id) - children.set(parentId, siblings) +function resolveNodeFilter( + nodes: EnterpriseNode[], + nodeFilter: string | undefined, +): Set | null { + if (!nodeFilter?.trim()) return null; + + const trimmed = nodeFilter.trim(); + const numericId = Number(trimmed); + let rootNode: EnterpriseNode | undefined; + + if (Number.isInteger(numericId)) { + rootNode = nodes.find((node) => node.node_id === numericId); + } + if (!rootNode) { + const lowered = trimmed.toLowerCase(); + const matches = nodes.filter( + (node) => (node.displayName || "").trim().toLowerCase() === lowered, + ); + if (matches.length === 1) rootNode = matches[0]; + else if (matches.length > 1) { + throw new KeeperSdkError( + `Multiple nodes match "${trimmed}".`, + ResultCodes.ACTION_REPORT_NODE_NOT_UNIQUE, + ); } - - const allowed = new Set([rootNode.node_id]) - const queue = [rootNode.node_id] - while (queue.length > 0) { - const current = queue.shift()! - for (const childId of children.get(current) || []) { - if (allowed.has(childId)) continue - allowed.add(childId) - queue.push(childId) - } + } + if (!rootNode) { + throw new KeeperSdkError( + `Node "${trimmed}" was not found.`, + ResultCodes.ACTION_REPORT_NODE_NOT_FOUND, + ); + } + + const children = new Map(); + for (const node of nodes) { + const parentId = node.parent_id || 0; + const siblings = children.get(parentId) ?? []; + siblings.push(node.node_id); + children.set(parentId, siblings); + } + + const allowed = new Set([rootNode.node_id]); + const queue = [rootNode.node_id]; + while (queue.length > 0) { + const current = queue.shift()!; + for (const childId of children.get(current) || []) { + if (allowed.has(childId)) continue; + allowed.add(childId); + queue.push(childId); } + } - return allowed + return allowed; } -function resolveActionReportColumns(input: ActionReportOptions['columns']): ActionReportColumn[] { - const defaultColumns: ActionReportColumn[] = [ActionReportColumn.UserId, ...DEFAULT_ACTION_REPORT_COLUMNS] - if (input == null) return defaultColumns - - const requested = - typeof input === 'string' - ? input.split(',').map((part) => part.trim()) - : input.map((part) => String(part).trim()) - - const allowed = new Set(SUPPORTED_ACTION_REPORT_COLUMNS) - const seen = new Set() - for (const column of requested) { - if (column && allowed.has(column)) seen.add(column as ActionReportColumn) - } - - if (seen.size === 0) return defaultColumns - - seen.add(ActionReportColumn.UserId) - return ACTION_REPORT_COLUMN_ORDER.filter((column) => seen.has(column)) +function resolveActionReportColumns( + input: ActionReportOptions["columns"], +): ActionReportColumn[] { + const defaultColumns: ActionReportColumn[] = [ + ActionReportColumn.UserId, + ...DEFAULT_ACTION_REPORT_COLUMNS, + ]; + if (input == null) return defaultColumns; + + const requested = + typeof input === "string" + ? input.split(",").map((part) => part.trim()) + : input.map((part) => String(part).trim()); + + const allowed = new Set(SUPPORTED_ACTION_REPORT_COLUMNS); + const seen = new Set(); + for (const column of requested) { + if (column && allowed.has(column)) seen.add(column as ActionReportColumn); + } + + if (seen.size === 0) return defaultColumns; + + seen.add(ActionReportColumn.UserId); + return ACTION_REPORT_COLUMN_ORDER.filter((column) => seen.has(column)); } -function actionReportEntryCell(entry: ActionReportEntry, column: ActionReportColumn): string { - switch (column) { - case ActionReportColumn.UserId: - return String(entry.enterpriseUserId) - case ActionReportColumn.Email: - return entry.email - case ActionReportColumn.Name: - return entry.fullName - case ActionReportColumn.Status: - return entry.status - case ActionReportColumn.TransferStatus: - return entry.transferStatus - case ActionReportColumn.Node: - return entry.nodePath - case ActionReportColumn.TeamCount: - return String(entry.teams.length) - case ActionReportColumn.Teams: - return entry.teams.join(', ') - case ActionReportColumn.RoleCount: - return String(entry.roles.length) - case ActionReportColumn.Roles: - return entry.roles.join(', ') - case ActionReportColumn.Alias: - return entry.aliases.join(', ') - case ActionReportColumn.TwoFaEnabled: - return entry.tfaEnabled ? 'true' : 'false' - } +function actionReportEntryCell( + entry: ActionReportEntry, + column: ActionReportColumn, +): string { + switch (column) { + case ActionReportColumn.UserId: + return String(entry.enterpriseUserId); + case ActionReportColumn.Email: + return entry.email; + case ActionReportColumn.Name: + return entry.fullName; + case ActionReportColumn.Status: + return entry.status; + case ActionReportColumn.TransferStatus: + return entry.transferStatus; + case ActionReportColumn.Node: + return entry.nodePath; + case ActionReportColumn.TeamCount: + return String(entry.teams.length); + case ActionReportColumn.Teams: + return entry.teams.join(", "); + case ActionReportColumn.RoleCount: + return String(entry.roles.length); + case ActionReportColumn.Roles: + return entry.roles.join(", "); + case ActionReportColumn.Alias: + return entry.aliases.join(", "); + case ActionReportColumn.TwoFaEnabled: + return entry.tfaEnabled ? "true" : "false"; + } } diff --git a/KeeperSdk/src/enterpriseReport/auditReport.ts b/KeeperSdk/src/enterpriseReport/auditReport.ts index c0a975cd..409f197a 100644 --- a/KeeperSdk/src/enterpriseReport/auditReport.ts +++ b/KeeperSdk/src/enterpriseReport/auditReport.ts @@ -1,739 +1,905 @@ -import type { Auth } from '@keeper-security/keeperapi' +import type { Auth } from "@keeper-security/keeperapi"; import { - getAuditEventDimensionsCommand, - getAuditEventReportsCommand, - getEnterpriseDataCommand, -} from '@keeper-security/keeperapi' -import { KeeperSdkError, ResultCodes } from '../utils' + getAuditEventDimensionsCommand, + getAuditEventReportsCommand, + getEnterpriseDataCommand, +} from "@keeper-security/keeperapi"; +import { KeeperSdkError, ResultCodes } from "../utils"; import { - AuditAggregate, - AuditReportFormat, - AuditReportOrder, - AUDIT_DEFAULT_RAW_LIMIT, - AUDIT_DEFAULT_SUMMARY_LIMIT, - AUDIT_DIMENSION_API_LIMIT, - AUDIT_MISC_FIELDS, - AUDIT_NO_ARAM_RAW_LIMIT, - AUDIT_RAW_FIELDS, - AUDIT_RAW_PAGE_SIZE, - AUDIT_SUMMARY_MAX_LIMIT, - AUDIT_SYNTAX_HELP, - AUDIT_VIRTUAL_DIMENSIONS, - CREATED_PRESETS, - SUMMARY_REPORT_TYPES, -} from './reportTypes' + AuditAggregate, + AuditReportFormat, + AuditReportOrder, + AUDIT_DEFAULT_RAW_LIMIT, + AUDIT_DEFAULT_SUMMARY_LIMIT, + AUDIT_DIMENSION_API_LIMIT, + AUDIT_MISC_FIELDS, + AUDIT_NO_ARAM_RAW_LIMIT, + AUDIT_RAW_FIELDS, + AUDIT_RAW_PAGE_SIZE, + AUDIT_SUMMARY_MAX_LIMIT, + AUDIT_SYNTAX_HELP, + AUDIT_VIRTUAL_DIMENSIONS, + CREATED_PRESETS, + SUMMARY_REPORT_TYPES, +} from "./reportTypes"; import type { - AuditDimensionEventType, - AuditDimensionIpAddress, - AuditDimensionKeeperVersion, - AuditDimensionRow, - AuditEventOverviewReportRow, - AuditReportFilter, - AuditReportFilterPayload, - AuditReportOptions, - AuditReportResult, - AuditSummaryReportType, - CreatedFilterCriteria, - CreatedPreset, - EnterpriseAuditLicense, -} from './reportTypes' -import { assertSucceeded, resolveTimezone, toAuditApiOrder } from './reportUtils' - -let dimensionCache = new Map() -let cachedUsername = '' -let syslogTemplates: Map | null = null - -export async function runAuditReport(auth: Auth, options: AuditReportOptions = {}): Promise { - if (options.syntaxHelp || !options.reportType) { - return buildSyntaxHelp(auth) - } - - const hasAram = await resolveHasAram(auth, options.hasAram) - const reportType = options.reportType - - if (reportType === 'dim') return runDimensionReport(auth, options) - if (reportType === 'raw') return runRawReport(auth, options, hasAram) - if ((SUMMARY_REPORT_TYPES as readonly string[]).includes(reportType)) { - return runSummaryReport(auth, options, hasAram, reportType as AuditSummaryReportType) - } - - throw new KeeperSdkError(`Unsupported report type "${reportType}".`, ResultCodes.AUDIT_INVALID_REPORT_TYPE) + AuditDimensionEventType, + AuditDimensionIpAddress, + AuditDimensionKeeperVersion, + AuditDimensionRow, + AuditEventOverviewReportRow, + AuditReportFilter, + AuditReportFilterPayload, + AuditReportOptions, + AuditReportResult, + AuditSummaryReportType, + CreatedFilterCriteria, + CreatedPreset, + EnterpriseAuditLicense, +} from "./reportTypes"; +import { + assertSucceeded, + resolveTimezone, + toAuditApiOrder, +} from "./reportUtils"; + +let dimensionCache = new Map(); +let cachedUsername = ""; +let syslogTemplates: Map | null = null; + +export async function runAuditReport( + auth: Auth, + options: AuditReportOptions = {}, +): Promise { + if (options.syntaxHelp || !options.reportType) { + return buildSyntaxHelp(auth); + } + + const hasAram = await resolveHasAram(auth, options.hasAram); + const reportType = options.reportType; + + if (reportType === "dim") return runDimensionReport(auth, options); + if (reportType === "raw") return runRawReport(auth, options, hasAram); + if ((SUMMARY_REPORT_TYPES as readonly string[]).includes(reportType)) { + return runSummaryReport( + auth, + options, + hasAram, + reportType as AuditSummaryReportType, + ); + } + + throw new KeeperSdkError( + `Unsupported report type "${reportType}".`, + ResultCodes.AUDIT_INVALID_REPORT_TYPE, + ); } async function buildSyntaxHelp(auth: Auth): Promise { - const eventTypes = await loadDimension(auth, 'audit_event_type') - const eventTypeReference = eventTypes - .map((row) => { - if (!row || typeof row !== 'object') return null - const typed = row as AuditDimensionEventType - if (typed.id == null || !typed.name) return null - return { id: typed.id, name: typed.name } - }) - .filter((row): row is { id: number; name: string } => row !== null) - .sort((a, b) => a.id - b.id) - - const headers = ['id', 'name'] - const rows = eventTypeReference.map((row) => [String(row.id), row.name]) - return { - reportType: null, - headers, - rows, - syntaxHelp: AUDIT_SYNTAX_HELP, - eventTypeReference, - } + const eventTypes = await loadDimension(auth, "audit_event_type"); + const eventTypeReference = eventTypes + .map((row) => { + if (!row || typeof row !== "object") return null; + const typed = row as AuditDimensionEventType; + if (typed.id == null || !typed.name) return null; + return { id: typed.id, name: typed.name }; + }) + .filter((row): row is { id: number; name: string } => row !== null) + .sort((a, b) => a.id - b.id); + + const headers = ["id", "name"]; + const rows = eventTypeReference.map((row) => [String(row.id), row.name]); + return { + reportType: null, + headers, + rows, + syntaxHelp: AUDIT_SYNTAX_HELP, + eventTypeReference, + }; } -async function runDimensionReport(auth: Auth, options: AuditReportOptions): Promise { - const columns = options.columns - if (!columns || columns.length !== 1) { - throw new KeeperSdkError( - '"dim" reports expect exactly one "columns" value.', - ResultCodes.AUDIT_DIMENSION_COLUMN_REQUIRED - ) - } - - const column = columns[0] - const fields = dimensionFields(column) - const rows = (await loadDimension(auth, column)).map((row) => dimensionCells(row, fields)) - - return { - reportType: 'dim', - headers: fields, - rows, - } +async function runDimensionReport( + auth: Auth, + options: AuditReportOptions, +): Promise { + const columns = options.columns; + if (!columns || columns.length !== 1) { + throw new KeeperSdkError( + '"dim" reports expect exactly one "columns" value.', + ResultCodes.AUDIT_DIMENSION_COLUMN_REQUIRED, + ); + } + + const column = columns[0]; + const fields = dimensionFields(column); + const rows = (await loadDimension(auth, column)).map((row) => + dimensionCells(row, fields), + ); + + return { + reportType: "dim", + headers: fields, + rows, + }; } async function runRawReport( - auth: Auth, - options: AuditReportOptions, - hasAram: boolean + auth: Auth, + options: AuditReportOptions, + hasAram: boolean, ): Promise { - let filter = await resolveFilter(auth, options.filter ?? {}) - let limit = options.limit - let order = options.order - - if (!hasAram) { - const requested = options.limit - limit = requested != null && requested > 0 ? Math.min(requested, AUDIT_NO_ARAM_RAW_LIMIT) : AUDIT_NO_ARAM_RAW_LIMIT - order = order ?? AuditReportOrder.Desc - if (!filter.created) { - filter.created = 'last_30_days' - } - } - - const reportFormat = options.reportFormat ?? AuditReportFormat.Message - const events = await fetchRawEvents(auth, { - filter: Object.keys(filter).length > 0 ? filter : undefined, - limit, - order, - timezone: options.timezone, - }) - const fields: string[] = [...AUDIT_RAW_FIELDS] - const miscFields = new Set(AUDIT_MISC_FIELDS) - const templates = - reportFormat === AuditReportFormat.Message ? await loadSyslogTemplates(auth) : new Map() - - if (reportFormat === AuditReportFormat.Message) fields.push('message') - - const rows: string[][] = [] - for (const event of events) { - if (reportFormat === AuditReportFormat.Fields) { - for (const key of Object.keys(event)) { - if (miscFields.has(key)) { - fields.push(key) - miscFields.delete(key) - } - } + let filter = await resolveFilter(auth, options.filter ?? {}); + let limit = options.limit; + let order = options.order; + + if (!hasAram) { + const requested = options.limit; + limit = + requested != null && requested > 0 + ? Math.min(requested, AUDIT_NO_ARAM_RAW_LIMIT) + : AUDIT_NO_ARAM_RAW_LIMIT; + order = order ?? AuditReportOrder.Desc; + if (!filter.created) { + filter.created = "last_30_days"; + } + } + + const reportFormat = options.reportFormat ?? AuditReportFormat.Message; + const events = await fetchRawEvents(auth, { + filter: Object.keys(filter).length > 0 ? filter : undefined, + limit, + order, + timezone: options.timezone, + }); + const fields: string[] = [...AUDIT_RAW_FIELDS]; + const miscFields = new Set(AUDIT_MISC_FIELDS); + const templates = + reportFormat === AuditReportFormat.Message + ? await loadSyslogTemplates(auth) + : new Map(); + + if (reportFormat === AuditReportFormat.Message) fields.push("message"); + + const rows: string[][] = []; + for (const event of events) { + if (reportFormat === AuditReportFormat.Fields) { + for (const key of Object.keys(event)) { + if (miscFields.has(key)) { + fields.push(key); + miscFields.delete(key); } - rows.push( - fields.map((field) => - field === 'message' ? eventMessage(event, templates) : formatFieldValue(field, getAuditEventField(event, field), 'raw') - ) - ) - } - - return { - reportType: 'raw', - headers: fields, - rows, - events, - } + } + } + rows.push( + fields.map((field) => + field === "message" + ? eventMessage(event, templates) + : formatFieldValue(field, getAuditEventField(event, field), "raw"), + ), + ); + } + + return { + reportType: "raw", + headers: fields, + rows, + events, + }; } async function runSummaryReport( - auth: Auth, - options: AuditReportOptions, - hasAram: boolean, - reportType: (typeof SUMMARY_REPORT_TYPES)[number] + auth: Auth, + options: AuditReportOptions, + hasAram: boolean, + reportType: (typeof SUMMARY_REPORT_TYPES)[number], ): Promise { - if (!hasAram) { - throw new KeeperSdkError('Audit Reporting addon is not enabled.', ResultCodes.AUDIT_REPORTING_NOT_ENABLED) - } - - const limit = options.limit - if (typeof limit === 'number' && (limit < 0 || limit > AUDIT_SUMMARY_MAX_LIMIT)) { - throw new KeeperSdkError(`Invalid "limit" value: ${limit}`, ResultCodes.AUDIT_INVALID_LIMIT) - } - if (!options.columns?.length) { - throw new KeeperSdkError('"columns" parameter cannot be empty.', ResultCodes.AUDIT_COLUMNS_REQUIRED) - } - - const aggregates = - options.aggregates?.length ? options.aggregates : [AuditAggregate.Occurrences] - const events = await fetchSummaryEvents(auth, { - reportType, - filter: await resolveFilter(auth, options.filter), - limit, - order: options.order, - timezone: options.timezone, - columns: options.columns, - aggregates, - }) - - const fields = [...aggregates, ...(reportType !== 'span' ? ['created'] : []), ...options.columns] - const rows = events.map((event) => - fields.map((field) => formatFieldValue(field, getAuditEventField(event, field), reportType)) - ) - return { - reportType, - headers: fields, - rows, - events, - } + if (!hasAram) { + throw new KeeperSdkError( + "Audit Reporting addon is not enabled.", + ResultCodes.AUDIT_REPORTING_NOT_ENABLED, + ); + } + + const limit = options.limit; + if ( + typeof limit === "number" && + (limit < 0 || limit > AUDIT_SUMMARY_MAX_LIMIT) + ) { + throw new KeeperSdkError( + `Invalid "limit" value: ${limit}`, + ResultCodes.AUDIT_INVALID_LIMIT, + ); + } + if (!options.columns?.length) { + throw new KeeperSdkError( + '"columns" parameter cannot be empty.', + ResultCodes.AUDIT_COLUMNS_REQUIRED, + ); + } + + const aggregates = options.aggregates?.length + ? options.aggregates + : [AuditAggregate.Occurrences]; + const events = await fetchSummaryEvents(auth, { + reportType, + filter: await resolveFilter(auth, options.filter), + limit, + order: options.order, + timezone: options.timezone, + columns: options.columns, + aggregates, + }); + + const fields = [ + ...aggregates, + ...(reportType !== "span" ? ["created"] : []), + ...options.columns, + ]; + const rows = events.map((event) => + fields.map((field) => + formatFieldValue(field, getAuditEventField(event, field), reportType), + ), + ); + return { + reportType, + headers: fields, + rows, + events, + }; } async function fetchRawEvents( - auth: Auth, - options: { - filter?: AuditReportFilter - limit?: number - order?: AuditReportOrder - timezone?: string - } + auth: Auth, + options: { + filter?: AuditReportFilter; + limit?: number; + order?: AuditReportOrder; + timezone?: string; + }, ): Promise { - const limit = options.limit ?? AUDIT_DEFAULT_RAW_LIMIT - if (limit === 0) return [] - - const isPaginated = limit < 0 || limit > AUDIT_RAW_PAGE_SIZE - let workingFilter = options.filter ? { ...options.filter } : undefined - const order = options.order ?? AuditReportOrder.Desc - const timezone = resolveTimezone(options.timezone) - - if (isPaginated && typeof workingFilter?.created === 'string') { - if ((CREATED_PRESETS as readonly string[]).includes(workingFilter.created)) { - workingFilter.created = expandCreatedPreset(workingFilter.created as CreatedPreset) - } - } - - const events: AuditEventOverviewReportRow[] = [] - let eventsReturned = 0 - let done = false - - while (!done) { - done = true - const queryLimit = isPaginated - ? limit <= 0 - ? AUDIT_RAW_PAGE_SIZE - : Math.min(AUDIT_RAW_PAGE_SIZE, limit - eventsReturned) - : limit - - const response = await auth.executeRestCommand( - getAuditEventReportsCommand({ - report_type: 'raw', - scope: 'enterprise', - timezone, - limit: queryLimit, - order: toAuditApiOrder(order), - filter: serializeFilter(workingFilter), - }) - ) - assertSucceeded(response, 'get_audit_event_reports failed', ResultCodes.AUDIT_REPORT_FAILED) - - let pageEvents = (response.audit_event_overview_report_rows ?? []) as AuditEventOverviewReportRow[] - if (!isPaginated && pageEvents.length > queryLimit) { - pageEvents = pageEvents.slice(0, queryLimit) - } - if (isPaginated && pageEvents.length === AUDIT_RAW_PAGE_SIZE) { - done = false - const lastEvent = pageEvents[pageEvents.length - 1] - const ts = Number(lastEvent.created) - let pos = pageEvents.length - 1 - while (pos > 900 && Number(pageEvents[pos].created) === ts) pos -= 1 - if (pos > 900) pageEvents = pageEvents.slice(0, pos) - else workingFilter = advanceCreatedFilter(workingFilter, ts + 1, order) - } - - events.push(...pageEvents) - eventsReturned += pageEvents.length - if ((limit > 0 && eventsReturned >= limit) || pageEvents.length === 0) break - } + const limit = options.limit ?? AUDIT_DEFAULT_RAW_LIMIT; + if (limit === 0) return []; + + const isPaginated = limit < 0 || limit > AUDIT_RAW_PAGE_SIZE; + let workingFilter = options.filter ? { ...options.filter } : undefined; + const order = options.order ?? AuditReportOrder.Desc; + const timezone = resolveTimezone(options.timezone); + + if (isPaginated && typeof workingFilter?.created === "string") { + if ( + (CREATED_PRESETS as readonly string[]).includes(workingFilter.created) + ) { + workingFilter.created = expandCreatedPreset( + workingFilter.created as CreatedPreset, + ); + } + } + + const events: AuditEventOverviewReportRow[] = []; + let eventsReturned = 0; + let done = false; + + while (!done) { + done = true; + const queryLimit = isPaginated + ? limit <= 0 + ? AUDIT_RAW_PAGE_SIZE + : Math.min(AUDIT_RAW_PAGE_SIZE, limit - eventsReturned) + : limit; - return limit > 0 ? events.slice(0, limit) : events + const response = await auth.executeRestCommand( + getAuditEventReportsCommand({ + report_type: "raw", + scope: "enterprise", + timezone, + limit: queryLimit, + order: toAuditApiOrder(order), + filter: serializeFilter(workingFilter), + }), + ); + assertSucceeded( + response, + "get_audit_event_reports failed", + ResultCodes.AUDIT_REPORT_FAILED, + ); + + let pageEvents = (response.audit_event_overview_report_rows ?? + []) as AuditEventOverviewReportRow[]; + if (!isPaginated && pageEvents.length > queryLimit) { + pageEvents = pageEvents.slice(0, queryLimit); + } + if (isPaginated && pageEvents.length === AUDIT_RAW_PAGE_SIZE) { + done = false; + const lastEvent = pageEvents[pageEvents.length - 1]; + const ts = Number(lastEvent.created); + let pos = pageEvents.length - 1; + while (pos > 900 && Number(pageEvents[pos].created) === ts) pos -= 1; + if (pos > 900) pageEvents = pageEvents.slice(0, pos); + else workingFilter = advanceCreatedFilter(workingFilter, ts + 1, order); + } + + events.push(...pageEvents); + eventsReturned += pageEvents.length; + if ((limit > 0 && eventsReturned >= limit) || pageEvents.length === 0) + break; + } + + return limit > 0 ? events.slice(0, limit) : events; } async function fetchSummaryEvents( - auth: Auth, - options: { - reportType: AuditSummaryReportType - filter?: AuditReportFilter - limit?: number - order?: AuditReportOrder - timezone?: string - columns: string[] - aggregates: AuditAggregate[] - } + auth: Auth, + options: { + reportType: AuditSummaryReportType; + filter?: AuditReportFilter; + limit?: number; + order?: AuditReportOrder; + timezone?: string; + columns: string[]; + aggregates: AuditAggregate[]; + }, ): Promise { - let limit = options.limit ?? AUDIT_DEFAULT_SUMMARY_LIMIT - if (limit <= 0) limit = AUDIT_DEFAULT_SUMMARY_LIMIT - else if (limit > AUDIT_SUMMARY_MAX_LIMIT) limit = AUDIT_SUMMARY_MAX_LIMIT - - const filter = serializeFilter(options.filter) - - const response = await auth.executeRestCommand( - getAuditEventReportsCommand({ - report_type: options.reportType, - scope: 'enterprise', - timezone: resolveTimezone(options.timezone), - limit, - aggregate: [...options.aggregates], - columns: [...options.columns], - ...(options.order ? { order: toAuditApiOrder(options.order) } : {}), - ...(filter ? { filter } : {}), - }) - ) - assertSucceeded(response, 'get_audit_event_reports failed', ResultCodes.AUDIT_REPORT_FAILED) - return (response.audit_event_overview_report_rows ?? []) as AuditEventOverviewReportRow[] + let limit = options.limit ?? AUDIT_DEFAULT_SUMMARY_LIMIT; + if (limit <= 0) limit = AUDIT_DEFAULT_SUMMARY_LIMIT; + else if (limit > AUDIT_SUMMARY_MAX_LIMIT) limit = AUDIT_SUMMARY_MAX_LIMIT; + + const filter = serializeFilter(options.filter); + + const response = await auth.executeRestCommand( + getAuditEventReportsCommand({ + report_type: options.reportType, + scope: "enterprise", + timezone: resolveTimezone(options.timezone), + limit, + aggregate: [...options.aggregates], + columns: [...options.columns], + ...(options.order ? { order: toAuditApiOrder(options.order) } : {}), + ...(filter ? { filter } : {}), + }), + ); + assertSucceeded( + response, + "get_audit_event_reports failed", + ResultCodes.AUDIT_REPORT_FAILED, + ); + return (response.audit_event_overview_report_rows ?? + []) as AuditEventOverviewReportRow[]; } -async function resolveFilter(auth: Auth, filter: AuditReportFilter = {}): Promise { - const resolved: AuditReportFilter = { ...filter } - - if (filter.geoLocation || filter.ipAddress) { - const ipFilter = new Set() - if (filter.geoLocation) { - const parts = filter.geoLocation.split(',') - const country = (parts.pop() || '').trim().toLowerCase() - if (!country) { - throw new KeeperSdkError('"geoLocation" filter misses country.', ResultCodes.AUDIT_INVALID_FILTER) - } - const region = (parts.pop() || '').trim().toLowerCase() - const city = (parts.pop() || '').trim().toLowerCase() - for (const geo of await loadDimension(auth, 'geo_location')) { - if (!geo || typeof geo !== 'object') continue - const row = geo as AuditDimensionIpAddress & { ip_addresses?: string[] } - if ((row.country_code || '').toLowerCase() !== country) continue - if (region && (row.region || '').toLowerCase() !== region) continue - if (city && (row.city || '').toLowerCase() !== city) continue - row.ip_addresses?.forEach((ip) => ipFilter.add(ip)) - } - if (ipFilter.size === 0) { - throw new KeeperSdkError( - `"geoLocation" filter: invalid GEO location ${filter.geoLocation}`, - ResultCodes.AUDIT_INVALID_FILTER - ) - } - } - const addresses = filter.ipAddress - ? Array.isArray(filter.ipAddress) - ? filter.ipAddress - : [filter.ipAddress] - : [] - addresses.forEach((ip) => ipFilter.add(ip)) - resolved.ipAddress = Array.from(ipFilter) - } - - if (filter.deviceType) { - const versionFilter = new Set() - const parts = filter.deviceType.split(',') - const deviceType = (parts[0] || '').trim().toLowerCase() - let version = (parts[1] || '').trim().toLowerCase() - if (version && !version.includes('.')) version += '.' - if (!deviceType && !version) { - throw new KeeperSdkError('"deviceType" filter is empty.', ResultCodes.AUDIT_INVALID_FILTER) - } - for (const row of await loadDimension(auth, 'device_type')) { - if (!row || typeof row !== 'object') continue - const ver = row as AuditDimensionKeeperVersion & { version_ids?: number[] } - if (deviceType) { - const typeName = (ver.type_name || '').toLowerCase() - const typeCategory = (ver.type_category || '').toLowerCase() - if (deviceType !== typeName && deviceType !== typeCategory) continue - } - if (version && !(ver.version || '').startsWith(version)) continue - ver.version_ids?.forEach((id) => { - if (Number.isInteger(id)) versionFilter.add(id) - }) - } - if (versionFilter.size === 0) { - throw new KeeperSdkError('"deviceType" filter matched no events.', ResultCodes.AUDIT_INVALID_FILTER) - } - resolved.keeperVersion = Array.from(versionFilter) - } - - if (filter.eventType !== undefined) { - resolved.eventType = Array.isArray(filter.eventType) - ? filter.eventType.map((value) => asStrOrInt('event-type', value)) - : asStrOrInt('event-type', filter.eventType) - } - - delete resolved.geoLocation - delete resolved.deviceType - return resolved +async function resolveFilter( + auth: Auth, + filter: AuditReportFilter = {}, +): Promise { + const resolved: AuditReportFilter = { ...filter }; + + if (filter.geoLocation || filter.ipAddress) { + const ipFilter = new Set(); + if (filter.geoLocation) { + const parts = filter.geoLocation.split(","); + const country = (parts.pop() || "").trim().toLowerCase(); + if (!country) { + throw new KeeperSdkError( + '"geoLocation" filter misses country.', + ResultCodes.AUDIT_INVALID_FILTER, + ); + } + const region = (parts.pop() || "").trim().toLowerCase(); + const city = (parts.pop() || "").trim().toLowerCase(); + for (const geo of await loadDimension(auth, "geo_location")) { + if (!geo || typeof geo !== "object") continue; + const row = geo as AuditDimensionIpAddress & { + ip_addresses?: string[]; + }; + if ((row.country_code || "").toLowerCase() !== country) continue; + if (region && (row.region || "").toLowerCase() !== region) continue; + if (city && (row.city || "").toLowerCase() !== city) continue; + row.ip_addresses?.forEach((ip) => ipFilter.add(ip)); + } + if (ipFilter.size === 0) { + throw new KeeperSdkError( + `"geoLocation" filter: invalid GEO location ${filter.geoLocation}`, + ResultCodes.AUDIT_INVALID_FILTER, + ); + } + } + const addresses = filter.ipAddress + ? Array.isArray(filter.ipAddress) + ? filter.ipAddress + : [filter.ipAddress] + : []; + addresses.forEach((ip) => ipFilter.add(ip)); + resolved.ipAddress = Array.from(ipFilter); + } + + if (filter.deviceType) { + const versionFilter = new Set(); + const parts = filter.deviceType.split(","); + const deviceType = (parts[0] || "").trim().toLowerCase(); + let version = (parts[1] || "").trim().toLowerCase(); + if (version && !version.includes(".")) version += "."; + if (!deviceType && !version) { + throw new KeeperSdkError( + '"deviceType" filter is empty.', + ResultCodes.AUDIT_INVALID_FILTER, + ); + } + for (const row of await loadDimension(auth, "device_type")) { + if (!row || typeof row !== "object") continue; + const ver = row as AuditDimensionKeeperVersion & { + version_ids?: number[]; + }; + if (deviceType) { + const typeName = (ver.type_name || "").toLowerCase(); + const typeCategory = (ver.type_category || "").toLowerCase(); + if (deviceType !== typeName && deviceType !== typeCategory) continue; + } + if (version && !(ver.version || "").startsWith(version)) continue; + ver.version_ids?.forEach((id) => { + if (Number.isInteger(id)) versionFilter.add(id); + }); + } + if (versionFilter.size === 0) { + throw new KeeperSdkError( + '"deviceType" filter matched no events.', + ResultCodes.AUDIT_INVALID_FILTER, + ); + } + resolved.keeperVersion = Array.from(versionFilter); + } + + if (filter.eventType !== undefined) { + resolved.eventType = Array.isArray(filter.eventType) + ? filter.eventType.map((value) => asStrOrInt("event-type", value)) + : asStrOrInt("event-type", filter.eventType); + } + + delete resolved.geoLocation; + delete resolved.deviceType; + return resolved; } -async function loadDimension(auth: Auth, dimension: string): Promise { - invalidateAuditCachesIfUserChanged(auth) - const cached = dimensionCache.get(dimension) - if (cached) return cached - - const virtualSource = AUDIT_VIRTUAL_DIMENSIONS[dimension] - const rows = virtualSource - ? buildVirtualDimension(dimension, await loadDimension(auth, virtualSource)) - : await fetchDimensionRows(auth, dimension) - - dimensionCache.set(dimension, rows) - return rows +async function loadDimension( + auth: Auth, + dimension: string, +): Promise { + invalidateAuditCachesIfUserChanged(auth); + const cached = dimensionCache.get(dimension); + if (cached) return cached; + + const virtualSource = AUDIT_VIRTUAL_DIMENSIONS[dimension]; + const rows = virtualSource + ? buildVirtualDimension(dimension, await loadDimension(auth, virtualSource)) + : await fetchDimensionRows(auth, dimension); + + dimensionCache.set(dimension, rows); + return rows; } -async function fetchDimensionRows(auth: Auth, dimension: string): Promise { - const response = await auth.executeRestCommand( - getAuditEventDimensionsCommand({ - report_type: 'dim', - columns: [dimension], - limit: AUDIT_DIMENSION_API_LIMIT, - scope: 'enterprise', - }) - ) - assertSucceeded(response, 'get_audit_event_dimensions failed', ResultCodes.AUDIT_DIMENSION_FAILED) - const rows = (response.dimensions?.[dimension] || []) as AuditDimensionRow[] - if (dimension !== 'ip_address') return rows - - return rows.map((row) => { - if (typeof row === 'string' || !row || typeof row !== 'object') return row - const ipRow = row as AuditDimensionIpAddress - const city = ipRow.city || '' - const region = ipRow.region || '' - const country = ipRow.country_code || '' - if (!city && !region && !country) return row - return { ...ipRow, geo_location: [city, region, country].filter(Boolean).join(', ') } - }) +async function fetchDimensionRows( + auth: Auth, + dimension: string, +): Promise { + const response = await auth.executeRestCommand( + getAuditEventDimensionsCommand({ + report_type: "dim", + columns: [dimension], + limit: AUDIT_DIMENSION_API_LIMIT, + scope: "enterprise", + }), + ); + assertSucceeded( + response, + "get_audit_event_dimensions failed", + ResultCodes.AUDIT_DIMENSION_FAILED, + ); + const rows = (response.dimensions?.[dimension] || []) as AuditDimensionRow[]; + if (dimension !== "ip_address") return rows; + + return rows.map((row) => { + if (typeof row === "string" || !row || typeof row !== "object") return row; + const ipRow = row as AuditDimensionIpAddress; + const city = ipRow.city || ""; + const region = ipRow.region || ""; + const country = ipRow.country_code || ""; + if (!city && !region && !country) return row; + return { + ...ipRow, + geo_location: [city, region, country].filter(Boolean).join(", "), + }; + }); } -function buildVirtualDimension(dimension: string, sourceRows: AuditDimensionRow[]): AuditDimensionRow[] { - if (dimension === 'geo_location') { - const geoMap = new Map>() - for (const row of sourceRows) { - if (!row || typeof row !== 'object') continue - const ipRow = row as AuditDimensionIpAddress & { ip_addresses?: string[] } - if (!ipRow.geo_location || !ipRow.ip_address) continue - const existing = geoMap.get(ipRow.geo_location) - if (existing) (existing.ip_addresses as string[]).push(ipRow.ip_address) - else { - const entry: Record = { ...ipRow } - delete entry.ip_address - entry.ip_addresses = [ipRow.ip_address] - geoMap.set(ipRow.geo_location, entry) - } - } - return Array.from(geoMap.values()).map((entry) => ({ - ...entry, - ip_count: Array.isArray(entry.ip_addresses) ? entry.ip_addresses.length : 0, - })) - } - - if (dimension === 'device_type') { - const deviceMap = new Map>() - for (const row of sourceRows) { - if (!row || typeof row !== 'object') continue - const versionRow = row as AuditDimensionKeeperVersion & { version_ids?: number[] } - if (!versionRow.type_id || !versionRow.version_id) continue - const existing = deviceMap.get(versionRow.type_id) - if (existing) (existing.version_ids as number[]).push(versionRow.version_id) - else { - const entry: Record = { ...versionRow } - delete entry.version_id - entry.version_ids = [versionRow.version_id] - deviceMap.set(versionRow.type_id, entry) - } - } - return Array.from(deviceMap.values()) - } - - return sourceRows +function buildVirtualDimension( + dimension: string, + sourceRows: AuditDimensionRow[], +): AuditDimensionRow[] { + if (dimension === "geo_location") { + const geoMap = new Map>(); + for (const row of sourceRows) { + if (!row || typeof row !== "object") continue; + const ipRow = row as AuditDimensionIpAddress & { + ip_addresses?: string[]; + }; + if (!ipRow.geo_location || !ipRow.ip_address) continue; + const existing = geoMap.get(ipRow.geo_location); + if (existing) (existing.ip_addresses as string[]).push(ipRow.ip_address); + else { + const entry: Record = { ...ipRow }; + delete entry.ip_address; + entry.ip_addresses = [ipRow.ip_address]; + geoMap.set(ipRow.geo_location, entry); + } + } + return Array.from(geoMap.values()).map((entry) => ({ + ...entry, + ip_count: Array.isArray(entry.ip_addresses) + ? entry.ip_addresses.length + : 0, + })); + } + + if (dimension === "device_type") { + const deviceMap = new Map>(); + for (const row of sourceRows) { + if (!row || typeof row !== "object") continue; + const versionRow = row as AuditDimensionKeeperVersion & { + version_ids?: number[]; + }; + if (!versionRow.type_id || !versionRow.version_id) continue; + const existing = deviceMap.get(versionRow.type_id); + if (existing) + (existing.version_ids as number[]).push(versionRow.version_id); + else { + const entry: Record = { ...versionRow }; + delete entry.version_id; + entry.version_ids = [versionRow.version_id]; + deviceMap.set(versionRow.type_id, entry); + } + } + return Array.from(deviceMap.values()); + } + + return sourceRows; } async function loadSyslogTemplates(auth: Auth): Promise> { - invalidateAuditCachesIfUserChanged(auth) - if (syslogTemplates) return syslogTemplates - const templates = new Map() - for (const row of await loadDimension(auth, 'audit_event_type')) { - if (!row || typeof row !== 'object') continue - const typed = row as AuditDimensionEventType - if (typed.name && typed.syslog) templates.set(typed.name, typed.syslog) - } - syslogTemplates = templates - return templates + invalidateAuditCachesIfUserChanged(auth); + if (syslogTemplates) return syslogTemplates; + const templates = new Map(); + for (const row of await loadDimension(auth, "audit_event_type")) { + if (!row || typeof row !== "object") continue; + const typed = row as AuditDimensionEventType; + if (typed.name && typed.syslog) templates.set(typed.name, typed.syslog); + } + syslogTemplates = templates; + return templates; } function invalidateAuditCachesIfUserChanged(auth: Auth): void { - if (auth.username !== cachedUsername) { - dimensionCache = new Map() - syslogTemplates = null - cachedUsername = auth.username || '' - } + if (auth.username !== cachedUsername) { + dimensionCache = new Map(); + syslogTemplates = null; + cachedUsername = auth.username || ""; + } } -function getAuditEventField(event: AuditEventOverviewReportRow, field: string): unknown { - return (event as Record)[field] +function getAuditEventField( + event: AuditEventOverviewReportRow, + field: string, +): unknown { + return (event as Record)[field]; } -function eventMessage(event: AuditEventOverviewReportRow, templates: Map): string { - const template = templates.get(event.audit_event_type || '') - if (!template) return '' - let info = template - while (true) { - const match = /\$\{(\w+)\}/.exec(info) - if (!match) break - const fieldValue = getAuditEventField(event, match[1]) - const value = fieldValue == null ? ' ' : String(fieldValue) - info = info.slice(0, match.index) + value + info.slice(match.index + match[0].length) - } - return info +function eventMessage( + event: AuditEventOverviewReportRow, + templates: Map, +): string { + const template = templates.get(event.audit_event_type || ""); + if (!template) return ""; + let info = template; + while (true) { + const match = /\$\{(\w+)\}/.exec(info); + if (!match) break; + const fieldValue = getAuditEventField(event, match[1]); + const value = fieldValue == null ? " " : String(fieldValue); + info = + info.slice(0, match.index) + + value + + info.slice(match.index + match[0].length); + } + return info; } -function serializeFilter(filter: AuditReportFilter | undefined): AuditReportFilterPayload | undefined { - if (!filter) return undefined - const payload: AuditReportFilterPayload = {} - - if (filter.created !== undefined) { - if (typeof filter.created === 'string') { - payload.created = (CREATED_PRESETS as readonly string[]).includes(filter.created) - ? (filter.created as CreatedPreset) - : createdCriteria(parseCreatedFilter(filter.created)) - } else { - payload.created = createdCriteria(filter.created) - } - } - if (filter.eventType !== undefined) payload.audit_event_type = filter.eventType - if (filter.keeperVersion !== undefined) payload.keeper_version = filter.keeperVersion - if (filter.username !== undefined) payload.username = filter.username - if (filter.toUsername !== undefined) payload.to_username = filter.toUsername - if (filter.ipAddress !== undefined) { - payload.ip_address = Array.isArray(filter.ipAddress) ? filter.ipAddress : [filter.ipAddress] - } - if (filter.recordUid !== undefined) payload.record_uid = filter.recordUid - if (filter.sharedFolderUid !== undefined) payload.shared_folder_uid = filter.sharedFolderUid - if (filter.parentId !== undefined) payload.parent_id = filter.parentId - - return Object.keys(payload).length > 0 ? payload : undefined +function serializeFilter( + filter: AuditReportFilter | undefined, +): AuditReportFilterPayload | undefined { + if (!filter) return undefined; + const payload: AuditReportFilterPayload = {}; + + if (filter.created !== undefined) { + if (typeof filter.created === "string") { + payload.created = (CREATED_PRESETS as readonly string[]).includes( + filter.created, + ) + ? (filter.created as CreatedPreset) + : createdCriteria(parseCreatedFilter(filter.created)); + } else { + payload.created = createdCriteria(filter.created); + } + } + if (filter.eventType !== undefined) + payload.audit_event_type = filter.eventType; + if (filter.keeperVersion !== undefined) + payload.keeper_version = filter.keeperVersion; + if (filter.username !== undefined) payload.username = filter.username; + if (filter.toUsername !== undefined) payload.to_username = filter.toUsername; + if (filter.ipAddress !== undefined) { + payload.ip_address = Array.isArray(filter.ipAddress) + ? filter.ipAddress + : [filter.ipAddress]; + } + if (filter.recordUid !== undefined) payload.record_uid = filter.recordUid; + if (filter.sharedFolderUid !== undefined) + payload.shared_folder_uid = filter.sharedFolderUid; + if (filter.parentId !== undefined) payload.parent_id = filter.parentId; + + return Object.keys(payload).length > 0 ? payload : undefined; } -function createdCriteria(criteria: CreatedFilterCriteria): AuditReportFilterPayload['created'] { - const created: Record = {} - if (criteria.fromDate !== undefined) created.min = criteria.fromDate - if (criteria.excludeFrom === true) created.exclude_min = true - if (criteria.toDate !== undefined) created.max = criteria.toDate - if (criteria.excludeTo === true) created.exclude_max = true - return created as AuditReportFilterPayload['created'] +function createdCriteria( + criteria: CreatedFilterCriteria, +): AuditReportFilterPayload["created"] { + const created: Record = {}; + if (criteria.fromDate !== undefined) created.min = criteria.fromDate; + if (criteria.excludeFrom === true) created.exclude_min = true; + if (criteria.toDate !== undefined) created.max = criteria.toDate; + if (criteria.excludeTo === true) created.exclude_max = true; + return created as AuditReportFilterPayload["created"]; } function advanceCreatedFilter( - filter: AuditReportFilter | undefined, - timestamp: number, - order: AuditReportOrder + filter: AuditReportFilter | undefined, + timestamp: number, + order: AuditReportOrder, ): AuditReportFilter { - const next: AuditReportFilter = { ...(filter || {}) } - const criteria: CreatedFilterCriteria = - next.created && typeof next.created === 'object' && !Array.isArray(next.created) - ? { ...next.created } - : {} - if (order === AuditReportOrder.Asc) { - criteria.fromDate = timestamp - criteria.excludeFrom = false - } else { - criteria.toDate = timestamp - criteria.excludeTo = false - } - next.created = criteria - return next + const next: AuditReportFilter = { ...(filter || {}) }; + const criteria: CreatedFilterCriteria = + next.created && + typeof next.created === "object" && + !Array.isArray(next.created) + ? { ...next.created } + : {}; + if (order === AuditReportOrder.Asc) { + criteria.fromDate = timestamp; + criteria.excludeFrom = false; + } else { + criteria.toDate = timestamp; + criteria.excludeTo = false; + } + next.created = criteria; + return next; } -function parseBetweenCreatedFilter(trimmed: string): CreatedFilterCriteria | null { - const betweenPrefix = /^\s*between\s+/i.exec(trimmed) - if (!betweenPrefix) return null +function parseBetweenCreatedFilter( + trimmed: string, +): CreatedFilterCriteria | null { + const betweenPrefix = /^\s*between\s+/i.exec(trimmed); + if (!betweenPrefix) return null; - const rest = trimmed.slice(betweenPrefix[0].length) - const andMarker = ' and ' - const andIndex = rest.toLowerCase().indexOf(andMarker) - if (andIndex <= 0) return null + const rest = trimmed.slice(betweenPrefix[0].length); + const andMarker = " and "; + const andIndex = rest.toLowerCase().indexOf(andMarker); + if (andIndex <= 0) return null; - const fromDateStr = rest.slice(0, andIndex).trim() - const toDateStr = rest.slice(andIndex + andMarker.length).trim() - if (!fromDateStr || !toDateStr) return null + const fromDateStr = rest.slice(0, andIndex).trim(); + const toDateStr = rest.slice(andIndex + andMarker.length).trim(); + if (!fromDateStr || !toDateStr) return null; - return { fromDate: toEpoch(fromDateStr), toDate: toEpoch(toDateStr) } + return { fromDate: toEpoch(fromDateStr), toDate: toEpoch(toDateStr) }; } function parseCreatedFilter(value: string): CreatedFilterCriteria { - const trimmed = value.trim() - const betweenFilter = parseBetweenCreatedFilter(trimmed) - if (betweenFilter) { - return betweenFilter - } - for (const prefix of ['>=', '<=', '>', '<'] as const) { - if (!trimmed.startsWith(prefix)) continue - const dateValue = toEpoch(trimmed.slice(prefix.length).trim()) - if (prefix === '>=') return { fromDate: dateValue } - if (prefix === '<=') return { toDate: dateValue } - if (prefix === '>') return { fromDate: dateValue, excludeFrom: true } - return { toDate: dateValue, excludeTo: true } - } - throw new KeeperSdkError(`Invalid created filter value "${value}".`, ResultCodes.AUDIT_INVALID_CREATED_FILTER) + const trimmed = value.trim(); + const betweenFilter = parseBetweenCreatedFilter(trimmed); + if (betweenFilter) { + return betweenFilter; + } + for (const prefix of [">=", "<=", ">", "<"] as const) { + if (!trimmed.startsWith(prefix)) continue; + const dateValue = toEpoch(trimmed.slice(prefix.length).trim()); + if (prefix === ">=") return { fromDate: dateValue }; + if (prefix === "<=") return { toDate: dateValue }; + if (prefix === ">") return { fromDate: dateValue, excludeFrom: true }; + return { toDate: dateValue, excludeTo: true }; + } + throw new KeeperSdkError( + `Invalid created filter value "${value}".`, + ResultCodes.AUDIT_INVALID_CREATED_FILTER, + ); } function expandCreatedPreset(preset: CreatedPreset): CreatedFilterCriteria { - const today = startOfDay(new Date()) - let fromDate: Date - let toDate: Date - - switch (preset) { - case 'today': - fromDate = today - toDate = addDays(today, 1) - break - case 'yesterday': - fromDate = addDays(today, -1) - toDate = today - break - case 'last_7_days': - fromDate = addDays(today, -7) - toDate = today - break - case 'last_30_days': - fromDate = addDays(today, -30) - toDate = today - break - case 'month_to_date': - fromDate = new Date(today.getFullYear(), today.getMonth(), 1) - toDate = today - break - case 'last_month': - toDate = new Date(today.getFullYear(), today.getMonth(), 1) - fromDate = new Date(toDate.getFullYear(), toDate.getMonth() - 1, 1) - break - case 'last_year': - fromDate = new Date(today.getFullYear() - 1, 0, 1) - toDate = new Date(today.getFullYear(), 0, 1) - break - case 'year_to_date': - fromDate = new Date(today.getFullYear(), 0, 1) - toDate = today - break - default: - throw new KeeperSdkError(`Unknown created preset "${preset}".`, ResultCodes.AUDIT_INVALID_CREATED_FILTER) - } - - return { - fromDate: Math.floor(fromDate.getTime() / 1000), - toDate: Math.floor(toDate.getTime() / 1000), - excludeFrom: false, - excludeTo: true, - } + const today = startOfDay(new Date()); + let fromDate: Date; + let toDate: Date; + + switch (preset) { + case "today": + fromDate = today; + toDate = addDays(today, 1); + break; + case "yesterday": + fromDate = addDays(today, -1); + toDate = today; + break; + case "last_7_days": + fromDate = addDays(today, -7); + toDate = today; + break; + case "last_30_days": + fromDate = addDays(today, -30); + toDate = today; + break; + case "month_to_date": + fromDate = new Date(today.getFullYear(), today.getMonth(), 1); + toDate = today; + break; + case "last_month": + toDate = new Date(today.getFullYear(), today.getMonth(), 1); + fromDate = new Date(toDate.getFullYear(), toDate.getMonth() - 1, 1); + break; + case "last_year": + fromDate = new Date(today.getFullYear() - 1, 0, 1); + toDate = new Date(today.getFullYear(), 0, 1); + break; + case "year_to_date": + fromDate = new Date(today.getFullYear(), 0, 1); + toDate = today; + break; + default: + throw new KeeperSdkError( + `Unknown created preset "${preset}".`, + ResultCodes.AUDIT_INVALID_CREATED_FILTER, + ); + } + + return { + fromDate: Math.floor(fromDate.getTime() / 1000), + toDate: Math.floor(toDate.getTime() / 1000), + excludeFrom: false, + excludeTo: true, + }; } -async function resolveHasAram(auth: Auth, override: boolean | undefined): Promise { - if (override !== undefined) return override - try { - const response = await auth.executeRestCommand(getEnterpriseDataCommand({ include: ['licenses'] })) - assertSucceeded(response, 'get_enterprise_data failed', ResultCodes.AUDIT_LICENSE_CHECK_FAILED) - return hasEnterpriseAuditReporting(response.licenses as EnterpriseAuditLicense[] | undefined) - } catch { - return false - } +async function resolveHasAram( + auth: Auth, + override: boolean | undefined, +): Promise { + if (override !== undefined) return override; + try { + const response = await auth.executeRestCommand( + getEnterpriseDataCommand({ include: ["licenses"] }), + ); + assertSucceeded( + response, + "get_enterprise_data failed", + ResultCodes.AUDIT_LICENSE_CHECK_FAILED, + ); + return hasEnterpriseAuditReporting( + response.licenses as EnterpriseAuditLicense[] | undefined, + ); + } catch { + return false; + } } -function hasEnterpriseAuditReporting(licenses: EnterpriseAuditLicense[] | undefined): boolean { - if (!licenses || licenses.length === 0) return false - for (const license of licenses) { - if (license.audit_and_reporting_enabled === true) return true - for (const addon of license.add_ons || []) { - if (addon.enterprise_audit_and_reporting_enabled === true) return true - if ((addon.name || '').toLowerCase() === 'enterprise_audit_and_reporting') return true - } - } - return false +function hasEnterpriseAuditReporting( + licenses: EnterpriseAuditLicense[] | undefined, +): boolean { + if (!licenses || licenses.length === 0) return false; + for (const license of licenses) { + if (license.audit_and_reporting_enabled === true) return true; + for (const addon of license.add_ons || []) { + if (addon.enterprise_audit_and_reporting_enabled === true) return true; + if ((addon.name || "").toLowerCase() === "enterprise_audit_and_reporting") + return true; + } + } + return false; } function dimensionFields(column: string): string[] { - switch (column) { - case 'audit_event_type': - return ['id', 'name', 'category', 'syslog'] - case 'keeper_version': - return ['version_id', 'type_name', 'version', 'type_category'] - case 'ip_address': - return ['ip_address', 'city', 'region', 'country_code'] - case 'geo_location': - return ['geo_location', 'city', 'region', 'country_code', 'ip_count'] - case 'device_type': - return ['type_name', 'type_category'] - default: - return [column] - } + switch (column) { + case "audit_event_type": + return ["id", "name", "category", "syslog"]; + case "keeper_version": + return ["version_id", "type_name", "version", "type_category"]; + case "ip_address": + return ["ip_address", "city", "region", "country_code"]; + case "geo_location": + return ["geo_location", "city", "region", "country_code", "ip_count"]; + case "device_type": + return ["type_name", "type_category"]; + default: + return [column]; + } } -function dimensionCells(row: AuditDimensionRow, fields: readonly string[]): string[] { - if (typeof row === 'string') return [row] - if (!row || typeof row !== 'object') return [''] - return fields.map((field) => { - const value = (row as Record)[field] - return value == null ? '' : String(value) - }) +function dimensionCells( + row: AuditDimensionRow, + fields: readonly string[], +): string[] { + if (typeof row === "string") return [row]; + if (!row || typeof row !== "object") return [""]; + return fields.map((field) => { + const value = (row as Record)[field]; + return value == null ? "" : String(value); + }); } -function formatFieldValue(field: string, value: unknown, reportType: string): string { - if (value == null) return '' - if (field === 'created' || field === 'first_created' || field === 'last_created') { - if (typeof value === 'string') return value - if (typeof value === 'number') { - const dt = new Date(value * 1000) - if (reportType === 'day' || reportType === 'week') return dt.toISOString().slice(0, 10) - if (reportType === 'month') return dt.toLocaleString(undefined, { month: 'long', year: 'numeric' }) - if (reportType === 'hour') { - return `${dt.toISOString().slice(0, 10)} @${String(dt.getUTCHours()).padStart(2, '0')}:00` - } - return dt.toLocaleString() - } - } - return String(value) +function formatFieldValue( + field: string, + value: unknown, + reportType: string, +): string { + if (value == null) return ""; + if ( + field === "created" || + field === "first_created" || + field === "last_created" + ) { + if (typeof value === "string") return value; + if (typeof value === "number") { + const dt = new Date(value * 1000); + if (reportType === "day" || reportType === "week") + return dt.toISOString().slice(0, 10); + if (reportType === "month") + return dt.toLocaleString(undefined, { month: "long", year: "numeric" }); + if (reportType === "hour") { + return `${dt.toISOString().slice(0, 10)} @${String(dt.getUTCHours()).padStart(2, "0")}:00`; + } + return dt.toLocaleString(); + } + } + return String(value); } function toEpoch(value: string | number | Date): number { - if (value instanceof Date) return Math.floor(value.getTime() / 1000) - if (typeof value === 'number') return Math.floor(value) - const trimmed = value.trim() - const parsed = - trimmed.length <= 10 - ? new Date(`${trimmed}T00:00:00Z`) - : new Date(trimmed.endsWith('Z') ? trimmed : `${trimmed}Z`) - if (Number.isNaN(parsed.getTime())) { - throw new KeeperSdkError(`Invalid date "${value}".`, ResultCodes.AUDIT_INVALID_CREATED_FILTER) - } - return Math.floor(parsed.getTime() / 1000) + if (value instanceof Date) return Math.floor(value.getTime() / 1000); + if (typeof value === "number") return Math.floor(value); + const trimmed = value.trim(); + const parsed = + trimmed.length <= 10 + ? new Date(`${trimmed}T00:00:00Z`) + : new Date(trimmed.endsWith("Z") ? trimmed : `${trimmed}Z`); + if (Number.isNaN(parsed.getTime())) { + throw new KeeperSdkError( + `Invalid date "${value}".`, + ResultCodes.AUDIT_INVALID_CREATED_FILTER, + ); + } + return Math.floor(parsed.getTime() / 1000); } -function asStrOrInt(propertyName: string, value: string | number): string | number { - if (typeof value === 'number') return value - if (/^\d+$/.test(value)) return Number.parseInt(value, 10) - if (value.trim()) return value - throw new KeeperSdkError(`Invalid "${propertyName}" filter value: ${value}`, ResultCodes.AUDIT_INVALID_FILTER) +function asStrOrInt( + propertyName: string, + value: string | number, +): string | number { + if (typeof value === "number") return value; + if (/^\d+$/.test(value)) return Number.parseInt(value, 10); + if (value.trim()) return value; + throw new KeeperSdkError( + `Invalid "${propertyName}" filter value: ${value}`, + ResultCodes.AUDIT_INVALID_FILTER, + ); } function startOfDay(date: Date): Date { - return new Date(date.getFullYear(), date.getMonth(), date.getDate()) + return new Date(date.getFullYear(), date.getMonth(), date.getDate()); } function addDays(date: Date, days: number): Date { - const copy = new Date(date.getTime()) - copy.setDate(copy.getDate() + days) - return copy + const copy = new Date(date.getTime()); + copy.setDate(copy.getDate() + days); + return copy; } diff --git a/KeeperSdk/src/enterpriseReport/index.ts b/KeeperSdk/src/enterpriseReport/index.ts index 3acf2bfd..3063093b 100644 --- a/KeeperSdk/src/enterpriseReport/index.ts +++ b/KeeperSdk/src/enterpriseReport/index.ts @@ -1,54 +1,55 @@ +export { runAuditReport } from "./auditReport"; export { - runAuditReport, -} from './auditReport' + runActionReport, + getAllowedActions, + getDefaultDaysSince, +} from "./actionReport"; export { - runActionReport, - getAllowedActions, - getDefaultDaysSince, -} from './actionReport' + runPasswordReport, + getPasswordStrength, + calculatePasswordScore, + parsePasswordPolicy, + isPasswordCompliant, + buildPasswordPolicySummary, +} from "./passwordReport"; +export { EnterpriseReportManager } from "./EnterpriseReportManager"; export { - runPasswordReport, - getPasswordStrength, - calculatePasswordScore, - parsePasswordPolicy, - isPasswordCompliant, - buildPasswordPolicySummary, -} from './passwordReport' -export { EnterpriseReportManager } from './EnterpriseReportManager' -export { EnterpriseReportManager as AuditReportManager, EnterpriseReportManager as ActionReportManager } from './EnterpriseReportManager' -export type { AuthProvider } from './reportUtils' + EnterpriseReportManager as AuditReportManager, + EnterpriseReportManager as ActionReportManager, +} from "./EnterpriseReportManager"; +export type { AuthProvider } from "./reportUtils"; export { - AuditReportOrder, - AuditReportFormat, - AuditOutputFormat, - AuditAggregate, - SUMMARY_REPORT_TYPES, - CREATED_PRESETS, - TargetUserStatus, - AdminAction, - ActionReportColumn, - DEFAULT_ACTION_REPORT_COLUMNS, - SUPPORTED_ACTION_REPORT_COLUMNS, - PW_SPECIAL_CHARACTERS, - DEFAULT_TRUNCATION_LENGTH, - SUPPORTED_RECORD_VERSIONS, -} from './reportTypes' + AuditReportOrder, + AuditReportFormat, + AuditOutputFormat, + AuditAggregate, + SUMMARY_REPORT_TYPES, + CREATED_PRESETS, + TargetUserStatus, + AdminAction, + ActionReportColumn, + DEFAULT_ACTION_REPORT_COLUMNS, + SUPPORTED_ACTION_REPORT_COLUMNS, + PW_SPECIAL_CHARACTERS, + DEFAULT_TRUNCATION_LENGTH, + SUPPORTED_RECORD_VERSIONS, +} from "./reportTypes"; export type { - AuditReportOptions, - AuditReportResult, - AuditReportFilter, - CreatedFilterCriteria, - CreatedPreset, - AuditEventOverviewReportRow, - AuditReportType, - AuditSummaryReportType, - ActionReportEntry, - ActionReportOptions, - ActionReportResult, - ActionResult, - PasswordPolicy, - PasswordStrength, - PasswordReportRow, - PasswordReportOptions, - PasswordReportResult, -} from './reportTypes' + AuditReportOptions, + AuditReportResult, + AuditReportFilter, + CreatedFilterCriteria, + CreatedPreset, + AuditEventOverviewReportRow, + AuditReportType, + AuditSummaryReportType, + ActionReportEntry, + ActionReportOptions, + ActionReportResult, + ActionResult, + PasswordPolicy, + PasswordStrength, + PasswordReportRow, + PasswordReportOptions, + PasswordReportResult, +} from "./reportTypes"; diff --git a/KeeperSdk/src/enterpriseReport/passwordReport.ts b/KeeperSdk/src/enterpriseReport/passwordReport.ts index 3cac6a4b..9a4b60cc 100644 --- a/KeeperSdk/src/enterpriseReport/passwordReport.ts +++ b/KeeperSdk/src/enterpriseReport/passwordReport.ts @@ -1,492 +1,541 @@ -import type { DBWRecord, DRecord } from '@keeper-security/keeperapi' -import { InMemoryStorage } from '../storage/InMemoryStorage' -import { resolveSingleFolder, type VaultFolderSession } from '../folders/changeDirectory' -import { listFolder } from '../folders/listFolder' +import type { DBWRecord, DRecord } from "@keeper-security/keeperapi"; +import { InMemoryStorage } from "../storage/InMemoryStorage"; import { - getRecordPassword, - getRecordSummary, - getRecordTitle, -} from '../records/RecordUtils' -import { KeeperSdkError, ResultCodes } from '../utils' + resolveSingleFolder, + type VaultFolderSession, +} from "../folders/changeDirectory"; +import { listFolder } from "../folders/listFolder"; import { - DEFAULT_TRUNCATION_LENGTH, - PASSWORD_BREACHWATCH_STATUS_NAMES, - PW_SPECIAL_CHARACTERS, - SUPPORTED_RECORD_VERSIONS, - type PasswordPolicy, - type PasswordReportOptions, - type PasswordReportResult, - type PasswordReportRow, - type PasswordStrength, -} from './reportTypes' - -const POLICY_FIELD_COUNT = 5 -const SPECIAL_CHAR_SET = new Set(PW_SPECIAL_CHARACTERS.split('')) - -const POLICY_SUMMARY_LABELS: ReadonlyArray<{ key: keyof PasswordPolicy; label: string }> = [ - { key: 'length', label: 'length' }, - { key: 'lower', label: 'lowercase' }, - { key: 'upper', label: 'uppercase' }, - { key: 'digits', label: 'digits' }, - { key: 'special', label: 'special' }, -] - -type SupportedRecordVersion = (typeof SUPPORTED_RECORD_VERSIONS)[number] + getRecordPassword, + getRecordSummary, + getRecordTitle, +} from "../records/RecordUtils"; +import { KeeperSdkError, ResultCodes } from "../utils"; +import { + DEFAULT_TRUNCATION_LENGTH, + PASSWORD_BREACHWATCH_STATUS_NAMES, + PW_SPECIAL_CHARACTERS, + SUPPORTED_RECORD_VERSIONS, + type PasswordPolicy, + type PasswordReportOptions, + type PasswordReportResult, + type PasswordReportRow, + type PasswordStrength, +} from "./reportTypes"; + +const POLICY_FIELD_COUNT = 5; +const SPECIAL_CHAR_SET = new Set(PW_SPECIAL_CHARACTERS.split("")); + +const POLICY_SUMMARY_LABELS: ReadonlyArray<{ + key: keyof PasswordPolicy; + label: string; +}> = [ + { key: "length", label: "length" }, + { key: "lower", label: "lowercase" }, + { key: "upper", label: "uppercase" }, + { key: "digits", label: "digits" }, + { key: "special", label: "special" }, +]; + +type SupportedRecordVersion = (typeof SUPPORTED_RECORD_VERSIONS)[number]; type VerboseRowContext = { - storage: InMemoryStorage - passwordCounts: ReadonlyMap - breachWatchPasswordCounts: ReadonlyMap -} + storage: InMemoryStorage; + passwordCounts: ReadonlyMap; + breachWatchPasswordCounts: ReadonlyMap; +}; type BWPasswordEntry = { - value?: string - status?: number | string -} + value?: string; + status?: number | string; +}; type BreachWatchRecordData = { - passwords?: BWPasswordEntry[] - status?: number | string - breachWatchStatus?: number | string -} + passwords?: BWPasswordEntry[]; + status?: number | string; + breachWatchStatus?: number | string; +}; export function getPasswordStrength(password: string): PasswordStrength { - let caps = 0 - let lower = 0 - let digits = 0 - let symbols = 0 - - for (const char of password) { - if (char >= 'A' && char <= 'Z') caps++ - else if (char >= 'a' && char <= 'z') lower++ - else if (char >= '0' && char <= '9') digits++ - else if (SPECIAL_CHAR_SET.has(char)) symbols++ - } - - return { length: password.length, caps, lower, digits, symbols } + let caps = 0; + let lower = 0; + let digits = 0; + let symbols = 0; + + for (const char of password) { + if (char >= "A" && char <= "Z") caps++; + else if (char >= "a" && char <= "z") lower++; + else if (char >= "0" && char <= "9") digits++; + else if (SPECIAL_CHAR_SET.has(char)) symbols++; + } + + return { length: password.length, caps, lower, digits, symbols }; } -export function parsePasswordPolicy(options: PasswordReportOptions): PasswordPolicy { - if (options.policy?.trim()) { - const values = options.policy - .split(',') - .map((part) => part.trim()) - .slice(0, POLICY_FIELD_COUNT) - .map(parsePolicyNumber) - - while (values.length < POLICY_FIELD_COUNT) { - values.push(0) - } - - const [length, lower, upper, digits, special] = values - return { length, lower, upper, digits, special } +export function parsePasswordPolicy( + options: PasswordReportOptions, +): PasswordPolicy { + if (options.policy?.trim()) { + const values = options.policy + .split(",") + .map((part) => part.trim()) + .slice(0, POLICY_FIELD_COUNT) + .map(parsePolicyNumber); + + while (values.length < POLICY_FIELD_COUNT) { + values.push(0); } - return { - length: options.length ?? 0, - lower: options.lower ?? 0, - upper: options.upper ?? 0, - digits: options.digits ?? 0, - special: options.special ?? 0, - } + const [length, lower, upper, digits, special] = values; + return { length, lower, upper, digits, special }; + } + + return { + length: options.length ?? 0, + lower: options.lower ?? 0, + upper: options.upper ?? 0, + digits: options.digits ?? 0, + special: options.special ?? 0, + }; } -export function isPasswordCompliant(strength: PasswordStrength, policy: PasswordPolicy): boolean { - return ( - strength.length >= policy.length && - strength.caps >= policy.upper && - strength.lower >= policy.lower && - strength.digits >= policy.digits && - strength.symbols >= policy.special - ) +export function isPasswordCompliant( + strength: PasswordStrength, + policy: PasswordPolicy, +): boolean { + return ( + strength.length >= policy.length && + strength.caps >= policy.upper && + strength.lower >= policy.lower && + strength.digits >= policy.digits && + strength.symbols >= policy.special + ); } export function buildPasswordPolicySummary(policy: PasswordPolicy): string { - return POLICY_SUMMARY_LABELS.filter(({ key }) => policy[key] > 0) - .map(({ key, label }) => `${label} >= ${policy[key]}`) - .join(', ') + return POLICY_SUMMARY_LABELS.filter(({ key }) => policy[key] > 0) + .map(({ key, label }) => `${label} >= ${policy[key]}`) + .join(", "); } /** Keeper Commander-compatible password strength score (0–100). */ export function calculatePasswordScore(password: string): number { - if (!password) return 0 - - let normalized = password - let total = password.length - if (total > 50) { - normalized = password.slice(0, 50) - total = 50 + if (!password) return 0; + + let normalized = password; + let total = password.length; + if (total > 50) { + normalized = password.slice(0, 50); + total = 50; + } + + let uppers = 0; + let lowers = 0; + let digits = 0; + let symbols = 0; + for (const char of normalized) { + if (char >= "A" && char <= "Z") uppers++; + else if (char >= "a" && char <= "z") lowers++; + else if (char >= "0" && char <= "9") digits++; + else symbols++; + } + + let ds = digits + symbols; + if (!/^[A-Za-z]/.test(normalized)) ds--; + if (!/[A-Za-z]$/.test(normalized)) ds--; + if (ds < 0) ds = 0; + + let score = total * 4; + if (uppers > 0) score += (total - uppers) * 2; + if (lowers > 0) score += (total - lowers) * 2; + if (digits > 0) score += digits * 4; + score += symbols * 6; + score += ds * 2; + + let variance = 0; + if (uppers > 0) variance++; + if (lowers > 0) variance++; + if (digits > 0) variance++; + if (symbols > 0) variance++; + if (total >= 8 && variance >= 3) score += (variance + 1) * 2; + + if (digits + symbols === 0) score -= total; + if (uppers + lowers + symbols === 0) score -= total; + + const pwdLen = normalized.length; + let repInc = 0; + let repCount = 0; + for (let i = 0; i < pwdLen; i++) { + let charExists = false; + for (let j = 0; j < pwdLen; j++) { + if (i !== j && normalized[i] === normalized[j]) { + charExists = true; + repInc += pwdLen / Math.abs(i - j); + } } - - let uppers = 0 - let lowers = 0 - let digits = 0 - let symbols = 0 - for (const char of normalized) { - if (char >= 'A' && char <= 'Z') uppers++ - else if (char >= 'a' && char <= 'z') lowers++ - else if (char >= '0' && char <= '9') digits++ - else symbols++ + if (charExists) repCount++; + } + const unqCount = pwdLen - repCount; + repInc = Math.ceil(unqCount === 0 ? repInc : repInc / unqCount); + if (repCount > 0) score -= repInc; + + let consecCount = 0; + const consecPredicates = [ + (char: string) => char >= "A" && char <= "Z", + (char: string) => char >= "a" && char <= "z", + (char: string) => char >= "0" && char <= "9", + ]; + for (const predicate of consecPredicates) { + for (const chunk of chunkText(normalized, predicate)) { + if (chunk.length >= 2) consecCount += chunk.length - 1; } - - let ds = digits + symbols - if (!/^[A-Za-z]/.test(normalized)) ds-- - if (!/[A-Za-z]$/.test(normalized)) ds-- - if (ds < 0) ds = 0 - - let score = total * 4 - if (uppers > 0) score += (total - uppers) * 2 - if (lowers > 0) score += (total - lowers) * 2 - if (digits > 0) score += digits * 4 - score += symbols * 6 - score += ds * 2 - - let variance = 0 - if (uppers > 0) variance++ - if (lowers > 0) variance++ - if (digits > 0) variance++ - if (symbols > 0) variance++ - if (total >= 8 && variance >= 3) score += (variance + 1) * 2 - - if (digits + symbols === 0) score -= total - if (uppers + lowers + symbols === 0) score -= total - - const pwdLen = normalized.length - let repInc = 0 - let repCount = 0 - for (let i = 0; i < pwdLen; i++) { - let charExists = false - for (let j = 0; j < pwdLen; j++) { - if (i !== j && normalized[i] === normalized[j]) { - charExists = true - repInc += pwdLen / Math.abs(i - j) - } + } + if (consecCount > 0) score -= 2 * consecCount; + + let sequenceCount = 0; + for (const [modulus, predicate] of [ + [26, (char: string) => /[a-z]/i.test(char)] as const, + [10, (char: string) => char >= "0" && char <= "9"] as const, + ]) { + for (const chunk of chunkText(normalized.toLowerCase(), predicate)) { + if (chunk.length < 3) continue; + const offsets = offsetChar(chunk, (prev, current) => { + const delta = prev.charCodeAt(0) - current.charCodeAt(0); + return delta >= 0 ? delta : delta + modulus; + }); + let op = offsets[0]; + for (const oc of offsets.slice(1)) { + if (oc === op) { + if (op !== 0) sequenceCount++; + } else { + op = oc; } - if (charExists) repCount++ + } } - const unqCount = pwdLen - repCount - repInc = Math.ceil(unqCount === 0 ? repInc : repInc / unqCount) - if (repCount > 0) score -= repInc - - let consecCount = 0 - const consecPredicates = [ - (char: string) => char >= 'A' && char <= 'Z', - (char: string) => char >= 'a' && char <= 'z', - (char: string) => char >= '0' && char <= '9', - ] - for (const predicate of consecPredicates) { - for (const chunk of chunkText(normalized, predicate)) { - if (chunk.length >= 2) consecCount += chunk.length - 1 - } - } - if (consecCount > 0) score -= 2 * consecCount - - let sequenceCount = 0 - for (const [modulus, predicate] of [ - [26, (char: string) => /[a-z]/i.test(char)] as const, - [10, (char: string) => char >= '0' && char <= '9'] as const, - ]) { - for (const chunk of chunkText(normalized.toLowerCase(), predicate)) { - if (chunk.length < 3) continue - const offsets = offsetChar(chunk, (prev, current) => { - const delta = prev.charCodeAt(0) - current.charCodeAt(0) - return delta >= 0 ? delta : delta + modulus - }) - let op = offsets[0] - for (const oc of offsets.slice(1)) { - if (oc === op) { - if (op !== 0) sequenceCount++ - } else { - op = oc - } - } - } - } - - const symbolMap: Record = {} - '!@#$%^&*()_+[]\\{}\'|;:",./<>?'.split('').forEach((symbol, index) => { - symbolMap[symbol] = index - }) - for (const chunk of chunkText(normalized, (char) => char in symbolMap)) { - if (chunk.length < 3) continue - const offsets = offsetChar(chunk, (prev, current) => { - const delta = symbolMap[prev] - symbolMap[current] - const modulus = Object.keys(symbolMap).length - return delta >= 0 ? delta : delta + modulus - }) - let op = offsets[0] - for (const oc of offsets.slice(1)) { - if (oc === op) { - if (op !== 0) sequenceCount++ - } else { - op = oc - } - } + } + + const symbolMap: Record = {}; + "!@#$%^&*()_+[]\\{}'|;:\",./<>?".split("").forEach((symbol, index) => { + symbolMap[symbol] = index; + }); + for (const chunk of chunkText(normalized, (char) => char in symbolMap)) { + if (chunk.length < 3) continue; + const offsets = offsetChar(chunk, (prev, current) => { + const delta = symbolMap[prev] - symbolMap[current]; + const modulus = Object.keys(symbolMap).length; + return delta >= 0 ? delta : delta + modulus; + }); + let op = offsets[0]; + for (const oc of offsets.slice(1)) { + if (oc === op) { + if (op !== 0) sequenceCount++; + } else { + op = oc; + } } - if (sequenceCount > 0) score -= 3 * sequenceCount + } + if (sequenceCount > 0) score -= 3 * sequenceCount; - if (score < 0) return 0 - if (score > 100) return 100 - return score + if (score < 0) return 0; + if (score > 100) return 100; + return score; } export async function runPasswordReport( - storage: InMemoryStorage, - session: VaultFolderSession, - options: PasswordReportOptions = {} + storage: InMemoryStorage, + session: VaultFolderSession, + options: PasswordReportOptions = {}, ): Promise { - const policy = parsePasswordPolicy(options) - validatePasswordPolicy(policy) - - const verbose = options.verbose === true - const rowNumbers = options.rowNumbers !== false - - const targetRecords = await resolveTargetRecords(storage, session, options.folder) - const passwordCounts = buildPasswordCountMap(storage.getRecords()) - const breachWatchPasswordCounts = buildBreachWatchPasswordCountMap(storage) - const verboseContext: VerboseRowContext = { - storage, - passwordCounts, - breachWatchPasswordCounts, - } - - const rows = targetRecords.flatMap((record) => - buildNonCompliantRow(record, policy, verbose, verboseContext) - ) - - return { - policy, - policySummary: buildPasswordPolicySummary(policy), - rows, - verbose, - rowNumbers, - } + const policy = parsePasswordPolicy(options); + validatePasswordPolicy(policy); + + const verbose = options.verbose === true; + const rowNumbers = options.rowNumbers !== false; + + const targetRecords = await resolveTargetRecords( + storage, + session, + options.folder, + ); + const passwordCounts = buildPasswordCountMap(storage.getRecords()); + const breachWatchPasswordCounts = buildBreachWatchPasswordCountMap(storage); + const verboseContext: VerboseRowContext = { + storage, + passwordCounts, + breachWatchPasswordCounts, + }; + + const rows = targetRecords.flatMap((record) => + buildNonCompliantRow(record, policy, verbose, verboseContext), + ); + + return { + policy, + policySummary: buildPasswordPolicySummary(policy), + rows, + verbose, + rowNumbers, + }; } function parsePolicyNumber(part: string): number { - if (!part) return 0 - const parsed = Number.parseInt(part, 10) - return Number.isFinite(parsed) ? parsed : 0 + if (!part) return 0; + const parsed = Number.parseInt(part, 10); + return Number.isFinite(parsed) ? parsed : 0; } -function isSupportedRecordVersion(version: number): version is SupportedRecordVersion { - return (SUPPORTED_RECORD_VERSIONS as readonly number[]).includes(version) +function isSupportedRecordVersion( + version: number, +): version is SupportedRecordVersion { + return (SUPPORTED_RECORD_VERSIONS as readonly number[]).includes(version); } function validatePasswordPolicy(policy: PasswordPolicy): void { - const hasConstraint = POLICY_SUMMARY_LABELS.some(({ key }) => policy[key] > 0) - if (!hasConstraint) { - throw new KeeperSdkError( - 'At least one password policy constraint must be set.', - ResultCodes.PASSWORD_REPORT_POLICY_REQUIRED - ) - } + const hasConstraint = POLICY_SUMMARY_LABELS.some( + ({ key }) => policy[key] > 0, + ); + if (!hasConstraint) { + throw new KeeperSdkError( + "At least one password policy constraint must be set.", + ResultCodes.PASSWORD_REPORT_POLICY_REQUIRED, + ); + } } -function truncateText(value: string, maxLength = DEFAULT_TRUNCATION_LENGTH): string { - return value.length <= maxLength ? value : `${value.slice(0, maxLength)}...` +function truncateText( + value: string, + maxLength = DEFAULT_TRUNCATION_LENGTH, +): string { + return value.length <= maxLength ? value : `${value.slice(0, maxLength)}...`; } function getRecordDescription(record: DRecord): string { - const summary = getRecordSummary(record) - const parts: string[] = [] - if (summary.login) parts.push(summary.login) - if (summary.url) parts.push(String(summary.url)) - return parts.join(' @ ') + const summary = getRecordSummary(record); + const parts: string[] = []; + if (summary.login) parts.push(summary.login); + if (summary.url) parts.push(String(summary.url)); + return parts.join(" @ "); } -function chunkText(text: string, predicate: (char: string) => boolean): string[] { - const chunks: string[] = [] - let acc = '' - for (const char of text) { - if (predicate(char)) { - acc += char - } else if (acc) { - chunks.push(acc) - acc = '' - } +function chunkText( + text: string, + predicate: (char: string) => boolean, +): string[] { + const chunks: string[] = []; + let acc = ""; + for (const char of text) { + if (predicate(char)) { + acc += char; + } else if (acc) { + chunks.push(acc); + acc = ""; } - if (acc) chunks.push(acc) - return chunks + } + if (acc) chunks.push(acc); + return chunks; } -function offsetChar(text: string, compare: (prev: string, current: string) => number): number[] { - if (!text) return [] - const offsets: number[] = [] - let prev = text[0] - for (const char of text.slice(1)) { - offsets.push(compare(prev, char)) - prev = char - } - return offsets +function offsetChar( + text: string, + compare: (prev: string, current: string) => number, +): number[] { + if (!text) return []; + const offsets: number[] = []; + let prev = text[0]; + for (const char of text.slice(1)) { + offsets.push(compare(prev, char)); + prev = char; + } + return offsets; } function formatBreachWatchStatus(rawStatus: number | string): string { - if (typeof rawStatus === 'string') { - return rawStatus.toUpperCase() - } - return PASSWORD_BREACHWATCH_STATUS_NAMES[rawStatus] || String(rawStatus) + if (typeof rawStatus === "string") { + return rawStatus.toUpperCase(); + } + return PASSWORD_BREACHWATCH_STATUS_NAMES[rawStatus] || String(rawStatus); } -function getWorstBreachWatchStatus(statuses: Array): number | string | undefined { - const rank = (status: number | string): number => { - if (typeof status === 'string') { - const upper = status.toUpperCase() - if (upper === 'BREACHED') return 4 - if (upper === 'WEAK') return 3 - if (upper === 'CHANGED') return 2 - if (upper === 'IGNORE') return 1 - return 0 - } - return { 3: 4, 2: 3, 1: 2, 4: 1, 0: 0 }[status] ?? 0 +function getWorstBreachWatchStatus( + statuses: Array, +): number | string | undefined { + const rank = (status: number | string): number => { + if (typeof status === "string") { + const upper = status.toUpperCase(); + if (upper === "BREACHED") return 4; + if (upper === "WEAK") return 3; + if (upper === "CHANGED") return 2; + if (upper === "IGNORE") return 1; + return 0; } - - let worst: number | string | undefined - let worstRank = -1 - for (const status of statuses) { - const statusRank = rank(status) - if (statusRank > worstRank) { - worstRank = statusRank - worst = status - } + return { 3: 4, 2: 3, 1: 2, 4: 1, 0: 0 }[status] ?? 0; + }; + + let worst: number | string | undefined; + let worstRank = -1; + for (const status of statuses) { + const statusRank = rank(status); + if (statusRank > worstRank) { + worstRank = statusRank; + worst = status; } - return worst + } + return worst; } -function getBreachWatchPasswordStatus(storage: InMemoryStorage, recordUid: string, password: string): string { - const bwRecord = storage.getByUid('bw_record', recordUid) - if (!bwRecord?.data) return '' - - const data = bwRecord.data as BreachWatchRecordData - const passwords = data.passwords - if (Array.isArray(passwords) && passwords.length > 0) { - const match = passwords.find((entry) => entry.value === password) - if (match?.status != null && match.status !== '') { - return formatBreachWatchStatus(match.status) - } - - const statuses = passwords - .map((entry) => entry.status) - .filter((status): status is number | string => status != null && status !== '') - const worstStatus = getWorstBreachWatchStatus(statuses) - if (worstStatus != null) { - return formatBreachWatchStatus(worstStatus) - } +function getBreachWatchPasswordStatus( + storage: InMemoryStorage, + recordUid: string, + password: string, +): string { + const bwRecord = storage.getByUid("bw_record", recordUid); + if (!bwRecord?.data) return ""; + + const data = bwRecord.data as BreachWatchRecordData; + const passwords = data.passwords; + if (Array.isArray(passwords) && passwords.length > 0) { + const match = passwords.find((entry) => entry.value === password); + if (match?.status != null && match.status !== "") { + return formatBreachWatchStatus(match.status); } - const legacyStatus = data.status ?? data.breachWatchStatus - if (legacyStatus != null && legacyStatus !== '') { - return formatBreachWatchStatus(legacyStatus) + const statuses = passwords + .map((entry) => entry.status) + .filter( + (status): status is number | string => status != null && status !== "", + ); + const worstStatus = getWorstBreachWatchStatus(statuses); + if (worstStatus != null) { + return formatBreachWatchStatus(worstStatus); } + } - return '' + const legacyStatus = data.status ?? data.breachWatchStatus; + if (legacyStatus != null && legacyStatus !== "") { + return formatBreachWatchStatus(legacyStatus); + } + + return ""; } -function buildBreachWatchPasswordCountMap(storage: InMemoryStorage): Map { - const counts = new Map() - for (const bwRecord of storage.getAll('bw_record')) { - const passwords = (bwRecord.data as BreachWatchRecordData | undefined)?.passwords - if (!Array.isArray(passwords)) continue - for (const entry of passwords) { - const value = entry.value - if (!value) continue - counts.set(value, (counts.get(value) ?? 0) + 1) - } +function buildBreachWatchPasswordCountMap( + storage: InMemoryStorage, +): Map { + const counts = new Map(); + for (const bwRecord of storage.getAll("bw_record")) { + const passwords = (bwRecord.data as BreachWatchRecordData | undefined) + ?.passwords; + if (!Array.isArray(passwords)) continue; + for (const entry of passwords) { + const value = entry.value; + if (!value) continue; + counts.set(value, (counts.get(value) ?? 0) + 1); } - return counts + } + return counts; } -async function collectRecordUidsInFolderTree(storage: InMemoryStorage, folderUid: string | null): Promise { - const uids: string[] = [] - const folderQueue = [folderUid] - - while (folderQueue.length > 0) { - const currentFolderUid = folderQueue.shift() - const listed = await listFolder(storage, { - folderUid: currentFolderUid ?? undefined, - showFolders: true, - showRecords: true, - }) - - for (const record of listed.records ?? []) { - uids.push(record.uid) - } - for (const folder of listed.folders) { - folderQueue.push(folder.uid) - } +async function collectRecordUidsInFolderTree( + storage: InMemoryStorage, + folderUid: string | null, +): Promise { + const uids: string[] = []; + const folderQueue = [folderUid]; + + while (folderQueue.length > 0) { + const currentFolderUid = folderQueue.shift(); + const listed = await listFolder(storage, { + folderUid: currentFolderUid ?? undefined, + showFolders: true, + showRecords: true, + }); + + for (const record of listed.records ?? []) { + uids.push(record.uid); } + for (const folder of listed.folders) { + folderQueue.push(folder.uid); + } + } - return uids + return uids; } async function resolveTargetRecords( - storage: InMemoryStorage, - session: VaultFolderSession, - folder?: string | null + storage: InMemoryStorage, + session: VaultFolderSession, + folder?: string | null, ): Promise { - const records = storage.getRecords() - const folderPath = folder?.trim() - if (!folderPath) return records - - const resolved = await resolveSingleFolder(storage, session, folderPath) - const targetUids = new Set(await collectRecordUidsInFolderTree(storage, resolved.folderUid)) - return records.filter((record) => targetUids.has(record.uid)) + const records = storage.getRecords(); + const folderPath = folder?.trim(); + if (!folderPath) return records; + + const resolved = await resolveSingleFolder(storage, session, folderPath); + const targetUids = new Set( + await collectRecordUidsInFolderTree(storage, resolved.folderUid), + ); + return records.filter((record) => targetUids.has(record.uid)); } -function buildPasswordCountMap(records: readonly DRecord[]): Map { - const counts = new Map() - for (const record of records) { - const password = getRecordPassword(record) - if (!password) continue - counts.set(password, (counts.get(password) ?? 0) + 1) - } - return counts +function buildPasswordCountMap( + records: readonly DRecord[], +): Map { + const counts = new Map(); + for (const record of records) { + const password = getRecordPassword(record); + if (!password) continue; + counts.set(password, (counts.get(password) ?? 0) + 1); + } + return counts; } function buildNonCompliantRow( - record: DRecord, - policy: PasswordPolicy, - verbose: boolean, - context: VerboseRowContext + record: DRecord, + policy: PasswordPolicy, + verbose: boolean, + context: VerboseRowContext, ): PasswordReportRow[] { - if (!isSupportedRecordVersion(record.version)) return [] - - const password = getRecordPassword(record) - if (!password) return [] - - const strength = getPasswordStrength(password) - if (isPasswordCompliant(strength, policy)) return [] - - const row: PasswordReportRow = { - recordUid: record.uid, - title: truncateText(getRecordTitle(record)), - description: truncateText(getRecordDescription(record)), - length: strength.length, - lower: strength.lower, - upper: strength.caps, - digits: strength.digits, - special: strength.symbols, - } - - if (verbose) { - applyVerboseFields(row, record.uid, password, context) - } - - return [row] + if (!isSupportedRecordVersion(record.version)) return []; + + const password = getRecordPassword(record); + if (!password) return []; + + const strength = getPasswordStrength(password); + if (isPasswordCompliant(strength, policy)) return []; + + const row: PasswordReportRow = { + recordUid: record.uid, + title: truncateText(getRecordTitle(record)), + description: truncateText(getRecordDescription(record)), + length: strength.length, + lower: strength.lower, + upper: strength.caps, + digits: strength.digits, + special: strength.symbols, + }; + + if (verbose) { + applyVerboseFields(row, record.uid, password, context); + } + + return [row]; } function applyVerboseFields( - row: PasswordReportRow, - recordUid: string, - password: string, - context: VerboseRowContext + row: PasswordReportRow, + recordUid: string, + password: string, + context: VerboseRowContext, ): void { - const { storage, passwordCounts, breachWatchPasswordCounts } = context - row.score = String(calculatePasswordScore(password)) - row.status = getBreachWatchPasswordStatus(storage, recordUid, password) - - const reuseCount = breachWatchPasswordCounts.get(password) ?? passwordCounts.get(password) ?? 0 - if (reuseCount > 1) { - row.reused = String(reuseCount) - } + const { storage, passwordCounts, breachWatchPasswordCounts } = context; + row.score = String(calculatePasswordScore(password)); + row.status = getBreachWatchPasswordStatus(storage, recordUid, password); + + const reuseCount = + breachWatchPasswordCounts.get(password) ?? + passwordCounts.get(password) ?? + 0; + if (reuseCount > 1) { + row.reused = String(reuseCount); + } } diff --git a/KeeperSdk/src/enterpriseReport/reportTypes.ts b/KeeperSdk/src/enterpriseReport/reportTypes.ts index f3cde4f6..ba9f5122 100644 --- a/KeeperSdk/src/enterpriseReport/reportTypes.ts +++ b/KeeperSdk/src/enterpriseReport/reportTypes.ts @@ -1,412 +1,436 @@ -export type AuditReportType = 'raw' | 'dim' | 'hour' | 'day' | 'week' | 'month' | 'span' +export type AuditReportType = + | "raw" + | "dim" + | "hour" + | "day" + | "week" + | "month" + | "span"; -export type AuditSummaryReportType = 'hour' | 'day' | 'week' | 'month' | 'span' +export type AuditSummaryReportType = "hour" | "day" | "week" | "month" | "span"; export type AuditEventOverviewReportRow = { - id?: number - created?: number | string - username?: string - to_username?: string - from_username?: string - ip_address?: string - audit_event_type?: string - keeper_version?: string - keeper_version_category?: string - geo_location?: string - node_id?: number - node?: string - role_id?: string - enforcement?: string - value?: string - record_uid?: string - shared_folder_uid?: string - team_uid?: string - channel?: string - status?: string - recipient?: string - occurrences?: number - first_created?: number | string - last_created?: number | string -} + id?: number; + created?: number | string; + username?: string; + to_username?: string; + from_username?: string; + ip_address?: string; + audit_event_type?: string; + keeper_version?: string; + keeper_version_category?: string; + geo_location?: string; + node_id?: number; + node?: string; + role_id?: string; + enforcement?: string; + value?: string; + record_uid?: string; + shared_folder_uid?: string; + team_uid?: string; + channel?: string; + status?: string; + recipient?: string; + occurrences?: number; + first_created?: number | string; + last_created?: number | string; +}; export type AuditDimensionIpAddress = { - ip_address?: string - city?: string - region?: string - country?: string - country_code?: string - country_name?: string - geo_location?: string - ip_addresses?: string[] -} + ip_address?: string; + city?: string; + region?: string; + country?: string; + country_code?: string; + country_name?: string; + geo_location?: string; + ip_addresses?: string[]; +}; export type AuditDimensionKeeperVersion = { - version_id?: number - type_id?: number - type_name?: string - type_category?: string - version?: string - version_ids?: number[] -} + version_id?: number; + type_id?: number; + type_name?: string; + type_category?: string; + version?: string; + version_ids?: number[]; +}; export type AuditDimensionRow = - | AuditDimensionIpAddress - | AuditDimensionKeeperVersion - | string - | Record + | AuditDimensionIpAddress + | AuditDimensionKeeperVersion + | string + | Record; export type AuditReportFilterPayload = { - created?: - | CreatedPreset - | { - min?: number | string - max?: number | string - exclude_min?: boolean - exclude_max?: boolean - } - audit_event_type?: string | number | Array - keeper_version?: number | number[] - username?: string | string[] - to_username?: string | string[] - ip_address?: string[] - record_uid?: string | string[] - shared_folder_uid?: string | string[] - parent_id?: number | number[] -} + created?: + | CreatedPreset + | { + min?: number | string; + max?: number | string; + exclude_min?: boolean; + exclude_max?: boolean; + }; + audit_event_type?: string | number | Array; + keeper_version?: number | number[]; + username?: string | string[]; + to_username?: string | string[]; + ip_address?: string[]; + record_uid?: string | string[]; + shared_folder_uid?: string | string[]; + parent_id?: number | number[]; +}; export enum AuditReportOrder { - Asc = 'asc', - Desc = 'desc', + Asc = "asc", + Desc = "desc", } export enum AuditReportFormat { - Message = 'message', - Fields = 'fields', + Message = "message", + Fields = "fields", } export enum AuditOutputFormat { - Table = 'table', - Json = 'json', - Csv = 'csv', + Table = "table", + Json = "json", + Csv = "csv", } export enum AuditAggregate { - Occurrences = 'occurrences', - FirstCreated = 'first_created', - LastCreated = 'last_created', + Occurrences = "occurrences", + FirstCreated = "first_created", + LastCreated = "last_created", } export const SUMMARY_REPORT_TYPES: readonly AuditSummaryReportType[] = [ - 'hour', - 'day', - 'week', - 'month', - 'span', -] + "hour", + "day", + "week", + "month", + "span", +]; export const CREATED_PRESETS = [ - 'today', - 'yesterday', - 'last_7_days', - 'last_30_days', - 'month_to_date', - 'last_month', - 'year_to_date', - 'last_year', -] as const - -export type CreatedPreset = (typeof CREATED_PRESETS)[number] + "today", + "yesterday", + "last_7_days", + "last_30_days", + "month_to_date", + "last_month", + "year_to_date", + "last_year", +] as const; + +export type CreatedPreset = (typeof CREATED_PRESETS)[number]; export type CreatedFilterCriteria = { - fromDate?: number - toDate?: number - excludeFrom?: boolean - excludeTo?: boolean -} + fromDate?: number; + toDate?: number; + excludeFrom?: boolean; + excludeTo?: boolean; +}; export type AuditReportFilter = { - created?: CreatedPreset | string | CreatedFilterCriteria - eventType?: string | number | Array - keeperVersion?: number | number[] - username?: string | string[] - toUsername?: string | string[] - ipAddress?: string | string[] - recordUid?: string | string[] - sharedFolderUid?: string | string[] - geoLocation?: string - deviceType?: string - parentId?: number | number[] -} + created?: CreatedPreset | string | CreatedFilterCriteria; + eventType?: string | number | Array; + keeperVersion?: number | number[]; + username?: string | string[]; + toUsername?: string | string[]; + ipAddress?: string | string[]; + recordUid?: string | string[]; + sharedFolderUid?: string | string[]; + geoLocation?: string; + deviceType?: string; + parentId?: number | number[]; +}; export type AuditReportOptions = { - syntaxHelp?: boolean - reportType?: AuditReportType - reportFormat?: AuditReportFormat - columns?: string[] - aggregates?: AuditAggregate[] - timezone?: string - limit?: number - order?: AuditReportOrder - filter?: AuditReportFilter - hasAram?: boolean -} + syntaxHelp?: boolean; + reportType?: AuditReportType; + reportFormat?: AuditReportFormat; + columns?: string[]; + aggregates?: AuditAggregate[]; + timezone?: string; + limit?: number; + order?: AuditReportOrder; + filter?: AuditReportFilter; + hasAram?: boolean; +}; export type AuditReportResult = { - reportType: AuditReportType | null - headers: string[] - rows: string[][] - events?: AuditEventOverviewReportRow[] - syntaxHelp?: string - eventTypeReference?: Array<{ id: number; name: string }> -} + reportType: AuditReportType | null; + headers: string[]; + rows: string[][]; + events?: AuditEventOverviewReportRow[]; + syntaxHelp?: string; + eventTypeReference?: Array<{ id: number; name: string }>; +}; export enum TargetUserStatus { - NoLogon = 'no-logon', - NoUpdate = 'no-update', - Locked = 'locked', - Invited = 'invited', - NoRecovery = 'no-recovery', + NoLogon = "no-logon", + NoUpdate = "no-update", + Locked = "locked", + Invited = "invited", + NoRecovery = "no-recovery", } export enum AdminAction { - None = 'none', - Lock = 'lock', - Delete = 'delete', - Transfer = 'transfer', + None = "none", + Lock = "lock", + Delete = "delete", + Transfer = "transfer", } export enum ActionReportColumn { - UserId = 'user_id', - Email = 'email', - Name = 'name', - Status = 'status', - TransferStatus = 'transfer_status', - Node = 'node', - TeamCount = 'team_count', - Teams = 'teams', - RoleCount = 'role_count', - Roles = 'roles', - Alias = 'alias', - TwoFaEnabled = '2fa_enabled', + UserId = "user_id", + Email = "email", + Name = "name", + Status = "status", + TransferStatus = "transfer_status", + Node = "node", + TeamCount = "team_count", + Teams = "teams", + RoleCount = "role_count", + Roles = "roles", + Alias = "alias", + TwoFaEnabled = "2fa_enabled", } export const DEFAULT_ACTION_REPORT_COLUMNS: readonly ActionReportColumn[] = [ - ActionReportColumn.Email, - ActionReportColumn.Name, - ActionReportColumn.Status, - ActionReportColumn.TransferStatus, - ActionReportColumn.Node, -] + ActionReportColumn.Email, + ActionReportColumn.Name, + ActionReportColumn.Status, + ActionReportColumn.TransferStatus, + ActionReportColumn.Node, +]; export const SUPPORTED_ACTION_REPORT_COLUMNS: readonly ActionReportColumn[] = [ - ActionReportColumn.UserId, - ...DEFAULT_ACTION_REPORT_COLUMNS, - ActionReportColumn.TeamCount, - ActionReportColumn.Teams, - ActionReportColumn.RoleCount, - ActionReportColumn.Roles, - ActionReportColumn.Alias, - ActionReportColumn.TwoFaEnabled, -] - -export const ACTION_REPORT_COLUMN_ORDER: readonly ActionReportColumn[] = SUPPORTED_ACTION_REPORT_COLUMNS + ActionReportColumn.UserId, + ...DEFAULT_ACTION_REPORT_COLUMNS, + ActionReportColumn.TeamCount, + ActionReportColumn.Teams, + ActionReportColumn.RoleCount, + ActionReportColumn.Roles, + ActionReportColumn.Alias, + ActionReportColumn.TwoFaEnabled, +]; + +export const ACTION_REPORT_COLUMN_ORDER: readonly ActionReportColumn[] = + SUPPORTED_ACTION_REPORT_COLUMNS; export type ActionReportEntry = { - enterpriseUserId: number - email: string - fullName: string - status: string - transferStatus: string - nodePath: string - teams: string[] - roles: string[] - aliases: string[] - tfaEnabled: boolean -} + enterpriseUserId: number; + email: string; + fullName: string; + status: string; + transferStatus: string; + nodePath: string; + teams: string[]; + roles: string[]; + aliases: string[]; + tfaEnabled: boolean; +}; export type ActionReportOptions = { - target?: TargetUserStatus - daysSince?: number - columns?: ActionReportColumn[] | `${ActionReportColumn}`[] | string | null - applyAction?: AdminAction - targetUser?: string - dryRun?: boolean - node?: string - timezone?: string -} + target?: TargetUserStatus; + daysSince?: number; + columns?: ActionReportColumn[] | `${ActionReportColumn}`[] | string | null; + applyAction?: AdminAction; + targetUser?: string; + dryRun?: boolean; + node?: string; + timezone?: string; +}; export type ActionResult = { - action: AdminAction | string - status: string - affectedCount: number - serverMessage: string -} + action: AdminAction | string; + status: string; + affectedCount: number; + serverMessage: string; +}; export type ActionReportResult = { - target: TargetUserStatus - headers: string[] - rows: string[][] - entries: ActionReportEntry[] - actionResult: ActionResult -} + target: TargetUserStatus; + headers: string[]; + rows: string[][]; + entries: ActionReportEntry[]; + actionResult: ActionResult; +}; -export const PW_SPECIAL_CHARACTERS = '!@#$%()+;<>=?[]{}^.,' -export const DEFAULT_TRUNCATION_LENGTH = 32 -export const SUPPORTED_RECORD_VERSIONS = [2, 3] as const +export const PW_SPECIAL_CHARACTERS = "!@#$%()+;<>=?[]{}^.,"; +export const DEFAULT_TRUNCATION_LENGTH = 32; +export const SUPPORTED_RECORD_VERSIONS = [2, 3] as const; export type PasswordPolicy = { - length: number - lower: number - upper: number - digits: number - special: number -} + length: number; + lower: number; + upper: number; + digits: number; + special: number; +}; export type PasswordStrength = { - length: number - lower: number - caps: number - digits: number - symbols: number -} + length: number; + lower: number; + caps: number; + digits: number; + symbols: number; +}; export type PasswordReportRow = { - recordUid: string - title: string - description: string - length: number - lower: number - upper: number - digits: number - special: number - score?: string - status?: string - reused?: string -} + recordUid: string; + title: string; + description: string; + length: number; + lower: number; + upper: number; + digits: number; + special: number; + score?: string; + status?: string; + reused?: string; +}; export type PasswordReportOptions = { - folder?: string | null - policy?: string | null - length?: number - lower?: number - upper?: number - digits?: number - special?: number - verbose?: boolean - rowNumbers?: boolean -} + folder?: string | null; + policy?: string | null; + length?: number; + lower?: number; + upper?: number; + digits?: number; + special?: number; + verbose?: boolean; + rowNumbers?: boolean; +}; export type PasswordReportResult = { - policy: PasswordPolicy - policySummary: string - rows: PasswordReportRow[] - verbose: boolean - rowNumbers: boolean -} + policy: PasswordPolicy; + policySummary: string; + rows: PasswordReportRow[]; + verbose: boolean; + rowNumbers: boolean; +}; export const AUDIT_RAW_FIELDS = [ - 'created', - 'audit_event_type', - 'username', - 'ip_address', - 'keeper_version', - 'geo_location', -] as const + "created", + "audit_event_type", + "username", + "ip_address", + "keeper_version", + "geo_location", +] as const; export const AUDIT_MISC_FIELDS = [ - 'to_username', - 'from_username', - 'record_uid', - 'shared_folder_uid', - 'node', - 'role_id', - 'team_uid', - 'channel', - 'status', - 'recipient', - 'value', -] as const - -export const AUDIT_RAW_PAGE_SIZE = 1000 -export const AUDIT_NO_ARAM_RAW_LIMIT = 1000 -export const AUDIT_DEFAULT_RAW_LIMIT = 50 -export const AUDIT_DEFAULT_SUMMARY_LIMIT = 100 -export const AUDIT_SUMMARY_MAX_LIMIT = 2000 -export const AUDIT_DIMENSION_API_LIMIT = 2000 + "to_username", + "from_username", + "record_uid", + "shared_folder_uid", + "node", + "role_id", + "team_uid", + "channel", + "status", + "recipient", + "value", +] as const; + +export const AUDIT_RAW_PAGE_SIZE = 1000; +export const AUDIT_NO_ARAM_RAW_LIMIT = 1000; +export const AUDIT_DEFAULT_RAW_LIMIT = 50; +export const AUDIT_DEFAULT_SUMMARY_LIMIT = 100; +export const AUDIT_SUMMARY_MAX_LIMIT = 2000; +export const AUDIT_DIMENSION_API_LIMIT = 2000; export const AUDIT_VIRTUAL_DIMENSIONS: Readonly> = { - geo_location: 'ip_address', - device_type: 'keeper_version', -} + geo_location: "ip_address", + device_type: "keeper_version", +}; export const AUDIT_SYNTAX_HELP = [ - 'Audit report types: raw, dim, hour, day, week, month, span', - 'Filters: created, eventType, username, toUsername, ipAddress, recordUid, sharedFolderUid, geoLocation, deviceType', - 'Raw defaults to message format; use reportFormat=fields for all columns.', -].join('\n') - -export const ACTION_STATUS_EVENT_TYPES: Readonly> = { - [TargetUserStatus.NoLogon]: ['login', 'login_console', 'chat_login', 'accept_invitation'], - [TargetUserStatus.NoUpdate]: ['record_add', 'record_update'], - [TargetUserStatus.Locked]: ['lock_user'], - [TargetUserStatus.Invited]: ['send_invitation', 'auto_invite_user'], - [TargetUserStatus.NoRecovery]: ['change_security_question', 'account_recovery_setup'], -} - -export const ACTION_DEFAULT_DAYS_BY_TARGET: Partial> = { - [TargetUserStatus.Locked]: 90, -} - -export const ACTION_DEFAULT_DAYS = 30 -export const ACTION_USERNAME_BATCH_SIZE = 2000 -export const ACTION_EVENT_SUMMARY_ROW_LIMIT = 2000 -export const SECONDS_PER_DAY = 86400 - -export const ACTION_COLUMN_LABELS: Readonly> = { - [ActionReportColumn.UserId]: 'User ID', - [ActionReportColumn.Email]: 'Email', - [ActionReportColumn.Name]: 'Name', - [ActionReportColumn.Status]: 'Status', - [ActionReportColumn.TransferStatus]: 'Transfer Status', - [ActionReportColumn.Node]: 'Node', - [ActionReportColumn.TeamCount]: 'Team Count', - [ActionReportColumn.Teams]: 'Teams', - [ActionReportColumn.RoleCount]: 'Role Count', - [ActionReportColumn.Roles]: 'Roles', - [ActionReportColumn.Alias]: 'Alias', - [ActionReportColumn.TwoFaEnabled]: '2FA Enabled', -} + "Audit report types: raw, dim, hour, day, week, month, span", + "Filters: created, eventType, username, toUsername, ipAddress, recordUid, sharedFolderUid, geoLocation, deviceType", + "Raw defaults to message format; use reportFormat=fields for all columns.", +].join("\n"); + +export const ACTION_STATUS_EVENT_TYPES: Readonly< + Record +> = { + [TargetUserStatus.NoLogon]: [ + "login", + "login_console", + "chat_login", + "accept_invitation", + ], + [TargetUserStatus.NoUpdate]: ["record_add", "record_update"], + [TargetUserStatus.Locked]: ["lock_user"], + [TargetUserStatus.Invited]: ["send_invitation", "auto_invite_user"], + [TargetUserStatus.NoRecovery]: [ + "change_security_question", + "account_recovery_setup", + ], +}; + +export const ACTION_DEFAULT_DAYS_BY_TARGET: Partial< + Record +> = { + [TargetUserStatus.Locked]: 90, +}; + +export const ACTION_DEFAULT_DAYS = 30; +export const ACTION_USERNAME_BATCH_SIZE = 2000; +export const ACTION_EVENT_SUMMARY_ROW_LIMIT = 2000; +export const SECONDS_PER_DAY = 86400; + +export const ACTION_COLUMN_LABELS: Readonly< + Record +> = { + [ActionReportColumn.UserId]: "User ID", + [ActionReportColumn.Email]: "Email", + [ActionReportColumn.Name]: "Name", + [ActionReportColumn.Status]: "Status", + [ActionReportColumn.TransferStatus]: "Transfer Status", + [ActionReportColumn.Node]: "Node", + [ActionReportColumn.TeamCount]: "Team Count", + [ActionReportColumn.Teams]: "Teams", + [ActionReportColumn.RoleCount]: "Role Count", + [ActionReportColumn.Roles]: "Roles", + [ActionReportColumn.Alias]: "Alias", + [ActionReportColumn.TwoFaEnabled]: "2FA Enabled", +}; export const PASSWORD_REPORT_BASE_HEADERS = [ - 'record_uid', - 'title', - 'description', - 'length', - 'lower', - 'upper', - 'digits', - 'special', -] - -export const PASSWORD_REPORT_VERBOSE_HEADERS = ['score', 'status', 'reused'] - -export const PASSWORD_BREACHWATCH_STATUS_NAMES: Readonly> = { - 0: 'GOOD', - 1: 'CHANGED', - 2: 'WEAK', - 3: 'BREACHED', - 4: 'IGNORE', -} + "record_uid", + "title", + "description", + "length", + "lower", + "upper", + "digits", + "special", +]; + +export const PASSWORD_REPORT_VERBOSE_HEADERS = ["score", "status", "reused"]; + +export const PASSWORD_BREACHWATCH_STATUS_NAMES: Readonly< + Record +> = { + 0: "GOOD", + 1: "CHANGED", + 2: "WEAK", + 3: "BREACHED", + 4: "IGNORE", +}; export type EnterpriseAuditLicense = { - audit_and_reporting_enabled?: boolean - add_ons?: Array<{ - name?: string - enterprise_audit_and_reporting_enabled?: boolean - }> -} + audit_and_reporting_enabled?: boolean; + add_ons?: Array<{ + name?: string; + enterprise_audit_and_reporting_enabled?: boolean; + }>; +}; export type AuditDimensionEventType = { - id?: number - name?: string - category?: string - syslog?: string -} + id?: number; + name?: string; + category?: string; + syslog?: string; +}; diff --git a/KeeperSdk/src/enterpriseReport/reportUtils.ts b/KeeperSdk/src/enterpriseReport/reportUtils.ts index cf647d99..db9e8fce 100644 --- a/KeeperSdk/src/enterpriseReport/reportUtils.ts +++ b/KeeperSdk/src/enterpriseReport/reportUtils.ts @@ -1,36 +1,38 @@ -import type { Auth, KeeperResponse } from '@keeper-security/keeperapi' -import { KeeperSdkError } from '../utils' -import { AuditReportOrder } from './reportTypes' +import type { Auth, KeeperResponse } from "@keeper-security/keeperapi"; +import { KeeperSdkError } from "../utils"; +import { AuditReportOrder } from "./reportTypes"; -export type AuthProvider = () => Auth +export type AuthProvider = () => Auth; export function resolveTimezone(timezone: string | undefined): string { - if (timezone?.trim()) return timezone.trim() - const hours = -new Date().getTimezoneOffset() / 60 - return `Etc/GMT${hours >= 0 ? '+' : ''}${hours}` + if (timezone?.trim()) return timezone.trim(); + const hours = -new Date().getTimezoneOffset() / 60; + return `Etc/GMT${hours >= 0 ? "+" : ""}${hours}`; } export function assertSucceeded( - response: KeeperResponse, - fallbackMessage: string, - fallbackCode: string + response: KeeperResponse, + fallbackMessage: string, + fallbackCode: string, ): void { - if ((response.result || '').toLowerCase() === 'fail') { - throw new KeeperSdkError( - response.message || response.result_code || fallbackMessage, - response.result_code || fallbackCode - ) - } + if ((response.result || "").toLowerCase() === "fail") { + throw new KeeperSdkError( + response.message || response.result_code || fallbackMessage, + response.result_code || fallbackCode, + ); + } } -export function toAuditApiOrder(order: AuditReportOrder): 'ascending' | 'descending' { - return order === AuditReportOrder.Asc ? 'ascending' : 'descending' +export function toAuditApiOrder( + order: AuditReportOrder, +): "ascending" | "descending" { + return order === AuditReportOrder.Asc ? "ascending" : "descending"; } export function chunkArray(values: T[], size: number): T[][] { - const chunks: T[][] = [] - for (let index = 0; index < values.length; index += size) { - chunks.push(values.slice(index, index + size)) - } - return chunks + const chunks: T[][] = []; + for (let index = 0; index < values.length; index += size) { + chunks.push(values.slice(index, index + size)); + } + return chunks; } diff --git a/KeeperSdk/src/folders/FolderManager.ts b/KeeperSdk/src/folders/FolderManager.ts index 54e07cbe..fb73f84d 100644 --- a/KeeperSdk/src/folders/FolderManager.ts +++ b/KeeperSdk/src/folders/FolderManager.ts @@ -1,174 +1,264 @@ -import type { Auth } from '@keeper-security/keeperapi' -import { InMemoryStorage } from '../storage/InMemoryStorage' -import { KeeperSdkError, ResultCodes } from '../utils' -import { addFolder, mkdir } from './addFolder' -import type { AddFolderInput, AddFolderResult, MkdirOptions } from './addFolder' +import type { Auth } from "@keeper-security/keeperapi"; +import { InMemoryStorage } from "../storage/InMemoryStorage"; +import { KeeperSdkError, ResultCodes } from "../utils"; +import { addFolder, mkdir } from "./addFolder"; +import type { + AddFolderInput, + AddFolderResult, + MkdirOptions, +} from "./addFolder"; import { - changeDirectory, - createVaultFolderSession, - findParentFolderUid, - getWorkingFolderDisplayName, - resolveSingleFolder, - splitPathComponents, - tryResolvePath, -} from './changeDirectory' -import type { ChangeDirectoryResult, TryResolvePathResult, VaultFolderSession } from './changeDirectory' -import { buildFolderDeleteObject, deleteFolder, resolveRmdirPatternsToFolderUids, rmdir } from './deleteFolder' -import type { DeleteFolderResult, RmdirOptions } from './deleteFolder' -import { buildFolderTree, folderTreeAscii, renderFolderTreeAscii } from './folderTree' -import type { FolderTreeBuildOptions, FolderTreeResult } from './folderTree' -import { findFolder, getFolder } from './getFolder' -import type { FoundFolder, GetFolderOptions, GetFolderResult } from './getFolder' -import { findFolderUidByNameOrUid, listFolder, listRootUserFolders, listVaultRootFolders } from './listFolder' -import type { ListFolderFolderSimple, ListFolderOptions, ListFolderResult } from './listFolder' -import { renameFolder, updateFolder, updateSharedFolderPermissions } from './updateFolder' -import type { RenameFolderResult, UpdateFolderInput, UpdateFolderResult } from './updateFolder' - -export type AuthProvider = () => Auth + changeDirectory, + createVaultFolderSession, + findParentFolderUid, + getWorkingFolderDisplayName, + resolveSingleFolder, + splitPathComponents, + tryResolvePath, +} from "./changeDirectory"; +import type { + ChangeDirectoryResult, + TryResolvePathResult, + VaultFolderSession, +} from "./changeDirectory"; +import { + buildFolderDeleteObject, + deleteFolder, + resolveRmdirPatternsToFolderUids, + rmdir, +} from "./deleteFolder"; +import type { DeleteFolderResult, RmdirOptions } from "./deleteFolder"; +import { + buildFolderTree, + folderTreeAscii, + renderFolderTreeAscii, +} from "./folderTree"; +import type { FolderTreeBuildOptions, FolderTreeResult } from "./folderTree"; +import { findFolder, getFolder } from "./getFolder"; +import type { + FoundFolder, + GetFolderOptions, + GetFolderResult, +} from "./getFolder"; +import { + findFolderUidByNameOrUid, + listFolder, + listRootUserFolders, + listVaultRootFolders, +} from "./listFolder"; +import type { + ListFolderFolderSimple, + ListFolderOptions, + ListFolderResult, +} from "./listFolder"; +import { + renameFolder, + updateFolder, + updateSharedFolderPermissions, +} from "./updateFolder"; +import type { + RenameFolderResult, + UpdateFolderInput, + UpdateFolderResult, +} from "./updateFolder"; + +export type AuthProvider = () => Auth; export type SharedFolderPermissionsInput = { - manageUsers?: boolean | null - manageRecords?: boolean | null - canShare?: boolean | null - canEdit?: boolean | null -} + manageUsers?: boolean | null; + manageRecords?: boolean | null; + canShare?: boolean | null; + canEdit?: boolean | null; +}; export class FolderManager { - private readonly storage: InMemoryStorage - private readonly session: VaultFolderSession - private readonly authProvider: AuthProvider - - constructor(storage: InMemoryStorage, session: VaultFolderSession, authProvider: AuthProvider) { - this.storage = storage - this.session = session - this.authProvider = authProvider - } - - public static createSession(): VaultFolderSession { - return createVaultFolderSession() - } - - public static splitPathComponents(path: string): string[] { - return splitPathComponents(path) - } - - public getSession(): VaultFolderSession { - return this.session - } - - public getCurrentFolderUid(): string | null { - return this.session.currentFolderUid - } - - public getWorkingFolderDisplayName(): string { - return getWorkingFolderDisplayName(this.storage, this.session.currentFolderUid) - } - - private requireAuth(): Auth { - const auth = this.authProvider() - if (!auth) { - throw new KeeperSdkError('Not logged in. Call login() first.', ResultCodes.NOT_LOGGED_IN) - } - return auth - } - - public async listFolder(options: ListFolderOptions = {}): Promise { - return listFolder(this.storage, options) - } - - public listRootUserFolders() { - return listRootUserFolders(this.storage) - } - - public async listVaultRootFolders(): Promise<{ - rows: ListFolderFolderSimple[] - promotedRootSharedUids: Set - }> { - return listVaultRootFolders(this.storage) - } - - public findFolderUidByNameOrUid(nameOrUid: string): string | undefined { - return findFolderUidByNameOrUid(this.storage, nameOrUid) - } - - public findFolder(nameOrUid: string): FoundFolder | undefined { - return findFolder(this.storage, nameOrUid) - } - - public async findParentFolderUid(folderUid: string): Promise { - return findParentFolderUid(this.storage, folderUid) - } - - public async getFolder(uidOrName: string, options: GetFolderOptions = {}): Promise { - return getFolder(this.storage, uidOrName, options) - } - - public async changeDirectory(path: string): Promise { - return changeDirectory(this.storage, this.session, path) - } - - public async tryResolvePath(path: string): Promise { - return tryResolvePath(this.storage, this.session, path) - } - - public async resolveSingleFolder(folderName: string): Promise { - return resolveSingleFolder(this.storage, this.session, folderName) - } - - public async addFolder(input: AddFolderInput): Promise { - return addFolder(this.requireAuth(), this.storage, input) - } - - public async mkdir( - path: string, - options: MkdirOptions = {} - ): Promise<{ folderUid: string; success: boolean; message?: string }> { - return mkdir(this.requireAuth(), this.storage, this.session, path, options) - } - - public async updateFolder(input: UpdateFolderInput): Promise { - return updateFolder(this.requireAuth(), this.storage, input) - } - - public async renameFolder(folderPath: string, newName: string): Promise { - return renameFolder(this.requireAuth(), this.storage, this.session, folderPath, newName) - } - - public async updateSharedFolderPermissions( - sharedFolderUid: string, - permissions: SharedFolderPermissionsInput - ): Promise { - return updateSharedFolderPermissions(this.requireAuth(), this.storage, sharedFolderUid, permissions) - } - - public async deleteFolder( - folderRefs: string[], - confirm?: (summary: string) => boolean | Promise - ): Promise { - return deleteFolder(this.requireAuth(), this.storage, folderRefs, confirm) - } - - public async rmdir(patterns: string[], options: RmdirOptions = {}): Promise { - return rmdir(this.requireAuth(), this.storage, this.session, patterns, options) - } - - public async resolveRmdirPatternsToFolderUids(pattern: string): Promise> { - return resolveRmdirPatternsToFolderUids(this.storage, this.session, pattern) - } - - public async buildFolderDeleteObject(folderUid: string) { - return buildFolderDeleteObject(this.storage, folderUid) - } - - public async buildFolderTree(options: FolderTreeBuildOptions = {}): Promise { - return buildFolderTree(this.storage, this.session, options) - } - - public async folderTreeAscii(options: FolderTreeBuildOptions = {}): Promise { - return folderTreeAscii(this.storage, this.session, options) - } - - public renderFolderTreeAscii(tree: FolderTreeResult): string { - return renderFolderTreeAscii(tree) + private readonly storage: InMemoryStorage; + private readonly session: VaultFolderSession; + private readonly authProvider: AuthProvider; + + constructor( + storage: InMemoryStorage, + session: VaultFolderSession, + authProvider: AuthProvider, + ) { + this.storage = storage; + this.session = session; + this.authProvider = authProvider; + } + + public static createSession(): VaultFolderSession { + return createVaultFolderSession(); + } + + public static splitPathComponents(path: string): string[] { + return splitPathComponents(path); + } + + public getSession(): VaultFolderSession { + return this.session; + } + + public getCurrentFolderUid(): string | null { + return this.session.currentFolderUid; + } + + public getWorkingFolderDisplayName(): string { + return getWorkingFolderDisplayName( + this.storage, + this.session.currentFolderUid, + ); + } + + private requireAuth(): Auth { + const auth = this.authProvider(); + if (!auth) { + throw new KeeperSdkError( + "Not logged in. Call login() first.", + ResultCodes.NOT_LOGGED_IN, + ); } + return auth; + } + + public async listFolder( + options: ListFolderOptions = {}, + ): Promise { + return listFolder(this.storage, options); + } + + public listRootUserFolders() { + return listRootUserFolders(this.storage); + } + + public async listVaultRootFolders(): Promise<{ + rows: ListFolderFolderSimple[]; + promotedRootSharedUids: Set; + }> { + return listVaultRootFolders(this.storage); + } + + public findFolderUidByNameOrUid(nameOrUid: string): string | undefined { + return findFolderUidByNameOrUid(this.storage, nameOrUid); + } + + public findFolder(nameOrUid: string): FoundFolder | undefined { + return findFolder(this.storage, nameOrUid); + } + + public async findParentFolderUid(folderUid: string): Promise { + return findParentFolderUid(this.storage, folderUid); + } + + public async getFolder( + uidOrName: string, + options: GetFolderOptions = {}, + ): Promise { + return getFolder(this.storage, uidOrName, options); + } + + public async changeDirectory(path: string): Promise { + return changeDirectory(this.storage, this.session, path); + } + + public async tryResolvePath(path: string): Promise { + return tryResolvePath(this.storage, this.session, path); + } + + public async resolveSingleFolder( + folderName: string, + ): Promise { + return resolveSingleFolder(this.storage, this.session, folderName); + } + + public async addFolder(input: AddFolderInput): Promise { + return addFolder(this.requireAuth(), this.storage, input); + } + + public async mkdir( + path: string, + options: MkdirOptions = {}, + ): Promise<{ folderUid: string; success: boolean; message?: string }> { + return mkdir(this.requireAuth(), this.storage, this.session, path, options); + } + + public async updateFolder( + input: UpdateFolderInput, + ): Promise { + return updateFolder(this.requireAuth(), this.storage, input); + } + + public async renameFolder( + folderPath: string, + newName: string, + ): Promise { + return renameFolder( + this.requireAuth(), + this.storage, + this.session, + folderPath, + newName, + ); + } + + public async updateSharedFolderPermissions( + sharedFolderUid: string, + permissions: SharedFolderPermissionsInput, + ): Promise { + return updateSharedFolderPermissions( + this.requireAuth(), + this.storage, + sharedFolderUid, + permissions, + ); + } + + public async deleteFolder( + folderRefs: string[], + confirm?: (summary: string) => boolean | Promise, + ): Promise { + return deleteFolder(this.requireAuth(), this.storage, folderRefs, confirm); + } + + public async rmdir( + patterns: string[], + options: RmdirOptions = {}, + ): Promise { + return rmdir( + this.requireAuth(), + this.storage, + this.session, + patterns, + options, + ); + } + + public async resolveRmdirPatternsToFolderUids( + pattern: string, + ): Promise> { + return resolveRmdirPatternsToFolderUids( + this.storage, + this.session, + pattern, + ); + } + + public async buildFolderDeleteObject(folderUid: string) { + return buildFolderDeleteObject(this.storage, folderUid); + } + + public async buildFolderTree( + options: FolderTreeBuildOptions = {}, + ): Promise { + return buildFolderTree(this.storage, this.session, options); + } + + public async folderTreeAscii( + options: FolderTreeBuildOptions = {}, + ): Promise { + return folderTreeAscii(this.storage, this.session, options); + } + + public renderFolderTreeAscii(tree: FolderTreeResult): string { + return renderFolderTreeAscii(tree); + } } diff --git a/KeeperSdk/src/folders/addFolder.ts b/KeeperSdk/src/folders/addFolder.ts index c90b724c..0c8197bd 100644 --- a/KeeperSdk/src/folders/addFolder.ts +++ b/KeeperSdk/src/folders/addFolder.ts @@ -1,295 +1,391 @@ -import type { Auth, FolderAddRequest } from '@keeper-security/keeperapi' +import type { Auth, FolderAddRequest } from "@keeper-security/keeperapi"; import { - encryptForStorage, - encryptObjectForStorage, - folderAddCommand, - generateEncryptionKey, - generateUid, - platform, -} from '@keeper-security/keeperapi' -import type { DSharedFolder, DSharedFolderFolder, DUserFolder } from '@keeper-security/keeperapi' -import { InMemoryStorage } from '../storage/InMemoryStorage' -import { isBoolean, KeeperSdkError, extractErrorMessage } from '../utils' -import { listFolder } from './listFolder' -import { tryResolvePath, splitPathComponents, type VaultFolderSession } from './changeDirectory' -import { FolderKind, FolderResultStatus, ParentFolderKind, validateFolderName } from './folderHelpers' - -type NewFolderKind = FolderKind + encryptForStorage, + encryptObjectForStorage, + folderAddCommand, + generateEncryptionKey, + generateUid, + platform, +} from "@keeper-security/keeperapi"; +import type { + DSharedFolder, + DSharedFolderFolder, + DUserFolder, +} from "@keeper-security/keeperapi"; +import { InMemoryStorage } from "../storage/InMemoryStorage"; +import { isBoolean, KeeperSdkError, extractErrorMessage } from "../utils"; +import { listFolder } from "./listFolder"; +import { + tryResolvePath, + splitPathComponents, + type VaultFolderSession, +} from "./changeDirectory"; +import { + FolderKind, + FolderResultStatus, + ParentFolderKind, + validateFolderName, +} from "./folderHelpers"; + +type NewFolderKind = FolderKind; export type AddFolderInput = { - folderName: string - isSharedFolder?: boolean - parentUid?: string | null - manageUsers?: boolean - manageRecords?: boolean - canShare?: boolean - canEdit?: boolean -} + folderName: string; + isSharedFolder?: boolean; + parentUid?: string | null; + manageUsers?: boolean; + manageRecords?: boolean; + canShare?: boolean; + canEdit?: boolean; +}; export type AddFolderResult = { - folderUid: string - success: boolean - message?: string -} + folderUid: string; + success: boolean; + message?: string; +}; export type MkdirOptions = { - sharedFolder?: boolean - userFolder?: boolean - grantAll?: boolean - manageUsers?: boolean - manageRecords?: boolean - canShare?: boolean - canEdit?: boolean -} + sharedFolder?: boolean; + userFolder?: boolean; + grantAll?: boolean; + manageUsers?: boolean; + manageRecords?: boolean; + canShare?: boolean; + canEdit?: boolean; +}; type ParentContext = { - kind: ParentFolderKind - sharedScopeUid: string | null + kind: ParentFolderKind; + sharedScopeUid: string | null; +}; + +function resolveParentContext( + storage: InMemoryStorage, + parentUid: string | null, +): ParentContext { + if (parentUid === null || parentUid === "") { + return { kind: ParentFolderKind.VirtualRoot, sharedScopeUid: null }; + } + if (storage.getByUid(FolderKind.UserFolder, parentUid)) { + return { kind: ParentFolderKind.UserFolder, sharedScopeUid: null }; + } + const sharedFolder = storage.getByUid( + FolderKind.SharedFolder, + parentUid, + ); + if (sharedFolder) { + return { + kind: ParentFolderKind.SharedFolder, + sharedScopeUid: sharedFolder.uid, + }; + } + const sharedFolderFolder = storage.getByUid( + FolderKind.SharedFolderFolder, + parentUid, + ); + if (sharedFolderFolder) { + return { + kind: ParentFolderKind.SharedFolderFolder, + sharedScopeUid: sharedFolderFolder.sharedFolderUid, + }; + } + throw new KeeperSdkError( + `Parent folder "${parentUid}" not found`, + "folder_not_found", + ); } -function resolveParentContext(storage: InMemoryStorage, parentUid: string | null): ParentContext { - if (parentUid === null || parentUid === '') { - return { kind: ParentFolderKind.VirtualRoot, sharedScopeUid: null } - } - if (storage.getByUid(FolderKind.UserFolder, parentUid)) { - return { kind: ParentFolderKind.UserFolder, sharedScopeUid: null } - } - const sharedFolder = storage.getByUid(FolderKind.SharedFolder, parentUid) - if (sharedFolder) { - return { kind: ParentFolderKind.SharedFolder, sharedScopeUid: sharedFolder.uid } +function decideNewFolderType( + parent: ParentContext, + isSharedFolder: boolean, +): NewFolderKind { + if (isSharedFolder) { + if ( + parent.kind !== ParentFolderKind.UserFolder && + parent.kind !== ParentFolderKind.VirtualRoot + ) { + throw new KeeperSdkError( + "Shared folders cannot be nested inside other shared folders.", + "shared_folder_nested", + ); } - const sharedFolderFolder = storage.getByUid(FolderKind.SharedFolderFolder, parentUid) - if (sharedFolderFolder) { - return { - kind: ParentFolderKind.SharedFolderFolder, - sharedScopeUid: sharedFolderFolder.sharedFolderUid, - } - } - throw new KeeperSdkError(`Parent folder "${parentUid}" not found`, 'folder_not_found') -} - -function decideNewFolderType(parent: ParentContext, isSharedFolder: boolean): NewFolderKind { - if (isSharedFolder) { - if (parent.kind !== ParentFolderKind.UserFolder && parent.kind !== ParentFolderKind.VirtualRoot) { - throw new KeeperSdkError( - 'Shared folders cannot be nested inside other shared folders.', - 'shared_folder_nested' - ) - } - return FolderKind.SharedFolder - } - if (parent.kind === ParentFolderKind.VirtualRoot || parent.kind === ParentFolderKind.UserFolder) { - return FolderKind.UserFolder - } - return FolderKind.SharedFolderFolder + return FolderKind.SharedFolder; + } + if ( + parent.kind === ParentFolderKind.VirtualRoot || + parent.kind === ParentFolderKind.UserFolder + ) { + return FolderKind.UserFolder; + } + return FolderKind.SharedFolderFolder; } async function getEncryptionKeyForNewFolder( - auth: Auth, - storage: InMemoryStorage, - folderType: NewFolderKind, - sharedScopeUid: string | null + auth: Auth, + storage: InMemoryStorage, + folderType: NewFolderKind, + sharedScopeUid: string | null, ): Promise { - if (folderType === FolderKind.SharedFolderFolder) { - if (!sharedScopeUid) { - throw new KeeperSdkError('Shared folder scope could not be resolved.', 'shared_folder_scope_missing') - } - const sharedFolderKey = await storage.getKeyBytes(sharedScopeUid) - if (!sharedFolderKey) { - throw new KeeperSdkError( - 'Shared folder encryption key not available. Sync the vault and try again.', - 'shared_folder_key_missing' - ) - } - return sharedFolderKey + if (folderType === FolderKind.SharedFolderFolder) { + if (!sharedScopeUid) { + throw new KeeperSdkError( + "Shared folder scope could not be resolved.", + "shared_folder_scope_missing", + ); } - if (!auth.dataKey) { - throw new KeeperSdkError('Data key not available. Ensure you are logged in.', 'data_key_missing') + const sharedFolderKey = await storage.getKeyBytes(sharedScopeUid); + if (!sharedFolderKey) { + throw new KeeperSdkError( + "Shared folder encryption key not available. Sync the vault and try again.", + "shared_folder_key_missing", + ); } - return auth.dataKey + return sharedFolderKey; + } + if (!auth.dataKey) { + throw new KeeperSdkError( + "Data key not available. Ensure you are logged in.", + "data_key_missing", + ); + } + return auth.dataKey; } async function findChildFolderUidByName( - storage: InMemoryStorage, - parentUid: string | null, - name: string + storage: InMemoryStorage, + parentUid: string | null, + name: string, ): Promise { - const result = await listFolder(storage, { - folderUid: parentUid === null ? undefined : parentUid, - showFolders: true, - showRecords: false, - }) - const trimmedName = name.trim() - const lowerName = trimmedName.toLowerCase() - for (const folder of result.folders) { - if (folder.uid === trimmedName) return folder.uid - if (folder.name.trim() === trimmedName) return folder.uid - if (folder.name.trim().toLowerCase() === lowerName) return folder.uid - } - return undefined + const result = await listFolder(storage, { + folderUid: parentUid === null ? undefined : parentUid, + showFolders: true, + showRecords: false, + }); + const trimmedName = name.trim(); + const lowerName = trimmedName.toLowerCase(); + for (const folder of result.folders) { + if (folder.uid === trimmedName) return folder.uid; + if (folder.name.trim() === trimmedName) return folder.uid; + if (folder.name.trim().toLowerCase() === lowerName) return folder.uid; + } + return undefined; } -export async function addFolder(auth: Auth, storage: InMemoryStorage, input: AddFolderInput): Promise { - const name = input.folderName?.trim() - if (!name) { - throw new KeeperSdkError('Folder name cannot be empty.', 'folder_name_required') - } - validateFolderName(name) - - const parentUid = input.parentUid === undefined || input.parentUid === '' ? null : input.parentUid - const parent = resolveParentContext(storage, parentUid) - - const isShared = input.isSharedFolder === true - const folderType = decideNewFolderType(parent, isShared) - - const folderUid = generateUid() - const folderKey = generateEncryptionKey() - - const sharedScope = folderType === FolderKind.SharedFolderFolder ? parent.sharedScopeUid : null - - const encryptionKey = await getEncryptionKeyForNewFolder(auth, storage, folderType, sharedScope) - - const request: FolderAddRequest = { - folder_uid: folderUid, - folder_type: folderType, - key: await encryptForStorage(folderKey, encryptionKey), - data: await encryptObjectForStorage({ name, title: name }, folderKey), - link: false, - } - - if (parentUid) { - request.parent_uid = parentUid - } - if (folderType === FolderKind.SharedFolderFolder && sharedScope) { - request.shared_folder_uid = sharedScope - } - - if (folderType === FolderKind.SharedFolder) { - request.name = await encryptForStorage(platform.stringToBytes(name), folderKey) - request.manage_users = isBoolean(input.manageUsers) ? input.manageUsers : false - request.manage_records = isBoolean(input.manageRecords) ? input.manageRecords : false - request.can_edit = isBoolean(input.canEdit) ? input.canEdit : false - request.can_share = isBoolean(input.canShare) ? input.canShare : false - } - - try { - const response = await auth.executeRestCommand(folderAddCommand(request)) - const succeeded = - response.result === FolderResultStatus.Success || response.result_code === FolderResultStatus.Success - if (!succeeded) { - const reason = - response.message || - response.result_code || - `folder_add failed for "${name}" (uid=${folderUid}, type=${folderType}): server returned no message or result_code` - return { - folderUid, - success: false, - message: reason, - } - } - return { folderUid, success: true } - } catch (err) { - return { - folderUid, - success: false, - message: `folder_add failed for "${name}" (uid=${folderUid}, type=${folderType}): ${extractErrorMessage(err)}`, - } +export async function addFolder( + auth: Auth, + storage: InMemoryStorage, + input: AddFolderInput, +): Promise { + const name = input.folderName?.trim(); + if (!name) { + throw new KeeperSdkError( + "Folder name cannot be empty.", + "folder_name_required", + ); + } + validateFolderName(name); + + const parentUid = + input.parentUid === undefined || input.parentUid === "" + ? null + : input.parentUid; + const parent = resolveParentContext(storage, parentUid); + + const isShared = input.isSharedFolder === true; + const folderType = decideNewFolderType(parent, isShared); + + const folderUid = generateUid(); + const folderKey = generateEncryptionKey(); + + const sharedScope = + folderType === FolderKind.SharedFolderFolder ? parent.sharedScopeUid : null; + + const encryptionKey = await getEncryptionKeyForNewFolder( + auth, + storage, + folderType, + sharedScope, + ); + + const request: FolderAddRequest = { + folder_uid: folderUid, + folder_type: folderType, + key: await encryptForStorage(folderKey, encryptionKey), + data: await encryptObjectForStorage({ name, title: name }, folderKey), + link: false, + }; + + if (parentUid) { + request.parent_uid = parentUid; + } + if (folderType === FolderKind.SharedFolderFolder && sharedScope) { + request.shared_folder_uid = sharedScope; + } + + if (folderType === FolderKind.SharedFolder) { + request.name = await encryptForStorage( + platform.stringToBytes(name), + folderKey, + ); + request.manage_users = isBoolean(input.manageUsers) + ? input.manageUsers + : false; + request.manage_records = isBoolean(input.manageRecords) + ? input.manageRecords + : false; + request.can_edit = isBoolean(input.canEdit) ? input.canEdit : false; + request.can_share = isBoolean(input.canShare) ? input.canShare : false; + } + + try { + const response = await auth.executeRestCommand(folderAddCommand(request)); + const succeeded = + response.result === FolderResultStatus.Success || + response.result_code === FolderResultStatus.Success; + if (!succeeded) { + const reason = + response.message || + response.result_code || + `folder_add failed for "${name}" (uid=${folderUid}, type=${folderType}): server returned no message or result_code`; + return { + folderUid, + success: false, + message: reason, + }; } + return { folderUid, success: true }; + } catch (err) { + return { + folderUid, + success: false, + message: `folder_add failed for "${name}" (uid=${folderUid}, type=${folderType}): ${extractErrorMessage(err)}`, + }; + } } export async function mkdir( - auth: Auth, - storage: InMemoryStorage, - session: VaultFolderSession, - path: string, - options: MkdirOptions = {} + auth: Auth, + storage: InMemoryStorage, + session: VaultFolderSession, + path: string, + options: MkdirOptions = {}, ): Promise<{ folderUid: string; success: boolean; message?: string }> { - const trimmed = path.trim() - if (!trimmed) { - throw new KeeperSdkError('Folder path cannot be empty.', 'folder_path_required') + const trimmed = path.trim(); + if (!trimmed) { + throw new KeeperSdkError( + "Folder path cannot be empty.", + "folder_path_required", + ); + } + + if (options.sharedFolder && options.userFolder) { + throw new KeeperSdkError( + "Use only one of sharedFolder (-sf) or userFolder (-uf).", + "mkdir_flags_conflict", + ); + } + + const { folderUid: baseUid, remaining } = await tryResolvePath( + storage, + session, + trimmed, + ); + if (!remaining.trim()) { + throw new KeeperSdkError( + `Folder "${trimmed}" already exists.`, + "folder_already_exists", + ); + } + + const grantAll = options.grantAll === true; + let manageUsers = isBoolean(options.manageUsers) + ? options.manageUsers + : false; + let manageRecords = isBoolean(options.manageRecords) + ? options.manageRecords + : false; + let canShare = isBoolean(options.canShare) ? options.canShare : false; + let canEdit = isBoolean(options.canEdit) ? options.canEdit : false; + if (grantAll) { + manageUsers = true; + manageRecords = true; + canShare = true; + canEdit = true; + } + + const segments = splitPathComponents(remaining) + .map((segment) => segment.trim()) + .filter((segment) => segment !== "" && segment !== "."); + + if (segments.length === 0) { + throw new KeeperSdkError( + `Folder "${trimmed}" already exists.`, + "folder_already_exists", + ); + } + + let currentParent: string | null = baseUid; + let lastResult: AddFolderResult = { + folderUid: "", + success: false, + message: "not run", + }; + + for (let segmentIndex = 0; segmentIndex < segments.length; segmentIndex++) { + const segment = segments[segmentIndex]; + const isLastSegment = segmentIndex === segments.length - 1; + const existingChildUid = await findChildFolderUidByName( + storage, + currentParent, + segment, + ); + if (existingChildUid) { + if (isLastSegment) { + throw new KeeperSdkError( + `Folder "${segment}" already exists.`, + "folder_already_exists", + ); + } + currentParent = existingChildUid; + continue; } - if (options.sharedFolder && options.userFolder) { - throw new KeeperSdkError('Use only one of sharedFolder (-sf) or userFolder (-uf).', 'mkdir_flags_conflict') + const createAsSharedFolder = isLastSegment && options.sharedFolder === true; + + const parentContext = resolveParentContext(storage, currentParent); + if ( + createAsSharedFolder && + parentContext.kind !== ParentFolderKind.UserFolder && + parentContext.kind !== ParentFolderKind.VirtualRoot + ) { + throw new KeeperSdkError( + "Shared folders can only be created under a personal folder.", + "shared_folder_invalid_parent", + ); } - const { folderUid: baseUid, remaining } = await tryResolvePath(storage, session, trimmed) - if (!remaining.trim()) { - throw new KeeperSdkError(`Folder "${trimmed}" already exists.`, 'folder_already_exists') - } - - const grantAll = options.grantAll === true - let manageUsers = isBoolean(options.manageUsers) ? options.manageUsers : false - let manageRecords = isBoolean(options.manageRecords) ? options.manageRecords : false - let canShare = isBoolean(options.canShare) ? options.canShare : false - let canEdit = isBoolean(options.canEdit) ? options.canEdit : false - if (grantAll) { - manageUsers = true - manageRecords = true - canShare = true - canEdit = true - } - - const segments = splitPathComponents(remaining) - .map((segment) => segment.trim()) - .filter((segment) => segment !== '' && segment !== '.') - - if (segments.length === 0) { - throw new KeeperSdkError(`Folder "${trimmed}" already exists.`, 'folder_already_exists') - } - - let currentParent: string | null = baseUid - let lastResult: AddFolderResult = { - folderUid: '', + lastResult = await addFolder(auth, storage, { + folderName: segment, + parentUid: currentParent, + isSharedFolder: createAsSharedFolder, + manageUsers: + isLastSegment && createAsSharedFolder ? manageUsers : undefined, + manageRecords: + isLastSegment && createAsSharedFolder ? manageRecords : undefined, + canShare: isLastSegment && createAsSharedFolder ? canShare : undefined, + canEdit: isLastSegment && createAsSharedFolder ? canEdit : undefined, + }); + + if (!lastResult.success) { + return { + folderUid: lastResult.folderUid, success: false, - message: 'not run', - } - - for (let segmentIndex = 0; segmentIndex < segments.length; segmentIndex++) { - const segment = segments[segmentIndex] - const isLastSegment = segmentIndex === segments.length - 1 - const existingChildUid = await findChildFolderUidByName(storage, currentParent, segment) - if (existingChildUid) { - if (isLastSegment) { - throw new KeeperSdkError(`Folder "${segment}" already exists.`, 'folder_already_exists') - } - currentParent = existingChildUid - continue - } - - const createAsSharedFolder = isLastSegment && options.sharedFolder === true - - const parentContext = resolveParentContext(storage, currentParent) - if ( - createAsSharedFolder && - parentContext.kind !== ParentFolderKind.UserFolder && - parentContext.kind !== ParentFolderKind.VirtualRoot - ) { - throw new KeeperSdkError( - 'Shared folders can only be created under a personal folder.', - 'shared_folder_invalid_parent' - ) - } - - lastResult = await addFolder(auth, storage, { - folderName: segment, - parentUid: currentParent, - isSharedFolder: createAsSharedFolder, - manageUsers: isLastSegment && createAsSharedFolder ? manageUsers : undefined, - manageRecords: isLastSegment && createAsSharedFolder ? manageRecords : undefined, - canShare: isLastSegment && createAsSharedFolder ? canShare : undefined, - canEdit: isLastSegment && createAsSharedFolder ? canEdit : undefined, - }) - - if (!lastResult.success) { - return { - folderUid: lastResult.folderUid, - success: false, - message: lastResult.message, - } - } - currentParent = lastResult.folderUid + message: lastResult.message, + }; } + currentParent = lastResult.folderUid; + } - return { folderUid: lastResult.folderUid, success: true } + return { folderUid: lastResult.folderUid, success: true }; } diff --git a/KeeperSdk/src/folders/changeDirectory.ts b/KeeperSdk/src/folders/changeDirectory.ts index 7f8aeb96..da9c5d22 100644 --- a/KeeperSdk/src/folders/changeDirectory.ts +++ b/KeeperSdk/src/folders/changeDirectory.ts @@ -1,217 +1,266 @@ -import type { DSharedFolder, DSharedFolderFolder, DUserFolder } from '@keeper-security/keeperapi' -import { InMemoryStorage } from '../storage/InMemoryStorage' -import { KeeperSdkError } from '../utils' -import { listFolder, listRootUserFolders } from './listFolder' -import type { ListFolderFolderSimple } from './listFolder' -import { FolderKind, VaultObjectKind, sharedFolderFolderName, sharedFolderName, userFolderName } from './folderHelpers' +import type { + DSharedFolder, + DSharedFolderFolder, + DUserFolder, +} from "@keeper-security/keeperapi"; +import { InMemoryStorage } from "../storage/InMemoryStorage"; +import { KeeperSdkError } from "../utils"; +import { listFolder, listRootUserFolders } from "./listFolder"; +import type { ListFolderFolderSimple } from "./listFolder"; +import { + FolderKind, + VaultObjectKind, + sharedFolderFolderName, + sharedFolderName, + userFolderName, +} from "./folderHelpers"; -const VAULT_ROOT_DISPLAY_NAME = 'My Vault' +const VAULT_ROOT_DISPLAY_NAME = "My Vault"; -const ESCAPED_SEPARATOR_PLACEHOLDER = '\x00' +const ESCAPED_SEPARATOR_PLACEHOLDER = "\x00"; export type VaultFolderSession = { - currentFolderUid: string | null -} + currentFolderUid: string | null; +}; export type ChangeDirectoryResult = { - folderUid: string | null - name: string -} + folderUid: string | null; + name: string; +}; export function createVaultFolderSession(): VaultFolderSession { - return { currentFolderUid: null } + return { currentFolderUid: null }; } -function getFolderEntryByUid(storage: InMemoryStorage, uid: string): ListFolderFolderSimple | undefined { - const userFolder = storage.getByUid(FolderKind.UserFolder, uid) - if (userFolder) { - return { uid: userFolder.uid, name: userFolderName(userFolder), folderKind: FolderKind.UserFolder } - } - const sharedFolder = storage.getByUid(FolderKind.SharedFolder, uid) - if (sharedFolder) { - return { - uid: sharedFolder.uid, - name: sharedFolderName(sharedFolder), - folderKind: FolderKind.SharedFolder, - } - } - const sharedFolderFolder = storage.getByUid(FolderKind.SharedFolderFolder, uid) - if (sharedFolderFolder) { - return { - uid: sharedFolderFolder.uid, - name: sharedFolderFolderName(sharedFolderFolder), - folderKind: FolderKind.SharedFolderFolder, - } - } - return undefined +function getFolderEntryByUid( + storage: InMemoryStorage, + uid: string, +): ListFolderFolderSimple | undefined { + const userFolder = storage.getByUid(FolderKind.UserFolder, uid); + if (userFolder) { + return { + uid: userFolder.uid, + name: userFolderName(userFolder), + folderKind: FolderKind.UserFolder, + }; + } + const sharedFolder = storage.getByUid( + FolderKind.SharedFolder, + uid, + ); + if (sharedFolder) { + return { + uid: sharedFolder.uid, + name: sharedFolderName(sharedFolder), + folderKind: FolderKind.SharedFolder, + }; + } + const sharedFolderFolder = storage.getByUid( + FolderKind.SharedFolderFolder, + uid, + ); + if (sharedFolderFolder) { + return { + uid: sharedFolderFolder.uid, + name: sharedFolderFolderName(sharedFolderFolder), + folderKind: FolderKind.SharedFolderFolder, + }; + } + return undefined; } -export async function findParentFolderUid(storage: InMemoryStorage, folderUid: string): Promise { - const rootFolderUids = new Set((await listRootUserFolders(storage)).map((folder) => folder.uid)) - if (rootFolderUids.has(folderUid)) return null - - const parentKinds = [ - FolderKind.UserFolder, - FolderKind.SharedFolder, - FolderKind.SharedFolderFolder, - VaultObjectKind.Team, - ] as const - for (const kind of parentKinds) { - for (const candidate of storage.getAll(kind)) { - const candidateUid = (candidate as { uid: string }).uid - const dependencies = (await storage.getDependencies(candidateUid)) || [] - for (const dependency of dependencies) { - if (dependency.uid !== folderUid) continue - if ( - dependency.kind === FolderKind.UserFolder || - dependency.kind === FolderKind.SharedFolder || - dependency.kind === FolderKind.SharedFolderFolder - ) { - return candidateUid - } - } +export async function findParentFolderUid( + storage: InMemoryStorage, + folderUid: string, +): Promise { + const rootFolderUids = new Set( + (await listRootUserFolders(storage)).map((folder) => folder.uid), + ); + if (rootFolderUids.has(folderUid)) return null; + + const parentKinds = [ + FolderKind.UserFolder, + FolderKind.SharedFolder, + FolderKind.SharedFolderFolder, + VaultObjectKind.Team, + ] as const; + for (const kind of parentKinds) { + for (const candidate of storage.getAll(kind)) { + const candidateUid = (candidate as { uid: string }).uid; + const dependencies = (await storage.getDependencies(candidateUid)) || []; + for (const dependency of dependencies) { + if (dependency.uid !== folderUid) continue; + if ( + dependency.kind === FolderKind.UserFolder || + dependency.kind === FolderKind.SharedFolder || + dependency.kind === FolderKind.SharedFolderFolder + ) { + return candidateUid; } + } } + } - return null + return null; } async function listFolderChildrenForCd( - storage: InMemoryStorage, - parentUid: string | null + storage: InMemoryStorage, + parentUid: string | null, ): Promise { - const result = await listFolder(storage, { - folderUid: parentUid === null ? undefined : parentUid, - showFolders: true, - showRecords: false, - }) - return result.folders + const result = await listFolder(storage, { + folderUid: parentUid === null ? undefined : parentUid, + showFolders: true, + showRecords: false, + }); + return result.folders; } function findChildFolder( - children: ListFolderFolderSimple[], - component: string + children: ListFolderFolderSimple[], + component: string, ): ListFolderFolderSimple | undefined { - const trimmedComponent = component.trim() - if (!trimmedComponent) return undefined - const matchByUid = children.find((child) => child.uid === trimmedComponent) - if (matchByUid) return matchByUid - const exactNameMatch = children.find((child) => child.name.trim() === trimmedComponent) - if (exactNameMatch) return exactNameMatch - const lowerComponent = trimmedComponent.toLowerCase() - return children.find((child) => child.name.trim().toLowerCase() === lowerComponent) + const trimmedComponent = component.trim(); + if (!trimmedComponent) return undefined; + const matchByUid = children.find((child) => child.uid === trimmedComponent); + if (matchByUid) return matchByUid; + const exactNameMatch = children.find( + (child) => child.name.trim() === trimmedComponent, + ); + if (exactNameMatch) return exactNameMatch; + const lowerComponent = trimmedComponent.toLowerCase(); + return children.find( + (child) => child.name.trim().toLowerCase() === lowerComponent, + ); } export function splitPathComponents(path: string): string[] { - const escaped = path.replace(/\/\//g, ESCAPED_SEPARATOR_PLACEHOLDER) - return escaped.split('/').map((segment) => segment.replace(/\x00/g, '/')) + const escaped = path.replace(/\/\//g, ESCAPED_SEPARATOR_PLACEHOLDER); + return escaped.split("/").map((segment) => segment.replace(/\x00/g, "/")); } export type TryResolvePathResult = { - folderUid: string | null - remaining: string -} + folderUid: string | null; + remaining: string; +}; export async function tryResolvePath( - storage: InMemoryStorage, - session: VaultFolderSession, - path: string + storage: InMemoryStorage, + session: VaultFolderSession, + path: string, ): Promise { - const trimmed = path.trim() - if (!trimmed) { - return { folderUid: session.currentFolderUid, remaining: '' } - } + const trimmed = path.trim(); + if (!trimmed) { + return { folderUid: session.currentFolderUid, remaining: "" }; + } - const direct = getFolderEntryByUid(storage, trimmed) - if (direct) { - return { folderUid: direct.uid, remaining: '' } - } + const direct = getFolderEntryByUid(storage, trimmed); + if (direct) { + return { folderUid: direct.uid, remaining: "" }; + } - const absolute = trimmed.startsWith('/') && !trimmed.startsWith('//') - const pathToWalk = absolute ? trimmed.slice(1) : trimmed - const components = splitPathComponents(pathToWalk) + const absolute = trimmed.startsWith("/") && !trimmed.startsWith("//"); + const pathToWalk = absolute ? trimmed.slice(1) : trimmed; + const components = splitPathComponents(pathToWalk); - let folderUid: string | null = absolute ? null : session.currentFolderUid || null + let folderUid: string | null = absolute + ? null + : session.currentFolderUid || null; - if (!absolute && folderUid !== null) { - if (!getFolderEntryByUid(storage, folderUid)) { - folderUid = null - } + if (!absolute && folderUid !== null) { + if (!getFolderEntryByUid(storage, folderUid)) { + folderUid = null; } + } - let componentIndex = 0 - while (componentIndex < components.length) { - const component = components[componentIndex] - componentIndex++ + let componentIndex = 0; + while (componentIndex < components.length) { + const component = components[componentIndex]; + componentIndex++; - if (component === '' || component === '.') { - continue - } + if (component === "" || component === ".") { + continue; + } - if (component === '..') { - if (folderUid === null) { - continue - } - folderUid = await findParentFolderUid(storage, folderUid) - continue - } + if (component === "..") { + if (folderUid === null) { + continue; + } + folderUid = await findParentFolderUid(storage, folderUid); + continue; + } - const children = await listFolderChildrenForCd(storage, folderUid) - const match = findChildFolder(children, component) - if (match) { - folderUid = match.uid - } else { - const remaining = [component, ...components.slice(componentIndex)].join('/') - return { folderUid, remaining } - } + const children = await listFolderChildrenForCd(storage, folderUid); + const match = findChildFolder(children, component); + if (match) { + folderUid = match.uid; + } else { + const remaining = [component, ...components.slice(componentIndex)].join( + "/", + ); + return { folderUid, remaining }; } + } - return { folderUid, remaining: '' } + return { folderUid, remaining: "" }; } export async function resolveSingleFolder( - storage: InMemoryStorage, - session: VaultFolderSession, - folderName: string + storage: InMemoryStorage, + session: VaultFolderSession, + folderName: string, ): Promise { - const trimmed = folderName.trim() - if (!trimmed) { - throw new KeeperSdkError('Folder cannot be empty.', 'folder_required') - } + const trimmed = folderName.trim(); + if (!trimmed) { + throw new KeeperSdkError("Folder cannot be empty.", "folder_required"); + } - const direct = getFolderEntryByUid(storage, trimmed) - if (direct) { - return { folderUid: direct.uid, name: direct.name } - } + const direct = getFolderEntryByUid(storage, trimmed); + if (direct) { + return { folderUid: direct.uid, name: direct.name }; + } - const { folderUid, remaining } = await tryResolvePath(storage, session, trimmed) - if (remaining) { - throw new KeeperSdkError(`Folder "${folderName}" not found`, 'folder_not_found') - } + const { folderUid, remaining } = await tryResolvePath( + storage, + session, + trimmed, + ); + if (remaining) { + throw new KeeperSdkError( + `Folder "${folderName}" not found`, + "folder_not_found", + ); + } - if (folderUid === null) { - return { folderUid: null, name: VAULT_ROOT_DISPLAY_NAME } - } + if (folderUid === null) { + return { folderUid: null, name: VAULT_ROOT_DISPLAY_NAME }; + } - const entry = getFolderEntryByUid(storage, folderUid) - if (!entry) { - throw new KeeperSdkError(`Folder "${folderName}" not found`, 'folder_not_found') - } - return { folderUid: entry.uid, name: entry.name } + const entry = getFolderEntryByUid(storage, folderUid); + if (!entry) { + throw new KeeperSdkError( + `Folder "${folderName}" not found`, + "folder_not_found", + ); + } + return { folderUid: entry.uid, name: entry.name }; } export async function changeDirectory( - storage: InMemoryStorage, - session: VaultFolderSession, - path: string + storage: InMemoryStorage, + session: VaultFolderSession, + path: string, ): Promise { - const resolved = await resolveSingleFolder(storage, session, path) - session.currentFolderUid = resolved.folderUid - return resolved + const resolved = await resolveSingleFolder(storage, session, path); + session.currentFolderUid = resolved.folderUid; + return resolved; } -export function getWorkingFolderDisplayName(storage: InMemoryStorage, currentFolderUid: string | null): string { - if (currentFolderUid === null) return VAULT_ROOT_DISPLAY_NAME - const entry = getFolderEntryByUid(storage, currentFolderUid) - return entry?.name || VAULT_ROOT_DISPLAY_NAME +export function getWorkingFolderDisplayName( + storage: InMemoryStorage, + currentFolderUid: string | null, +): string { + if (currentFolderUid === null) return VAULT_ROOT_DISPLAY_NAME; + const entry = getFolderEntryByUid(storage, currentFolderUid); + return entry?.name || VAULT_ROOT_DISPLAY_NAME; } diff --git a/KeeperSdk/src/folders/deleteFolder.ts b/KeeperSdk/src/folders/deleteFolder.ts index 93a512fe..a619c44d 100644 --- a/KeeperSdk/src/folders/deleteFolder.ts +++ b/KeeperSdk/src/folders/deleteFolder.ts @@ -1,293 +1,348 @@ -import type { Auth, DeleteObject, KeeperPreDeleteResponse } from '@keeper-security/keeperapi' -import { preDeleteCommand, recordDeleteCommand } from '@keeper-security/keeperapi' -import type { DSharedFolder, DSharedFolderFolder, DUserFolder } from '@keeper-security/keeperapi' -import { InMemoryStorage } from '../storage/InMemoryStorage' -import { KeeperSdkError, extractErrorMessage, logger } from '../utils' -import { listFolder } from './listFolder' -import type { ListFolderFolderSimple } from './listFolder' -import { tryResolvePath, findParentFolderUid, type VaultFolderSession } from './changeDirectory' +import type { + Auth, + DeleteObject, + KeeperPreDeleteResponse, +} from "@keeper-security/keeperapi"; import { - DeleteResolution, - FolderKind, - globToRegex, - sharedFolderFolderName, - sharedFolderName, - userFolderName, -} from './folderHelpers' -import { findFolder } from './getFolder' + preDeleteCommand, + recordDeleteCommand, +} from "@keeper-security/keeperapi"; +import type { + DSharedFolder, + DSharedFolderFolder, + DUserFolder, +} from "@keeper-security/keeperapi"; +import { InMemoryStorage } from "../storage/InMemoryStorage"; +import { KeeperSdkError, extractErrorMessage, logger } from "../utils"; +import { listFolder } from "./listFolder"; +import type { ListFolderFolderSimple } from "./listFolder"; +import { + tryResolvePath, + findParentFolderUid, + type VaultFolderSession, +} from "./changeDirectory"; +import { + DeleteResolution, + FolderKind, + globToRegex, + sharedFolderFolderName, + sharedFolderName, + userFolderName, +} from "./folderHelpers"; +import { findFolder } from "./getFolder"; export type DeleteFolderResult = { - success: boolean - message?: string - cancelled?: boolean -} + success: boolean; + message?: string; + cancelled?: boolean; +}; export type RmdirOptions = { - force?: boolean - quiet?: boolean - confirm?: (summary: string) => boolean | Promise -} + force?: boolean; + quiet?: boolean; + confirm?: (summary: string) => boolean | Promise; +}; function folderKindOfUid(storage: InMemoryStorage, uid: string): FolderKind { - if (storage.getByUid(FolderKind.UserFolder, uid)) return FolderKind.UserFolder - if (storage.getByUid(FolderKind.SharedFolder, uid)) return FolderKind.SharedFolder - if (storage.getByUid(FolderKind.SharedFolderFolder, uid)) return FolderKind.SharedFolderFolder - return FolderKind.UserFolder + if (storage.getByUid(FolderKind.UserFolder, uid)) + return FolderKind.UserFolder; + if (storage.getByUid(FolderKind.SharedFolder, uid)) + return FolderKind.SharedFolder; + if (storage.getByUid(FolderKind.SharedFolderFolder, uid)) + return FolderKind.SharedFolderFolder; + return FolderKind.UserFolder; } async function listFolderChildrenFolders( - storage: InMemoryStorage, - parentUid: string | null + storage: InMemoryStorage, + parentUid: string | null, ): Promise { - const result = await listFolder(storage, { - folderUid: parentUid === null ? undefined : parentUid, - showFolders: true, - showRecords: false, - }) - return result.folders + const result = await listFolder(storage, { + folderUid: parentUid === null ? undefined : parentUid, + showFolders: true, + showRecords: false, + }); + return result.folders; } function folderDisplayName(storage: InMemoryStorage, uid: string): string { - const userFolder = storage.getByUid(FolderKind.UserFolder, uid) - if (userFolder) return userFolderName(userFolder) - const sharedFolder = storage.getByUid(FolderKind.SharedFolder, uid) - if (sharedFolder) return sharedFolderName(sharedFolder) - const sharedFolderFolder = storage.getByUid(FolderKind.SharedFolderFolder, uid) - if (sharedFolderFolder) return sharedFolderFolderName(sharedFolderFolder) - return uid + const userFolder = storage.getByUid(FolderKind.UserFolder, uid); + if (userFolder) return userFolderName(userFolder); + const sharedFolder = storage.getByUid( + FolderKind.SharedFolder, + uid, + ); + if (sharedFolder) return sharedFolderName(sharedFolder); + const sharedFolderFolder = storage.getByUid( + FolderKind.SharedFolderFolder, + uid, + ); + if (sharedFolderFolder) return sharedFolderFolderName(sharedFolderFolder); + return uid; } export async function buildFolderDeleteObject( - storage: InMemoryStorage, - folderUid: string + storage: InMemoryStorage, + folderUid: string, ): Promise { - const userFolder = storage.getByUid(FolderKind.UserFolder, folderUid) - if (userFolder) { - const parentUid = await findParentFolderUid(storage, folderUid) - const deleteObject: DeleteObject = { - delete_resolution: DeleteResolution.Unlink, - object_uid: folderUid, - object_type: FolderKind.UserFolder, - from_type: FolderKind.UserFolder, - } - if (parentUid) { - deleteObject.from_uid = parentUid - deleteObject.from_type = folderKindOfUid(storage, parentUid) - } else { - deleteObject.from_uid = '' - } - return deleteObject + const userFolder = storage.getByUid( + FolderKind.UserFolder, + folderUid, + ); + if (userFolder) { + const parentUid = await findParentFolderUid(storage, folderUid); + const deleteObject: DeleteObject = { + delete_resolution: DeleteResolution.Unlink, + object_uid: folderUid, + object_type: FolderKind.UserFolder, + from_type: FolderKind.UserFolder, + }; + if (parentUid) { + deleteObject.from_uid = parentUid; + deleteObject.from_type = folderKindOfUid(storage, parentUid); + } else { + deleteObject.from_uid = ""; } - const sharedFolder = storage.getByUid(FolderKind.SharedFolder, folderUid) - if (sharedFolder) { - const parentUid = await findParentFolderUid(storage, folderUid) - const deleteObject: DeleteObject = { - delete_resolution: DeleteResolution.Unlink, - object_uid: folderUid, - object_type: FolderKind.SharedFolder, - from_type: FolderKind.UserFolder, - } - if (parentUid) { - deleteObject.from_uid = parentUid - deleteObject.from_type = folderKindOfUid(storage, parentUid) - } else { - deleteObject.from_uid = '' - } - return deleteObject + return deleteObject; + } + const sharedFolder = storage.getByUid( + FolderKind.SharedFolder, + folderUid, + ); + if (sharedFolder) { + const parentUid = await findParentFolderUid(storage, folderUid); + const deleteObject: DeleteObject = { + delete_resolution: DeleteResolution.Unlink, + object_uid: folderUid, + object_type: FolderKind.SharedFolder, + from_type: FolderKind.UserFolder, + }; + if (parentUid) { + deleteObject.from_uid = parentUid; + deleteObject.from_type = folderKindOfUid(storage, parentUid); + } else { + deleteObject.from_uid = ""; } - const sharedFolderFolder = storage.getByUid(FolderKind.SharedFolderFolder, folderUid) - if (sharedFolderFolder) { - const parentUid = await findParentFolderUid(storage, folderUid) - const deleteObject: DeleteObject = { - delete_resolution: DeleteResolution.Unlink, - object_uid: folderUid, - object_type: FolderKind.SharedFolderFolder, - from_type: FolderKind.SharedFolder, - } - if (parentUid) { - deleteObject.from_uid = parentUid - deleteObject.from_type = folderKindOfUid(storage, parentUid) - } else { - deleteObject.from_uid = sharedFolderFolder.sharedFolderUid - deleteObject.from_type = FolderKind.SharedFolder - } - return deleteObject + return deleteObject; + } + const sharedFolderFolder = storage.getByUid( + FolderKind.SharedFolderFolder, + folderUid, + ); + if (sharedFolderFolder) { + const parentUid = await findParentFolderUid(storage, folderUid); + const deleteObject: DeleteObject = { + delete_resolution: DeleteResolution.Unlink, + object_uid: folderUid, + object_type: FolderKind.SharedFolderFolder, + from_type: FolderKind.SharedFolder, + }; + if (parentUid) { + deleteObject.from_uid = parentUid; + deleteObject.from_type = folderKindOfUid(storage, parentUid); + } else { + deleteObject.from_uid = sharedFolderFolder.sharedFolderUid; + deleteObject.from_type = FolderKind.SharedFolder; } - return null + return deleteObject; + } + return null; } async function buildDeleteObjectForFolderRef( - storage: InMemoryStorage, - ref: string + storage: InMemoryStorage, + ref: string, ): Promise { - const trimmed = ref.trim() - if (!trimmed) return null + const trimmed = ref.trim(); + if (!trimmed) return null; - const direct = await buildFolderDeleteObject(storage, trimmed) - if (direct) return direct + const direct = await buildFolderDeleteObject(storage, trimmed); + if (direct) return direct; - const found = findFolder(storage, trimmed) - if (!found) return null - return buildFolderDeleteObject(storage, found.folder.uid) + const found = findFolder(storage, trimmed); + if (!found) return null; + return buildFolderDeleteObject(storage, found.folder.uid); } export async function deleteFolder( - auth: Auth, - storage: InMemoryStorage, - folderRefs: string[], - confirm?: (summary: string) => boolean | Promise + auth: Auth, + storage: InMemoryStorage, + folderRefs: string[], + confirm?: (summary: string) => boolean | Promise, ): Promise { - const objects: DeleteObject[] = [] - for (const ref of folderRefs) { - const deleteObject = await buildDeleteObjectForFolderRef(storage, ref) - if (deleteObject) objects.push(deleteObject) - } - if (objects.length === 0) { - throw new KeeperSdkError( - 'No folders found to delete (not a folder UID or name).', - 'delete_nothing' - ) - } + const objects: DeleteObject[] = []; + for (const ref of folderRefs) { + const deleteObject = await buildDeleteObjectForFolderRef(storage, ref); + if (deleteObject) objects.push(deleteObject); + } + if (objects.length === 0) { + throw new KeeperSdkError( + "No folders found to delete (not a folder UID or name).", + "delete_nothing", + ); + } - const targetUids = objects.map((deleteObject) => deleteObject.object_uid).join(', ') + const targetUids = objects + .map((deleteObject) => deleteObject.object_uid) + .join(", "); - let preResp: KeeperPreDeleteResponse - try { - preResp = await auth.executeRestCommand(preDeleteCommand({ objects })) - } catch (err) { - return { - success: false, - message: `pre_delete failed for [${targetUids}]: ${extractErrorMessage(err)}`, - } - } + let preResp: KeeperPreDeleteResponse; + try { + preResp = await auth.executeRestCommand(preDeleteCommand({ objects })); + } catch (err) { + return { + success: false, + message: `pre_delete failed for [${targetUids}]: ${extractErrorMessage(err)}`, + }; + } - const inner = preResp.pre_delete_response - const token = inner?.pre_delete_token - if (!token) { - const reason = - preResp.message || - preResp.result_code || - `pre_delete failed for [${targetUids}]: server did not return a pre_delete_token` - return { - success: false, - message: reason, - } - } + const inner = preResp.pre_delete_response; + const token = inner?.pre_delete_token; + if (!token) { + const reason = + preResp.message || + preResp.result_code || + `pre_delete failed for [${targetUids}]: server did not return a pre_delete_token`; + return { + success: false, + message: reason, + }; + } - if (confirm) { - const wouldDelete = inner?.would_delete - const summaryItems = wouldDelete?.deletion_summary - if (Array.isArray(summaryItems) && summaryItems.length > 0) { - const summary = summaryItems.join('\n') - const confirmed = await confirm(summary) - if (!confirmed) { - return { success: false, cancelled: true, message: 'Cancelled.' } - } - } + if (confirm) { + const wouldDelete = inner?.would_delete; + const summaryItems = wouldDelete?.deletion_summary; + if (Array.isArray(summaryItems) && summaryItems.length > 0) { + const summary = summaryItems.join("\n"); + const confirmed = await confirm(summary); + if (!confirmed) { + return { success: false, cancelled: true, message: "Cancelled." }; + } } + } - try { - await auth.executeRestCommand(recordDeleteCommand({ pre_delete_token: token })) - } catch (err) { - return { - success: false, - message: `record_delete failed for [${targetUids}]: ${extractErrorMessage(err)}`, - } - } + try { + await auth.executeRestCommand( + recordDeleteCommand({ pre_delete_token: token }), + ); + } catch (err) { + return { + success: false, + message: `record_delete failed for [${targetUids}]: ${extractErrorMessage(err)}`, + }; + } - return { success: true } + return { success: true }; } export async function resolveRmdirPatternsToFolderUids( - storage: InMemoryStorage, - session: VaultFolderSession, - pattern: string + storage: InMemoryStorage, + session: VaultFolderSession, + pattern: string, ): Promise> { - const matchedUids = new Set() - const trimmedPattern = pattern.trim() - if (!trimmedPattern) return matchedUids + const matchedUids = new Set(); + const trimmedPattern = pattern.trim(); + if (!trimmedPattern) return matchedUids; - const { folderUid: baseUid, remaining } = await tryResolvePath(storage, session, trimmedPattern) - const remainingPattern = remaining.trim() + const { folderUid: baseUid, remaining } = await tryResolvePath( + storage, + session, + trimmedPattern, + ); + const remainingPattern = remaining.trim(); - if (!remainingPattern) { - if (baseUid !== null) { - matchedUids.add(baseUid) - } - return matchedUids + if (!remainingPattern) { + if (baseUid !== null) { + matchedUids.add(baseUid); } + return matchedUids; + } - const children = await listFolderChildrenFolders(storage, baseUid) - const exactChild = children.find((child) => child.uid === remainingPattern) - if (exactChild) { - matchedUids.add(exactChild.uid) - return matchedUids - } + const children = await listFolderChildrenFolders(storage, baseUid); + const exactChild = children.find((child) => child.uid === remainingPattern); + if (exactChild) { + matchedUids.add(exactChild.uid); + return matchedUids; + } - const matcher = globToRegex(remainingPattern) - for (const child of children) { - if (matcher.test(child.name.trim())) { - matchedUids.add(child.uid) - } + const matcher = globToRegex(remainingPattern); + for (const child of children) { + if (matcher.test(child.name.trim())) { + matchedUids.add(child.uid); } - return matchedUids + } + return matchedUids; } -async function dedupeNestedFolderDeletes(storage: InMemoryStorage, folderUids: Set): Promise { - for (const folderUid of [...folderUids]) { - let current = folderUid - while (true) { - const parentUid = await findParentFolderUid(storage, current) - if (!parentUid) break - if (folderUids.has(parentUid)) { - folderUids.delete(folderUid) - break - } - current = parentUid - } +async function dedupeNestedFolderDeletes( + storage: InMemoryStorage, + folderUids: Set, +): Promise { + for (const folderUid of [...folderUids]) { + let current = folderUid; + while (true) { + const parentUid = await findParentFolderUid(storage, current); + if (!parentUid) break; + if (folderUids.has(parentUid)) { + folderUids.delete(folderUid); + break; + } + current = parentUid; } + } } export async function rmdir( - auth: Auth, - storage: InMemoryStorage, - session: VaultFolderSession, - patterns: string[], - options: RmdirOptions = {} + auth: Auth, + storage: InMemoryStorage, + session: VaultFolderSession, + patterns: string[], + options: RmdirOptions = {}, ): Promise { - const { force = false, quiet = false, confirm } = options - if (!force && !confirm) { - throw new KeeperSdkError( - 'Confirmation is required: pass `confirm` or set `force: true`.', - 'rmdir_confirm_required' - ) - } - const folderUids = new Set() + const { force = false, quiet = false, confirm } = options; + if (!force && !confirm) { + throw new KeeperSdkError( + "Confirmation is required: pass `confirm` or set `force: true`.", + "rmdir_confirm_required", + ); + } + const folderUids = new Set(); - for (const pattern of patterns) { - const trimmedPattern = pattern.trim() - if (!trimmedPattern) continue - const resolved = await resolveRmdirPatternsToFolderUids(storage, session, trimmedPattern) - for (const matchedUid of resolved) { - folderUids.add(matchedUid) - } + for (const pattern of patterns) { + const trimmedPattern = pattern.trim(); + if (!trimmedPattern) continue; + const resolved = await resolveRmdirPatternsToFolderUids( + storage, + session, + trimmedPattern, + ); + for (const matchedUid of resolved) { + folderUids.add(matchedUid); } + } - if (folderUids.size === 0) { - throw new KeeperSdkError('Enter name of an existing folder.', 'rmdir_no_match') - } + if (folderUids.size === 0) { + throw new KeeperSdkError( + "Enter name of an existing folder.", + "rmdir_no_match", + ); + } - await dedupeNestedFolderDeletes(storage, folderUids) + await dedupeNestedFolderDeletes(storage, folderUids); - const sortedNames = [...folderUids] - .map((uid) => folderDisplayName(storage, uid)) - .sort((nameA, nameB) => nameA.localeCompare(nameB, undefined, { sensitivity: 'base' })) + const sortedNames = [...folderUids] + .map((uid) => folderDisplayName(storage, uid)) + .sort((nameA, nameB) => + nameA.localeCompare(nameB, undefined, { sensitivity: "base" }), + ); - if (!quiet || !force) { - logger.info(`\nThe following folder(s) will be removed:\n${sortedNames.join(', ')}\n`) - } + if (!quiet || !force) { + logger.info( + `\nThe following folder(s) will be removed:\n${sortedNames.join(", ")}\n`, + ); + } - const confirmFn = force ? undefined : confirm + const confirmFn = force ? undefined : confirm; - return deleteFolder(auth, storage, [...folderUids], confirmFn) + return deleteFolder(auth, storage, [...folderUids], confirmFn); } diff --git a/KeeperSdk/src/folders/folderHelpers.ts b/KeeperSdk/src/folders/folderHelpers.ts index 618ad342..addb8e0f 100644 --- a/KeeperSdk/src/folders/folderHelpers.ts +++ b/KeeperSdk/src/folders/folderHelpers.ts @@ -1,107 +1,118 @@ -import type { DSharedFolder, DSharedFolderFolder, DUserFolder } from '@keeper-security/keeperapi' -import type { InMemoryStorage } from '../storage/InMemoryStorage' -import { escapeRegExp, KeeperSdkError } from '../utils' +import type { + DSharedFolder, + DSharedFolderFolder, + DUserFolder, +} from "@keeper-security/keeperapi"; +import type { InMemoryStorage } from "../storage/InMemoryStorage"; +import { escapeRegExp, KeeperSdkError } from "../utils"; -export const MAX_FOLDER_NAME_LENGTH = 255 +export const MAX_FOLDER_NAME_LENGTH = 255; export function validateFolderName(name: string): void { - if (name.length > MAX_FOLDER_NAME_LENGTH) { - throw new KeeperSdkError(`Folder name exceeds ${MAX_FOLDER_NAME_LENGTH} characters.`, 'folder_name_too_long') - } + if (name.length > MAX_FOLDER_NAME_LENGTH) { + throw new KeeperSdkError( + `Folder name exceeds ${MAX_FOLDER_NAME_LENGTH} characters.`, + "folder_name_too_long", + ); + } } export enum FolderKind { - UserFolder = 'user_folder', - SharedFolder = 'shared_folder', - SharedFolderFolder = 'shared_folder_folder', + UserFolder = "user_folder", + SharedFolder = "shared_folder", + SharedFolderFolder = "shared_folder_folder", } export enum ParentFolderKind { - VirtualRoot = 'virtual_root', - UserFolder = 'user_folder', - SharedFolder = 'shared_folder', - SharedFolderFolder = 'shared_folder_folder', + VirtualRoot = "virtual_root", + UserFolder = "user_folder", + SharedFolder = "shared_folder", + SharedFolderFolder = "shared_folder_folder", } export enum FolderObjectType { - Folder = 'folder', - SharedFolder = 'shared_folder', + Folder = "folder", + SharedFolder = "shared_folder", } export enum DeleteResolution { - Unlink = 'unlink', + Unlink = "unlink", } export enum DeleteObjectType { - Record = 'record', - UserFolder = 'user_folder', - SharedFolder = 'shared_folder', - SharedFolderFolder = 'shared_folder_folder', + Record = "record", + UserFolder = "user_folder", + SharedFolder = "shared_folder", + SharedFolderFolder = "shared_folder_folder", } export enum FolderResultStatus { - Success = 'success', - Invited = 'invited', - Unknown = 'unknown', + Success = "success", + Invited = "invited", + Unknown = "unknown", } export enum VaultObjectKind { - Record = 'record', - Metadata = 'metadata', - NonSharedData = 'non_shared_data', - Team = 'team', - User = 'user', - SharedFolderUser = 'shared_folder_user', - SharedFolderTeam = 'shared_folder_team', - SharedFolderRecord = 'shared_folder_record', + Record = "record", + Metadata = "metadata", + NonSharedData = "non_shared_data", + Team = "team", + User = "user", + SharedFolderUser = "shared_folder_user", + SharedFolderTeam = "shared_folder_team", + SharedFolderRecord = "shared_folder_record", } -export type FolderKindOrLiteral = FolderKind | `${FolderKind}` - -export function folderKindFromString(value: string | undefined | null): FolderKind | undefined { - if (!value) return undefined - switch (value) { - case FolderKind.UserFolder: - return FolderKind.UserFolder - case FolderKind.SharedFolder: - return FolderKind.SharedFolder - case FolderKind.SharedFolderFolder: - return FolderKind.SharedFolderFolder - default: - return undefined - } +export type FolderKindOrLiteral = FolderKind | `${FolderKind}`; + +export function folderKindFromString( + value: string | undefined | null, +): FolderKind | undefined { + if (!value) return undefined; + switch (value) { + case FolderKind.UserFolder: + return FolderKind.UserFolder; + case FolderKind.SharedFolder: + return FolderKind.SharedFolder; + case FolderKind.SharedFolderFolder: + return FolderKind.SharedFolderFolder; + default: + return undefined; + } } export function userFolderName(folder: DUserFolder): string { - const data = folder.data as { title?: string; name?: string } | undefined - return (data?.title || data?.name || folder.uid).trim() || folder.uid + const data = folder.data as { title?: string; name?: string } | undefined; + return (data?.title || data?.name || folder.uid).trim() || folder.uid; } export function sharedFolderFolderName(folder: DSharedFolderFolder): string { - const data = folder.data as { title?: string; name?: string } | undefined - return (data?.title || data?.name || folder.uid).trim() || folder.uid + const data = folder.data as { title?: string; name?: string } | undefined; + return (data?.title || data?.name || folder.uid).trim() || folder.uid; } export function sharedFolderName(folder: DSharedFolder): string { - return (folder.name || folder.uid).trim() || folder.uid + return (folder.name || folder.uid).trim() || folder.uid; } export function globToRegex(pattern: string): RegExp { - const escapedPattern = escapeRegExp(pattern) - const regexBody = escapedPattern.replace(/\*/g, '.*').replace(/\?/g, '.') - return new RegExp(`^${regexBody}$`, 'i') + const escapedPattern = escapeRegExp(pattern); + const regexBody = escapedPattern.replace(/\*/g, ".*").replace(/\?/g, "."); + return new RegExp(`^${regexBody}$`, "i"); } -export async function getUserFolderParentMap(storage: InMemoryStorage): Promise> { - const userFolders = storage.getAll(FolderKind.UserFolder) - const childToParent = new Map() - for (const userFolder of userFolders) { - const dependencies = (await storage.getDependencies(userFolder.uid)) || [] - for (const dependency of dependencies) { - if (dependency.kind === FolderKind.UserFolder) { - childToParent.set(dependency.uid, userFolder.uid) - } - } +export async function getUserFolderParentMap( + storage: InMemoryStorage, +): Promise> { + const userFolders = storage.getAll(FolderKind.UserFolder); + const childToParent = new Map(); + for (const userFolder of userFolders) { + const dependencies = (await storage.getDependencies(userFolder.uid)) || []; + for (const dependency of dependencies) { + if (dependency.kind === FolderKind.UserFolder) { + childToParent.set(dependency.uid, userFolder.uid); + } } - return childToParent + } + return childToParent; } diff --git a/KeeperSdk/src/folders/folderTree.ts b/KeeperSdk/src/folders/folderTree.ts index 03f1dfd2..f70f9ad7 100644 --- a/KeeperSdk/src/folders/folderTree.ts +++ b/KeeperSdk/src/folders/folderTree.ts @@ -1,321 +1,408 @@ import type { - DRecord, - DSharedFolder, - DSharedFolderFolder, - DSharedFolderTeam, - DSharedFolderUser, - DUser, - DUserFolder, -} from '@keeper-security/keeperapi' -import { webSafe64FromBytes } from '@keeper-security/keeperapi' -import { InMemoryStorage } from '../storage/InMemoryStorage' -import { getRecordTitle } from '../records/RecordUtils' -import { listFolder, listVaultRootFolders } from './listFolder' -import { resolveSingleFolder, type VaultFolderSession } from './changeDirectory' -import { FolderKind, VaultObjectKind, sharedFolderFolderName, sharedFolderName, userFolderName } from './folderHelpers' + DRecord, + DSharedFolder, + DSharedFolderFolder, + DSharedFolderTeam, + DSharedFolderUser, + DUser, + DUserFolder, +} from "@keeper-security/keeperapi"; +import { webSafe64FromBytes } from "@keeper-security/keeperapi"; +import { InMemoryStorage } from "../storage/InMemoryStorage"; +import { getRecordTitle } from "../records/RecordUtils"; +import { listFolder, listVaultRootFolders } from "./listFolder"; +import { + resolveSingleFolder, + type VaultFolderSession, +} from "./changeDirectory"; +import { + FolderKind, + VaultObjectKind, + sharedFolderFolderName, + sharedFolderName, + userFolderName, +} from "./folderHelpers"; enum TreeItemKind { - Permission = 'perm', - Record = 'record', - Folder = 'folder', + Permission = "perm", + Record = "record", + Folder = "folder", } export type FolderTreeBuildOptions = { - folderPath?: string | null - verbose?: boolean - showRecords?: boolean - showShares?: boolean - hideSharesKey?: boolean - title?: string | null -} + folderPath?: string | null; + verbose?: boolean; + showRecords?: boolean; + showShares?: boolean; + hideSharesKey?: boolean; + title?: string | null; +}; export type FolderTreeNode = { - displayName: string - children: FolderTreeNode[] - permissions?: { display: string }[] - records?: { display: string }[] -} + displayName: string; + children: FolderTreeNode[]; + permissions?: { display: string }[]; + records?: { display: string }[]; +}; export type FolderTreeResult = { - title?: string | null - root: FolderTreeNode -} + title?: string | null; + root: FolderTreeNode; +}; -export function userPermissionToText(manageUsers: boolean, manageRecords: boolean): string { - if (manageUsers && manageRecords) return 'Can Manage Users & Records' - if (manageUsers) return 'Can Manage Users' - if (manageRecords) return 'Can Manage Records' - return 'No User Permissions' +export function userPermissionToText( + manageUsers: boolean, + manageRecords: boolean, +): string { + if (manageUsers && manageRecords) return "Can Manage Users & Records"; + if (manageUsers) return "Can Manage Users"; + if (manageRecords) return "Can Manage Records"; + return "No User Permissions"; } -export function recordPermissionToText(canEdit: boolean, canShare: boolean): string { - if (canEdit && canShare) return 'Can Edit & Share' - if (canEdit) return 'Can Edit' - if (canShare) return 'Can Share' - return 'View Only' +export function recordPermissionToText( + canEdit: boolean, + canShare: boolean, +): string { + if (canEdit && canShare) return "Can Edit & Share"; + if (canEdit) return "Can Edit"; + if (canShare) return "Can Share"; + return "View Only"; } -function buildAccountUidEmailMap(storage: InMemoryStorage): Map { - const accountUidToEmail = new Map() - for (const user of storage.getAll(VaultObjectKind.User)) { - const uid = user.accountUid ? webSafe64FromBytes(user.accountUid) : '' - const email = (user.username || '').trim() - if (uid && email) accountUidToEmail.set(uid, email) - } - return accountUidToEmail +function buildAccountUidEmailMap( + storage: InMemoryStorage, +): Map { + const accountUidToEmail = new Map(); + for (const user of storage.getAll(VaultObjectKind.User)) { + const uid = user.accountUid ? webSafe64FromBytes(user.accountUid) : ""; + const email = (user.username || "").trim(); + if (uid && email) accountUidToEmail.set(uid, email); + } + return accountUidToEmail; } function resolveUserDisplayName( - accountUid: string | undefined, - accountUsername: string | undefined, - emailMap: Map + accountUid: string | undefined, + accountUsername: string | undefined, + emailMap: Map, ): string { - const explicit = (accountUsername || '').trim() - if (explicit) return explicit - if (accountUid) { - const fromMap = emailMap.get(accountUid) - if (fromMap) return fromMap - return accountUid - } - return 'unknown' + const explicit = (accountUsername || "").trim(); + if (explicit) return explicit; + if (accountUid) { + const fromMap = emailMap.get(accountUid); + if (fromMap) return fromMap; + return accountUid; + } + return "unknown"; } async function collectSharedFolderPermissions( - storage: InMemoryStorage, - sharedFolder: DSharedFolder, - verbose: boolean, - hideSharesKey: boolean, - emailMap: Map + storage: InMemoryStorage, + sharedFolder: DSharedFolder, + verbose: boolean, + hideSharesKey: boolean, + emailMap: Map, ): Promise<{ display: string }[]> { - const rows: { display: string; sortKey: string }[] = [] - const seenUserUids = new Set() - - for (const sharedUser of storage.getAll(VaultObjectKind.SharedFolderUser)) { - if (sharedUser.sharedFolderUid !== sharedFolder.uid) continue - if (sharedUser.accountUid) seenUserUids.add(sharedUser.accountUid) - const permissionText = userPermissionToText(sharedUser.manageUsers, sharedUser.manageRecords) - let name = resolveUserDisplayName(sharedUser.accountUid, sharedUser.accountUsername, emailMap) - if (verbose && sharedUser.accountUid) name += ` (${sharedUser.accountUid})` - const suffix = hideSharesKey ? '' : ` [User]` - rows.push({ - display: `${name}: ${permissionText}${suffix}`, - sortKey: name.toLowerCase(), - }) - } - - if (sharedFolder.ownerAccountUid && !seenUserUids.has(sharedFolder.ownerAccountUid)) { - const ownerName = resolveUserDisplayName(sharedFolder.ownerAccountUid, sharedFolder.ownerUsername, emailMap) - let display = ownerName - if (verbose) display += ` (${sharedFolder.ownerAccountUid})` - const suffix = hideSharesKey ? '' : ` [User]` - rows.push({ - display: `${display}: ${userPermissionToText(true, true)}${suffix}`, - sortKey: ownerName.toLowerCase(), - }) - } - - for (const sharedTeam of storage.getAll(VaultObjectKind.SharedFolderTeam)) { - if (sharedTeam.sharedFolderUid !== sharedFolder.uid) continue - const permissionText = userPermissionToText(sharedTeam.manageUsers, sharedTeam.manageRecords) - let name = sharedTeam.name || `(${sharedTeam.teamUid})` - if (verbose && sharedTeam.teamUid) name += ` (${sharedTeam.teamUid})` - const suffix = hideSharesKey ? '' : ` [Team]` - rows.push({ - display: `${name}: ${permissionText}${suffix}`, - sortKey: name.toLowerCase(), - }) - } - - rows.sort((rowA, rowB) => rowA.sortKey.localeCompare(rowB.sortKey)) - return rows.map((row) => ({ display: row.display })) + const rows: { display: string; sortKey: string }[] = []; + const seenUserUids = new Set(); + + for (const sharedUser of storage.getAll( + VaultObjectKind.SharedFolderUser, + )) { + if (sharedUser.sharedFolderUid !== sharedFolder.uid) continue; + if (sharedUser.accountUid) seenUserUids.add(sharedUser.accountUid); + const permissionText = userPermissionToText( + sharedUser.manageUsers, + sharedUser.manageRecords, + ); + let name = resolveUserDisplayName( + sharedUser.accountUid, + sharedUser.accountUsername, + emailMap, + ); + if (verbose && sharedUser.accountUid) name += ` (${sharedUser.accountUid})`; + const suffix = hideSharesKey ? "" : ` [User]`; + rows.push({ + display: `${name}: ${permissionText}${suffix}`, + sortKey: name.toLowerCase(), + }); + } + + if ( + sharedFolder.ownerAccountUid && + !seenUserUids.has(sharedFolder.ownerAccountUid) + ) { + const ownerName = resolveUserDisplayName( + sharedFolder.ownerAccountUid, + sharedFolder.ownerUsername, + emailMap, + ); + let display = ownerName; + if (verbose) display += ` (${sharedFolder.ownerAccountUid})`; + const suffix = hideSharesKey ? "" : ` [User]`; + rows.push({ + display: `${display}: ${userPermissionToText(true, true)}${suffix}`, + sortKey: ownerName.toLowerCase(), + }); + } + + for (const sharedTeam of storage.getAll( + VaultObjectKind.SharedFolderTeam, + )) { + if (sharedTeam.sharedFolderUid !== sharedFolder.uid) continue; + const permissionText = userPermissionToText( + sharedTeam.manageUsers, + sharedTeam.manageRecords, + ); + let name = sharedTeam.name || `(${sharedTeam.teamUid})`; + if (verbose && sharedTeam.teamUid) name += ` (${sharedTeam.teamUid})`; + const suffix = hideSharesKey ? "" : ` [Team]`; + rows.push({ + display: `${name}: ${permissionText}${suffix}`, + sortKey: name.toLowerCase(), + }); + } + + rows.sort((rowA, rowB) => rowA.sortKey.localeCompare(rowB.sortKey)); + return rows.map((row) => ({ display: row.display })); } -type BuildOpts = Required> & { - promotedRootSharedUids?: Set - accountUidEmailMap: Map -} +type BuildOpts = Required< + Pick< + FolderTreeBuildOptions, + "verbose" | "showRecords" | "showShares" | "hideSharesKey" + > +> & { + promotedRootSharedUids?: Set; + accountUidEmailMap: Map; +}; async function buildFolderSubtree( - storage: InMemoryStorage, - folderUid: string, - opts: BuildOpts + storage: InMemoryStorage, + folderUid: string, + opts: BuildOpts, ): Promise { - const userFolder = storage.getByUid(FolderKind.UserFolder, folderUid) - const sharedFolder = storage.getByUid(FolderKind.SharedFolder, folderUid) - const sharedFolderFolder = storage.getByUid(FolderKind.SharedFolderFolder, folderUid) - if (!userFolder && !sharedFolder && !sharedFolderFolder) { - return { displayName: `(missing folder ${folderUid})`, children: [] } - } - - let baseName: string - if (userFolder) baseName = userFolderName(userFolder) - else if (sharedFolder) baseName = sharedFolderName(sharedFolder) - else baseName = sharedFolderFolderName(sharedFolderFolder!) - - let displayName = baseName - if (opts.verbose) { - displayName = `${baseName} (${folderUid})` - } - if (sharedFolder) { - displayName += ' [Shared]' - } - - const node: FolderTreeNode = { displayName, children: [] } - - if (opts.showShares && sharedFolder) { - node.permissions = await collectSharedFolderPermissions( - storage, - sharedFolder, - opts.verbose, - opts.hideSharesKey, - opts.accountUidEmailMap - ) - } - - const listed = await listFolder(storage, { - folderUid: folderUid, - showFolders: true, - showRecords: opts.showRecords, - }) - - for (const childFolder of listed.folders) { - if (opts.promotedRootSharedUids?.has(childFolder.uid)) continue - node.children.push(await buildFolderSubtree(storage, childFolder.uid, opts)) - } - - if (opts.showRecords && 'records' in listed) { - const records = listed.records - node.records = records.map((recordRow) => { - const record = storage.getByUid(VaultObjectKind.Record, recordRow.uid) - const title = record ? getRecordTitle(record) : recordRow.name - const display = opts.verbose && record ? `${title} (${recordRow.uid}) [Record]` : `${title} [Record]` - return { display } - }) - } - - return node + const userFolder = storage.getByUid( + FolderKind.UserFolder, + folderUid, + ); + const sharedFolder = storage.getByUid( + FolderKind.SharedFolder, + folderUid, + ); + const sharedFolderFolder = storage.getByUid( + FolderKind.SharedFolderFolder, + folderUid, + ); + if (!userFolder && !sharedFolder && !sharedFolderFolder) { + return { displayName: `(missing folder ${folderUid})`, children: [] }; + } + + let baseName: string; + if (userFolder) baseName = userFolderName(userFolder); + else if (sharedFolder) baseName = sharedFolderName(sharedFolder); + else baseName = sharedFolderFolderName(sharedFolderFolder!); + + let displayName = baseName; + if (opts.verbose) { + displayName = `${baseName} (${folderUid})`; + } + if (sharedFolder) { + displayName += " [Shared]"; + } + + const node: FolderTreeNode = { displayName, children: [] }; + + if (opts.showShares && sharedFolder) { + node.permissions = await collectSharedFolderPermissions( + storage, + sharedFolder, + opts.verbose, + opts.hideSharesKey, + opts.accountUidEmailMap, + ); + } + + const listed = await listFolder(storage, { + folderUid: folderUid, + showFolders: true, + showRecords: opts.showRecords, + }); + + for (const childFolder of listed.folders) { + if (opts.promotedRootSharedUids?.has(childFolder.uid)) continue; + node.children.push( + await buildFolderSubtree(storage, childFolder.uid, opts), + ); + } + + if (opts.showRecords && "records" in listed) { + const records = listed.records; + node.records = records.map((recordRow) => { + const record = storage.getByUid( + VaultObjectKind.Record, + recordRow.uid, + ); + const title = record ? getRecordTitle(record) : recordRow.name; + const display = + opts.verbose && record + ? `${title} (${recordRow.uid}) [Record]` + : `${title} [Record]`; + return { display }; + }); + } + + return node; } -async function buildVaultRootTree(storage: InMemoryStorage, opts: BuildOpts): Promise { - const node: FolderTreeNode = { displayName: '', children: [] } - const { rows, promotedRootSharedUids } = await listVaultRootFolders(storage) - const optsWithPromoted: BuildOpts = { ...opts, promotedRootSharedUids } - for (const folderRow of rows) { - node.children.push(await buildFolderSubtree(storage, folderRow.uid, optsWithPromoted)) - } - const listed = await listFolder(storage, { - folderUid: undefined, - showFolders: true, - showRecords: opts.showRecords, - }) - if (opts.showRecords && listed.records?.length) { - node.records = listed.records.map((recordRow) => { - const record = storage.getByUid(VaultObjectKind.Record, recordRow.uid) - const title = record ? getRecordTitle(record) : recordRow.name - const display = opts.verbose && record ? `${title} (${recordRow.uid}) [Record]` : `${title} [Record]` - return { display } - }) - } - return node +async function buildVaultRootTree( + storage: InMemoryStorage, + opts: BuildOpts, +): Promise { + const node: FolderTreeNode = { displayName: "", children: [] }; + const { rows, promotedRootSharedUids } = await listVaultRootFolders(storage); + const optsWithPromoted: BuildOpts = { ...opts, promotedRootSharedUids }; + for (const folderRow of rows) { + node.children.push( + await buildFolderSubtree(storage, folderRow.uid, optsWithPromoted), + ); + } + const listed = await listFolder(storage, { + folderUid: undefined, + showFolders: true, + showRecords: opts.showRecords, + }); + if (opts.showRecords && listed.records?.length) { + node.records = listed.records.map((recordRow) => { + const record = storage.getByUid( + VaultObjectKind.Record, + recordRow.uid, + ); + const title = record ? getRecordTitle(record) : recordRow.name; + const display = + opts.verbose && record + ? `${title} (${recordRow.uid}) [Record]` + : `${title} [Record]`; + return { display }; + }); + } + return node; } async function resolveTreeStart( - storage: InMemoryStorage, - session: VaultFolderSession, - folderPath?: string | null + storage: InMemoryStorage, + session: VaultFolderSession, + folderPath?: string | null, ): Promise<{ folderUid: string | null }> { - const trimmedPath = folderPath?.trim() - if (trimmedPath) { - const resolved = await resolveSingleFolder(storage, session, trimmedPath) - return { folderUid: resolved.folderUid } - } - return { folderUid: session.currentFolderUid || null } + const trimmedPath = folderPath?.trim(); + if (trimmedPath) { + const resolved = await resolveSingleFolder(storage, session, trimmedPath); + return { folderUid: resolved.folderUid }; + } + return { folderUid: session.currentFolderUid || null }; } export async function buildFolderTree( - storage: InMemoryStorage, - session: VaultFolderSession, - options: FolderTreeBuildOptions = {} + storage: InMemoryStorage, + session: VaultFolderSession, + options: FolderTreeBuildOptions = {}, ): Promise { - const opts: BuildOpts = { - verbose: options.verbose === true, - showRecords: options.showRecords === true, - showShares: options.showShares === true, - hideSharesKey: options.hideSharesKey === true, - accountUidEmailMap: buildAccountUidEmailMap(storage), - } - - const { folderUid } = await resolveTreeStart(storage, session, options.folderPath) - - const root = - folderUid === null - ? await buildVaultRootTree(storage, opts) - : await buildFolderSubtree(storage, folderUid, opts) - - return { title: options.title || undefined, root } + const opts: BuildOpts = { + verbose: options.verbose === true, + showRecords: options.showRecords === true, + showShares: options.showShares === true, + hideSharesKey: options.hideSharesKey === true, + accountUidEmailMap: buildAccountUidEmailMap(storage), + }; + + const { folderUid } = await resolveTreeStart( + storage, + session, + options.folderPath, + ); + + const root = + folderUid === null + ? await buildVaultRootTree(storage, opts) + : await buildFolderSubtree(storage, folderUid, opts); + + return { title: options.title || undefined, root }; } type TreeItem = - | { kind: TreeItemKind.Permission; display: string } - | { kind: TreeItemKind.Record; display: string } - | { kind: TreeItemKind.Folder; node: FolderTreeNode } + | { kind: TreeItemKind.Permission; display: string } + | { kind: TreeItemKind.Record; display: string } + | { kind: TreeItemKind.Folder; node: FolderTreeNode }; function gatherItems(node: FolderTreeNode): TreeItem[] { - const items: TreeItem[] = [] - if (node.permissions) { - for (const permission of node.permissions) { - items.push({ kind: TreeItemKind.Permission, display: permission.display }) - } + const items: TreeItem[] = []; + if (node.permissions) { + for (const permission of node.permissions) { + items.push({ + kind: TreeItemKind.Permission, + display: permission.display, + }); } - for (const child of node.children) { - items.push({ kind: TreeItemKind.Folder, node: child }) + } + for (const child of node.children) { + items.push({ kind: TreeItemKind.Folder, node: child }); + } + if (node.records) { + for (const record of node.records) { + items.push({ kind: TreeItemKind.Record, display: record.display }); } - if (node.records) { - for (const record of node.records) { - items.push({ kind: TreeItemKind.Record, display: record.display }) - } - } - return items + } + return items; } export function renderFolderTreeAscii(result: FolderTreeResult): string { - const lines: string[] = [] - if (result.title) { - lines.push(result.title) - } - renderNode(result.root, lines, true, '', true) - return lines.join('\n') + const lines: string[] = []; + if (result.title) { + lines.push(result.title); + } + renderNode(result.root, lines, true, "", true); + return lines.join("\n"); } -function renderNode(node: FolderTreeNode, lines: string[], isRoot: boolean, prefix: string, isLast: boolean): void { - if (isRoot) { - if (node.displayName) { - lines.push(node.displayName) - } - } else { - const connector = isLast ? '\\-- ' : '+-- ' - lines.push(prefix + connector + node.displayName) +function renderNode( + node: FolderTreeNode, + lines: string[], + isRoot: boolean, + prefix: string, + isLast: boolean, +): void { + if (isRoot) { + if (node.displayName) { + lines.push(node.displayName); } - - const childBase = isRoot ? ' ' : prefix + (isLast ? ' ' : '| ') - const items = gatherItems(node) - for (let itemIndex = 0; itemIndex < items.length; itemIndex++) { - const isLastItem = itemIndex === items.length - 1 - const item = items[itemIndex] - if (item.kind === TreeItemKind.Permission || item.kind === TreeItemKind.Record) { - const connector = isLastItem ? '\\-- ' : '+-- ' - lines.push(childBase + connector + item.display) - } else { - renderNode(item.node, lines, false, childBase, isLastItem) - } + } else { + const connector = isLast ? "\\-- " : "+-- "; + lines.push(prefix + connector + node.displayName); + } + + const childBase = isRoot ? " " : prefix + (isLast ? " " : "| "); + const items = gatherItems(node); + for (let itemIndex = 0; itemIndex < items.length; itemIndex++) { + const isLastItem = itemIndex === items.length - 1; + const item = items[itemIndex]; + if ( + item.kind === TreeItemKind.Permission || + item.kind === TreeItemKind.Record + ) { + const connector = isLastItem ? "\\-- " : "+-- "; + lines.push(childBase + connector + item.display); + } else { + renderNode(item.node, lines, false, childBase, isLastItem); } + } } export async function folderTreeAscii( - storage: InMemoryStorage, - session: VaultFolderSession, - options?: FolderTreeBuildOptions + storage: InMemoryStorage, + session: VaultFolderSession, + options?: FolderTreeBuildOptions, ): Promise { - const built = await buildFolderTree(storage, session, options || {}) - return renderFolderTreeAscii(built) + const built = await buildFolderTree(storage, session, options || {}); + return renderFolderTreeAscii(built); } diff --git a/KeeperSdk/src/folders/getFolder.ts b/KeeperSdk/src/folders/getFolder.ts index cad1b1c0..6ea72b91 100644 --- a/KeeperSdk/src/folders/getFolder.ts +++ b/KeeperSdk/src/folders/getFolder.ts @@ -1,234 +1,268 @@ import type { - DSharedFolder, - DSharedFolderFolder, - DSharedFolderRecord, - DSharedFolderUser, - DUserFolder, -} from '@keeper-security/keeperapi' -import { InMemoryStorage } from '../storage/InMemoryStorage' -import { KeeperSdkError } from '../utils' -import { findParentFolderUid } from './changeDirectory' -import { FolderKind, FolderObjectType, VaultObjectKind, sharedFolderFolderName, userFolderName } from './folderHelpers' + DSharedFolder, + DSharedFolderFolder, + DSharedFolderRecord, + DSharedFolderUser, + DUserFolder, +} from "@keeper-security/keeperapi"; +import { InMemoryStorage } from "../storage/InMemoryStorage"; +import { KeeperSdkError } from "../utils"; +import { findParentFolderUid } from "./changeDirectory"; +import { + FolderKind, + FolderObjectType, + VaultObjectKind, + sharedFolderFolderName, + userFolderName, +} from "./folderHelpers"; export enum GetFolderFormat { - Detail = 'detail', - JSON = 'json', + Detail = "detail", + JSON = "json", } -export type GetFolderFormatInput = GetFolderFormat | `${GetFolderFormat}` +export type GetFolderFormatInput = GetFolderFormat | `${GetFolderFormat}`; export type GetFolderOptions = { - format?: GetFolderFormatInput -} + format?: GetFolderFormatInput; +}; -export type GetFolderResult = GetFolderResultFolder | GetFolderResultSharedFolder +export type GetFolderResult = + | GetFolderResultFolder + | GetFolderResultSharedFolder; export type GetFolderResultFolder = { - objectType: FolderObjectType.Folder - format: GetFolderFormat - folder_uid: string - folder_type: FolderKind.UserFolder | FolderKind.SharedFolderFolder - name: string - parent_uid: string | null - shared_folder_scope_uid?: string - json?: Record -} + objectType: FolderObjectType.Folder; + format: GetFolderFormat; + folder_uid: string; + folder_type: FolderKind.UserFolder | FolderKind.SharedFolderFolder; + name: string; + parent_uid: string | null; + shared_folder_scope_uid?: string; + json?: Record; +}; export type GetFolderResultSharedFolder = { - objectType: FolderObjectType.SharedFolder - format: GetFolderFormat - shared_folder_uid: string - name: string - default_can_edit: boolean - default_can_share: boolean - default_manage_records: boolean - default_manage_users: boolean - record_permissions?: { - record_uid: string - can_edit: boolean - can_share: boolean - owner: boolean - }[] - user_permissions?: { - account_username?: string - manage_records: boolean - manage_users: boolean - }[] - json?: Record -} + objectType: FolderObjectType.SharedFolder; + format: GetFolderFormat; + shared_folder_uid: string; + name: string; + default_can_edit: boolean; + default_can_share: boolean; + default_manage_records: boolean; + default_manage_users: boolean; + record_permissions?: { + record_uid: string; + can_edit: boolean; + can_share: boolean; + owner: boolean; + }[]; + user_permissions?: { + account_username?: string; + manage_records: boolean; + manage_users: boolean; + }[]; + json?: Record; +}; export type FoundFolder = - | { kind: FolderKind.UserFolder; folder: DUserFolder } - | { kind: FolderKind.SharedFolder; folder: DSharedFolder } - | { kind: FolderKind.SharedFolderFolder; folder: DSharedFolderFolder } + | { kind: FolderKind.UserFolder; folder: DUserFolder } + | { kind: FolderKind.SharedFolder; folder: DSharedFolder } + | { kind: FolderKind.SharedFolderFolder; folder: DSharedFolderFolder }; function findByUidOrName( - items: Iterable, - nameOrUid: string, - getUid: (item: T) => string, - getName: (item: T) => string + items: Iterable, + nameOrUid: string, + getUid: (item: T) => string, + getName: (item: T) => string, ): T | undefined { - const trimmedNameOrUid = nameOrUid.trim() - if (!trimmedNameOrUid) return undefined - const lowerNameOrUid = trimmedNameOrUid.toLowerCase() - let exactNameHit: T | undefined - let lowerNameHit: T | undefined - for (const item of items) { - if (getUid(item) === trimmedNameOrUid) return item - if (!exactNameHit) { - const itemName = getName(item) - if (itemName === trimmedNameOrUid) { - exactNameHit = item - } else if (!lowerNameHit && itemName.toLowerCase() === lowerNameOrUid) { - lowerNameHit = item - } - } + const trimmedNameOrUid = nameOrUid.trim(); + if (!trimmedNameOrUid) return undefined; + const lowerNameOrUid = trimmedNameOrUid.toLowerCase(); + let exactNameHit: T | undefined; + let lowerNameHit: T | undefined; + for (const item of items) { + if (getUid(item) === trimmedNameOrUid) return item; + if (!exactNameHit) { + const itemName = getName(item); + if (itemName === trimmedNameOrUid) { + exactNameHit = item; + } else if (!lowerNameHit && itemName.toLowerCase() === lowerNameOrUid) { + lowerNameHit = item; + } } - return exactNameHit || lowerNameHit + } + return exactNameHit || lowerNameHit; } -function findSharedFolder(storage: InMemoryStorage, nameOrUid: string): DSharedFolder | undefined { - return findByUidOrName( - storage.getAll(FolderKind.SharedFolder), - nameOrUid, - (sharedFolder) => sharedFolder.uid, - (sharedFolder) => (sharedFolder.name || '').trim() - ) +function findSharedFolder( + storage: InMemoryStorage, + nameOrUid: string, +): DSharedFolder | undefined { + return findByUidOrName( + storage.getAll(FolderKind.SharedFolder), + nameOrUid, + (sharedFolder) => sharedFolder.uid, + (sharedFolder) => (sharedFolder.name || "").trim(), + ); } -function findUserFolder(storage: InMemoryStorage, nameOrUid: string): DUserFolder | undefined { - return findByUidOrName( - storage.getAll(FolderKind.UserFolder), - nameOrUid, - (userFolder) => userFolder.uid, - (userFolder) => userFolderName(userFolder) - ) +function findUserFolder( + storage: InMemoryStorage, + nameOrUid: string, +): DUserFolder | undefined { + return findByUidOrName( + storage.getAll(FolderKind.UserFolder), + nameOrUid, + (userFolder) => userFolder.uid, + (userFolder) => userFolderName(userFolder), + ); } -function findSharedFolderFolder(storage: InMemoryStorage, nameOrUid: string): DSharedFolderFolder | undefined { - return findByUidOrName( - storage.getAll(FolderKind.SharedFolderFolder), - nameOrUid, - (sharedFolderFolder) => sharedFolderFolder.uid, - (sharedFolderFolder) => sharedFolderFolderName(sharedFolderFolder) - ) +function findSharedFolderFolder( + storage: InMemoryStorage, + nameOrUid: string, +): DSharedFolderFolder | undefined { + return findByUidOrName( + storage.getAll(FolderKind.SharedFolderFolder), + nameOrUid, + (sharedFolderFolder) => sharedFolderFolder.uid, + (sharedFolderFolder) => sharedFolderFolderName(sharedFolderFolder), + ); } -export function findFolder(storage: InMemoryStorage, nameOrUid: string): FoundFolder | undefined { - const trimmedNameOrUid = nameOrUid.trim() - if (!trimmedNameOrUid) return undefined +export function findFolder( + storage: InMemoryStorage, + nameOrUid: string, +): FoundFolder | undefined { + const trimmedNameOrUid = nameOrUid.trim(); + if (!trimmedNameOrUid) return undefined; - const sharedFolder = findSharedFolder(storage, trimmedNameOrUid) - if (sharedFolder) return { kind: FolderKind.SharedFolder, folder: sharedFolder } + const sharedFolder = findSharedFolder(storage, trimmedNameOrUid); + if (sharedFolder) + return { kind: FolderKind.SharedFolder, folder: sharedFolder }; - const userFolder = findUserFolder(storage, trimmedNameOrUid) - if (userFolder) return { kind: FolderKind.UserFolder, folder: userFolder } + const userFolder = findUserFolder(storage, trimmedNameOrUid); + if (userFolder) return { kind: FolderKind.UserFolder, folder: userFolder }; - const sharedFolderFolder = findSharedFolderFolder(storage, trimmedNameOrUid) - if (sharedFolderFolder) return { kind: FolderKind.SharedFolderFolder, folder: sharedFolderFolder } + const sharedFolderFolder = findSharedFolderFolder(storage, trimmedNameOrUid); + if (sharedFolderFolder) + return { kind: FolderKind.SharedFolderFolder, folder: sharedFolderFolder }; - return undefined + return undefined; } async function formatRegularFolder( - storage: InMemoryStorage, - folder: DUserFolder | DSharedFolderFolder, - format: GetFolderFormat + storage: InMemoryStorage, + folder: DUserFolder | DSharedFolderFolder, + format: GetFolderFormat, ): Promise { - const isUser = folder.kind === FolderKind.UserFolder - const folder_uid = folder.uid - const folder_type: GetFolderResultFolder['folder_type'] = isUser - ? FolderKind.UserFolder - : FolderKind.SharedFolderFolder - const name = isUser ? userFolderName(folder) : sharedFolderFolderName(folder) - const parent_uid = await findParentFolderUid(storage, folder_uid) - - const base: GetFolderResultFolder = { - objectType: FolderObjectType.Folder, - format, - folder_uid, - folder_type, - name, - parent_uid, - } - if (!isUser) { - base.shared_folder_scope_uid = (folder as DSharedFolderFolder).sharedFolderUid - } - if (format === GetFolderFormat.JSON) { - base.json = { ...base, objectType: FolderObjectType.Folder } - } - return base + const isUser = folder.kind === FolderKind.UserFolder; + const folder_uid = folder.uid; + const folder_type: GetFolderResultFolder["folder_type"] = isUser + ? FolderKind.UserFolder + : FolderKind.SharedFolderFolder; + const name = isUser ? userFolderName(folder) : sharedFolderFolderName(folder); + const parent_uid = await findParentFolderUid(storage, folder_uid); + + const base: GetFolderResultFolder = { + objectType: FolderObjectType.Folder, + format, + folder_uid, + folder_type, + name, + parent_uid, + }; + if (!isUser) { + base.shared_folder_scope_uid = ( + folder as DSharedFolderFolder + ).sharedFolderUid; + } + if (format === GetFolderFormat.JSON) { + base.json = { ...base, objectType: FolderObjectType.Folder }; + } + return base; } function formatSharedFolder( - storage: InMemoryStorage, - sharedFolder: DSharedFolder, - format: GetFolderFormat + storage: InMemoryStorage, + sharedFolder: DSharedFolder, + format: GetFolderFormat, ): GetFolderResultSharedFolder { - const sharedFolderUid = sharedFolder.uid - const recordPermissions = storage - .getAll(VaultObjectKind.SharedFolderRecord) - .filter((record) => record.sharedFolderUid === sharedFolderUid) - .map((record) => ({ - record_uid: record.recordUid, - can_edit: record.canEdit, - can_share: record.canShare, - owner: record.owner, - })) - const userPermissions = storage - .getAll(VaultObjectKind.SharedFolderUser) - .filter((user) => user.sharedFolderUid === sharedFolderUid) - .map((user) => ({ - account_username: user.accountUsername, - manage_records: user.manageRecords, - manage_users: user.manageUsers, - })) - - const base: GetFolderResultSharedFolder = { - objectType: FolderObjectType.SharedFolder, - format, - shared_folder_uid: sharedFolder.uid, - name: (sharedFolder.name || '').trim() || sharedFolder.uid, - default_can_edit: sharedFolder.defaultCanEdit, - default_can_share: sharedFolder.defaultCanShare, - default_manage_records: sharedFolder.defaultManageRecords, - default_manage_users: sharedFolder.defaultManageUsers, - record_permissions: recordPermissions.length ? recordPermissions : undefined, - user_permissions: userPermissions.length ? userPermissions : undefined, - } - if (format === GetFolderFormat.JSON) { - base.json = { ...base, objectType: FolderObjectType.SharedFolder } - } - return base + const sharedFolderUid = sharedFolder.uid; + const recordPermissions = storage + .getAll(VaultObjectKind.SharedFolderRecord) + .filter((record) => record.sharedFolderUid === sharedFolderUid) + .map((record) => ({ + record_uid: record.recordUid, + can_edit: record.canEdit, + can_share: record.canShare, + owner: record.owner, + })); + const userPermissions = storage + .getAll(VaultObjectKind.SharedFolderUser) + .filter((user) => user.sharedFolderUid === sharedFolderUid) + .map((user) => ({ + account_username: user.accountUsername, + manage_records: user.manageRecords, + manage_users: user.manageUsers, + })); + + const base: GetFolderResultSharedFolder = { + objectType: FolderObjectType.SharedFolder, + format, + shared_folder_uid: sharedFolder.uid, + name: (sharedFolder.name || "").trim() || sharedFolder.uid, + default_can_edit: sharedFolder.defaultCanEdit, + default_can_share: sharedFolder.defaultCanShare, + default_manage_records: sharedFolder.defaultManageRecords, + default_manage_users: sharedFolder.defaultManageUsers, + record_permissions: recordPermissions.length + ? recordPermissions + : undefined, + user_permissions: userPermissions.length ? userPermissions : undefined, + }; + if (format === GetFolderFormat.JSON) { + base.json = { ...base, objectType: FolderObjectType.SharedFolder }; + } + return base; } -function normalizeFormat(format: GetFolderFormatInput | undefined): GetFolderFormat { - if (format === GetFolderFormat.JSON) return GetFolderFormat.JSON - return GetFolderFormat.Detail +function normalizeFormat( + format: GetFolderFormatInput | undefined, +): GetFolderFormat { + if (format === GetFolderFormat.JSON) return GetFolderFormat.JSON; + return GetFolderFormat.Detail; } export async function getFolder( - storage: InMemoryStorage, - uidOrName: string, - options: GetFolderOptions = {} + storage: InMemoryStorage, + uidOrName: string, + options: GetFolderOptions = {}, ): Promise { - const trimmed = uidOrName.trim() - if (!trimmed) { - throw new KeeperSdkError('Folder UID or name is required.', 'missing_folder_ref') - } + const trimmed = uidOrName.trim(); + if (!trimmed) { + throw new KeeperSdkError( + "Folder UID or name is required.", + "missing_folder_ref", + ); + } - const found = findFolder(storage, trimmed) - if (!found) { - throw new KeeperSdkError(`"${trimmed}" not found as a folder or shared folder`, 'folder_not_found') - } + const found = findFolder(storage, trimmed); + if (!found) { + throw new KeeperSdkError( + `"${trimmed}" not found as a folder or shared folder`, + "folder_not_found", + ); + } - const format: GetFolderFormat = normalizeFormat(options.format) + const format: GetFolderFormat = normalizeFormat(options.format); - switch (found.kind) { - case FolderKind.SharedFolder: - return formatSharedFolder(storage, found.folder, format) - case FolderKind.UserFolder: - case FolderKind.SharedFolderFolder: - return formatRegularFolder(storage, found.folder, format) - } + switch (found.kind) { + case FolderKind.SharedFolder: + return formatSharedFolder(storage, found.folder, format); + case FolderKind.UserFolder: + case FolderKind.SharedFolderFolder: + return formatRegularFolder(storage, found.folder, format); + } } diff --git a/KeeperSdk/src/folders/listFolder.ts b/KeeperSdk/src/folders/listFolder.ts index 619dd4f9..d4334509 100644 --- a/KeeperSdk/src/folders/listFolder.ts +++ b/KeeperSdk/src/folders/listFolder.ts @@ -1,358 +1,454 @@ import type { - DRecord, - DRecordMetadata, - DSharedFolder, - DSharedFolderFolder, - DUserFolder, - VaultStorageData, - VaultStorageKind, -} from '@keeper-security/keeperapi' -import { InMemoryStorage } from '../storage/InMemoryStorage' -import { KeeperSdkError } from '../utils' -import { getRecordTitle, getRecordType } from '../records/RecordUtils' + DRecord, + DRecordMetadata, + DSharedFolder, + DSharedFolderFolder, + DUserFolder, + VaultStorageData, + VaultStorageKind, +} from "@keeper-security/keeperapi"; +import { InMemoryStorage } from "../storage/InMemoryStorage"; +import { KeeperSdkError } from "../utils"; +import { getRecordTitle, getRecordType } from "../records/RecordUtils"; import { - FolderKind, - VaultObjectKind, - getUserFolderParentMap, - globToRegex, - sharedFolderFolderName, - sharedFolderName, - userFolderName, -} from './folderHelpers' + FolderKind, + VaultObjectKind, + getUserFolderParentMap, + globToRegex, + sharedFolderFolderName, + sharedFolderName, + userFolderName, +} from "./folderHelpers"; export type ListFolderOptions = { - folderUid?: string | null - pattern?: string | null - showFolders?: boolean - showRecords?: boolean - detail?: boolean -} + folderUid?: string | null; + pattern?: string | null; + showFolders?: boolean; + showRecords?: boolean; + detail?: boolean; +}; export type ListFolderFolderSimple = { - uid: string - name: string - folderKind: FolderKind -} + uid: string; + name: string; + folderKind: FolderKind; +}; export type ListFolderRecordSimple = { - uid: string - name: string - type: string -} + uid: string; + name: string; + type: string; +}; export type ListFolderFolderDetail = ListFolderFolderSimple & { - flags: string - recordCount: number - subfolderCount: number -} + flags: string; + recordCount: number; + subfolderCount: number; +}; export type ListFolderRecordDetail = ListFolderRecordSimple & { - flags: string - version: number - isOwner: boolean - hasAttachments: boolean - isShared: boolean -} + flags: string; + version: number; + isOwner: boolean; + hasAttachments: boolean; + isShared: boolean; +}; export type ListFolderResult = - | { - detail: true - folders: ListFolderFolderDetail[] - records: ListFolderRecordDetail[] - } - | { - detail: false - folders: ListFolderFolderSimple[] - records: ListFolderRecordSimple[] - } + | { + detail: true; + folders: ListFolderFolderDetail[]; + records: ListFolderRecordDetail[]; + } + | { + detail: false; + folders: ListFolderFolderSimple[]; + records: ListFolderRecordSimple[]; + }; function recordHasAttachments(record: DRecord): boolean { - const fileIds = record.udata?.file_ids - if (Array.isArray(fileIds) && fileIds.length > 0) return true - const files = (record.extra as { files?: unknown[] } | undefined)?.files - return Array.isArray(files) && files.length > 0 + const fileIds = record.udata?.file_ids; + if (Array.isArray(fileIds) && fileIds.length > 0) return true; + const files = (record.extra as { files?: unknown[] } | undefined)?.files; + return Array.isArray(files) && files.length > 0; } -function buildFolderFlags(folderKind: ListFolderFolderSimple['folderKind']): string { - const isShared = folderKind !== FolderKind.UserFolder - return `f--${isShared ? 'S' : '-'}` +function buildFolderFlags( + folderKind: ListFolderFolderSimple["folderKind"], +): string { + const isShared = folderKind !== FolderKind.UserFolder; + return `f--${isShared ? "S" : "-"}`; } -function buildRecordFlags(record: DRecord, metadata: DRecordMetadata | undefined): string { - const isOwner = metadata?.owner === true - const hasAttachments = recordHasAttachments(record) - const isShared = !!record.shared - return `r${isOwner ? 'O' : '-'}${hasAttachments ? 'A' : '-'}${isShared ? 'S' : '-'}` +function buildRecordFlags( + record: DRecord, + metadata: DRecordMetadata | undefined, +): string { + const isOwner = metadata?.owner === true; + const hasAttachments = recordHasAttachments(record); + const isShared = !!record.shared; + return `r${isOwner ? "O" : "-"}${hasAttachments ? "A" : "-"}${isShared ? "S" : "-"}`; } -export async function listRootUserFolders(storage: InMemoryStorage): Promise { - const userFolders = storage.getAll(FolderKind.UserFolder) - const childToParent = await getUserFolderParentMap(storage) - return userFolders.filter((userFolder) => !childToParent.has(userFolder.uid)) +export async function listRootUserFolders( + storage: InMemoryStorage, +): Promise { + const userFolders = storage.getAll(FolderKind.UserFolder); + const childToParent = await getUserFolderParentMap(storage); + return userFolders.filter((userFolder) => !childToParent.has(userFolder.uid)); } async function buildFolderParentMap( - storage: InMemoryStorage + storage: InMemoryStorage, ): Promise> { - const childToParent = new Map() - const parentKinds: VaultStorageKind[] = [ - FolderKind.UserFolder, - FolderKind.SharedFolder, - FolderKind.SharedFolderFolder, - ] - for (const kind of parentKinds) { - for (const candidate of storage.getAll<{ uid: string } & VaultStorageData>(kind)) { - const candidateUid = (candidate as { uid: string }).uid - if (!candidateUid) continue - const dependencies = (await storage.getDependencies(candidateUid)) || [] - for (const dependency of dependencies) { - if ( - dependency.kind === FolderKind.UserFolder || - dependency.kind === FolderKind.SharedFolder || - dependency.kind === FolderKind.SharedFolderFolder - ) { - if (!childToParent.has(dependency.uid)) { - childToParent.set(dependency.uid, { uid: candidateUid, kind }) - } - } - } + const childToParent = new Map< + string, + { uid: string; kind: VaultStorageKind } + >(); + const parentKinds: VaultStorageKind[] = [ + FolderKind.UserFolder, + FolderKind.SharedFolder, + FolderKind.SharedFolderFolder, + ]; + for (const kind of parentKinds) { + for (const candidate of storage.getAll<{ uid: string } & VaultStorageData>( + kind, + )) { + const candidateUid = (candidate as { uid: string }).uid; + if (!candidateUid) continue; + const dependencies = (await storage.getDependencies(candidateUid)) || []; + for (const dependency of dependencies) { + if ( + dependency.kind === FolderKind.UserFolder || + dependency.kind === FolderKind.SharedFolder || + dependency.kind === FolderKind.SharedFolderFolder + ) { + if (!childToParent.has(dependency.uid)) { + childToParent.set(dependency.uid, { uid: candidateUid, kind }); + } } + } } - return childToParent + } + return childToParent; } export async function listVaultRootFolders(storage: InMemoryStorage): Promise<{ - rows: ListFolderFolderSimple[] - promotedRootSharedUids: Set + rows: ListFolderFolderSimple[]; + promotedRootSharedUids: Set; }> { - const rows: ListFolderFolderSimple[] = [] - const seen = new Set() - const promotedRootSharedUids = new Set() - - for (const userFolder of await listRootUserFolders(storage)) { - if (seen.has(userFolder.uid)) continue - seen.add(userFolder.uid) - rows.push({ - uid: userFolder.uid, - name: userFolderName(userFolder), - folderKind: FolderKind.UserFolder, - }) - } - - const rootDependencies = (await storage.getDependencies('')) || [] - for (const dependency of rootDependencies) { - if (dependency.kind === FolderKind.SharedFolder) { - const sharedFolder = storage.getByUid(FolderKind.SharedFolder, dependency.uid) - if (!sharedFolder || seen.has(sharedFolder.uid)) continue - seen.add(sharedFolder.uid) - rows.push({ - uid: sharedFolder.uid, - name: sharedFolderName(sharedFolder), - folderKind: FolderKind.SharedFolder, - }) - } else if (dependency.kind === FolderKind.SharedFolderFolder) { - const sharedFolderFolder = storage.getByUid( - FolderKind.SharedFolderFolder, - dependency.uid - ) - if (!sharedFolderFolder || seen.has(sharedFolderFolder.uid)) continue - seen.add(sharedFolderFolder.uid) - rows.push({ - uid: sharedFolderFolder.uid, - name: sharedFolderFolderName(sharedFolderFolder), - folderKind: FolderKind.SharedFolderFolder, - }) - } + const rows: ListFolderFolderSimple[] = []; + const seen = new Set(); + const promotedRootSharedUids = new Set(); + + for (const userFolder of await listRootUserFolders(storage)) { + if (seen.has(userFolder.uid)) continue; + seen.add(userFolder.uid); + rows.push({ + uid: userFolder.uid, + name: userFolderName(userFolder), + folderKind: FolderKind.UserFolder, + }); + } + + const rootDependencies = (await storage.getDependencies("")) || []; + for (const dependency of rootDependencies) { + if (dependency.kind === FolderKind.SharedFolder) { + const sharedFolder = storage.getByUid( + FolderKind.SharedFolder, + dependency.uid, + ); + if (!sharedFolder || seen.has(sharedFolder.uid)) continue; + seen.add(sharedFolder.uid); + rows.push({ + uid: sharedFolder.uid, + name: sharedFolderName(sharedFolder), + folderKind: FolderKind.SharedFolder, + }); + } else if (dependency.kind === FolderKind.SharedFolderFolder) { + const sharedFolderFolder = storage.getByUid( + FolderKind.SharedFolderFolder, + dependency.uid, + ); + if (!sharedFolderFolder || seen.has(sharedFolderFolder.uid)) continue; + seen.add(sharedFolderFolder.uid); + rows.push({ + uid: sharedFolderFolder.uid, + name: sharedFolderFolderName(sharedFolderFolder), + folderKind: FolderKind.SharedFolderFolder, + }); } - - const parentMap = await buildFolderParentMap(storage) - for (const sharedFolder of storage.getAll(FolderKind.SharedFolder)) { - if (seen.has(sharedFolder.uid)) continue - const parent = parentMap.get(sharedFolder.uid) - if (parent && (parent.kind === FolderKind.SharedFolder || parent.kind === FolderKind.SharedFolderFolder)) { - continue - } - seen.add(sharedFolder.uid) - promotedRootSharedUids.add(sharedFolder.uid) - rows.push({ - uid: sharedFolder.uid, - name: sharedFolderName(sharedFolder), - folderKind: FolderKind.SharedFolder, - }) + } + + const parentMap = await buildFolderParentMap(storage); + for (const sharedFolder of storage.getAll( + FolderKind.SharedFolder, + )) { + if (seen.has(sharedFolder.uid)) continue; + const parent = parentMap.get(sharedFolder.uid); + if ( + parent && + (parent.kind === FolderKind.SharedFolder || + parent.kind === FolderKind.SharedFolderFolder) + ) { + continue; } - - rows.sort((rowA, rowB) => rowA.name.localeCompare(rowB.name, undefined, { sensitivity: 'base' })) - - return { rows, promotedRootSharedUids } + seen.add(sharedFolder.uid); + promotedRootSharedUids.add(sharedFolder.uid); + rows.push({ + uid: sharedFolder.uid, + name: sharedFolderName(sharedFolder), + folderKind: FolderKind.SharedFolder, + }); + } + + rows.sort((rowA, rowB) => + rowA.name.localeCompare(rowB.name, undefined, { sensitivity: "base" }), + ); + + return { rows, promotedRootSharedUids }; } -function resolveFolderContainer(storage: InMemoryStorage, folderUid: string): { kind: VaultStorageKind; uid: string } { - if (storage.getByUid(FolderKind.UserFolder, folderUid)) { - return { kind: FolderKind.UserFolder, uid: folderUid } - } - if (storage.getByUid(FolderKind.SharedFolder, folderUid)) { - return { kind: FolderKind.SharedFolder, uid: folderUid } - } - if (storage.getByUid(FolderKind.SharedFolderFolder, folderUid)) { - return { kind: FolderKind.SharedFolderFolder, uid: folderUid } - } - throw new KeeperSdkError(`Folder "${folderUid}" not found`, 'folder_not_found') +function resolveFolderContainer( + storage: InMemoryStorage, + folderUid: string, +): { kind: VaultStorageKind; uid: string } { + if (storage.getByUid(FolderKind.UserFolder, folderUid)) { + return { kind: FolderKind.UserFolder, uid: folderUid }; + } + if (storage.getByUid(FolderKind.SharedFolder, folderUid)) { + return { kind: FolderKind.SharedFolder, uid: folderUid }; + } + if ( + storage.getByUid( + FolderKind.SharedFolderFolder, + folderUid, + ) + ) { + return { kind: FolderKind.SharedFolderFolder, uid: folderUid }; + } + throw new KeeperSdkError( + `Folder "${folderUid}" not found`, + "folder_not_found", + ); } -function getRecordMetadata(storage: InMemoryStorage, recordUid: string): DRecordMetadata | undefined { - return storage.getByUid(VaultObjectKind.Metadata, recordUid) +function getRecordMetadata( + storage: InMemoryStorage, + recordUid: string, +): DRecordMetadata | undefined { + return storage.getByUid(VaultObjectKind.Metadata, recordUid); } -export function findFolderUidByNameOrUid(storage: InMemoryStorage, nameOrUid: string): string | undefined { - const trimmedNameOrUid = nameOrUid.trim() - if (!trimmedNameOrUid) return undefined - +export function findFolderUidByNameOrUid( + storage: InMemoryStorage, + nameOrUid: string, +): string | undefined { + const trimmedNameOrUid = nameOrUid.trim(); + if (!trimmedNameOrUid) return undefined; + + if ( + storage.getByUid(FolderKind.UserFolder, trimmedNameOrUid) || + storage.getByUid( + FolderKind.SharedFolder, + trimmedNameOrUid, + ) || + storage.getByUid( + FolderKind.SharedFolderFolder, + trimmedNameOrUid, + ) + ) { + return trimmedNameOrUid; + } + + const lowerNameOrUid = trimmedNameOrUid.toLowerCase(); + for (const userFolder of storage.getAll(FolderKind.UserFolder)) { + if (userFolderName(userFolder).toLowerCase() === lowerNameOrUid) + return userFolder.uid; + } + for (const sharedFolder of storage.getAll( + FolderKind.SharedFolder, + )) { + if (sharedFolderName(sharedFolder).toLowerCase() === lowerNameOrUid) + return sharedFolder.uid; + } + for (const sharedFolderFolder of storage.getAll( + FolderKind.SharedFolderFolder, + )) { if ( - storage.getByUid(FolderKind.UserFolder, trimmedNameOrUid) || - storage.getByUid(FolderKind.SharedFolder, trimmedNameOrUid) || - storage.getByUid(FolderKind.SharedFolderFolder, trimmedNameOrUid) - ) { - return trimmedNameOrUid - } - - const lowerNameOrUid = trimmedNameOrUid.toLowerCase() - for (const userFolder of storage.getAll(FolderKind.UserFolder)) { - if (userFolderName(userFolder).toLowerCase() === lowerNameOrUid) return userFolder.uid - } - for (const sharedFolder of storage.getAll(FolderKind.SharedFolder)) { - if (sharedFolderName(sharedFolder).toLowerCase() === lowerNameOrUid) return sharedFolder.uid - } - for (const sharedFolderFolder of storage.getAll(FolderKind.SharedFolderFolder)) { - if (sharedFolderFolderName(sharedFolderFolder).toLowerCase() === lowerNameOrUid) return sharedFolderFolder.uid - } - return undefined + sharedFolderFolderName(sharedFolderFolder).toLowerCase() === + lowerNameOrUid + ) + return sharedFolderFolder.uid; + } + return undefined; } async function countFolderChildren( - storage: InMemoryStorage, - uid: string + storage: InMemoryStorage, + uid: string, ): Promise<{ records: number; subfolders: number }> { - const dependencies = (await storage.getDependencies(uid)) || [] - let records = 0 - let subfolders = 0 - for (const dependency of dependencies) { - if (dependency.kind === VaultObjectKind.Record) records++ - else if ( - dependency.kind === FolderKind.UserFolder || - dependency.kind === FolderKind.SharedFolder || - dependency.kind === FolderKind.SharedFolderFolder - ) { - subfolders++ - } + const dependencies = (await storage.getDependencies(uid)) || []; + let records = 0; + let subfolders = 0; + for (const dependency of dependencies) { + if (dependency.kind === VaultObjectKind.Record) records++; + else if ( + dependency.kind === FolderKind.UserFolder || + dependency.kind === FolderKind.SharedFolder || + dependency.kind === FolderKind.SharedFolderFolder + ) { + subfolders++; } - return { records, subfolders } + } + return { records, subfolders }; } -export async function listFolder(storage: InMemoryStorage, options: ListFolderOptions = {}): Promise { - const showFolders = options.showFolders !== false - const showRecords = options.showRecords !== false - const detail = options.detail === true - const patternRaw = options.pattern?.trim() || null - const regex = patternRaw ? globToRegex(patternRaw) : null - - const folderUidOpt = options.folderUid - let parentKey: string | null = null - - if (folderUidOpt !== undefined && folderUidOpt !== null && folderUidOpt !== '') { - parentKey = resolveFolderContainer(storage, folderUidOpt).uid - } - - const dependencies = - parentKey === null - ? (await storage.getDependencies('')) || [] - : (await storage.getDependencies(parentKey)) || [] - - const folderRows: ListFolderFolderSimple[] = [] - const recordRows: ListFolderRecordSimple[] = [] - - const matches = (name: string, uid: string): boolean => { - if (!regex) return true - return regex.test(name) || regex.test(uid) - } - - if (showFolders && parentKey === null) { - const { rows } = await listVaultRootFolders(storage) - for (const row of rows) { - if (!matches(row.name, row.uid)) continue - folderRows.push(row) - } - } - - for (const dependency of dependencies) { - if (dependency.kind === FolderKind.UserFolder && showFolders && parentKey !== null) { - const userFolder = storage.getByUid(FolderKind.UserFolder, dependency.uid) - if (!userFolder) continue - const name = userFolderName(userFolder) - if (!matches(name, userFolder.uid)) continue - folderRows.push({ uid: userFolder.uid, name, folderKind: FolderKind.UserFolder }) - } else if (dependency.kind === FolderKind.SharedFolder && showFolders && parentKey !== null) { - const sharedFolder = storage.getByUid(FolderKind.SharedFolder, dependency.uid) - if (!sharedFolder) continue - const name = sharedFolderName(sharedFolder) - if (!matches(name, sharedFolder.uid)) continue - folderRows.push({ uid: sharedFolder.uid, name, folderKind: FolderKind.SharedFolder }) - } else if (dependency.kind === FolderKind.SharedFolderFolder && showFolders && parentKey !== null) { - const sharedFolderFolder = storage.getByUid( - FolderKind.SharedFolderFolder, - dependency.uid - ) - if (!sharedFolderFolder) continue - const name = sharedFolderFolderName(sharedFolderFolder) - if (!matches(name, sharedFolderFolder.uid)) continue - folderRows.push({ - uid: sharedFolderFolder.uid, - name, - folderKind: FolderKind.SharedFolderFolder, - }) - } else if (dependency.kind === VaultObjectKind.Record && showRecords) { - const record = storage.getByUid(VaultObjectKind.Record, dependency.uid) - if (!record || (record.version !== 2 && record.version !== 3)) continue - const title = getRecordTitle(record) - if (!matches(title, record.uid)) continue - recordRows.push({ - uid: record.uid, - name: title, - type: getRecordType(record), - }) - } +export async function listFolder( + storage: InMemoryStorage, + options: ListFolderOptions = {}, +): Promise { + const showFolders = options.showFolders !== false; + const showRecords = options.showRecords !== false; + const detail = options.detail === true; + const patternRaw = options.pattern?.trim() || null; + const regex = patternRaw ? globToRegex(patternRaw) : null; + + const folderUidOpt = options.folderUid; + let parentKey: string | null = null; + + if ( + folderUidOpt !== undefined && + folderUidOpt !== null && + folderUidOpt !== "" + ) { + parentKey = resolveFolderContainer(storage, folderUidOpt).uid; + } + + const dependencies = + parentKey === null + ? (await storage.getDependencies("")) || [] + : (await storage.getDependencies(parentKey)) || []; + + const folderRows: ListFolderFolderSimple[] = []; + const recordRows: ListFolderRecordSimple[] = []; + + const matches = (name: string, uid: string): boolean => { + if (!regex) return true; + return regex.test(name) || regex.test(uid); + }; + + if (showFolders && parentKey === null) { + const { rows } = await listVaultRootFolders(storage); + for (const row of rows) { + if (!matches(row.name, row.uid)) continue; + folderRows.push(row); } + } - folderRows.sort((rowA, rowB) => rowA.name.localeCompare(rowB.name, undefined, { sensitivity: 'base' })) - recordRows.sort((rowA, rowB) => rowA.name.localeCompare(rowB.name, undefined, { sensitivity: 'base' })) - - if (!detail) { - return { detail: false, folders: folderRows, records: recordRows } + for (const dependency of dependencies) { + if ( + dependency.kind === FolderKind.UserFolder && + showFolders && + parentKey !== null + ) { + const userFolder = storage.getByUid( + FolderKind.UserFolder, + dependency.uid, + ); + if (!userFolder) continue; + const name = userFolderName(userFolder); + if (!matches(name, userFolder.uid)) continue; + folderRows.push({ + uid: userFolder.uid, + name, + folderKind: FolderKind.UserFolder, + }); + } else if ( + dependency.kind === FolderKind.SharedFolder && + showFolders && + parentKey !== null + ) { + const sharedFolder = storage.getByUid( + FolderKind.SharedFolder, + dependency.uid, + ); + if (!sharedFolder) continue; + const name = sharedFolderName(sharedFolder); + if (!matches(name, sharedFolder.uid)) continue; + folderRows.push({ + uid: sharedFolder.uid, + name, + folderKind: FolderKind.SharedFolder, + }); + } else if ( + dependency.kind === FolderKind.SharedFolderFolder && + showFolders && + parentKey !== null + ) { + const sharedFolderFolder = storage.getByUid( + FolderKind.SharedFolderFolder, + dependency.uid, + ); + if (!sharedFolderFolder) continue; + const name = sharedFolderFolderName(sharedFolderFolder); + if (!matches(name, sharedFolderFolder.uid)) continue; + folderRows.push({ + uid: sharedFolderFolder.uid, + name, + folderKind: FolderKind.SharedFolderFolder, + }); + } else if (dependency.kind === VaultObjectKind.Record && showRecords) { + const record = storage.getByUid( + VaultObjectKind.Record, + dependency.uid, + ); + if (!record || (record.version !== 2 && record.version !== 3)) continue; + const title = getRecordTitle(record); + if (!matches(title, record.uid)) continue; + recordRows.push({ + uid: record.uid, + name: title, + type: getRecordType(record), + }); } - - const folderDetails: ListFolderFolderDetail[] = await Promise.all( - folderRows.map(async (row) => { - const counts = await countFolderChildren(storage, row.uid) - return { - ...row, - flags: buildFolderFlags(row.folderKind), - recordCount: counts.records, - subfolderCount: counts.subfolders, - } - }) - ) - - const recordDetails: ListFolderRecordDetail[] = recordRows.map((row) => { - const record = storage.getByUid(VaultObjectKind.Record, row.uid)! - const metadata = getRecordMetadata(storage, row.uid) - return { - ...row, - flags: buildRecordFlags(record, metadata), - version: record.version, - isOwner: metadata?.owner === true, - hasAttachments: recordHasAttachments(record), - isShared: !!record.shared, - } - }) - - return { detail: true, folders: folderDetails, records: recordDetails } + } + + folderRows.sort((rowA, rowB) => + rowA.name.localeCompare(rowB.name, undefined, { sensitivity: "base" }), + ); + recordRows.sort((rowA, rowB) => + rowA.name.localeCompare(rowB.name, undefined, { sensitivity: "base" }), + ); + + if (!detail) { + return { detail: false, folders: folderRows, records: recordRows }; + } + + const folderDetails: ListFolderFolderDetail[] = await Promise.all( + folderRows.map(async (row) => { + const counts = await countFolderChildren(storage, row.uid); + return { + ...row, + flags: buildFolderFlags(row.folderKind), + recordCount: counts.records, + subfolderCount: counts.subfolders, + }; + }), + ); + + const recordDetails: ListFolderRecordDetail[] = recordRows.map((row) => { + const record = storage.getByUid(VaultObjectKind.Record, row.uid)!; + const metadata = getRecordMetadata(storage, row.uid); + return { + ...row, + flags: buildRecordFlags(record, metadata), + version: record.version, + isOwner: metadata?.owner === true, + hasAttachments: recordHasAttachments(record), + isShared: !!record.shared, + }; + }); + + return { detail: true, folders: folderDetails, records: recordDetails }; } diff --git a/KeeperSdk/src/folders/updateFolder.ts b/KeeperSdk/src/folders/updateFolder.ts index d444c56f..32f1a512 100644 --- a/KeeperSdk/src/folders/updateFolder.ts +++ b/KeeperSdk/src/folders/updateFolder.ts @@ -1,211 +1,280 @@ -import type { Auth, FolderUpdateRequest } from '@keeper-security/keeperapi' +import type { Auth, FolderUpdateRequest } from "@keeper-security/keeperapi"; import { - encryptForStorage, - encryptObjectForStorage, - folderUpdateCommand, - platform, -} from '@keeper-security/keeperapi' -import type { DSharedFolder, DSharedFolderFolder, DUserFolder } from '@keeper-security/keeperapi' -import { InMemoryStorage } from '../storage/InMemoryStorage' -import { anyIsBoolean, isBoolean, isObject, KeeperSdkError, extractErrorMessage } from '../utils' -import { resolveSingleFolder, type VaultFolderSession } from './changeDirectory' -import { FolderKind, FolderResultStatus, validateFolderName } from './folderHelpers' + encryptForStorage, + encryptObjectForStorage, + folderUpdateCommand, + platform, +} from "@keeper-security/keeperapi"; +import type { + DSharedFolder, + DSharedFolderFolder, + DUserFolder, +} from "@keeper-security/keeperapi"; +import { InMemoryStorage } from "../storage/InMemoryStorage"; +import { + anyIsBoolean, + isBoolean, + isObject, + KeeperSdkError, + extractErrorMessage, +} from "../utils"; +import { + resolveSingleFolder, + type VaultFolderSession, +} from "./changeDirectory"; +import { + FolderKind, + FolderResultStatus, + validateFolderName, +} from "./folderHelpers"; export type UpdateFolderInput = { - folderUid: string - folderName?: string | null - manageUsers?: boolean | null - manageRecords?: boolean | null - canShare?: boolean | null - canEdit?: boolean | null -} + folderUid: string; + folderName?: string | null; + manageUsers?: boolean | null; + manageRecords?: boolean | null; + canShare?: boolean | null; + canEdit?: boolean | null; +}; export type UpdateFolderResult = { - folderUid: string - success: boolean - message?: string -} + folderUid: string; + success: boolean; + message?: string; +}; export type RenameFolderResult = { - folderUid: string - oldName: string - newName: string - success: boolean - message?: string -} + folderUid: string; + oldName: string; + newName: string; + success: boolean; + message?: string; +}; type ResolvedFolder = - | { kind: FolderKind.UserFolder; folder: DUserFolder } - | { kind: FolderKind.SharedFolder; folder: DSharedFolder } - | { kind: FolderKind.SharedFolderFolder; folder: DSharedFolderFolder } - -function resolveFolderEntity(storage: InMemoryStorage, folderUid: string): ResolvedFolder | undefined { - const userFolder = storage.getByUid(FolderKind.UserFolder, folderUid) - if (userFolder) return { kind: FolderKind.UserFolder, folder: userFolder } - const sharedFolder = storage.getByUid(FolderKind.SharedFolder, folderUid) - if (sharedFolder) return { kind: FolderKind.SharedFolder, folder: sharedFolder } - const sharedFolderFolder = storage.getByUid(FolderKind.SharedFolderFolder, folderUid) - if (sharedFolderFolder) return { kind: FolderKind.SharedFolderFolder, folder: sharedFolderFolder } - return undefined + | { kind: FolderKind.UserFolder; folder: DUserFolder } + | { kind: FolderKind.SharedFolder; folder: DSharedFolder } + | { kind: FolderKind.SharedFolderFolder; folder: DSharedFolderFolder }; + +function resolveFolderEntity( + storage: InMemoryStorage, + folderUid: string, +): ResolvedFolder | undefined { + const userFolder = storage.getByUid( + FolderKind.UserFolder, + folderUid, + ); + if (userFolder) return { kind: FolderKind.UserFolder, folder: userFolder }; + const sharedFolder = storage.getByUid( + FolderKind.SharedFolder, + folderUid, + ); + if (sharedFolder) + return { kind: FolderKind.SharedFolder, folder: sharedFolder }; + const sharedFolderFolder = storage.getByUid( + FolderKind.SharedFolderFolder, + folderUid, + ); + if (sharedFolderFolder) + return { kind: FolderKind.SharedFolderFolder, folder: sharedFolderFolder }; + return undefined; } -function mergeFolderData(existing: unknown, folderName: string | null | undefined): Record { - const base = isObject(existing) ? { ...existing } : {} - const trimmed = folderName?.trim() - if (trimmed) { - base.title = trimmed - base.name = trimmed - } - return base +function mergeFolderData( + existing: unknown, + folderName: string | null | undefined, +): Record { + const base = isObject(existing) ? { ...existing } : {}; + const trimmed = folderName?.trim(); + if (trimmed) { + base.title = trimmed; + base.name = trimmed; + } + return base; } export async function updateFolder( - auth: Auth, - storage: InMemoryStorage, - input: UpdateFolderInput + auth: Auth, + storage: InMemoryStorage, + input: UpdateFolderInput, ): Promise { - const folderUid = input.folderUid - const resolved = resolveFolderEntity(storage, folderUid) - if (!resolved) { - throw new KeeperSdkError(`Folder "${folderUid}" does not exist.`, 'folder_not_found') - } + const folderUid = input.folderUid; + const resolved = resolveFolderEntity(storage, folderUid); + if (!resolved) { + throw new KeeperSdkError( + `Folder "${folderUid}" does not exist.`, + "folder_not_found", + ); + } - const folderKey = await storage.getKeyBytes(folderUid) - if (!folderKey) { - throw new KeeperSdkError( - 'Folder encryption key not available. Sync the vault and try again.', - 'folder_key_missing' - ) - } + const folderKey = await storage.getKeyBytes(folderUid); + if (!folderKey) { + throw new KeeperSdkError( + "Folder encryption key not available. Sync the vault and try again.", + "folder_key_missing", + ); + } - const trimmedName = input.folderName?.trim() || '' - if (trimmedName) validateFolderName(trimmedName) - - const hasPermissionUpdate = anyIsBoolean( - input.manageUsers, - input.manageRecords, - input.canShare, - input.canEdit - ) - - if (resolved.kind === FolderKind.UserFolder || resolved.kind === FolderKind.SharedFolderFolder) { - if (!trimmedName) { - throw new KeeperSdkError('Folder name is required.', 'folder_name_required') - } - } else if (resolved.kind === FolderKind.SharedFolder) { - if (!trimmedName && !hasPermissionUpdate) { - throw new KeeperSdkError( - 'Provide a new name or at least one permission to update.', - 'shared_folder_update_empty' - ) - } - } + const trimmedName = input.folderName?.trim() || ""; + if (trimmedName) validateFolderName(trimmedName); - const effectiveName = - resolved.kind === FolderKind.SharedFolder ? trimmedName || resolved.folder.name || undefined : trimmedName - const mergedData = mergeFolderData(resolved.folder.data, effectiveName) + const hasPermissionUpdate = anyIsBoolean( + input.manageUsers, + input.manageRecords, + input.canShare, + input.canEdit, + ); - const request: FolderUpdateRequest = { - folder_uid: folderUid, - folder_type: resolved.kind, - data: await encryptObjectForStorage(mergedData, folderKey), + if ( + resolved.kind === FolderKind.UserFolder || + resolved.kind === FolderKind.SharedFolderFolder + ) { + if (!trimmedName) { + throw new KeeperSdkError( + "Folder name is required.", + "folder_name_required", + ); } - - if (resolved.kind === FolderKind.SharedFolder) { - const sharedFolder = resolved.folder - const displayName = trimmedName || sharedFolder.name || folderUid - request.shared_folder_uid = folderUid - request.name = await encryptForStorage(platform.stringToBytes(displayName), folderKey) - request.manage_users = isBoolean(input.manageUsers) ? input.manageUsers : sharedFolder.defaultManageUsers - request.manage_records = isBoolean(input.manageRecords) - ? input.manageRecords - : sharedFolder.defaultManageRecords - request.can_edit = isBoolean(input.canEdit) ? input.canEdit : sharedFolder.defaultCanEdit - request.can_share = isBoolean(input.canShare) ? input.canShare : sharedFolder.defaultCanShare - } else if (resolved.kind === FolderKind.SharedFolderFolder) { - request.shared_folder_uid = resolved.folder.sharedFolderUid + } else if (resolved.kind === FolderKind.SharedFolder) { + if (!trimmedName && !hasPermissionUpdate) { + throw new KeeperSdkError( + "Provide a new name or at least one permission to update.", + "shared_folder_update_empty", + ); } + } - const folderLabel = effectiveName || folderUid - - try { - const response = await auth.executeRestCommand(folderUpdateCommand(request)) - const succeeded = - response.result === FolderResultStatus.Success || response.result_code === FolderResultStatus.Success - if (!succeeded) { - const reason = - response.message || - response.result_code || - `folder_update failed for "${folderLabel}" (uid=${folderUid}, type=${resolved.kind}): server returned no message or result_code` - return { - folderUid, - success: false, - message: reason, - } - } - return { folderUid, success: true } - } catch (err) { - return { - folderUid, - success: false, - message: `folder_update failed for "${folderLabel}" (uid=${folderUid}, type=${resolved.kind}): ${extractErrorMessage(err)}`, - } + const effectiveName = + resolved.kind === FolderKind.SharedFolder + ? trimmedName || resolved.folder.name || undefined + : trimmedName; + const mergedData = mergeFolderData(resolved.folder.data, effectiveName); + + const request: FolderUpdateRequest = { + folder_uid: folderUid, + folder_type: resolved.kind, + data: await encryptObjectForStorage(mergedData, folderKey), + }; + + if (resolved.kind === FolderKind.SharedFolder) { + const sharedFolder = resolved.folder; + const displayName = trimmedName || sharedFolder.name || folderUid; + request.shared_folder_uid = folderUid; + request.name = await encryptForStorage( + platform.stringToBytes(displayName), + folderKey, + ); + request.manage_users = isBoolean(input.manageUsers) + ? input.manageUsers + : sharedFolder.defaultManageUsers; + request.manage_records = isBoolean(input.manageRecords) + ? input.manageRecords + : sharedFolder.defaultManageRecords; + request.can_edit = isBoolean(input.canEdit) + ? input.canEdit + : sharedFolder.defaultCanEdit; + request.can_share = isBoolean(input.canShare) + ? input.canShare + : sharedFolder.defaultCanShare; + } else if (resolved.kind === FolderKind.SharedFolderFolder) { + request.shared_folder_uid = resolved.folder.sharedFolderUid; + } + + const folderLabel = effectiveName || folderUid; + + try { + const response = await auth.executeRestCommand( + folderUpdateCommand(request), + ); + const succeeded = + response.result === FolderResultStatus.Success || + response.result_code === FolderResultStatus.Success; + if (!succeeded) { + const reason = + response.message || + response.result_code || + `folder_update failed for "${folderLabel}" (uid=${folderUid}, type=${resolved.kind}): server returned no message or result_code`; + return { + folderUid, + success: false, + message: reason, + }; } + return { folderUid, success: true }; + } catch (err) { + return { + folderUid, + success: false, + message: `folder_update failed for "${folderLabel}" (uid=${folderUid}, type=${resolved.kind}): ${extractErrorMessage(err)}`, + }; + } } export async function renameFolder( - auth: Auth, - storage: InMemoryStorage, - session: VaultFolderSession, - folderPath: string, - newName: string + auth: Auth, + storage: InMemoryStorage, + session: VaultFolderSession, + folderPath: string, + newName: string, ): Promise { - const trimmedPath = folderPath.trim() - if (!trimmedPath) { - throw new KeeperSdkError('Folder cannot be empty.', 'folder_required') - } - const trimmedName = newName.trim() - if (!trimmedName) { - throw new KeeperSdkError('New folder name is required.', 'folder_name_required') - } + const trimmedPath = folderPath.trim(); + if (!trimmedPath) { + throw new KeeperSdkError("Folder cannot be empty.", "folder_required"); + } + const trimmedName = newName.trim(); + if (!trimmedName) { + throw new KeeperSdkError( + "New folder name is required.", + "folder_name_required", + ); + } - const resolved = await resolveSingleFolder(storage, session, trimmedPath) - if (resolved.folderUid === null) { - throw new KeeperSdkError('Cannot rename the root folder.', 'folder_root_rename') - } + const resolved = await resolveSingleFolder(storage, session, trimmedPath); + if (resolved.folderUid === null) { + throw new KeeperSdkError( + "Cannot rename the root folder.", + "folder_root_rename", + ); + } - const result = await updateFolder(auth, storage, { - folderUid: resolved.folderUid, - folderName: trimmedName, - }) + const result = await updateFolder(auth, storage, { + folderUid: resolved.folderUid, + folderName: trimmedName, + }); - return { - folderUid: resolved.folderUid, - oldName: resolved.name, - newName: trimmedName, - success: result.success, - message: result.message, - } + return { + folderUid: resolved.folderUid, + oldName: resolved.name, + newName: trimmedName, + success: result.success, + message: result.message, + }; } export async function updateSharedFolderPermissions( - auth: Auth, - storage: InMemoryStorage, - sharedFolderUid: string, - permissions: { - manageUsers?: boolean | null - manageRecords?: boolean | null - canShare?: boolean | null - canEdit?: boolean | null - } + auth: Auth, + storage: InMemoryStorage, + sharedFolderUid: string, + permissions: { + manageUsers?: boolean | null; + manageRecords?: boolean | null; + canShare?: boolean | null; + canEdit?: boolean | null; + }, ): Promise { - const sharedFolder = storage.getByUid(FolderKind.SharedFolder, sharedFolderUid) - if (!sharedFolder) { - throw new KeeperSdkError(`"${sharedFolderUid}" is not a shared folder.`, 'not_shared_folder') - } - return updateFolder(auth, storage, { - folderUid: sharedFolderUid, - folderName: null, - ...permissions, - }) + const sharedFolder = storage.getByUid( + FolderKind.SharedFolder, + sharedFolderUid, + ); + if (!sharedFolder) { + throw new KeeperSdkError( + `"${sharedFolderUid}" is not a shared folder.`, + "not_shared_folder", + ); + } + return updateFolder(auth, storage, { + folderUid: sharedFolderUid, + folderName: null, + ...permissions, + }); } diff --git a/KeeperSdk/src/index.ts b/KeeperSdk/src/index.ts index 17ee6f53..d33632ca 100644 --- a/KeeperSdk/src/index.ts +++ b/KeeperSdk/src/index.ts @@ -1,701 +1,752 @@ -export { ConsoleAuthUI } from './auth/ConsoleAuthUI' -export { SessionManager, FileConfigLoader } from './auth/SessionManager' +export { ConsoleAuthUI } from "./auth/ConsoleAuthUI"; +export { SessionManager, FileConfigLoader } from "./auth/SessionManager"; export type { - KeeperJsonConfig, - ConfigLoader, - ConfigurationUser, - ConfigurationServerConfig, - ConfigurationDeviceConfig, -} from './auth/SessionManager' -export { login, cleanup, prompt, suppressLogs, loadKeeperConfig, resolveServer } from './auth/ConsoleLogin' + KeeperJsonConfig, + ConfigLoader, + ConfigurationUser, + ConfigurationServerConfig, + ConfigurationDeviceConfig, +} from "./auth/SessionManager"; +export { + login, + cleanup, + prompt, + suppressLogs, + loadKeeperConfig, + resolveServer, +} from "./auth/ConsoleLogin"; -export { InMemoryStorage } from './storage/InMemoryStorage' +export { InMemoryStorage } from "./storage/InMemoryStorage"; export { - Logger, - ConsoleLogger, - LogLevel, - logger, - setLogger, - getLogger, - resetLogger, - writeOutput, - KeeperSdkError, - isKeeperError, - extractErrorMessage, - extractResultCode, - SdkDefaults, - AuthDefaults, - NsfErrorCode, - ResultCodes, - AuthErrorCode, - SessionErrorCode, - ValidationErrorCode, - RoleErrorCode, - TeamErrorCode, - UserErrorCode, - AuditReportErrorCode, - ActionReportErrorCode, - PasswordReportErrorCode, - KEEPER_PUBLIC_HOSTS, - isBoolean, - isString, - isNonEmptyString, - isNumber, - isObject, - anyIsBoolean, - EMAIL_PATTERN, - EMAIL_LIST_SEPARATOR_PATTERN, - isValidEmail, - resolveSearchPattern, -} from './utils' -export type { ILogger, Nullable, Optional, DeepPartial, Immutable } from './utils' + Logger, + ConsoleLogger, + LogLevel, + logger, + setLogger, + getLogger, + resetLogger, + writeOutput, + KeeperSdkError, + isKeeperError, + extractErrorMessage, + extractResultCode, + SdkDefaults, + AuthDefaults, + NsfErrorCode, + ResultCodes, + AuthErrorCode, + SessionErrorCode, + ValidationErrorCode, + RoleErrorCode, + TeamErrorCode, + UserErrorCode, + AuditReportErrorCode, + ActionReportErrorCode, + PasswordReportErrorCode, + KEEPER_PUBLIC_HOSTS, + isBoolean, + isString, + isNonEmptyString, + isNumber, + isObject, + anyIsBoolean, + EMAIL_PATTERN, + EMAIL_LIST_SEPARATOR_PATTERN, + isValidEmail, + resolveSearchPattern, +} from "./utils"; +export type { + ILogger, + Nullable, + Optional, + DeepPartial, + Immutable, +} from "./utils"; export { - searchRecords, - formatRecord, - getRecordTitle, - getRecordType, - getRecordFields, - getRecordSummary, - getRecordPassword, - getRecordLogin, - getRecordUrl, - getRecordTotpUrl, - RecordVersion, -} from './records/RecordUtils' -export type { RecordSummary } from './records/RecordUtils' -export { parseTotpUrl, getTotpCode } from './records/Totp' -export type { TotpAlgorithm, TotpParams, TotpCode } from './records/Totp' -export { addRecord, updateRecord, deleteRecord, getRecordHistory, moveRecord } from './records/RecordOperations' + searchRecords, + formatRecord, + getRecordTitle, + getRecordType, + getRecordFields, + getRecordSummary, + getRecordPassword, + getRecordLogin, + getRecordUrl, + getRecordTotpUrl, + RecordVersion, +} from "./records/RecordUtils"; +export type { RecordSummary } from "./records/RecordUtils"; +export { parseTotpUrl, getTotpCode } from "./records/Totp"; +export type { TotpAlgorithm, TotpParams, TotpCode } from "./records/Totp"; +export { + addRecord, + updateRecord, + deleteRecord, + getRecordHistory, + moveRecord, +} from "./records/RecordOperations"; export type { - PasswordRecordData, - TypedRecordData, - RecordFieldInput, - NewRecordInput, - AddRecordResult, - UpdateRecordResult, - DeleteRecordResult, - HistoryEntry, - RecordHistoryResult, - MoveRecordInput, - MoveRecordResult, -} from './records/RecordOperations' - -export { shareRecord, removeRecordShare, getRecordShareInfo } from './sharing/Sharing' + PasswordRecordData, + TypedRecordData, + RecordFieldInput, + NewRecordInput, + AddRecordResult, + UpdateRecordResult, + DeleteRecordResult, + HistoryEntry, + RecordHistoryResult, + MoveRecordInput, + MoveRecordResult, +} from "./records/RecordOperations"; + +export { + shareRecord, + removeRecordShare, + getRecordShareInfo, +} from "./sharing/Sharing"; +export type { + ShareRecordInput, + ShareRecordResult, + RemoveShareInput, + RemoveShareResult, + RecordShareInfo, + RecordUserPermission, + RecordSharedFolderPermission, +} from "./sharing/Sharing"; + +export { KeeperVault } from "./vault/KeeperVault"; +export type { KeeperVaultConfig, VaultSummary } from "./vault/KeeperVault"; + +export { getFolder, findFolder, GetFolderFormat } from "./folders/getFolder"; +export type { + GetFolderOptions, + GetFolderResult, + GetFolderResultFolder, + GetFolderResultSharedFolder, + GetFolderFormatInput, + FoundFolder, +} from "./folders/getFolder"; + +export { + FolderKind, + ParentFolderKind, + FolderObjectType, + FolderResultStatus, + DeleteResolution, + DeleteObjectType, + folderKindFromString, +} from "./folders/folderHelpers"; +export type { FolderKindOrLiteral } from "./folders/folderHelpers"; + +export { + listFolder, + findFolderUidByNameOrUid, + listRootUserFolders, +} from "./folders/listFolder"; export type { - ShareRecordInput, - ShareRecordResult, - RemoveShareInput, - RemoveShareResult, - RecordShareInfo, - RecordUserPermission, - RecordSharedFolderPermission, -} from './sharing/Sharing' - -export { KeeperVault } from './vault/KeeperVault' -export type { KeeperVaultConfig, VaultSummary } from './vault/KeeperVault' - -export { getFolder, findFolder, GetFolderFormat } from './folders/getFolder' + ListFolderOptions, + ListFolderResult, + ListFolderFolderSimple, + ListFolderRecordSimple, + ListFolderFolderDetail, + ListFolderRecordDetail, +} from "./folders/listFolder"; + +export { + listSharedFolders, + formatSharedFoldersTable, + renderSharedFoldersAsciiTable, +} from "./sharedFolders/listSharedFolders"; export type { - GetFolderOptions, - GetFolderResult, - GetFolderResultFolder, - GetFolderResultSharedFolder, - GetFolderFormatInput, - FoundFolder, -} from './folders/getFolder' + ListSharedFoldersOptions, + ListSharedFolderRow, + FormattedSharedFoldersTable, +} from "./sharedFolders/listSharedFolders"; export { - FolderKind, - ParentFolderKind, - FolderObjectType, - FolderResultStatus, - DeleteResolution, - DeleteObjectType, - folderKindFromString, -} from './folders/folderHelpers' -export type { FolderKindOrLiteral } from './folders/folderHelpers' - -export { listFolder, findFolderUidByNameOrUid, listRootUserFolders } from './folders/listFolder' + shareFolder, + ShareFolderAction, + ShareFolderUserResultStatus, +} from "./sharedFolders/shareFolder"; export type { - ListFolderOptions, - ListFolderResult, - ListFolderFolderSimple, - ListFolderRecordSimple, - ListFolderFolderDetail, - ListFolderRecordDetail, -} from './folders/listFolder' + ShareFolderActionInput, + ShareFolderInput, + ShareFolderResult, + ShareFolderUserStatus, +} from "./sharedFolders/shareFolder"; export { - listSharedFolders, - formatSharedFoldersTable, - renderSharedFoldersAsciiTable, -} from './sharedFolders/listSharedFolders' + changeDirectory, + createVaultFolderSession, + tryResolvePath, + resolveSingleFolder, + getWorkingFolderDisplayName, + findParentFolderUid, + splitPathComponents, +} from "./folders/changeDirectory"; export type { - ListSharedFoldersOptions, - ListSharedFolderRow, - FormattedSharedFoldersTable, -} from './sharedFolders/listSharedFolders' + VaultFolderSession, + ChangeDirectoryResult, + TryResolvePathResult, +} from "./folders/changeDirectory"; -export { shareFolder, ShareFolderAction, ShareFolderUserResultStatus } from './sharedFolders/shareFolder' +export { addFolder, mkdir } from "./folders/addFolder"; export type { - ShareFolderActionInput, - ShareFolderInput, - ShareFolderResult, - ShareFolderUserStatus, -} from './sharedFolders/shareFolder' + AddFolderInput, + AddFolderResult, + MkdirOptions, +} from "./folders/addFolder"; export { - changeDirectory, - createVaultFolderSession, - tryResolvePath, - resolveSingleFolder, - getWorkingFolderDisplayName, - findParentFolderUid, - splitPathComponents, -} from './folders/changeDirectory' -export type { VaultFolderSession, ChangeDirectoryResult, TryResolvePathResult } from './folders/changeDirectory' - -export { addFolder, mkdir } from './folders/addFolder' -export type { AddFolderInput, AddFolderResult, MkdirOptions } from './folders/addFolder' - -export { updateFolder, renameFolder, updateSharedFolderPermissions } from './folders/updateFolder' -export type { UpdateFolderInput, UpdateFolderResult, RenameFolderResult } from './folders/updateFolder' + updateFolder, + renameFolder, + updateSharedFolderPermissions, +} from "./folders/updateFolder"; +export type { + UpdateFolderInput, + UpdateFolderResult, + RenameFolderResult, +} from "./folders/updateFolder"; export { - deleteFolder, - rmdir, - resolveRmdirPatternsToFolderUids, - buildFolderDeleteObject, -} from './folders/deleteFolder' -export type { DeleteFolderResult, RmdirOptions } from './folders/deleteFolder' + deleteFolder, + rmdir, + resolveRmdirPatternsToFolderUids, + buildFolderDeleteObject, +} from "./folders/deleteFolder"; +export type { DeleteFolderResult, RmdirOptions } from "./folders/deleteFolder"; export { - buildFolderTree, - renderFolderTreeAscii, - folderTreeAscii, - userPermissionToText, - recordPermissionToText, -} from './folders/folderTree' -export type { FolderTreeBuildOptions, FolderTreeNode, FolderTreeResult } from './folders/folderTree' + buildFolderTree, + renderFolderTreeAscii, + folderTreeAscii, + userPermissionToText, + recordPermissionToText, +} from "./folders/folderTree"; +export type { + FolderTreeBuildOptions, + FolderTreeNode, + FolderTreeResult, +} from "./folders/folderTree"; -export { FolderManager } from './folders/FolderManager' -export type { AuthProvider, SharedFolderPermissionsInput } from './folders/FolderManager' +export { FolderManager } from "./folders/FolderManager"; +export type { + AuthProvider, + SharedFolderPermissionsInput, +} from "./folders/FolderManager"; -export { SharedFolderManager } from './sharedFolders/SharedFolderManager' +export { SharedFolderManager } from "./sharedFolders/SharedFolderManager"; export { - listTeams, - formatTeamsTable, - renderTeamsAsciiTable, - formatTeamRestricts, - TeamColumn, - SUPPORTED_TEAM_COLUMNS, - DEFAULT_TEAM_COLUMNS, -} from './teams/listTeams' + listTeams, + formatTeamsTable, + renderTeamsAsciiTable, + formatTeamRestricts, + TeamColumn, + SUPPORTED_TEAM_COLUMNS, + DEFAULT_TEAM_COLUMNS, +} from "./teams/listTeams"; export type { - ListTeamsOptions, - ListTeamRow, - TeamColumnInput, - FormattedTeamsTable, - FormatTeamsTableOptions, -} from './teams/listTeams' + ListTeamsOptions, + ListTeamRow, + TeamColumnInput, + FormattedTeamsTable, + FormatTeamsTableOptions, +} from "./teams/listTeams"; export { - EnterpriseDataInclude, - EnterpriseDataManager, -} from './teams/enterpriseData' + EnterpriseDataInclude, + EnterpriseDataManager, +} from "./teams/enterpriseData"; export type { - EnterpriseDataManagerApi, - GetEnterpriseDataResponse, - EnterpriseTeamRecord, - EnterpriseTeamUserLink, - EnterpriseRoleUserLink, - EnterpriseRoleTeamLink, - EnterpriseRolePrivilegeLink, - EnterpriseRoleManagedNodeLink, - EnterpriseRoleEnforcementLink, - EnterpriseQueuedTeamRecord, - EnterpriseQueuedTeamUserLink, - EnterpriseUserAliasLink, - EnterpriseUser, - EnterpriseRole, - EnterpriseNode, - DecryptedNodeNames, - DecryptedRoleNames, - EnterpriseDisplayNames, - NodePathOptions, -} from './teams/enterpriseData' + EnterpriseDataManagerApi, + GetEnterpriseDataResponse, + EnterpriseTeamRecord, + EnterpriseTeamUserLink, + EnterpriseRoleUserLink, + EnterpriseRoleTeamLink, + EnterpriseRolePrivilegeLink, + EnterpriseRoleManagedNodeLink, + EnterpriseRoleEnforcementLink, + EnterpriseQueuedTeamRecord, + EnterpriseQueuedTeamUserLink, + EnterpriseUserAliasLink, + EnterpriseUser, + EnterpriseRole, + EnterpriseNode, + DecryptedNodeNames, + DecryptedRoleNames, + EnterpriseDisplayNames, + NodePathOptions, +} from "./teams/enterpriseData"; export { - listRoles, - formatRolesTable, - renderRolesAsciiTable, - RoleColumn, - SUPPORTED_ROLE_COLUMNS, - DEFAULT_ROLE_COLUMNS, - ALL_COLUMNS_WILDCARD, - viewRole, - formatRoleView, - roleViewTable, - RoleManager, - addRoles, - formatAddRoleResult, - renderAddRoleAsciiTable, - AddRoleStatus, - AddRoleSkipReason, - updateRoles, - formatUpdateRoleResult, - renderUpdateRoleAsciiTable, - UpdateRoleStatus, - deleteRoles, - formatDeleteRoleResult, - renderDeleteRoleAsciiTable, - DeleteRoleStatus, -} from './roles' + listRoles, + formatRolesTable, + renderRolesAsciiTable, + RoleColumn, + SUPPORTED_ROLE_COLUMNS, + DEFAULT_ROLE_COLUMNS, + ALL_COLUMNS_WILDCARD, + viewRole, + formatRoleView, + roleViewTable, + RoleManager, + addRoles, + formatAddRoleResult, + renderAddRoleAsciiTable, + AddRoleStatus, + AddRoleSkipReason, + updateRoles, + formatUpdateRoleResult, + renderUpdateRoleAsciiTable, + UpdateRoleStatus, + deleteRoles, + formatDeleteRoleResult, + renderDeleteRoleAsciiTable, + DeleteRoleStatus, +} from "./roles"; export type { - ListRolesOptions, - ListRoleRow, - RoleColumnInput, - FormattedRolesTable, - FormatRolesTableOptions, - RoleView, - RoleTeamInfo, - RoleUserInfo, - RoleManagedNodeInfo, - RoleEnforcementInfo, - FormatRoleViewOptions, - FormattedRoleViewTable, - FormattedManagedNodePrivilegeTable, - RoleViewTableRow, - AddRoleInput, - AddRoleResult, - AddRoleItemResult, - AddRoleConfirm, - AddRoleConflictPrompt, - FormattedAddRoleTable, - UpdateRoleInput, - UpdateRoleResult, - UpdateRoleItemResult, - FormattedUpdateRoleTable, - DeleteRoleInput, - DeleteRoleResult, - DeleteRoleItemResult, - FormattedDeleteRoleTable, - RoleToggleInput, - RoleToggle, - EnforcementPair, -} from './roles' + ListRolesOptions, + ListRoleRow, + RoleColumnInput, + FormattedRolesTable, + FormatRolesTableOptions, + RoleView, + RoleTeamInfo, + RoleUserInfo, + RoleManagedNodeInfo, + RoleEnforcementInfo, + FormatRoleViewOptions, + FormattedRoleViewTable, + FormattedManagedNodePrivilegeTable, + RoleViewTableRow, + AddRoleInput, + AddRoleResult, + AddRoleItemResult, + AddRoleConfirm, + AddRoleConflictPrompt, + FormattedAddRoleTable, + UpdateRoleInput, + UpdateRoleResult, + UpdateRoleItemResult, + FormattedUpdateRoleTable, + DeleteRoleInput, + DeleteRoleResult, + DeleteRoleItemResult, + FormattedDeleteRoleTable, + RoleToggleInput, + RoleToggle, + EnforcementPair, +} from "./roles"; export { - runAuditReport, - runActionReport, - runPasswordReport, - getPasswordStrength, - calculatePasswordScore, - parsePasswordPolicy, - isPasswordCompliant, - buildPasswordPolicySummary, - getAllowedActions, - getDefaultDaysSince, - AuditReportManager, - ActionReportManager, - EnterpriseReportManager, - AuditReportOrder, - AuditReportFormat, - AuditOutputFormat, - AuditAggregate, - SUMMARY_REPORT_TYPES, - CREATED_PRESETS, - TargetUserStatus, - AdminAction, - ActionReportColumn, - DEFAULT_ACTION_REPORT_COLUMNS, - SUPPORTED_ACTION_REPORT_COLUMNS, - PW_SPECIAL_CHARACTERS, - DEFAULT_TRUNCATION_LENGTH, - SUPPORTED_RECORD_VERSIONS, -} from './enterpriseReport' + runAuditReport, + runActionReport, + runPasswordReport, + getPasswordStrength, + calculatePasswordScore, + parsePasswordPolicy, + isPasswordCompliant, + buildPasswordPolicySummary, + getAllowedActions, + getDefaultDaysSince, + AuditReportManager, + ActionReportManager, + EnterpriseReportManager, + AuditReportOrder, + AuditReportFormat, + AuditOutputFormat, + AuditAggregate, + SUMMARY_REPORT_TYPES, + CREATED_PRESETS, + TargetUserStatus, + AdminAction, + ActionReportColumn, + DEFAULT_ACTION_REPORT_COLUMNS, + SUPPORTED_ACTION_REPORT_COLUMNS, + PW_SPECIAL_CHARACTERS, + DEFAULT_TRUNCATION_LENGTH, + SUPPORTED_RECORD_VERSIONS, +} from "./enterpriseReport"; export type { - AuditReportOptions, - AuditReportResult, - AuditReportFilter, - CreatedFilterCriteria, - CreatedPreset, - AuditEventOverviewReportRow, - AuditReportType, - AuditSummaryReportType, - ActionReportEntry, - ActionReportOptions, - ActionReportResult, - ActionResult, - PasswordPolicy, - PasswordStrength, - PasswordReportRow, - PasswordReportOptions, - PasswordReportResult, -} from './enterpriseReport' - -export { viewTeam, formatTeamView, teamViewTable } from './teams/viewTeam' + AuditReportOptions, + AuditReportResult, + AuditReportFilter, + CreatedFilterCriteria, + CreatedPreset, + AuditEventOverviewReportRow, + AuditReportType, + AuditSummaryReportType, + ActionReportEntry, + ActionReportOptions, + ActionReportResult, + ActionResult, + PasswordPolicy, + PasswordStrength, + PasswordReportRow, + PasswordReportOptions, + PasswordReportResult, +} from "./enterpriseReport"; + +export { viewTeam, formatTeamView, teamViewTable } from "./teams/viewTeam"; export type { - TeamView, - TeamRoleInfo, - TeamUserInfo, - FormatTeamViewOptions, - FormattedTeamViewTable, - TeamViewTableRow, -} from './teams/viewTeam' + TeamView, + TeamRoleInfo, + TeamUserInfo, + FormatTeamViewOptions, + FormattedTeamViewTable, + TeamViewTableRow, +} from "./teams/viewTeam"; export { - addTeams, - formatAddTeamResult, - renderAddTeamAsciiTable, - AddTeamSourceKind, - AddTeamSkipReason, - AddTeamStatus, - TeamRestriction, -} from './teams/addTeam' + addTeams, + formatAddTeamResult, + renderAddTeamAsciiTable, + AddTeamSourceKind, + AddTeamSkipReason, + AddTeamStatus, + TeamRestriction, +} from "./teams/addTeam"; export type { - AddTeamInput, - AddTeamResult, - AddTeamItemResult, - AddTeamConfirm, - AddTeamConflictPrompt, - TeamRestrictionInput, - FormatAddTeamResultOptions, - FormattedAddTeamTable, - FormattedAddTeamRow, -} from './teams/addTeam' + AddTeamInput, + AddTeamResult, + AddTeamItemResult, + AddTeamConfirm, + AddTeamConflictPrompt, + TeamRestrictionInput, + FormatAddTeamResultOptions, + FormattedAddTeamTable, + FormattedAddTeamRow, +} from "./teams/addTeam"; export { - updateTeams, - formatUpdateTeamResult, - renderUpdateTeamAsciiTable, - UpdateTeamStatus, -} from './teams/updateTeam' + updateTeams, + formatUpdateTeamResult, + renderUpdateTeamAsciiTable, + UpdateTeamStatus, +} from "./teams/updateTeam"; export type { - UpdateTeamInput, - UpdateTeamResult, - UpdateTeamItemResult, - FormattedUpdateTeamTable, - FormattedUpdateTeamRow, -} from './teams/updateTeam' + UpdateTeamInput, + UpdateTeamResult, + UpdateTeamItemResult, + FormattedUpdateTeamTable, + FormattedUpdateTeamRow, +} from "./teams/updateTeam"; export { - deleteTeams, - formatDeleteTeamResult, - renderDeleteTeamAsciiTable, - DeleteTeamStatus, -} from './teams/deleteTeam' + deleteTeams, + formatDeleteTeamResult, + renderDeleteTeamAsciiTable, + DeleteTeamStatus, +} from "./teams/deleteTeam"; export type { - DeleteTeamInput, - DeleteTeamResult, - DeleteTeamItemResult, - FormattedDeleteTeamTable, - FormattedDeleteTeamRow, -} from './teams/deleteTeam' + DeleteTeamInput, + DeleteTeamResult, + DeleteTeamItemResult, + FormattedDeleteTeamTable, + FormattedDeleteTeamRow, +} from "./teams/deleteTeam"; -export { TeamManager } from './teams/TeamManager' +export { TeamManager } from "./teams/TeamManager"; export { - listUsers, - formatUsersTable, - renderUsersAsciiTable, - UserColumn, - SUPPORTED_USER_COLUMNS, - DEFAULT_USER_COLUMNS, -} from './users/listUsers' + listUsers, + formatUsersTable, + renderUsersAsciiTable, + UserColumn, + SUPPORTED_USER_COLUMNS, + DEFAULT_USER_COLUMNS, +} from "./users/listUsers"; -export { viewUser, formatUserView, userViewTable } from './users/viewUser' +export { viewUser, formatUserView, userViewTable } from "./users/viewUser"; export { - addUsers, - formatAddUserResult, - renderAddUserAsciiTable, - AddUserStatus, - AddUserSkipReason, -} from './users/addUser' + addUsers, + formatAddUserResult, + renderAddUserAsciiTable, + AddUserStatus, + AddUserSkipReason, +} from "./users/addUser"; export { - updateUsers, - formatUpdateUserResult, - renderUpdateUserAsciiTable, - UpdateUserStatus, -} from './users/updateUser' + updateUsers, + formatUpdateUserResult, + renderUpdateUserAsciiTable, + UpdateUserStatus, +} from "./users/updateUser"; export { - deleteUsers, - formatDeleteUserResult, - renderDeleteUserAsciiTable, - DeleteUserStatus, -} from './users/deleteUser' + deleteUsers, + formatDeleteUserResult, + renderDeleteUserAsciiTable, + DeleteUserStatus, +} from "./users/deleteUser"; export { - actionUsers, - formatUserActionResult, - renderUserActionAsciiTable, - UserAction, - UserActionStatus, - UserActionSkipReason, -} from './users/actionUser' + actionUsers, + formatUserActionResult, + renderUserActionAsciiTable, + UserAction, + UserActionStatus, + UserActionSkipReason, +} from "./users/actionUser"; export type { - UserColumnInput, - ListUsersOptions, - ListUserRow, - FormattedUsersTable, - FormatUsersTableOptions, - UserTeamInfo, - UserRoleInfo, - UserView, - FormatUserViewOptions, - FormattedUserViewTable, - UserViewTableRow, - AddUserInput, - AddUserItemResult, - AddUserResult, - FormatAddUserResultOptions, - FormattedAddUserTable, - UpdateUserInput, - UpdateUserItemResult, - UpdateUserResult, - FormattedUpdateUserTable, - DeleteUserInput, - DeleteUserItemResult, - DeleteUserResult, - FormattedDeleteUserTable, - UserActionInput, - UserActionItemResult, - UserActionResult, - FormattedUserActionTable, - AliasUserInput, - AliasUserResult, - FormattedUserStatus, - AddUsersToTeamsInput, - RemoveUsersFromTeamsInput, - TeamUserItemResult, - TeamUserResult, - FormattedTeamUserTable, -} from './users/userTypes' - -export { EnterpriseUserStatus } from './users/userTypes' - -export { - aliasUser, - AliasOperation, -} from './users/aliasUser' + UserColumnInput, + ListUsersOptions, + ListUserRow, + FormattedUsersTable, + FormatUsersTableOptions, + UserTeamInfo, + UserRoleInfo, + UserView, + FormatUserViewOptions, + FormattedUserViewTable, + UserViewTableRow, + AddUserInput, + AddUserItemResult, + AddUserResult, + FormatAddUserResultOptions, + FormattedAddUserTable, + UpdateUserInput, + UpdateUserItemResult, + UpdateUserResult, + FormattedUpdateUserTable, + DeleteUserInput, + DeleteUserItemResult, + DeleteUserResult, + FormattedDeleteUserTable, + UserActionInput, + UserActionItemResult, + UserActionResult, + FormattedUserActionTable, + AliasUserInput, + AliasUserResult, + FormattedUserStatus, + AddUsersToTeamsInput, + RemoveUsersFromTeamsInput, + TeamUserItemResult, + TeamUserResult, + FormattedTeamUserTable, +} from "./users/userTypes"; + +export { EnterpriseUserStatus } from "./users/userTypes"; + +export { aliasUser, AliasOperation } from "./users/aliasUser"; export { - addUsersToTeams, - removeUsersFromTeams, - formatTeamUserResult, - renderTeamUserAsciiTable, - TeamUserStatus, - TeamUserSkipReason, -} from './users/teamUser' + addUsersToTeams, + removeUsersFromTeams, + formatTeamUserResult, + renderTeamUserAsciiTable, + TeamUserStatus, + TeamUserSkipReason, +} from "./users/teamUser"; -export { UserManager } from './users/UserManager' +export { UserManager } from "./users/UserManager"; export { - KeeperDriveKind, - NsfItemType, - formatAccessRoleType, - formatAccessType, - normalizeParentUid, - isRootFolderUid, - resolveKeeperDriveRootParentUid, - getKeeperDriveFolders, - getKeeperDriveRecords, - findRecordFolderLocation, - buildFolderPath, - isSensitiveFieldType, - ListNsfFormat, - listNestedShareFolders, - formatListNsfTable, - renderListNsfAsciiTable, - formatListNsfCsv, - formatListNsfJson, - formatListNsfOutput, - GetNsfFormat, - NsfAccessRoleLabel, - NsfObjectKind, - NSF_ACCESS_ROLE_LABELS, - NSF_MAX_RECORD_BATCH, - resolveRecordPermissionRole, - toNsfAccessRoleLabel, - resolveNsfFolder, - resolveNsfRecord, - getNestedShareFolder, - formatNsfFolderDetail, - formatNsfRecordDetail, - formatNsfDetail, - formatNsfJson, - formatNsfRecordJson, - toNsfRecordJsonView, - linkNestedShareRecord, - NsfRemoveOperation, - removeNestedShareRecords, - formatRemoveNsfPreview, - collectRemoveNsfWarnings, - mkdirNestedShareFolder, - NSF_FOLDER_COLORS, - NsfRemoveFolderOperation, - removeNestedShareFolders, - formatRemoveNsfFolderPreview, - GetNsfRecordDetailsFormat, - getNestedShareRecordDetails, - formatNsfRecordDetailsTable, - formatNsfRecordDetailsOutput, - updateNestedShareRecords, - updateNestedShareRecord, - addNestedShareRecord, - addNestedShareRecords, - buildNsfRecordData, - parseNsfFieldInput, - parseNsfFieldSpaceInput, - resolveNsfFieldValue, - clearNsfRecordTypeCache, - checkRecordEditPermission, - updateNestedShareFolder, - shareNestedShareFolder, - shareNestedShareRecord, - formatNsfRecordSharePlan, - formatNsfRecordShareResults, - formatNsfFolderShareResults, - parseShareExpiration, - parseShareExpirationValue, - validateShareExpirationTimestamp, - isShareExpirationNoop, - fetchNsfTeamPublicKeys, - encryptNsfFolderKeyForTeam, - resolveNsfShareRecipient, - MIN_SHARE_EXPIRATION_MS, - TeamGetKeysResponseKeyType, - getNsfRecordShortcuts, - listNsfShortcuts, - keepNsfShortcut, - formatNsfShortcutOutput, - formatKeepNsfShortcutPlan, - transferNestedShareRecords, - formatTransferNestedShareRecordResults, - NSF_RECORD_PERMISSION_ROLES, - NSFShareRoleName, - NsfShareCommandName, - NSF_SHARE_EXPIRATION_NEVER, - NsfFolderShareAction, - NsfFolderShareActionTaken, - NsfRecordShareAction, - NsfRecordShareActionTaken, - NsfRecordPermissionAction, - NsfResultStatus, - NsfTransferApiStatus, - NsfPermissionFailureCode, - collectNsfRecordUidsInFolder, - updateNestedShareRecordPermissions, - buildNsfRecordPermissionPlan, - formatNsfRecordPermissionPlan, - formatNsfRecordPermissionRequestHeader, - formatNsfRecordPermissionFailures, - resolveNsfRoleName, - getNsfAccessRoleLabel, - normalizeNsfRecordPermissionRole, - getFolderPermissionsForRole, - NestedShareFolderManager, -} from './nestedShareFolders' + KeeperDriveKind, + NsfItemType, + formatAccessRoleType, + formatAccessType, + normalizeParentUid, + isRootFolderUid, + resolveKeeperDriveRootParentUid, + getKeeperDriveFolders, + getKeeperDriveRecords, + findRecordFolderLocation, + buildFolderPath, + isSensitiveFieldType, + ListNsfFormat, + listNestedShareFolders, + formatListNsfTable, + renderListNsfAsciiTable, + formatListNsfCsv, + formatListNsfJson, + formatListNsfOutput, + GetNsfFormat, + NsfAccessRoleLabel, + NsfObjectKind, + NSF_ACCESS_ROLE_LABELS, + NSF_MAX_RECORD_BATCH, + resolveRecordPermissionRole, + toNsfAccessRoleLabel, + resolveNsfFolder, + resolveNsfRecord, + getNestedShareFolder, + formatNsfFolderDetail, + formatNsfRecordDetail, + formatNsfDetail, + formatNsfJson, + formatNsfRecordJson, + toNsfRecordJsonView, + linkNestedShareRecord, + NsfRemoveOperation, + removeNestedShareRecords, + formatRemoveNsfPreview, + collectRemoveNsfWarnings, + mkdirNestedShareFolder, + NSF_FOLDER_COLORS, + NsfRemoveFolderOperation, + removeNestedShareFolders, + formatRemoveNsfFolderPreview, + GetNsfRecordDetailsFormat, + getNestedShareRecordDetails, + formatNsfRecordDetailsTable, + formatNsfRecordDetailsOutput, + updateNestedShareRecords, + updateNestedShareRecord, + addNestedShareRecord, + addNestedShareRecords, + buildNsfRecordData, + parseNsfFieldInput, + parseNsfFieldSpaceInput, + resolveNsfFieldValue, + clearNsfRecordTypeCache, + checkRecordEditPermission, + updateNestedShareFolder, + shareNestedShareFolder, + shareNestedShareRecord, + formatNsfRecordSharePlan, + formatNsfRecordShareResults, + formatNsfFolderShareResults, + parseShareExpiration, + parseShareExpirationValue, + validateShareExpirationTimestamp, + isShareExpirationNoop, + fetchNsfTeamPublicKeys, + encryptNsfFolderKeyForTeam, + resolveNsfShareRecipient, + MIN_SHARE_EXPIRATION_MS, + TeamGetKeysResponseKeyType, + getNsfRecordShortcuts, + listNsfShortcuts, + keepNsfShortcut, + formatNsfShortcutOutput, + formatKeepNsfShortcutPlan, + transferNestedShareRecords, + formatTransferNestedShareRecordResults, + NSF_RECORD_PERMISSION_ROLES, + NSFShareRoleName, + NsfShareCommandName, + NSF_SHARE_EXPIRATION_NEVER, + NsfFolderShareAction, + NsfFolderShareActionTaken, + NsfRecordShareAction, + NsfRecordShareActionTaken, + NsfRecordPermissionAction, + NsfResultStatus, + NsfTransferApiStatus, + NsfPermissionFailureCode, + collectNsfRecordUidsInFolder, + updateNestedShareRecordPermissions, + buildNsfRecordPermissionPlan, + formatNsfRecordPermissionPlan, + formatNsfRecordPermissionRequestHeader, + formatNsfRecordPermissionFailures, + resolveNsfRoleName, + getNsfAccessRoleLabel, + normalizeNsfRecordPermissionRole, + getFolderPermissionsForRole, + NestedShareFolderManager, +} from "./nestedShareFolders"; export type { - ListNsfFormatInput, - ListNsfOptions, - ListNsfRow, - FormattedListNsfTable, - GetNsfFormatInput, - GetNsfOptions, - GetNsfResult, - NsfFolderView, - NsfRecordView, - NsfRecordFieldView, - NsfRecordFolderView, - NsfRecordJsonView, - NsfRecordJsonUserPermission, - NsfFolderPermission, - NsfFolderAccessRow, - NsfRecordPermission, - LinkNsfRecordResult, - NsfRemoveOperationInput, - RemoveNsfRecordInput, - NsfRemovePreviewItem, - RemoveNsfRecordResult, - MkdirNsfInput, - MkdirNsfResult, - NsfFolderColorInput, - NsfFolderColor, - NsfRemoveFolderOperationInput, - RemoveNsfFolderInput, - NsfRemoveFolderPreviewItem, - RemoveNsfFolderResult, - GetNsfRecordDetailsFormatInput, - GetNsfRecordDetailsInput, - GetNsfRecordDetailsResult, - NsfRecordDetailsItem, - UpdateNsfRecordInput, - UpdateNsfRecordItemInput, - UpdateNsfRecordsInput, - UpdateNsfRecordResult, - UpdateNsfRecordResultItem, - AddNsfRecordInput, - AddNsfRecordResult, - AddNsfRecordsInput, - AddNsfRecordsResult, - RecordAddPayload, - RecordUpdatePayload, - FolderCreatePayload, - ParsedNsfFields, - RecordFieldEntry, - UpdateNsfFolderInput, - UpdateNsfFolderResult, - NsfFolderShareActionInput, - ShareNestedShareFolderInput, - ShareNestedShareFolderResult, - NsfFolderShareResultItem, - NsfRecordShareActionInput, - ShareNestedShareRecordInput, - ShareNestedShareRecordResult, - NsfRecordSharePlanItem, - NsfRecordShareResultItem, - NsfShortcutRow, - ListNsfShortcutsOptions, - KeepNsfShortcutInput, - KeepNsfShortcutPlanItem, - KeepNsfShortcutResult, - KeepNsfShortcutResultItem, - TransferNestedShareRecordInput, - TransferNestedShareRecordResult, - TransferNestedShareRecordResultItem, - NsfRecordPermissionRole, - NsfRecordPermissionActionInput, - UpdateNsfRecordPermissionInput, - UpdateNsfRecordPermissionResult, - NsfRecordPermissionPlan, - NsfRecordPermissionPlanItem, - NsfRecordPermissionFailure, - ParseShareExpirationInput, - NsfTeamPublicKeys, - NsfResolvedShareRecipient, -} from './nestedShareFolders' + ListNsfFormatInput, + ListNsfOptions, + ListNsfRow, + FormattedListNsfTable, + GetNsfFormatInput, + GetNsfOptions, + GetNsfResult, + NsfFolderView, + NsfRecordView, + NsfRecordFieldView, + NsfRecordFolderView, + NsfRecordJsonView, + NsfRecordJsonUserPermission, + NsfFolderPermission, + NsfFolderAccessRow, + NsfRecordPermission, + LinkNsfRecordResult, + NsfRemoveOperationInput, + RemoveNsfRecordInput, + NsfRemovePreviewItem, + RemoveNsfRecordResult, + MkdirNsfInput, + MkdirNsfResult, + NsfFolderColorInput, + NsfFolderColor, + NsfRemoveFolderOperationInput, + RemoveNsfFolderInput, + NsfRemoveFolderPreviewItem, + RemoveNsfFolderResult, + GetNsfRecordDetailsFormatInput, + GetNsfRecordDetailsInput, + GetNsfRecordDetailsResult, + NsfRecordDetailsItem, + UpdateNsfRecordInput, + UpdateNsfRecordItemInput, + UpdateNsfRecordsInput, + UpdateNsfRecordResult, + UpdateNsfRecordResultItem, + AddNsfRecordInput, + AddNsfRecordResult, + AddNsfRecordsInput, + AddNsfRecordsResult, + RecordAddPayload, + RecordUpdatePayload, + FolderCreatePayload, + ParsedNsfFields, + RecordFieldEntry, + UpdateNsfFolderInput, + UpdateNsfFolderResult, + NsfFolderShareActionInput, + ShareNestedShareFolderInput, + ShareNestedShareFolderResult, + NsfFolderShareResultItem, + NsfRecordShareActionInput, + ShareNestedShareRecordInput, + ShareNestedShareRecordResult, + NsfRecordSharePlanItem, + NsfRecordShareResultItem, + NsfShortcutRow, + ListNsfShortcutsOptions, + KeepNsfShortcutInput, + KeepNsfShortcutPlanItem, + KeepNsfShortcutResult, + KeepNsfShortcutResultItem, + TransferNestedShareRecordInput, + TransferNestedShareRecordResult, + TransferNestedShareRecordResultItem, + NsfRecordPermissionRole, + NsfRecordPermissionActionInput, + UpdateNsfRecordPermissionInput, + UpdateNsfRecordPermissionResult, + NsfRecordPermissionPlan, + NsfRecordPermissionPlanItem, + NsfRecordPermissionFailure, + ParseShareExpirationInput, + NsfTeamPublicKeys, + NsfResolvedShareRecipient, +} from "./nestedShareFolders"; export type { - DRecord, - DRecordMetadata, - DSharedFolder, - DTeam, - DUserFolder, - VaultStorage, - SyncResult, - SyncDownOptions, - ClientConfiguration, - DeviceConfig, - SessionStorage, - AuthUI3, - KeeperError, - LoginError, -} from '@keeper-security/keeperapi' \ No newline at end of file + DRecord, + DRecordMetadata, + DSharedFolder, + DTeam, + DUserFolder, + VaultStorage, + SyncResult, + SyncDownOptions, + ClientConfiguration, + DeviceConfig, + SessionStorage, + AuthUI3, + KeeperError, + LoginError, +} from "@keeper-security/keeperapi"; diff --git a/KeeperSdk/src/nestedShareFolders/NestedShareFolderManager.ts b/KeeperSdk/src/nestedShareFolders/NestedShareFolderManager.ts index f3c9d4b8..9dad60ac 100644 --- a/KeeperSdk/src/nestedShareFolders/NestedShareFolderManager.ts +++ b/KeeperSdk/src/nestedShareFolders/NestedShareFolderManager.ts @@ -1,165 +1,209 @@ -import type { Auth } from '@keeper-security/keeperapi' -import type { InMemoryStorage } from '../storage/InMemoryStorage' -import { KeeperSdkError, ResultCodes } from '../utils' -import { listNestedShareFolders } from './listNsf' -import { getNestedShareFolder } from './getNsf' -import { linkNestedShareRecord } from './linkNsfRecord' -import { removeNestedShareRecords } from './removeNsfRecord' -import { mkdirNestedShareFolder } from './mkdirNsf' -import { removeNestedShareFolders } from './removeNsfFolder' -import { getNestedShareRecordDetails } from './getNsfRecordDetails' -import { updateNestedShareRecords, updateNestedShareRecord } from './updateNsfRecord' -import { addNestedShareRecord, addNestedShareRecords } from './addNsfRecord' -import { shareNestedShareFolder, shareNestedShareRecord } from './nsfShare' -import { listNsfShortcuts, keepNsfShortcut } from './nsfShortcut' -import { transferNestedShareRecords } from './nsfTransferRecord' -import { updateNestedShareRecordPermissions } from './nsfRecordPermission' -import { updateNestedShareFolder } from './updateNsfFolder' +import type { Auth } from "@keeper-security/keeperapi"; +import type { InMemoryStorage } from "../storage/InMemoryStorage"; +import { KeeperSdkError, ResultCodes } from "../utils"; +import { listNestedShareFolders } from "./listNsf"; +import { getNestedShareFolder } from "./getNsf"; +import { linkNestedShareRecord } from "./linkNsfRecord"; +import { removeNestedShareRecords } from "./removeNsfRecord"; +import { mkdirNestedShareFolder } from "./mkdirNsf"; +import { removeNestedShareFolders } from "./removeNsfFolder"; +import { getNestedShareRecordDetails } from "./getNsfRecordDetails"; +import { + updateNestedShareRecords, + updateNestedShareRecord, +} from "./updateNsfRecord"; +import { addNestedShareRecord, addNestedShareRecords } from "./addNsfRecord"; +import { shareNestedShareFolder, shareNestedShareRecord } from "./nsfShare"; +import { listNsfShortcuts, keepNsfShortcut } from "./nsfShortcut"; +import { transferNestedShareRecords } from "./nsfTransferRecord"; +import { updateNestedShareRecordPermissions } from "./nsfRecordPermission"; +import { updateNestedShareFolder } from "./updateNsfFolder"; import type { - AddNsfRecordInput, - AddNsfRecordResult, - AddNsfRecordsInput, - AddNsfRecordsResult, - GetNsfOptions, - GetNsfResult, - GetNsfRecordDetailsInput, - GetNsfRecordDetailsResult, - KeepNsfShortcutInput, - KeepNsfShortcutResult, - LinkNsfRecordResult, - ListNsfOptions, - ListNsfRow, - ListNsfShortcutsOptions, - MkdirNsfInput, - MkdirNsfResult, - NsfShortcutRow, - RemoveNsfFolderInput, - RemoveNsfFolderResult, - RemoveNsfRecordInput, - RemoveNsfRecordResult, - ShareNestedShareFolderInput, - ShareNestedShareFolderResult, - ShareNestedShareRecordInput, - ShareNestedShareRecordResult, - TransferNestedShareRecordInput, - TransferNestedShareRecordResult, - UpdateNsfFolderInput, - UpdateNsfFolderResult, - UpdateNsfRecordInput, - UpdateNsfRecordItemInput, - UpdateNsfRecordsInput, - UpdateNsfRecordPermissionInput, - UpdateNsfRecordPermissionResult, - UpdateNsfRecordResult, - UpdateNsfRecordResultItem, -} from './nsfTypes' - -export type AuthProvider = () => Auth + AddNsfRecordInput, + AddNsfRecordResult, + AddNsfRecordsInput, + AddNsfRecordsResult, + GetNsfOptions, + GetNsfResult, + GetNsfRecordDetailsInput, + GetNsfRecordDetailsResult, + KeepNsfShortcutInput, + KeepNsfShortcutResult, + LinkNsfRecordResult, + ListNsfOptions, + ListNsfRow, + ListNsfShortcutsOptions, + MkdirNsfInput, + MkdirNsfResult, + NsfShortcutRow, + RemoveNsfFolderInput, + RemoveNsfFolderResult, + RemoveNsfRecordInput, + RemoveNsfRecordResult, + ShareNestedShareFolderInput, + ShareNestedShareFolderResult, + ShareNestedShareRecordInput, + ShareNestedShareRecordResult, + TransferNestedShareRecordInput, + TransferNestedShareRecordResult, + UpdateNsfFolderInput, + UpdateNsfFolderResult, + UpdateNsfRecordInput, + UpdateNsfRecordItemInput, + UpdateNsfRecordsInput, + UpdateNsfRecordPermissionInput, + UpdateNsfRecordPermissionResult, + UpdateNsfRecordResult, + UpdateNsfRecordResultItem, +} from "./nsfTypes"; + +export type AuthProvider = () => Auth; export class NestedShareFolderManager { - private readonly storage: InMemoryStorage - private readonly authProvider: AuthProvider - - constructor(storage: InMemoryStorage, authProvider: AuthProvider) { - this.storage = storage - this.authProvider = authProvider - } - - private requireAuth(): Auth { - const auth = this.authProvider() - if (!auth?.sessionToken) { - throw new KeeperSdkError('Not logged in. Call login() first.', ResultCodes.NOT_LOGGED_IN) - } - return auth - } - - public listNestedShareFolders(options: ListNsfOptions = {}): ListNsfRow[] { - return listNestedShareFolders(this.storage, options) - } - - public async getNestedShareFolder(identifier: string, options: GetNsfOptions = {}): Promise { - return getNestedShareFolder(this.storage, this.requireAuth(), identifier, options) - } - - public async linkNestedShareRecord( - recordIdentifier: string, - folderIdentifier: string - ): Promise { - return linkNestedShareRecord(this.storage, this.requireAuth(), recordIdentifier, folderIdentifier) - } - - public async removeNestedShareRecords(input: RemoveNsfRecordInput): Promise { - return removeNestedShareRecords(this.storage, this.requireAuth(), input) - } - - public async mkdirNestedShareFolder(input: MkdirNsfInput): Promise { - return mkdirNestedShareFolder(this.storage, this.requireAuth(), input) - } - - public async removeNestedShareFolders(input: RemoveNsfFolderInput): Promise { - return removeNestedShareFolders(this.storage, this.requireAuth(), input) - } - - public async getNestedShareRecordDetails( - input: GetNsfRecordDetailsInput - ): Promise { - return getNestedShareRecordDetails(this.storage, this.requireAuth(), input) - } - - public async updateNestedShareRecords( - input: UpdateNsfRecordInput | UpdateNsfRecordsInput - ): Promise { - return updateNestedShareRecords(this.storage, this.requireAuth(), input) - } - - public async updateNestedShareRecord(input: UpdateNsfRecordItemInput): Promise { - return updateNestedShareRecord(this.storage, this.requireAuth(), input) - } - - public async addNestedShareRecords(input: AddNsfRecordsInput): Promise { - return addNestedShareRecords(this.storage, this.requireAuth(), input) - } - - public async addNestedShareRecord(input: AddNsfRecordInput): Promise { - return addNestedShareRecord(this.storage, this.requireAuth(), input) - } - - public async updateNestedShareFolder(input: UpdateNsfFolderInput): Promise { - return updateNestedShareFolder(this.storage, this.requireAuth(), input) - } - - public async shareNestedShareFolder( - input: ShareNestedShareFolderInput - ): Promise { - return shareNestedShareFolder(this.storage, this.requireAuth(), input) - } - - public async shareNestedShareRecord( - input: ShareNestedShareRecordInput - ): Promise { - return shareNestedShareRecord(this.storage, this.requireAuth(), input) - } - - public listNsfShortcuts(options: ListNsfShortcutsOptions = {}): NsfShortcutRow[] { - return listNsfShortcuts(this.storage, options) - } - - public async keepNsfShortcut( - input: KeepNsfShortcutInput, - defaultFolderUid?: string - ): Promise { - return keepNsfShortcut(this.storage, this.requireAuth(), input, defaultFolderUid) - } - - public async transferNestedShareRecords( - input: TransferNestedShareRecordInput - ): Promise { - return transferNestedShareRecords(this.storage, this.requireAuth(), input) - } - - public async updateNestedShareRecordPermissions( - input: UpdateNsfRecordPermissionInput - ): Promise { - return updateNestedShareRecordPermissions(this.storage, this.requireAuth(), input) - } + private readonly storage: InMemoryStorage; + private readonly authProvider: AuthProvider; + + constructor(storage: InMemoryStorage, authProvider: AuthProvider) { + this.storage = storage; + this.authProvider = authProvider; + } + + private requireAuth(): Auth { + const auth = this.authProvider(); + if (!auth?.sessionToken) { + throw new KeeperSdkError( + "Not logged in. Call login() first.", + ResultCodes.NOT_LOGGED_IN, + ); + } + return auth; + } + + public listNestedShareFolders(options: ListNsfOptions = {}): ListNsfRow[] { + return listNestedShareFolders(this.storage, options); + } + + public async getNestedShareFolder( + identifier: string, + options: GetNsfOptions = {}, + ): Promise { + return getNestedShareFolder( + this.storage, + this.requireAuth(), + identifier, + options, + ); + } + + public async linkNestedShareRecord( + recordIdentifier: string, + folderIdentifier: string, + ): Promise { + return linkNestedShareRecord( + this.storage, + this.requireAuth(), + recordIdentifier, + folderIdentifier, + ); + } + + public async removeNestedShareRecords( + input: RemoveNsfRecordInput, + ): Promise { + return removeNestedShareRecords(this.storage, this.requireAuth(), input); + } + + public async mkdirNestedShareFolder( + input: MkdirNsfInput, + ): Promise { + return mkdirNestedShareFolder(this.storage, this.requireAuth(), input); + } + + public async removeNestedShareFolders( + input: RemoveNsfFolderInput, + ): Promise { + return removeNestedShareFolders(this.storage, this.requireAuth(), input); + } + + public async getNestedShareRecordDetails( + input: GetNsfRecordDetailsInput, + ): Promise { + return getNestedShareRecordDetails(this.storage, this.requireAuth(), input); + } + + public async updateNestedShareRecords( + input: UpdateNsfRecordInput | UpdateNsfRecordsInput, + ): Promise { + return updateNestedShareRecords(this.storage, this.requireAuth(), input); + } + + public async updateNestedShareRecord( + input: UpdateNsfRecordItemInput, + ): Promise { + return updateNestedShareRecord(this.storage, this.requireAuth(), input); + } + + public async addNestedShareRecords( + input: AddNsfRecordsInput, + ): Promise { + return addNestedShareRecords(this.storage, this.requireAuth(), input); + } + + public async addNestedShareRecord( + input: AddNsfRecordInput, + ): Promise { + return addNestedShareRecord(this.storage, this.requireAuth(), input); + } + + public async updateNestedShareFolder( + input: UpdateNsfFolderInput, + ): Promise { + return updateNestedShareFolder(this.storage, this.requireAuth(), input); + } + + public async shareNestedShareFolder( + input: ShareNestedShareFolderInput, + ): Promise { + return shareNestedShareFolder(this.storage, this.requireAuth(), input); + } + + public async shareNestedShareRecord( + input: ShareNestedShareRecordInput, + ): Promise { + return shareNestedShareRecord(this.storage, this.requireAuth(), input); + } + + public listNsfShortcuts( + options: ListNsfShortcutsOptions = {}, + ): NsfShortcutRow[] { + return listNsfShortcuts(this.storage, options); + } + + public async keepNsfShortcut( + input: KeepNsfShortcutInput, + defaultFolderUid?: string, + ): Promise { + return keepNsfShortcut( + this.storage, + this.requireAuth(), + input, + defaultFolderUid, + ); + } + + public async transferNestedShareRecords( + input: TransferNestedShareRecordInput, + ): Promise { + return transferNestedShareRecords(this.storage, this.requireAuth(), input); + } + + public async updateNestedShareRecordPermissions( + input: UpdateNsfRecordPermissionInput, + ): Promise { + return updateNestedShareRecordPermissions( + this.storage, + this.requireAuth(), + input, + ); + } } diff --git a/KeeperSdk/src/nestedShareFolders/addNsfRecord.ts b/KeeperSdk/src/nestedShareFolders/addNsfRecord.ts index e6e26009..fef612a8 100644 --- a/KeeperSdk/src/nestedShareFolders/addNsfRecord.ts +++ b/KeeperSdk/src/nestedShareFolders/addNsfRecord.ts @@ -1,193 +1,222 @@ -import type { Auth, record as RecordProto } from '@keeper-security/keeperapi' +import type { Auth, record as RecordProto } from "@keeper-security/keeperapi"; import { - Folder, - generateEncryptionKey, - generateUid, - keeperDriveRecordsAdd, - normal64Bytes, - platform, -} from '@keeper-security/keeperapi' -import type { InMemoryStorage } from '../storage/InMemoryStorage' -import { KeeperSdkError, ResultCodes, extractErrorMessage } from '../utils' -import { NSF_MAX_RECORD_BATCH } from './nsfConstants' + Folder, + generateEncryptionKey, + generateUid, + keeperDriveRecordsAdd, + normal64Bytes, + platform, +} from "@keeper-security/keeperapi"; +import type { InMemoryStorage } from "../storage/InMemoryStorage"; +import { KeeperSdkError, ResultCodes, extractErrorMessage } from "../utils"; +import { NSF_MAX_RECORD_BATCH } from "./nsfConstants"; +import { buildNsfRecordData, getPaddedJsonBytes } from "./nsfRecordData"; import { - buildNsfRecordData, - getPaddedJsonBytes, -} from './nsfRecordData' -import { - ensureNestedShareFolder, - nsfToNumber, - parseRecordModifyStatus, - requireAuthDataKey, - resolveNsfFolderIdentifier, -} from './nsfHelpers' -import { validateNsfRecordType } from './nsfRecordTypes' + ensureNestedShareFolder, + nsfToNumber, + parseRecordModifyStatus, + requireAuthDataKey, + resolveNsfFolderIdentifier, +} from "./nsfHelpers"; +import { validateNsfRecordType } from "./nsfRecordTypes"; import type { - AddNsfRecordInput, - AddNsfRecordResult, - AddNsfRecordsInput, - AddNsfRecordsResult, - RecordAddPayload, -} from './nsfTypes' - -function resolveFolderUid(storage: InMemoryStorage, folderInput?: string): string | undefined { - const trimmed = folderInput?.trim() - if (!trimmed) return undefined - - const folderUid = resolveNsfFolderIdentifier(storage, trimmed) - if (!folderUid) { - throw new KeeperSdkError(`No such folder: ${trimmed}`, ResultCodes.NSF_NOT_FOUND) - } - ensureNestedShareFolder(storage, folderUid, trimmed) - return folderUid + AddNsfRecordInput, + AddNsfRecordResult, + AddNsfRecordsInput, + AddNsfRecordsResult, + RecordAddPayload, +} from "./nsfTypes"; + +function resolveFolderUid( + storage: InMemoryStorage, + folderInput?: string, +): string | undefined { + const trimmed = folderInput?.trim(); + if (!trimmed) return undefined; + + const folderUid = resolveNsfFolderIdentifier(storage, trimmed); + if (!folderUid) { + throw new KeeperSdkError( + `No such folder: ${trimmed}`, + ResultCodes.NSF_NOT_FOUND, + ); + } + ensureNestedShareFolder(storage, folderUid, trimmed); + return folderUid; } -async function requireFolderKey(storage: InMemoryStorage, folderUid: string): Promise { - const folderKey = await storage.getKeyBytes(folderUid) - if (folderKey) return folderKey - throw new KeeperSdkError( - `Folder key not found for ${folderUid}. Run sync() first.`, - ResultCodes.NSF_MISSING_KEY - ) +async function requireFolderKey( + storage: InMemoryStorage, + folderUid: string, +): Promise { + const folderKey = await storage.getKeyBytes(folderUid); + if (folderKey) return folderKey; + throw new KeeperSdkError( + `Folder key not found for ${folderUid}. Run sync() first.`, + ResultCodes.NSF_MISSING_KEY, + ); } async function buildRecordAddPayload( - storage: InMemoryStorage, - auth: Auth, - recordData: Record, - folderUid?: string + storage: InMemoryStorage, + auth: Auth, + recordData: Record, + folderUid?: string, ): Promise { - const recordUid = generateUid() - const recordKey = generateEncryptionKey() - await storage.saveKeyBytes(recordUid, recordKey) - - const recordAdd: RecordProto.v3.IRecordAdd = { - recordUid: normal64Bytes(recordUid), - clientModifiedTime: Date.now(), - data: await platform.aesGcmEncrypt(getPaddedJsonBytes(recordData), recordKey), - } - - if (folderUid) { - const folderKey = await requireFolderKey(storage, folderUid) - recordAdd.folderUid = normal64Bytes(folderUid) - recordAdd.recordKey = await platform.aesGcmEncrypt(recordKey, folderKey) - recordAdd.recordKeyEncryptedBy = Folder.FolderKeyEncryptionType.ENCRYPTED_BY_PARENT_KEY - recordAdd.recordKeyType = Folder.EncryptedKeyType.encrypted_by_data_key_gcm - } else { - recordAdd.recordKey = await platform.aesGcmEncrypt(recordKey, requireAuthDataKey(auth)) - recordAdd.recordKeyType = Folder.EncryptedKeyType.encrypted_by_data_key_gcm - } - - return { recordUid, recordAdd } + const recordUid = generateUid(); + const recordKey = generateEncryptionKey(); + await storage.saveKeyBytes(recordUid, recordKey); + + const recordAdd: RecordProto.v3.IRecordAdd = { + recordUid: normal64Bytes(recordUid), + clientModifiedTime: Date.now(), + data: await platform.aesGcmEncrypt( + getPaddedJsonBytes(recordData), + recordKey, + ), + }; + + if (folderUid) { + const folderKey = await requireFolderKey(storage, folderUid); + recordAdd.folderUid = normal64Bytes(folderUid); + recordAdd.recordKey = await platform.aesGcmEncrypt(recordKey, folderKey); + recordAdd.recordKeyEncryptedBy = + Folder.FolderKeyEncryptionType.ENCRYPTED_BY_PARENT_KEY; + recordAdd.recordKeyType = Folder.EncryptedKeyType.encrypted_by_data_key_gcm; + } else { + recordAdd.recordKey = await platform.aesGcmEncrypt( + recordKey, + requireAuthDataKey(auth), + ); + recordAdd.recordKeyType = Folder.EncryptedKeyType.encrypted_by_data_key_gcm; + } + + return { recordUid, recordAdd }; } function validateAddNsfRecordInput(input: AddNsfRecordInput): void { - if (!input.title?.trim()) { - throw new KeeperSdkError('Record title is required.', ResultCodes.NSF_ADD_FAILED) - } - if (!input.recordType?.trim() && !input.recordData) { - throw new KeeperSdkError('Record type is required.', ResultCodes.NSF_ADD_FAILED) - } - if (input.hasFileFields && !input.force) { - throw new KeeperSdkError( - 'File attachments are not supported in nested share record add.', - ResultCodes.NSF_ADD_FAILED - ) - } + if (!input.title?.trim()) { + throw new KeeperSdkError( + "Record title is required.", + ResultCodes.NSF_ADD_FAILED, + ); + } + if (!input.recordType?.trim() && !input.recordData) { + throw new KeeperSdkError( + "Record type is required.", + ResultCodes.NSF_ADD_FAILED, + ); + } + if (input.hasFileFields && !input.force) { + throw new KeeperSdkError( + "File attachments are not supported in nested share record add.", + ResultCodes.NSF_ADD_FAILED, + ); + } } -function buildRecordDataFromInput(input: AddNsfRecordInput): Record { - return ( - input.recordData ?? - buildNsfRecordData({ - title: input.title, - recordType: input.recordType, - notes: input.notes, - fieldEntries: input.fieldEntries, - customEntries: input.customEntries, - }) - ) +function buildRecordDataFromInput( + input: AddNsfRecordInput, +): Record { + return ( + input.recordData ?? + buildNsfRecordData({ + title: input.title, + recordType: input.recordType, + notes: input.notes, + fieldEntries: input.fieldEntries, + customEntries: input.customEntries, + }) + ); } export async function addNestedShareRecords( - storage: InMemoryStorage, - auth: Auth, - input: AddNsfRecordsInput + storage: InMemoryStorage, + auth: Auth, + input: AddNsfRecordsInput, ): Promise { - const recordInputs = input.records ?? [] - if (recordInputs.length === 0) { - throw new KeeperSdkError('At least one record is required.', ResultCodes.NSF_ADD_FAILED) - } - if (recordInputs.length > NSF_MAX_RECORD_BATCH) { - throw new KeeperSdkError( - `Maximum ${NSF_MAX_RECORD_BATCH} records per request.`, - ResultCodes.NSF_TOO_MANY_RECORDS - ) - } - - const recordTypes = new Set() - for (const recordInput of recordInputs) { - validateAddNsfRecordInput(recordInput) - if (!recordInput.recordData && recordInput.recordType?.trim()) { - recordTypes.add(recordInput.recordType.trim()) - } - } - for (const recordType of recordTypes) { - await validateNsfRecordType(auth, recordType, ResultCodes.NSF_ADD_FAILED) - } - - try { - const payloads = await Promise.all( - recordInputs.map(async (recordInput) => - buildRecordAddPayload( - storage, - auth, - buildRecordDataFromInput(recordInput), - resolveFolderUid(storage, recordInput.folder) - ) - ) - ) - - const response = await auth.executeRest( - keeperDriveRecordsAdd({ - records: payloads.map((entry) => entry.recordAdd), - clientTime: Date.now(), - }) - ) - const revision = nsfToNumber(response.revision) - - const added = payloads.map((payload, index) => { - const { statusName, message } = parseRecordModifyStatus( - response.records?.[index], - ResultCodes.NSF_ADD_FAILED - ) - return { - recordUid: payload.recordUid, - success: true, - status: statusName, - message, - revision, - } - }) - - return { added, revision } - } catch (err) { - if (err instanceof KeeperSdkError) throw err - throw new KeeperSdkError( - `Failed to add nested share record(s): ${extractErrorMessage(err)}`, - ResultCodes.NSF_ADD_FAILED - ) + const recordInputs = input.records ?? []; + if (recordInputs.length === 0) { + throw new KeeperSdkError( + "At least one record is required.", + ResultCodes.NSF_ADD_FAILED, + ); + } + if (recordInputs.length > NSF_MAX_RECORD_BATCH) { + throw new KeeperSdkError( + `Maximum ${NSF_MAX_RECORD_BATCH} records per request.`, + ResultCodes.NSF_TOO_MANY_RECORDS, + ); + } + + const recordTypes = new Set(); + for (const recordInput of recordInputs) { + validateAddNsfRecordInput(recordInput); + if (!recordInput.recordData && recordInput.recordType?.trim()) { + recordTypes.add(recordInput.recordType.trim()); } + } + for (const recordType of recordTypes) { + await validateNsfRecordType(auth, recordType, ResultCodes.NSF_ADD_FAILED); + } + + try { + const payloads = await Promise.all( + recordInputs.map(async (recordInput) => + buildRecordAddPayload( + storage, + auth, + buildRecordDataFromInput(recordInput), + resolveFolderUid(storage, recordInput.folder), + ), + ), + ); + + const response = await auth.executeRest( + keeperDriveRecordsAdd({ + records: payloads.map((entry) => entry.recordAdd), + clientTime: Date.now(), + }), + ); + const revision = nsfToNumber(response.revision); + + const added = payloads.map((payload, index) => { + const { statusName, message } = parseRecordModifyStatus( + response.records?.[index], + ResultCodes.NSF_ADD_FAILED, + ); + return { + recordUid: payload.recordUid, + success: true, + status: statusName, + message, + revision, + }; + }); + + return { added, revision }; + } catch (err) { + if (err instanceof KeeperSdkError) throw err; + throw new KeeperSdkError( + `Failed to add nested share record(s): ${extractErrorMessage(err)}`, + ResultCodes.NSF_ADD_FAILED, + ); + } } export async function addNestedShareRecord( - storage: InMemoryStorage, - auth: Auth, - input: AddNsfRecordInput + storage: InMemoryStorage, + auth: Auth, + input: AddNsfRecordInput, ): Promise { - const { added } = await addNestedShareRecords(storage, auth, { records: [input] }) - if (!added[0]) { - throw new KeeperSdkError('Failed to add nested share record.', ResultCodes.NSF_ADD_FAILED) - } - return added[0] + const { added } = await addNestedShareRecords(storage, auth, { + records: [input], + }); + if (!added[0]) { + throw new KeeperSdkError( + "Failed to add nested share record.", + ResultCodes.NSF_ADD_FAILED, + ); + } + return added[0]; } diff --git a/KeeperSdk/src/nestedShareFolders/getNsf.ts b/KeeperSdk/src/nestedShareFolders/getNsf.ts index 91ce48d7..3af627c3 100644 --- a/KeeperSdk/src/nestedShareFolders/getNsf.ts +++ b/KeeperSdk/src/nestedShareFolders/getNsf.ts @@ -1,568 +1,651 @@ -import type { Auth, DRecord, DKdFolder, DKdFolderAccess } from '@keeper-security/keeperapi' +import type { + Auth, + DRecord, + DKdFolder, + DKdFolderAccess, +} from "@keeper-security/keeperapi"; import { - Folder, - Records, - getRecordsDetailsMessage, - getSharingAdminsMessage, - normal64Bytes, - webSafe64FromBytes, -} from '@keeper-security/keeperapi' -import type { InMemoryStorage } from '../storage/InMemoryStorage' + Folder, + Records, + getRecordsDetailsMessage, + getSharingAdminsMessage, + normal64Bytes, + webSafe64FromBytes, +} from "@keeper-security/keeperapi"; +import type { InMemoryStorage } from "../storage/InMemoryStorage"; import { - getRecordFields, - getRecordLogin, - getRecordPassword, - getRecordTitle, - getRecordType, - getRecordUrl, -} from '../records/RecordUtils' -import { KeeperSdkError, ResultCodes } from '../utils' + getRecordFields, + getRecordLogin, + getRecordPassword, + getRecordTitle, + getRecordType, + getRecordUrl, +} from "../records/RecordUtils"; +import { KeeperSdkError, ResultCodes } from "../utils"; import { - buildFolderPath, - collectRecordsInFolder, - fetchLiveRecordAccessEntries, - getFolderAccessEntries, - findNestedShareFoldersForRecord, - findRecordFolderLocation, - folderAccessDisplayRole, - formatAccessType, - getKeeperDriveFolder, - getKeeperDriveRecord, - isFolderOwnerAccessor, - isFolderShareAdministrator, - isFolderUserPermission, - isSensitiveFieldType, - loadShareUserMap, - normalizeParentUid, - recordAccessDisplayRole, - resolveAccessUsername, - resolveNsfFolderIdentifier, - resolveNsfRecordIdentifier, -} from './nsfHelpers' + buildFolderPath, + collectRecordsInFolder, + fetchLiveRecordAccessEntries, + getFolderAccessEntries, + findNestedShareFoldersForRecord, + findRecordFolderLocation, + folderAccessDisplayRole, + formatAccessType, + getKeeperDriveFolder, + getKeeperDriveRecord, + isFolderOwnerAccessor, + isFolderShareAdministrator, + isFolderUserPermission, + isSensitiveFieldType, + loadShareUserMap, + normalizeParentUid, + recordAccessDisplayRole, + resolveAccessUsername, + resolveNsfFolderIdentifier, + resolveNsfRecordIdentifier, +} from "./nsfHelpers"; import { - NSF_FOLDER_LABEL_WIDTH, - NSF_FOLDER_SHARE_ADMINS_HEADING, - NSF_USER_PERMISSIONS_HEADING, - NSF_MASKED_VALUE, - NSF_RECORD_LABEL_WIDTH, - NSF_SHARE_ADMINS_PREVIEW_LIMIT, - NSF_TOP_LEVEL_FIELD_TYPES, - NSF_UNKNOWN_RECORD_TITLES, -} from './nsfConstants' + NSF_FOLDER_LABEL_WIDTH, + NSF_FOLDER_SHARE_ADMINS_HEADING, + NSF_USER_PERMISSIONS_HEADING, + NSF_MASKED_VALUE, + NSF_RECORD_LABEL_WIDTH, + NSF_SHARE_ADMINS_PREVIEW_LIMIT, + NSF_TOP_LEVEL_FIELD_TYPES, + NSF_UNKNOWN_RECORD_TITLES, +} from "./nsfConstants"; import { - GetNsfFormat, - NsfAccessRoleLabel, - NsfObjectKind, - resolveRecordPermissionRole, - type GetNsfFormatInput, - type GetNsfOptions, - type GetNsfResult, - type NsfFolderAccessRow, - type NsfFolderPermission, - type NsfFolderView, - type NsfRecordFieldView, - type NsfRecordFolderView, - type NsfRecordJsonUserPermission, - type NsfRecordJsonView, - type NsfRecordPermission, - type NsfRecordView, -} from './nsfTypes' + GetNsfFormat, + NsfAccessRoleLabel, + NsfObjectKind, + resolveRecordPermissionRole, + type GetNsfFormatInput, + type GetNsfOptions, + type GetNsfResult, + type NsfFolderAccessRow, + type NsfFolderPermission, + type NsfFolderView, + type NsfRecordFieldView, + type NsfRecordFolderView, + type NsfRecordJsonUserPermission, + type NsfRecordJsonView, + type NsfRecordPermission, + type NsfRecordView, +} from "./nsfTypes"; function formatNsfFieldParts(values: unknown[]): string[] { - return values - .filter((value) => value != null && value !== '') - .map(formatNsfFieldValue) - .filter((part) => part.length > 0) + return values + .filter((value) => value != null && value !== "") + .map(formatNsfFieldValue) + .filter((part) => part.length > 0); } function formatNsfFieldValue(value: unknown): string { - if (value == null || value === '') return '' - if (typeof value === 'string') return value - if (typeof value === 'number' || typeof value === 'boolean') return String(value) - if (Array.isArray(value)) { - return formatNsfFieldParts(value).join(', ') - } - if (typeof value === 'object') { - return formatNsfFieldParts(Object.values(value as Record)).join(', ') - } - return String(value) + if (value == null || value === "") return ""; + if (typeof value === "string") return value; + if (typeof value === "number" || typeof value === "boolean") + return String(value); + if (Array.isArray(value)) { + return formatNsfFieldParts(value).join(", "); + } + if (typeof value === "object") { + return formatNsfFieldParts( + Object.values(value as Record), + ).join(", "); + } + return String(value); } function folderDetailRow(label: string, value: string): string { - return `${label.padStart(NSF_FOLDER_LABEL_WIDTH)}: ${value}` + return `${label.padStart(NSF_FOLDER_LABEL_WIDTH)}: ${value}`; } function recordDetailRow(label: string, value: string): string { - return `${label.padStart(NSF_RECORD_LABEL_WIDTH)}: ${value}` + return `${label.padStart(NSF_RECORD_LABEL_WIDTH)}: ${value}`; } -function recordDetailsMessage(recordUid: string, include: Records.RecordDetailsInclude) { - return getRecordsDetailsMessage({ - clientTime: Date.now(), - recordUid: [normal64Bytes(recordUid)], - recordDetailsInclude: include, - }) +function recordDetailsMessage( + recordUid: string, + include: Records.RecordDetailsInclude, +) { + return getRecordsDetailsMessage({ + clientTime: Date.now(), + recordUid: [normal64Bytes(recordUid)], + recordDetailsInclude: include, + }); } function mapFolderPermission(entry: DKdFolderAccess): NsfFolderPermission { - return { - accessTypeUid: entry.accessTypeUid, - accessType: formatAccessType(entry.accessType), - accessRoleType: folderAccessDisplayRole(entry), - inherited: entry.inherited, - hidden: entry.hidden, - } + return { + accessTypeUid: entry.accessTypeUid, + accessType: formatAccessType(entry.accessType), + accessRoleType: folderAccessDisplayRole(entry), + inherited: entry.inherited, + hidden: entry.hidden, + }; } function buildFolderAccessRow( - storage: InMemoryStorage, - folder: DKdFolder, - entry: DKdFolderAccess, - shareUsers: Map + storage: InMemoryStorage, + folder: DKdFolder, + entry: DKdFolderAccess, + shareUsers: Map, ): NsfFolderAccessRow { - const username = resolveAccessUsername(storage, entry.accessTypeUid, folder, shareUsers) - const role = isFolderOwnerAccessor(folder, entry, username) - ? NsfAccessRoleLabel.Owner - : folderAccessDisplayRole(entry) - return { username, role } + const username = resolveAccessUsername( + storage, + entry.accessTypeUid, + folder, + shareUsers, + ); + const role = isFolderOwnerAccessor(folder, entry, username) + ? NsfAccessRoleLabel.Owner + : folderAccessDisplayRole(entry); + return { username, role }; } function splitFolderPermissions( - storage: InMemoryStorage, - folder: DKdFolder, - entries: DKdFolderAccess[], - shareUsers: Map + storage: InMemoryStorage, + folder: DKdFolder, + entries: DKdFolderAccess[], + shareUsers: Map, ) { - const userPermissions: NsfFolderAccessRow[] = [] - const shareAdmins: NsfFolderAccessRow[] = [] - const teamPermissions: NsfFolderPermission[] = [] - - for (const entry of entries) { - if (isFolderUserPermission(entry)) { - userPermissions.push(buildFolderAccessRow(storage, folder, entry, shareUsers)) - } - if (isFolderShareAdministrator(entry)) { - shareAdmins.push(buildFolderAccessRow(storage, folder, entry, shareUsers)) - } - if (entry.accessType === Folder.AccessType.AT_TEAM) { - teamPermissions.push(mapFolderPermission(entry)) - } + const userPermissions: NsfFolderAccessRow[] = []; + const shareAdmins: NsfFolderAccessRow[] = []; + const teamPermissions: NsfFolderPermission[] = []; + + for (const entry of entries) { + if (isFolderUserPermission(entry)) { + userPermissions.push( + buildFolderAccessRow(storage, folder, entry, shareUsers), + ); + } + if (isFolderShareAdministrator(entry)) { + shareAdmins.push( + buildFolderAccessRow(storage, folder, entry, shareUsers), + ); } + if (entry.accessType === Folder.AccessType.AT_TEAM) { + teamPermissions.push(mapFolderPermission(entry)); + } + } - return { userPermissions, shareAdmins, teamPermissions } + return { userPermissions, shareAdmins, teamPermissions }; } -function prependOwnerRow(rows: NsfFolderAccessRow[], ownerUsername: string): NsfFolderAccessRow[] { - if (rows.some((entry) => entry.username === ownerUsername)) return rows - return [{ username: ownerUsername, role: NsfAccessRoleLabel.Owner }, ...rows] +function prependOwnerRow( + rows: NsfFolderAccessRow[], + ownerUsername: string, +): NsfFolderAccessRow[] { + if (rows.some((entry) => entry.username === ownerUsername)) return rows; + return [{ username: ownerUsername, role: NsfAccessRoleLabel.Owner }, ...rows]; } function ensureFolderOwnerListed( - folder: DKdFolder, - userPermissions: NsfFolderAccessRow[], - shareAdmins: NsfFolderAccessRow[] -): { userPermissions: NsfFolderAccessRow[]; shareAdmins: NsfFolderAccessRow[] } { - const ownerUsername = folder.ownerInfo?.username?.trim() - if (!ownerUsername) return { userPermissions, shareAdmins } - return { - userPermissions: prependOwnerRow(userPermissions, ownerUsername), - shareAdmins: prependOwnerRow(shareAdmins, ownerUsername), - } + folder: DKdFolder, + userPermissions: NsfFolderAccessRow[], + shareAdmins: NsfFolderAccessRow[], +): { + userPermissions: NsfFolderAccessRow[]; + shareAdmins: NsfFolderAccessRow[]; +} { + const ownerUsername = folder.ownerInfo?.username?.trim(); + if (!ownerUsername) return { userPermissions, shareAdmins }; + return { + userPermissions: prependOwnerRow(userPermissions, ownerUsername), + shareAdmins: prependOwnerRow(shareAdmins, ownerUsername), + }; } function fieldValueToStrings(values: unknown[], fieldType?: string): string[] { - return values.map((value) => { - if (value == null || value === '') return '' - if (typeof value === 'string') return value - if (typeof value === 'number' || typeof value === 'boolean') return String(value) - if (typeof value === 'object') { - const obj = value as Record - if (fieldType === 'host' || fieldType === 'address') { - return JSON.stringify(obj) - } - if (typeof obj.url === 'string') return obj.url - if (typeof obj.value === 'string') return obj.value - return JSON.stringify(value) - } - return String(value) - }) + return values.map((value) => { + if (value == null || value === "") return ""; + if (typeof value === "string") return value; + if (typeof value === "number" || typeof value === "boolean") + return String(value); + if (typeof value === "object") { + const obj = value as Record; + if (fieldType === "host" || fieldType === "address") { + return JSON.stringify(obj); + } + if (typeof obj.url === "string") return obj.url; + if (typeof obj.value === "string") return obj.value; + return JSON.stringify(value); + } + return String(value); + }); } function resolveRecordFolder( - storage: InMemoryStorage, - recordUid: string + storage: InMemoryStorage, + recordUid: string, ): NsfRecordFolderView | undefined { - const folderUids = findNestedShareFoldersForRecord(storage, recordUid) - if (folderUids.length === 0) return undefined - - const uid = folderUids[0] - return { - uid, - path: buildFolderPath(storage, uid).replace(/^\//, ''), - } + const folderUids = findNestedShareFoldersForRecord(storage, recordUid); + if (folderUids.length === 0) return undefined; + + const uid = folderUids[0]; + return { + uid, + path: buildFolderPath(storage, uid).replace(/^\//, ""), + }; } -function buildRecordFields(record: DRecord, unmask: boolean): NsfRecordFieldView[] { - return getRecordFields(record).map((field) => { - const rawValues = Array.isArray(field.value) ? field.value : [field.value] - const stringValues = fieldValueToStrings(rawValues, field.type) - const masked = !unmask && isSensitiveFieldType(field.type) - return { - type: field.type, - label: field.label, - value: - masked && stringValues.some((value) => value.length > 0) - ? stringValues.map((value) => (value.length > 0 ? NSF_MASKED_VALUE : value)) - : stringValues, - } - }) +function buildRecordFields( + record: DRecord, + unmask: boolean, +): NsfRecordFieldView[] { + return getRecordFields(record).map((field) => { + const rawValues = Array.isArray(field.value) ? field.value : [field.value]; + const stringValues = fieldValueToStrings(rawValues, field.type); + const masked = !unmask && isSensitiveFieldType(field.type); + return { + type: field.type, + label: field.label, + value: + masked && stringValues.some((value) => value.length > 0) + ? stringValues.map((value) => + value.length > 0 ? NSF_MASKED_VALUE : value, + ) + : stringValues, + }; + }); } function formatRecordFieldDetailLines(field: NsfRecordFieldView): string[] { - if (NSF_TOP_LEVEL_FIELD_TYPES.has(field.type)) return [] - - if (field.type === 'host' || field.type === 'address') { - const lines: string[] = [] - for (const part of field.value) { - if (!part) continue - let obj: Record | undefined - if (typeof part === 'string' && part.startsWith('{')) { - try { - obj = JSON.parse(part) as Record - } catch { - obj = undefined - } - } - if (obj) { - if (obj.hostName != null && String(obj.hostName).length > 0) { - lines.push(recordDetailRow('HostName', String(obj.hostName))) - } - if (obj.port != null && String(obj.port).length > 0) { - lines.push(recordDetailRow('Port', String(obj.port))) - } - if (obj.street1 != null && String(obj.street1).length > 0) { - lines.push(recordDetailRow('Street', String(obj.street1))) - } - continue - } + if (NSF_TOP_LEVEL_FIELD_TYPES.has(field.type)) return []; + + if (field.type === "host" || field.type === "address") { + const lines: string[] = []; + for (const part of field.value) { + if (!part) continue; + let obj: Record | undefined; + if (typeof part === "string" && part.startsWith("{")) { + try { + obj = JSON.parse(part) as Record; + } catch { + obj = undefined; + } + } + if (obj) { + if (obj.hostName != null && String(obj.hostName).length > 0) { + lines.push(recordDetailRow("HostName", String(obj.hostName))); } - if (lines.length > 0) return lines + if (obj.port != null && String(obj.port).length > 0) { + lines.push(recordDetailRow("Port", String(obj.port))); + } + if (obj.street1 != null && String(obj.street1).length > 0) { + lines.push(recordDetailRow("Street", String(obj.street1))); + } + continue; + } } - - const displayValue = field.value.filter(Boolean).join(', ') - if (!displayValue) return [] - const label = field.label || field.type - return [recordDetailRow(label.charAt(0).toUpperCase() + label.slice(1), displayValue)] + if (lines.length > 0) return lines; + } + + const displayValue = field.value.filter(Boolean).join(", "); + if (!displayValue) return []; + const label = field.label || field.type; + return [ + recordDetailRow( + label.charAt(0).toUpperCase() + label.slice(1), + displayValue, + ), + ]; } function jsonFieldValues(type: string, value: string[]): unknown[] { - return value.map((part) => { - if ((type === 'host' || type === 'address') && part.startsWith('{')) { - try { - return JSON.parse(part) as Record - } catch { - return part - } - } - return part - }) + return value.map((part) => { + if ((type === "host" || type === "address") && part.startsWith("{")) { + try { + return JSON.parse(part) as Record; + } catch { + return part; + } + } + return part; + }); } export function toNsfRecordJsonView(view: NsfRecordView): NsfRecordJsonView { - return { - record_uid: view.recordUid, - title: view.title, - type: view.type, - version: view.version, - revision: view.revision, - ...(view.folder ? { folder: view.folder } : {}), - fields: view.fields.map(({ type, value }) => ({ type, value: jsonFieldValues(type, value) })), - ...(view.notes ? { notes: view.notes } : {}), - user_permissions: view.userPermissions.map((entry) => ({ - username: entry.username, - owner: entry.owner, - shareable: entry.shareable, - editable: entry.editable, - role: resolveRecordPermissionRole(entry), - })), - share_admins: view.shareAdmins, - } + return { + record_uid: view.recordUid, + title: view.title, + type: view.type, + version: view.version, + revision: view.revision, + ...(view.folder ? { folder: view.folder } : {}), + fields: view.fields.map(({ type, value }) => ({ + type, + value: jsonFieldValues(type, value), + })), + ...(view.notes ? { notes: view.notes } : {}), + user_permissions: view.userPermissions.map((entry) => ({ + username: entry.username, + owner: entry.owner, + shareable: entry.shareable, + editable: entry.editable, + role: resolveRecordPermissionRole(entry), + })), + share_admins: view.shareAdmins, + }; } export function formatNsfRecordJson(view: NsfRecordView): string { - return JSON.stringify(toNsfRecordJsonView(view), null, 2) + return JSON.stringify(toNsfRecordJsonView(view), null, 2); } function formatRecordUserPermissionBlock(entry: NsfRecordPermission): string[] { - const lines: string[] = [] - if (entry.username) lines.push(` User: ${entry.username}`) - else if (entry.accountUid) lines.push(` User UID: ${entry.accountUid}`) - if (entry.owner) lines.push(' Owner: Yes') - else if (entry.role) lines.push(` Role: ${entry.role}`) - lines.push(` Shareable: ${entry.shareable ? 'Yes' : 'No'}`) - lines.push(` Read-Only: ${entry.editable ? 'No' : 'Yes'}`) - return lines + const lines: string[] = []; + if (entry.username) lines.push(` User: ${entry.username}`); + else if (entry.accountUid) lines.push(` User UID: ${entry.accountUid}`); + if (entry.owner) lines.push(" Owner: Yes"); + else if (entry.role) lines.push(` Role: ${entry.role}`); + lines.push(` Shareable: ${entry.shareable ? "Yes" : "No"}`); + lines.push(` Read-Only: ${entry.editable ? "No" : "Yes"}`); + return lines; } async function fetchRecordPermissions( - auth: Auth, - storage: InMemoryStorage, - recordUid: string + auth: Auth, + storage: InMemoryStorage, + recordUid: string, ): Promise { - const entries = await fetchLiveRecordAccessEntries(auth, storage, recordUid) - return entries.map(({ username, accountUid, data }) => { - const owner = !!data.owner - return { - username, - accountUid, - owner, - shareAdmin: false, - shareable: !!(data.canApproveAccess || data.canUpdateAccess), - editable: !!data.canEdit, - awaitingApproval: false, - role: owner ? undefined : recordAccessDisplayRole(data), - } - }) + const entries = await fetchLiveRecordAccessEntries(auth, storage, recordUid); + return entries.map(({ username, accountUid, data }) => { + const owner = !!data.owner; + return { + username, + accountUid, + owner, + shareAdmin: false, + shareable: !!(data.canApproveAccess || data.canUpdateAccess), + editable: !!data.canEdit, + awaitingApproval: false, + role: owner ? undefined : recordAccessDisplayRole(data), + }; + }); } -async function fetchRecordShareAdmins(auth: Auth, recordUid: string): Promise { - try { - const response = await auth.executeRest( - getSharingAdminsMessage({ recordUid: normal64Bytes(recordUid) }) - ) - return (response.userProfileExts ?? []) - .flatMap((ext) => (ext?.email ? [ext.email] : [])) - .sort((a, b) => a.localeCompare(b, undefined, { sensitivity: 'base' })) - } catch { - return [] - } +async function fetchRecordShareAdmins( + auth: Auth, + recordUid: string, +): Promise { + try { + const response = await auth.executeRest( + getSharingAdminsMessage({ recordUid: normal64Bytes(recordUid) }), + ); + return (response.userProfileExts ?? []) + .flatMap((ext) => (ext?.email ? [ext.email] : [])) + .sort((a, b) => a.localeCompare(b, undefined, { sensitivity: "base" })); + } catch { + return []; + } } -async function fetchRecordDataFallback(auth: Auth, recordUid: string): Promise { - try { - const response = await auth.executeRest( - recordDetailsMessage(recordUid, Records.RecordDetailsInclude.DATA_ONLY) - ) - return response.recordDataWithAccessInfo?.[0]?.recordData as DRecord['data'] | undefined - } catch { - return undefined - } +async function fetchRecordDataFallback( + auth: Auth, + recordUid: string, +): Promise { + try { + const response = await auth.executeRest( + recordDetailsMessage(recordUid, Records.RecordDetailsInclude.DATA_ONLY), + ); + return response.recordDataWithAccessInfo?.[0]?.recordData as + | DRecord["data"] + | undefined; + } catch { + return undefined; + } } async function buildFolderView( - auth: Auth, - storage: InMemoryStorage, - folderUid: string + auth: Auth, + storage: InMemoryStorage, + folderUid: string, ): Promise { - const folder = getKeeperDriveFolder(storage, folderUid) - if (!folder) { - throw new KeeperSdkError(`Nested share folder not found: ${folderUid}`, ResultCodes.NSF_NOT_FOUND) - } - - const entries = getFolderAccessEntries(storage, folderUid) - const shareUsers = await loadShareUserMap(auth, storage) - const split = splitFolderPermissions(storage, folder, entries, shareUsers) - const { userPermissions, shareAdmins } = ensureFolderOwnerListed( - folder, - split.userPermissions, - split.shareAdmins - ) - - return { - objectType: NsfObjectKind.Folder, - folderUid, - name: folder.data.name || 'Unnamed', - parentUid: normalizeParentUid(storage, folder.parentUid), - path: buildFolderPath(storage, folderUid), - userPermissions, - shareAdmins, - teamPermissions: split.teamPermissions, - records: collectRecordsInFolder(storage, folderUid).map((record) => ({ - uid: record.uid, - title: getRecordTitle(record), - type: getRecordType(record), - })), - } + const folder = getKeeperDriveFolder(storage, folderUid); + if (!folder) { + throw new KeeperSdkError( + `Nested share folder not found: ${folderUid}`, + ResultCodes.NSF_NOT_FOUND, + ); + } + + const entries = getFolderAccessEntries(storage, folderUid); + const shareUsers = await loadShareUserMap(auth, storage); + const split = splitFolderPermissions(storage, folder, entries, shareUsers); + const { userPermissions, shareAdmins } = ensureFolderOwnerListed( + folder, + split.userPermissions, + split.shareAdmins, + ); + + return { + objectType: NsfObjectKind.Folder, + folderUid, + name: folder.data.name || "Unnamed", + parentUid: normalizeParentUid(storage, folder.parentUid), + path: buildFolderPath(storage, folderUid), + userPermissions, + shareAdmins, + teamPermissions: split.teamPermissions, + records: collectRecordsInFolder(storage, folderUid).map((record) => ({ + uid: record.uid, + title: getRecordTitle(record), + type: getRecordType(record), + })), + }; } async function buildRecordView( - auth: Auth, - storage: InMemoryStorage, - recordUid: string, - unmask: boolean + auth: Auth, + storage: InMemoryStorage, + recordUid: string, + unmask: boolean, ): Promise { - let record = getKeeperDriveRecord(storage, recordUid) - if (!record) { - throw new KeeperSdkError(`Nested share record not found: ${recordUid}`, ResultCodes.NSF_NOT_FOUND) - } - - let title = getRecordTitle(record) - if (NSF_UNKNOWN_RECORD_TITLES.has(title)) { - const fallbackData = await fetchRecordDataFallback(auth, recordUid) - if (fallbackData) { - record = { ...record, data: fallbackData } - title = getRecordTitle(record) - } - } - - const password = getRecordPassword(record) - const [userPermissions, shareAdmins] = await Promise.all([ - fetchRecordPermissions(auth, storage, recordUid), - fetchRecordShareAdmins(auth, recordUid), - ]) - const notes = - typeof record.data?.notes === 'string' && record.data.notes.trim() ? record.data.notes.trim() : undefined - - return { - objectType: NsfObjectKind.Record, - recordUid, - title, - type: getRecordType(record), - revision: record.revision, - version: record.version, - folder: resolveRecordFolder(storage, recordUid), - folderLocation: findRecordFolderLocation(storage, recordUid) || 'root', - login: getRecordLogin(record) || undefined, - password: password ? (unmask ? password : NSF_MASKED_VALUE) : undefined, - url: getRecordUrl(record) || undefined, - notes, - fields: buildRecordFields(record, unmask), - userPermissions, - shareAdmins, + let record = getKeeperDriveRecord(storage, recordUid); + if (!record) { + throw new KeeperSdkError( + `Nested share record not found: ${recordUid}`, + ResultCodes.NSF_NOT_FOUND, + ); + } + + let title = getRecordTitle(record); + if (NSF_UNKNOWN_RECORD_TITLES.has(title)) { + const fallbackData = await fetchRecordDataFallback(auth, recordUid); + if (fallbackData) { + record = { ...record, data: fallbackData }; + title = getRecordTitle(record); } + } + + const password = getRecordPassword(record); + const [userPermissions, shareAdmins] = await Promise.all([ + fetchRecordPermissions(auth, storage, recordUid), + fetchRecordShareAdmins(auth, recordUid), + ]); + const notes = + typeof record.data?.notes === "string" && record.data.notes.trim() + ? record.data.notes.trim() + : undefined; + + return { + objectType: NsfObjectKind.Record, + recordUid, + title, + type: getRecordType(record), + revision: record.revision, + version: record.version, + folder: resolveRecordFolder(storage, recordUid), + folderLocation: findRecordFolderLocation(storage, recordUid) || "root", + login: getRecordLogin(record) || undefined, + password: password ? (unmask ? password : NSF_MASKED_VALUE) : undefined, + url: getRecordUrl(record) || undefined, + notes, + fields: buildRecordFields(record, unmask), + userPermissions, + shareAdmins, + }; } -export function resolveNsfFolder(storage: InMemoryStorage, identifier: string): string | undefined { - return resolveNsfFolderIdentifier(storage, identifier) +export function resolveNsfFolder( + storage: InMemoryStorage, + identifier: string, +): string | undefined { + return resolveNsfFolderIdentifier(storage, identifier); } -export function resolveNsfRecord(storage: InMemoryStorage, identifier: string): string | undefined { - const uid = resolveNsfRecordIdentifier(storage, identifier) - if (!uid) return undefined - return getKeeperDriveRecord(storage, uid)?.uid +export function resolveNsfRecord( + storage: InMemoryStorage, + identifier: string, +): string | undefined { + const uid = resolveNsfRecordIdentifier(storage, identifier); + if (!uid) return undefined; + return getKeeperDriveRecord(storage, uid)?.uid; } export async function getNestedShareFolder( - storage: InMemoryStorage, - auth: Auth, - identifier: string, - options: GetNsfOptions = {} + storage: InMemoryStorage, + auth: Auth, + identifier: string, + options: GetNsfOptions = {}, ): Promise { - const trimmed = identifier.trim() - if (!trimmed) { - throw new KeeperSdkError('UID or title is required.', ResultCodes.NSF_NOT_FOUND) - } - - const folderUid = resolveNsfFolder(storage, trimmed) - if (folderUid) { - return { kind: NsfObjectKind.Folder, view: await buildFolderView(auth, storage, folderUid) } - } - - const recordUid = resolveNsfRecord(storage, trimmed) - if (recordUid) { - const view = await buildRecordView(auth, storage, recordUid, options.unmask ?? false) - return { kind: NsfObjectKind.Record, view } - } - + const trimmed = identifier.trim(); + if (!trimmed) { throw new KeeperSdkError( - `Cannot find any Nested Share Folder object with UID or title: ${trimmed}`, - ResultCodes.NSF_NOT_FOUND - ) + "UID or title is required.", + ResultCodes.NSF_NOT_FOUND, + ); + } + + const folderUid = resolveNsfFolder(storage, trimmed); + if (folderUid) { + return { + kind: NsfObjectKind.Folder, + view: await buildFolderView(auth, storage, folderUid), + }; + } + + const recordUid = resolveNsfRecord(storage, trimmed); + if (recordUid) { + const view = await buildRecordView( + auth, + storage, + recordUid, + options.unmask ?? false, + ); + return { kind: NsfObjectKind.Record, view }; + } + + throw new KeeperSdkError( + `Cannot find any Nested Share Folder object with UID or title: ${trimmed}`, + ResultCodes.NSF_NOT_FOUND, + ); } -export function formatNsfFolderDetail(view: NsfFolderView, verbose = false): string { - const lines = [ - folderDetailRow('Nested Share Folder UID', view.folderUid), - folderDetailRow('Name', view.name), - '', - NSF_USER_PERMISSIONS_HEADING, - ...view.userPermissions.map((entry) => `${entry.username}: ${entry.role}`), - '', - NSF_FOLDER_SHARE_ADMINS_HEADING, - ...view.shareAdmins.map((entry) => `${entry.username}: ${entry.role}`), - ] - - if (!verbose) return lines.join('\n') - - lines.push('', folderDetailRow('Parent UID', view.parentUid), folderDetailRow('Path', view.path)) - if (view.records.length > 0) { - lines.push('', 'Records:') - for (const record of view.records) { - lines.push(` ${record.uid} ${record.title} (${record.type})`) - } +export function formatNsfFolderDetail( + view: NsfFolderView, + verbose = false, +): string { + const lines = [ + folderDetailRow("Nested Share Folder UID", view.folderUid), + folderDetailRow("Name", view.name), + "", + NSF_USER_PERMISSIONS_HEADING, + ...view.userPermissions.map((entry) => `${entry.username}: ${entry.role}`), + "", + NSF_FOLDER_SHARE_ADMINS_HEADING, + ...view.shareAdmins.map((entry) => `${entry.username}: ${entry.role}`), + ]; + + if (!verbose) return lines.join("\n"); + + lines.push( + "", + folderDetailRow("Parent UID", view.parentUid), + folderDetailRow("Path", view.path), + ); + if (view.records.length > 0) { + lines.push("", "Records:"); + for (const record of view.records) { + lines.push(` ${record.uid} ${record.title} (${record.type})`); } - if (view.teamPermissions.length > 0) { - lines.push('', 'Team Permissions:') - for (const entry of view.teamPermissions) { - lines.push(` ${entry.accessTypeUid} role=${entry.accessRoleType}`) - } + } + if (view.teamPermissions.length > 0) { + lines.push("", "Team Permissions:"); + for (const entry of view.teamPermissions) { + lines.push(` ${entry.accessTypeUid} role=${entry.accessRoleType}`); } - return lines.join('\n') + } + return lines.join("\n"); } -export function formatNsfRecordDetail(view: NsfRecordView, verbose = false): string { - const lines = [ - recordDetailRow('UID', view.recordUid), - recordDetailRow('Type', view.type), - recordDetailRow('Title', view.title), - ] - - if (view.login) lines.push(recordDetailRow('Login', view.login)) - if (view.password) lines.push(recordDetailRow('Password', view.password)) - if (view.url) lines.push(recordDetailRow('Url', view.url)) - if (view.notes) lines.push(recordDetailRow('Notes', view.notes)) - - for (const field of view.fields) { - lines.push(...formatRecordFieldDetailLines(field)) +export function formatNsfRecordDetail( + view: NsfRecordView, + verbose = false, +): string { + const lines = [ + recordDetailRow("UID", view.recordUid), + recordDetailRow("Type", view.type), + recordDetailRow("Title", view.title), + ]; + + if (view.login) lines.push(recordDetailRow("Login", view.login)); + if (view.password) lines.push(recordDetailRow("Password", view.password)); + if (view.url) lines.push(recordDetailRow("Url", view.url)); + if (view.notes) lines.push(recordDetailRow("Notes", view.notes)); + + for (const field of view.fields) { + lines.push(...formatRecordFieldDetailLines(field)); + } + + if (view.userPermissions.length > 0) { + lines.push("", NSF_USER_PERMISSIONS_HEADING); + for (const entry of view.userPermissions) { + lines.push("", ...formatRecordUserPermissionBlock(entry)); } - - if (view.userPermissions.length > 0) { - lines.push('', NSF_USER_PERMISSIONS_HEADING) - for (const entry of view.userPermissions) { - lines.push('', ...formatRecordUserPermissionBlock(entry)) - } + } + + if (view.shareAdmins.length > 0) { + const total = view.shareAdmins.length; + const preview = view.shareAdmins.slice(0, NSF_SHARE_ADMINS_PREVIEW_LIMIT); + const headingSuffix = + total > NSF_SHARE_ADMINS_PREVIEW_LIMIT + ? `, showing first ${NSF_SHARE_ADMINS_PREVIEW_LIMIT}` + : ""; + lines.push("", `Share Admins (${total}${headingSuffix}):`); + for (const admin of preview) { + lines.push(` ${admin}`); } - - if (view.shareAdmins.length > 0) { - const total = view.shareAdmins.length - const preview = view.shareAdmins.slice(0, NSF_SHARE_ADMINS_PREVIEW_LIMIT) - const headingSuffix = - total > NSF_SHARE_ADMINS_PREVIEW_LIMIT - ? `, showing first ${NSF_SHARE_ADMINS_PREVIEW_LIMIT}` - : '' - lines.push('', `Share Admins (${total}${headingSuffix}):`) - for (const admin of preview) { - lines.push(` ${admin}`) - } - if (total > NSF_SHARE_ADMINS_PREVIEW_LIMIT) { - lines.push(` ... and ${total - NSF_SHARE_ADMINS_PREVIEW_LIMIT} more`) - } + if (total > NSF_SHARE_ADMINS_PREVIEW_LIMIT) { + lines.push(` ... and ${total - NSF_SHARE_ADMINS_PREVIEW_LIMIT} more`); } - - if (verbose) { - lines.push( - '', - recordDetailRow('Folder', view.folder?.path ?? view.folderLocation), - recordDetailRow('Revision', String(view.revision)), - recordDetailRow('Version', String(view.version)) - ) - if (view.folder?.uid) { - lines.push(recordDetailRow('Folder UID', view.folder.uid)) - } + } + + if (verbose) { + lines.push( + "", + recordDetailRow("Folder", view.folder?.path ?? view.folderLocation), + recordDetailRow("Revision", String(view.revision)), + recordDetailRow("Version", String(view.version)), + ); + if (view.folder?.uid) { + lines.push(recordDetailRow("Folder UID", view.folder.uid)); } + } - return lines.join('\n') + return lines.join("\n"); } export function formatNsfDetail(result: GetNsfResult, verbose = false): string { - return result.kind === NsfObjectKind.Folder - ? formatNsfFolderDetail(result.view, verbose) - : formatNsfRecordDetail(result.view, verbose) + return result.kind === NsfObjectKind.Folder + ? formatNsfFolderDetail(result.view, verbose) + : formatNsfRecordDetail(result.view, verbose); } export function formatNsfJson(result: GetNsfResult): string { - if (result.kind === NsfObjectKind.Record) { - return formatNsfRecordJson(result.view) - } - return JSON.stringify(result.view, null, 2) + if (result.kind === NsfObjectKind.Record) { + return formatNsfRecordJson(result.view); + } + return JSON.stringify(result.view, null, 2); } diff --git a/KeeperSdk/src/nestedShareFolders/getNsfRecordDetails.ts b/KeeperSdk/src/nestedShareFolders/getNsfRecordDetails.ts index a5b5c46f..0f910791 100644 --- a/KeeperSdk/src/nestedShareFolders/getNsfRecordDetails.ts +++ b/KeeperSdk/src/nestedShareFolders/getNsfRecordDetails.ts @@ -1,111 +1,139 @@ -import type { Auth, Records } from '@keeper-security/keeperapi' -import { normal64Bytes, recordDetailsDataMessage, webSafe64FromBytes } from '@keeper-security/keeperapi' -import type { InMemoryStorage } from '../storage/InMemoryStorage' -import { KeeperSdkError, ResultCodes, extractErrorMessage } from '../utils' -import { decryptRecordTitleAndType } from './nsfRecordCrypto' -import { ensureNestedShareRecord, nsfToNumber, resolveNsfRecordIdentifier } from './nsfHelpers' +import type { Auth, Records } from "@keeper-security/keeperapi"; import { - GetNsfRecordDetailsFormat, - type GetNsfRecordDetailsFormatInput, - type GetNsfRecordDetailsInput, - type GetNsfRecordDetailsResult, - type NsfRecordDetailsItem, -} from './nsfTypes' + normal64Bytes, + recordDetailsDataMessage, + webSafe64FromBytes, +} from "@keeper-security/keeperapi"; +import type { InMemoryStorage } from "../storage/InMemoryStorage"; +import { KeeperSdkError, ResultCodes, extractErrorMessage } from "../utils"; +import { decryptRecordTitleAndType } from "./nsfRecordCrypto"; +import { + ensureNestedShareRecord, + nsfToNumber, + resolveNsfRecordIdentifier, +} from "./nsfHelpers"; +import { + GetNsfRecordDetailsFormat, + type GetNsfRecordDetailsFormatInput, + type GetNsfRecordDetailsInput, + type GetNsfRecordDetailsResult, + type NsfRecordDetailsItem, +} from "./nsfTypes"; -function resolveRecordUids(storage: InMemoryStorage, identifiers: string[]): string[] { - if (identifiers.length === 0) { - throw new KeeperSdkError('At least one record UID or title is required.', ResultCodes.NSF_DETAILS_FAILED) - } +function resolveRecordUids( + storage: InMemoryStorage, + identifiers: string[], +): string[] { + if (identifiers.length === 0) { + throw new KeeperSdkError( + "At least one record UID or title is required.", + ResultCodes.NSF_DETAILS_FAILED, + ); + } - return identifiers.map((identifier) => { - const recordUid = resolveNsfRecordIdentifier(storage, identifier) - if (!recordUid) { - throw new KeeperSdkError(`Record '${identifier}' not found`, ResultCodes.NSF_NOT_FOUND) - } - ensureNestedShareRecord(storage, recordUid, identifier) - return recordUid - }) + return identifiers.map((identifier) => { + const recordUid = resolveNsfRecordIdentifier(storage, identifier); + if (!recordUid) { + throw new KeeperSdkError( + `Record '${identifier}' not found`, + ResultCodes.NSF_NOT_FOUND, + ); + } + ensureNestedShareRecord(storage, recordUid, identifier); + return recordUid; + }); } async function mapRecordDetailsItem( - storage: InMemoryStorage, - auth: Auth, - item: Records.IRecordData + storage: InMemoryStorage, + auth: Auth, + item: Records.IRecordData, ): Promise { - const recordUid = item.recordUid?.length ? webSafe64FromBytes(item.recordUid) : '' - if (!recordUid) return undefined + const recordUid = item.recordUid?.length + ? webSafe64FromBytes(item.recordUid) + : ""; + if (!recordUid) return undefined; - const { title, type } = await decryptRecordTitleAndType(storage, auth, recordUid, item) - return { - recordUid, - title, - type, - revision: nsfToNumber(item.revision, 0) ?? 0, - version: item.version ?? 0, - } + const { title, type } = await decryptRecordTitleAndType( + storage, + auth, + recordUid, + item, + ); + return { + recordUid, + title, + type, + revision: nsfToNumber(item.revision, 0) ?? 0, + version: item.version ?? 0, + }; } -export function formatNsfRecordDetailsTable(result: GetNsfRecordDetailsResult): string { - const lines: string[] = [] - for (const record of result.data) { - lines.push(`Record UID: ${record.recordUid}`) - lines.push(` Title: ${record.title}`) - lines.push(` Type: ${record.type}`) - lines.push(` Version: ${record.version}`) - lines.push(` Revision: ${record.revision}`) - lines.push('') - } - if (result.forbiddenRecords.length > 0) { - lines.push(`Forbidden records: ${result.forbiddenRecords.length}`) - for (const uid of result.forbiddenRecords) { - lines.push(` ${uid}`) - } - lines.push('') +export function formatNsfRecordDetailsTable( + result: GetNsfRecordDetailsResult, +): string { + const lines: string[] = []; + for (const record of result.data) { + lines.push(`Record UID: ${record.recordUid}`); + lines.push(` Title: ${record.title}`); + lines.push(` Type: ${record.type}`); + lines.push(` Version: ${record.version}`); + lines.push(` Revision: ${record.revision}`); + lines.push(""); + } + if (result.forbiddenRecords.length > 0) { + lines.push(`Forbidden records: ${result.forbiddenRecords.length}`); + for (const uid of result.forbiddenRecords) { + lines.push(` ${uid}`); } - lines.push(`Total records retrieved: ${result.data.length}`) - return lines.join('\n').trimEnd() + lines.push(""); + } + lines.push(`Total records retrieved: ${result.data.length}`); + return lines.join("\n").trimEnd(); } export function formatNsfRecordDetailsOutput( - result: GetNsfRecordDetailsResult, - format: GetNsfRecordDetailsFormatInput = GetNsfRecordDetailsFormat.Table + result: GetNsfRecordDetailsResult, + format: GetNsfRecordDetailsFormatInput = GetNsfRecordDetailsFormat.Table, ): string { - if (String(format).toLowerCase() === GetNsfRecordDetailsFormat.JSON) { - return JSON.stringify(result, null, 2) - } - return formatNsfRecordDetailsTable(result) + if (String(format).toLowerCase() === GetNsfRecordDetailsFormat.JSON) { + return JSON.stringify(result, null, 2); + } + return formatNsfRecordDetailsTable(result); } export async function getNestedShareRecordDetails( - storage: InMemoryStorage, - auth: Auth, - input: GetNsfRecordDetailsInput + storage: InMemoryStorage, + auth: Auth, + input: GetNsfRecordDetailsInput, ): Promise { - const recordUids = resolveRecordUids(storage, input.records) + const recordUids = resolveRecordUids(storage, input.records); - try { - const response = await auth.executeRest( - recordDetailsDataMessage({ - recordUids: recordUids.map((uid) => normal64Bytes(uid)), - clientTime: Date.now(), - }) - ) + try { + const response = await auth.executeRest( + recordDetailsDataMessage({ + recordUids: recordUids.map((uid) => normal64Bytes(uid)), + clientTime: Date.now(), + }), + ); - const data: NsfRecordDetailsItem[] = [] - for (const item of response.data ?? []) { - const mapped = await mapRecordDetailsItem(storage, auth, item) - if (mapped) data.push(mapped) - } - - return { - data, - forbiddenRecords: (response.forbiddenRecords ?? []).map((uid) => webSafe64FromBytes(uid)), - } - } catch (err) { - if (err instanceof KeeperSdkError) throw err - throw new KeeperSdkError( - `Failed to get nested share record details: ${extractErrorMessage(err)}`, - ResultCodes.NSF_DETAILS_FAILED - ) + const data: NsfRecordDetailsItem[] = []; + for (const item of response.data ?? []) { + const mapped = await mapRecordDetailsItem(storage, auth, item); + if (mapped) data.push(mapped); } + + return { + data, + forbiddenRecords: (response.forbiddenRecords ?? []).map((uid) => + webSafe64FromBytes(uid), + ), + }; + } catch (err) { + if (err instanceof KeeperSdkError) throw err; + throw new KeeperSdkError( + `Failed to get nested share record details: ${extractErrorMessage(err)}`, + ResultCodes.NSF_DETAILS_FAILED, + ); + } } diff --git a/KeeperSdk/src/nestedShareFolders/index.ts b/KeeperSdk/src/nestedShareFolders/index.ts index da1fd6e8..5c868608 100644 --- a/KeeperSdk/src/nestedShareFolders/index.ts +++ b/KeeperSdk/src/nestedShareFolders/index.ts @@ -1,249 +1,252 @@ export { - KeeperDriveKind, - NsfItemType, - formatAccessRoleType, - formatAccessType, - normalizeParentUid, - isRootFolderUid, - resolveKeeperDriveRootParentUid, - getKeeperDriveFolders, - getKeeperDriveRecords, - findRecordFolderLocation, - buildFolderPath, - isSensitiveFieldType, - resolveAccessUsername, - folderAccessDisplayRole, - isNestedShareRecord, - isNestedShareFolder, - ensureNestedShareRecord, - ensureNestedShareFolder, - resolveNsfRecordIdentifier, - resolveNsfFolderIdentifier, - resolveNsfFolderUidOrName, - findNestedShareFoldersForRecord, - checkFolderRemovePermission, - checkRecordDeletePermission, - checkRecordEditPermission, - checkFolderDeletePermission, - parseNsfPath, - findExistingChildFolder, - resolveNsfRoleName, - getNsfAccessRoleLabel, - normalizeNsfRecordPermissionRole, - parseShareExpiration, - parseShareExpirationValue, - validateShareExpirationTimestamp, - isShareExpirationNoop, -} from './nsfHelpers' - -export { - listNestedShareFolders, - formatListNsfTable, - renderListNsfAsciiTable, - formatListNsfCsv, - formatListNsfJson, - formatListNsfOutput, -} from './listNsf' - -export { - resolveNsfFolder, - resolveNsfRecord, - getNestedShareFolder, - formatNsfFolderDetail, - formatNsfRecordDetail, - formatNsfDetail, - formatNsfRecordJson, - formatNsfJson, - toNsfRecordJsonView, -} from './getNsf' - -export { - ListNsfFormat, - GetNsfFormat, - NsfAccessRoleLabel, - NsfObjectKind, - NsfRemoveOperation, - NsfRemoveFolderOperation, - GetNsfRecordDetailsFormat, - NsfFolderShareAction, - NsfFolderShareActionTaken, - NsfRecordShareAction, - NsfRecordShareActionTaken, - NsfRecordPermissionAction, - NsfResultStatus, - NsfTransferApiStatus, - NsfPermissionFailureCode, - NSF_ACCESS_ROLE_LABELS, - resolveRecordPermissionRole, - toNsfAccessRoleLabel, -} from './nsfTypes' + KeeperDriveKind, + NsfItemType, + formatAccessRoleType, + formatAccessType, + normalizeParentUid, + isRootFolderUid, + resolveKeeperDriveRootParentUid, + getKeeperDriveFolders, + getKeeperDriveRecords, + findRecordFolderLocation, + buildFolderPath, + isSensitiveFieldType, + resolveAccessUsername, + folderAccessDisplayRole, + isNestedShareRecord, + isNestedShareFolder, + ensureNestedShareRecord, + ensureNestedShareFolder, + resolveNsfRecordIdentifier, + resolveNsfFolderIdentifier, + resolveNsfFolderUidOrName, + findNestedShareFoldersForRecord, + checkFolderRemovePermission, + checkRecordDeletePermission, + checkRecordEditPermission, + checkFolderDeletePermission, + parseNsfPath, + findExistingChildFolder, + resolveNsfRoleName, + getNsfAccessRoleLabel, + normalizeNsfRecordPermissionRole, + parseShareExpiration, + parseShareExpirationValue, + validateShareExpirationTimestamp, + isShareExpirationNoop, +} from "./nsfHelpers"; + +export { + listNestedShareFolders, + formatListNsfTable, + renderListNsfAsciiTable, + formatListNsfCsv, + formatListNsfJson, + formatListNsfOutput, +} from "./listNsf"; + +export { + resolveNsfFolder, + resolveNsfRecord, + getNestedShareFolder, + formatNsfFolderDetail, + formatNsfRecordDetail, + formatNsfDetail, + formatNsfRecordJson, + formatNsfJson, + toNsfRecordJsonView, +} from "./getNsf"; + +export { + ListNsfFormat, + GetNsfFormat, + NsfAccessRoleLabel, + NsfObjectKind, + NsfRemoveOperation, + NsfRemoveFolderOperation, + GetNsfRecordDetailsFormat, + NsfFolderShareAction, + NsfFolderShareActionTaken, + NsfRecordShareAction, + NsfRecordShareActionTaken, + NsfRecordPermissionAction, + NsfResultStatus, + NsfTransferApiStatus, + NsfPermissionFailureCode, + NSF_ACCESS_ROLE_LABELS, + resolveRecordPermissionRole, + toNsfAccessRoleLabel, +} from "./nsfTypes"; export type { - ListNsfFormatInput, - ListNsfOptions, - ListNsfRow, - FormattedListNsfTable, - GetNsfFormatInput, - GetNsfOptions, - GetNsfResult, - NsfFolderView, - NsfRecordView, - NsfRecordFieldView, - NsfRecordFolderView, - NsfRecordJsonView, - NsfRecordJsonUserPermission, - NsfFolderPermission, - NsfFolderAccessRow, - NsfRecordPermission, - MkdirNsfInput, - MkdirNsfResult, - NsfFolderColorInput, - AddNsfRecordInput, - AddNsfRecordResult, - AddNsfRecordsInput, - AddNsfRecordsResult, - UpdateNsfRecordInput, - UpdateNsfRecordItemInput, - UpdateNsfRecordsInput, - UpdateNsfRecordResult, - UpdateNsfRecordResultItem, - RecordAddPayload, - RecordUpdatePayload, - FolderCreatePayload, - LinkNsfRecordResult, - NsfRemoveOperationInput, - RemoveNsfRecordInput, - NsfRemovePreviewItem, - RemoveNsfRecordResult, - NsfRemoveFolderOperationInput, - RemoveNsfFolderInput, - NsfRemoveFolderPreviewItem, - RemoveNsfFolderResult, - GetNsfRecordDetailsFormatInput, - GetNsfRecordDetailsInput, - GetNsfRecordDetailsResult, - NsfRecordDetailsItem, - NsfFolderShareActionInput, - ShareNestedShareFolderInput, - ShareNestedShareFolderResult, - NsfFolderShareResultItem, - NsfRecordShareActionInput, - ShareNestedShareRecordInput, - ShareNestedShareRecordResult, - NsfRecordSharePlanItem, - NsfRecordShareResultItem, - NsfRecordPermissionActionInput, - UpdateNsfRecordPermissionInput, - UpdateNsfRecordPermissionResult, - NsfRecordPermissionPlan, - NsfRecordPermissionPlanItem, - NsfRecordPermissionFailure, - NsfShortcutRow, - ListNsfShortcutsOptions, - KeepNsfShortcutInput, - KeepNsfShortcutPlanItem, - KeepNsfShortcutResult, - KeepNsfShortcutResultItem, - TransferNestedShareRecordInput, - TransferNestedShareRecordResult, - TransferNestedShareRecordResultItem, - UpdateNsfFolderInput, - UpdateNsfFolderResult, - ParseShareExpirationInput, - NsfTeamPublicKeys, - NsfResolvedShareRecipient, -} from './nsfTypes' - -export { - fetchNsfTeamPublicKeys, - encryptNsfFolderKeyForTeam, - resolveNsfShareRecipient, -} from './nsfTeamShare' - -export type { UserShareKeys } from './nsfShareKeys' - -export { linkNestedShareRecord } from './linkNsfRecord' - -export { - removeNestedShareRecords, - formatRemoveNsfPreview, - collectRemoveNsfWarnings, -} from './removeNsfRecord' - -export { mkdirNestedShareFolder } from './mkdirNsf' -export { - NSF_FOLDER_COLORS, - NSF_MAX_RECORD_BATCH, - MIN_SHARE_EXPIRATION_MS, - NSF_SHARE_EXPIRATION_NEVER, - TeamGetKeysResponseKeyType, - NSFShareRoleName, - NsfShareCommandName, -} from './nsfConstants' -export type { NsfFolderColor } from './nsfConstants' - -export { - removeNestedShareFolders, - formatRemoveNsfFolderPreview, -} from './removeNsfFolder' - -export { - getNestedShareRecordDetails, - formatNsfRecordDetailsTable, - formatNsfRecordDetailsOutput, -} from './getNsfRecordDetails' - -export { updateNestedShareRecords, updateNestedShareRecord } from './updateNsfRecord' - -export { addNestedShareRecord, addNestedShareRecords } from './addNsfRecord' - -export { clearNsfRecordTypeCache } from './nsfRecordTypes' - -export { - buildNsfRecordData, - parseNsfFieldInput, - parseNsfFieldSpaceInput, - resolveNsfFieldValue, - type ParsedNsfFields, - type RecordFieldEntry, -} from './nsfRecordData' - -export { NestedShareFolderManager } from './NestedShareFolderManager' - -export { - shareNestedShareFolder, - shareNestedShareRecord, - formatNsfRecordSharePlan, - formatNsfRecordShareResults, - formatNsfFolderShareResults, -} from './nsfShare' - -export { - collectNsfRecordUidsInFolder, - updateNestedShareRecordPermissions, - buildNsfRecordPermissionPlan, - formatNsfRecordPermissionPlan, - formatNsfRecordPermissionRequestHeader, - formatNsfRecordPermissionFailures, -} from './nsfRecordPermission' - -export { - getNsfRecordShortcuts, - listNsfShortcuts, - keepNsfShortcut, - formatNsfShortcutOutput, - formatKeepNsfShortcutPlan, -} from './nsfShortcut' + ListNsfFormatInput, + ListNsfOptions, + ListNsfRow, + FormattedListNsfTable, + GetNsfFormatInput, + GetNsfOptions, + GetNsfResult, + NsfFolderView, + NsfRecordView, + NsfRecordFieldView, + NsfRecordFolderView, + NsfRecordJsonView, + NsfRecordJsonUserPermission, + NsfFolderPermission, + NsfFolderAccessRow, + NsfRecordPermission, + MkdirNsfInput, + MkdirNsfResult, + NsfFolderColorInput, + AddNsfRecordInput, + AddNsfRecordResult, + AddNsfRecordsInput, + AddNsfRecordsResult, + UpdateNsfRecordInput, + UpdateNsfRecordItemInput, + UpdateNsfRecordsInput, + UpdateNsfRecordResult, + UpdateNsfRecordResultItem, + RecordAddPayload, + RecordUpdatePayload, + FolderCreatePayload, + LinkNsfRecordResult, + NsfRemoveOperationInput, + RemoveNsfRecordInput, + NsfRemovePreviewItem, + RemoveNsfRecordResult, + NsfRemoveFolderOperationInput, + RemoveNsfFolderInput, + NsfRemoveFolderPreviewItem, + RemoveNsfFolderResult, + GetNsfRecordDetailsFormatInput, + GetNsfRecordDetailsInput, + GetNsfRecordDetailsResult, + NsfRecordDetailsItem, + NsfFolderShareActionInput, + ShareNestedShareFolderInput, + ShareNestedShareFolderResult, + NsfFolderShareResultItem, + NsfRecordShareActionInput, + ShareNestedShareRecordInput, + ShareNestedShareRecordResult, + NsfRecordSharePlanItem, + NsfRecordShareResultItem, + NsfRecordPermissionActionInput, + UpdateNsfRecordPermissionInput, + UpdateNsfRecordPermissionResult, + NsfRecordPermissionPlan, + NsfRecordPermissionPlanItem, + NsfRecordPermissionFailure, + NsfShortcutRow, + ListNsfShortcutsOptions, + KeepNsfShortcutInput, + KeepNsfShortcutPlanItem, + KeepNsfShortcutResult, + KeepNsfShortcutResultItem, + TransferNestedShareRecordInput, + TransferNestedShareRecordResult, + TransferNestedShareRecordResultItem, + UpdateNsfFolderInput, + UpdateNsfFolderResult, + ParseShareExpirationInput, + NsfTeamPublicKeys, + NsfResolvedShareRecipient, +} from "./nsfTypes"; + +export { + fetchNsfTeamPublicKeys, + encryptNsfFolderKeyForTeam, + resolveNsfShareRecipient, +} from "./nsfTeamShare"; + +export type { UserShareKeys } from "./nsfShareKeys"; + +export { linkNestedShareRecord } from "./linkNsfRecord"; + +export { + removeNestedShareRecords, + formatRemoveNsfPreview, + collectRemoveNsfWarnings, +} from "./removeNsfRecord"; + +export { mkdirNestedShareFolder } from "./mkdirNsf"; +export { + NSF_FOLDER_COLORS, + NSF_MAX_RECORD_BATCH, + MIN_SHARE_EXPIRATION_MS, + NSF_SHARE_EXPIRATION_NEVER, + TeamGetKeysResponseKeyType, + NSFShareRoleName, + NsfShareCommandName, +} from "./nsfConstants"; +export type { NsfFolderColor } from "./nsfConstants"; + +export { + removeNestedShareFolders, + formatRemoveNsfFolderPreview, +} from "./removeNsfFolder"; + +export { + getNestedShareRecordDetails, + formatNsfRecordDetailsTable, + formatNsfRecordDetailsOutput, +} from "./getNsfRecordDetails"; + +export { + updateNestedShareRecords, + updateNestedShareRecord, +} from "./updateNsfRecord"; + +export { addNestedShareRecord, addNestedShareRecords } from "./addNsfRecord"; + +export { clearNsfRecordTypeCache } from "./nsfRecordTypes"; + +export { + buildNsfRecordData, + parseNsfFieldInput, + parseNsfFieldSpaceInput, + resolveNsfFieldValue, + type ParsedNsfFields, + type RecordFieldEntry, +} from "./nsfRecordData"; + +export { NestedShareFolderManager } from "./NestedShareFolderManager"; + +export { + shareNestedShareFolder, + shareNestedShareRecord, + formatNsfRecordSharePlan, + formatNsfRecordShareResults, + formatNsfFolderShareResults, +} from "./nsfShare"; + +export { + collectNsfRecordUidsInFolder, + updateNestedShareRecordPermissions, + buildNsfRecordPermissionPlan, + formatNsfRecordPermissionPlan, + formatNsfRecordPermissionRequestHeader, + formatNsfRecordPermissionFailures, +} from "./nsfRecordPermission"; + +export { + getNsfRecordShortcuts, + listNsfShortcuts, + keepNsfShortcut, + formatNsfShortcutOutput, + formatKeepNsfShortcutPlan, +} from "./nsfShortcut"; export { - transferNestedShareRecords, - formatTransferNestedShareRecordResults, -} from './nsfTransferRecord' + transferNestedShareRecords, + formatTransferNestedShareRecordResults, +} from "./nsfTransferRecord"; -export { updateNestedShareFolder } from './updateNsfFolder' +export { updateNestedShareFolder } from "./updateNsfFolder"; export { - NSF_RECORD_PERMISSION_ROLES, - getFolderPermissionsForRole, -} from './nsfConstants' -export type { NsfRecordPermissionRole } from './nsfConstants' + NSF_RECORD_PERMISSION_ROLES, + getFolderPermissionsForRole, +} from "./nsfConstants"; +export type { NsfRecordPermissionRole } from "./nsfConstants"; diff --git a/KeeperSdk/src/nestedShareFolders/linkNsfRecord.ts b/KeeperSdk/src/nestedShareFolders/linkNsfRecord.ts index d00aea38..ee2f74e4 100644 --- a/KeeperSdk/src/nestedShareFolders/linkNsfRecord.ts +++ b/KeeperSdk/src/nestedShareFolders/linkNsfRecord.ts @@ -1,132 +1,169 @@ -import type { Auth, DRecordMetadata, EncryptionType } from '@keeper-security/keeperapi' +import type { + Auth, + DRecordMetadata, + EncryptionType, +} from "@keeper-security/keeperapi"; import { - Folder, - Records, - folderRecordUpdateMessage, - normal64Bytes, - platform, - webSafe64FromBytes, -} from '@keeper-security/keeperapi' -import type { InMemoryStorage } from '../storage/InMemoryStorage' -import { VaultObjectKind } from '../folders/folderHelpers' -import { KeeperSdkError, ResultCodes, extractErrorMessage } from '../utils' + Folder, + Records, + folderRecordUpdateMessage, + normal64Bytes, + platform, + webSafe64FromBytes, +} from "@keeper-security/keeperapi"; +import type { InMemoryStorage } from "../storage/InMemoryStorage"; +import { VaultObjectKind } from "../folders/folderHelpers"; +import { KeeperSdkError, ResultCodes, extractErrorMessage } from "../utils"; import { - ensureNestedShareFolder, - ensureNestedShareRecord, - resolveNsfFolderIdentifier, - resolveNsfRecordIdentifier, -} from './nsfHelpers' -import type { LinkNsfRecordResult } from './nsfTypes' + ensureNestedShareFolder, + ensureNestedShareRecord, + resolveNsfFolderIdentifier, + resolveNsfRecordIdentifier, +} from "./nsfHelpers"; +import type { LinkNsfRecordResult } from "./nsfTypes"; function resolveRecordKeyType( - storage: InMemoryStorage, - recordUid: string + storage: InMemoryStorage, + recordUid: string, ): { encryptionType: EncryptionType; keyType: Folder.EncryptedKeyType } { - const metadata = storage.getByUid(VaultObjectKind.Metadata, recordUid) - if (metadata?.recordKeyType === Records.RecordKeyType.ENCRYPTED_BY_DATA_KEY) { - return { - encryptionType: 'cbc', - keyType: Folder.EncryptedKeyType.encrypted_by_data_key, - } - } + const metadata = storage.getByUid( + VaultObjectKind.Metadata, + recordUid, + ); + if (metadata?.recordKeyType === Records.RecordKeyType.ENCRYPTED_BY_DATA_KEY) { return { - encryptionType: 'gcm', - keyType: Folder.EncryptedKeyType.encrypted_by_data_key_gcm, - } + encryptionType: "cbc", + keyType: Folder.EncryptedKeyType.encrypted_by_data_key, + }; + } + return { + encryptionType: "gcm", + keyType: Folder.EncryptedKeyType.encrypted_by_data_key_gcm, + }; } async function buildRecordMetadata( - storage: InMemoryStorage, - folderUid: string, - recordUid: string + storage: InMemoryStorage, + folderUid: string, + recordUid: string, ): Promise { - const recordKey = await storage.getKeyBytes(recordUid) - const folderKey = await storage.getKeyBytes(folderUid) - if (!recordKey) { - throw new KeeperSdkError( - `Record key not found for ${recordUid}. Run sync() first.`, - ResultCodes.NSF_MISSING_KEY - ) - } - if (!folderKey) { - throw new KeeperSdkError( - `Folder key not found for ${folderUid}. Run sync() first.`, - ResultCodes.NSF_MISSING_KEY - ) - } + const recordKey = await storage.getKeyBytes(recordUid); + const folderKey = await storage.getKeyBytes(folderUid); + if (!recordKey) { + throw new KeeperSdkError( + `Record key not found for ${recordUid}. Run sync() first.`, + ResultCodes.NSF_MISSING_KEY, + ); + } + if (!folderKey) { + throw new KeeperSdkError( + `Folder key not found for ${folderUid}. Run sync() first.`, + ResultCodes.NSF_MISSING_KEY, + ); + } - const { encryptionType, keyType } = resolveRecordKeyType(storage, recordUid) - const encryptedRecordKey = await platform.wrapKey(recordUid, folderUid, encryptionType, storage) - return { - recordUid: normal64Bytes(recordUid), - encryptedRecordKey, - encryptedRecordKeyType: keyType, - } + const { encryptionType, keyType } = resolveRecordKeyType(storage, recordUid); + const encryptedRecordKey = await platform.wrapKey( + recordUid, + folderUid, + encryptionType, + storage, + ); + return { + recordUid: normal64Bytes(recordUid), + encryptedRecordKey, + encryptedRecordKeyType: keyType, + }; } function parseFolderRecordUpdateResponse( - response: Folder.IFolderRecordUpdateResponse, - folderUid: string, - recordUid: string + response: Folder.IFolderRecordUpdateResponse, + folderUid: string, + recordUid: string, ): LinkNsfRecordResult { - const result = response.folderRecordUpdateResult?.[0] - if (!result) { - return { - success: true, - recordUid, - folderUid, - status: 'SUCCESS', - message: 'Record added to folder successfully', - } - } - const statusName = Folder.FolderModifyStatus[result.status ?? Folder.FolderModifyStatus.SUCCESS] ?? 'UNKNOWN' - const success = result.status === Folder.FolderModifyStatus.SUCCESS + const result = response.folderRecordUpdateResult?.[0]; + if (!result) { return { - success, - recordUid: result.recordUid?.length ? webSafe64FromBytes(result.recordUid) : recordUid, - folderUid: response.folderUid?.length ? webSafe64FromBytes(response.folderUid) : folderUid, - status: statusName, - message: result.message || (success ? 'Record added to folder successfully' : 'Failed to link record'), - } + success: true, + recordUid, + folderUid, + status: "SUCCESS", + message: "Record added to folder successfully", + }; + } + const statusName = + Folder.FolderModifyStatus[ + result.status ?? Folder.FolderModifyStatus.SUCCESS + ] ?? "UNKNOWN"; + const success = result.status === Folder.FolderModifyStatus.SUCCESS; + return { + success, + recordUid: result.recordUid?.length + ? webSafe64FromBytes(result.recordUid) + : recordUid, + folderUid: response.folderUid?.length + ? webSafe64FromBytes(response.folderUid) + : folderUid, + status: statusName, + message: + result.message || + (success + ? "Record added to folder successfully" + : "Failed to link record"), + }; } export async function linkNestedShareRecord( - storage: InMemoryStorage, - auth: Auth, - recordIdentifier: string, - folderIdentifier: string + storage: InMemoryStorage, + auth: Auth, + recordIdentifier: string, + folderIdentifier: string, ): Promise { - const recordUid = resolveNsfRecordIdentifier(storage, recordIdentifier) - if (!recordUid) { - throw new KeeperSdkError(`Record '${recordIdentifier}' not found`, ResultCodes.NSF_NOT_FOUND) - } + const recordUid = resolveNsfRecordIdentifier(storage, recordIdentifier); + if (!recordUid) { + throw new KeeperSdkError( + `Record '${recordIdentifier}' not found`, + ResultCodes.NSF_NOT_FOUND, + ); + } - const folderUid = resolveNsfFolderIdentifier(storage, folderIdentifier) - if (!folderUid) { - throw new KeeperSdkError(`Folder '${folderIdentifier}' not found`, ResultCodes.NSF_NOT_FOUND) - } + const folderUid = resolveNsfFolderIdentifier(storage, folderIdentifier); + if (!folderUid) { + throw new KeeperSdkError( + `Folder '${folderIdentifier}' not found`, + ResultCodes.NSF_NOT_FOUND, + ); + } - ensureNestedShareRecord(storage, recordUid, recordIdentifier) - ensureNestedShareFolder(storage, folderUid, folderIdentifier) + ensureNestedShareRecord(storage, recordUid, recordIdentifier); + ensureNestedShareFolder(storage, folderUid, folderIdentifier); - try { - const recordMetadata = await buildRecordMetadata(storage, folderUid, recordUid) - const response = await auth.executeRest( - folderRecordUpdateMessage({ - folderUid: normal64Bytes(folderUid), - addRecords: [recordMetadata], - }) - ) - const parsed = parseFolderRecordUpdateResponse(response, folderUid, recordUid) - if (!parsed.success) { - throw new KeeperSdkError(parsed.message, ResultCodes.NSF_LINK_FAILED) - } - return parsed - } catch (err) { - if (err instanceof KeeperSdkError) throw err - throw new KeeperSdkError( - `Failed to link record to folder: ${extractErrorMessage(err)}`, - ResultCodes.NSF_LINK_FAILED - ) + try { + const recordMetadata = await buildRecordMetadata( + storage, + folderUid, + recordUid, + ); + const response = await auth.executeRest( + folderRecordUpdateMessage({ + folderUid: normal64Bytes(folderUid), + addRecords: [recordMetadata], + }), + ); + const parsed = parseFolderRecordUpdateResponse( + response, + folderUid, + recordUid, + ); + if (!parsed.success) { + throw new KeeperSdkError(parsed.message, ResultCodes.NSF_LINK_FAILED); } + return parsed; + } catch (err) { + if (err instanceof KeeperSdkError) throw err; + throw new KeeperSdkError( + `Failed to link record to folder: ${extractErrorMessage(err)}`, + ResultCodes.NSF_LINK_FAILED, + ); + } } diff --git a/KeeperSdk/src/nestedShareFolders/listNsf.ts b/KeeperSdk/src/nestedShareFolders/listNsf.ts index 0e21e178..07a4b5d8 100644 --- a/KeeperSdk/src/nestedShareFolders/listNsf.ts +++ b/KeeperSdk/src/nestedShareFolders/listNsf.ts @@ -1,162 +1,180 @@ -import type { InMemoryStorage } from '../storage/InMemoryStorage' +import type { InMemoryStorage } from "../storage/InMemoryStorage"; import { - NsfItemType, - findRecordFolderLocation, - getKeeperDriveFolders, - getKeeperDriveRecords, - getRecordDescription, - normalizeParentUid, - resolveKeeperDriveRootParentUid, -} from './nsfHelpers' -import { getRecordTitle, getRecordType } from '../records/RecordUtils' + NsfItemType, + findRecordFolderLocation, + getKeeperDriveFolders, + getKeeperDriveRecords, + getRecordDescription, + normalizeParentUid, + resolveKeeperDriveRootParentUid, +} from "./nsfHelpers"; +import { getRecordTitle, getRecordType } from "../records/RecordUtils"; import { - NSF_LIST_DEFAULT_COLUMN_WIDTH, - NSF_LIST_FULL_HEADERS, - NSF_LIST_MIN_TRUNCATE_PREFIX, - NSF_LIST_TABLE_HEADERS, -} from './nsfConstants' + NSF_LIST_DEFAULT_COLUMN_WIDTH, + NSF_LIST_FULL_HEADERS, + NSF_LIST_MIN_TRUNCATE_PREFIX, + NSF_LIST_TABLE_HEADERS, +} from "./nsfConstants"; import { - ListNsfFormat, - type FormattedListNsfTable, - type ListNsfFormatInput, - type ListNsfOptions, - type ListNsfRow, -} from './nsfTypes' + ListNsfFormat, + type FormattedListNsfTable, + type ListNsfFormatInput, + type ListNsfOptions, + type ListNsfRow, +} from "./nsfTypes"; function compareRows(a: ListNsfRow, b: ListNsfRow): number { - const typeCompare = a.itemType.localeCompare(b.itemType) - return typeCompare !== 0 ? typeCompare : a.title.localeCompare(b.title, undefined, { sensitivity: 'base' }) + const typeCompare = a.itemType.localeCompare(b.itemType); + return typeCompare !== 0 + ? typeCompare + : a.title.localeCompare(b.title, undefined, { sensitivity: "base" }); } -function resolveListParentOrFolder(storage: InMemoryStorage, value: string): string { - if (value !== 'root') return value - return resolveKeeperDriveRootParentUid(storage) ?? value +function resolveListParentOrFolder( + storage: InMemoryStorage, + value: string, +): string { + if (value !== "root") return value; + return resolveKeeperDriveRootParentUid(storage) ?? value; } function collectFolderRows(storage: InMemoryStorage): ListNsfRow[] { - return getKeeperDriveFolders(storage).map((folder) => ({ - itemType: NsfItemType.Folder, - uid: folder.uid, - title: folder.data.name || 'Unnamed', - type: '', - description: '', - parentOrFolder: resolveListParentOrFolder(storage, normalizeParentUid(storage, folder.parentUid)), - })) + return getKeeperDriveFolders(storage).map((folder) => ({ + itemType: NsfItemType.Folder, + uid: folder.uid, + title: folder.data.name || "Unnamed", + type: "", + description: "", + parentOrFolder: resolveListParentOrFolder( + storage, + normalizeParentUid(storage, folder.parentUid), + ), + })); } function collectRecordRows(storage: InMemoryStorage): ListNsfRow[] { - return getKeeperDriveRecords(storage).map((record) => ({ - itemType: NsfItemType.Record, - uid: record.uid, - title: getRecordTitle(record), - type: getRecordType(record), - description: getRecordDescription(record), - parentOrFolder: resolveListParentOrFolder( - storage, - findRecordFolderLocation(storage, record.uid) || 'root' - ), - })) + return getKeeperDriveRecords(storage).map((record) => ({ + itemType: NsfItemType.Record, + uid: record.uid, + title: getRecordTitle(record), + type: getRecordType(record), + description: getRecordDescription(record), + parentOrFolder: resolveListParentOrFolder( + storage, + findRecordFolderLocation(storage, record.uid) || "root", + ), + })); } -export function listNestedShareFolders(storage: InMemoryStorage, options: ListNsfOptions = {}): ListNsfRow[] { - const showFolders = options.folders ?? options.records == null - const showRecords = options.records ?? options.folders == null - const rows: ListNsfRow[] = [] - if (showFolders) rows.push(...collectFolderRows(storage)) - if (showRecords) rows.push(...collectRecordRows(storage)) - return rows.sort(compareRows) +export function listNestedShareFolders( + storage: InMemoryStorage, + options: ListNsfOptions = {}, +): ListNsfRow[] { + const showFolders = options.folders ?? options.records == null; + const showRecords = options.records ?? options.folders == null; + const rows: ListNsfRow[] = []; + if (showFolders) rows.push(...collectFolderRows(storage)); + if (showRecords) rows.push(...collectRecordRows(storage)); + return rows.sort(compareRows); } function truncateText(text: string, maxLength: number): string { - if (!text || text.length <= maxLength) return text - if (maxLength <= NSF_LIST_MIN_TRUNCATE_PREFIX) return text.slice(0, maxLength) - return `${text.slice(0, maxLength - NSF_LIST_MIN_TRUNCATE_PREFIX)}...` + if (!text || text.length <= maxLength) return text; + if (maxLength <= NSF_LIST_MIN_TRUNCATE_PREFIX) + return text.slice(0, maxLength); + return `${text.slice(0, maxLength - NSF_LIST_MIN_TRUNCATE_PREFIX)}...`; } export function formatListNsfTable( - rows: ListNsfRow[], - options: { columnWidth?: number } = {} + rows: ListNsfRow[], + options: { columnWidth?: number } = {}, ): FormattedListNsfTable { - const columnWidth = options.columnWidth ?? NSF_LIST_DEFAULT_COLUMN_WIDTH - const outRows = rows.map((row, index) => [ - String(index + 1), - row.itemType, - truncateText(row.uid, columnWidth), - truncateText(row.title, columnWidth), - truncateText(row.type, columnWidth), - truncateText(row.description, columnWidth), - ]) - return { headers: [...NSF_LIST_TABLE_HEADERS], rows: outRows } + const columnWidth = options.columnWidth ?? NSF_LIST_DEFAULT_COLUMN_WIDTH; + const outRows = rows.map((row, index) => [ + String(index + 1), + row.itemType, + truncateText(row.uid, columnWidth), + truncateText(row.title, columnWidth), + truncateText(row.type, columnWidth), + truncateText(row.description, columnWidth), + ]); + return { headers: [...NSF_LIST_TABLE_HEADERS], rows: outRows }; } export function renderListNsfAsciiTable( - table: FormattedListNsfTable, - options: { minColWidth?: number } = {} + table: FormattedListNsfTable, + options: { minColWidth?: number } = {}, ): string { - const { minColWidth = 2 } = options - const { headers, rows } = table - const columnCount = headers.length - const columnWidths = headers.map((header, columnIndex) => { - let width = Math.max(header.length, minColWidth) - for (const row of rows) { - width = Math.max(width, (row[columnIndex] || '').length, minColWidth) - } - return width - }) - const padCell = (cell: string, columnIndex: number) => - cell + ' '.repeat(columnWidths[columnIndex] - cell.length) - const formatRow = (cells: string[]) => cells.map((cell, columnIndex) => padCell(cell, columnIndex)).join(' ') - const ruleRow = columnWidths.map((width, columnIndex) => padCell('-'.repeat(width), columnIndex)).join(' ') - return [formatRow(headers), ruleRow, ...rows.map(formatRow)].join('\n') + const { minColWidth = 2 } = options; + const { headers, rows } = table; + const columnCount = headers.length; + const columnWidths = headers.map((header, columnIndex) => { + let width = Math.max(header.length, minColWidth); + for (const row of rows) { + width = Math.max(width, (row[columnIndex] || "").length, minColWidth); + } + return width; + }); + const padCell = (cell: string, columnIndex: number) => + cell + " ".repeat(columnWidths[columnIndex] - cell.length); + const formatRow = (cells: string[]) => + cells.map((cell, columnIndex) => padCell(cell, columnIndex)).join(" "); + const ruleRow = columnWidths + .map((width, columnIndex) => padCell("-".repeat(width), columnIndex)) + .join(" "); + return [formatRow(headers), ruleRow, ...rows.map(formatRow)].join("\n"); } function escapeCsvCell(value: string): string { - if (/[",\n\r]/.test(value)) return `"${value.replace(/"/g, '""')}"` - return value + if (/[",\n\r]/.test(value)) return `"${value.replace(/"/g, '""')}"`; + return value; } export function formatListNsfCsv(rows: ListNsfRow[]): string { - const lines = [NSF_LIST_FULL_HEADERS.join(',')] - for (const row of rows) { - lines.push( - [ - row.itemType, - row.uid, - row.title, - row.type, - row.description, - row.parentOrFolder, - ] - .map(escapeCsvCell) - .join(',') - ) - } - return lines.join('\n') + const lines = [NSF_LIST_FULL_HEADERS.join(",")]; + for (const row of rows) { + lines.push( + [ + row.itemType, + row.uid, + row.title, + row.type, + row.description, + row.parentOrFolder, + ] + .map(escapeCsvCell) + .join(","), + ); + } + return lines.join("\n"); } function toListNsfJsonRow(row: ListNsfRow): Record { - const out: Record = { - item_type: row.itemType, - uid: row.uid, - title: row.title, - parent_or_folder: row.parentOrFolder, - } - if (row.type) out.type = row.type - if (row.description) out.description = row.description - return out + const out: Record = { + item_type: row.itemType, + uid: row.uid, + title: row.title, + parent_or_folder: row.parentOrFolder, + }; + if (row.type) out.type = row.type; + if (row.description) out.description = row.description; + return out; } export function formatListNsfJson(rows: ListNsfRow[]): string { - return JSON.stringify(rows.map(toListNsfJsonRow), null, 2) + return JSON.stringify(rows.map(toListNsfJsonRow), null, 2); } -export function formatListNsfOutput(rows: ListNsfRow[], format: ListNsfFormatInput = ListNsfFormat.Table): string { - switch (format) { - case ListNsfFormat.CSV: - return formatListNsfCsv(rows) - case ListNsfFormat.JSON: - return formatListNsfJson(rows) - default: - return renderListNsfAsciiTable(formatListNsfTable(rows)) - } +export function formatListNsfOutput( + rows: ListNsfRow[], + format: ListNsfFormatInput = ListNsfFormat.Table, +): string { + switch (format) { + case ListNsfFormat.CSV: + return formatListNsfCsv(rows); + case ListNsfFormat.JSON: + return formatListNsfJson(rows); + default: + return renderListNsfAsciiTable(formatListNsfTable(rows)); + } } diff --git a/KeeperSdk/src/nestedShareFolders/mkdirNsf.ts b/KeeperSdk/src/nestedShareFolders/mkdirNsf.ts index b8350d7b..2190611b 100644 --- a/KeeperSdk/src/nestedShareFolders/mkdirNsf.ts +++ b/KeeperSdk/src/nestedShareFolders/mkdirNsf.ts @@ -1,224 +1,252 @@ -import type { Auth } from '@keeper-security/keeperapi' +import type { Auth } from "@keeper-security/keeperapi"; import { - Folder, - folderAddMessage, - generateEncryptionKey, - generateUid, - normal64Bytes, - platform, -} from '@keeper-security/keeperapi' -import type { InMemoryStorage } from '../storage/InMemoryStorage' -import { KeeperSdkError, ResultCodes, extractErrorMessage } from '../utils' -import { NSF_FOLDER_COLORS, type NsfFolderColor } from './nsfConstants' + Folder, + folderAddMessage, + generateEncryptionKey, + generateUid, + normal64Bytes, + platform, +} from "@keeper-security/keeperapi"; +import type { InMemoryStorage } from "../storage/InMemoryStorage"; +import { KeeperSdkError, ResultCodes, extractErrorMessage } from "../utils"; +import { NSF_FOLDER_COLORS, type NsfFolderColor } from "./nsfConstants"; import { - buildFolderOwnerInfo, - cacheNewNsfFolder, - findExistingChildFolder, - isNestedShareFolder, - parseFolderModifyStatus, - parseNsfPath, - requireAuthDataKey, - resolveKeeperDriveParentUid, -} from './nsfHelpers' + buildFolderOwnerInfo, + cacheNewNsfFolder, + findExistingChildFolder, + isNestedShareFolder, + parseFolderModifyStatus, + parseNsfPath, + requireAuthDataKey, + resolveKeeperDriveParentUid, +} from "./nsfHelpers"; import type { - FolderCreatePayload, - FolderSegmentCreateSpec, - MkdirNsfInput, - MkdirNsfResult, - NsfFolderColorInput, -} from './nsfTypes' + FolderCreatePayload, + FolderSegmentCreateSpec, + MkdirNsfInput, + MkdirNsfResult, + NsfFolderColorInput, +} from "./nsfTypes"; type NsfFolderMetadata = { - name: string - color?: string -} - -function normalizeColor(color?: NsfFolderColorInput): NsfFolderColor | undefined { - if (!color) return undefined - if (!NSF_FOLDER_COLORS.some((candidate) => candidate === color)) { - throw new KeeperSdkError( - `Invalid color '${color}'. Use: ${NSF_FOLDER_COLORS.join(', ')}.`, - ResultCodes.NSF_MKDIR_FAILED - ) - } - return color + name: string; + color?: string; +}; + +function normalizeColor( + color?: NsfFolderColorInput, +): NsfFolderColor | undefined { + if (!color) return undefined; + if (!NSF_FOLDER_COLORS.some((candidate) => candidate === color)) { + throw new KeeperSdkError( + `Invalid color '${color}'. Use: ${NSF_FOLDER_COLORS.join(", ")}.`, + ResultCodes.NSF_MKDIR_FAILED, + ); + } + return color; } function resolveBaseFolderUid( - storage: InMemoryStorage, - baseFolderUid: string | null | undefined + storage: InMemoryStorage, + baseFolderUid: string | null | undefined, ): string | null { - if (!baseFolderUid) return null - return isNestedShareFolder(storage, baseFolderUid) ? baseFolderUid : null + if (!baseFolderUid) return null; + return isNestedShareFolder(storage, baseFolderUid) ? baseFolderUid : null; } async function resolveFolderKeyEncryptionKey( - storage: InMemoryStorage, - auth: Auth, - parentUid: string | null + storage: InMemoryStorage, + auth: Auth, + parentUid: string | null, ): Promise { - if (parentUid) { - const parentKey = await storage.getKeyBytes(parentUid) - if (parentKey) return parentKey - } - return requireAuthDataKey(auth) + if (parentUid) { + const parentKey = await storage.getKeyBytes(parentUid); + if (parentKey) return parentKey; + } + return requireAuthDataKey(auth); } async function buildFolderCreatePayload( - storage: InMemoryStorage, - auth: Auth, - folderName: string, - parentUid: string | null, - color: NsfFolderColor | undefined, - inheritPermissions: boolean + storage: InMemoryStorage, + auth: Auth, + folderName: string, + parentUid: string | null, + color: NsfFolderColor | undefined, + inheritPermissions: boolean, ): Promise { - const folderUid = generateUid() - const folderKey = generateEncryptionKey() - await storage.saveKeyBytes(folderUid, folderKey) - - const metadata: NsfFolderMetadata = { name: folderName } - if (color && color !== 'none') metadata.color = color - - const resolvedParentUid = resolveKeeperDriveParentUid(storage, parentUid) - const encryptedData = await platform.aesGcmEncrypt( - platform.stringToBytes(JSON.stringify(metadata)), - folderKey - ) - const encryptionKey = await resolveFolderKeyEncryptionKey(storage, auth, resolvedParentUid) - const encryptedFolderKey = await platform.aesGcmEncrypt(folderKey, encryptionKey) - - return { - folderUid, - folderName, - parentUid, - inheritPermissions, - folderData: Folder.FolderData.create({ - folderUid: normal64Bytes(folderUid), - parentUid: resolvedParentUid ? normal64Bytes(resolvedParentUid) : undefined, - data: encryptedData, - folderKey: encryptedFolderKey, - type: Folder.FolderUsageType.UT_NORMAL, - inheritUserPermissions: inheritPermissions - ? Folder.SetBooleanValue.BOOLEAN_TRUE - : Folder.SetBooleanValue.BOOLEAN_FALSE, - ownerInfo: buildFolderOwnerInfo(auth), - }), - } + const folderUid = generateUid(); + const folderKey = generateEncryptionKey(); + await storage.saveKeyBytes(folderUid, folderKey); + + const metadata: NsfFolderMetadata = { name: folderName }; + if (color && color !== "none") metadata.color = color; + + const resolvedParentUid = resolveKeeperDriveParentUid(storage, parentUid); + const encryptedData = await platform.aesGcmEncrypt( + platform.stringToBytes(JSON.stringify(metadata)), + folderKey, + ); + const encryptionKey = await resolveFolderKeyEncryptionKey( + storage, + auth, + resolvedParentUid, + ); + const encryptedFolderKey = await platform.aesGcmEncrypt( + folderKey, + encryptionKey, + ); + + return { + folderUid, + folderName, + parentUid, + inheritPermissions, + folderData: Folder.FolderData.create({ + folderUid: normal64Bytes(folderUid), + parentUid: resolvedParentUid + ? normal64Bytes(resolvedParentUid) + : undefined, + data: encryptedData, + folderKey: encryptedFolderKey, + type: Folder.FolderUsageType.UT_NORMAL, + inheritUserPermissions: inheritPermissions + ? Folder.SetBooleanValue.BOOLEAN_TRUE + : Folder.SetBooleanValue.BOOLEAN_FALSE, + ownerInfo: buildFolderOwnerInfo(auth), + }), + }; } async function createFolderSegmentsBatch( - storage: InMemoryStorage, - auth: Auth, - segments: FolderSegmentCreateSpec[], - parentUid: string | null + storage: InMemoryStorage, + auth: Auth, + segments: FolderSegmentCreateSpec[], + parentUid: string | null, ): Promise<{ folderUid: string }> { - let currentParentUid = parentUid - const payloads: FolderCreatePayload[] = [] - - for (const segment of segments) { - const payload = await buildFolderCreatePayload( - storage, - auth, - segment.segmentName, - currentParentUid, - segment.color, - segment.inheritPermissions - ) - payloads.push(payload) - currentParentUid = payload.folderUid - } - - const response = await auth.executeRest( - folderAddMessage({ folderData: payloads.map((entry) => entry.folderData) }) - ) - - for (let index = 0; index < payloads.length; index++) { - const payload = payloads[index] - parseFolderModifyStatus(response.folderAddResults?.[index], ResultCodes.NSF_MKDIR_FAILED) - await cacheNewNsfFolder( - storage, - auth, - payload.folderUid, - payload.folderName, - payload.parentUid, - payload.inheritPermissions - ) - } - - return { folderUid: payloads[payloads.length - 1].folderUid } + let currentParentUid = parentUid; + const payloads: FolderCreatePayload[] = []; + + for (const segment of segments) { + const payload = await buildFolderCreatePayload( + storage, + auth, + segment.segmentName, + currentParentUid, + segment.color, + segment.inheritPermissions, + ); + payloads.push(payload); + currentParentUid = payload.folderUid; + } + + const response = await auth.executeRest( + folderAddMessage({ folderData: payloads.map((entry) => entry.folderData) }), + ); + + for (let index = 0; index < payloads.length; index++) { + const payload = payloads[index]; + parseFolderModifyStatus( + response.folderAddResults?.[index], + ResultCodes.NSF_MKDIR_FAILED, + ); + await cacheNewNsfFolder( + storage, + auth, + payload.folderUid, + payload.folderName, + payload.parentUid, + payload.inheritPermissions, + ); + } + + return { folderUid: payloads[payloads.length - 1].folderUid }; } export async function mkdirNestedShareFolder( - storage: InMemoryStorage, - auth: Auth, - input: MkdirNsfInput + storage: InMemoryStorage, + auth: Auth, + input: MkdirNsfInput, ): Promise { - const folderPath = (input.folder ?? '').trim() - if (!folderPath) { - throw new KeeperSdkError('Folder name is required.', ResultCodes.NSF_MKDIR_FAILED) - } - - const color = normalizeColor(input.color) - const inheritPermissions = !input.noInheritPermissions - const segments = parseNsfPath(folderPath) - let parentUid: string | null = resolveBaseFolderUid(storage, input.baseFolderUid) - const lastIdx = segments.length - 1 - let createdUid: string | undefined - const pendingSegments: FolderSegmentCreateSpec[] = [] - - const flushPendingSegments = async (): Promise => { - if (pendingSegments.length === 0) return - const result = await createFolderSegmentsBatch(storage, auth, pendingSegments, parentUid) - createdUid = result.folderUid - parentUid = result.folderUid - pendingSegments.length = 0 - } - - try { - for (let idx = 0; idx < segments.length; idx++) { - const segment = segments[idx] - const isLeaf = idx === lastIdx - const existingUid = findExistingChildFolder(storage, segment, parentUid) - - if (existingUid) { - await flushPendingSegments() - if (isLeaf) { - return { - folderUid: existingUid, - created: false, - message: `Folder "${segment}" already exists.`, - } - } - parentUid = existingUid - continue - } - - pendingSegments.push({ - segmentName: segment, - color: isLeaf ? color : undefined, - inheritPermissions: isLeaf ? inheritPermissions : true, - }) + const folderPath = (input.folder ?? "").trim(); + if (!folderPath) { + throw new KeeperSdkError( + "Folder name is required.", + ResultCodes.NSF_MKDIR_FAILED, + ); + } + + const color = normalizeColor(input.color); + const inheritPermissions = !input.noInheritPermissions; + const segments = parseNsfPath(folderPath); + let parentUid: string | null = resolveBaseFolderUid( + storage, + input.baseFolderUid, + ); + const lastIdx = segments.length - 1; + let createdUid: string | undefined; + const pendingSegments: FolderSegmentCreateSpec[] = []; + + const flushPendingSegments = async (): Promise => { + if (pendingSegments.length === 0) return; + const result = await createFolderSegmentsBatch( + storage, + auth, + pendingSegments, + parentUid, + ); + createdUid = result.folderUid; + parentUid = result.folderUid; + pendingSegments.length = 0; + }; + + try { + for (let idx = 0; idx < segments.length; idx++) { + const segment = segments[idx]; + const isLeaf = idx === lastIdx; + const existingUid = findExistingChildFolder(storage, segment, parentUid); + + if (existingUid) { + await flushPendingSegments(); + if (isLeaf) { + return { + folderUid: existingUid, + created: false, + message: `Folder "${segment}" already exists.`, + }; } + parentUid = existingUid; + continue; + } + + pendingSegments.push({ + segmentName: segment, + color: isLeaf ? color : undefined, + inheritPermissions: isLeaf ? inheritPermissions : true, + }); + } - await flushPendingSegments() - - if (!createdUid) { - throw new KeeperSdkError('Folder creation did not return a UID.', ResultCodes.NSF_MKDIR_FAILED) - } + await flushPendingSegments(); - return { - folderUid: createdUid, - created: true, - message: - segments.length > 1 - ? `Created folder path "${folderPath}".` - : `Created folder "${segments[lastIdx]}".`, - } - } catch (err) { - if (err instanceof KeeperSdkError) throw err - throw new KeeperSdkError( - `Failed to create nested share folder: ${extractErrorMessage(err)}`, - ResultCodes.NSF_MKDIR_FAILED - ) + if (!createdUid) { + throw new KeeperSdkError( + "Folder creation did not return a UID.", + ResultCodes.NSF_MKDIR_FAILED, + ); } + + return { + folderUid: createdUid, + created: true, + message: + segments.length > 1 + ? `Created folder path "${folderPath}".` + : `Created folder "${segments[lastIdx]}".`, + }; + } catch (err) { + if (err instanceof KeeperSdkError) throw err; + throw new KeeperSdkError( + `Failed to create nested share folder: ${extractErrorMessage(err)}`, + ResultCodes.NSF_MKDIR_FAILED, + ); + } } diff --git a/KeeperSdk/src/nestedShareFolders/nsfConstants.ts b/KeeperSdk/src/nestedShareFolders/nsfConstants.ts index 24c6b2d4..8d81f866 100644 --- a/KeeperSdk/src/nestedShareFolders/nsfConstants.ts +++ b/KeeperSdk/src/nestedShareFolders/nsfConstants.ts @@ -1,263 +1,313 @@ -import { Folder } from '@keeper-security/keeperapi' -import { KeeperSdkError, ResultCodes } from '../utils' +import { Folder } from "@keeper-security/keeperapi"; +import { KeeperSdkError, ResultCodes } from "../utils"; export const NSF_LEGACY_RECORD_MSG = - "Record '{0}' is a legacy vault record. Nested Share Folder commands operate only on Nested Share Records." + "Record '{0}' is a legacy vault record. Nested Share Folder commands operate only on Nested Share Records."; export const NSF_LEGACY_FOLDER_MSG = - "Folder '{0}' is a legacy folder. Nested Share Folder commands operate only on Nested Share Folders." + "Folder '{0}' is a legacy folder. Nested Share Folder commands operate only on Nested Share Folders."; -export const NSF_LEGACY_RECORD_TYPES = new Set(['legacy', 'general']) +export const NSF_LEGACY_RECORD_TYPES = new Set(["legacy", "general"]); export const NSF_ACCESS_TYPE_LABELS: Record = { - [Folder.AccessType.AT_USER]: 'user', - [Folder.AccessType.AT_TEAM]: 'team', - [Folder.AccessType.AT_OWNER]: 'owner', - [Folder.AccessType.AT_ENTERPRISE]: 'enterprise', - [Folder.AccessType.AT_FOLDER]: 'folder', - [Folder.AccessType.AT_APPLICATION]: 'application', -} + [Folder.AccessType.AT_USER]: "user", + [Folder.AccessType.AT_TEAM]: "team", + [Folder.AccessType.AT_OWNER]: "owner", + [Folder.AccessType.AT_ENTERPRISE]: "enterprise", + [Folder.AccessType.AT_FOLDER]: "folder", + [Folder.AccessType.AT_APPLICATION]: "application", +}; -export const NSF_SENSITIVE_FIELD_TYPES = new Set(['password', 'secret', 'pinCode']) -export const NSF_NOTE_FIELD_TYPES = new Set(['note', 'multiline']) -export const NSF_TOP_LEVEL_FIELD_TYPES = new Set(['login', 'password', 'url', 'note', 'multiline', 'text']) -export const NSF_UNKNOWN_RECORD_TITLES = new Set(['(no data)', '(untitled)', 'Unknown']) -export const NSF_RECORD_DESCRIPTION_MAX_LENGTH = 120 +export const NSF_SENSITIVE_FIELD_TYPES = new Set([ + "password", + "secret", + "pinCode", +]); +export const NSF_NOTE_FIELD_TYPES = new Set(["note", "multiline"]); +export const NSF_TOP_LEVEL_FIELD_TYPES = new Set([ + "login", + "password", + "url", + "note", + "multiline", + "text", +]); +export const NSF_UNKNOWN_RECORD_TITLES = new Set([ + "(no data)", + "(untitled)", + "Unknown", +]); +export const NSF_RECORD_DESCRIPTION_MAX_LENGTH = 120; -export const NSF_MASKED_VALUE = '********' -export const NSF_FOLDER_LABEL_WIDTH = 22 -export const NSF_RECORD_LABEL_WIDTH = 17 -export const NSF_USER_PERMISSIONS_HEADING = 'User Permissions:' -export const NSF_FOLDER_SHARE_ADMINS_HEADING = 'Share Administrators:' -export const NSF_SHARE_ADMINS_PREVIEW_LIMIT = 10 +export const NSF_MASKED_VALUE = "********"; +export const NSF_FOLDER_LABEL_WIDTH = 22; +export const NSF_RECORD_LABEL_WIDTH = 17; +export const NSF_USER_PERMISSIONS_HEADING = "User Permissions:"; +export const NSF_FOLDER_SHARE_ADMINS_HEADING = "Share Administrators:"; +export const NSF_SHARE_ADMINS_PREVIEW_LIMIT = 10; -export const NSF_LIST_TABLE_HEADERS = ['#', 'Item Type', 'UID', 'Title', 'Type', 'Description'] as const +export const NSF_LIST_TABLE_HEADERS = [ + "#", + "Item Type", + "UID", + "Title", + "Type", + "Description", +] as const; export const NSF_LIST_FULL_HEADERS = [ - 'Item Type', - 'UID', - 'Title', - 'Type', - 'Description', - 'Parent/Folder', -] as const -export const NSF_LIST_DEFAULT_COLUMN_WIDTH = 40 -export const NSF_LIST_MIN_TRUNCATE_PREFIX = 3 - -export const NSF_MAX_RECORD_BATCH = 500 -export const NSF_MAX_FOLDER_REMOVALS = 100 + "Item Type", + "UID", + "Title", + "Type", + "Description", + "Parent/Folder", +] as const; +export const NSF_LIST_DEFAULT_COLUMN_WIDTH = 40; +export const NSF_LIST_MIN_TRUNCATE_PREFIX = 3; -export const NSF_PATH_SENTINEL = '\x00' +export const NSF_MAX_RECORD_BATCH = 500; +export const NSF_MAX_FOLDER_REMOVALS = 100; -export const NSF_FOLDER_COLORS = ['none', 'red', 'orange', 'yellow', 'green', 'blue', 'gray'] as const -export type NsfFolderColor = (typeof NSF_FOLDER_COLORS)[number] +export const NSF_PATH_SENTINEL = "\x00"; +export const NSF_FOLDER_COLORS = [ + "none", + "red", + "orange", + "yellow", + "green", + "blue", + "gray", +] as const; +export type NsfFolderColor = (typeof NSF_FOLDER_COLORS)[number]; export const NSF_KNOWN_FIELD_TYPES = new Set([ - 'login', - 'password', - 'url', - 'email', - 'text', - 'multiline', - 'secret', - 'note', - 'onetimecode', - 'date', - 'phone', - 'name', - 'address', - 'paymentcard', - 'bankaccount', - 'securityquestion', - 'host', - 'keypair', - 'fileref', - 'passkey', - 'pincode', -]) - + "login", + "password", + "url", + "email", + "text", + "multiline", + "secret", + "note", + "onetimecode", + "date", + "phone", + "name", + "address", + "paymentcard", + "bankaccount", + "securityquestion", + "host", + "keypair", + "fileref", + "passkey", + "pincode", +]); export const NSF_STRUCTURED_SUBKEYS: Record> = { - name: new Set(['first', 'middle', 'last']), - host: new Set(['hostName', 'port', 'host']), - address: new Set(['street1', 'street2', 'city', 'state', 'zip', 'country', 'address']), - paymentcard: new Set(['cardNumber', 'cardExpirationDate', 'cardSecurityCode', 'cardPin']), - bankaccount: new Set(['accountNumber', 'routingNumber', 'accountType']), - securityquestion: new Set(['question', 'answer']), - phone: new Set(['number', 'region', 'type', 'ext']), -} + name: new Set(["first", "middle", "last"]), + host: new Set(["hostName", "port", "host"]), + address: new Set([ + "street1", + "street2", + "city", + "state", + "zip", + "country", + "address", + ]), + paymentcard: new Set([ + "cardNumber", + "cardExpirationDate", + "cardSecurityCode", + "cardPin", + ]), + bankaccount: new Set(["accountNumber", "routingNumber", "accountType"]), + securityquestion: new Set(["question", "answer"]), + phone: new Set(["number", "region", "type", "ext"]), +}; export enum NSFShareRoleName { - Contributor = 'contributor', - Viewer = 'viewer', - ShareManager = 'share-manager', - ContentManager = 'content-manager', - ContentShareManager = 'content-share-manager', - FullManager = 'full-manager', - Unresolved = 'unresolved', + Contributor = "contributor", + Viewer = "viewer", + ShareManager = "share-manager", + ContentManager = "content-manager", + ContentShareManager = "content-share-manager", + FullManager = "full-manager", + Unresolved = "unresolved", } export const NSF_RECORD_PERMISSION_ROLES = [ - NSFShareRoleName.Viewer, - NSFShareRoleName.ShareManager, - NSFShareRoleName.ContentManager, - NSFShareRoleName.ContentShareManager, - NSFShareRoleName.FullManager, -] as const -export type NsfRecordPermissionRole = (typeof NSF_RECORD_PERMISSION_ROLES)[number] + NSFShareRoleName.Viewer, + NSFShareRoleName.ShareManager, + NSFShareRoleName.ContentManager, + NSFShareRoleName.ContentShareManager, + NSFShareRoleName.FullManager, +] as const; +export type NsfRecordPermissionRole = + (typeof NSF_RECORD_PERMISSION_ROLES)[number]; export const NSF_RECORD_PERMISSION_ROLE_LABELS: Record = { - [Folder.AccessRoleType.NAVIGATOR]: NSFShareRoleName.Contributor, - [Folder.AccessRoleType.REQUESTOR]: NSFShareRoleName.Contributor, - [Folder.AccessRoleType.VIEWER]: NSFShareRoleName.Viewer, - [Folder.AccessRoleType.SHARED_MANAGER]: NSFShareRoleName.ShareManager, - [Folder.AccessRoleType.CONTENT_MANAGER]: NSFShareRoleName.ContentManager, - [Folder.AccessRoleType.CONTENT_SHARE_MANAGER]: NSFShareRoleName.ContentShareManager, - [Folder.AccessRoleType.MANAGER]: NSFShareRoleName.FullManager, - [Folder.AccessRoleType.UNRESOLVED]: NSFShareRoleName.Unresolved, -} + [Folder.AccessRoleType.NAVIGATOR]: NSFShareRoleName.Contributor, + [Folder.AccessRoleType.REQUESTOR]: NSFShareRoleName.Contributor, + [Folder.AccessRoleType.VIEWER]: NSFShareRoleName.Viewer, + [Folder.AccessRoleType.SHARED_MANAGER]: NSFShareRoleName.ShareManager, + [Folder.AccessRoleType.CONTENT_MANAGER]: NSFShareRoleName.ContentManager, + [Folder.AccessRoleType.CONTENT_SHARE_MANAGER]: + NSFShareRoleName.ContentShareManager, + [Folder.AccessRoleType.MANAGER]: NSFShareRoleName.FullManager, + [Folder.AccessRoleType.UNRESOLVED]: NSFShareRoleName.Unresolved, +}; -export const NSF_RECORD_PERMISSION_ROLE_MAP: Record = { - [NSFShareRoleName.Contributor]: Folder.AccessRoleType.REQUESTOR, - requestor: Folder.AccessRoleType.REQUESTOR, - [NSFShareRoleName.Viewer]: Folder.AccessRoleType.VIEWER, - [NSFShareRoleName.ShareManager]: Folder.AccessRoleType.SHARED_MANAGER, - share_manager: Folder.AccessRoleType.SHARED_MANAGER, - shared_manager: Folder.AccessRoleType.SHARED_MANAGER, - [NSFShareRoleName.ContentManager]: Folder.AccessRoleType.CONTENT_MANAGER, - content_manager: Folder.AccessRoleType.CONTENT_MANAGER, - [NSFShareRoleName.ContentShareManager]: Folder.AccessRoleType.CONTENT_SHARE_MANAGER, - content_share_manager: Folder.AccessRoleType.CONTENT_SHARE_MANAGER, - [NSFShareRoleName.FullManager]: Folder.AccessRoleType.MANAGER, - full_manager: Folder.AccessRoleType.MANAGER, -} +export const NSF_RECORD_PERMISSION_ROLE_MAP: Record< + string, + Folder.AccessRoleType +> = { + [NSFShareRoleName.Contributor]: Folder.AccessRoleType.REQUESTOR, + requestor: Folder.AccessRoleType.REQUESTOR, + [NSFShareRoleName.Viewer]: Folder.AccessRoleType.VIEWER, + [NSFShareRoleName.ShareManager]: Folder.AccessRoleType.SHARED_MANAGER, + share_manager: Folder.AccessRoleType.SHARED_MANAGER, + shared_manager: Folder.AccessRoleType.SHARED_MANAGER, + [NSFShareRoleName.ContentManager]: Folder.AccessRoleType.CONTENT_MANAGER, + content_manager: Folder.AccessRoleType.CONTENT_MANAGER, + [NSFShareRoleName.ContentShareManager]: + Folder.AccessRoleType.CONTENT_SHARE_MANAGER, + content_share_manager: Folder.AccessRoleType.CONTENT_SHARE_MANAGER, + [NSFShareRoleName.FullManager]: Folder.AccessRoleType.MANAGER, + full_manager: Folder.AccessRoleType.MANAGER, +}; -export const NSF_SHARE_EXPIRATION_NEVER = 'never' +export const NSF_SHARE_EXPIRATION_NEVER = "never"; export enum NsfShareCommandName { - FolderShare = 'nsf-share-folder', - RecordShare = 'nsf-share-record', + FolderShare = "nsf-share-folder", + RecordShare = "nsf-share-record", } -export const NSF_SHARE_BATCH_SIZE = 200 +export const NSF_SHARE_BATCH_SIZE = 200; export enum TeamGetKeysResponseKeyType { - EccPublicKey = -1, - RsaPublicKey = -3, - EncryptedAesTeamKeyByDataKey = 1, - EncryptedAesTeamKeyByRsa = 2, - EncryptedAesTeamKeyByDataKeyGcm = 3, - EncryptedAesTeamKeyByEcc = 4, + EccPublicKey = -1, + RsaPublicKey = -3, + EncryptedAesTeamKeyByDataKey = 1, + EncryptedAesTeamKeyByRsa = 2, + EncryptedAesTeamKeyByDataKeyGcm = 3, + EncryptedAesTeamKeyByEcc = 4, } -export const MIN_SHARE_EXPIRATION_MS = 60_000 -export const NSF_TLA_EXPIRATION_TOLERANCE_MS = 60_000 +export const MIN_SHARE_EXPIRATION_MS = 60_000; +export const NSF_TLA_EXPIRATION_TOLERANCE_MS = 60_000; -const NSF_SHARE_EXPIRATION_DAY_MS = 86_400_000 +const NSF_SHARE_EXPIRATION_DAY_MS = 86_400_000; -export const NSF_SHARE_EXPIRATION_RE = /^(\d+)\s*(mi(?:nutes?)?|h(?:ours?)?|d(?:ays?)?|mo(?:nths?)?|y(?:ears?)?)$/i +export const NSF_SHARE_EXPIRATION_RE = + /^(\d+)\s*(mi(?:nutes?)?|h(?:ours?)?|d(?:ays?)?|mo(?:nths?)?|y(?:ears?)?)$/i; export const NSF_SHARE_EXPIRATION_UNIT_MS: Record = { - mi: 60_000, - m: 60_000, - minute: 60_000, - minutes: 60_000, - h: 3_600_000, - hour: 3_600_000, - hours: 3_600_000, - d: NSF_SHARE_EXPIRATION_DAY_MS, - day: NSF_SHARE_EXPIRATION_DAY_MS, - days: NSF_SHARE_EXPIRATION_DAY_MS, - mo: 30 * NSF_SHARE_EXPIRATION_DAY_MS, - month: 30 * NSF_SHARE_EXPIRATION_DAY_MS, - months: 30 * NSF_SHARE_EXPIRATION_DAY_MS, - y: 365 * NSF_SHARE_EXPIRATION_DAY_MS, - year: 365 * NSF_SHARE_EXPIRATION_DAY_MS, - years: 365 * NSF_SHARE_EXPIRATION_DAY_MS, -} + mi: 60_000, + m: 60_000, + minute: 60_000, + minutes: 60_000, + h: 3_600_000, + hour: 3_600_000, + hours: 3_600_000, + d: NSF_SHARE_EXPIRATION_DAY_MS, + day: NSF_SHARE_EXPIRATION_DAY_MS, + days: NSF_SHARE_EXPIRATION_DAY_MS, + mo: 30 * NSF_SHARE_EXPIRATION_DAY_MS, + month: 30 * NSF_SHARE_EXPIRATION_DAY_MS, + months: 30 * NSF_SHARE_EXPIRATION_DAY_MS, + y: 365 * NSF_SHARE_EXPIRATION_DAY_MS, + year: 365 * NSF_SHARE_EXPIRATION_DAY_MS, + years: 365 * NSF_SHARE_EXPIRATION_DAY_MS, +}; type FolderRolePermissionFlags = { - canAdd?: boolean - canRemove?: boolean - canDelete?: boolean - canListAccess?: boolean - canUpdateAccess?: boolean - canChangeOwnership?: boolean - canEditRecords?: boolean - canViewRecords?: boolean - canApproveAccess?: boolean - canRequestAccess?: boolean - canUpdateSetting?: boolean - canListRecords?: boolean - canListFolders?: boolean -} + canAdd?: boolean; + canRemove?: boolean; + canDelete?: boolean; + canListAccess?: boolean; + canUpdateAccess?: boolean; + canChangeOwnership?: boolean; + canEditRecords?: boolean; + canViewRecords?: boolean; + canApproveAccess?: boolean; + canRequestAccess?: boolean; + canUpdateSetting?: boolean; + canListRecords?: boolean; + canListFolders?: boolean; +}; const NSF_FOLDER_ROLE_PERMISSIONS: Record = { - [Folder.AccessRoleType.NAVIGATOR]: { - canListFolders: true, - }, - [Folder.AccessRoleType.REQUESTOR]: { - canRequestAccess: true, - canListRecords: true, - canListFolders: true, - }, - [Folder.AccessRoleType.VIEWER]: { - canListAccess: true, - canViewRecords: true, - canListRecords: true, - canListFolders: true, - }, - [Folder.AccessRoleType.SHARED_MANAGER]: { - canListAccess: true, - canUpdateAccess: true, - canViewRecords: true, - canApproveAccess: true, - canListRecords: true, - canListFolders: true, - }, - [Folder.AccessRoleType.CONTENT_MANAGER]: { - canAdd: true, - canListAccess: true, - canEditRecords: true, - canViewRecords: true, - canListRecords: true, - canListFolders: true, - }, - [Folder.AccessRoleType.CONTENT_SHARE_MANAGER]: { - canAdd: true, - canRemove: true, - canListAccess: true, - canUpdateAccess: true, - canEditRecords: true, - canViewRecords: true, - canApproveAccess: true, - canUpdateSetting: true, - canListRecords: true, - canListFolders: true, - }, - [Folder.AccessRoleType.MANAGER]: { - canAdd: true, - canRemove: true, - canDelete: true, - canListAccess: true, - canUpdateAccess: true, - canChangeOwnership: true, - canEditRecords: true, - canViewRecords: true, - canApproveAccess: true, - canUpdateSetting: true, - canListRecords: true, - canListFolders: true, - }, -} + [Folder.AccessRoleType.NAVIGATOR]: { + canListFolders: true, + }, + [Folder.AccessRoleType.REQUESTOR]: { + canRequestAccess: true, + canListRecords: true, + canListFolders: true, + }, + [Folder.AccessRoleType.VIEWER]: { + canListAccess: true, + canViewRecords: true, + canListRecords: true, + canListFolders: true, + }, + [Folder.AccessRoleType.SHARED_MANAGER]: { + canListAccess: true, + canUpdateAccess: true, + canViewRecords: true, + canApproveAccess: true, + canListRecords: true, + canListFolders: true, + }, + [Folder.AccessRoleType.CONTENT_MANAGER]: { + canAdd: true, + canListAccess: true, + canEditRecords: true, + canViewRecords: true, + canListRecords: true, + canListFolders: true, + }, + [Folder.AccessRoleType.CONTENT_SHARE_MANAGER]: { + canAdd: true, + canRemove: true, + canListAccess: true, + canUpdateAccess: true, + canEditRecords: true, + canViewRecords: true, + canApproveAccess: true, + canUpdateSetting: true, + canListRecords: true, + canListFolders: true, + }, + [Folder.AccessRoleType.MANAGER]: { + canAdd: true, + canRemove: true, + canDelete: true, + canListAccess: true, + canUpdateAccess: true, + canChangeOwnership: true, + canEditRecords: true, + canViewRecords: true, + canApproveAccess: true, + canUpdateSetting: true, + canListRecords: true, + canListFolders: true, + }, +}; -export function getFolderPermissionsForRole(roleType: Folder.AccessRoleType): Folder.IFolderPermissions { - const flags = NSF_FOLDER_ROLE_PERMISSIONS[roleType] - if (!flags) { - throw new KeeperSdkError( - `Unknown folder access role type: ${roleType}`, - ResultCodes.NSF_SHARE_FAILED - ) - } - return Folder.FolderPermissions.create(flags) +export function getFolderPermissionsForRole( + roleType: Folder.AccessRoleType, +): Folder.IFolderPermissions { + const flags = NSF_FOLDER_ROLE_PERMISSIONS[roleType]; + if (!flags) { + throw new KeeperSdkError( + `Unknown folder access role type: ${roleType}`, + ResultCodes.NSF_SHARE_FAILED, + ); + } + return Folder.FolderPermissions.create(flags); } diff --git a/KeeperSdk/src/nestedShareFolders/nsfHelpers.ts b/KeeperSdk/src/nestedShareFolders/nsfHelpers.ts index abd3510a..f9c721c1 100644 --- a/KeeperSdk/src/nestedShareFolders/nsfHelpers.ts +++ b/KeeperSdk/src/nestedShareFolders/nsfHelpers.ts @@ -1,1363 +1,1674 @@ import type { - Auth, - DRecord, - DUser, - DKdFolder, - DKdFolderAccess, - DKdFolderRecord, - DKdRecordAccess, -} from '@keeper-security/keeperapi' + Auth, + DRecord, + DUser, + DKdFolder, + DKdFolderAccess, + DKdFolderRecord, + DKdRecordAccess, +} from "@keeper-security/keeperapi"; import { - Folder, - Records, - getFolderAccessMessage, - getRecordAccessMessage, - getShareObjectsMessage, - normal64Bytes, - record, - webSafe64FromBytes, -} from '@keeper-security/keeperapi' -import type { InMemoryStorage } from '../storage/InMemoryStorage' -import { VaultObjectKind } from '../folders/folderHelpers' -import { KeeperSdkError, ResultCodes, extractErrorMessage } from '../utils' -import { getRecordTitle } from '../records/RecordUtils' + Folder, + Records, + getFolderAccessMessage, + getRecordAccessMessage, + getShareObjectsMessage, + normal64Bytes, + record, + webSafe64FromBytes, +} from "@keeper-security/keeperapi"; +import type { InMemoryStorage } from "../storage/InMemoryStorage"; +import { VaultObjectKind } from "../folders/folderHelpers"; +import { KeeperSdkError, ResultCodes, extractErrorMessage } from "../utils"; +import { getRecordTitle } from "../records/RecordUtils"; import { - NSF_ACCESS_TYPE_LABELS, - NSF_LEGACY_FOLDER_MSG, - NSF_LEGACY_RECORD_MSG, - NSF_NOTE_FIELD_TYPES, - NSF_PATH_SENTINEL, - NSF_RECORD_DESCRIPTION_MAX_LENGTH, - NSF_RECORD_PERMISSION_ROLE_LABELS, - NSF_RECORD_PERMISSION_ROLE_MAP, - NSF_RECORD_PERMISSION_ROLES, - NSF_SENSITIVE_FIELD_TYPES, - NSF_SHARE_BATCH_SIZE, - MIN_SHARE_EXPIRATION_MS, - NSF_TLA_EXPIRATION_TOLERANCE_MS, - NSF_SHARE_EXPIRATION_RE, - NSF_SHARE_EXPIRATION_UNIT_MS, - NSF_SHARE_EXPIRATION_NEVER, - NsfShareCommandName, -} from './nsfConstants' -import { NsfAccessRoleLabel, NSF_ACCESS_ROLE_LABELS, type ParseShareExpirationInput } from './nsfTypes' + NSF_ACCESS_TYPE_LABELS, + NSF_LEGACY_FOLDER_MSG, + NSF_LEGACY_RECORD_MSG, + NSF_NOTE_FIELD_TYPES, + NSF_PATH_SENTINEL, + NSF_RECORD_DESCRIPTION_MAX_LENGTH, + NSF_RECORD_PERMISSION_ROLE_LABELS, + NSF_RECORD_PERMISSION_ROLE_MAP, + NSF_RECORD_PERMISSION_ROLES, + NSF_SENSITIVE_FIELD_TYPES, + NSF_SHARE_BATCH_SIZE, + MIN_SHARE_EXPIRATION_MS, + NSF_TLA_EXPIRATION_TOLERANCE_MS, + NSF_SHARE_EXPIRATION_RE, + NSF_SHARE_EXPIRATION_UNIT_MS, + NSF_SHARE_EXPIRATION_NEVER, + NsfShareCommandName, +} from "./nsfConstants"; +import { + NsfAccessRoleLabel, + NSF_ACCESS_ROLE_LABELS, + type ParseShareExpirationInput, +} from "./nsfTypes"; export enum KeeperDriveKind { - Folder = 'keeper_drive_folder', - FolderAccess = 'keeper_drive_folder_access', - FolderRecord = 'keeper_drive_folder_record', - RecordAccess = 'keeper_drive_record_access', + Folder = "keeper_drive_folder", + FolderAccess = "keeper_drive_folder_access", + FolderRecord = "keeper_drive_folder_record", + RecordAccess = "keeper_drive_record_access", } export enum NsfItemType { - Folder = 'Folder', - Record = 'Record', + Folder = "Folder", + Record = "Record", } export function nsfToNumber( - value: number | { toNumber: () => number } | null | undefined, - fallback?: number + value: number | { toNumber: () => number } | null | undefined, + fallback?: number, ): number | undefined { - if (value == null) return fallback - return typeof value === 'number' ? value : value.toNumber() + if (value == null) return fallback; + return typeof value === "number" ? value : value.toNumber(); } export function requireAuthAccountUid(auth: Auth): Uint8Array { - const accountUid = auth.accountUid - if (!accountUid?.length) { - throw new KeeperSdkError('Not logged in. Call login() first.', ResultCodes.NOT_LOGGED_IN) - } - return accountUid + const accountUid = auth.accountUid; + if (!accountUid?.length) { + throw new KeeperSdkError( + "Not logged in. Call login() first.", + ResultCodes.NOT_LOGGED_IN, + ); + } + return accountUid; } export function requireAuthDataKey(auth: Auth): Uint8Array { - if (!auth.dataKey?.length) { - throw new KeeperSdkError('Data key not available. Ensure you are logged in.', ResultCodes.NSF_MISSING_KEY) - } - return auth.dataKey + if (!auth.dataKey?.length) { + throw new KeeperSdkError( + "Data key not available. Ensure you are logged in.", + ResultCodes.NSF_MISSING_KEY, + ); + } + return auth.dataKey; } export function buildFolderOwnerInfo(auth: Auth): Folder.IUserInfo | undefined { - if (!auth.accountUid?.length) return undefined - return { - accountUid: auth.accountUid, - username: auth.username, - } + if (!auth.accountUid?.length) return undefined; + return { + accountUid: auth.accountUid, + username: auth.username, + }; } export function parseFolderModifyStatus( - result: Folder.IFolderModifyResult | null | undefined, - failureCode: string + result: Folder.IFolderModifyResult | null | undefined, + failureCode: string, ): string { - if (!result) { - throw new KeeperSdkError('No results from folder operation.', failureCode) - } - const status = result.status ?? Folder.FolderModifyStatus.SUCCESS - const statusName = Folder.FolderModifyStatus[status] ?? String(status) - if (status !== Folder.FolderModifyStatus.SUCCESS) { - throw new KeeperSdkError( - result.message || `Folder operation failed (${statusName}).`, - failureCode - ) - } - return result.message || 'Folder operation succeeded' + if (!result) { + throw new KeeperSdkError("No results from folder operation.", failureCode); + } + const status = result.status ?? Folder.FolderModifyStatus.SUCCESS; + const statusName = Folder.FolderModifyStatus[status] ?? String(status); + if (status !== Folder.FolderModifyStatus.SUCCESS) { + throw new KeeperSdkError( + result.message || `Folder operation failed (${statusName}).`, + failureCode, + ); + } + return result.message || "Folder operation succeeded"; } export function parseRecordModifyStatus( - result: Records.IRecordModifyStatus | null | undefined, - failureCode: string + result: Records.IRecordModifyStatus | null | undefined, + failureCode: string, ): { statusName: string; message: string } { - if (!result) { - throw new KeeperSdkError('No results from record operation.', failureCode) - } - const status = result.status ?? Records.RecordModifyResult.RS_SUCCESS - const statusName = - status === Records.RecordModifyResult.RS_SUCCESS - ? 'SUCCESS' - : (Records.RecordModifyResult[status] ?? String(status)) - if (status !== Records.RecordModifyResult.RS_SUCCESS) { - throw new KeeperSdkError( - result.message || `Record operation failed (${statusName}).`, - failureCode - ) - } - return { - statusName, - message: result.message || 'Record operation succeeded', - } -} - -export function isNestedShareRecord(storage: InMemoryStorage, recordUid: string): boolean { - return !!getKeeperDriveRecord(storage, recordUid) + if (!result) { + throw new KeeperSdkError("No results from record operation.", failureCode); + } + const status = result.status ?? Records.RecordModifyResult.RS_SUCCESS; + const statusName = + status === Records.RecordModifyResult.RS_SUCCESS + ? "SUCCESS" + : (Records.RecordModifyResult[status] ?? String(status)); + if (status !== Records.RecordModifyResult.RS_SUCCESS) { + throw new KeeperSdkError( + result.message || `Record operation failed (${statusName}).`, + failureCode, + ); + } + return { + statusName, + message: result.message || "Record operation succeeded", + }; +} + +export function isNestedShareRecord( + storage: InMemoryStorage, + recordUid: string, +): boolean { + return !!getKeeperDriveRecord(storage, recordUid); } function getKnownKeeperDriveFolderUids(storage: InMemoryStorage): Set { - return new Set(getKeeperDriveFolders(storage).map((folder) => folder.uid)) + return new Set(getKeeperDriveFolders(storage).map((folder) => folder.uid)); } -export function resolveKeeperDriveRootParentUid(storage: InMemoryStorage): string | undefined { - const knownFolderUids = getKnownKeeperDriveFolderUids(storage) - for (const folder of getKeeperDriveFolders(storage)) { - const parentUid = folder.parentUid?.trim() - if (parentUid && !knownFolderUids.has(parentUid)) { - return parentUid - } +export function resolveKeeperDriveRootParentUid( + storage: InMemoryStorage, +): string | undefined { + const knownFolderUids = getKnownKeeperDriveFolderUids(storage); + for (const folder of getKeeperDriveFolders(storage)) { + const parentUid = folder.parentUid?.trim(); + if (parentUid && !knownFolderUids.has(parentUid)) { + return parentUid; } - return undefined + } + return undefined; } export function isRootFolderUid( - storage: InMemoryStorage, - folderUid: string | undefined | null + storage: InMemoryStorage, + folderUid: string | undefined | null, ): boolean { - const value = (folderUid ?? '').trim() - if (!value) return true - const driveRoot = resolveKeeperDriveRootParentUid(storage) - return !!driveRoot && value === driveRoot + const value = (folderUid ?? "").trim(); + if (!value) return true; + const driveRoot = resolveKeeperDriveRootParentUid(storage); + return !!driveRoot && value === driveRoot; } export function normalizeParentUid( - storage: InMemoryStorage, - parentUid: string | undefined | null + storage: InMemoryStorage, + parentUid: string | undefined | null, ): string { - return isRootFolderUid(storage, parentUid) ? 'root' : (parentUid ?? '').trim() -} - -export function isNestedShareFolder(storage: InMemoryStorage, folderUid: string): boolean { - if (isRootFolderUid(storage, folderUid)) return true - return !!getKeeperDriveFolder(storage, folderUid) + return isRootFolderUid(storage, parentUid) + ? "root" + : (parentUid ?? "").trim(); } -export function ensureNestedShareRecord(storage: InMemoryStorage, recordUid: string, identifier?: string): void { - if (isNestedShareRecord(storage, recordUid)) return - const ident = identifier ?? recordUid - throw new KeeperSdkError(NSF_LEGACY_RECORD_MSG.replace('{0}', ident), ResultCodes.NSF_LEGACY_RECORD) +export function isNestedShareFolder( + storage: InMemoryStorage, + folderUid: string, +): boolean { + if (isRootFolderUid(storage, folderUid)) return true; + return !!getKeeperDriveFolder(storage, folderUid); } -export function ensureNestedShareFolder(storage: InMemoryStorage, folderUid: string, identifier?: string): void { - if (isNestedShareFolder(storage, folderUid)) return - const ident = identifier ?? folderUid - throw new KeeperSdkError(NSF_LEGACY_FOLDER_MSG.replace('{0}', ident), ResultCodes.NSF_LEGACY_FOLDER) +export function ensureNestedShareRecord( + storage: InMemoryStorage, + recordUid: string, + identifier?: string, +): void { + if (isNestedShareRecord(storage, recordUid)) return; + const ident = identifier ?? recordUid; + throw new KeeperSdkError( + NSF_LEGACY_RECORD_MSG.replace("{0}", ident), + ResultCodes.NSF_LEGACY_RECORD, + ); +} + +export function ensureNestedShareFolder( + storage: InMemoryStorage, + folderUid: string, + identifier?: string, +): void { + if (isNestedShareFolder(storage, folderUid)) return; + const ident = identifier ?? folderUid; + throw new KeeperSdkError( + NSF_LEGACY_FOLDER_MSG.replace("{0}", ident), + ResultCodes.NSF_LEGACY_FOLDER, + ); } function resolveByUidOrName( - items: T[], - identifier: string, - getUid: (item: T) => string, - getName: (item: T) => string + items: T[], + identifier: string, + getUid: (item: T) => string, + getName: (item: T) => string, ): T | undefined { - const trimmed = identifier.trim() - if (!trimmed) return undefined - - const byUid = items.find((item) => getUid(item) === trimmed) - if (byUid) return byUid - - const lower = trimmed.toLowerCase() - const nameMatches = items.filter((item) => getName(item).toLowerCase() === lower) - if (nameMatches.length === 1) return nameMatches[0] - if (nameMatches.length > 1) { - throw new KeeperSdkError( - `Multiple matches found for "${identifier}". Use a UID instead.`, - ResultCodes.MULTIPLE_NSF_MATCHES - ) - } - return undefined -} - -function resolveRecordByTitleSearch(storage: InMemoryStorage, identifier: string): DRecord | undefined { - const lower = identifier.toLowerCase() - const matches = getKeeperDriveRecords(storage).filter((record) => { - const title = getRecordTitle(record) - return title && lower.length > 0 && title.toLowerCase().includes(lower) - }) - if (matches.length === 1) return matches[0] - if (matches.length > 1) { - throw new KeeperSdkError( - `Multiple records matched "${identifier}". Use a UID instead.`, - ResultCodes.MULTIPLE_NSF_MATCHES - ) - } - return undefined + const trimmed = identifier.trim(); + if (!trimmed) return undefined; + + const byUid = items.find((item) => getUid(item) === trimmed); + if (byUid) return byUid; + + const lower = trimmed.toLowerCase(); + const nameMatches = items.filter( + (item) => getName(item).toLowerCase() === lower, + ); + if (nameMatches.length === 1) return nameMatches[0]; + if (nameMatches.length > 1) { + throw new KeeperSdkError( + `Multiple matches found for "${identifier}". Use a UID instead.`, + ResultCodes.MULTIPLE_NSF_MATCHES, + ); + } + return undefined; +} + +function resolveRecordByTitleSearch( + storage: InMemoryStorage, + identifier: string, +): DRecord | undefined { + const lower = identifier.toLowerCase(); + const matches = getKeeperDriveRecords(storage).filter((record) => { + const title = getRecordTitle(record); + return title && lower.length > 0 && title.toLowerCase().includes(lower); + }); + if (matches.length === 1) return matches[0]; + if (matches.length > 1) { + throw new KeeperSdkError( + `Multiple records matched "${identifier}". Use a UID instead.`, + ResultCodes.MULTIPLE_NSF_MATCHES, + ); + } + return undefined; } -function resolveFolderByPath(storage: InMemoryStorage, identifier: string): string | undefined { - const trimmed = identifier.trim().replace(/^\/+/, '') - if (!trimmed) return resolveKeeperDriveRootParentUid(storage) ?? '' +function resolveFolderByPath( + storage: InMemoryStorage, + identifier: string, +): string | undefined { + const trimmed = identifier.trim().replace(/^\/+/, ""); + if (!trimmed) return resolveKeeperDriveRootParentUid(storage) ?? ""; - const targetPath = `/${trimmed.toLowerCase()}` - for (const folder of getKeeperDriveFolders(storage)) { - if (buildFolderPath(storage, folder.uid).toLowerCase() === targetPath) { - return folder.uid - } + const targetPath = `/${trimmed.toLowerCase()}`; + for (const folder of getKeeperDriveFolders(storage)) { + if (buildFolderPath(storage, folder.uid).toLowerCase() === targetPath) { + return folder.uid; } - return undefined + } + return undefined; } -export function resolveNsfRecordIdentifier(storage: InMemoryStorage, identifier: string): string | undefined { - const trimmed = identifier.trim() - if (!trimmed) return undefined +export function resolveNsfRecordIdentifier( + storage: InMemoryStorage, + identifier: string, +): string | undefined { + const trimmed = identifier.trim(); + if (!trimmed) return undefined; - const kdRecord = getKeeperDriveRecord(storage, trimmed) - if (kdRecord) return kdRecord.uid + const kdRecord = getKeeperDriveRecord(storage, trimmed); + if (kdRecord) return kdRecord.uid; - const anyRecord = storage.getByUid(VaultObjectKind.Record, trimmed) - if (anyRecord) return anyRecord.uid + const anyRecord = storage.getByUid(VaultObjectKind.Record, trimmed); + if (anyRecord) return anyRecord.uid; - return resolveRecordByTitleSearch(storage, trimmed)?.uid + return resolveRecordByTitleSearch(storage, trimmed)?.uid; } -export function resolveNsfFolderIdentifier(storage: InMemoryStorage, identifier: string): string | undefined { - const trimmed = identifier.trim() - if (!trimmed) return undefined +export function resolveNsfFolderIdentifier( + storage: InMemoryStorage, + identifier: string, +): string | undefined { + const trimmed = identifier.trim(); + if (!trimmed) return undefined; + + if (trimmed.toLowerCase() === "root" || trimmed === "/") { + return resolveKeeperDriveRootParentUid(storage) ?? ""; + } + const driveRoot = resolveKeeperDriveRootParentUid(storage); + if (driveRoot && trimmed === driveRoot) return driveRoot; - if (trimmed.toLowerCase() === 'root' || trimmed === '/') { - return resolveKeeperDriveRootParentUid(storage) ?? '' - } - const driveRoot = resolveKeeperDriveRootParentUid(storage) - if (driveRoot && trimmed === driveRoot) return driveRoot - - const byUidOrName = resolveByUidOrName( - getKeeperDriveFolders(storage), - trimmed, - (folder) => folder.uid, - (folder) => folder.data.name || '' - ) - if (byUidOrName) return byUidOrName.uid + const byUidOrName = resolveByUidOrName( + getKeeperDriveFolders(storage), + trimmed, + (folder) => folder.uid, + (folder) => folder.data.name || "", + ); + if (byUidOrName) return byUidOrName.uid; - return resolveFolderByPath(storage, trimmed) + return resolveFolderByPath(storage, trimmed); } -export function resolveNsfFolderUidOrName(storage: InMemoryStorage, identifier: string): string | undefined { - const trimmed = identifier.trim() - if (!trimmed) return undefined +export function resolveNsfFolderUidOrName( + storage: InMemoryStorage, + identifier: string, +): string | undefined { + const trimmed = identifier.trim(); + if (!trimmed) return undefined; - if (getKeeperDriveFolder(storage, trimmed)) return trimmed + if (getKeeperDriveFolder(storage, trimmed)) return trimmed; - return resolveByUidOrName( - getKeeperDriveFolders(storage), - trimmed, - (folder) => folder.uid, - (folder) => folder.data.name || '' - )?.uid + return resolveByUidOrName( + getKeeperDriveFolders(storage), + trimmed, + (folder) => folder.uid, + (folder) => folder.data.name || "", + )?.uid; } export function parseNsfPath(folderPath: string): string[] { - const collapsed = folderPath.replace(/\/\//g, NSF_PATH_SENTINEL) - const segments: string[] = [] - for (const raw of collapsed.split('/')) { - const name = raw.replace(new RegExp(NSF_PATH_SENTINEL, 'g'), '/').trim() - if (name) segments.push(name) - } - if (segments.length === 0) { - throw new KeeperSdkError('Invalid folder name.', ResultCodes.NSF_MKDIR_FAILED) - } - return segments + const collapsed = folderPath.replace(/\/\//g, NSF_PATH_SENTINEL); + const segments: string[] = []; + for (const raw of collapsed.split("/")) { + const name = raw.replace(new RegExp(NSF_PATH_SENTINEL, "g"), "/").trim(); + if (name) segments.push(name); + } + if (segments.length === 0) { + throw new KeeperSdkError( + "Invalid folder name.", + ResultCodes.NSF_MKDIR_FAILED, + ); + } + return segments; } -function isVirtualDriveRootParent(storage: InMemoryStorage, parentUid: string | undefined | null): boolean { - const trimmed = parentUid?.trim() - if (!trimmed || isRootFolderUid(storage, trimmed)) return true - return !getKnownKeeperDriveFolderUids(storage).has(trimmed) +function isVirtualDriveRootParent( + storage: InMemoryStorage, + parentUid: string | undefined | null, +): boolean { + const trimmed = parentUid?.trim(); + if (!trimmed || isRootFolderUid(storage, trimmed)) return true; + return !getKnownKeeperDriveFolderUids(storage).has(trimmed); } -function isRootLevelParent(storage: InMemoryStorage, parentUid: string | undefined | null): boolean { - return isVirtualDriveRootParent(storage, parentUid) +function isRootLevelParent( + storage: InMemoryStorage, + parentUid: string | undefined | null, +): boolean { + return isVirtualDriveRootParent(storage, parentUid); } function folderParentsMatch( - storage: InMemoryStorage, - folderParentUid: string | undefined, - searchParentUid: string | null | undefined + storage: InMemoryStorage, + folderParentUid: string | undefined, + searchParentUid: string | null | undefined, ): boolean { - if (normalizeParentUid(storage, folderParentUid) === normalizeParentUid(storage, searchParentUid)) { - return true - } - return isRootLevelParent(storage, searchParentUid) && isRootLevelParent(storage, folderParentUid) + if ( + normalizeParentUid(storage, folderParentUid) === + normalizeParentUid(storage, searchParentUid) + ) { + return true; + } + return ( + isRootLevelParent(storage, searchParentUid) && + isRootLevelParent(storage, folderParentUid) + ); } export function findExistingChildFolder( - storage: InMemoryStorage, - segment: string, - parentUid: string | null | undefined + storage: InMemoryStorage, + segment: string, + parentUid: string | null | undefined, ): string | undefined { - const byUid = getKeeperDriveFolder(storage, segment) - if (byUid) { - if (parentUid == null || parentUid === '') { - return segment - } - if (normalizeParentUid(storage, byUid.parentUid) === normalizeParentUid(storage, parentUid)) { - return segment - } - return undefined + const byUid = getKeeperDriveFolder(storage, segment); + if (byUid) { + if (parentUid == null || parentUid === "") { + return segment; } + if ( + normalizeParentUid(storage, byUid.parentUid) === + normalizeParentUid(storage, parentUid) + ) { + return segment; + } + return undefined; + } - const lower = segment.toLowerCase() - const exactMatches: string[] = [] - const rootMatches: string[] = [] + const lower = segment.toLowerCase(); + const exactMatches: string[] = []; + const rootMatches: string[] = []; - for (const folder of getKeeperDriveFolders(storage)) { - const name = folder.data.name || '' - if (name.toLowerCase() !== lower) continue + for (const folder of getKeeperDriveFolders(storage)) { + const name = folder.data.name || ""; + if (name.toLowerCase() !== lower) continue; - if (normalizeParentUid(storage, folder.parentUid) === normalizeParentUid(storage, parentUid)) { - exactMatches.push(folder.uid) - continue - } - if (folderParentsMatch(storage, folder.parentUid, parentUid)) { - rootMatches.push(folder.uid) - } + if ( + normalizeParentUid(storage, folder.parentUid) === + normalizeParentUid(storage, parentUid) + ) { + exactMatches.push(folder.uid); + continue; + } + if (folderParentsMatch(storage, folder.parentUid, parentUid)) { + rootMatches.push(folder.uid); } + } - if (exactMatches.length > 0) return exactMatches[0] - if (rootMatches.length > 0) return rootMatches[0] - return undefined + if (exactMatches.length > 0) return exactMatches[0]; + if (rootMatches.length > 0) return rootMatches[0]; + return undefined; } export function resolveKeeperDriveParentUid( - storage: InMemoryStorage, - parentUid: string | null | undefined + storage: InMemoryStorage, + parentUid: string | null | undefined, ): string | null { - if (parentUid && !isRootFolderUid(storage, parentUid)) return parentUid - return resolveKeeperDriveRootParentUid(storage) ?? null + if (parentUid && !isRootFolderUid(storage, parentUid)) return parentUid; + return resolveKeeperDriveRootParentUid(storage) ?? null; } export async function cacheNewNsfFolder( - storage: InMemoryStorage, - auth: { username?: string; accountUid?: Uint8Array }, - folderUid: string, - name: string, - parentUid: string | null | undefined, - inheritPermissions: boolean + storage: InMemoryStorage, + auth: { username?: string; accountUid?: Uint8Array }, + folderUid: string, + name: string, + parentUid: string | null | undefined, + inheritPermissions: boolean, ): Promise { - const normalizedParent = - parentUid && !isRootFolderUid(storage, parentUid) - ? parentUid.trim() - : resolveKeeperDriveRootParentUid(storage) - await storage.put({ - kind: 'keeper_drive_folder', - uid: folderUid, - data: { name }, - parentUid: normalizedParent, - ownerInfo: { - accountUid: auth.accountUid?.length ? webSafe64FromBytes(auth.accountUid) : undefined, - username: auth.username, - }, - type: Folder.FolderUsageType.UT_NORMAL, - inheritUserPermissions: inheritPermissions - ? Folder.SetBooleanValue.BOOLEAN_TRUE - : Folder.SetBooleanValue.BOOLEAN_FALSE, - }) + const normalizedParent = + parentUid && !isRootFolderUid(storage, parentUid) + ? parentUid.trim() + : resolveKeeperDriveRootParentUid(storage); + await storage.put({ + kind: "keeper_drive_folder", + uid: folderUid, + data: { name }, + parentUid: normalizedParent, + ownerInfo: { + accountUid: auth.accountUid?.length + ? webSafe64FromBytes(auth.accountUid) + : undefined, + username: auth.username, + }, + type: Folder.FolderUsageType.UT_NORMAL, + inheritUserPermissions: inheritPermissions + ? Folder.SetBooleanValue.BOOLEAN_TRUE + : Folder.SetBooleanValue.BOOLEAN_FALSE, + }); } export function checkFolderDeletePermission( - storage: InMemoryStorage, - folderUid: string, - username: string, - accountUid: Uint8Array + storage: InMemoryStorage, + folderUid: string, + username: string, + accountUid: Uint8Array, ): void { - if (isRootFolderUid(storage, folderUid)) { - throw new KeeperSdkError('The root folder cannot be removed.', ResultCodes.NSF_PERMISSION_DENIED) - } - - const accountUidStr = toRequiredAccountUidStr(accountUid) - const entries = getFolderAccessEntries(storage, folderUid) - if (entries.length === 0) return - - for (const entry of entries) { - if (!isCurrentUserFolderAccess(storage, entry, username, accountUidStr)) continue - if (entry.accessType === Folder.AccessType.AT_OWNER || entry.permission?.canDelete) return - throw new KeeperSdkError( - 'You do not have permission to delete this folder.', - ResultCodes.NSF_PERMISSION_DENIED - ) - } + if (isRootFolderUid(storage, folderUid)) { throw new KeeperSdkError( - 'You do not have permission to delete this folder.', - ResultCodes.NSF_PERMISSION_DENIED + "The root folder cannot be removed.", + ResultCodes.NSF_PERMISSION_DENIED, + ); + } + + const accountUidStr = toRequiredAccountUidStr(accountUid); + const entries = getFolderAccessEntries(storage, folderUid); + if (entries.length === 0) return; + + for (const entry of entries) { + if (!isCurrentUserFolderAccess(storage, entry, username, accountUidStr)) + continue; + if ( + entry.accessType === Folder.AccessType.AT_OWNER || + entry.permission?.canDelete ) -} - -export function findNestedShareFoldersForRecord(storage: InMemoryStorage, recordUid: string): string[] { - return storage - .getAll(KeeperDriveKind.FolderRecord) - .filter((entry) => entry.recordUid === recordUid) - .map((entry) => entry.folderUid) + return; + throw new KeeperSdkError( + "You do not have permission to delete this folder.", + ResultCodes.NSF_PERMISSION_DENIED, + ); + } + throw new KeeperSdkError( + "You do not have permission to delete this folder.", + ResultCodes.NSF_PERMISSION_DENIED, + ); +} + +export function findNestedShareFoldersForRecord( + storage: InMemoryStorage, + recordUid: string, +): string[] { + return storage + .getAll(KeeperDriveKind.FolderRecord) + .filter((entry) => entry.recordUid === recordUid) + .map((entry) => entry.folderUid); } function toRequiredAccountUidStr(accountUid: Uint8Array): string { - if (!accountUid.length) { - throw new KeeperSdkError('Not logged in. Call login() first.', ResultCodes.NOT_LOGGED_IN) - } - return webSafe64FromBytes(accountUid) + if (!accountUid.length) { + throw new KeeperSdkError( + "Not logged in. Call login() first.", + ResultCodes.NOT_LOGGED_IN, + ); + } + return webSafe64FromBytes(accountUid); } function isCurrentUserRecordAccess( - storage: InMemoryStorage, - entry: DKdRecordAccess, - username: string, - accountUidStr: string + storage: InMemoryStorage, + entry: DKdRecordAccess, + username: string, + accountUidStr: string, ): boolean { - if ( - entry.accessType !== Folder.AccessType.AT_USER && - entry.accessType !== Folder.AccessType.AT_OWNER - ) { - return false - } - return ( - entry.accessTypeUid === accountUidStr || - (username.length > 0 && - storage.getAll('user').some( - (user) => - user.username.toLowerCase() === username.toLowerCase() && - webSafe64FromBytes(user.accountUid) === entry.accessTypeUid - )) - ) + if ( + entry.accessType !== Folder.AccessType.AT_USER && + entry.accessType !== Folder.AccessType.AT_OWNER + ) { + return false; + } + return ( + entry.accessTypeUid === accountUidStr || + (username.length > 0 && + storage + .getAll("user") + .some( + (user) => + user.username.toLowerCase() === username.toLowerCase() && + webSafe64FromBytes(user.accountUid) === entry.accessTypeUid, + )) + ); } function isCurrentUserFolderAccess( - storage: InMemoryStorage, - entry: DKdFolderAccess, - username: string, - accountUidStr: string + storage: InMemoryStorage, + entry: DKdFolderAccess, + username: string, + accountUidStr: string, ): boolean { - if ( - entry.accessType !== Folder.AccessType.AT_USER && - entry.accessType !== Folder.AccessType.AT_OWNER - ) { - return false - } - return ( - entry.accessTypeUid === accountUidStr || - (username.length > 0 && - storage.getAll('user').some( - (user) => - user.username === username && - webSafe64FromBytes(user.accountUid) === entry.accessTypeUid - )) - ) -} - -function isFolderOwnerAccount(storage: InMemoryStorage, folderUid: string, accountUidStr: string): boolean { - if (isRootFolderUid(storage, folderUid)) return true - const folder = getKeeperDriveFolder(storage, folderUid) - return folder?.ownerInfo?.accountUid === accountUidStr + if ( + entry.accessType !== Folder.AccessType.AT_USER && + entry.accessType !== Folder.AccessType.AT_OWNER + ) { + return false; + } + return ( + entry.accessTypeUid === accountUidStr || + (username.length > 0 && + storage + .getAll("user") + .some( + (user) => + user.username === username && + webSafe64FromBytes(user.accountUid) === entry.accessTypeUid, + )) + ); +} + +function isFolderOwnerAccount( + storage: InMemoryStorage, + folderUid: string, + accountUidStr: string, +): boolean { + if (isRootFolderUid(storage, folderUid)) return true; + const folder = getKeeperDriveFolder(storage, folderUid); + return folder?.ownerInfo?.accountUid === accountUidStr; } type FolderPermissionFlag = - | 'canRemove' - | 'canDelete' - | 'canUpdateAccess' - | 'canEditRecords' - | 'canUpdateSetting' - | 'canChangeOwnership' + | "canRemove" + | "canDelete" + | "canUpdateAccess" + | "canEditRecords" + | "canUpdateSetting" + | "canChangeOwnership"; function hasFolderPermission( - storage: InMemoryStorage, - folderUid: string, - username: string, - accountUid: Uint8Array, - permission: FolderPermissionFlag + storage: InMemoryStorage, + folderUid: string, + username: string, + accountUid: Uint8Array, + permission: FolderPermissionFlag, ): boolean { - const accountUidStr = toRequiredAccountUidStr(accountUid) - if (isFolderOwnerAccount(storage, folderUid, accountUidStr)) return true + const accountUidStr = toRequiredAccountUidStr(accountUid); + if (isFolderOwnerAccount(storage, folderUid, accountUidStr)) return true; - for (const entry of getFolderAccessEntries(storage, folderUid)) { - if (!isCurrentUserFolderAccess(storage, entry, username, accountUidStr)) continue - if (entry.permission?.[permission]) return true - } - return false + for (const entry of getFolderAccessEntries(storage, folderUid)) { + if (!isCurrentUserFolderAccess(storage, entry, username, accountUidStr)) + continue; + if (entry.permission?.[permission]) return true; + } + return false; } -function getRecordAccessEntries(storage: InMemoryStorage, recordUid: string): DKdRecordAccess[] { - return storage - .getAll(KeeperDriveKind.RecordAccess) - .filter((entry) => entry.recordUid === recordUid) +function getRecordAccessEntries( + storage: InMemoryStorage, + recordUid: string, +): DKdRecordAccess[] { + return storage + .getAll(KeeperDriveKind.RecordAccess) + .filter((entry) => entry.recordUid === recordUid); } function canRecordBeDeleted( - storage: InMemoryStorage, - recordUid: string, - username: string, - accountUid: Uint8Array, - folderUid?: string + storage: InMemoryStorage, + recordUid: string, + username: string, + accountUid: Uint8Array, + folderUid?: string, ): boolean { - const accountUidStr = toRequiredAccountUidStr(accountUid) - const entries = getRecordAccessEntries(storage, recordUid) - if (entries.length === 0) return true - - for (const entry of entries) { - if (!isCurrentUserRecordAccess(storage, entry, username, accountUidStr)) continue - if (entry.owner || entry.canDelete) return true - if ( - folderUid && - !isRootFolderUid(storage, folderUid) && - hasFolderPermission(storage, folderUid, username, accountUid, 'canDelete') - ) { - return true - } - return false + const accountUidStr = toRequiredAccountUidStr(accountUid); + const entries = getRecordAccessEntries(storage, recordUid); + if (entries.length === 0) return true; + + for (const entry of entries) { + if (!isCurrentUserRecordAccess(storage, entry, username, accountUidStr)) + continue; + if (entry.owner || entry.canDelete) return true; + if ( + folderUid && + !isRootFolderUid(storage, folderUid) && + hasFolderPermission(storage, folderUid, username, accountUid, "canDelete") + ) { + return true; } + return false; + } - return ( - !!folderUid && - !isRootFolderUid(storage, folderUid) && - hasFolderPermission(storage, folderUid, username, accountUid, 'canDelete') - ) + return ( + !!folderUid && + !isRootFolderUid(storage, folderUid) && + hasFolderPermission(storage, folderUid, username, accountUid, "canDelete") + ); } function canShareRecord( - storage: InMemoryStorage, - recordUid: string, - username: string, - accountUid: Uint8Array, - folderUid?: string + storage: InMemoryStorage, + recordUid: string, + username: string, + accountUid: Uint8Array, + folderUid?: string, ): boolean { - const accountUidStr = toRequiredAccountUidStr(accountUid) - const entries = getRecordAccessEntries(storage, recordUid) - if (entries.length === 0) return true - - for (const entry of entries) { - if (!isCurrentUserRecordAccess(storage, entry, username, accountUidStr)) continue - if (entry.owner || entry.canUpdateAccess) return true - if ( - folderUid && - !isRootFolderUid(storage, folderUid) && - hasFolderPermission(storage, folderUid, username, accountUid, 'canUpdateAccess') - ) { - return true - } - for (const parentFolderUid of findNestedShareFoldersForRecord(storage, recordUid)) { - if ( - !isRootFolderUid(storage, parentFolderUid) && - hasFolderPermission(storage, parentFolderUid, username, accountUid, 'canUpdateAccess') - ) { - return true - } - } - return false + const accountUidStr = toRequiredAccountUidStr(accountUid); + const entries = getRecordAccessEntries(storage, recordUid); + if (entries.length === 0) return true; + + for (const entry of entries) { + if (!isCurrentUserRecordAccess(storage, entry, username, accountUidStr)) + continue; + if (entry.owner || entry.canUpdateAccess) return true; + if ( + folderUid && + !isRootFolderUid(storage, folderUid) && + hasFolderPermission( + storage, + folderUid, + username, + accountUid, + "canUpdateAccess", + ) + ) { + return true; } - - for (const parentFolderUid of findNestedShareFoldersForRecord(storage, recordUid)) { - if ( - !isRootFolderUid(storage, parentFolderUid) && - hasFolderPermission(storage, parentFolderUid, username, accountUid, 'canUpdateAccess') - ) { - return true - } + for (const parentFolderUid of findNestedShareFoldersForRecord( + storage, + recordUid, + )) { + if ( + !isRootFolderUid(storage, parentFolderUid) && + hasFolderPermission( + storage, + parentFolderUid, + username, + accountUid, + "canUpdateAccess", + ) + ) { + return true; + } } + return false; + } - return ( - !!folderUid && - !isRootFolderUid(storage, folderUid) && - hasFolderPermission(storage, folderUid, username, accountUid, 'canUpdateAccess') + for (const parentFolderUid of findNestedShareFoldersForRecord( + storage, + recordUid, + )) { + if ( + !isRootFolderUid(storage, parentFolderUid) && + hasFolderPermission( + storage, + parentFolderUid, + username, + accountUid, + "canUpdateAccess", + ) + ) { + return true; + } + } + + return ( + !!folderUid && + !isRootFolderUid(storage, folderUid) && + hasFolderPermission( + storage, + folderUid, + username, + accountUid, + "canUpdateAccess", ) + ); } function canChangeRecordOwnership( - storage: InMemoryStorage, - recordUid: string, - username: string, - accountUid: Uint8Array, - folderUid?: string + storage: InMemoryStorage, + recordUid: string, + username: string, + accountUid: Uint8Array, + folderUid?: string, ): boolean { - const accountUidStr = toRequiredAccountUidStr(accountUid) - const entries = getRecordAccessEntries(storage, recordUid) - if (entries.length === 0) return true - - for (const entry of entries) { - if (!isCurrentUserRecordAccess(storage, entry, username, accountUidStr)) continue - if (entry.owner || entry.canChangeOwnership) return true - if ( - folderUid && - !isRootFolderUid(storage, folderUid) && - hasFolderPermission(storage, folderUid, username, accountUid, 'canChangeOwnership') - ) { - return true - } - for (const parentFolderUid of findNestedShareFoldersForRecord(storage, recordUid)) { - if ( - !isRootFolderUid(storage, parentFolderUid) && - hasFolderPermission(storage, parentFolderUid, username, accountUid, 'canChangeOwnership') - ) { - return true - } - } - return false + const accountUidStr = toRequiredAccountUidStr(accountUid); + const entries = getRecordAccessEntries(storage, recordUid); + if (entries.length === 0) return true; + + for (const entry of entries) { + if (!isCurrentUserRecordAccess(storage, entry, username, accountUidStr)) + continue; + if (entry.owner || entry.canChangeOwnership) return true; + if ( + folderUid && + !isRootFolderUid(storage, folderUid) && + hasFolderPermission( + storage, + folderUid, + username, + accountUid, + "canChangeOwnership", + ) + ) { + return true; } - - for (const parentFolderUid of findNestedShareFoldersForRecord(storage, recordUid)) { - if ( - !isRootFolderUid(storage, parentFolderUid) && - hasFolderPermission(storage, parentFolderUid, username, accountUid, 'canChangeOwnership') - ) { - return true - } + for (const parentFolderUid of findNestedShareFoldersForRecord( + storage, + recordUid, + )) { + if ( + !isRootFolderUid(storage, parentFolderUid) && + hasFolderPermission( + storage, + parentFolderUid, + username, + accountUid, + "canChangeOwnership", + ) + ) { + return true; + } } + return false; + } - return ( - !!folderUid && - !isRootFolderUid(storage, folderUid) && - hasFolderPermission(storage, folderUid, username, accountUid, 'canChangeOwnership') + for (const parentFolderUid of findNestedShareFoldersForRecord( + storage, + recordUid, + )) { + if ( + !isRootFolderUid(storage, parentFolderUid) && + hasFolderPermission( + storage, + parentFolderUid, + username, + accountUid, + "canChangeOwnership", + ) + ) { + return true; + } + } + + return ( + !!folderUid && + !isRootFolderUid(storage, folderUid) && + hasFolderPermission( + storage, + folderUid, + username, + accountUid, + "canChangeOwnership", ) + ); } export function checkFolderRemovePermission( - storage: InMemoryStorage, - folderUid: string, - recordUid: string, - username: string, - accountUid: Uint8Array + storage: InMemoryStorage, + folderUid: string, + recordUid: string, + username: string, + accountUid: Uint8Array, ): void { - if (hasFolderPermission(storage, folderUid, username, accountUid, 'canRemove')) return - if (canRecordBeDeleted(storage, recordUid, username, accountUid, folderUid)) return - throw new KeeperSdkError( - 'You do not have permission to remove records from this folder.', - ResultCodes.NSF_PERMISSION_DENIED - ) + if ( + hasFolderPermission(storage, folderUid, username, accountUid, "canRemove") + ) + return; + if (canRecordBeDeleted(storage, recordUid, username, accountUid, folderUid)) + return; + throw new KeeperSdkError( + "You do not have permission to remove records from this folder.", + ResultCodes.NSF_PERMISSION_DENIED, + ); } export function checkRecordDeletePermission( - storage: InMemoryStorage, - recordUid: string, - username: string, - accountUid: Uint8Array, - folderUid?: string + storage: InMemoryStorage, + recordUid: string, + username: string, + accountUid: Uint8Array, + folderUid?: string, ): void { - if (canRecordBeDeleted(storage, recordUid, username, accountUid, folderUid)) return - throw new KeeperSdkError( - 'You do not have permission to delete this record.', - ResultCodes.NSF_PERMISSION_DENIED - ) + if (canRecordBeDeleted(storage, recordUid, username, accountUid, folderUid)) + return; + throw new KeeperSdkError( + "You do not have permission to delete this record.", + ResultCodes.NSF_PERMISSION_DENIED, + ); } export function checkRecordEditPermission( - storage: InMemoryStorage, - recordUid: string, - username: string, - accountUid: Uint8Array + storage: InMemoryStorage, + recordUid: string, + username: string, + accountUid: Uint8Array, ): void { - const accountUidStr = toRequiredAccountUidStr(accountUid) - const entries = getRecordAccessEntries(storage, recordUid) - if (entries.length === 0) return - - for (const entry of entries) { - if (!isCurrentUserRecordAccess(storage, entry, username, accountUidStr)) continue - if (entry.owner || entry.canEdit) return - throw new KeeperSdkError( - 'You do not have permission to edit this record.', - ResultCodes.NSF_PERMISSION_DENIED - ) - } + const accountUidStr = toRequiredAccountUidStr(accountUid); + const entries = getRecordAccessEntries(storage, recordUid); + if (entries.length === 0) return; + + for (const entry of entries) { + if (!isCurrentUserRecordAccess(storage, entry, username, accountUidStr)) + continue; + if (entry.owner || entry.canEdit) return; throw new KeeperSdkError( - 'You do not have permission to edit this record.', - ResultCodes.NSF_PERMISSION_DENIED - ) + "You do not have permission to edit this record.", + ResultCodes.NSF_PERMISSION_DENIED, + ); + } + throw new KeeperSdkError( + "You do not have permission to edit this record.", + ResultCodes.NSF_PERMISSION_DENIED, + ); } -export function formatAccessRoleType(role: Folder.AccessRoleType | null | undefined): NsfAccessRoleLabel { - if (role == null) return NsfAccessRoleLabel.Unknown - return NSF_ACCESS_ROLE_LABELS[role] ?? NsfAccessRoleLabel.Unknown +export function formatAccessRoleType( + role: Folder.AccessRoleType | null | undefined, +): NsfAccessRoleLabel { + if (role == null) return NsfAccessRoleLabel.Unknown; + return NSF_ACCESS_ROLE_LABELS[role] ?? NsfAccessRoleLabel.Unknown; } -export function formatAccessType(type: Folder.AccessType | null | undefined): string { - if (type == null) return 'unknown' - return NSF_ACCESS_TYPE_LABELS[type] ?? `type-${type}` +export function formatAccessType( + type: Folder.AccessType | null | undefined, +): string { + if (type == null) return "unknown"; + return NSF_ACCESS_TYPE_LABELS[type] ?? `type-${type}`; } export function getKeeperDriveFolders(storage: InMemoryStorage): DKdFolder[] { - return storage.getAll(KeeperDriveKind.Folder) + return storage.getAll(KeeperDriveKind.Folder); } export function getKeeperDriveRecords(storage: InMemoryStorage): DRecord[] { - return storage.getRecords().filter((record) => record.isKeeperDriveData) -} - -export function getKeeperDriveFolder(storage: InMemoryStorage, folderUid: string): DKdFolder | undefined { - return storage.getByUid(KeeperDriveKind.Folder, folderUid) + return storage.getRecords().filter((record) => record.isKeeperDriveData); } -export function getKeeperDriveRecord(storage: InMemoryStorage, recordUid: string): DRecord | undefined { - const record = storage.getByUid('record', recordUid) - return record?.isKeeperDriveData ? record : undefined +export function getKeeperDriveFolder( + storage: InMemoryStorage, + folderUid: string, +): DKdFolder | undefined { + return storage.getByUid(KeeperDriveKind.Folder, folderUid); } -export function getFolderAccessEntries(storage: InMemoryStorage, folderUid: string): DKdFolderAccess[] { - return storage - .getAll(KeeperDriveKind.FolderAccess) - .filter((entry) => entry.folderUid === folderUid) +export function getKeeperDriveRecord( + storage: InMemoryStorage, + recordUid: string, +): DRecord | undefined { + const record = storage.getByUid("record", recordUid); + return record?.isKeeperDriveData ? record : undefined; } -export function getFolderDisplayName(storage: InMemoryStorage, folderUid: string): string { - if (isRootFolderUid(storage, folderUid)) return 'root' - return getKeeperDriveFolder(storage, folderUid)?.data.name ?? folderUid +export function getFolderAccessEntries( + storage: InMemoryStorage, + folderUid: string, +): DKdFolderAccess[] { + return storage + .getAll(KeeperDriveKind.FolderAccess) + .filter((entry) => entry.folderUid === folderUid); } -export function findRecordFolderLocation(storage: InMemoryStorage, recordUid: string): string { - const folderUids = findNestedShareFoldersForRecord(storage, recordUid) - if (folderUids.length === 0) return 'root' - return getFolderDisplayName(storage, folderUids[0]) +export function getFolderDisplayName( + storage: InMemoryStorage, + folderUid: string, +): string { + if (isRootFolderUid(storage, folderUid)) return "root"; + return getKeeperDriveFolder(storage, folderUid)?.data.name ?? folderUid; } -export function buildFolderPath(storage: InMemoryStorage, folderUid: string): string { - if (isRootFolderUid(storage, folderUid)) return '/' - - const segments: string[] = [] - let currentUid: string | undefined = folderUid - const seen = new Set() - - while (currentUid && !isRootFolderUid(storage, currentUid) && !seen.has(currentUid)) { - seen.add(currentUid) - const folder = getKeeperDriveFolder(storage, currentUid) - if (!folder) break - segments.unshift(folder.data.name || folder.uid) - currentUid = folder.parentUid - } - - return `/${segments.join('/')}` +export function findRecordFolderLocation( + storage: InMemoryStorage, + recordUid: string, +): string { + const folderUids = findNestedShareFoldersForRecord(storage, recordUid); + if (folderUids.length === 0) return "root"; + return getFolderDisplayName(storage, folderUids[0]); } -export function collectRecordsInFolder(storage: InMemoryStorage, folderUid: string): DRecord[] { - const targetIsRoot = isRootFolderUid(storage, folderUid) - const records: DRecord[] = [] - for (const entry of storage.getAll(KeeperDriveKind.FolderRecord)) { - const entryIsRoot = isRootFolderUid(storage, entry.folderUid) - if (targetIsRoot ? !entryIsRoot : entry.folderUid !== folderUid) continue - const record = getKeeperDriveRecord(storage, entry.recordUid) - if (record) records.push(record) - } - return records +export function buildFolderPath( + storage: InMemoryStorage, + folderUid: string, +): string { + if (isRootFolderUid(storage, folderUid)) return "/"; + + const segments: string[] = []; + let currentUid: string | undefined = folderUid; + const seen = new Set(); + + while ( + currentUid && + !isRootFolderUid(storage, currentUid) && + !seen.has(currentUid) + ) { + seen.add(currentUid); + const folder = getKeeperDriveFolder(storage, currentUid); + if (!folder) break; + segments.unshift(folder.data.name || folder.uid); + currentUid = folder.parentUid; + } + + return `/${segments.join("/")}`; +} + +export function collectRecordsInFolder( + storage: InMemoryStorage, + folderUid: string, +): DRecord[] { + const targetIsRoot = isRootFolderUid(storage, folderUid); + const records: DRecord[] = []; + for (const entry of storage.getAll( + KeeperDriveKind.FolderRecord, + )) { + const entryIsRoot = isRootFolderUid(storage, entry.folderUid); + if (targetIsRoot ? !entryIsRoot : entry.folderUid !== folderUid) continue; + const record = getKeeperDriveRecord(storage, entry.recordUid); + if (record) records.push(record); + } + return records; } export function getRecordDescription(record: DRecord): string { - const data = record.data - if (!data || typeof data !== 'object') return '' - - const fields = Array.isArray(data.fields) ? data.fields : [] - for (const field of fields) { - if (!NSF_NOTE_FIELD_TYPES.has(field?.type)) continue - const value = Array.isArray(field.value) ? field.value[0] : field.value - if (typeof value === 'string' && value.trim()) { - return value.trim().slice(0, NSF_RECORD_DESCRIPTION_MAX_LENGTH) - } + const data = record.data; + if (!data || typeof data !== "object") return ""; + + const fields = Array.isArray(data.fields) ? data.fields : []; + for (const field of fields) { + if (!NSF_NOTE_FIELD_TYPES.has(field?.type)) continue; + const value = Array.isArray(field.value) ? field.value[0] : field.value; + if (typeof value === "string" && value.trim()) { + return value.trim().slice(0, NSF_RECORD_DESCRIPTION_MAX_LENGTH); } + } - if (typeof data.notes === 'string' && data.notes.trim()) { - return data.notes.trim().slice(0, NSF_RECORD_DESCRIPTION_MAX_LENGTH) - } - return '' + if (typeof data.notes === "string" && data.notes.trim()) { + return data.notes.trim().slice(0, NSF_RECORD_DESCRIPTION_MAX_LENGTH); + } + return ""; } export function isSensitiveFieldType(fieldType: string): boolean { - return NSF_SENSITIVE_FIELD_TYPES.has(fieldType) + return NSF_SENSITIVE_FIELD_TYPES.has(fieldType); } export function resolveAccessUsername( - storage: InMemoryStorage, - accessTypeUid: string, - folder?: DKdFolder, - shareUsers?: Map + storage: InMemoryStorage, + accessTypeUid: string, + folder?: DKdFolder, + shareUsers?: Map, ): string { - const fromShare = shareUsers?.get(accessTypeUid) - if (fromShare) return fromShare + const fromShare = shareUsers?.get(accessTypeUid); + if (fromShare) return fromShare; - for (const user of storage.getAll('user')) { - if (webSafe64FromBytes(user.accountUid) === accessTypeUid) { - return user.username - } + for (const user of storage.getAll("user")) { + if (webSafe64FromBytes(user.accountUid) === accessTypeUid) { + return user.username; } - if (folder?.ownerInfo?.accountUid === accessTypeUid && folder.ownerInfo.username) { - return folder.ownerInfo.username + } + if ( + folder?.ownerInfo?.accountUid === accessTypeUid && + folder.ownerInfo.username + ) { + return folder.ownerInfo.username; + } + return accessTypeUid; +} + +export async function loadShareUserMap( + auth: Auth, + storage: InMemoryStorage, +): Promise> { + const map = new Map(); + + for (const user of storage.getAll("user")) { + if (user.accountUid?.length && user.username) { + map.set(webSafe64FromBytes(user.accountUid), user.username); } - return accessTypeUid -} - -export async function loadShareUserMap(auth: Auth, storage: InMemoryStorage): Promise> { - const map = new Map() - - for (const user of storage.getAll('user')) { - if (user.accountUid?.length && user.username) { - map.set(webSafe64FromBytes(user.accountUid), user.username) - } - } - - try { - const response = await auth.executeRest(getShareObjectsMessage()) - for (const list of [ - response.shareEnterpriseUsers, - response.shareFamilyUsers, - response.shareRelationships, - response.shareMCEnterpriseUsers, - ]) { - for (const entry of list ?? []) { - if (entry.userAccountUid?.length && entry.username) { - map.set(webSafe64FromBytes(entry.userAccountUid), entry.username) - } - } + } + + try { + const response = await auth.executeRest(getShareObjectsMessage()); + for (const list of [ + response.shareEnterpriseUsers, + response.shareFamilyUsers, + response.shareRelationships, + response.shareMCEnterpriseUsers, + ]) { + for (const entry of list ?? []) { + if (entry.userAccountUid?.length && entry.username) { + map.set(webSafe64FromBytes(entry.userAccountUid), entry.username); } - } catch { + } } + } catch {} - return map + return map; } export function isFolderOwnerAccessor( - folder: DKdFolder, - entry: DKdFolderAccess, - username: string + folder: DKdFolder, + entry: DKdFolderAccess, + username: string, ): boolean { - const ownerUsername = folder.ownerInfo?.username?.trim().toLowerCase() - if (ownerUsername && username.toLowerCase() === ownerUsername) return true - if (folder.ownerInfo?.accountUid && folder.ownerInfo.accountUid === entry.accessTypeUid) return true - return entry.accessType === Folder.AccessType.AT_OWNER + const ownerUsername = folder.ownerInfo?.username?.trim().toLowerCase(); + if (ownerUsername && username.toLowerCase() === ownerUsername) return true; + if ( + folder.ownerInfo?.accountUid && + folder.ownerInfo.accountUid === entry.accessTypeUid + ) + return true; + return entry.accessType === Folder.AccessType.AT_OWNER; } -export function recordAccessDisplayRole(data: Folder.IRecordAccessData): NsfAccessRoleLabel { - return formatAccessRoleType(data.accessRoleType) +export function recordAccessDisplayRole( + data: Folder.IRecordAccessData, +): NsfAccessRoleLabel { + return formatAccessRoleType(data.accessRoleType); } export async function fetchLiveRecordAccessEntries( - auth: Auth, - storage: InMemoryStorage, - recordUid: string + auth: Auth, + storage: InMemoryStorage, + recordUid: string, ): Promise< - { - username: string - accountUid?: string - data: Folder.IRecordAccessData - }[] + { + username: string; + accountUid?: string; + data: Folder.IRecordAccessData; + }[] > { - try { - const [response, shareUsers] = await Promise.all([ - auth.executeRest(getRecordAccessMessage({ recordUids: [normal64Bytes(recordUid)] })), - loadShareUserMap(auth, storage), - ]) - - return (response.recordAccesses ?? []) - .filter((entry) => { - const accessType = entry.data?.accessType - return ( - accessType === Folder.AccessType.AT_USER || - accessType === Folder.AccessType.AT_OWNER || - !!entry.data?.owner - ) - }) - .map((entry) => { - const data = entry.data - if (!data?.accessTypeUid?.length || data.accessType == null) return undefined - - const accountUid = webSafe64FromBytes(data.accessTypeUid) - const username = - entry.accessorInfo?.name?.trim() || - shareUsers.get(accountUid) || - resolveAccessUsername(storage, accountUid) - - return { username, accountUid, data } - }) - .filter((entry): entry is NonNullable => !!entry && entry.username.length > 0) - } catch (err) { - throw new KeeperSdkError( - `Failed to fetch record permissions for ${recordUid}: ${extractErrorMessage(err)}`, - ResultCodes.NSF_DETAILS_FAILED - ) - } + try { + const [response, shareUsers] = await Promise.all([ + auth.executeRest( + getRecordAccessMessage({ recordUids: [normal64Bytes(recordUid)] }), + ), + loadShareUserMap(auth, storage), + ]); + + return (response.recordAccesses ?? []) + .filter((entry) => { + const accessType = entry.data?.accessType; + return ( + accessType === Folder.AccessType.AT_USER || + accessType === Folder.AccessType.AT_OWNER || + !!entry.data?.owner + ); + }) + .map((entry) => { + const data = entry.data; + if (!data?.accessTypeUid?.length || data.accessType == null) + return undefined; + + const accountUid = webSafe64FromBytes(data.accessTypeUid); + const username = + entry.accessorInfo?.name?.trim() || + shareUsers.get(accountUid) || + resolveAccessUsername(storage, accountUid); + + return { username, accountUid, data }; + }) + .filter( + (entry): entry is NonNullable => + !!entry && entry.username.length > 0, + ); + } catch (err) { + throw new KeeperSdkError( + `Failed to fetch record permissions for ${recordUid}: ${extractErrorMessage(err)}`, + ResultCodes.NSF_DETAILS_FAILED, + ); + } } -export function folderAccessDisplayRole(entry: DKdFolderAccess): NsfAccessRoleLabel { - if (entry.accessType === Folder.AccessType.AT_OWNER) return NsfAccessRoleLabel.Owner - return formatAccessRoleType(entry.accessRoleType) +export function folderAccessDisplayRole( + entry: DKdFolderAccess, +): NsfAccessRoleLabel { + if (entry.accessType === Folder.AccessType.AT_OWNER) + return NsfAccessRoleLabel.Owner; + return formatAccessRoleType(entry.accessRoleType); } export function isFolderShareAdministrator(entry: DKdFolderAccess): boolean { - return ( - entry.accessType === Folder.AccessType.AT_OWNER || - entry.accessRoleType === Folder.AccessRoleType.MANAGER || - entry.accessRoleType === Folder.AccessRoleType.CONTENT_SHARE_MANAGER || - entry.accessRoleType === Folder.AccessRoleType.SHARED_MANAGER - ) + return ( + entry.accessType === Folder.AccessType.AT_OWNER || + entry.accessRoleType === Folder.AccessRoleType.MANAGER || + entry.accessRoleType === Folder.AccessRoleType.CONTENT_SHARE_MANAGER || + entry.accessRoleType === Folder.AccessRoleType.SHARED_MANAGER + ); } export function isFolderUserPermission(entry: DKdFolderAccess): boolean { - return ( - entry.accessType === Folder.AccessType.AT_USER || - entry.accessType === Folder.AccessType.AT_OWNER - ) + return ( + entry.accessType === Folder.AccessType.AT_USER || + entry.accessType === Folder.AccessType.AT_OWNER + ); } export async function patchNsfFolderMetadata( - storage: InMemoryStorage, - folderUid: string, - metadata: { name: string; color?: string } + storage: InMemoryStorage, + folderUid: string, + metadata: { name: string; color?: string }, ): Promise { - const folder = getKeeperDriveFolder(storage, folderUid) - if (!folder) return - await storage.put({ - ...folder, - data: { - ...folder.data, - name: metadata.name, - ...(metadata.color ? { color: metadata.color } : {}), - }, - }) + const folder = getKeeperDriveFolder(storage, folderUid); + if (!folder) return; + await storage.put({ + ...folder, + data: { + ...folder.data, + name: metadata.name, + ...(metadata.color ? { color: metadata.color } : {}), + }, + }); } export function checkFolderEditPermission( - storage: InMemoryStorage, - folderUid: string, - username: string, - accountUid: Uint8Array + storage: InMemoryStorage, + folderUid: string, + username: string, + accountUid: Uint8Array, ): void { - if (hasFolderPermission(storage, folderUid, username, accountUid, 'canUpdateSetting')) return - throw new KeeperSdkError( - 'You do not have permission to edit this folder.', - ResultCodes.NSF_PERMISSION_DENIED + if ( + hasFolderPermission( + storage, + folderUid, + username, + accountUid, + "canUpdateSetting", ) + ) + return; + throw new KeeperSdkError( + "You do not have permission to edit this folder.", + ResultCodes.NSF_PERMISSION_DENIED, + ); } export function checkFolderSharePermission( - storage: InMemoryStorage, - folderUid: string, - username: string, - accountUid: Uint8Array + storage: InMemoryStorage, + folderUid: string, + username: string, + accountUid: Uint8Array, ): void { - if (hasFolderPermission(storage, folderUid, username, accountUid, 'canUpdateAccess')) return - throw new KeeperSdkError( - 'You do not have permission to share this folder.', - ResultCodes.NSF_PERMISSION_DENIED + if ( + hasFolderPermission( + storage, + folderUid, + username, + accountUid, + "canUpdateAccess", ) + ) + return; + throw new KeeperSdkError( + "You do not have permission to share this folder.", + ResultCodes.NSF_PERMISSION_DENIED, + ); } export function checkRecordSharePermission( - storage: InMemoryStorage, - recordUid: string, - username: string, - accountUid: Uint8Array + storage: InMemoryStorage, + recordUid: string, + username: string, + accountUid: Uint8Array, ): void { - if (canShareRecord(storage, recordUid, username, accountUid)) return - throw new KeeperSdkError( - 'You do not have permission to share this record.', - ResultCodes.NSF_PERMISSION_DENIED - ) + if (canShareRecord(storage, recordUid, username, accountUid)) return; + throw new KeeperSdkError( + "You do not have permission to share this record.", + ResultCodes.NSF_PERMISSION_DENIED, + ); } export function checkRecordChangeOwnershipPermission( - storage: InMemoryStorage, - recordUid: string, - username: string, - accountUid: Uint8Array + storage: InMemoryStorage, + recordUid: string, + username: string, + accountUid: Uint8Array, ): void { - if (canChangeRecordOwnership(storage, recordUid, username, accountUid)) return - throw new KeeperSdkError( - 'You do not have permission to transfer ownership of this record.', - ResultCodes.NSF_PERMISSION_DENIED - ) + if (canChangeRecordOwnership(storage, recordUid, username, accountUid)) + return; + throw new KeeperSdkError( + "You do not have permission to transfer ownership of this record.", + ResultCodes.NSF_PERMISSION_DENIED, + ); } export function findFolderAccessEntry( - storage: InMemoryStorage, - folderUid: string, - accessTypeUid: string, - accessType: Folder.AccessType + storage: InMemoryStorage, + folderUid: string, + accessTypeUid: string, + accessType: Folder.AccessType, ): DKdFolderAccess | undefined { - return getFolderAccessEntries(storage, folderUid).find( - (entry) => entry.accessTypeUid === accessTypeUid && entry.accessType === accessType - ) -} - -function toFolderAccessEntry(folderUid: string, accessor: Folder.IFolderAccessData): DKdFolderAccess { - return { - kind: 'keeper_drive_folder_access', - accessUid: `${folderUid}:${webSafe64FromBytes(accessor.accessTypeUid!)}`, - folderUid, - accessTypeUid: webSafe64FromBytes(accessor.accessTypeUid!), - accessType: accessor.accessType!, - accessRoleType: accessor.accessRoleType!, - permission: accessor.permissions ?? {}, - inherited: accessor.inherited ?? undefined, - hidden: accessor.hidden ?? undefined, - } + return getFolderAccessEntries(storage, folderUid).find( + (entry) => + entry.accessTypeUid === accessTypeUid && entry.accessType === accessType, + ); +} + +function toFolderAccessEntry( + folderUid: string, + accessor: Folder.IFolderAccessData, +): DKdFolderAccess { + return { + kind: "keeper_drive_folder_access", + accessUid: `${folderUid}:${webSafe64FromBytes(accessor.accessTypeUid!)}`, + folderUid, + accessTypeUid: webSafe64FromBytes(accessor.accessTypeUid!), + accessType: accessor.accessType!, + accessRoleType: accessor.accessRoleType!, + permission: accessor.permissions ?? {}, + inherited: accessor.inherited ?? undefined, + hidden: accessor.hidden ?? undefined, + }; } export async function fetchLiveFolderAccessEntries( - auth: Auth, - folderUid: string + auth: Auth, + folderUid: string, ): Promise { - try { - const response = await auth.executeRest( - getFolderAccessMessage({ folderUid: [normal64Bytes(folderUid)] }) - ) - const result = response.folderAccessResults?.find( - (entry) => entry.folderUid?.length && webSafe64FromBytes(entry.folderUid) === folderUid - ) - return (result?.accessors ?? []) - .filter( - (accessor) => - accessor.accessTypeUid?.length && - accessor.accessType != null && - accessor.accessRoleType != null - ) - .map((accessor) => toFolderAccessEntry(folderUid, accessor)) - } catch (err) { - throw new KeeperSdkError( - `Failed to fetch folder permissions for ${folderUid}: ${extractErrorMessage(err)}`, - ResultCodes.NSF_DETAILS_FAILED - ) - } + try { + const response = await auth.executeRest( + getFolderAccessMessage({ folderUid: [normal64Bytes(folderUid)] }), + ); + const result = response.folderAccessResults?.find( + (entry) => + entry.folderUid?.length && + webSafe64FromBytes(entry.folderUid) === folderUid, + ); + return (result?.accessors ?? []) + .filter( + (accessor) => + accessor.accessTypeUid?.length && + accessor.accessType != null && + accessor.accessRoleType != null, + ) + .map((accessor) => toFolderAccessEntry(folderUid, accessor)); + } catch (err) { + throw new KeeperSdkError( + `Failed to fetch folder permissions for ${folderUid}: ${extractErrorMessage(err)}`, + ResultCodes.NSF_DETAILS_FAILED, + ); + } } export async function findFolderAccessEntryOrLive( - storage: InMemoryStorage, - auth: Auth, - folderUid: string, - accessTypeUid: string, - accessType: Folder.AccessType + storage: InMemoryStorage, + auth: Auth, + folderUid: string, + accessTypeUid: string, + accessType: Folder.AccessType, ): Promise { - const fromStorage = findFolderAccessEntry(storage, folderUid, accessTypeUid, accessType) - if (fromStorage) return fromStorage - - try { - const liveEntries = await fetchLiveFolderAccessEntries(auth, folderUid) - return liveEntries.find( - (entry) => entry.accessTypeUid === accessTypeUid && entry.accessType === accessType - ) - } catch { - return undefined - } + const fromStorage = findFolderAccessEntry( + storage, + folderUid, + accessTypeUid, + accessType, + ); + if (fromStorage) return fromStorage; + + try { + const liveEntries = await fetchLiveFolderAccessEntries(auth, folderUid); + return liveEntries.find( + (entry) => + entry.accessTypeUid === accessTypeUid && + entry.accessType === accessType, + ); + } catch { + return undefined; + } } export function collectExistingFolderShareTargets( - storage: InMemoryStorage, - folderUid: string, - currentUsername: string + storage: InMemoryStorage, + folderUid: string, + currentUsername: string, ): Array<{ recipient: string; isTeam: boolean; accountUid?: string }> { - const targets: Array<{ recipient: string; isTeam: boolean; accountUid?: string }> = [] - for (const entry of getFolderAccessEntries(storage, folderUid)) { - if (entry.accessType === Folder.AccessType.AT_TEAM) { - targets.push({ recipient: entry.accessTypeUid, isTeam: true, accountUid: entry.accessTypeUid }) - continue - } - if (entry.accessType !== Folder.AccessType.AT_USER) continue - const username = resolveAccessUsername(storage, entry.accessTypeUid) - if (!username || username.toLowerCase() === currentUsername.toLowerCase()) continue - targets.push({ recipient: username, isTeam: false, accountUid: entry.accessTypeUid }) + const targets: Array<{ + recipient: string; + isTeam: boolean; + accountUid?: string; + }> = []; + for (const entry of getFolderAccessEntries(storage, folderUid)) { + if (entry.accessType === Folder.AccessType.AT_TEAM) { + targets.push({ + recipient: entry.accessTypeUid, + isTeam: true, + accountUid: entry.accessTypeUid, + }); + continue; } - return targets + if (entry.accessType !== Folder.AccessType.AT_USER) continue; + const username = resolveAccessUsername(storage, entry.accessTypeUid); + if (!username || username.toLowerCase() === currentUsername.toLowerCase()) + continue; + targets.push({ + recipient: username, + isTeam: false, + accountUid: entry.accessTypeUid, + }); + } + return targets; } export function resolveNsfRoleName(role: string): Folder.AccessRoleType { - const normalized = role.trim().toLowerCase().replace(/\s+/g, '-') - const mapped = NSF_RECORD_PERMISSION_ROLE_MAP[normalized] - if (mapped != null) return mapped - throw new KeeperSdkError( - `Invalid role '${role}'. Use: ${NSF_RECORD_PERMISSION_ROLES.join(', ')}.`, - ResultCodes.NSF_SHARE_FAILED - ) + const normalized = role.trim().toLowerCase().replace(/\s+/g, "-"); + const mapped = NSF_RECORD_PERMISSION_ROLE_MAP[normalized]; + if (mapped != null) return mapped; + throw new KeeperSdkError( + `Invalid role '${role}'. Use: ${NSF_RECORD_PERMISSION_ROLES.join(", ")}.`, + ResultCodes.NSF_SHARE_FAILED, + ); } export function getNsfRecordPermissionRoleLabel( - accessRoleType: Folder.AccessRoleType | number | null | undefined + accessRoleType: Folder.AccessRoleType | number | null | undefined, ): string { - if (accessRoleType == null) return 'unresolved' - return NSF_RECORD_PERMISSION_ROLE_LABELS[accessRoleType] ?? `role-${accessRoleType}` + if (accessRoleType == null) return "unresolved"; + return ( + NSF_RECORD_PERMISSION_ROLE_LABELS[accessRoleType] ?? + `role-${accessRoleType}` + ); } export type NsfRecordAccessFlags = { - accessRoleType?: number - owner?: boolean -} + accessRoleType?: number; + owner?: boolean; +}; export function getNsfAccessRoleLabel(access: NsfRecordAccessFlags): string { - if (access.owner) return NsfAccessRoleLabel.Owner - return getNsfRecordPermissionRoleLabel(access.accessRoleType) + if (access.owner) return NsfAccessRoleLabel.Owner; + return getNsfRecordPermissionRoleLabel(access.accessRoleType); } -export function normalizeNsfRecordPermissionRole(role?: string): string | undefined { - if (!role?.trim()) return undefined - const normalized = role.trim().toLowerCase().replace(/\s+/g, '-') - if ((NSF_RECORD_PERMISSION_ROLES as readonly string[]).includes(normalized)) return normalized - if (normalized in NSF_RECORD_PERMISSION_ROLE_MAP) return normalized - throw new KeeperSdkError( - `Invalid role '${role}'. Use: ${NSF_RECORD_PERMISSION_ROLES.join(', ')}.`, - ResultCodes.NSF_RECORD_PERMISSION_FAILED - ) +export function normalizeNsfRecordPermissionRole( + role?: string, +): string | undefined { + if (!role?.trim()) return undefined; + const normalized = role.trim().toLowerCase().replace(/\s+/g, "-"); + if ((NSF_RECORD_PERMISSION_ROLES as readonly string[]).includes(normalized)) + return normalized; + if (normalized in NSF_RECORD_PERMISSION_ROLE_MAP) return normalized; + throw new KeeperSdkError( + `Invalid role '${role}'. Use: ${NSF_RECORD_PERMISSION_ROLES.join(", ")}.`, + ResultCodes.NSF_RECORD_PERMISSION_FAILED, + ); } export type NsfLiveRecordAccessEntry = { - recordUid: string - accessorName: string - accessTypeUid: string - owner: boolean - inherited: boolean - accessRoleType: number - canViewTitle: boolean - canEdit: boolean - canView: boolean - canListAccess: boolean - canUpdateAccess: boolean - canDelete: boolean - canChangeOwnership: boolean - canRequestAccess: boolean - canApproveAccess: boolean -} + recordUid: string; + accessorName: string; + accessTypeUid: string; + owner: boolean; + inherited: boolean; + accessRoleType: number; + canViewTitle: boolean; + canEdit: boolean; + canView: boolean; + canListAccess: boolean; + canUpdateAccess: boolean; + canDelete: boolean; + canChangeOwnership: boolean; + canRequestAccess: boolean; + canApproveAccess: boolean; +}; function mapLiveRecordAccessEntry( - storage: InMemoryStorage, - shareUsers: Map, - entry: record.v3.details.IRecordAccess + storage: InMemoryStorage, + shareUsers: Map, + entry: record.v3.details.IRecordAccess, ): NsfLiveRecordAccessEntry | undefined { - const data = entry.data - if (!data?.recordUid?.length || !data.accessTypeUid?.length || data.accessType == null) return undefined - - const accessType = data.accessType - if ( - accessType !== Folder.AccessType.AT_USER && - accessType !== Folder.AccessType.AT_OWNER && - !data.owner - ) { - return undefined - } - - const recordUid = webSafe64FromBytes(data.recordUid) - const accessTypeUid = webSafe64FromBytes(data.accessTypeUid) - const accessorName = - entry.accessorInfo?.name?.trim() || - shareUsers.get(accessTypeUid) || - resolveAccessUsername(storage, accessTypeUid) - - if (!accessorName) return undefined - - return { - recordUid, - accessorName, - accessTypeUid, - owner: !!data.owner, - inherited: !!data.inherited, - accessRoleType: data.accessRoleType ?? Folder.AccessRoleType.UNRESOLVED, - canViewTitle: data.canViewTitle ?? true, - canEdit: !!data.canEdit, - canView: !!data.canView, - canListAccess: !!data.canListAccess, - canUpdateAccess: !!data.canUpdateAccess, - canDelete: !!data.canDelete, - canChangeOwnership: !!data.canChangeOwnership, - canRequestAccess: !!data.canRequestAccess, - canApproveAccess: !!data.canApproveAccess, - } + const data = entry.data; + if ( + !data?.recordUid?.length || + !data.accessTypeUid?.length || + data.accessType == null + ) + return undefined; + + const accessType = data.accessType; + if ( + accessType !== Folder.AccessType.AT_USER && + accessType !== Folder.AccessType.AT_OWNER && + !data.owner + ) { + return undefined; + } + + const recordUid = webSafe64FromBytes(data.recordUid); + const accessTypeUid = webSafe64FromBytes(data.accessTypeUid); + const accessorName = + entry.accessorInfo?.name?.trim() || + shareUsers.get(accessTypeUid) || + resolveAccessUsername(storage, accessTypeUid); + + if (!accessorName) return undefined; + + return { + recordUid, + accessorName, + accessTypeUid, + owner: !!data.owner, + inherited: !!data.inherited, + accessRoleType: data.accessRoleType ?? Folder.AccessRoleType.UNRESOLVED, + canViewTitle: data.canViewTitle ?? true, + canEdit: !!data.canEdit, + canView: !!data.canView, + canListAccess: !!data.canListAccess, + canUpdateAccess: !!data.canUpdateAccess, + canDelete: !!data.canDelete, + canChangeOwnership: !!data.canChangeOwnership, + canRequestAccess: !!data.canRequestAccess, + canApproveAccess: !!data.canApproveAccess, + }; } export async function fetchLiveRecordAccessesV3( - auth: Auth, - storage: InMemoryStorage, - recordUids: string[] -): Promise<{ recordAccesses: NsfLiveRecordAccessEntry[]; forbiddenRecords: string[] }> { - if (recordUids.length === 0) { - return { recordAccesses: [], forbiddenRecords: [] } + auth: Auth, + storage: InMemoryStorage, + recordUids: string[], +): Promise<{ + recordAccesses: NsfLiveRecordAccessEntry[]; + forbiddenRecords: string[]; +}> { + if (recordUids.length === 0) { + return { recordAccesses: [], forbiddenRecords: [] }; + } + + const shareUsers = await loadShareUserMap(auth, storage); + const recordAccesses: NsfLiveRecordAccessEntry[] = []; + const forbiddenRecords: string[] = []; + + for ( + let index = 0; + index < recordUids.length; + index += NSF_SHARE_BATCH_SIZE + ) { + const chunk = recordUids.slice(index, index + NSF_SHARE_BATCH_SIZE); + let response: record.v3.details.IRecordAccessResponse; + try { + response = await auth.executeRest( + getRecordAccessMessage({ + recordUids: chunk.map((uid) => normal64Bytes(uid)), + }), + ); + } catch (err) { + throw new KeeperSdkError( + `Failed to fetch record permissions: ${extractErrorMessage(err)}`, + ResultCodes.NSF_RECORD_PERMISSION_FAILED, + ); } - const shareUsers = await loadShareUserMap(auth, storage) - const recordAccesses: NsfLiveRecordAccessEntry[] = [] - const forbiddenRecords: string[] = [] - - for (let index = 0; index < recordUids.length; index += NSF_SHARE_BATCH_SIZE) { - const chunk = recordUids.slice(index, index + NSF_SHARE_BATCH_SIZE) - let response: record.v3.details.IRecordAccessResponse - try { - response = await auth.executeRest( - getRecordAccessMessage({ recordUids: chunk.map((uid) => normal64Bytes(uid)) }) - ) - } catch (err) { - throw new KeeperSdkError( - `Failed to fetch record permissions: ${extractErrorMessage(err)}`, - ResultCodes.NSF_RECORD_PERMISSION_FAILED - ) - } - - for (const uid of response.forbiddenRecords ?? []) { - forbiddenRecords.push(webSafe64FromBytes(uid)) - } + for (const uid of response.forbiddenRecords ?? []) { + forbiddenRecords.push(webSafe64FromBytes(uid)); + } - for (const entry of response.recordAccesses ?? []) { - const mapped = mapLiveRecordAccessEntry(storage, shareUsers, entry) - if (mapped) recordAccesses.push(mapped) - } + for (const entry of response.recordAccesses ?? []) { + const mapped = mapLiveRecordAccessEntry(storage, shareUsers, entry); + if (mapped) recordAccesses.push(mapped); } + } - return { recordAccesses, forbiddenRecords } + return { recordAccesses, forbiddenRecords }; } export function findUserRecordShareEntry( - storage: InMemoryStorage, - recordUid: string, - email: string, - accountUidStr?: string, - shareUsers?: Map + storage: InMemoryStorage, + recordUid: string, + email: string, + accountUidStr?: string, + shareUsers?: Map, ): DKdRecordAccess | undefined { - const lower = email.toLowerCase() - const normalizedUid = accountUidStr?.trim() - for (const entry of getRecordAccessEntries(storage, recordUid)) { - if (entry.owner || entry.accessType !== Folder.AccessType.AT_USER) continue - if (normalizedUid && entry.accessTypeUid === normalizedUid) { - return entry - } - const accessorName = resolveAccessUsername(storage, entry.accessTypeUid, undefined, shareUsers) - if (accessorName.toLowerCase() === lower) return entry + const lower = email.toLowerCase(); + const normalizedUid = accountUidStr?.trim(); + for (const entry of getRecordAccessEntries(storage, recordUid)) { + if (entry.owner || entry.accessType !== Folder.AccessType.AT_USER) continue; + if (normalizedUid && entry.accessTypeUid === normalizedUid) { + return entry; } - return undefined + const accessorName = resolveAccessUsername( + storage, + entry.accessTypeUid, + undefined, + shareUsers, + ); + if (accessorName.toLowerCase() === lower) return entry; + } + return undefined; } export function findDirectUserRecordShare( - storage: InMemoryStorage, - recordUid: string, - email: string -): { recordUid: string; email: string; accessRoleType: number; expiration?: number } | undefined { - const entry = findUserRecordShareEntry(storage, recordUid, email) - if (!entry || entry.inherited) return undefined - return { - recordUid, - email, - accessRoleType: entry.accessRoleType ?? Folder.AccessRoleType.UNRESOLVED, - expiration: entry.tlaProperties?.expiration ?? undefined, + storage: InMemoryStorage, + recordUid: string, + email: string, +): + | { + recordUid: string; + email: string; + accessRoleType: number; + expiration?: number; } + | undefined { + const entry = findUserRecordShareEntry(storage, recordUid, email); + if (!entry || entry.inherited) return undefined; + return { + recordUid, + email, + accessRoleType: entry.accessRoleType ?? Folder.AccessRoleType.UNRESOLVED, + expiration: entry.tlaProperties?.expiration ?? undefined, + }; } export function validateShareExpirationTimestamp( - expirationMs: number | null | undefined, - cmdName: string + expirationMs: number | null | undefined, + cmdName: string, ): void { - if (expirationMs == null || expirationMs === -1) return - const minAllowed = Date.now() + MIN_SHARE_EXPIRATION_MS - if (expirationMs < minAllowed) { - throw new KeeperSdkError( - `[${cmdName}] Share expiration must be at least 1 minute.`, - ResultCodes.NSF_SHARE_FAILED - ) - } + if (expirationMs == null || expirationMs === -1) return; + const minAllowed = Date.now() + MIN_SHARE_EXPIRATION_MS; + if (expirationMs < minAllowed) { + throw new KeeperSdkError( + `[${cmdName}] Share expiration must be at least 1 minute.`, + ResultCodes.NSF_SHARE_FAILED, + ); + } } -export function parseShareExpiration(input: ParseShareExpirationInput): number | undefined { - const { expireAt, expireIn, expirationTimestamp, cmdName = NsfShareCommandName.FolderShare } = input - const expireAtValue = expireAt?.trim() - const expireInValue = expireIn?.trim() - - if (expireAtValue && expireInValue) { - throw new KeeperSdkError( - `[${cmdName}] Cannot specify both expire-at and expire-in.`, - ResultCodes.NSF_SHARE_FAILED - ) - } - - if (expirationTimestamp != null && (expireAtValue || expireInValue)) { - throw new KeeperSdkError( - `[${cmdName}] Cannot specify both expirationTimestamp and expire-at/expire-in.`, - ResultCodes.NSF_SHARE_FAILED - ) - } - - if (expirationTimestamp != null) { - validateShareExpirationTimestamp(expirationTimestamp, cmdName) - return expirationTimestamp - } - - const raw = expireAtValue || expireInValue - if (!raw) return undefined - - if (raw.toLowerCase() === NSF_SHARE_EXPIRATION_NEVER) return -1 - - if (expireAtValue) { - const normalized = raw.replace('Z', '+00:00') - const dt = new Date(normalized) - if (Number.isNaN(dt.getTime())) { - throw new KeeperSdkError( - `[${cmdName}] Invalid expire-at datetime '${raw}'.`, - ResultCodes.NSF_SHARE_FAILED - ) - } - const expirationMs = dt.getTime() - validateShareExpirationTimestamp(expirationMs, cmdName) - return expirationMs - } +export function parseShareExpiration( + input: ParseShareExpirationInput, +): number | undefined { + const { + expireAt, + expireIn, + expirationTimestamp, + cmdName = NsfShareCommandName.FolderShare, + } = input; + const expireAtValue = expireAt?.trim(); + const expireInValue = expireIn?.trim(); + + if (expireAtValue && expireInValue) { + throw new KeeperSdkError( + `[${cmdName}] Cannot specify both expire-at and expire-in.`, + ResultCodes.NSF_SHARE_FAILED, + ); + } - const match = NSF_SHARE_EXPIRATION_RE.exec(raw) - if (!match) { - throw new KeeperSdkError( - `[${cmdName}] Invalid expire-in period '${raw}'. Use e.g. 30d, 6mo, 1y, 24h, 30mi.`, - ResultCodes.NSF_SHARE_FAILED - ) + if (expirationTimestamp != null && (expireAtValue || expireInValue)) { + throw new KeeperSdkError( + `[${cmdName}] Cannot specify both expirationTimestamp and expire-at/expire-in.`, + ResultCodes.NSF_SHARE_FAILED, + ); + } + + if (expirationTimestamp != null) { + validateShareExpirationTimestamp(expirationTimestamp, cmdName); + return expirationTimestamp; + } + + const raw = expireAtValue || expireInValue; + if (!raw) return undefined; + + if (raw.toLowerCase() === NSF_SHARE_EXPIRATION_NEVER) return -1; + + if (expireAtValue) { + const normalized = raw.replace("Z", "+00:00"); + const dt = new Date(normalized); + if (Number.isNaN(dt.getTime())) { + throw new KeeperSdkError( + `[${cmdName}] Invalid expire-at datetime '${raw}'.`, + ResultCodes.NSF_SHARE_FAILED, + ); } + const expirationMs = dt.getTime(); + validateShareExpirationTimestamp(expirationMs, cmdName); + return expirationMs; + } - const amount = Number.parseInt(match[1], 10) - const unitMs = NSF_SHARE_EXPIRATION_UNIT_MS[match[2].toLowerCase()] - if (!unitMs) { - throw new KeeperSdkError( - `[${cmdName}] Invalid expire-in period '${raw}'.`, - ResultCodes.NSF_SHARE_FAILED - ) - } + const match = NSF_SHARE_EXPIRATION_RE.exec(raw); + if (!match) { + throw new KeeperSdkError( + `[${cmdName}] Invalid expire-in period '${raw}'. Use e.g. 30d, 6mo, 1y, 24h, 30mi.`, + ResultCodes.NSF_SHARE_FAILED, + ); + } + + const amount = Number.parseInt(match[1], 10); + const unitMs = NSF_SHARE_EXPIRATION_UNIT_MS[match[2].toLowerCase()]; + if (!unitMs) { + throw new KeeperSdkError( + `[${cmdName}] Invalid expire-in period '${raw}'.`, + ResultCodes.NSF_SHARE_FAILED, + ); + } - const expirationMs = Date.now() + amount * unitMs - validateShareExpirationTimestamp(expirationMs, cmdName) - return expirationMs + const expirationMs = Date.now() + amount * unitMs; + validateShareExpirationTimestamp(expirationMs, cmdName); + return expirationMs; } export function parseShareExpirationValue( - value: string, - cmdName: string = NsfShareCommandName.FolderShare + value: string, + cmdName: string = NsfShareCommandName.FolderShare, ): number | undefined { - const raw = value.trim() - if (!raw) return undefined - if (NSF_SHARE_EXPIRATION_RE.test(raw)) { - return parseShareExpiration({ expireIn: raw, cmdName }) - } - return parseShareExpiration({ expireAt: raw, cmdName }) + const raw = value.trim(); + if (!raw) return undefined; + if (NSF_SHARE_EXPIRATION_RE.test(raw)) { + return parseShareExpiration({ expireIn: raw, cmdName }); + } + return parseShareExpiration({ expireAt: raw, cmdName }); } export function isShareExpirationNoop( - existingExpiration: number | undefined, - requestedExpiration: number | undefined + existingExpiration: number | undefined, + requestedExpiration: number | undefined, ): boolean { - if (requestedExpiration == null) return true - if (requestedExpiration === -1) { - return existingExpiration == null || existingExpiration === -1 || existingExpiration === 0 - } - if (existingExpiration == null || existingExpiration === 0) return false - return Math.abs(existingExpiration - requestedExpiration) <= NSF_TLA_EXPIRATION_TOLERANCE_MS + if (requestedExpiration == null) return true; + if (requestedExpiration === -1) { + return ( + existingExpiration == null || + existingExpiration === -1 || + existingExpiration === 0 + ); + } + if (existingExpiration == null || existingExpiration === 0) return false; + return ( + Math.abs(existingExpiration - requestedExpiration) <= + NSF_TLA_EXPIRATION_TOLERANCE_MS + ); } diff --git a/KeeperSdk/src/nestedShareFolders/nsfRecordCrypto.ts b/KeeperSdk/src/nestedShareFolders/nsfRecordCrypto.ts index ffb33c22..f6089305 100644 --- a/KeeperSdk/src/nestedShareFolders/nsfRecordCrypto.ts +++ b/KeeperSdk/src/nestedShareFolders/nsfRecordCrypto.ts @@ -1,110 +1,133 @@ -import type { Auth } from '@keeper-security/keeperapi' -import { Records, normal64Bytes, platform, webSafe64FromBytes } from '@keeper-security/keeperapi' -import type { InMemoryStorage } from '../storage/InMemoryStorage' -import { extractErrorMessage, logger } from '../utils' -import { findNestedShareFoldersForRecord } from './nsfHelpers' +import type { Auth } from "@keeper-security/keeperapi"; +import { + Records, + normal64Bytes, + platform, + webSafe64FromBytes, +} from "@keeper-security/keeperapi"; +import type { InMemoryStorage } from "../storage/InMemoryStorage"; +import { extractErrorMessage, logger } from "../utils"; +import { findNestedShareFoldersForRecord } from "./nsfHelpers"; -const UNKNOWN_RECORD_LABEL = 'Unknown' +const UNKNOWN_RECORD_LABEL = "Unknown"; -function decodePayload(value: string | Uint8Array | null | undefined): Uint8Array { - if (!value) return new Uint8Array(0) - if (value instanceof Uint8Array) return value - return normal64Bytes(value) +function decodePayload( + value: string | Uint8Array | null | undefined, +): Uint8Array { + if (!value) return new Uint8Array(0); + if (value instanceof Uint8Array) return value; + return normal64Bytes(value); } async function decryptWithFolderKeys( - storage: InMemoryStorage, - recordUid: string, - encryptedKey: Uint8Array + storage: InMemoryStorage, + recordUid: string, + encryptedKey: Uint8Array, ): Promise { - for (const folderUid of findNestedShareFoldersForRecord(storage, recordUid)) { - const folderKey = await storage.getKeyBytes(folderUid) - if (!folderKey) continue - try { - return await platform.aesGcmDecrypt(encryptedKey, folderKey) - } catch (gcmErr) { - try { - const recordKey = await platform.aesCbcDecrypt(encryptedKey, folderKey, true) - logger.debug( - `NSF record key for ${recordUid} decrypted with CBC via folder ${folderUid} after GCM failed: ${extractErrorMessage(gcmErr)}` - ) - return recordKey - } catch (cbcErr) { - logger.debug( - `NSF record key decrypt failed for record ${recordUid} with folder ${folderUid}: ${extractErrorMessage(cbcErr)} (GCM: ${extractErrorMessage(gcmErr)})` - ) - continue - } - } + for (const folderUid of findNestedShareFoldersForRecord(storage, recordUid)) { + const folderKey = await storage.getKeyBytes(folderUid); + if (!folderKey) continue; + try { + return await platform.aesGcmDecrypt(encryptedKey, folderKey); + } catch (gcmErr) { + try { + const recordKey = await platform.aesCbcDecrypt( + encryptedKey, + folderKey, + true, + ); + logger.debug( + `NSF record key for ${recordUid} decrypted with CBC via folder ${folderUid} after GCM failed: ${extractErrorMessage(gcmErr)}`, + ); + return recordKey; + } catch (cbcErr) { + logger.debug( + `NSF record key decrypt failed for record ${recordUid} with folder ${folderUid}: ${extractErrorMessage(cbcErr)} (GCM: ${extractErrorMessage(gcmErr)})`, + ); + continue; + } } - logger.debug(`NSF record key decrypt failed for ${recordUid}: no folder key succeeded`) - return undefined + } + logger.debug( + `NSF record key decrypt failed for ${recordUid}: no folder key succeeded`, + ); + return undefined; } export async function resolveRecordKeyBytes( - storage: InMemoryStorage, - auth: Auth, - recordUid: string, - encryptedKey?: Uint8Array | null, - keyType?: Records.RecordKeyType | null + storage: InMemoryStorage, + auth: Auth, + recordUid: string, + encryptedKey?: Uint8Array | null, + keyType?: Records.RecordKeyType | null, ): Promise { - const cached = await storage.getKeyBytes(recordUid) - if (cached) return cached + const cached = await storage.getKeyBytes(recordUid); + if (cached) return cached; - if (!encryptedKey?.length || !auth.dataKey) { - return decryptWithFolderKeys(storage, recordUid, encryptedKey ?? new Uint8Array(0)) - } + if (!encryptedKey?.length || !auth.dataKey) { + return decryptWithFolderKeys( + storage, + recordUid, + encryptedKey ?? new Uint8Array(0), + ); + } - try { - if (keyType === Records.RecordKeyType.ENCRYPTED_BY_DATA_KEY) { - return await platform.aesCbcDecrypt(encryptedKey, auth.dataKey, true) - } - return await platform.aesGcmDecrypt(encryptedKey, auth.dataKey) - } catch (err) { - logger.debug( - `NSF record key decrypt with data key failed for ${recordUid}, trying folder keys: ${extractErrorMessage(err)}` - ) - return decryptWithFolderKeys(storage, recordUid, encryptedKey) + try { + if (keyType === Records.RecordKeyType.ENCRYPTED_BY_DATA_KEY) { + return await platform.aesCbcDecrypt(encryptedKey, auth.dataKey, true); } + return await platform.aesGcmDecrypt(encryptedKey, auth.dataKey); + } catch (err) { + logger.debug( + `NSF record key decrypt with data key failed for ${recordUid}, trying folder keys: ${extractErrorMessage(err)}`, + ); + return decryptWithFolderKeys(storage, recordUid, encryptedKey); + } } export async function decryptRecordTitleAndType( - storage: InMemoryStorage, - auth: Auth, - recordUid: string, - recordData: Records.IRecordData + storage: InMemoryStorage, + auth: Auth, + recordUid: string, + recordData: Records.IRecordData, ): Promise<{ title: string; type: string }> { - const uid = recordData.recordUid?.length ? webSafe64FromBytes(recordData.recordUid) : recordUid - const recordKey = await resolveRecordKeyBytes( - storage, - auth, - uid, - recordData.recordKey, - recordData.recordKeyType - ) - if (!recordKey) { - logger.debug(`NSF record key unavailable for ${uid}`) - return { title: UNKNOWN_RECORD_LABEL, type: UNKNOWN_RECORD_LABEL } - } + const uid = recordData.recordUid?.length + ? webSafe64FromBytes(recordData.recordUid) + : recordUid; + const recordKey = await resolveRecordKeyBytes( + storage, + auth, + uid, + recordData.recordKey, + recordData.recordKeyType, + ); + if (!recordKey) { + logger.debug(`NSF record key unavailable for ${uid}`); + return { title: UNKNOWN_RECORD_LABEL, type: UNKNOWN_RECORD_LABEL }; + } - const encryptedData = decodePayload(recordData.encryptedRecordData) - if (!encryptedData.length) { - logger.debug(`NSF record data empty for ${uid}`) - return { title: UNKNOWN_RECORD_LABEL, type: UNKNOWN_RECORD_LABEL } - } + const encryptedData = decodePayload(recordData.encryptedRecordData); + if (!encryptedData.length) { + logger.debug(`NSF record data empty for ${uid}`); + return { title: UNKNOWN_RECORD_LABEL, type: UNKNOWN_RECORD_LABEL }; + } - try { - const decrypted = await platform.aesGcmDecrypt(encryptedData, recordKey) - const parsed = JSON.parse(platform.bytesToString(decrypted).replace(/\s+$/, '')) as { - title?: string - type?: string - } - return { - title: parsed.title?.trim() || UNKNOWN_RECORD_LABEL, - type: parsed.type?.trim() || UNKNOWN_RECORD_LABEL, - } - } catch (err) { - logger.debug(`NSF record title/type decrypt failed for ${uid}: ${extractErrorMessage(err)}`) - return { title: UNKNOWN_RECORD_LABEL, type: UNKNOWN_RECORD_LABEL } - } + try { + const decrypted = await platform.aesGcmDecrypt(encryptedData, recordKey); + const parsed = JSON.parse( + platform.bytesToString(decrypted).replace(/\s+$/, ""), + ) as { + title?: string; + type?: string; + }; + return { + title: parsed.title?.trim() || UNKNOWN_RECORD_LABEL, + type: parsed.type?.trim() || UNKNOWN_RECORD_LABEL, + }; + } catch (err) { + logger.debug( + `NSF record title/type decrypt failed for ${uid}: ${extractErrorMessage(err)}`, + ); + return { title: UNKNOWN_RECORD_LABEL, type: UNKNOWN_RECORD_LABEL }; + } } diff --git a/KeeperSdk/src/nestedShareFolders/nsfRecordData.ts b/KeeperSdk/src/nestedShareFolders/nsfRecordData.ts index b664d279..bf70430c 100644 --- a/KeeperSdk/src/nestedShareFolders/nsfRecordData.ts +++ b/KeeperSdk/src/nestedShareFolders/nsfRecordData.ts @@ -1,385 +1,424 @@ -import { platform } from '@keeper-security/keeperapi' -import { KeeperSdkError, ResultCodes, extractErrorMessage } from '../utils' -import { NSF_KNOWN_FIELD_TYPES, NSF_LEGACY_RECORD_TYPES, NSF_STRUCTURED_SUBKEYS } from './nsfConstants' +import { platform } from "@keeper-security/keeperapi"; +import { KeeperSdkError, ResultCodes, extractErrorMessage } from "../utils"; +import { + NSF_KNOWN_FIELD_TYPES, + NSF_LEGACY_RECORD_TYPES, + NSF_STRUCTURED_SUBKEYS, +} from "./nsfConstants"; -const MIN_RECORD_PAD_BYTES = 384 -const PAD_BLOCK_SIZE = 16 +const MIN_RECORD_PAD_BYTES = 384; +const PAD_BLOCK_SIZE = 16; export type RecordFieldEntry = { - type: string - label?: string - value: unknown[] -} + type: string; + label?: string; + value: unknown[]; +}; export type BuildNsfRecordDataInput = { - title: string - recordType: string - notes?: string - fieldEntries?: RecordFieldEntry[] - customEntries?: RecordFieldEntry[] -} + title: string; + recordType: string; + notes?: string; + fieldEntries?: RecordFieldEntry[]; + customEntries?: RecordFieldEntry[]; +}; export type ParsedNsfFields = { - fieldEntries: RecordFieldEntry[] - customEntries: RecordFieldEntry[] - hasFileFields: boolean -} + fieldEntries: RecordFieldEntry[]; + customEntries: RecordFieldEntry[]; + hasFileFields: boolean; +}; -type NsfFieldValue = string | string[] | Record | Record[] +type NsfFieldValue = + | string + | string[] + | Record + | Record[]; type FieldAssignment = { - section: 'fields' | 'custom' - fieldType: string - fieldLabel: string - value: NsfFieldValue -} + section: "fields" | "custom"; + fieldType: string; + fieldLabel: string; + value: NsfFieldValue; +}; type ParsedFieldKey = { - section: 'fields' | 'custom' - fieldType: string - fieldLabel: string -} + section: "fields" | "custom"; + fieldType: string; + fieldLabel: string; +}; function stripSurroundingQuotes(value: string): string { - const trimmed = value.trim() - if ( - (trimmed.startsWith("'") && trimmed.endsWith("'")) || - (trimmed.startsWith('"') && trimmed.endsWith('"')) - ) { - return trimmed.slice(1, -1) - } - return trimmed + const trimmed = value.trim(); + if ( + (trimmed.startsWith("'") && trimmed.endsWith("'")) || + (trimmed.startsWith('"') && trimmed.endsWith('"')) + ) { + return trimmed.slice(1, -1); + } + return trimmed; } export function resolveNsfFieldValue(raw: string): NsfFieldValue { - const trimmed = stripSurroundingQuotes(raw) - if (trimmed.startsWith('$JSON')) { - let jsonStr = trimmed.slice(5) - if (jsonStr.startsWith(':')) jsonStr = jsonStr.slice(1) - try { - return JSON.parse(jsonStr) as Record - } catch (err) { - throw new KeeperSdkError( - `Invalid $JSON value: ${extractErrorMessage(err)}`, - ResultCodes.NSF_ADD_FAILED - ) - } + const trimmed = stripSurroundingQuotes(raw); + if (trimmed.startsWith("$JSON")) { + let jsonStr = trimmed.slice(5); + if (jsonStr.startsWith(":")) jsonStr = jsonStr.slice(1); + try { + return JSON.parse(jsonStr) as Record; + } catch (err) { + throw new KeeperSdkError( + `Invalid $JSON value: ${extractErrorMessage(err)}`, + ResultCodes.NSF_ADD_FAILED, + ); } - return trimmed + } + return trimmed; } function toFieldValueArray(value: NsfFieldValue): unknown[] { - if (Array.isArray(value)) return value - if (typeof value === 'object' && value !== null) return [value] - return [value] + if (Array.isArray(value)) return value; + if (typeof value === "object" && value !== null) return [value]; + return [value]; } function cloneFieldEntries(entries: unknown): RecordFieldEntry[] { - if (!Array.isArray(entries)) return [] - return (entries as RecordFieldEntry[]).map((field) => ({ - type: field.type ?? '', - label: field.label, - value: Array.isArray(field.value) ? [...field.value] : [], - })) + if (!Array.isArray(entries)) return []; + return (entries as RecordFieldEntry[]).map((field) => ({ + type: field.type ?? "", + label: field.label, + value: Array.isArray(field.value) ? [...field.value] : [], + })); } function fieldEntryKey(field: RecordFieldEntry): string { - return `${field.type}\0${field.label ?? ''}` + return `${field.type}\0${field.label ?? ""}`; } function isStructuredSubkey(fieldType: string, fieldLabel: string): boolean { - return !!NSF_STRUCTURED_SUBKEYS[fieldType]?.has(fieldLabel) + return !!NSF_STRUCTURED_SUBKEYS[fieldType]?.has(fieldLabel); } function parseFieldKey(rawKey: string): ParsedFieldKey { - let key = rawKey.trim() - let section: 'fields' | 'custom' = 'fields' - - if (key.startsWith('c.')) { - section = 'custom' - key = key.slice(2) - } else if (key.startsWith('f.')) { - key = key.slice(2) - } - - const quoted = key.match(/^"(.+)"$/) - if (quoted) { - return { section: 'custom', fieldType: 'text', fieldLabel: quoted[1] } - } - - const dotIdx = key.indexOf('.') - if (dotIdx > 0) { - const fieldType = key.slice(0, dotIdx).toLowerCase() - const fieldLabel = key.slice(dotIdx + 1) - if (NSF_KNOWN_FIELD_TYPES.has(fieldType)) { - return { section, fieldType, fieldLabel } - } - return { section: 'custom', fieldType: 'text', fieldLabel: key } - } - - const fieldType = key.toLowerCase() + let key = rawKey.trim(); + let section: "fields" | "custom" = "fields"; + + if (key.startsWith("c.")) { + section = "custom"; + key = key.slice(2); + } else if (key.startsWith("f.")) { + key = key.slice(2); + } + + const quoted = key.match(/^"(.+)"$/); + if (quoted) { + return { section: "custom", fieldType: "text", fieldLabel: quoted[1] }; + } + + const dotIdx = key.indexOf("."); + if (dotIdx > 0) { + const fieldType = key.slice(0, dotIdx).toLowerCase(); + const fieldLabel = key.slice(dotIdx + 1); if (NSF_KNOWN_FIELD_TYPES.has(fieldType)) { - return { section: 'fields', fieldType, fieldLabel: '' } + return { section, fieldType, fieldLabel }; } + return { section: "custom", fieldType: "text", fieldLabel: key }; + } - return { section: 'custom', fieldType: 'text', fieldLabel: key } -} - -function splitFieldTokens(input: string, delimiter: 'comma' | 'space'): string[] { - const result: string[] = [] - let current = '' - let inSingleQuote = false - let inDoubleQuote = false - let braceDepth = 0 - - for (let i = 0; i < input.length; i++) { - const ch = input[i] - const prev = i > 0 ? input[i - 1] : '' - - if (ch === "'" && !inDoubleQuote && prev !== '\\') { - inSingleQuote = !inSingleQuote - current += ch - continue - } - if (ch === '"' && !inSingleQuote && prev !== '\\') { - inDoubleQuote = !inDoubleQuote - current += ch - continue - } - if (!inSingleQuote && !inDoubleQuote) { - if (ch === '{') braceDepth++ - else if (ch === '}') braceDepth = Math.max(0, braceDepth - 1) - else if (braceDepth === 0) { - const isDelimiter = delimiter === 'comma' ? ch === ',' : /\s/.test(ch) - if (isDelimiter) { - const token = current.trim() - if (token) result.push(token) - current = '' - if (delimiter === 'space') { - while (i + 1 < input.length && /\s/.test(input[i + 1])) i++ - } - continue - } - } - } - current += ch - } + const fieldType = key.toLowerCase(); + if (NSF_KNOWN_FIELD_TYPES.has(fieldType)) { + return { section: "fields", fieldType, fieldLabel: "" }; + } - const token = current.trim() - if (token) result.push(token) + return { section: "custom", fieldType: "text", fieldLabel: key }; +} - if (inSingleQuote) { - throw new KeeperSdkError('Unclosed single quote in field input.', ResultCodes.NSF_ADD_FAILED) +function splitFieldTokens( + input: string, + delimiter: "comma" | "space", +): string[] { + const result: string[] = []; + let current = ""; + let inSingleQuote = false; + let inDoubleQuote = false; + let braceDepth = 0; + + for (let i = 0; i < input.length; i++) { + const ch = input[i]; + const prev = i > 0 ? input[i - 1] : ""; + + if (ch === "'" && !inDoubleQuote && prev !== "\\") { + inSingleQuote = !inSingleQuote; + current += ch; + continue; } - if (inDoubleQuote) { - throw new KeeperSdkError('Unclosed double quote in field input.', ResultCodes.NSF_ADD_FAILED) + if (ch === '"' && !inSingleQuote && prev !== "\\") { + inDoubleQuote = !inDoubleQuote; + current += ch; + continue; } - if (braceDepth > 0) { - throw new KeeperSdkError('Unclosed "{" in field input.', ResultCodes.NSF_ADD_FAILED) + if (!inSingleQuote && !inDoubleQuote) { + if (ch === "{") braceDepth++; + else if (ch === "}") braceDepth = Math.max(0, braceDepth - 1); + else if (braceDepth === 0) { + const isDelimiter = delimiter === "comma" ? ch === "," : /\s/.test(ch); + if (isDelimiter) { + const token = current.trim(); + if (token) result.push(token); + current = ""; + if (delimiter === "space") { + while (i + 1 < input.length && /\s/.test(input[i + 1])) i++; + } + continue; + } + } } - - return result + current += ch; + } + + const token = current.trim(); + if (token) result.push(token); + + if (inSingleQuote) { + throw new KeeperSdkError( + "Unclosed single quote in field input.", + ResultCodes.NSF_ADD_FAILED, + ); + } + if (inDoubleQuote) { + throw new KeeperSdkError( + "Unclosed double quote in field input.", + ResultCodes.NSF_ADD_FAILED, + ); + } + if (braceDepth > 0) { + throw new KeeperSdkError( + 'Unclosed "{" in field input.', + ResultCodes.NSF_ADD_FAILED, + ); + } + + return result; } -function parseFieldToken(raw: string, position: number): FieldAssignment | 'file' | undefined { - const field = raw.trim() - if (!field) return undefined - - const separator = field.indexOf('=') - if (separator <= 0) { - throw new KeeperSdkError( - `Invalid field at position ${position}: "${field}" (expected key=value format).`, - ResultCodes.NSF_ADD_FAILED - ) - } - - const key = field.slice(0, separator).trim() - const value = field.slice(separator + 1).trim() - if (!key) { - throw new KeeperSdkError( - `Invalid field at position ${position}: "${field}" (missing field key).`, - ResultCodes.NSF_ADD_FAILED - ) - } - if (key.toLowerCase() === 'file') return 'file' - - const parsedKey = parseFieldKey(key) - try { - return { - section: parsedKey.section, - fieldType: parsedKey.fieldType, - fieldLabel: parsedKey.fieldLabel, - value: resolveNsfFieldValue(value), - } - } catch (err) { - if (err instanceof KeeperSdkError) { - throw new KeeperSdkError( - `Invalid field at position ${position} for key "${key}": ${err.message}`, - err.resultCode - ) - } - throw err +function parseFieldToken( + raw: string, + position: number, +): FieldAssignment | "file" | undefined { + const field = raw.trim(); + if (!field) return undefined; + + const separator = field.indexOf("="); + if (separator <= 0) { + throw new KeeperSdkError( + `Invalid field at position ${position}: "${field}" (expected key=value format).`, + ResultCodes.NSF_ADD_FAILED, + ); + } + + const key = field.slice(0, separator).trim(); + const value = field.slice(separator + 1).trim(); + if (!key) { + throw new KeeperSdkError( + `Invalid field at position ${position}: "${field}" (missing field key).`, + ResultCodes.NSF_ADD_FAILED, + ); + } + if (key.toLowerCase() === "file") return "file"; + + const parsedKey = parseFieldKey(key); + try { + return { + section: parsedKey.section, + fieldType: parsedKey.fieldType, + fieldLabel: parsedKey.fieldLabel, + value: resolveNsfFieldValue(value), + }; + } catch (err) { + if (err instanceof KeeperSdkError) { + throw new KeeperSdkError( + `Invalid field at position ${position} for key "${key}": ${err.message}`, + err.resultCode, + ); } + throw err; + } } -function wrapPlainStructuredValue(fieldType: string, value: string): Record { - if (fieldType === 'address') return { street1: value } - if (fieldType === 'phone') return { number: value, type: 'Mobile' } - if (fieldType === 'name') return { first: value } - return { value } +function wrapPlainStructuredValue( + fieldType: string, + value: string, +): Record { + if (fieldType === "address") return { street1: value }; + if (fieldType === "phone") return { number: value, type: "Mobile" }; + if (fieldType === "name") return { first: value }; + return { value }; } function buildRecordFieldEntries(assignments: FieldAssignment[]): { - fields: RecordFieldEntry[] - custom: RecordFieldEntry[] + fields: RecordFieldEntry[]; + custom: RecordFieldEntry[]; } { - const custom: RecordFieldEntry[] = [] - const labeledFields: RecordFieldEntry[] = [] - const structuredByType = new Map>() - const simpleByType = new Map() - - for (const { section, fieldType, fieldLabel, value } of assignments) { - if (section === 'custom') { - custom.push({ - type: fieldType, - label: fieldLabel, - value: toFieldValueArray(value), - }) - continue - } - - if (fieldLabel && isStructuredSubkey(fieldType, fieldLabel)) { - const existing = structuredByType.get(fieldType) ?? {} - existing[fieldLabel] = typeof value === 'string' ? value : value - structuredByType.set(fieldType, existing) - continue - } - - if (fieldLabel) { - labeledFields.push({ - type: fieldType, - label: fieldLabel, - value: toFieldValueArray(value), - }) - continue - } - - if (typeof value === 'object' && value !== null && !Array.isArray(value)) { - structuredByType.set(fieldType, value as Record) - continue - } + const custom: RecordFieldEntry[] = []; + const labeledFields: RecordFieldEntry[] = []; + const structuredByType = new Map>(); + const simpleByType = new Map(); + + for (const { section, fieldType, fieldLabel, value } of assignments) { + if (section === "custom") { + custom.push({ + type: fieldType, + label: fieldLabel, + value: toFieldValueArray(value), + }); + continue; + } - simpleByType.set(fieldType, value) + if (fieldLabel && isStructuredSubkey(fieldType, fieldLabel)) { + const existing = structuredByType.get(fieldType) ?? {}; + existing[fieldLabel] = typeof value === "string" ? value : value; + structuredByType.set(fieldType, existing); + continue; } - const fields: RecordFieldEntry[] = [] - for (const [fieldType, value] of simpleByType) { - if (typeof value === 'string' && NSF_STRUCTURED_SUBKEYS[fieldType]) { - fields.push({ type: fieldType, value: [wrapPlainStructuredValue(fieldType, value)] }) - continue - } - fields.push({ type: fieldType, value: toFieldValueArray(value) }) + if (fieldLabel) { + labeledFields.push({ + type: fieldType, + label: fieldLabel, + value: toFieldValueArray(value), + }); + continue; } - for (const [fieldType, objectValue] of structuredByType) { - fields.push({ type: fieldType, value: [objectValue] }) + + if (typeof value === "object" && value !== null && !Array.isArray(value)) { + structuredByType.set(fieldType, value as Record); + continue; } - fields.push(...labeledFields) - return { fields, custom } + simpleByType.set(fieldType, value); + } + + const fields: RecordFieldEntry[] = []; + for (const [fieldType, value] of simpleByType) { + if (typeof value === "string" && NSF_STRUCTURED_SUBKEYS[fieldType]) { + fields.push({ + type: fieldType, + value: [wrapPlainStructuredValue(fieldType, value)], + }); + continue; + } + fields.push({ type: fieldType, value: toFieldValueArray(value) }); + } + for (const [fieldType, objectValue] of structuredByType) { + fields.push({ type: fieldType, value: [objectValue] }); + } + fields.push(...labeledFields); + + return { fields, custom }; } function mergeFieldEntries( - existing: RecordFieldEntry[], - incoming: RecordFieldEntry[] + existing: RecordFieldEntry[], + incoming: RecordFieldEntry[], ): RecordFieldEntry[] { - const merged = new Map() - for (const field of existing) { - merged.set(fieldEntryKey(field), { - type: field.type ?? '', - label: field.label, - value: Array.isArray(field.value) ? [...field.value] : [], - }) - } - for (const field of incoming) { - merged.set(fieldEntryKey(field), { - type: field.type, - label: field.label, - value: [...field.value], - }) - } - return [...merged.values()] + const merged = new Map(); + for (const field of existing) { + merged.set(fieldEntryKey(field), { + type: field.type ?? "", + label: field.label, + value: Array.isArray(field.value) ? [...field.value] : [], + }); + } + for (const field of incoming) { + merged.set(fieldEntryKey(field), { + type: field.type, + label: field.label, + value: [...field.value], + }); + } + return [...merged.values()]; } function parseNsfFields(rawFields: string[]): ParsedNsfFields { - let hasFileFields = false - const assignments: FieldAssignment[] = [] - - for (let i = 0; i < rawFields.length; i++) { - const parsed = parseFieldToken(rawFields[i], i + 1) - if (!parsed) continue - if (parsed === 'file') { - hasFileFields = true - continue - } - assignments.push(parsed) + let hasFileFields = false; + const assignments: FieldAssignment[] = []; + + for (let i = 0; i < rawFields.length; i++) { + const parsed = parseFieldToken(rawFields[i], i + 1); + if (!parsed) continue; + if (parsed === "file") { + hasFileFields = true; + continue; } + assignments.push(parsed); + } - const { fields, custom } = buildRecordFieldEntries(assignments) - return { fieldEntries: fields, customEntries: custom, hasFileFields } + const { fields, custom } = buildRecordFieldEntries(assignments); + return { fieldEntries: fields, customEntries: custom, hasFileFields }; } export function getPaddedJsonBytes(data: Record): Uint8Array { - const json = JSON.stringify(data) - const paddedLength = Math.ceil(Math.max(MIN_RECORD_PAD_BYTES, json.length) / PAD_BLOCK_SIZE) * PAD_BLOCK_SIZE - return platform.stringToBytes(json.padEnd(paddedLength, ' ')) + const json = JSON.stringify(data); + const paddedLength = + Math.ceil(Math.max(MIN_RECORD_PAD_BYTES, json.length) / PAD_BLOCK_SIZE) * + PAD_BLOCK_SIZE; + return platform.stringToBytes(json.padEnd(paddedLength, " ")); } -export function buildNsfRecordData(input: BuildNsfRecordDataInput): Record { - const title = input.title.trim() - const recordType = input.recordType.trim() - const data: Record = { - type: NSF_LEGACY_RECORD_TYPES.has(recordType) ? 'login' : recordType, - title, - fields: input.fieldEntries ?? [], - custom: input.customEntries ?? [], - } - - const notes = input.notes?.trim() - if (notes) data.notes = notes - return data +export function buildNsfRecordData( + input: BuildNsfRecordDataInput, +): Record { + const title = input.title.trim(); + const recordType = input.recordType.trim(); + const data: Record = { + type: NSF_LEGACY_RECORD_TYPES.has(recordType) ? "login" : recordType, + title, + fields: input.fieldEntries ?? [], + custom: input.customEntries ?? [], + }; + + const notes = input.notes?.trim(); + if (notes) data.notes = notes; + return data; } export function mergeNsfRecordData( - existing: Record, - input: Partial + existing: Record, + input: Partial, ): Record { - const data: Record = { - ...existing, - fields: cloneFieldEntries(existing.fields), - custom: cloneFieldEntries(existing.custom), - } - - if (input.title !== undefined) data.title = input.title.trim() - if (input.recordType !== undefined) { - const recordType = input.recordType.trim() - data.type = NSF_LEGACY_RECORD_TYPES.has(recordType) ? 'login' : recordType - } - if (input.notes !== undefined) data.notes = input.notes - - if (input.fieldEntries?.length) { - data.fields = mergeFieldEntries(data.fields as RecordFieldEntry[], input.fieldEntries) - } - if (input.customEntries?.length) { - data.custom = mergeFieldEntries(data.custom as RecordFieldEntry[], input.customEntries) - } - - return data + const data: Record = { + ...existing, + fields: cloneFieldEntries(existing.fields), + custom: cloneFieldEntries(existing.custom), + }; + + if (input.title !== undefined) data.title = input.title.trim(); + if (input.recordType !== undefined) { + const recordType = input.recordType.trim(); + data.type = NSF_LEGACY_RECORD_TYPES.has(recordType) ? "login" : recordType; + } + if (input.notes !== undefined) data.notes = input.notes; + + if (input.fieldEntries?.length) { + data.fields = mergeFieldEntries( + data.fields as RecordFieldEntry[], + input.fieldEntries, + ); + } + if (input.customEntries?.length) { + data.custom = mergeFieldEntries( + data.custom as RecordFieldEntry[], + input.customEntries, + ); + } + + return data; } export function parseNsfFieldInput(input: string): ParsedNsfFields { - return parseNsfFields(splitFieldTokens(input, 'comma')) + return parseNsfFields(splitFieldTokens(input, "comma")); } export function parseNsfFieldSpaceInput(input: string): ParsedNsfFields { - return parseNsfFields(splitFieldTokens(input, 'space')) + return parseNsfFields(splitFieldTokens(input, "space")); } diff --git a/KeeperSdk/src/nestedShareFolders/nsfRecordPermission.ts b/KeeperSdk/src/nestedShareFolders/nsfRecordPermission.ts index 1f6f3f7f..abc79769 100644 --- a/KeeperSdk/src/nestedShareFolders/nsfRecordPermission.ts +++ b/KeeperSdk/src/nestedShareFolders/nsfRecordPermission.ts @@ -1,713 +1,817 @@ -import type { Auth, DKdFolderRecord } from '@keeper-security/keeperapi' +import type { Auth, DKdFolderRecord } from "@keeper-security/keeperapi"; import { - Folder, - platform, - record, - recordsShareV3Message, -} from '@keeper-security/keeperapi' -import type { InMemoryStorage } from '../storage/InMemoryStorage' -import { getRecordTitle } from '../records/RecordUtils' + Folder, + platform, + record, + recordsShareV3Message, +} from "@keeper-security/keeperapi"; +import type { InMemoryStorage } from "../storage/InMemoryStorage"; +import { getRecordTitle } from "../records/RecordUtils"; import { - buildNsfRevokePermissionFromKeys, - buildNsfSharePermissionFromKeys, - loadUserShareKeysOrInvite, - parseRecordSharingStatus, - preloadNsfUserShareKeys, - type UserShareKeys, -} from './nsfShareKeys' -import { KeeperSdkError, ResultCodes, extractErrorMessage } from '../utils' + buildNsfRevokePermissionFromKeys, + buildNsfSharePermissionFromKeys, + loadUserShareKeysOrInvite, + parseRecordSharingStatus, + preloadNsfUserShareKeys, + type UserShareKeys, +} from "./nsfShareKeys"; +import { KeeperSdkError, ResultCodes, extractErrorMessage } from "../utils"; import { - KeeperDriveKind, - fetchLiveRecordAccessesV3, - ensureNestedShareFolder, - getKeeperDriveFolder, - getKeeperDriveFolders, - getKeeperDriveRecord, - getNsfAccessRoleLabel, - normalizeNsfRecordPermissionRole, - resolveNsfFolderIdentifier, - resolveNsfRoleName, -} from './nsfHelpers' -import { NSF_RECORD_PERMISSION_ROLES, NSF_SHARE_BATCH_SIZE } from './nsfConstants' -import { resolveRecordKeyBytes } from './nsfRecordCrypto' -import type { NsfLiveRecordAccessEntry } from './nsfHelpers' + KeeperDriveKind, + fetchLiveRecordAccessesV3, + ensureNestedShareFolder, + getKeeperDriveFolder, + getKeeperDriveFolders, + getKeeperDriveRecord, + getNsfAccessRoleLabel, + normalizeNsfRecordPermissionRole, + resolveNsfFolderIdentifier, + resolveNsfRoleName, +} from "./nsfHelpers"; +import { + NSF_RECORD_PERMISSION_ROLES, + NSF_SHARE_BATCH_SIZE, +} from "./nsfConstants"; +import { resolveRecordKeyBytes } from "./nsfRecordCrypto"; +import type { NsfLiveRecordAccessEntry } from "./nsfHelpers"; import type { - NsfRecordPermissionActionInput, - NsfRecordPermissionFailure, - NsfRecordPermissionPlan, - NsfRecordPermissionPlanItem, - UpdateNsfRecordPermissionInput, - UpdateNsfRecordPermissionResult, -} from './nsfTypes' -import { NsfPermissionFailureCode, NsfRecordPermissionAction } from './nsfTypes' + NsfRecordPermissionActionInput, + NsfRecordPermissionFailure, + NsfRecordPermissionPlan, + NsfRecordPermissionPlanItem, + UpdateNsfRecordPermissionInput, + UpdateNsfRecordPermissionResult, +} from "./nsfTypes"; +import { + NsfPermissionFailureCode, + NsfRecordPermissionAction, +} from "./nsfTypes"; -type NsfRecordAccessEntry = NsfLiveRecordAccessEntry +type NsfRecordAccessEntry = NsfLiveRecordAccessEntry; type NsfSharePermissionItem = { - recordUid: string - email: string - accessRoleType?: Folder.AccessRoleType - curRole?: string - newRole?: string -} + recordUid: string; + email: string; + accessRoleType?: Folder.AccessRoleType; + curRole?: string; + newRole?: string; +}; type NsfShareOperationOutcome = { - recordUid: string - email: string - success: boolean - skipped?: boolean - message?: string -} + recordUid: string; + email: string; + success: boolean; + skipped?: boolean; + message?: string; +}; type PermissionChangeBuckets = { - updates: NsfSharePermissionItem[] - creates: NsfSharePermissionItem[] - revokes: NsfSharePermissionItem[] - skipped: NsfRecordPermissionPlanItem[] -} - -function normalizeAction(action: NsfRecordPermissionActionInput): NsfRecordPermissionAction { - const value = action as NsfRecordPermissionAction - if (value === NsfRecordPermissionAction.Grant || value === NsfRecordPermissionAction.Revoke) { - return value - } - throw new KeeperSdkError( - `Invalid action '${action}'. Use: grant, revoke.`, - ResultCodes.NSF_RECORD_PERMISSION_FAILED - ) + updates: NsfSharePermissionItem[]; + creates: NsfSharePermissionItem[]; + revokes: NsfSharePermissionItem[]; + skipped: NsfRecordPermissionPlanItem[]; +}; + +function normalizeAction( + action: NsfRecordPermissionActionInput, +): NsfRecordPermissionAction { + const value = action as NsfRecordPermissionAction; + if ( + value === NsfRecordPermissionAction.Grant || + value === NsfRecordPermissionAction.Revoke + ) { + return value; + } + throw new KeeperSdkError( + `Invalid action '${action}'. Use: grant, revoke.`, + ResultCodes.NSF_RECORD_PERMISSION_FAILED, + ); } -function buildFolderRecordMap(storage: InMemoryStorage): Map> { - const map = new Map>() - for (const entry of storage.getAll(KeeperDriveKind.FolderRecord)) { - const folderUid = entry.folderUid - if (!map.has(folderUid)) map.set(folderUid, new Set()) - map.get(folderUid)!.add(entry.recordUid) - } - return map +function buildFolderRecordMap( + storage: InMemoryStorage, +): Map> { + const map = new Map>(); + for (const entry of storage.getAll( + KeeperDriveKind.FolderRecord, + )) { + const folderUid = entry.folderUid; + if (!map.has(folderUid)) map.set(folderUid, new Set()); + map.get(folderUid)!.add(entry.recordUid); + } + return map; } function resolveFolderForPermission( - storage: InMemoryStorage, - folderInput?: string + storage: InMemoryStorage, + folderInput?: string, ): { folderUid: string | null; displayName: string } { - const trimmed = folderInput?.trim() - if (!trimmed) { - return { folderUid: null, displayName: 'root' } - } + const trimmed = folderInput?.trim(); + if (!trimmed) { + return { folderUid: null, displayName: "root" }; + } - const folderUid = resolveNsfFolderIdentifier(storage, trimmed) - if (!folderUid) { - throw new KeeperSdkError(`Folder "${trimmed}" not found`, ResultCodes.NSF_NOT_FOUND) - } - ensureNestedShareFolder(storage, folderUid, trimmed) - const folder = getKeeperDriveFolder(storage, folderUid) - return { - folderUid, - displayName: folder?.data.name || trimmed, - } + const folderUid = resolveNsfFolderIdentifier(storage, trimmed); + if (!folderUid) { + throw new KeeperSdkError( + `Folder "${trimmed}" not found`, + ResultCodes.NSF_NOT_FOUND, + ); + } + ensureNestedShareFolder(storage, folderUid, trimmed); + const folder = getKeeperDriveFolder(storage, folderUid); + return { + folderUid, + displayName: folder?.data.name || trimmed, + }; } export function collectNsfRecordUidsInFolder( - storage: InMemoryStorage, - folderUid: string | null, - recursive: boolean + storage: InMemoryStorage, + folderUid: string | null, + recursive: boolean, ): Set { - const folders = getKeeperDriveFolders(storage) - const folderUids = new Set(folders.map((folder) => folder.uid)) - const folderRecords = buildFolderRecordMap(storage) - const recordUids = new Set() - - const walk = (currentUid: string, visited = new Set()): void => { - if (visited.has(currentUid)) return - visited.add(currentUid) - for (const recordUid of folderRecords.get(currentUid) ?? []) { - recordUids.add(recordUid) - } - if (!recursive) return - for (const folder of folders) { - if (folder.parentUid !== currentUid) continue - if (visited.has(folder.uid)) continue - walk(folder.uid, visited) - } + const folders = getKeeperDriveFolders(storage); + const folderUids = new Set(folders.map((folder) => folder.uid)); + const folderRecords = buildFolderRecordMap(storage); + const recordUids = new Set(); + + const walk = (currentUid: string, visited = new Set()): void => { + if (visited.has(currentUid)) return; + visited.add(currentUid); + for (const recordUid of folderRecords.get(currentUid) ?? []) { + recordUids.add(recordUid); } - - if (folderUid) { - walk(folderUid) - return recordUids + if (!recursive) return; + for (const folder of folders) { + if (folder.parentUid !== currentUid) continue; + if (visited.has(folder.uid)) continue; + walk(folder.uid, visited); } + }; + + if (folderUid) { + walk(folderUid); + return recordUids; + } - for (const [fuid, records] of folderRecords.entries()) { - if (!folderUids.has(fuid)) { - for (const recordUid of records) recordUids.add(recordUid) - } + for (const [fuid, records] of folderRecords.entries()) { + if (!folderUids.has(fuid)) { + for (const recordUid of records) recordUids.add(recordUid); } - if (recursive) { - for (const folder of folders) { - walk(folder.uid) - } + } + if (recursive) { + for (const folder of folders) { + walk(folder.uid); } - return recordUids + } + return recordUids; } function recordTitle(storage: InMemoryStorage, recordUid: string): string { - const recordEntry = getKeeperDriveRecord(storage, recordUid) - if (!recordEntry) return '' - return getRecordTitle(recordEntry).slice(0, 32) + const recordEntry = getKeeperDriveRecord(storage, recordUid); + if (!recordEntry) return ""; + return getRecordTitle(recordEntry).slice(0, 32); } - async function getRecordAccessesV3( - auth: Auth, - storage: InMemoryStorage, - recordUids: string[] -): Promise<{ recordAccesses: NsfRecordAccessEntry[]; forbiddenRecords: string[] }> { - if (recordUids.length === 0) { - throw new KeeperSdkError('At least one record UID required.', ResultCodes.NSF_RECORD_PERMISSION_FAILED) - } - return fetchLiveRecordAccessesV3(auth, storage, recordUids) + auth: Auth, + storage: InMemoryStorage, + recordUids: string[], +): Promise<{ + recordAccesses: NsfRecordAccessEntry[]; + forbiddenRecords: string[]; +}> { + if (recordUids.length === 0) { + throw new KeeperSdkError( + "At least one record UID required.", + ResultCodes.NSF_RECORD_PERMISSION_FAILED, + ); + } + return fetchLiveRecordAccessesV3(auth, storage, recordUids); } async function requireRecordKey( - storage: InMemoryStorage, - auth: Auth, - recordUid: string + storage: InMemoryStorage, + auth: Auth, + recordUid: string, ): Promise { - const recordKey = await resolveRecordKeyBytes(storage, auth, recordUid) - if (!recordKey) { - throw new KeeperSdkError( - `Record key not available for ${recordUid}. Run sync() first.`, - ResultCodes.NSF_MISSING_KEY - ) - } - return recordKey + const recordKey = await resolveRecordKeyBytes(storage, auth, recordUid); + if (!recordKey) { + throw new KeeperSdkError( + `Record key not available for ${recordUid}. Run sync() first.`, + ResultCodes.NSF_MISSING_KEY, + ); + } + return recordKey; } async function buildSharePermission( - storage: InMemoryStorage, - auth: Auth, - item: NsfSharePermissionItem, - userKeysByEmail: Map + storage: InMemoryStorage, + auth: Auth, + item: NsfSharePermissionItem, + userKeysByEmail: Map, ): Promise { - const recordKey = await requireRecordKey(storage, auth, item.recordUid) - const emailKey = item.email.trim().toLowerCase() - let userKeys = userKeysByEmail.get(emailKey) - if (!userKeys) { - userKeys = await loadUserShareKeysOrInvite(auth, item.email, ResultCodes.NSF_RECORD_PERMISSION_FAILED) - userKeysByEmail.set(emailKey, userKeys) - } - return buildNsfSharePermissionFromKeys( - item.recordUid, - recordKey, - item.accessRoleType ?? Folder.AccessRoleType.VIEWER, - userKeys - ) + const recordKey = await requireRecordKey(storage, auth, item.recordUid); + const emailKey = item.email.trim().toLowerCase(); + let userKeys = userKeysByEmail.get(emailKey); + if (!userKeys) { + userKeys = await loadUserShareKeysOrInvite( + auth, + item.email, + ResultCodes.NSF_RECORD_PERMISSION_FAILED, + ); + userKeysByEmail.set(emailKey, userKeys); + } + return buildNsfSharePermissionFromKeys( + item.recordUid, + recordKey, + item.accessRoleType ?? Folder.AccessRoleType.VIEWER, + userKeys, + ); } async function buildRevokePermission( - item: NsfSharePermissionItem, - userKeysByEmail: Map + item: NsfSharePermissionItem, + userKeysByEmail: Map, ): Promise { - const emailKey = item.email.trim().toLowerCase() - const userKeys = userKeysByEmail.get(emailKey) - if (!userKeys) { - throw new KeeperSdkError( - `User ${item.email} not found`, - ResultCodes.NSF_RECORD_PERMISSION_FAILED - ) - } - return buildNsfRevokePermissionFromKeys(item.recordUid, userKeys) + const emailKey = item.email.trim().toLowerCase(); + const userKeys = userKeysByEmail.get(emailKey); + if (!userKeys) { + throw new KeeperSdkError( + `User ${item.email} not found`, + ResultCodes.NSF_RECORD_PERMISSION_FAILED, + ); + } + return buildNsfRevokePermissionFromKeys(item.recordUid, userKeys); } async function preloadUserShareKeys( - auth: Auth, - items: NsfSharePermissionItem[], - inviteMissing: boolean + auth: Auth, + items: NsfSharePermissionItem[], + inviteMissing: boolean, ): Promise> { - return preloadNsfUserShareKeys( - auth, - items.map((item) => item.email), - inviteMissing, - ResultCodes.NSF_RECORD_PERMISSION_FAILED - ) + return preloadNsfUserShareKeys( + auth, + items.map((item) => item.email), + inviteMissing, + ResultCodes.NSF_RECORD_PERMISSION_FAILED, + ); } async function executeShareBatch( - auth: Auth, - request: record.v3.sharing.IRequest, - statusField: 'updatedSharingStatus' | 'createdSharingStatus' | 'revokedSharingStatus' + auth: Auth, + request: record.v3.sharing.IRequest, + statusField: + | "updatedSharingStatus" + | "createdSharingStatus" + | "revokedSharingStatus", ): Promise> { - const response = await auth.executeRest(recordsShareV3Message(request)) - const statuses = response[statusField] ?? [] - return statuses.map((status) => parseRecordSharingStatus(status)) + const response = await auth.executeRest(recordsShareV3Message(request)); + const statuses = response[statusField] ?? []; + return statuses.map((status) => parseRecordSharingStatus(status)); } async function runShareBatch( - auth: Auth, - items: T[], - buildPermission: (item: T, userKeysByEmail: Map) => Promise, - applyToRequest: (request: record.v3.sharing.IRequest, permission: record.v3.sharing.IPermissions) => void, - statusField: 'updatedSharingStatus' | 'createdSharingStatus' | 'revokedSharingStatus', - inviteMissingKeys: boolean + auth: Auth, + items: T[], + buildPermission: ( + item: T, + userKeysByEmail: Map, + ) => Promise, + applyToRequest: ( + request: record.v3.sharing.IRequest, + permission: record.v3.sharing.IPermissions, + ) => void, + statusField: + | "updatedSharingStatus" + | "createdSharingStatus" + | "revokedSharingStatus", + inviteMissingKeys: boolean, ): Promise { - const outcomes: NsfShareOperationOutcome[] = [] - - for (let index = 0; index < items.length; index += NSF_SHARE_BATCH_SIZE) { - const chunk = items.slice(index, index + NSF_SHARE_BATCH_SIZE) - const userKeysByEmail = await preloadUserShareKeys(auth, chunk, inviteMissingKeys) - const request: record.v3.sharing.IRequest = {} - const built: T[] = [] - - for (const item of chunk) { - try { - const permission = await buildPermission(item, userKeysByEmail) - applyToRequest(request, permission) - built.push(item) - } catch (err) { - outcomes.push({ - recordUid: item.recordUid, - email: item.email, - success: false, - skipped: true, - message: extractErrorMessage(err), - }) - } - } - - if (built.length === 0) continue - - try { - const statusList = await executeShareBatch(auth, request, statusField) - const statusByRecordUid = new Map( - statusList - .filter((status) => status.recordUid.length > 0) - .map((status) => [status.recordUid, status] as const) - ) - for (const item of built) { - const status = statusByRecordUid.get(item.recordUid) - outcomes.push({ - recordUid: item.recordUid, - email: item.email, - success: status?.success ?? false, - message: status?.message ?? 'No status returned', - }) - } - } catch (err) { - const message = extractErrorMessage(err) - for (const item of built) { - outcomes.push({ - recordUid: item.recordUid, - email: item.email, - success: false, - message, - }) - } - } + const outcomes: NsfShareOperationOutcome[] = []; + + for (let index = 0; index < items.length; index += NSF_SHARE_BATCH_SIZE) { + const chunk = items.slice(index, index + NSF_SHARE_BATCH_SIZE); + const userKeysByEmail = await preloadUserShareKeys( + auth, + chunk, + inviteMissingKeys, + ); + const request: record.v3.sharing.IRequest = {}; + const built: T[] = []; + + for (const item of chunk) { + try { + const permission = await buildPermission(item, userKeysByEmail); + applyToRequest(request, permission); + built.push(item); + } catch (err) { + outcomes.push({ + recordUid: item.recordUid, + email: item.email, + success: false, + skipped: true, + message: extractErrorMessage(err), + }); + } + } + + if (built.length === 0) continue; + + try { + const statusList = await executeShareBatch(auth, request, statusField); + const statusByRecordUid = new Map( + statusList + .filter((status) => status.recordUid.length > 0) + .map((status) => [status.recordUid, status] as const), + ); + for (const item of built) { + const status = statusByRecordUid.get(item.recordUid); + outcomes.push({ + recordUid: item.recordUid, + email: item.email, + success: status?.success ?? false, + message: status?.message ?? "No status returned", + }); + } + } catch (err) { + const message = extractErrorMessage(err); + for (const item of built) { + outcomes.push({ + recordUid: item.recordUid, + email: item.email, + success: false, + message, + }); + } } + } - return outcomes + return outcomes; } async function batchUpdateRecordSharesV3( - storage: InMemoryStorage, - auth: Auth, - updates: NsfSharePermissionItem[] + storage: InMemoryStorage, + auth: Auth, + updates: NsfSharePermissionItem[], ): Promise { - return runShareBatch( - auth, - updates, - (item, userKeysByEmail) => buildSharePermission(storage, auth, item, userKeysByEmail), - (request, permission) => { - request.updateSharingPermissions = [...(request.updateSharingPermissions ?? []), permission] - }, - 'updatedSharingStatus', - true - ) + return runShareBatch( + auth, + updates, + (item, userKeysByEmail) => + buildSharePermission(storage, auth, item, userKeysByEmail), + (request, permission) => { + request.updateSharingPermissions = [ + ...(request.updateSharingPermissions ?? []), + permission, + ]; + }, + "updatedSharingStatus", + true, + ); } async function batchCreateRecordSharesV3( - storage: InMemoryStorage, - auth: Auth, - creates: NsfSharePermissionItem[] + storage: InMemoryStorage, + auth: Auth, + creates: NsfSharePermissionItem[], ): Promise { - return runShareBatch( - auth, - creates, - (item, userKeysByEmail) => buildSharePermission(storage, auth, item, userKeysByEmail), - (request, permission) => { - request.createSharingPermissions = [...(request.createSharingPermissions ?? []), permission] - }, - 'createdSharingStatus', - true - ) + return runShareBatch( + auth, + creates, + (item, userKeysByEmail) => + buildSharePermission(storage, auth, item, userKeysByEmail), + (request, permission) => { + request.createSharingPermissions = [ + ...(request.createSharingPermissions ?? []), + permission, + ]; + }, + "createdSharingStatus", + true, + ); } async function batchUnshareRecordsV3( - auth: Auth, - revokes: NsfSharePermissionItem[] + auth: Auth, + revokes: NsfSharePermissionItem[], ): Promise { - return runShareBatch( - auth, - revokes, - (item, userKeysByEmail) => buildRevokePermission(item, userKeysByEmail), - (request, permission) => { - request.revokeSharingPermissions = [...(request.revokeSharingPermissions ?? []), permission] - }, - 'revokedSharingStatus', - false - ) + return runShareBatch( + auth, + revokes, + (item, userKeysByEmail) => buildRevokePermission(item, userKeysByEmail), + (request, permission) => { + request.revokeSharingPermissions = [ + ...(request.revokeSharingPermissions ?? []), + permission, + ]; + }, + "revokedSharingStatus", + false, + ); } function computePermissionChanges( - storage: InMemoryStorage, - accesses: NsfRecordAccessEntry[], - forbiddenRecords: string[], - recordUids: Set, - currentUser: string, - action: NsfRecordPermissionAction, - role: string | undefined, - accessRoleType: number | undefined + storage: InMemoryStorage, + accesses: NsfRecordAccessEntry[], + forbiddenRecords: string[], + recordUids: Set, + currentUser: string, + action: NsfRecordPermissionAction, + role: string | undefined, + accessRoleType: number | undefined, ): PermissionChangeBuckets { - const updates: NsfSharePermissionItem[] = [] - const creates: NsfSharePermissionItem[] = [] - const revokes: NsfSharePermissionItem[] = [] - const skipped: NsfRecordPermissionPlanItem[] = [] - - const forbidden = new Set(forbiddenRecords) - const ownerFlags = new Map() - const currentUserLower = currentUser.toLowerCase() - - for (const access of accesses) { - if (access.accessorName.toLowerCase() === currentUserLower) { - ownerFlags.set(access.recordUid, access.owner || access.canUpdateAccess) - } + const updates: NsfSharePermissionItem[] = []; + const creates: NsfSharePermissionItem[] = []; + const revokes: NsfSharePermissionItem[] = []; + const skipped: NsfRecordPermissionPlanItem[] = []; + + const forbidden = new Set(forbiddenRecords); + const ownerFlags = new Map(); + const currentUserLower = currentUser.toLowerCase(); + + for (const access of accesses) { + if (access.accessorName.toLowerCase() === currentUserLower) { + ownerFlags.set(access.recordUid, access.owner || access.canUpdateAccess); + } + } + + for (const recordUid of recordUids) { + if (!forbidden.has(recordUid)) continue; + skipped.push({ + recordUid, + title: recordTitle(storage, recordUid), + email: "", + curRole: "", + reason: "No access — record is forbidden", + }); + } + + for (const access of accesses) { + const recordUid = access.recordUid; + if (!recordUids.has(recordUid) || access.owner) continue; + + const email = access.accessorName; + if (!email || email.toLowerCase() === currentUserLower) continue; + + const curRole = getNsfAccessRoleLabel(access); + const isInherited = access.inherited; + const title = recordTitle(storage, recordUid); + + if (!ownerFlags.get(recordUid)) { + skipped.push({ + recordUid, + title, + email, + curRole, + reason: "Insufficient permission (can_update_access is false)", + }); + continue; } - for (const recordUid of recordUids) { - if (!forbidden.has(recordUid)) continue - skipped.push({ - recordUid, - title: recordTitle(storage, recordUid), - email: '', - curRole: '', - reason: 'No access — record is forbidden', - }) + if (action === NsfRecordPermissionAction.Grant) { + if (curRole === role) continue; + const entry: NsfSharePermissionItem = { + recordUid, + email, + curRole, + newRole: role, + accessRoleType, + }; + if (isInherited) { + creates.push(entry); + } else { + updates.push(entry); + } + continue; } - for (const access of accesses) { - const recordUid = access.recordUid - if (!recordUids.has(recordUid) || access.owner) continue - - const email = access.accessorName - if (!email || email.toLowerCase() === currentUserLower) continue - - const curRole = getNsfAccessRoleLabel(access) - const isInherited = access.inherited - const title = recordTitle(storage, recordUid) - - if (!ownerFlags.get(recordUid)) { - skipped.push({ - recordUid, - title, - email, - curRole, - reason: 'Insufficient permission (can_update_access is false)', - }) - continue - } - - if (action === NsfRecordPermissionAction.Grant) { - if (curRole === role) continue - const entry: NsfSharePermissionItem = { - recordUid, - email, - curRole, - newRole: role, - accessRoleType, - } - if (isInherited) { - creates.push(entry) - } else { - updates.push(entry) - } - continue - } - - if (role && curRole !== role) continue - if (isInherited) { - skipped.push({ - recordUid, - title, - email, - curRole, - reason: 'Inherited from a shared folder — revoke at the parent shared folder', - }) - continue - } - revokes.push({ recordUid, email, curRole }) + if (role && curRole !== role) continue; + if (isInherited) { + skipped.push({ + recordUid, + title, + email, + curRole, + reason: + "Inherited from a shared folder — revoke at the parent shared folder", + }); + continue; } + revokes.push({ recordUid, email, curRole }); + } - return { updates, creates, revokes, skipped } + return { updates, creates, revokes, skipped }; } function planItemFromShare( - storage: InMemoryStorage, - item: NsfSharePermissionItem, - inherited = false + storage: InMemoryStorage, + item: NsfSharePermissionItem, + inherited = false, ): NsfRecordPermissionPlanItem { - return { - recordUid: item.recordUid, - title: recordTitle(storage, item.recordUid), - email: item.email, - curRole: inherited ? `${item.curRole || ''} (inherited)`.trim() : item.curRole || '', - newRole: item.newRole, - } + return { + recordUid: item.recordUid, + title: recordTitle(storage, item.recordUid), + email: item.email, + curRole: inherited + ? `${item.curRole || ""} (inherited)`.trim() + : item.curRole || "", + newRole: item.newRole, + }; } export function buildNsfRecordPermissionPlan( - storage: InMemoryStorage, - buckets: PermissionChangeBuckets + storage: InMemoryStorage, + buckets: PermissionChangeBuckets, ): NsfRecordPermissionPlan { - return { - grants: [ - ...buckets.updates.map((item) => planItemFromShare(storage, item)), - ...buckets.creates.map((item) => planItemFromShare(storage, item, true)), - ], - revokes: buckets.revokes.map((item) => ({ - recordUid: item.recordUid, - title: recordTitle(storage, item.recordUid), - email: item.email, - curRole: item.curRole || '', - })), - skipped: buckets.skipped, - } + return { + grants: [ + ...buckets.updates.map((item) => planItemFromShare(storage, item)), + ...buckets.creates.map((item) => planItemFromShare(storage, item, true)), + ], + revokes: buckets.revokes.map((item) => ({ + recordUid: item.recordUid, + title: recordTitle(storage, item.recordUid), + email: item.email, + curRole: item.curRole || "", + })), + skipped: buckets.skipped, + }; } function formatPermissionPlanTable( - title: string, - headers: string[], - rows: string[][] + title: string, + headers: string[], + rows: string[][], ): string[] { - if (rows.length === 0) return [] - - const columnCount = headers.length - const widths = headers.map((header, columnIndex) => { - let width = header.length - for (const row of rows) { - width = Math.max(width, (row[columnIndex] ?? '').length) - } - return width - }) - const pad = (cell: string, columnIndex: number) => - cell + ' '.repeat(Math.max(0, widths[columnIndex] - cell.length)) - const formatRow = (cells: string[]) => cells.map((cell, columnIndex) => pad(cell, columnIndex)).join(' ') - const rule = widths.map((width, columnIndex) => pad('-'.repeat(width), columnIndex)).join(' ') - - return [title, '', formatRow(headers), rule, ...rows.map((row) => formatRow(row)), ''] + if (rows.length === 0) return []; + + const columnCount = headers.length; + const widths = headers.map((header, columnIndex) => { + let width = header.length; + for (const row of rows) { + width = Math.max(width, (row[columnIndex] ?? "").length); + } + return width; + }); + const pad = (cell: string, columnIndex: number) => + cell + " ".repeat(Math.max(0, widths[columnIndex] - cell.length)); + const formatRow = (cells: string[]) => + cells.map((cell, columnIndex) => pad(cell, columnIndex)).join(" "); + const rule = widths + .map((width, columnIndex) => pad("-".repeat(width), columnIndex)) + .join(" "); + + return [ + title, + "", + formatRow(headers), + rule, + ...rows.map((row) => formatRow(row)), + "", + ]; } export function formatNsfRecordPermissionRequestHeader( - action: NsfRecordPermissionActionInput, - role: string | undefined, - folderDisplayName: string, - recursive: boolean + action: NsfRecordPermissionActionInput, + role: string | undefined, + folderDisplayName: string, + recursive: boolean, ): string { - const normalizedAction = normalizeAction(action) - const scope = recursive ? 'and sub-folders' : 'only' - if (normalizedAction === NsfRecordPermissionAction.Grant) { - return `Request to GRANT "${role ?? ''}" permission(s) in "${folderDisplayName}" folder ${scope}` - } - const roleSuffix = role ? ` matching "${role}"` : '' - return `Request to REVOKE record permission(s)${roleSuffix} in "${folderDisplayName}" folder ${scope}` + const normalizedAction = normalizeAction(action); + const scope = recursive ? "and sub-folders" : "only"; + if (normalizedAction === NsfRecordPermissionAction.Grant) { + return `Request to GRANT "${role ?? ""}" permission(s) in "${folderDisplayName}" folder ${scope}`; + } + const roleSuffix = role ? ` matching "${role}"` : ""; + return `Request to REVOKE record permission(s)${roleSuffix} in "${folderDisplayName}" folder ${scope}`; } -export function formatNsfRecordPermissionPlan(plan: NsfRecordPermissionPlan): string { - const lines: string[] = [] - - if (plan.skipped.length > 0) { - lines.push( - ...formatPermissionPlanTable( - 'SKIP — Record permission(s). Not permitted', - ['Record UID', 'Title', 'Email', 'Current Role', 'Reason'], - plan.skipped.map((item) => [ - item.recordUid, - item.title || '—', - item.email || '—', - item.curRole || '—', - item.reason || 'Unknown', - ]) - ) - ) - } - - if (plan.grants.length > 0) { - lines.push( - ...formatPermissionPlanTable( - 'GRANT Record permission(s)', - ['#', 'Record UID', 'Title', 'Email', 'Current Role', 'New Role'], - plan.grants.map((item, index) => [ - String(index + 1), - item.recordUid, - item.title || '—', - item.email, - item.curRole || '—', - item.newRole || '—', - ]) - ) - ) - lines.push('WARNING: Review the planned changes carefully before confirming.') - lines.push('') - } - - if (plan.revokes.length > 0) { - lines.push( - ...formatPermissionPlanTable( - 'REVOKE — Record share(s)', - ['#', 'Record UID', 'Title', 'Email', 'Current Role'], - plan.revokes.map((item, index) => [ - String(index + 1), - item.recordUid, - item.title || '—', - item.email, - item.curRole || '—', - ]) - ) - ) - lines.push('WARNING: Review the planned changes carefully before confirming.') - lines.push('') - } - - return lines.join('\n').trimEnd() +export function formatNsfRecordPermissionPlan( + plan: NsfRecordPermissionPlan, +): string { + const lines: string[] = []; + + if (plan.skipped.length > 0) { + lines.push( + ...formatPermissionPlanTable( + "SKIP — Record permission(s). Not permitted", + ["Record UID", "Title", "Email", "Current Role", "Reason"], + plan.skipped.map((item) => [ + item.recordUid, + item.title || "—", + item.email || "—", + item.curRole || "—", + item.reason || "Unknown", + ]), + ), + ); + } + + if (plan.grants.length > 0) { + lines.push( + ...formatPermissionPlanTable( + "GRANT Record permission(s)", + ["#", "Record UID", "Title", "Email", "Current Role", "New Role"], + plan.grants.map((item, index) => [ + String(index + 1), + item.recordUid, + item.title || "—", + item.email, + item.curRole || "—", + item.newRole || "—", + ]), + ), + ); + lines.push( + "WARNING: Review the planned changes carefully before confirming.", + ); + lines.push(""); + } + + if (plan.revokes.length > 0) { + lines.push( + ...formatPermissionPlanTable( + "REVOKE — Record share(s)", + ["#", "Record UID", "Title", "Email", "Current Role"], + plan.revokes.map((item, index) => [ + String(index + 1), + item.recordUid, + item.title || "—", + item.email, + item.curRole || "—", + ]), + ), + ); + lines.push( + "WARNING: Review the planned changes carefully before confirming.", + ); + lines.push(""); + } + + return lines.join("\n").trimEnd(); } function mapFailures( - outcomes: NsfShareOperationOutcome[], - defaultCode: string + outcomes: NsfShareOperationOutcome[], + defaultCode: string, ): NsfRecordPermissionFailure[] { - return outcomes - .filter((outcome) => !outcome.success) - .map((outcome) => ({ - recordUid: outcome.recordUid, - email: outcome.email, - code: outcome.skipped ? NsfPermissionFailureCode.Skipped : defaultCode, - message: outcome.message || 'Unknown error', - })) + return outcomes + .filter((outcome) => !outcome.success) + .map((outcome) => ({ + recordUid: outcome.recordUid, + email: outcome.email, + code: outcome.skipped ? NsfPermissionFailureCode.Skipped : defaultCode, + message: outcome.message || "Unknown error", + })); } export async function updateNestedShareRecordPermissions( - storage: InMemoryStorage, - auth: Auth, - input: UpdateNsfRecordPermissionInput + storage: InMemoryStorage, + auth: Auth, + input: UpdateNsfRecordPermissionInput, ): Promise { - const action = normalizeAction(input.action) - const recursive = input.recursive ?? false - const dryRun = input.dryRun ?? false - const normalizedRole = normalizeNsfRecordPermissionRole(input.role) - - if (action === NsfRecordPermissionAction.Grant) { - if (!normalizedRole) { - throw new KeeperSdkError('Role is required for grant action.', ResultCodes.NSF_RECORD_PERMISSION_FAILED) - } - if (!(NSF_RECORD_PERMISSION_ROLES as readonly string[]).includes(normalizedRole)) { - throw new KeeperSdkError( - `Invalid role '${input.role}'. Use: ${NSF_RECORD_PERMISSION_ROLES.join(', ')}.`, - ResultCodes.NSF_RECORD_PERMISSION_FAILED - ) - } - } else if (input.role) { - normalizeNsfRecordPermissionRole(input.role) + const action = normalizeAction(input.action); + const recursive = input.recursive ?? false; + const dryRun = input.dryRun ?? false; + const normalizedRole = normalizeNsfRecordPermissionRole(input.role); + + if (action === NsfRecordPermissionAction.Grant) { + if (!normalizedRole) { + throw new KeeperSdkError( + "Role is required for grant action.", + ResultCodes.NSF_RECORD_PERMISSION_FAILED, + ); + } + if ( + !(NSF_RECORD_PERMISSION_ROLES as readonly string[]).includes( + normalizedRole, + ) + ) { + throw new KeeperSdkError( + `Invalid role '${input.role}'. Use: ${NSF_RECORD_PERMISSION_ROLES.join(", ")}.`, + ResultCodes.NSF_RECORD_PERMISSION_FAILED, + ); + } + } else if (input.role) { + normalizeNsfRecordPermissionRole(input.role); + } + + const accessRoleType = + action === NsfRecordPermissionAction.Grant && normalizedRole + ? resolveNsfRoleName(normalizedRole) + : undefined; + + const { folderUid, displayName } = resolveFolderForPermission( + storage, + input.folder, + ); + const recordUids = collectNsfRecordUidsInFolder( + storage, + folderUid, + recursive, + ); + if (recordUids.size === 0) { + throw new KeeperSdkError( + "No records found in the specified folder.", + ResultCodes.NSF_NOT_FOUND, + ); + } + + try { + const accessesResult = await getRecordAccessesV3(auth, storage, [ + ...recordUids, + ]); + const buckets = computePermissionChanges( + storage, + accessesResult.recordAccesses, + accessesResult.forbiddenRecords, + recordUids, + auth.username, + action, + normalizedRole, + accessRoleType, + ); + const plan = buildNsfRecordPermissionPlan(storage, buckets); + + if ( + buckets.updates.length === 0 && + buckets.creates.length === 0 && + buckets.revokes.length === 0 + ) { + return { + confirmed: false, + dryRun, + folderDisplayName: displayName, + plan, + grantFailures: [], + revokeFailures: [], + message: plan.skipped.length + ? "No permission changes can be made." + : "No permission changes are needed.", + }; } - const accessRoleType = - action === NsfRecordPermissionAction.Grant && normalizedRole - ? resolveNsfRoleName(normalizedRole) - : undefined - - const { folderUid, displayName } = resolveFolderForPermission(storage, input.folder) - const recordUids = collectNsfRecordUidsInFolder(storage, folderUid, recursive) - if (recordUids.size === 0) { - throw new KeeperSdkError('No records found in the specified folder.', ResultCodes.NSF_NOT_FOUND) + if (dryRun || !input.force) { + return { + confirmed: false, + dryRun, + folderDisplayName: displayName, + plan, + grantFailures: [], + revokeFailures: [], + message: dryRun + ? undefined + : "Confirmation required. Set force=true to proceed.", + }; } - try { - const accessesResult = await getRecordAccessesV3(auth, storage, [...recordUids]) - const buckets = computePermissionChanges( - storage, - accessesResult.recordAccesses, - accessesResult.forbiddenRecords, - recordUids, - auth.username, - action, - normalizedRole, - accessRoleType - ) - const plan = buildNsfRecordPermissionPlan(storage, buckets) - - if (buckets.updates.length === 0 && buckets.creates.length === 0 && buckets.revokes.length === 0) { - return { - confirmed: false, - dryRun, - folderDisplayName: displayName, - plan, - grantFailures: [], - revokeFailures: [], - message: plan.skipped.length - ? 'No permission changes can be made.' - : 'No permission changes are needed.', - } - } - - if (dryRun || !input.force) { - return { - confirmed: false, - dryRun, - folderDisplayName: displayName, - plan, - grantFailures: [], - revokeFailures: [], - message: dryRun - ? undefined - : 'Confirmation required. Set force=true to proceed.', - } - } - - const grantOutcomes: NsfShareOperationOutcome[] = [] - if (buckets.updates.length > 0) { - grantOutcomes.push(...(await batchUpdateRecordSharesV3(storage, auth, buckets.updates))) - } - if (buckets.creates.length > 0) { - grantOutcomes.push(...(await batchCreateRecordSharesV3(storage, auth, buckets.creates))) - } - - const revokeOutcomes = - buckets.revokes.length > 0 ? await batchUnshareRecordsV3(auth, buckets.revokes) : [] - - return { - confirmed: true, - dryRun: false, - folderDisplayName: displayName, - plan, - grantFailures: mapFailures(grantOutcomes, 'error'), - revokeFailures: mapFailures(revokeOutcomes, 'error'), - message: 'Record permission changes applied.', - } - } catch (err) { - if (err instanceof KeeperSdkError) throw err - throw new KeeperSdkError( - `Failed to update nested share record permissions: ${extractErrorMessage(err)}`, - ResultCodes.NSF_RECORD_PERMISSION_FAILED - ) + const grantOutcomes: NsfShareOperationOutcome[] = []; + if (buckets.updates.length > 0) { + grantOutcomes.push( + ...(await batchUpdateRecordSharesV3(storage, auth, buckets.updates)), + ); + } + if (buckets.creates.length > 0) { + grantOutcomes.push( + ...(await batchCreateRecordSharesV3(storage, auth, buckets.creates)), + ); } + + const revokeOutcomes = + buckets.revokes.length > 0 + ? await batchUnshareRecordsV3(auth, buckets.revokes) + : []; + + return { + confirmed: true, + dryRun: false, + folderDisplayName: displayName, + plan, + grantFailures: mapFailures(grantOutcomes, "error"), + revokeFailures: mapFailures(revokeOutcomes, "error"), + message: "Record permission changes applied.", + }; + } catch (err) { + if (err instanceof KeeperSdkError) throw err; + throw new KeeperSdkError( + `Failed to update nested share record permissions: ${extractErrorMessage(err)}`, + ResultCodes.NSF_RECORD_PERMISSION_FAILED, + ); + } } export function formatNsfRecordPermissionFailures( - failures: NsfRecordPermissionFailure[], - kind: 'GRANT' | 'REVOKE' + failures: NsfRecordPermissionFailure[], + kind: "GRANT" | "REVOKE", ): string { - if (failures.length === 0) return '' - const lines = [`Failed to ${kind} — Record permission(s)`] - for (const failure of failures) { - lines.push(` ${failure.recordUid} ${failure.email} ${failure.code} ${failure.message}`) - } - return lines.join('\n') + if (failures.length === 0) return ""; + const lines = [`Failed to ${kind} — Record permission(s)`]; + for (const failure of failures) { + lines.push( + ` ${failure.recordUid} ${failure.email} ${failure.code} ${failure.message}`, + ); + } + return lines.join("\n"); } diff --git a/KeeperSdk/src/nestedShareFolders/nsfRecordTypes.ts b/KeeperSdk/src/nestedShareFolders/nsfRecordTypes.ts index 2d95a7cf..da6dcd44 100644 --- a/KeeperSdk/src/nestedShareFolders/nsfRecordTypes.ts +++ b/KeeperSdk/src/nestedShareFolders/nsfRecordTypes.ts @@ -1,95 +1,102 @@ -import type { Auth, Records } from '@keeper-security/keeperapi' -import { recordTypesGetMessage } from '@keeper-security/keeperapi' -import { KeeperSdkError, ResultCodes, extractErrorMessage } from '../utils' -import { NSF_LEGACY_RECORD_TYPES } from './nsfConstants' +import type { Auth, Records } from "@keeper-security/keeperapi"; +import { recordTypesGetMessage } from "@keeper-security/keeperapi"; +import { KeeperSdkError, ResultCodes, extractErrorMessage } from "../utils"; +import { NSF_LEGACY_RECORD_TYPES } from "./nsfConstants"; type RecordTypeSchema = { - id?: string - fields?: unknown[] -} + id?: string; + fields?: unknown[]; +}; -const RECORD_TYPE_CACHE_TTL_MS = 5 * 60 * 1000 +const RECORD_TYPE_CACHE_TTL_MS = 5 * 60 * 1000; -let cachedAuth: Auth | undefined -let cachedRecordTypes: Records.IRecordType[] | undefined -let cachedAt = 0 +let cachedAuth: Auth | undefined; +let cachedRecordTypes: Records.IRecordType[] | undefined; +let cachedAt = 0; export function clearNsfRecordTypeCache(): void { - cachedAuth = undefined - cachedRecordTypes = undefined - cachedAt = 0 + cachedAuth = undefined; + cachedRecordTypes = undefined; + cachedAt = 0; } function parseRecordTypeSchema(content: string): RecordTypeSchema | undefined { - try { - const parsed = JSON.parse(content) as Record - if (typeof parsed !== 'object' || parsed === null) return undefined - const id = typeof parsed.$id === 'string' ? parsed.$id : undefined - const fields = Array.isArray(parsed.fields) ? parsed.fields : undefined - return { id, fields } - } catch { - return undefined - } + try { + const parsed = JSON.parse(content) as Record; + if (typeof parsed !== "object" || parsed === null) return undefined; + const id = typeof parsed.$id === "string" ? parsed.$id : undefined; + const fields = Array.isArray(parsed.fields) ? parsed.fields : undefined; + return { id, fields }; + } catch { + return undefined; + } } async function loadRecordTypes(auth: Auth): Promise { - const now = Date.now() - if (cachedAuth === auth && cachedRecordTypes && now - cachedAt < RECORD_TYPE_CACHE_TTL_MS) { - return cachedRecordTypes - } + const now = Date.now(); + if ( + cachedAuth === auth && + cachedRecordTypes && + now - cachedAt < RECORD_TYPE_CACHE_TTL_MS + ) { + return cachedRecordTypes; + } - try { - const response = await auth.executeRest( - recordTypesGetMessage({ - standard: true, - user: true, - enterprise: true, - pam: true, - }) - ) - cachedRecordTypes = response.recordTypes ?? [] - cachedAuth = auth - cachedAt = now - return cachedRecordTypes - } catch (err) { - throw new KeeperSdkError( - `Failed to load record types: ${extractErrorMessage(err)}`, - ResultCodes.NSF_ADD_FAILED - ) - } + try { + const response = await auth.executeRest( + recordTypesGetMessage({ + standard: true, + user: true, + enterprise: true, + pam: true, + }), + ); + cachedRecordTypes = response.recordTypes ?? []; + cachedAuth = auth; + cachedAt = now; + return cachedRecordTypes; + } catch (err) { + throw new KeeperSdkError( + `Failed to load record types: ${extractErrorMessage(err)}`, + ResultCodes.NSF_ADD_FAILED, + ); + } } export async function getNsfRecordTypeFields( - auth: Auth, - recordType: string + auth: Auth, + recordType: string, ): Promise { - const normalized = recordType.trim() - if (!normalized || NSF_LEGACY_RECORD_TYPES.has(normalized)) return undefined + const normalized = recordType.trim(); + if (!normalized || NSF_LEGACY_RECORD_TYPES.has(normalized)) return undefined; - const types = await loadRecordTypes(auth) - for (const entry of types) { - if (!entry.content) continue - const schema = parseRecordTypeSchema(entry.content) - if (schema?.id === normalized && schema.fields?.length) { - return schema.fields - } + const types = await loadRecordTypes(auth); + for (const entry of types) { + if (!entry.content) continue; + const schema = parseRecordTypeSchema(entry.content); + if (schema?.id === normalized && schema.fields?.length) { + return schema.fields; } - return undefined + } + return undefined; } export async function validateNsfRecordType( - auth: Auth, - recordType: string, - resultCode: string = ResultCodes.NSF_ADD_FAILED + auth: Auth, + recordType: string, + resultCode: string = ResultCodes.NSF_ADD_FAILED, ): Promise { - const normalized = recordType.trim() - if (!normalized) { - throw new KeeperSdkError('Record type is required.', resultCode) - } - if (NSF_LEGACY_RECORD_TYPES.has(normalized)) return + const normalized = recordType.trim(); + if (!normalized) { + throw new KeeperSdkError("Record type is required.", resultCode); + } + if (NSF_LEGACY_RECORD_TYPES.has(normalized)) return; - const fields = await getNsfRecordTypeFields(auth, normalized) - if (!fields?.length) { - throw new KeeperSdkError(`Record type "${normalized}" cannot be found.`, resultCode) - } + const fields = await getNsfRecordTypeFields(auth, normalized); + if (!fields?.length) { + throw new KeeperSdkError( + `Record type "${normalized}" cannot be found.`, + resultCode, + ); + } } diff --git a/KeeperSdk/src/nestedShareFolders/nsfShare.ts b/KeeperSdk/src/nestedShareFolders/nsfShare.ts index 8b0f7ec2..c8ad82b0 100644 --- a/KeeperSdk/src/nestedShareFolders/nsfShare.ts +++ b/KeeperSdk/src/nestedShareFolders/nsfShare.ts @@ -1,815 +1,977 @@ -import type { Auth } from '@keeper-security/keeperapi' +import type { Auth } from "@keeper-security/keeperapi"; import { - Folder, - normal64Bytes, - platform, - recordsShareV3Message, - folderAccessUpdateMessage, - webSafe64FromBytes, -} from '@keeper-security/keeperapi' -import type { InMemoryStorage } from '../storage/InMemoryStorage' -import { getRecordTitle } from '../records/RecordUtils' + Folder, + normal64Bytes, + platform, + recordsShareV3Message, + folderAccessUpdateMessage, + webSafe64FromBytes, +} from "@keeper-security/keeperapi"; +import type { InMemoryStorage } from "../storage/InMemoryStorage"; +import { getRecordTitle } from "../records/RecordUtils"; import { - buildNsfRecordSharePermission, - buildNsfRevokePermissionFromKeys, - loadUserShareKeys, - loadUserShareKeysOrInvite, - parseRecordSharingStatus, -} from './nsfShareKeys' -import { KeeperSdkError, ResultCodes, extractErrorMessage } from '../utils' -import { collectNsfRecordUidsInFolder } from './nsfRecordPermission' -import { resolveRecordKeyBytes } from './nsfRecordCrypto' -import { transferNestedShareRecordOwnership } from './nsfTransferRecord' -import { getFolderPermissionsForRole, NSFShareRoleName, NsfShareCommandName } from './nsfConstants' + buildNsfRecordSharePermission, + buildNsfRevokePermissionFromKeys, + loadUserShareKeys, + loadUserShareKeysOrInvite, + parseRecordSharingStatus, +} from "./nsfShareKeys"; +import { KeeperSdkError, ResultCodes, extractErrorMessage } from "../utils"; +import { collectNsfRecordUidsInFolder } from "./nsfRecordPermission"; +import { resolveRecordKeyBytes } from "./nsfRecordCrypto"; +import { transferNestedShareRecordOwnership } from "./nsfTransferRecord"; import { - checkFolderSharePermission, - checkRecordChangeOwnershipPermission, - checkRecordSharePermission, - collectExistingFolderShareTargets, - ensureNestedShareFolder, - ensureNestedShareRecord, - fetchLiveRecordAccessesV3, - findDirectUserRecordShare, - findUserRecordShareEntry, - findFolderAccessEntryOrLive, - loadShareUserMap, - getKeeperDriveRecord, - getNsfRecordPermissionRoleLabel, - isShareExpirationNoop, - parseShareExpiration, - requireAuthAccountUid, - resolveNsfFolderIdentifier, - resolveNsfRecordIdentifier, - resolveNsfRoleName, -} from './nsfHelpers' + getFolderPermissionsForRole, + NSFShareRoleName, + NsfShareCommandName, +} from "./nsfConstants"; import { - encryptNsfFolderKeyForTeam, - fetchNsfTeamPublicKeys, - resolveNsfShareRecipient, -} from './nsfTeamShare' + checkFolderSharePermission, + checkRecordChangeOwnershipPermission, + checkRecordSharePermission, + collectExistingFolderShareTargets, + ensureNestedShareFolder, + ensureNestedShareRecord, + fetchLiveRecordAccessesV3, + findDirectUserRecordShare, + findUserRecordShareEntry, + findFolderAccessEntryOrLive, + loadShareUserMap, + getKeeperDriveRecord, + getNsfRecordPermissionRoleLabel, + isShareExpirationNoop, + parseShareExpiration, + requireAuthAccountUid, + resolveNsfFolderIdentifier, + resolveNsfRecordIdentifier, + resolveNsfRoleName, +} from "./nsfHelpers"; +import { + encryptNsfFolderKeyForTeam, + fetchNsfTeamPublicKeys, + resolveNsfShareRecipient, +} from "./nsfTeamShare"; import type { - NsfDirectUserRecordShare, - NsfFolderAccessOperationResult, - NsfFolderShareActionInput, - NsfFolderShareResultItem, - NsfRecordShareActionInput, - NsfRecordSharePlanItem, - NsfRecordShareResultItem, - NsfResolvedShareRecipient, - ShareNestedShareFolderInput, - ShareNestedShareFolderResult, - ShareNestedShareRecordInput, - ShareNestedShareRecordResult, -} from './nsfTypes' + NsfDirectUserRecordShare, + NsfFolderAccessOperationResult, + NsfFolderShareActionInput, + NsfFolderShareResultItem, + NsfRecordShareActionInput, + NsfRecordSharePlanItem, + NsfRecordShareResultItem, + NsfResolvedShareRecipient, + ShareNestedShareFolderInput, + ShareNestedShareFolderResult, + ShareNestedShareRecordInput, + ShareNestedShareRecordResult, +} from "./nsfTypes"; import { - NsfFolderShareAction, - NsfFolderShareActionTaken, - NsfRecordShareAction, - NsfRecordShareActionTaken, - NsfResultStatus, -} from './nsfTypes' - -const SHARE_ERROR = ResultCodes.NSF_SHARE_FAILED - -function normalizeFolderAction(action: NsfFolderShareActionInput = NsfFolderShareAction.Grant): NsfFolderShareAction { - const value = action as NsfFolderShareAction - if (value === NsfFolderShareAction.Grant || value === NsfFolderShareAction.Remove) return value - throw new KeeperSdkError(`Invalid action '${action}'. Use: grant, remove.`, SHARE_ERROR) + NsfFolderShareAction, + NsfFolderShareActionTaken, + NsfRecordShareAction, + NsfRecordShareActionTaken, + NsfResultStatus, +} from "./nsfTypes"; + +const SHARE_ERROR = ResultCodes.NSF_SHARE_FAILED; + +function normalizeFolderAction( + action: NsfFolderShareActionInput = NsfFolderShareAction.Grant, +): NsfFolderShareAction { + const value = action as NsfFolderShareAction; + if ( + value === NsfFolderShareAction.Grant || + value === NsfFolderShareAction.Remove + ) + return value; + throw new KeeperSdkError( + `Invalid action '${action}'. Use: grant, remove.`, + SHARE_ERROR, + ); } -function normalizeRecordAction(action: NsfRecordShareActionInput = NsfRecordShareAction.Grant): NsfRecordShareAction { - const value = action as NsfRecordShareAction - if ( - value === NsfRecordShareAction.Grant || - value === NsfRecordShareAction.Revoke || - value === NsfRecordShareAction.Owner - ) { - return value - } - throw new KeeperSdkError(`Invalid action '${action}'. Use: grant, revoke, owner.`, SHARE_ERROR) +function normalizeRecordAction( + action: NsfRecordShareActionInput = NsfRecordShareAction.Grant, +): NsfRecordShareAction { + const value = action as NsfRecordShareAction; + if ( + value === NsfRecordShareAction.Grant || + value === NsfRecordShareAction.Revoke || + value === NsfRecordShareAction.Owner + ) { + return value; + } + throw new KeeperSdkError( + `Invalid action '${action}'. Use: grant, revoke, owner.`, + SHARE_ERROR, + ); } function parseFolderAccessResult( - result: Folder.IFolderAccessResult | null | undefined, - folderUid: string, - recipient: string + result: Folder.IFolderAccessResult | null | undefined, + folderUid: string, + recipient: string, ): NsfFolderAccessOperationResult { - if (!result) { - return { folderUid, recipient, success: false, message: 'No folder access result returned' } - } - const status = result.status ?? Folder.FolderModifyStatus.SUCCESS - const statusName = Folder.FolderModifyStatus[status] ?? String(status) + if (!result) { return { - folderUid, - recipient, - success: status === Folder.FolderModifyStatus.SUCCESS, - message: result.message || statusName, - } + folderUid, + recipient, + success: false, + message: "No folder access result returned", + }; + } + const status = result.status ?? Folder.FolderModifyStatus.SUCCESS; + const statusName = Folder.FolderModifyStatus[status] ?? String(status); + return { + folderUid, + recipient, + success: status === Folder.FolderModifyStatus.SUCCESS, + message: result.message || statusName, + }; } function buildFolderAccessRemoveData( - folderUid: string, - accessTypeUid: Uint8Array, - accessType: Folder.AccessType + folderUid: string, + accessTypeUid: Uint8Array, + accessType: Folder.AccessType, ): Folder.IFolderAccessData { - return Folder.FolderAccessData.create({ - folderUid: normal64Bytes(folderUid), - accessTypeUid, - accessType, - }) + return Folder.FolderAccessData.create({ + folderUid: normal64Bytes(folderUid), + accessTypeUid, + accessType, + }); } async function buildEncryptedFolderKeyForUser( - auth: Auth, - folderKey: Uint8Array, - email: string + auth: Auth, + folderKey: Uint8Array, + email: string, ): Promise { - const userKeys = await loadUserShareKeysOrInvite(auth, email, SHARE_ERROR) - if (userKeys.rsaPublicKey?.length) { - const rsaKeyBase64 = platform.bytesToBase64(userKeys.rsaPublicKey) - return Folder.EncryptedDataKey.create({ - encryptedKey: platform.publicEncrypt(folderKey, rsaKeyBase64), - encryptedKeyType: Folder.EncryptedKeyType.encrypted_by_public_key, - }) - } - if (userKeys.eccPublicKey?.length) { - return Folder.EncryptedDataKey.create({ - encryptedKey: await platform.publicEncryptEC(folderKey, userKeys.eccPublicKey), - encryptedKeyType: Folder.EncryptedKeyType.encrypted_by_public_key_ecc, - }) - } - throw new KeeperSdkError(`No usable public key available for ${email}`, SHARE_ERROR) + const userKeys = await loadUserShareKeysOrInvite(auth, email, SHARE_ERROR); + if (userKeys.rsaPublicKey?.length) { + const rsaKeyBase64 = platform.bytesToBase64(userKeys.rsaPublicKey); + return Folder.EncryptedDataKey.create({ + encryptedKey: platform.publicEncrypt(folderKey, rsaKeyBase64), + encryptedKeyType: Folder.EncryptedKeyType.encrypted_by_public_key, + }); + } + if (userKeys.eccPublicKey?.length) { + return Folder.EncryptedDataKey.create({ + encryptedKey: await platform.publicEncryptEC( + folderKey, + userKeys.eccPublicKey, + ), + encryptedKeyType: Folder.EncryptedKeyType.encrypted_by_public_key_ecc, + }); + } + throw new KeeperSdkError( + `No usable public key available for ${email}`, + SHARE_ERROR, + ); } async function buildFolderAccessGrantData( - auth: Auth, - storage: InMemoryStorage, - folderUid: string, - target: NsfResolvedShareRecipient, - accessRoleType: Folder.AccessRoleType, - expirationTimestamp?: number + auth: Auth, + storage: InMemoryStorage, + folderUid: string, + target: NsfResolvedShareRecipient, + accessRoleType: Folder.AccessRoleType, + expirationTimestamp?: number, ): Promise { - const folderKey = await storage.getKeyBytes(folderUid) - if (!folderKey) { - throw new KeeperSdkError( - `Folder key not available for ${folderUid}. Run sync() first.`, - ResultCodes.NSF_MISSING_KEY - ) - } - - const accessType = target.isTeam ? Folder.AccessType.AT_TEAM : Folder.AccessType.AT_USER - let accessTypeUid: Uint8Array - let encryptedFolderKey: Folder.IEncryptedDataKey - - if (target.isTeam) { - if (!target.accountUid?.length) { - throw new KeeperSdkError(`Team ${target.recipient} not found`, ResultCodes.TEAM_NOT_FOUND) - } - accessTypeUid = target.accountUid - const teamKeys = await fetchNsfTeamPublicKeys(auth, target.recipient, storage) - encryptedFolderKey = await encryptNsfFolderKeyForTeam(folderKey, teamKeys) - } else { - const userKeys = await loadUserShareKeysOrInvite(auth, target.recipient, SHARE_ERROR) - accessTypeUid = userKeys.accountUid - encryptedFolderKey = await buildEncryptedFolderKeyForUser(auth, folderKey, target.recipient) - } - - const data = Folder.FolderAccessData.create({ - folderUid: normal64Bytes(folderUid), - accessTypeUid, - accessType, - accessRoleType, - permissions: getFolderPermissionsForRole(accessRoleType), - folderKey: encryptedFolderKey, - }) - - if (expirationTimestamp != null) { - data.tlaProperties = { expiration: expirationTimestamp } - } - - return data + const folderKey = await storage.getKeyBytes(folderUid); + if (!folderKey) { + throw new KeeperSdkError( + `Folder key not available for ${folderUid}. Run sync() first.`, + ResultCodes.NSF_MISSING_KEY, + ); + } + + const accessType = target.isTeam + ? Folder.AccessType.AT_TEAM + : Folder.AccessType.AT_USER; + let accessTypeUid: Uint8Array; + let encryptedFolderKey: Folder.IEncryptedDataKey; + + if (target.isTeam) { + if (!target.accountUid?.length) { + throw new KeeperSdkError( + `Team ${target.recipient} not found`, + ResultCodes.TEAM_NOT_FOUND, + ); + } + accessTypeUid = target.accountUid; + const teamKeys = await fetchNsfTeamPublicKeys( + auth, + target.recipient, + storage, + ); + encryptedFolderKey = await encryptNsfFolderKeyForTeam(folderKey, teamKeys); + } else { + const userKeys = await loadUserShareKeysOrInvite( + auth, + target.recipient, + SHARE_ERROR, + ); + accessTypeUid = userKeys.accountUid; + encryptedFolderKey = await buildEncryptedFolderKeyForUser( + auth, + folderKey, + target.recipient, + ); + } + + const data = Folder.FolderAccessData.create({ + folderUid: normal64Bytes(folderUid), + accessTypeUid, + accessType, + accessRoleType, + permissions: getFolderPermissionsForRole(accessRoleType), + folderKey: encryptedFolderKey, + }); + + if (expirationTimestamp != null) { + data.tlaProperties = { expiration: expirationTimestamp }; + } + + return data; } function buildFolderAccessUpdateData( - folderUid: string, - target: NsfResolvedShareRecipient, - accessRoleType: Folder.AccessRoleType, - expirationTimestamp?: number + folderUid: string, + target: NsfResolvedShareRecipient, + accessRoleType: Folder.AccessRoleType, + expirationTimestamp?: number, ): Folder.IFolderAccessData { - if (!target.accountUid?.length) { - throw new KeeperSdkError( - target.isTeam - ? `Team ${target.recipient} not found` - : `User ${target.recipient} not found`, - target.isTeam ? ResultCodes.TEAM_NOT_FOUND : SHARE_ERROR - ) - } - - const data = Folder.FolderAccessData.create({ - folderUid: normal64Bytes(folderUid), - accessTypeUid: target.accountUid, - accessType: target.isTeam ? Folder.AccessType.AT_TEAM : Folder.AccessType.AT_USER, - accessRoleType, - permissions: getFolderPermissionsForRole(accessRoleType), - }) - if (expirationTimestamp != null) { - data.tlaProperties = { expiration: expirationTimestamp } - } - return data + if (!target.accountUid?.length) { + throw new KeeperSdkError( + target.isTeam + ? `Team ${target.recipient} not found` + : `User ${target.recipient} not found`, + target.isTeam ? ResultCodes.TEAM_NOT_FOUND : SHARE_ERROR, + ); + } + + const data = Folder.FolderAccessData.create({ + folderUid: normal64Bytes(folderUid), + accessTypeUid: target.accountUid, + accessType: target.isTeam + ? Folder.AccessType.AT_TEAM + : Folder.AccessType.AT_USER, + accessRoleType, + permissions: getFolderPermissionsForRole(accessRoleType), + }); + if (expirationTimestamp != null) { + data.tlaProperties = { expiration: expirationTimestamp }; + } + return data; } async function resolveFolderShareTargets( - auth: Auth, - storage: InMemoryStorage, - folderUid: string, - recipients: string[], - currentUsername: string + auth: Auth, + storage: InMemoryStorage, + folderUid: string, + recipients: string[], + currentUsername: string, ): Promise { - const targets: NsfResolvedShareRecipient[] = [] - const seen = new Set() - - for (const raw of recipients) { - const trimmed = raw.trim() - if (!trimmed) continue - - if (trimmed === '@existing' || trimmed === '@current') { - for (const entry of collectExistingFolderShareTargets(storage, folderUid, currentUsername)) { - const key = `${entry.isTeam ? 'team' : 'user'}:${entry.recipient.toLowerCase()}` - if (seen.has(key)) continue - seen.add(key) - targets.push({ - recipient: entry.recipient, - isTeam: entry.isTeam, - accountUid: entry.accountUid ? normal64Bytes(entry.accountUid) : undefined, - }) - } - continue - } - - const classified = await resolveNsfShareRecipient(auth, trimmed) - if (!classified) continue - const key = `${classified.isTeam ? 'team' : 'user'}:${classified.recipient.toLowerCase()}` - if (seen.has(key)) continue - seen.add(key) - - if (!classified.isTeam) { - const userKeys = await loadUserShareKeysOrInvite(auth, classified.recipient, SHARE_ERROR) - targets.push({ - recipient: classified.recipient, - isTeam: false, - accountUid: userKeys.accountUid, - }) - } else { - targets.push(classified) - } - } + const targets: NsfResolvedShareRecipient[] = []; + const seen = new Set(); - return targets -} - -async function grantFolderAccess( - storage: InMemoryStorage, - auth: Auth, - folderUid: string, - target: NsfResolvedShareRecipient, - accessRoleType: Folder.AccessRoleType, - expirationTimestamp?: number -): Promise { - const accessType = target.isTeam ? Folder.AccessType.AT_TEAM : Folder.AccessType.AT_USER - const accessTypeUid = target.accountUid ? webSafe64FromBytes(target.accountUid) : target.recipient + for (const raw of recipients) { + const trimmed = raw.trim(); + if (!trimmed) continue; - const existing = await findFolderAccessEntryOrLive( + if (trimmed === "@existing" || trimmed === "@current") { + for (const entry of collectExistingFolderShareTargets( storage, - auth, folderUid, - accessTypeUid, - accessType - ) - if (existing && existing.accessRoleType === accessRoleType && expirationTimestamp == null) { - return { - folderUid, - recipient: target.recipient, - isTeam: target.isTeam, - success: true, - actionTaken: NsfFolderShareActionTaken.AlreadyHadAccess, - message: `Already has ${getNsfRecordPermissionRoleLabel(accessRoleType)} access`, - } + currentUsername, + )) { + const key = `${entry.isTeam ? "team" : "user"}:${entry.recipient.toLowerCase()}`; + if (seen.has(key)) continue; + seen.add(key); + targets.push({ + recipient: entry.recipient, + isTeam: entry.isTeam, + accountUid: entry.accountUid + ? normal64Bytes(entry.accountUid) + : undefined, + }); + } + continue; + } + + const classified = await resolveNsfShareRecipient(auth, trimmed); + if (!classified) continue; + const key = `${classified.isTeam ? "team" : "user"}:${classified.recipient.toLowerCase()}`; + if (seen.has(key)) continue; + seen.add(key); + + if (!classified.isTeam) { + const userKeys = await loadUserShareKeysOrInvite( + auth, + classified.recipient, + SHARE_ERROR, + ); + targets.push({ + recipient: classified.recipient, + isTeam: false, + accountUid: userKeys.accountUid, + }); + } else { + targets.push(classified); } + } - const request = - existing != null - ? buildFolderAccessUpdateData(folderUid, target, accessRoleType, expirationTimestamp) - : await buildFolderAccessGrantData( - auth, - storage, - folderUid, - target, - accessRoleType, - expirationTimestamp - ) - - const response = await auth.executeRest( - folderAccessUpdateMessage({ - [existing != null ? 'folderAccessUpdates' : 'folderAccessAdds']: [request], - }) - ) + return targets; +} - const parsed = parseFolderAccessResult( - response.folderAccessResults?.[0], - folderUid, - target.recipient - ) +async function grantFolderAccess( + storage: InMemoryStorage, + auth: Auth, + folderUid: string, + target: NsfResolvedShareRecipient, + accessRoleType: Folder.AccessRoleType, + expirationTimestamp?: number, +): Promise { + const accessType = target.isTeam + ? Folder.AccessType.AT_TEAM + : Folder.AccessType.AT_USER; + const accessTypeUid = target.accountUid + ? webSafe64FromBytes(target.accountUid) + : target.recipient; + + const existing = await findFolderAccessEntryOrLive( + storage, + auth, + folderUid, + accessTypeUid, + accessType, + ); + if ( + existing && + existing.accessRoleType === accessRoleType && + expirationTimestamp == null + ) { return { - folderUid, - recipient: target.recipient, - isTeam: target.isTeam, - success: parsed.success, - actionTaken: existing != null ? NsfFolderShareActionTaken.Updated : NsfFolderShareActionTaken.Granted, - message: parsed.message, - } + folderUid, + recipient: target.recipient, + isTeam: target.isTeam, + success: true, + actionTaken: NsfFolderShareActionTaken.AlreadyHadAccess, + message: `Already has ${getNsfRecordPermissionRoleLabel(accessRoleType)} access`, + }; + } + + const request = + existing != null + ? buildFolderAccessUpdateData( + folderUid, + target, + accessRoleType, + expirationTimestamp, + ) + : await buildFolderAccessGrantData( + auth, + storage, + folderUid, + target, + accessRoleType, + expirationTimestamp, + ); + + const response = await auth.executeRest( + folderAccessUpdateMessage({ + [existing != null ? "folderAccessUpdates" : "folderAccessAdds"]: [ + request, + ], + }), + ); + + const parsed = parseFolderAccessResult( + response.folderAccessResults?.[0], + folderUid, + target.recipient, + ); + return { + folderUid, + recipient: target.recipient, + isTeam: target.isTeam, + success: parsed.success, + actionTaken: + existing != null + ? NsfFolderShareActionTaken.Updated + : NsfFolderShareActionTaken.Granted, + message: parsed.message, + }; } async function removeFolderAccess( - auth: Auth, - folderUid: string, - target: NsfResolvedShareRecipient + auth: Auth, + folderUid: string, + target: NsfResolvedShareRecipient, ): Promise { - const accessType = target.isTeam ? Folder.AccessType.AT_TEAM : Folder.AccessType.AT_USER - const accountUid = - target.accountUid ?? - (target.isTeam - ? normal64Bytes(target.recipient) - : (await loadUserShareKeysOrInvite(auth, target.recipient, SHARE_ERROR)).accountUid) - - const response = await auth.executeRest( - folderAccessUpdateMessage({ - folderAccessRemoves: [buildFolderAccessRemoveData(folderUid, accountUid, accessType)], - }) - ) - - const parsed = parseFolderAccessResult( - response.folderAccessResults?.[0], - folderUid, - target.recipient - ) - return { - folderUid, - recipient: target.recipient, - isTeam: target.isTeam, - success: parsed.success, - actionTaken: NsfFolderShareActionTaken.Removed, - message: parsed.message, - } + const accessType = target.isTeam + ? Folder.AccessType.AT_TEAM + : Folder.AccessType.AT_USER; + const accountUid = + target.accountUid ?? + (target.isTeam + ? normal64Bytes(target.recipient) + : (await loadUserShareKeysOrInvite(auth, target.recipient, SHARE_ERROR)) + .accountUid); + + const response = await auth.executeRest( + folderAccessUpdateMessage({ + folderAccessRemoves: [ + buildFolderAccessRemoveData(folderUid, accountUid, accessType), + ], + }), + ); + + const parsed = parseFolderAccessResult( + response.folderAccessResults?.[0], + folderUid, + target.recipient, + ); + return { + folderUid, + recipient: target.recipient, + isTeam: target.isTeam, + success: parsed.success, + actionTaken: NsfFolderShareActionTaken.Removed, + message: parsed.message, + }; } export async function shareNestedShareFolder( - storage: InMemoryStorage, - auth: Auth, - input: ShareNestedShareFolderInput + storage: InMemoryStorage, + auth: Auth, + input: ShareNestedShareFolderInput, ): Promise { - const action = normalizeFolderAction(input.action) - const folders = input.folders.map((folder) => folder.trim()).filter(Boolean) - const recipients = input.recipients.map((recipient) => recipient.trim()).filter(Boolean) - - if (folders.length === 0) { - throw new KeeperSdkError('Folder path or UID is required.', SHARE_ERROR) - } - if (recipients.length === 0) { - throw new KeeperSdkError( - 'Recipient is required (email, team name/UID, or @existing).', - SHARE_ERROR - ) - } + const action = normalizeFolderAction(input.action); + const folders = input.folders.map((folder) => folder.trim()).filter(Boolean); + const recipients = input.recipients + .map((recipient) => recipient.trim()) + .filter(Boolean); + + if (folders.length === 0) { + throw new KeeperSdkError("Folder path or UID is required.", SHARE_ERROR); + } + if (recipients.length === 0) { + throw new KeeperSdkError( + "Recipient is required (email, team name/UID, or @existing).", + SHARE_ERROR, + ); + } + + const role = input.role?.trim() || NSFShareRoleName.Viewer; + const accessRoleType = + action === NsfFolderShareAction.Grant + ? resolveNsfRoleName(role) + : undefined; + + const expirationTimestamp = + action === NsfFolderShareAction.Grant + ? parseShareExpiration({ + expireAt: input.expireAt, + expireIn: input.expireIn, + expirationTimestamp: input.expirationTimestamp, + cmdName: NsfShareCommandName.FolderShare, + }) + : undefined; - const role = input.role?.trim() || NSFShareRoleName.Viewer - const accessRoleType = - action === NsfFolderShareAction.Grant ? resolveNsfRoleName(role) : undefined - - const expirationTimestamp = - action === NsfFolderShareAction.Grant - ? parseShareExpiration({ - expireAt: input.expireAt, - expireIn: input.expireIn, - expirationTimestamp: input.expirationTimestamp, - cmdName: NsfShareCommandName.FolderShare, - }) - : undefined - - const accountUid = requireAuthAccountUid(auth) - const results: NsfFolderShareResultItem[] = [] - - try { - for (const folderArg of folders) { - const folderUid = resolveNsfFolderIdentifier(storage, folderArg) - if (!folderUid) { - throw new KeeperSdkError(`No such folder: ${folderArg}`, ResultCodes.NSF_NOT_FOUND) - } - ensureNestedShareFolder(storage, folderUid, folderArg) - checkFolderSharePermission(storage, folderUid, auth.username, accountUid) - - const targets = await resolveFolderShareTargets( - auth, - storage, - folderUid, - recipients, - auth.username - ) - if (targets.length === 0) { - throw new KeeperSdkError( - `No share targets resolved for folder '${folderArg}'.`, - SHARE_ERROR - ) - } - - for (const target of targets) { - if (action === NsfFolderShareAction.Remove) { - results.push(await removeFolderAccess(auth, folderUid, target)) - } else { - results.push( - await grantFolderAccess( - storage, - auth, - folderUid, - target, - accessRoleType!, - expirationTimestamp - ) - ) - } - } - } + const accountUid = requireAuthAccountUid(auth); + const results: NsfFolderShareResultItem[] = []; - return { results } - } catch (err) { - if (err instanceof KeeperSdkError) throw err + try { + for (const folderArg of folders) { + const folderUid = resolveNsfFolderIdentifier(storage, folderArg); + if (!folderUid) { throw new KeeperSdkError( - `Failed to share nested share folder: ${extractErrorMessage(err)}`, - SHARE_ERROR - ) + `No such folder: ${folderArg}`, + ResultCodes.NSF_NOT_FOUND, + ); + } + ensureNestedShareFolder(storage, folderUid, folderArg); + checkFolderSharePermission(storage, folderUid, auth.username, accountUid); + + const targets = await resolveFolderShareTargets( + auth, + storage, + folderUid, + recipients, + auth.username, + ); + if (targets.length === 0) { + throw new KeeperSdkError( + `No share targets resolved for folder '${folderArg}'.`, + SHARE_ERROR, + ); + } + + for (const target of targets) { + if (action === NsfFolderShareAction.Remove) { + results.push(await removeFolderAccess(auth, folderUid, target)); + } else { + results.push( + await grantFolderAccess( + storage, + auth, + folderUid, + target, + accessRoleType!, + expirationTimestamp, + ), + ); + } + } } + + return { results }; + } catch (err) { + if (err instanceof KeeperSdkError) throw err; + throw new KeeperSdkError( + `Failed to share nested share folder: ${extractErrorMessage(err)}`, + SHARE_ERROR, + ); + } } function resolveRecordUids( - storage: InMemoryStorage, - recordArg: string, - recursive: boolean + storage: InMemoryStorage, + recordArg: string, + recursive: boolean, ): string[] { - const trimmed = recordArg.trim() - if (!trimmed) { - throw new KeeperSdkError('Record path or UID is required.', SHARE_ERROR) - } - - if (getKeeperDriveRecord(storage, trimmed)) { - ensureNestedShareRecord(storage, trimmed, trimmed) - return [trimmed] - } - - const recordUid = resolveNsfRecordIdentifier(storage, trimmed) - if (recordUid) { - ensureNestedShareRecord(storage, recordUid, trimmed) - return [recordUid] - } - - const folderUid = resolveNsfFolderIdentifier(storage, trimmed) - if (folderUid) { - ensureNestedShareFolder(storage, folderUid, trimmed) - const recordUids = collectNsfRecordUidsInFolder(storage, folderUid, recursive) - if (recordUids.size === 0) { - throw new KeeperSdkError('No records found in the specified folder.', ResultCodes.NSF_NOT_FOUND) - } - return [...recordUids] - } - - throw new KeeperSdkError(`Record or folder '${trimmed}' not found`, ResultCodes.NSF_NOT_FOUND) + const trimmed = recordArg.trim(); + if (!trimmed) { + throw new KeeperSdkError("Record path or UID is required.", SHARE_ERROR); + } + + if (getKeeperDriveRecord(storage, trimmed)) { + ensureNestedShareRecord(storage, trimmed, trimmed); + return [trimmed]; + } + + const recordUid = resolveNsfRecordIdentifier(storage, trimmed); + if (recordUid) { + ensureNestedShareRecord(storage, recordUid, trimmed); + return [recordUid]; + } + + const folderUid = resolveNsfFolderIdentifier(storage, trimmed); + if (folderUid) { + ensureNestedShareFolder(storage, folderUid, trimmed); + const recordUids = collectNsfRecordUidsInFolder( + storage, + folderUid, + recursive, + ); + if (recordUids.size === 0) { + throw new KeeperSdkError( + "No records found in the specified folder.", + ResultCodes.NSF_NOT_FOUND, + ); + } + return [...recordUids]; + } + + throw new KeeperSdkError( + `Record or folder '${trimmed}' not found`, + ResultCodes.NSF_NOT_FOUND, + ); } function isShareUpdateNoop( - existing: NsfDirectUserRecordShare, - accessRoleType: Folder.AccessRoleType, - expirationTimestamp?: number + existing: NsfDirectUserRecordShare, + accessRoleType: Folder.AccessRoleType, + expirationTimestamp?: number, ): boolean { - if (existing.accessRoleType !== accessRoleType) return false - return isShareExpirationNoop(existing.expiration, expirationTimestamp) + if (existing.accessRoleType !== accessRoleType) return false; + return isShareExpirationNoop(existing.expiration, expirationTimestamp); } async function requireRecordKey( - storage: InMemoryStorage, - auth: Auth, - recordUid: string + storage: InMemoryStorage, + auth: Auth, + recordUid: string, ): Promise { - const recordKey = await resolveRecordKeyBytes(storage, auth, recordUid) - if (!recordKey) { - throw new KeeperSdkError( - `Record key not available for ${recordUid}. Run sync() first.`, - ResultCodes.NSF_MISSING_KEY - ) - } - return recordKey + const recordKey = await resolveRecordKeyBytes(storage, auth, recordUid); + if (!recordKey) { + throw new KeeperSdkError( + `Record key not available for ${recordUid}. Run sync() first.`, + ResultCodes.NSF_MISSING_KEY, + ); + } + return recordKey; } async function transferRecordOwnership( - storage: InMemoryStorage, - auth: Auth, - recordUid: string, - email: string + storage: InMemoryStorage, + auth: Auth, + recordUid: string, + email: string, ): Promise { - const result = await transferNestedShareRecordOwnership(storage, auth, recordUid, email) - return { - recordUid, - email, - success: result.success, - actionTaken: NsfRecordShareActionTaken.Owner, - message: result.message, - } + const result = await transferNestedShareRecordOwnership( + storage, + auth, + recordUid, + email, + ); + return { + recordUid, + email, + success: result.success, + actionTaken: NsfRecordShareActionTaken.Owner, + message: result.message, + }; } async function resolveUserRecordShareForRevoke( - auth: Auth, - storage: InMemoryStorage, - recordUid: string, - email: string -): Promise<{ hasDirectShare: boolean; inherited: boolean; userKeys: Awaited> }> { - const userKeys = await loadUserShareKeys(auth, email) - const accountUidStr = webSafe64FromBytes(userKeys.accountUid) - const shareUsers = await loadShareUserMap(auth, storage) - - const storageEntry = findUserRecordShareEntry(storage, recordUid, email, accountUidStr, shareUsers) - if (storageEntry) { - return { - hasDirectShare: !storageEntry.inherited, - inherited: !!storageEntry.inherited, - userKeys, - } - } - - const { recordAccesses } = await fetchLiveRecordAccessesV3(auth, storage, [recordUid]) - const liveEntry = recordAccesses.find( - (access) => - access.recordUid === recordUid && - !access.owner && - (access.accessTypeUid === accountUidStr || - access.accessorName.toLowerCase() === email.toLowerCase()) - ) - if (!liveEntry) { - return { hasDirectShare: false, inherited: false, userKeys } - } + auth: Auth, + storage: InMemoryStorage, + recordUid: string, + email: string, +): Promise<{ + hasDirectShare: boolean; + inherited: boolean; + userKeys: Awaited>; +}> { + const userKeys = await loadUserShareKeys(auth, email); + const accountUidStr = webSafe64FromBytes(userKeys.accountUid); + const shareUsers = await loadShareUserMap(auth, storage); + + const storageEntry = findUserRecordShareEntry( + storage, + recordUid, + email, + accountUidStr, + shareUsers, + ); + if (storageEntry) { return { - hasDirectShare: !liveEntry.inherited, - inherited: !!liveEntry.inherited, - userKeys, - } + hasDirectShare: !storageEntry.inherited, + inherited: !!storageEntry.inherited, + userKeys, + }; + } + + const { recordAccesses } = await fetchLiveRecordAccessesV3(auth, storage, [ + recordUid, + ]); + const liveEntry = recordAccesses.find( + (access) => + access.recordUid === recordUid && + !access.owner && + (access.accessTypeUid === accountUidStr || + access.accessorName.toLowerCase() === email.toLowerCase()), + ); + if (!liveEntry) { + return { hasDirectShare: false, inherited: false, userKeys }; + } + return { + hasDirectShare: !liveEntry.inherited, + inherited: !!liveEntry.inherited, + userKeys, + }; } async function revokeRecordShare( - storage: InMemoryStorage, - auth: Auth, - recordUid: string, - email: string + storage: InMemoryStorage, + auth: Auth, + recordUid: string, + email: string, ): Promise { - const shareState = await resolveUserRecordShareForRevoke(auth, storage, recordUid, email) - if (!shareState.hasDirectShare && !shareState.inherited) { - return { - recordUid, - email, - success: true, - actionTaken: NsfRecordShareActionTaken.NoAccess, - message: 'User does not have access to this record', - } - } - if (shareState.inherited) { - return { - recordUid, - email, - success: true, - actionTaken: NsfRecordShareActionTaken.Skipped, - message: 'Access is inherited from a shared folder — revoke at the parent folder', - } - } - - const permission = buildNsfRevokePermissionFromKeys(recordUid, shareState.userKeys) - const response = await auth.executeRest( - recordsShareV3Message({ revokeSharingPermissions: [permission] }) - ) - const parsed = parseRecordSharingStatus(response.revokedSharingStatus?.[0]) + const shareState = await resolveUserRecordShareForRevoke( + auth, + storage, + recordUid, + email, + ); + if (!shareState.hasDirectShare && !shareState.inherited) { return { - recordUid, - email, - success: parsed.success, - actionTaken: NsfRecordShareActionTaken.Revoke, - message: parsed.message, - } + recordUid, + email, + success: true, + actionTaken: NsfRecordShareActionTaken.NoAccess, + message: "User does not have access to this record", + }; + } + if (shareState.inherited) { + return { + recordUid, + email, + success: true, + actionTaken: NsfRecordShareActionTaken.Skipped, + message: + "Access is inherited from a shared folder — revoke at the parent folder", + }; + } + + const permission = buildNsfRevokePermissionFromKeys( + recordUid, + shareState.userKeys, + ); + const response = await auth.executeRest( + recordsShareV3Message({ revokeSharingPermissions: [permission] }), + ); + const parsed = parseRecordSharingStatus(response.revokedSharingStatus?.[0]); + return { + recordUid, + email, + success: parsed.success, + actionTaken: NsfRecordShareActionTaken.Revoke, + message: parsed.message, + }; } async function grantRecordShare( - storage: InMemoryStorage, - auth: Auth, - recordUid: string, - email: string, - accessRoleType: Folder.AccessRoleType, - expirationTimestamp?: number + storage: InMemoryStorage, + auth: Auth, + recordUid: string, + email: string, + accessRoleType: Folder.AccessRoleType, + expirationTimestamp?: number, ): Promise { - const existing = findDirectUserRecordShare(storage, recordUid, email) - if (existing && isShareUpdateNoop(existing, accessRoleType, expirationTimestamp)) { - return { - recordUid, - email, - success: true, - actionTaken: NsfRecordShareActionTaken.Update, - message: 'Already has requested access', - } - } - - if (existing && expirationTimestamp != null && expirationTimestamp > 0) { - const revokeResult = await revokeRecordShare(storage, auth, recordUid, email) - if (!revokeResult.success) { - return { ...revokeResult, actionTaken: NsfRecordShareActionTaken.Update } - } - const recordKey = await requireRecordKey(storage, auth, recordUid) - const permission = await buildNsfRecordSharePermission( - auth, - recordUid, - recordKey, - email, - accessRoleType, - expirationTimestamp, - SHARE_ERROR - ) - const response = await auth.executeRest( - recordsShareV3Message({ createSharingPermissions: [permission] }) - ) - const parsed = parseRecordSharingStatus(response.createdSharingStatus?.[0]) - return { - recordUid, - email, - success: parsed.success, - actionTaken: NsfRecordShareActionTaken.Grant, - message: parsed.message, - } - } - - const recordKey = await requireRecordKey(storage, auth, recordUid) + const existing = findDirectUserRecordShare(storage, recordUid, email); + if ( + existing && + isShareUpdateNoop(existing, accessRoleType, expirationTimestamp) + ) { + return { + recordUid, + email, + success: true, + actionTaken: NsfRecordShareActionTaken.Update, + message: "Already has requested access", + }; + } + + if (existing && expirationTimestamp != null && expirationTimestamp > 0) { + const revokeResult = await revokeRecordShare( + storage, + auth, + recordUid, + email, + ); + if (!revokeResult.success) { + return { ...revokeResult, actionTaken: NsfRecordShareActionTaken.Update }; + } + const recordKey = await requireRecordKey(storage, auth, recordUid); const permission = await buildNsfRecordSharePermission( - auth, - recordUid, - recordKey, - email, - accessRoleType, - expirationTimestamp, - SHARE_ERROR - ) - - const field = existing ? 'updateSharingPermissions' : 'createSharingPermissions' - const response = await auth.executeRest(recordsShareV3Message({ [field]: [permission] })) - const statusField = existing ? 'updatedSharingStatus' : 'createdSharingStatus' - const parsed = parseRecordSharingStatus(response[statusField]?.[0]) - + auth, + recordUid, + recordKey, + email, + accessRoleType, + expirationTimestamp, + SHARE_ERROR, + ); + const response = await auth.executeRest( + recordsShareV3Message({ createSharingPermissions: [permission] }), + ); + const parsed = parseRecordSharingStatus(response.createdSharingStatus?.[0]); return { - recordUid, - email, - success: parsed.success, - actionTaken: existing ? NsfRecordShareActionTaken.Update : NsfRecordShareActionTaken.Grant, - message: parsed.message, - } + recordUid, + email, + success: parsed.success, + actionTaken: NsfRecordShareActionTaken.Grant, + message: parsed.message, + }; + } + + const recordKey = await requireRecordKey(storage, auth, recordUid); + const permission = await buildNsfRecordSharePermission( + auth, + recordUid, + recordKey, + email, + accessRoleType, + expirationTimestamp, + SHARE_ERROR, + ); + + const field = existing + ? "updateSharingPermissions" + : "createSharingPermissions"; + const response = await auth.executeRest( + recordsShareV3Message({ [field]: [permission] }), + ); + const statusField = existing + ? "updatedSharingStatus" + : "createdSharingStatus"; + const parsed = parseRecordSharingStatus(response[statusField]?.[0]); + + return { + recordUid, + email, + success: parsed.success, + actionTaken: existing + ? NsfRecordShareActionTaken.Update + : NsfRecordShareActionTaken.Grant, + message: parsed.message, + }; } function recordTitle(storage: InMemoryStorage, recordUid: string): string { - const recordEntry = getKeeperDriveRecord(storage, recordUid) - if (!recordEntry) return '' - return getRecordTitle(recordEntry).slice(0, 32) + const recordEntry = getKeeperDriveRecord(storage, recordUid); + if (!recordEntry) return ""; + return getRecordTitle(recordEntry).slice(0, 32); } -export function formatNsfRecordSharePlan(plan: NsfRecordSharePlanItem[], dryRun = false): string { - if (plan.length === 0) return 'No record share changes planned.' - const lines = ['Record share plan'] - for (const item of plan) { - let line = ` ${item.recordUid} ${item.title || '—'} ${item.email} ${item.action}${item.role ? ` ${item.role}` : ''}` - if (dryRun && item.expirationTimestamp != null) { - line += ` expires=${item.expirationTimestamp} ms` - } - lines.push(line) - } - return lines.join('\n') +export function formatNsfRecordSharePlan( + plan: NsfRecordSharePlanItem[], + dryRun = false, +): string { + if (plan.length === 0) return "No record share changes planned."; + const lines = ["Record share plan"]; + for (const item of plan) { + let line = ` ${item.recordUid} ${item.title || "—"} ${item.email} ${item.action}${item.role ? ` ${item.role}` : ""}`; + if (dryRun && item.expirationTimestamp != null) { + line += ` expires=${item.expirationTimestamp} ms`; + } + lines.push(line); + } + return lines.join("\n"); } -export function formatNsfRecordShareResults(results: NsfRecordShareResultItem[]): string { - if (results.length === 0) return '' - const lines: string[] = [] - for (const item of results) { - lines.push( - `${item.recordUid} ${item.email} ${item.actionTaken} ${item.success ? NsfResultStatus.Success : NsfResultStatus.Failed} ${item.message || ''}` - ) - } - return lines.join('\n') +export function formatNsfRecordShareResults( + results: NsfRecordShareResultItem[], +): string { + if (results.length === 0) return ""; + const lines: string[] = []; + for (const item of results) { + lines.push( + `${item.recordUid} ${item.email} ${item.actionTaken} ${item.success ? NsfResultStatus.Success : NsfResultStatus.Failed} ${item.message || ""}`, + ); + } + return lines.join("\n"); } -export function formatNsfFolderShareResults(results: NsfFolderShareResultItem[]): string { - if (results.length === 0) return '' - const lines: string[] = [] - for (const item of results) { - lines.push( - `${item.folderUid} ${item.recipient} ${item.actionTaken} ${item.success ? NsfResultStatus.Success : NsfResultStatus.Failed} ${item.message || ''}` - ) - } - return lines.join('\n') +export function formatNsfFolderShareResults( + results: NsfFolderShareResultItem[], +): string { + if (results.length === 0) return ""; + const lines: string[] = []; + for (const item of results) { + lines.push( + `${item.folderUid} ${item.recipient} ${item.actionTaken} ${item.success ? NsfResultStatus.Success : NsfResultStatus.Failed} ${item.message || ""}`, + ); + } + return lines.join("\n"); } export async function shareNestedShareRecord( - storage: InMemoryStorage, - auth: Auth, - input: ShareNestedShareRecordInput + storage: InMemoryStorage, + auth: Auth, + input: ShareNestedShareRecordInput, ): Promise { - const action = normalizeRecordAction(input.action) - const emails = input.emails.map((email) => email.trim()).filter(Boolean) - const dryRun = input.dryRun ?? false - - if (!input.record?.trim()) { - throw new KeeperSdkError('Record path or UID is required.', SHARE_ERROR) - } - if (emails.length === 0) { - throw new KeeperSdkError('Recipient email is required.', SHARE_ERROR) - } - if (action === NsfRecordShareAction.Owner && emails.length > 1) { - throw new KeeperSdkError( - 'Ownership can only be transferred to a single account.', - SHARE_ERROR - ) - } - if (action === NsfRecordShareAction.Grant && !input.role?.trim()) { - throw new KeeperSdkError('Role is required for grant action.', SHARE_ERROR) + const action = normalizeRecordAction(input.action); + const emails = input.emails.map((email) => email.trim()).filter(Boolean); + const dryRun = input.dryRun ?? false; + + if (!input.record?.trim()) { + throw new KeeperSdkError("Record path or UID is required.", SHARE_ERROR); + } + if (emails.length === 0) { + throw new KeeperSdkError("Recipient email is required.", SHARE_ERROR); + } + if (action === NsfRecordShareAction.Owner && emails.length > 1) { + throw new KeeperSdkError( + "Ownership can only be transferred to a single account.", + SHARE_ERROR, + ); + } + if (action === NsfRecordShareAction.Grant && !input.role?.trim()) { + throw new KeeperSdkError("Role is required for grant action.", SHARE_ERROR); + } + + const role = input.role?.trim() || NSFShareRoleName.Viewer; + const accessRoleType = + action === NsfRecordShareAction.Grant + ? resolveNsfRoleName(role) + : undefined; + + const expirationTimestamp = + action === NsfRecordShareAction.Grant + ? parseShareExpiration({ + expireAt: input.expireAt, + expireIn: input.expireIn, + expirationTimestamp: input.expirationTimestamp, + cmdName: NsfShareCommandName.RecordShare, + }) + : undefined; + + const recordUids = resolveRecordUids( + storage, + input.record, + input.recursive ?? false, + ); + const accountUid = requireAuthAccountUid(auth); + + for (const recordUid of recordUids) { + checkRecordSharePermission(storage, recordUid, auth.username, accountUid); + if (action === NsfRecordShareAction.Owner) { + checkRecordChangeOwnershipPermission( + storage, + recordUid, + auth.username, + accountUid, + ); } + } - const role = input.role?.trim() || NSFShareRoleName.Viewer - const accessRoleType = - action === NsfRecordShareAction.Grant ? resolveNsfRoleName(role) : undefined - - const expirationTimestamp = - action === NsfRecordShareAction.Grant - ? parseShareExpiration({ - expireAt: input.expireAt, - expireIn: input.expireIn, - expirationTimestamp: input.expirationTimestamp, - cmdName: NsfShareCommandName.RecordShare, - }) - : undefined - - const recordUids = resolveRecordUids(storage, input.record, input.recursive ?? false) - const accountUid = requireAuthAccountUid(auth) - + const plan: NsfRecordSharePlanItem[] = []; + for (const email of emails) { for (const recordUid of recordUids) { - checkRecordSharePermission(storage, recordUid, auth.username, accountUid) - if (action === NsfRecordShareAction.Owner) { - checkRecordChangeOwnershipPermission(storage, recordUid, auth.username, accountUid) - } + plan.push({ + recordUid, + title: recordTitle(storage, recordUid), + email, + action, + role: action === NsfRecordShareAction.Grant ? role : undefined, + expirationTimestamp, + }); } + } - const plan: NsfRecordSharePlanItem[] = [] - for (const email of emails) { - for (const recordUid of recordUids) { - plan.push({ - recordUid, - title: recordTitle(storage, recordUid), - email, - action, - role: action === NsfRecordShareAction.Grant ? role : undefined, - expirationTimestamp, - }) - } - } + if (dryRun) { + return { dryRun: true, plan, results: [] }; + } - if (dryRun) { - return { dryRun: true, plan, results: [] } - } + const results: NsfRecordShareResultItem[] = []; - const results: NsfRecordShareResultItem[] = [] - - try { - for (const email of emails) { - for (const recordUid of recordUids) { - if (action === NsfRecordShareAction.Owner) { - results.push(await transferRecordOwnership(storage, auth, recordUid, email)) - } else if (action === NsfRecordShareAction.Revoke) { - results.push(await revokeRecordShare(storage, auth, recordUid, email)) - } else { - results.push( - await grantRecordShare( - storage, - auth, - recordUid, - email, - accessRoleType!, - expirationTimestamp - ) - ) - } - } + try { + for (const email of emails) { + for (const recordUid of recordUids) { + if (action === NsfRecordShareAction.Owner) { + results.push( + await transferRecordOwnership(storage, auth, recordUid, email), + ); + } else if (action === NsfRecordShareAction.Revoke) { + results.push( + await revokeRecordShare(storage, auth, recordUid, email), + ); + } else { + results.push( + await grantRecordShare( + storage, + auth, + recordUid, + email, + accessRoleType!, + expirationTimestamp, + ), + ); } - - return { dryRun: false, plan, results } - } catch (err) { - if (err instanceof KeeperSdkError) throw err - throw new KeeperSdkError( - `Failed to share nested share record: ${extractErrorMessage(err)}`, - SHARE_ERROR - ) + } } + + return { dryRun: false, plan, results }; + } catch (err) { + if (err instanceof KeeperSdkError) throw err; + throw new KeeperSdkError( + `Failed to share nested share record: ${extractErrorMessage(err)}`, + SHARE_ERROR, + ); + } } diff --git a/KeeperSdk/src/nestedShareFolders/nsfShareKeys.ts b/KeeperSdk/src/nestedShareFolders/nsfShareKeys.ts index 40fa0fa7..70249d99 100644 --- a/KeeperSdk/src/nestedShareFolders/nsfShareKeys.ts +++ b/KeeperSdk/src/nestedShareFolders/nsfShareKeys.ts @@ -1,242 +1,270 @@ -import type { Auth, Authentication } from '@keeper-security/keeperapi' +import type { Auth, Authentication } from "@keeper-security/keeperapi"; import { - Folder, - common, - getPublicKeysMessage, - normal64Bytes, - platform, - record, - sendShareInviteMessage, - webSafe64FromBytes, -} from '@keeper-security/keeperapi' -import { extractErrorMessage, KeeperSdkError } from '../utils' - -const MISSING_PUBLIC_KEY = 'missing_public_key' + Folder, + common, + getPublicKeysMessage, + normal64Bytes, + platform, + record, + sendShareInviteMessage, + webSafe64FromBytes, +} from "@keeper-security/keeperapi"; +import { extractErrorMessage, KeeperSdkError } from "../utils"; + +const MISSING_PUBLIC_KEY = "missing_public_key"; export type UserShareKeys = { - username: string - accountUid: Uint8Array - rsaPublicKey: Uint8Array | null - eccPublicKey: Uint8Array | null -} + username: string; + accountUid: Uint8Array; + rsaPublicKey: Uint8Array | null; + eccPublicKey: Uint8Array | null; +}; function mapUserShareKeysEntry( - email: string, - entry: NonNullable[number] + email: string, + entry: NonNullable< + Authentication.IGetPublicKeysResponse["keyResponses"] + >[number], ): UserShareKeys | null { - if (!entry || entry.errorCode || !entry.accountUid?.length) return null - return { - username: entry.username || email, - accountUid: entry.accountUid as Uint8Array, - rsaPublicKey: entry.publicKey?.length ? (entry.publicKey as Uint8Array) : null, - eccPublicKey: entry.publicEccKey?.length ? (entry.publicEccKey as Uint8Array) : null, - } + if (!entry || entry.errorCode || !entry.accountUid?.length) return null; + return { + username: entry.username || email, + accountUid: entry.accountUid as Uint8Array, + rsaPublicKey: entry.publicKey?.length + ? (entry.publicKey as Uint8Array) + : null, + eccPublicKey: entry.publicEccKey?.length + ? (entry.publicEccKey as Uint8Array) + : null, + }; } function dedupeNsfShareEmails(emails: string[]): string[] { - const seen = new Set() - const deduped: string[] = [] - for (const rawEmail of emails) { - const normalized = rawEmail.trim().toLowerCase() - if (!normalized || seen.has(normalized)) continue - seen.add(normalized) - deduped.push(normalized) - } - return deduped + const seen = new Set(); + const deduped: string[] = []; + for (const rawEmail of emails) { + const normalized = rawEmail.trim().toLowerCase(); + if (!normalized || seen.has(normalized)) continue; + seen.add(normalized); + deduped.push(normalized); + } + return deduped; } -async function fetchUserShareKeys(auth: Auth, email: string): Promise { - const response = await auth.executeRest(getPublicKeysMessage({ usernames: [email] })) - const entry = response.keyResponses?.[0] - if (!entry) return null - return mapUserShareKeysEntry(email, entry) +async function fetchUserShareKeys( + auth: Auth, + email: string, +): Promise { + const response = await auth.executeRest( + getPublicKeysMessage({ usernames: [email] }), + ); + const entry = response.keyResponses?.[0]; + if (!entry) return null; + return mapUserShareKeysEntry(email, entry); } -export async function loadUserShareKeys(auth: Auth, email: string): Promise { - const keys = await fetchUserShareKeys(auth, email) - if (!keys?.accountUid?.length) { - throw new KeeperSdkError(`User ${email} not found`, MISSING_PUBLIC_KEY) - } - return keys +export async function loadUserShareKeys( + auth: Auth, + email: string, +): Promise { + const keys = await fetchUserShareKeys(auth, email); + if (!keys?.accountUid?.length) { + throw new KeeperSdkError(`User ${email} not found`, MISSING_PUBLIC_KEY); + } + return keys; } export async function loadUserShareKeysOrInvite( - auth: Auth, - email: string, - errorCode: string = MISSING_PUBLIC_KEY + auth: Auth, + email: string, + errorCode: string = MISSING_PUBLIC_KEY, ): Promise { - let keys = await fetchUserShareKeys(auth, email) - if (!keys?.accountUid?.length) { - try { - await auth.executeRestAction(sendShareInviteMessage({ email })) - } catch (err) { - throw new KeeperSdkError( - `Failed to invite ${email}: ${extractErrorMessage(err)}`, - errorCode - ) - } - keys = await fetchUserShareKeys(auth, email) + let keys = await fetchUserShareKeys(auth, email); + if (!keys?.accountUid?.length) { + try { + await auth.executeRestAction(sendShareInviteMessage({ email })); + } catch (err) { + throw new KeeperSdkError( + `Failed to invite ${email}: ${extractErrorMessage(err)}`, + errorCode, + ); } - if (!keys?.accountUid?.length) { - throw new KeeperSdkError(`User ${email} not found`, errorCode) - } - if (!keys.rsaPublicKey?.length && !keys.eccPublicKey?.length) { - throw new KeeperSdkError(`No usable public key available for ${email}`, errorCode) - } - return keys + keys = await fetchUserShareKeys(auth, email); + } + if (!keys?.accountUid?.length) { + throw new KeeperSdkError(`User ${email} not found`, errorCode); + } + if (!keys.rsaPublicKey?.length && !keys.eccPublicKey?.length) { + throw new KeeperSdkError( + `No usable public key available for ${email}`, + errorCode, + ); + } + return keys; } export async function loadNsfUserShareKeysMap( - auth: Auth, - emails: string[] + auth: Auth, + emails: string[], ): Promise> { - const deduped = dedupeNsfShareEmails(emails) - const keysByEmail = new Map() - if (deduped.length === 0) return keysByEmail - - const response = await auth.executeRest(getPublicKeysMessage({ usernames: deduped })) - for (const entry of response.keyResponses ?? []) { - const email = (entry.username || '').trim().toLowerCase() - if (!email) continue - const keys = mapUserShareKeysEntry(email, entry) - if (keys) keysByEmail.set(email, keys) - } - return keysByEmail + const deduped = dedupeNsfShareEmails(emails); + const keysByEmail = new Map(); + if (deduped.length === 0) return keysByEmail; + + const response = await auth.executeRest( + getPublicKeysMessage({ usernames: deduped }), + ); + for (const entry of response.keyResponses ?? []) { + const email = (entry.username || "").trim().toLowerCase(); + if (!email) continue; + const keys = mapUserShareKeysEntry(email, entry); + if (keys) keysByEmail.set(email, keys); + } + return keysByEmail; } export async function preloadNsfUserShareKeys( - auth: Auth, - emails: string[], - inviteMissing: boolean, - errorCode: string + auth: Auth, + emails: string[], + inviteMissing: boolean, + errorCode: string, ): Promise> { - const keysByEmail = await loadNsfUserShareKeysMap(auth, emails) - if (!inviteMissing) return keysByEmail - - const uniqueEmails = dedupeNsfShareEmails(emails) - for (const emailKey of uniqueEmails) { - let userKeys = keysByEmail.get(emailKey) - if (!userKeys || (!userKeys.rsaPublicKey?.length && !userKeys.eccPublicKey?.length)) { - userKeys = await loadUserShareKeysOrInvite(auth, emailKey, errorCode) - keysByEmail.set(emailKey, userKeys) - } + const keysByEmail = await loadNsfUserShareKeysMap(auth, emails); + if (!inviteMissing) return keysByEmail; + + const uniqueEmails = dedupeNsfShareEmails(emails); + for (const emailKey of uniqueEmails) { + let userKeys = keysByEmail.get(emailKey); + if ( + !userKeys || + (!userKeys.rsaPublicKey?.length && !userKeys.eccPublicKey?.length) + ) { + userKeys = await loadUserShareKeysOrInvite(auth, emailKey, errorCode); + keysByEmail.set(emailKey, userKeys); } - return keysByEmail + } + return keysByEmail; } export async function encryptKeyForRecipient( - key: Uint8Array, - userKeys: UserShareKeys + key: Uint8Array, + userKeys: UserShareKeys, ): Promise<{ encryptedKey: Uint8Array; useEccKey: boolean }> { - if (userKeys.eccPublicKey?.length) { - return { - encryptedKey: await platform.publicEncryptEC(key, userKeys.eccPublicKey), - useEccKey: true, - } - } - if (userKeys.rsaPublicKey?.length) { - const rsaKeyBase64 = platform.bytesToBase64(userKeys.rsaPublicKey) - return { - encryptedKey: platform.publicEncrypt(key, rsaKeyBase64), - useEccKey: false, - } - } - throw new KeeperSdkError( - `No usable public key available for ${userKeys.username}`, - MISSING_PUBLIC_KEY - ) + if (userKeys.eccPublicKey?.length) { + return { + encryptedKey: await platform.publicEncryptEC(key, userKeys.eccPublicKey), + useEccKey: true, + }; + } + if (userKeys.rsaPublicKey?.length) { + const rsaKeyBase64 = platform.bytesToBase64(userKeys.rsaPublicKey); + return { + encryptedKey: platform.publicEncrypt(key, rsaKeyBase64), + useEccKey: false, + }; + } + throw new KeeperSdkError( + `No usable public key available for ${userKeys.username}`, + MISSING_PUBLIC_KEY, + ); } export function parseRecordSharingStatus( - status: record.v3.sharing.IStatus | null | undefined + status: record.v3.sharing.IStatus | null | undefined, ): { recordUid: string; success: boolean; message: string } { - if (!status?.recordUid?.length) { - return { recordUid: '', success: false, message: 'No status returned' } - } - const recordUid = webSafe64FromBytes(status.recordUid) - const sharingStatus = status.status ?? record.v3.sharing.SharingStatus.SUCCESS - const statusName = record.v3.sharing.SharingStatus[sharingStatus] ?? String(sharingStatus) - const success = - sharingStatus === record.v3.sharing.SharingStatus.SUCCESS || - sharingStatus === record.v3.sharing.SharingStatus.PENDING_ACCEPT - return { recordUid, success, message: status.message || statusName } + if (!status?.recordUid?.length) { + return { recordUid: "", success: false, message: "No status returned" }; + } + const recordUid = webSafe64FromBytes(status.recordUid); + const sharingStatus = + status.status ?? record.v3.sharing.SharingStatus.SUCCESS; + const statusName = + record.v3.sharing.SharingStatus[sharingStatus] ?? String(sharingStatus); + const success = + sharingStatus === record.v3.sharing.SharingStatus.SUCCESS || + sharingStatus === record.v3.sharing.SharingStatus.PENDING_ACCEPT; + return { recordUid, success, message: status.message || statusName }; } export async function buildNsfSharePermissionFromKeys( - recordUid: string, - recordKey: Uint8Array, - accessRoleType: Folder.AccessRoleType, - userKeys: UserShareKeys, - expirationTimestamp?: number + recordUid: string, + recordKey: Uint8Array, + accessRoleType: Folder.AccessRoleType, + userKeys: UserShareKeys, + expirationTimestamp?: number, ): Promise { - const { encryptedKey, useEccKey } = await encryptKeyForRecipient(recordKey, userKeys) - const recordUidBytes = normal64Bytes(recordUid) - const rules: Folder.IRecordAccessData = { - accessTypeUid: userKeys.accountUid, - accessType: Folder.AccessType.AT_USER, - recordUid: recordUidBytes, - owner: false, - accessRoleType, - } - if (expirationTimestamp != null) { - rules.tlaProperties = { expiration: expirationTimestamp } - if (expirationTimestamp > 0) { - rules.tlaProperties.timerNotificationType = common.tla.TimerNotificationType.NOTIFY_OWNER - } - } - return { - recipientUid: userKeys.accountUid, - recordUid: recordUidBytes, - recordKey: encryptedKey, - useEccKey, - rules, + const { encryptedKey, useEccKey } = await encryptKeyForRecipient( + recordKey, + userKeys, + ); + const recordUidBytes = normal64Bytes(recordUid); + const rules: Folder.IRecordAccessData = { + accessTypeUid: userKeys.accountUid, + accessType: Folder.AccessType.AT_USER, + recordUid: recordUidBytes, + owner: false, + accessRoleType, + }; + if (expirationTimestamp != null) { + rules.tlaProperties = { expiration: expirationTimestamp }; + if (expirationTimestamp > 0) { + rules.tlaProperties.timerNotificationType = + common.tla.TimerNotificationType.NOTIFY_OWNER; } + } + return { + recipientUid: userKeys.accountUid, + recordUid: recordUidBytes, + recordKey: encryptedKey, + useEccKey, + rules, + }; } export function buildNsfRevokePermissionFromKeys( - recordUid: string, - userKeys: UserShareKeys + recordUid: string, + userKeys: UserShareKeys, ): record.v3.sharing.IPermissions { - const recordUidBytes = normal64Bytes(recordUid) - return { - recipientUid: userKeys.accountUid, - recordUid: recordUidBytes, - rules: { - accessTypeUid: userKeys.accountUid, - accessType: Folder.AccessType.AT_USER, - recordUid: recordUidBytes, - }, - } + const recordUidBytes = normal64Bytes(recordUid); + return { + recipientUid: userKeys.accountUid, + recordUid: recordUidBytes, + rules: { + accessTypeUid: userKeys.accountUid, + accessType: Folder.AccessType.AT_USER, + recordUid: recordUidBytes, + }, + }; } export async function buildNsfRecordSharePermission( - auth: Auth, - recordUid: string, - recordKey: Uint8Array, - email: string, - accessRoleType: Folder.AccessRoleType, - expirationTimestamp?: number, - errorCode: string = MISSING_PUBLIC_KEY + auth: Auth, + recordUid: string, + recordKey: Uint8Array, + email: string, + accessRoleType: Folder.AccessRoleType, + expirationTimestamp?: number, + errorCode: string = MISSING_PUBLIC_KEY, ): Promise { - const userKeys = await loadUserShareKeysOrInvite(auth, email, errorCode) - return buildNsfSharePermissionFromKeys( - recordUid, - recordKey, - accessRoleType, - userKeys, - expirationTimestamp - ) + const userKeys = await loadUserShareKeysOrInvite(auth, email, errorCode); + return buildNsfSharePermissionFromKeys( + recordUid, + recordKey, + accessRoleType, + userKeys, + expirationTimestamp, + ); } export async function buildNsfRecordRevokePermission( - auth: Auth, - recordUid: string, - email: string, - errorCode: string = MISSING_PUBLIC_KEY + auth: Auth, + recordUid: string, + email: string, + errorCode: string = MISSING_PUBLIC_KEY, ): Promise { - const userKeys = await loadUserShareKeys(auth, email) - if (!userKeys.accountUid?.length) { - throw new KeeperSdkError(`User ${email} not found`, errorCode) - } - return buildNsfRevokePermissionFromKeys(recordUid, userKeys) + const userKeys = await loadUserShareKeys(auth, email); + if (!userKeys.accountUid?.length) { + throw new KeeperSdkError(`User ${email} not found`, errorCode); + } + return buildNsfRevokePermissionFromKeys(recordUid, userKeys); } diff --git a/KeeperSdk/src/nestedShareFolders/nsfShortcut.ts b/KeeperSdk/src/nestedShareFolders/nsfShortcut.ts index c285a6d9..8e763443 100644 --- a/KeeperSdk/src/nestedShareFolders/nsfShortcut.ts +++ b/KeeperSdk/src/nestedShareFolders/nsfShortcut.ts @@ -1,354 +1,426 @@ -import type { Auth } from '@keeper-security/keeperapi' -import { Folder, folderRecordUpdateMessage, normal64Bytes, webSafe64FromBytes } from '@keeper-security/keeperapi' -import type { InMemoryStorage } from '../storage/InMemoryStorage' -import { getRecordTitle } from '../records/RecordUtils' -import { KeeperSdkError, ResultCodes, extractErrorMessage } from '../utils' -import { ListNsfFormat, type ListNsfFormatInput } from './nsfTypes' +import type { Auth } from "@keeper-security/keeperapi"; import { - KeeperDriveKind, - checkFolderRemovePermission, - ensureNestedShareRecord, - getKeeperDriveRecord, - getFolderDisplayName, - isNestedShareFolder, - isRootFolderUid, - requireAuthAccountUid, - resolveNsfFolderIdentifier, - resolveNsfRecordIdentifier, -} from './nsfHelpers' -import type { DKdFolderRecord } from '@keeper-security/keeperapi' + Folder, + folderRecordUpdateMessage, + normal64Bytes, + webSafe64FromBytes, +} from "@keeper-security/keeperapi"; +import type { InMemoryStorage } from "../storage/InMemoryStorage"; +import { getRecordTitle } from "../records/RecordUtils"; +import { KeeperSdkError, ResultCodes, extractErrorMessage } from "../utils"; +import { ListNsfFormat, type ListNsfFormatInput } from "./nsfTypes"; +import { + KeeperDriveKind, + checkFolderRemovePermission, + ensureNestedShareRecord, + getKeeperDriveRecord, + getFolderDisplayName, + isNestedShareFolder, + isRootFolderUid, + requireAuthAccountUid, + resolveNsfFolderIdentifier, + resolveNsfRecordIdentifier, +} from "./nsfHelpers"; +import type { DKdFolderRecord } from "@keeper-security/keeperapi"; import type { - KeepNsfShortcutInput, - KeepNsfShortcutPlanItem, - KeepNsfShortcutResult, - KeepNsfShortcutResultItem, - ListNsfShortcutsOptions, - NsfShortcutRow, -} from './nsfTypes' - -const SHORTCUT_ERROR = ResultCodes.NSF_SHORTCUT_FAILED -const ROOT_FOLDER_LABEL = 'root' - -function isShortcutFolder(storage: InMemoryStorage, folderUid: string): boolean { - return isRootFolderUid(storage, folderUid) || isNestedShareFolder(storage, folderUid) + KeepNsfShortcutInput, + KeepNsfShortcutPlanItem, + KeepNsfShortcutResult, + KeepNsfShortcutResultItem, + ListNsfShortcutsOptions, + NsfShortcutRow, +} from "./nsfTypes"; + +const SHORTCUT_ERROR = ResultCodes.NSF_SHORTCUT_FAILED; +const ROOT_FOLDER_LABEL = "root"; + +function isShortcutFolder( + storage: InMemoryStorage, + folderUid: string, +): boolean { + return ( + isRootFolderUid(storage, folderUid) || + isNestedShareFolder(storage, folderUid) + ); } -function formatFolderLabel(storage: InMemoryStorage, folderUid: string): string { - if (isRootFolderUid(storage, folderUid)) { - return `root (${ROOT_FOLDER_LABEL})` - } - const name = getFolderDisplayName(storage, folderUid) - return `${name} (${folderUid})` +function formatFolderLabel( + storage: InMemoryStorage, + folderUid: string, +): string { + if (isRootFolderUid(storage, folderUid)) { + return `root (${ROOT_FOLDER_LABEL})`; + } + const name = getFolderDisplayName(storage, folderUid); + return `${name} (${folderUid})`; } -export function getNsfRecordShortcuts(storage: InMemoryStorage): Map> { - const records = new Map>() - - for (const entry of storage.getAll(KeeperDriveKind.FolderRecord)) { - const folderUid = entry.folderUid - if (!isShortcutFolder(storage, folderUid)) continue - if (!entry.recordUid) continue - - const folderSet = records.get(entry.recordUid) ?? new Set() - folderSet.add(folderUid) - records.set(entry.recordUid, folderSet) - } - - return new Map([...records.entries()].filter(([, folders]) => folders.size > 1)) +export function getNsfRecordShortcuts( + storage: InMemoryStorage, +): Map> { + const records = new Map>(); + + for (const entry of storage.getAll( + KeeperDriveKind.FolderRecord, + )) { + const folderUid = entry.folderUid; + if (!isShortcutFolder(storage, folderUid)) continue; + if (!entry.recordUid) continue; + + const folderSet = records.get(entry.recordUid) ?? new Set(); + folderSet.add(folderUid); + records.set(entry.recordUid, folderSet); + } + + return new Map( + [...records.entries()].filter(([, folders]) => folders.size > 1), + ); } function recordTitle(storage: InMemoryStorage, recordUid: string): string { - const record = getKeeperDriveRecord(storage, recordUid) - if (!record) return '' - return getRecordTitle(record).slice(0, 32) + const record = getKeeperDriveRecord(storage, recordUid); + if (!record) return ""; + return getRecordTitle(record).slice(0, 32); } function resolveShortcutRecordUids( - storage: InMemoryStorage, - target: string, - shortcuts: Map> + storage: InMemoryStorage, + target: string, + shortcuts: Map>, ): Set { - const trimmed = target.trim() - if (!trimmed) return new Set() - - const byUid = shortcuts.get(trimmed) - if (byUid) return new Set([trimmed]) - - const recordUid = resolveNsfRecordIdentifier(storage, trimmed) - if (recordUid && shortcuts.has(recordUid)) { - return new Set([recordUid]) - } - - const lower = trimmed.toLowerCase() - const titleMatches = [...shortcuts.keys()].filter((uid) => { - const title = recordTitle(storage, uid) - return title.toLowerCase() === lower - }) - if (titleMatches.length === 1) return new Set(titleMatches) - if (titleMatches.length > 1) { - throw new KeeperSdkError( - `Multiple records matched "${trimmed}". Use a UID instead.`, - ResultCodes.MULTIPLE_NSF_MATCHES - ) - } - - const folderUid = resolveNsfFolderIdentifier(storage, trimmed) - if (folderUid) { - const matches = [...shortcuts.entries()] - .filter(([, folders]) => folders.has(folderUid)) - .map(([recordUid]) => recordUid) - return new Set(matches) - } - - if (recordUid) { - throw new KeeperSdkError( - `Record '${trimmed}' is not linked to multiple folders.`, - SHORTCUT_ERROR - ) - } - - throw new KeeperSdkError(`Target '${trimmed}' not found`, ResultCodes.NSF_NOT_FOUND) + const trimmed = target.trim(); + if (!trimmed) return new Set(); + + const byUid = shortcuts.get(trimmed); + if (byUid) return new Set([trimmed]); + + const recordUid = resolveNsfRecordIdentifier(storage, trimmed); + if (recordUid && shortcuts.has(recordUid)) { + return new Set([recordUid]); + } + + const lower = trimmed.toLowerCase(); + const titleMatches = [...shortcuts.keys()].filter((uid) => { + const title = recordTitle(storage, uid); + return title.toLowerCase() === lower; + }); + if (titleMatches.length === 1) return new Set(titleMatches); + if (titleMatches.length > 1) { + throw new KeeperSdkError( + `Multiple records matched "${trimmed}". Use a UID instead.`, + ResultCodes.MULTIPLE_NSF_MATCHES, + ); + } + + const folderUid = resolveNsfFolderIdentifier(storage, trimmed); + if (folderUid) { + const matches = [...shortcuts.entries()] + .filter(([, folders]) => folders.has(folderUid)) + .map(([recordUid]) => recordUid); + return new Set(matches); + } + + if (recordUid) { + throw new KeeperSdkError( + `Record '${trimmed}' is not linked to multiple folders.`, + SHORTCUT_ERROR, + ); + } + + throw new KeeperSdkError( + `Target '${trimmed}' not found`, + ResultCodes.NSF_NOT_FOUND, + ); } function collectShortcutRows( - storage: InMemoryStorage, - shortcuts: Map>, - target?: string + storage: InMemoryStorage, + shortcuts: Map>, + target?: string, ): NsfShortcutRow[] { - const recordUids = target?.trim() - ? resolveShortcutRecordUids(storage, target, shortcuts) - : new Set(shortcuts.keys()) - - return [...recordUids] - .sort((a, b) => recordTitle(storage, a).localeCompare(recordTitle(storage, b))) - .map((recordUid) => ({ - recordUid, - title: recordTitle(storage, recordUid), - folders: [...(shortcuts.get(recordUid) ?? [])] - .sort((a, b) => - formatFolderLabel(storage, a).localeCompare(formatFolderLabel(storage, b)) - ) - .map((folderUid) => formatFolderLabel(storage, folderUid)), - })) + const recordUids = target?.trim() + ? resolveShortcutRecordUids(storage, target, shortcuts) + : new Set(shortcuts.keys()); + + return [...recordUids] + .sort((a, b) => + recordTitle(storage, a).localeCompare(recordTitle(storage, b)), + ) + .map((recordUid) => ({ + recordUid, + title: recordTitle(storage, recordUid), + folders: [...(shortcuts.get(recordUid) ?? [])] + .sort((a, b) => + formatFolderLabel(storage, a).localeCompare( + formatFolderLabel(storage, b), + ), + ) + .map((folderUid) => formatFolderLabel(storage, folderUid)), + })); } function escapeCsvCell(value: string): string { - if (/[",\n\r]/.test(value)) return `"${value.replace(/"/g, '""')}"` - return value + if (/[",\n\r]/.test(value)) return `"${value.replace(/"/g, '""')}"`; + return value; } export function formatNsfShortcutTable(rows: NsfShortcutRow[]): string { - if (rows.length === 0) return 'No multi-folder records found.' - const headers = ['Record UID', 'Title', 'Folders'] - const tableRows = rows.map((row) => [row.recordUid, row.title, row.folders.join('; ')]) - const columnWidths = headers.map((header, index) => - Math.max(header.length, ...tableRows.map((cells) => (cells[index] || '').length)) - ) - const pad = (cell: string, index: number) => cell + ' '.repeat(columnWidths[index] - cell.length) - const formatRow = (cells: string[]) => cells.map((cell, index) => pad(cell, index)).join(' ') - const rule = columnWidths.map((width, index) => pad('-'.repeat(width), index)).join(' ') - return [formatRow(headers), rule, ...tableRows.map(formatRow)].join('\n') + if (rows.length === 0) return "No multi-folder records found."; + const headers = ["Record UID", "Title", "Folders"]; + const tableRows = rows.map((row) => [ + row.recordUid, + row.title, + row.folders.join("; "), + ]); + const columnWidths = headers.map((header, index) => + Math.max( + header.length, + ...tableRows.map((cells) => (cells[index] || "").length), + ), + ); + const pad = (cell: string, index: number) => + cell + " ".repeat(columnWidths[index] - cell.length); + const formatRow = (cells: string[]) => + cells.map((cell, index) => pad(cell, index)).join(" "); + const rule = columnWidths + .map((width, index) => pad("-".repeat(width), index)) + .join(" "); + return [formatRow(headers), rule, ...tableRows.map(formatRow)].join("\n"); } export function formatNsfShortcutCsv(rows: NsfShortcutRow[]): string { - const lines = ['record_uid,title,folders'] - for (const row of rows) { - lines.push( - [row.recordUid, row.title, row.folders.join('; ')] - .map(escapeCsvCell) - .join(',') - ) - } - return lines.join('\n') + const lines = ["record_uid,title,folders"]; + for (const row of rows) { + lines.push( + [row.recordUid, row.title, row.folders.join("; ")] + .map(escapeCsvCell) + .join(","), + ); + } + return lines.join("\n"); } export function formatNsfShortcutJson(rows: NsfShortcutRow[]): string { - return JSON.stringify( - rows.map((row) => ({ - record_uid: row.recordUid, - title: row.title, - folders: row.folders, - })), - null, - 2 - ) + return JSON.stringify( + rows.map((row) => ({ + record_uid: row.recordUid, + title: row.title, + folders: row.folders, + })), + null, + 2, + ); } export function formatNsfShortcutOutput( - rows: NsfShortcutRow[], - format: ListNsfFormatInput = ListNsfFormat.Table + rows: NsfShortcutRow[], + format: ListNsfFormatInput = ListNsfFormat.Table, ): string { - const value = format as ListNsfFormat - if (value === ListNsfFormat.JSON) return formatNsfShortcutJson(rows) - if (value === ListNsfFormat.CSV) return formatNsfShortcutCsv(rows) - return formatNsfShortcutTable(rows) + const value = format as ListNsfFormat; + if (value === ListNsfFormat.JSON) return formatNsfShortcutJson(rows); + if (value === ListNsfFormat.CSV) return formatNsfShortcutCsv(rows); + return formatNsfShortcutTable(rows); } export function listNsfShortcuts( - storage: InMemoryStorage, - options: ListNsfShortcutsOptions = {} + storage: InMemoryStorage, + options: ListNsfShortcutsOptions = {}, ): NsfShortcutRow[] { - const shortcuts = getNsfRecordShortcuts(storage) - return collectShortcutRows(storage, shortcuts, options.target) + const shortcuts = getNsfRecordShortcuts(storage); + return collectShortcutRows(storage, shortcuts, options.target); } function resolveKeepFolderUid( - storage: InMemoryStorage, - folderArg: string | undefined, - defaultFolderUid: string | undefined + storage: InMemoryStorage, + folderArg: string | undefined, + defaultFolderUid: string | undefined, ): string { - if (folderArg?.trim()) { - const folderUid = resolveNsfFolderIdentifier(storage, folderArg.trim()) - if (!folderUid) { - throw new KeeperSdkError(`Folder '${folderArg}' not found`, ResultCodes.NSF_NOT_FOUND) - } - if (!isShortcutFolder(storage, folderUid)) { - throw new KeeperSdkError( - `Folder '${folderArg}' is not a nested share folder.`, - ResultCodes.NSF_LEGACY_FOLDER - ) - } - return folderUid + if (folderArg?.trim()) { + const folderUid = resolveNsfFolderIdentifier(storage, folderArg.trim()); + if (!folderUid) { + throw new KeeperSdkError( + `Folder '${folderArg}' not found`, + ResultCodes.NSF_NOT_FOUND, + ); } - - if (defaultFolderUid && isNestedShareFolder(storage, defaultFolderUid)) { - return defaultFolderUid + if (!isShortcutFolder(storage, folderUid)) { + throw new KeeperSdkError( + `Folder '${folderArg}' is not a nested share folder.`, + ResultCodes.NSF_LEGACY_FOLDER, + ); } + return folderUid; + } - throw new KeeperSdkError( - 'Folder to keep record in is required (or set current folder to an NSF folder).', - ResultCodes.NSF_FOLDER_REQUIRED - ) + if (defaultFolderUid && isNestedShareFolder(storage, defaultFolderUid)) { + return defaultFolderUid; + } + + throw new KeeperSdkError( + "Folder to keep record in is required (or set current folder to an NSF folder).", + ResultCodes.NSF_FOLDER_REQUIRED, + ); } function parseFolderRecordUpdateResult( - response: Folder.IFolderRecordUpdateResponse, - folderUid: string, - recordUid: string + response: Folder.IFolderRecordUpdateResponse, + folderUid: string, + recordUid: string, ): KeepNsfShortcutResultItem { - const result = response.folderRecordUpdateResult?.find( - (entry) => - !!entry.recordUid?.length && webSafe64FromBytes(entry.recordUid) === recordUid - ) - - if (!result) { - return { - folderUid, - success: false, - message: `No unlink status returned for record ${recordUid}`, - } - } + const result = response.folderRecordUpdateResult?.find( + (entry) => + !!entry.recordUid?.length && + webSafe64FromBytes(entry.recordUid) === recordUid, + ); - const status = result.status ?? Folder.FolderModifyStatus.SUCCESS - const statusName = Folder.FolderModifyStatus[status] ?? String(status) + if (!result) { return { - folderUid, - success: status === Folder.FolderModifyStatus.SUCCESS, - message: result.message || statusName, - } + folderUid, + success: false, + message: `No unlink status returned for record ${recordUid}`, + }; + } + + const status = result.status ?? Folder.FolderModifyStatus.SUCCESS; + const statusName = Folder.FolderModifyStatus[status] ?? String(status); + return { + folderUid, + success: status === Folder.FolderModifyStatus.SUCCESS, + message: result.message || statusName, + }; } async function unlinkRecordFromFolder( - auth: Auth, - folderUid: string, - recordUid: string + auth: Auth, + folderUid: string, + recordUid: string, ): Promise { - const response = await auth.executeRest( - folderRecordUpdateMessage({ - folderUid: normal64Bytes(folderUid), - removeRecords: [{ recordUid: normal64Bytes(recordUid) }], - }) - ) - return parseFolderRecordUpdateResult(response, folderUid, recordUid) + const response = await auth.executeRest( + folderRecordUpdateMessage({ + folderUid: normal64Bytes(folderUid), + removeRecords: [{ recordUid: normal64Bytes(recordUid) }], + }), + ); + return parseFolderRecordUpdateResult(response, folderUid, recordUid); } -export function formatKeepNsfShortcutPlan(plan: KeepNsfShortcutPlanItem): string { - const lines = [ - 'Shortcut keep plan', - ` Record: ${plan.recordUid} ${plan.title || '—'}`, - ` Keep in: ${plan.keepFolderLabel}`, - ] - if (plan.removeFolderLabels.length === 0) { - lines.push(' Remove from: (none)') - } else { - lines.push(' Remove from:') - for (const label of plan.removeFolderLabels) { - lines.push(` ${label}`) - } +export function formatKeepNsfShortcutPlan( + plan: KeepNsfShortcutPlanItem, +): string { + const lines = [ + "Shortcut keep plan", + ` Record: ${plan.recordUid} ${plan.title || "—"}`, + ` Keep in: ${plan.keepFolderLabel}`, + ]; + if (plan.removeFolderLabels.length === 0) { + lines.push(" Remove from: (none)"); + } else { + lines.push(" Remove from:"); + for (const label of plan.removeFolderLabels) { + lines.push(` ${label}`); } - return lines.join('\n') + } + return lines.join("\n"); } export async function keepNsfShortcut( - storage: InMemoryStorage, - auth: Auth, - input: KeepNsfShortcutInput, - defaultFolderUid?: string + storage: InMemoryStorage, + auth: Auth, + input: KeepNsfShortcutInput, + defaultFolderUid?: string, ): Promise { - const recordArg = input.record?.trim() - if (!recordArg) { - throw new KeeperSdkError('Record UID or title is required.', SHORTCUT_ERROR) - } - - const shortcuts = getNsfRecordShortcuts(storage) - const recordMatches = resolveShortcutRecordUids(storage, recordArg, shortcuts) - if (recordMatches.size !== 1) { - throw new KeeperSdkError( - `Record '${recordArg}' could not be resolved uniquely.`, - recordMatches.size === 0 ? SHORTCUT_ERROR : ResultCodes.MULTIPLE_NSF_MATCHES - ) - } - - const recordUid = [...recordMatches][0] - ensureNestedShareRecord(storage, recordUid, recordArg) - - const keepFolderUid = resolveKeepFolderUid(storage, input.folder, defaultFolderUid) - const folderSet = shortcuts.get(recordUid) - if (!folderSet || folderSet.size < 2) { - throw new KeeperSdkError( - `Record '${recordArg}' is not linked to multiple folders.`, - SHORTCUT_ERROR - ) - } - if (!folderSet.has(keepFolderUid)) { - throw new KeeperSdkError( - `Record '${recordArg}' is not in folder '${input.folder ?? keepFolderUid}'.`, - SHORTCUT_ERROR - ) - } - - const removeFolderUids = [...folderSet].filter((folderUid) => folderUid !== keepFolderUid) - const plan: KeepNsfShortcutPlanItem = { + const recordArg = input.record?.trim(); + if (!recordArg) { + throw new KeeperSdkError( + "Record UID or title is required.", + SHORTCUT_ERROR, + ); + } + + const shortcuts = getNsfRecordShortcuts(storage); + const recordMatches = resolveShortcutRecordUids( + storage, + recordArg, + shortcuts, + ); + if (recordMatches.size !== 1) { + throw new KeeperSdkError( + `Record '${recordArg}' could not be resolved uniquely.`, + recordMatches.size === 0 + ? SHORTCUT_ERROR + : ResultCodes.MULTIPLE_NSF_MATCHES, + ); + } + + const recordUid = [...recordMatches][0]; + ensureNestedShareRecord(storage, recordUid, recordArg); + + const keepFolderUid = resolveKeepFolderUid( + storage, + input.folder, + defaultFolderUid, + ); + const folderSet = shortcuts.get(recordUid); + if (!folderSet || folderSet.size < 2) { + throw new KeeperSdkError( + `Record '${recordArg}' is not linked to multiple folders.`, + SHORTCUT_ERROR, + ); + } + if (!folderSet.has(keepFolderUid)) { + throw new KeeperSdkError( + `Record '${recordArg}' is not in folder '${input.folder ?? keepFolderUid}'.`, + SHORTCUT_ERROR, + ); + } + + const removeFolderUids = [...folderSet].filter( + (folderUid) => folderUid !== keepFolderUid, + ); + const plan: KeepNsfShortcutPlanItem = { + recordUid, + title: recordTitle(storage, recordUid), + keepFolderUid, + keepFolderLabel: formatFolderLabel(storage, keepFolderUid), + removeFolderUids, + removeFolderLabels: removeFolderUids.map((folderUid) => + formatFolderLabel(storage, folderUid), + ), + }; + + if (removeFolderUids.length === 0) { + return { + dryRun: input.dryRun ?? false, + plan, + results: [], + nothingToDo: true, + }; + } + + if (input.dryRun) { + return { dryRun: true, plan, results: [], nothingToDo: false }; + } + + const accountUid = requireAuthAccountUid(auth); + const results: KeepNsfShortcutResultItem[] = []; + + try { + for (const folderUid of removeFolderUids) { + checkFolderRemovePermission( + storage, + folderUid, recordUid, - title: recordTitle(storage, recordUid), - keepFolderUid, - keepFolderLabel: formatFolderLabel(storage, keepFolderUid), - removeFolderUids, - removeFolderLabels: removeFolderUids.map((folderUid) => formatFolderLabel(storage, folderUid)), - } - - if (removeFolderUids.length === 0) { - return { dryRun: input.dryRun ?? false, plan, results: [], nothingToDo: true } - } - - if (input.dryRun) { - return { dryRun: true, plan, results: [], nothingToDo: false } - } - - const accountUid = requireAuthAccountUid(auth) - const results: KeepNsfShortcutResultItem[] = [] - - try { - for (const folderUid of removeFolderUids) { - checkFolderRemovePermission(storage, folderUid, recordUid, auth.username, accountUid) - results.push(await unlinkRecordFromFolder(auth, folderUid, recordUid)) - } - return { dryRun: false, plan, results, nothingToDo: false } - } catch (err) { - if (err instanceof KeeperSdkError) throw err - throw new KeeperSdkError( - `Failed to keep nested share record shortcut: ${extractErrorMessage(err)}`, - SHORTCUT_ERROR - ) + auth.username, + accountUid, + ); + results.push(await unlinkRecordFromFolder(auth, folderUid, recordUid)); } + return { dryRun: false, plan, results, nothingToDo: false }; + } catch (err) { + if (err instanceof KeeperSdkError) throw err; + throw new KeeperSdkError( + `Failed to keep nested share record shortcut: ${extractErrorMessage(err)}`, + SHORTCUT_ERROR, + ); + } } diff --git a/KeeperSdk/src/nestedShareFolders/nsfTeamShare.ts b/KeeperSdk/src/nestedShareFolders/nsfTeamShare.ts index e084c9be..72f526d1 100644 --- a/KeeperSdk/src/nestedShareFolders/nsfTeamShare.ts +++ b/KeeperSdk/src/nestedShareFolders/nsfTeamShare.ts @@ -1,215 +1,253 @@ -import type { Auth } from '@keeper-security/keeperapi' +import type { Auth } from "@keeper-security/keeperapi"; import { - Folder, - getShareObjectsMessage, - normal64Bytes, - platform, - teamGetKeysCommand, - webSafe64FromBytes, - type TeamGetKeysResponse, - type Records, -} from '@keeper-security/keeperapi' -import * as crypto from 'crypto' -import type { InMemoryStorage } from '../storage/InMemoryStorage' -import { KeeperSdkError, ResultCodes, extractErrorMessage, isValidEmail, logger } from '../utils' -import { TeamGetKeysResponseKeyType } from './nsfConstants' -import type { NsfResolvedShareRecipient, NsfTeamPublicKeys } from './nsfTypes' - -const SHARE_ERROR = ResultCodes.NSF_SHARE_FAILED - -type TeamGetKeyEntry = NonNullable[number] + Folder, + getShareObjectsMessage, + normal64Bytes, + platform, + teamGetKeysCommand, + webSafe64FromBytes, + type TeamGetKeysResponse, + type Records, +} from "@keeper-security/keeperapi"; +import * as crypto from "crypto"; +import type { InMemoryStorage } from "../storage/InMemoryStorage"; +import { + KeeperSdkError, + ResultCodes, + extractErrorMessage, + isValidEmail, + logger, +} from "../utils"; +import { TeamGetKeysResponseKeyType } from "./nsfConstants"; +import type { NsfResolvedShareRecipient, NsfTeamPublicKeys } from "./nsfTypes"; + +const SHARE_ERROR = ResultCodes.NSF_SHARE_FAILED; + +type TeamGetKeyEntry = NonNullable[number]; // TODO(browser): Replace Node crypto with platform-safe PKCS#1 public-key derivation // so team vault-storage fallback works in browser builds. -function deriveRsaPublicKeyFromPkcs1PrivateKey(privateKeyDer: Uint8Array): Uint8Array { - const privateKey = crypto.createPrivateKey({ - key: Buffer.from(privateKeyDer), - format: 'der', - type: 'pkcs1', - }) - const publicKey = crypto.createPublicKey(privateKey) - return new Uint8Array(publicKey.export({ format: 'der', type: 'pkcs1' })) +function deriveRsaPublicKeyFromPkcs1PrivateKey( + privateKeyDer: Uint8Array, +): Uint8Array { + const privateKey = crypto.createPrivateKey({ + key: Buffer.from(privateKeyDer), + format: "der", + type: "pkcs1", + }); + const publicKey = crypto.createPublicKey(privateKey); + return new Uint8Array(publicKey.export({ format: "der", type: "pkcs1" })); } function hasAsymmetricTeamPublicKeys(keys: NsfTeamPublicKeys): boolean { - return Boolean(keys.rsaPublicKey?.length || keys.eccPublicKey?.length) + return Boolean(keys.rsaPublicKey?.length || keys.eccPublicKey?.length); } async function decryptTeamGetKeysEntry( - auth: Auth, - entry: TeamGetKeyEntry + auth: Auth, + entry: TeamGetKeyEntry, ): Promise> { - if (!entry.key) return {} - - const keyBytes = normal64Bytes(entry.key) - const partial: Partial = {} - - switch (entry.type) { - case TeamGetKeysResponseKeyType.EccPublicKey: - partial.eccPublicKey = keyBytes - break - case TeamGetKeysResponseKeyType.RsaPublicKey: - partial.rsaPublicKey = keyBytes - break - case TeamGetKeysResponseKeyType.EncryptedAesTeamKeyByDataKey: - if (auth.dataKey?.length) { - partial.aesTeamKey = await platform.aesCbcDecrypt(keyBytes, auth.dataKey, true) - } - break - case TeamGetKeysResponseKeyType.EncryptedAesTeamKeyByRsa: - if (auth.privateKey?.length) { - partial.aesTeamKey = platform.privateDecrypt(keyBytes, auth.privateKey) - } - break - case TeamGetKeysResponseKeyType.EncryptedAesTeamKeyByDataKeyGcm: - if (auth.dataKey?.length) { - partial.aesTeamKey = await platform.aesGcmDecrypt(keyBytes, auth.dataKey) - } - break - case TeamGetKeysResponseKeyType.EncryptedAesTeamKeyByEcc: - if (auth.eccPrivateKey?.length) { - partial.aesTeamKey = await platform.privateDecryptEC(keyBytes, auth.eccPrivateKey) - } - break - } - - return partial + if (!entry.key) return {}; + + const keyBytes = normal64Bytes(entry.key); + const partial: Partial = {}; + + switch (entry.type) { + case TeamGetKeysResponseKeyType.EccPublicKey: + partial.eccPublicKey = keyBytes; + break; + case TeamGetKeysResponseKeyType.RsaPublicKey: + partial.rsaPublicKey = keyBytes; + break; + case TeamGetKeysResponseKeyType.EncryptedAesTeamKeyByDataKey: + if (auth.dataKey?.length) { + partial.aesTeamKey = await platform.aesCbcDecrypt( + keyBytes, + auth.dataKey, + true, + ); + } + break; + case TeamGetKeysResponseKeyType.EncryptedAesTeamKeyByRsa: + if (auth.privateKey?.length) { + partial.aesTeamKey = platform.privateDecrypt(keyBytes, auth.privateKey); + } + break; + case TeamGetKeysResponseKeyType.EncryptedAesTeamKeyByDataKeyGcm: + if (auth.dataKey?.length) { + partial.aesTeamKey = await platform.aesGcmDecrypt( + keyBytes, + auth.dataKey, + ); + } + break; + case TeamGetKeysResponseKeyType.EncryptedAesTeamKeyByEcc: + if (auth.eccPrivateKey?.length) { + partial.aesTeamKey = await platform.privateDecryptEC( + keyBytes, + auth.eccPrivateKey, + ); + } + break; + } + + return partial; } async function parseTeamGetKeysApiResponse( - auth: Auth, - teamUid: string, - response: TeamGetKeysResponse + auth: Auth, + teamUid: string, + response: TeamGetKeysResponse, ): Promise { - const keys: NsfTeamPublicKeys = {} + const keys: NsfTeamPublicKeys = {}; - for (const entry of response.keys ?? []) { - if (entry.team_uid && entry.team_uid !== teamUid) continue - Object.assign(keys, await decryptTeamGetKeysEntry(auth, entry)) - } + for (const entry of response.keys ?? []) { + if (entry.team_uid && entry.team_uid !== teamUid) continue; + Object.assign(keys, await decryptTeamGetKeysEntry(auth, entry)); + } - return keys + return keys; } async function fetchNsfTeamPublicKeysFromVaultStorage( - storage: InMemoryStorage, - teamUid: string + storage: InMemoryStorage, + teamUid: string, ): Promise { - const teamPrivateKey = await storage.getKeyBytes(`${teamUid}_priv`) - if (!teamPrivateKey?.length) return {} - - try { - return { rsaPublicKey: deriveRsaPublicKeyFromPkcs1PrivateKey(teamPrivateKey) } - } catch (err) { - logger.debug( - `Could not derive team RSA public key from vault storage for ${teamUid}: ${extractErrorMessage(err)}` - ) - return {} - } + const teamPrivateKey = await storage.getKeyBytes(`${teamUid}_priv`); + if (!teamPrivateKey?.length) return {}; + + try { + return { + rsaPublicKey: deriveRsaPublicKeyFromPkcs1PrivateKey(teamPrivateKey), + }; + } catch (err) { + logger.debug( + `Could not derive team RSA public key from vault storage for ${teamUid}: ${extractErrorMessage(err)}`, + ); + return {}; + } } function findMatchingShareTeams( - teams: Records.IShareTeam[], - query: string + teams: Records.IShareTeam[], + query: string, ): Records.IShareTeam[] { - const lower = query.toLowerCase() - return teams.filter((team) => { - const uid = team.teamUid?.length ? webSafe64FromBytes(team.teamUid) : '' - const name = team.teamname?.trim() ?? '' - return uid === query || name.toLowerCase() === lower - }) + const lower = query.toLowerCase(); + return teams.filter((team) => { + const uid = team.teamUid?.length ? webSafe64FromBytes(team.teamUid) : ""; + const name = team.teamname?.trim() ?? ""; + return uid === query || name.toLowerCase() === lower; + }); } export async function fetchNsfTeamPublicKeys( - auth: Auth, - teamUid: string, - storage?: InMemoryStorage + auth: Auth, + teamUid: string, + storage?: InMemoryStorage, ): Promise { - const trimmed = teamUid.trim() - if (!trimmed) { - throw new KeeperSdkError('Team UID is required.', ResultCodes.TEAM_NOT_FOUND) + const trimmed = teamUid.trim(); + if (!trimmed) { + throw new KeeperSdkError( + "Team UID is required.", + ResultCodes.TEAM_NOT_FOUND, + ); + } + + try { + const response = await auth.executeRestCommand( + teamGetKeysCommand({ teams: [trimmed] }), + ); + let keys = await parseTeamGetKeysApiResponse(auth, trimmed, response); + + if (!hasAsymmetricTeamPublicKeys(keys) && storage) { + const storageKeys = await fetchNsfTeamPublicKeysFromVaultStorage( + storage, + trimmed, + ); + keys = { + rsaPublicKey: keys.rsaPublicKey ?? storageKeys.rsaPublicKey, + eccPublicKey: keys.eccPublicKey ?? storageKeys.eccPublicKey, + aesTeamKey: keys.aesTeamKey ?? storageKeys.aesTeamKey, + }; } - try { - const response = await auth.executeRestCommand(teamGetKeysCommand({ teams: [trimmed] })) - let keys = await parseTeamGetKeysApiResponse(auth, trimmed, response) - - if (!hasAsymmetricTeamPublicKeys(keys) && storage) { - const storageKeys = await fetchNsfTeamPublicKeysFromVaultStorage(storage, trimmed) - keys = { - rsaPublicKey: keys.rsaPublicKey ?? storageKeys.rsaPublicKey, - eccPublicKey: keys.eccPublicKey ?? storageKeys.eccPublicKey, - aesTeamKey: keys.aesTeamKey ?? storageKeys.aesTeamKey, - } - } - - if (!hasAsymmetricTeamPublicKeys(keys)) { - throw new KeeperSdkError( - `No public key found for team ${trimmed}.`, - ResultCodes.TEAM_NOT_FOUND - ) - } - - return keys - } catch (err) { - if (err instanceof KeeperSdkError) throw err - throw new KeeperSdkError( - `Failed to load team keys for ${trimmed}: ${extractErrorMessage(err)}`, - SHARE_ERROR - ) + if (!hasAsymmetricTeamPublicKeys(keys)) { + throw new KeeperSdkError( + `No public key found for team ${trimmed}.`, + ResultCodes.TEAM_NOT_FOUND, + ); } + + return keys; + } catch (err) { + if (err instanceof KeeperSdkError) throw err; + throw new KeeperSdkError( + `Failed to load team keys for ${trimmed}: ${extractErrorMessage(err)}`, + SHARE_ERROR, + ); + } } export async function encryptNsfFolderKeyForTeam( - folderKey: Uint8Array, - teamPublicKeys: NsfTeamPublicKeys + folderKey: Uint8Array, + teamPublicKeys: NsfTeamPublicKeys, ): Promise { - if (teamPublicKeys.rsaPublicKey?.length) { - return Folder.EncryptedDataKey.create({ - encryptedKey: platform.publicEncrypt( - folderKey, - platform.bytesToBase64(teamPublicKeys.rsaPublicKey) - ), - encryptedKeyType: Folder.EncryptedKeyType.encrypted_by_public_key, - }) - } - if (teamPublicKeys.eccPublicKey?.length) { - return Folder.EncryptedDataKey.create({ - encryptedKey: await platform.publicEncryptEC(folderKey, teamPublicKeys.eccPublicKey), - encryptedKeyType: Folder.EncryptedKeyType.encrypted_by_public_key_ecc, - }) - } - throw new KeeperSdkError('No public key found for team.', SHARE_ERROR) + if (teamPublicKeys.rsaPublicKey?.length) { + return Folder.EncryptedDataKey.create({ + encryptedKey: platform.publicEncrypt( + folderKey, + platform.bytesToBase64(teamPublicKeys.rsaPublicKey), + ), + encryptedKeyType: Folder.EncryptedKeyType.encrypted_by_public_key, + }); + } + if (teamPublicKeys.eccPublicKey?.length) { + return Folder.EncryptedDataKey.create({ + encryptedKey: await platform.publicEncryptEC( + folderKey, + teamPublicKeys.eccPublicKey, + ), + encryptedKeyType: Folder.EncryptedKeyType.encrypted_by_public_key_ecc, + }); + } + throw new KeeperSdkError("No public key found for team.", SHARE_ERROR); } export async function resolveNsfShareRecipient( - auth: Auth, - recipient: string + auth: Auth, + recipient: string, ): Promise { - const trimmed = recipient.trim() - if (!trimmed) return null - - if (isValidEmail(trimmed)) { - return { recipient: trimmed.toLowerCase(), isTeam: false } - } - - const response = await auth.executeRest(getShareObjectsMessage({})) - const teams = [...(response.shareTeams ?? []), ...(response.shareMCTeams ?? [])] - const matches = findMatchingShareTeams(teams, trimmed) - - if (matches.length === 1) { - const teamUid = webSafe64FromBytes(matches[0].teamUid!) - return { recipient: teamUid, isTeam: true, accountUid: matches[0].teamUid as Uint8Array } - } - if (matches.length > 1) { - throw new KeeperSdkError( - `Multiple teams match '${trimmed}'. Use the team UID instead.`, - ResultCodes.MULTIPLE_NSF_MATCHES - ) - } - + const trimmed = recipient.trim(); + if (!trimmed) return null; + + if (isValidEmail(trimmed)) { + return { recipient: trimmed.toLowerCase(), isTeam: false }; + } + + const response = await auth.executeRest(getShareObjectsMessage({})); + const teams = [ + ...(response.shareTeams ?? []), + ...(response.shareMCTeams ?? []), + ]; + const matches = findMatchingShareTeams(teams, trimmed); + + if (matches.length === 1) { + const teamUid = webSafe64FromBytes(matches[0].teamUid!); + return { + recipient: teamUid, + isTeam: true, + accountUid: matches[0].teamUid as Uint8Array, + }; + } + if (matches.length > 1) { throw new KeeperSdkError( - `Recipient '${trimmed}' could not be resolved as an email or team.`, - SHARE_ERROR - ) + `Multiple teams match '${trimmed}'. Use the team UID instead.`, + ResultCodes.MULTIPLE_NSF_MATCHES, + ); + } + + throw new KeeperSdkError( + `Recipient '${trimmed}' could not be resolved as an email or team.`, + SHARE_ERROR, + ); } diff --git a/KeeperSdk/src/nestedShareFolders/nsfTransferRecord.ts b/KeeperSdk/src/nestedShareFolders/nsfTransferRecord.ts index 86377642..e12de992 100644 --- a/KeeperSdk/src/nestedShareFolders/nsfTransferRecord.ts +++ b/KeeperSdk/src/nestedShareFolders/nsfTransferRecord.ts @@ -1,130 +1,157 @@ -import type { Auth } from '@keeper-security/keeperapi' -import { Records, normal64Bytes, recordsTransferV3Message } from '@keeper-security/keeperapi' -import type { InMemoryStorage } from '../storage/InMemoryStorage' -import { encryptKeyForRecipient, loadUserShareKeysOrInvite } from './nsfShareKeys' -import { KeeperSdkError, ResultCodes, extractErrorMessage } from '../utils' +import type { Auth } from "@keeper-security/keeperapi"; import { - checkRecordChangeOwnershipPermission, - ensureNestedShareRecord, - requireAuthAccountUid, - resolveNsfRecordIdentifier, -} from './nsfHelpers' -import { resolveRecordKeyBytes } from './nsfRecordCrypto' + Records, + normal64Bytes, + recordsTransferV3Message, +} from "@keeper-security/keeperapi"; +import type { InMemoryStorage } from "../storage/InMemoryStorage"; +import { + encryptKeyForRecipient, + loadUserShareKeysOrInvite, +} from "./nsfShareKeys"; +import { KeeperSdkError, ResultCodes, extractErrorMessage } from "../utils"; +import { + checkRecordChangeOwnershipPermission, + ensureNestedShareRecord, + requireAuthAccountUid, + resolveNsfRecordIdentifier, +} from "./nsfHelpers"; +import { resolveRecordKeyBytes } from "./nsfRecordCrypto"; import type { - TransferNestedShareRecordInput, - TransferNestedShareRecordResult, - TransferNestedShareRecordResultItem, -} from './nsfTypes' -import { NsfResultStatus, NsfTransferApiStatus } from './nsfTypes' + TransferNestedShareRecordInput, + TransferNestedShareRecordResult, + TransferNestedShareRecordResultItem, +} from "./nsfTypes"; +import { NsfResultStatus, NsfTransferApiStatus } from "./nsfTypes"; -const TRANSFER_ERROR = ResultCodes.NSF_TRANSFER_FAILED +const TRANSFER_ERROR = ResultCodes.NSF_TRANSFER_FAILED; async function requireRecordKey( - storage: InMemoryStorage, - auth: Auth, - recordUid: string + storage: InMemoryStorage, + auth: Auth, + recordUid: string, ): Promise { - const recordKey = await resolveRecordKeyBytes(storage, auth, recordUid) - if (!recordKey) { - throw new KeeperSdkError( - `Record key not available for ${recordUid}. Run sync() first.`, - ResultCodes.NSF_MISSING_KEY - ) - } - return recordKey + const recordKey = await resolveRecordKeyBytes(storage, auth, recordUid); + if (!recordKey) { + throw new KeeperSdkError( + `Record key not available for ${recordUid}. Run sync() first.`, + ResultCodes.NSF_MISSING_KEY, + ); + } + return recordKey; } export async function transferNestedShareRecordOwnership( - storage: InMemoryStorage, - auth: Auth, - recordUid: string, - newOwnerEmail: string + storage: InMemoryStorage, + auth: Auth, + recordUid: string, + newOwnerEmail: string, ): Promise { - const email = newOwnerEmail.trim() - if (!email) { - throw new KeeperSdkError('New owner email is required.', TRANSFER_ERROR) - } + const email = newOwnerEmail.trim(); + if (!email) { + throw new KeeperSdkError("New owner email is required.", TRANSFER_ERROR); + } - const recordKey = await requireRecordKey(storage, auth, recordUid) - const userKeys = await loadUserShareKeysOrInvite(auth, email, TRANSFER_ERROR) - const { encryptedKey, useEccKey } = await encryptKeyForRecipient(recordKey, userKeys) + const recordKey = await requireRecordKey(storage, auth, recordUid); + const userKeys = await loadUserShareKeysOrInvite(auth, email, TRANSFER_ERROR); + const { encryptedKey, useEccKey } = await encryptKeyForRecipient( + recordKey, + userKeys, + ); - const response = await auth.executeRest( - recordsTransferV3Message({ - transferRecords: [ - Records.TransferRecord.create({ - username: email, - recordUid: normal64Bytes(recordUid), - recordKey: encryptedKey, - useEccKey, - }), - ], - }) - ) + const response = await auth.executeRest( + recordsTransferV3Message({ + transferRecords: [ + Records.TransferRecord.create({ + username: email, + recordUid: normal64Bytes(recordUid), + recordKey: encryptedKey, + useEccKey, + }), + ], + }), + ); - const status = response.transferRecordStatus?.[0] - const normalized = (status?.status ?? '').trim().toLowerCase() - const success = normalized === NsfTransferApiStatus.Success - return { - recordUid, - success, - message: status?.message || status?.status || 'Ownership transfer completed', - } + const status = response.transferRecordStatus?.[0]; + const normalized = (status?.status ?? "").trim().toLowerCase(); + const success = normalized === NsfTransferApiStatus.Success; + return { + recordUid, + success, + message: + status?.message || status?.status || "Ownership transfer completed", + }; } export async function transferNestedShareRecords( - storage: InMemoryStorage, - auth: Auth, - input: TransferNestedShareRecordInput + storage: InMemoryStorage, + auth: Auth, + input: TransferNestedShareRecordInput, ): Promise { - const records = input.records.map((record) => record.trim()).filter(Boolean) - const newOwnerEmail = input.newOwnerEmail.trim() + const records = input.records.map((record) => record.trim()).filter(Boolean); + const newOwnerEmail = input.newOwnerEmail.trim(); - if (records.length === 0) { - throw new KeeperSdkError('At least one record UID or title is required.', TRANSFER_ERROR) - } - if (!newOwnerEmail) { - throw new KeeperSdkError('New owner email is required.', TRANSFER_ERROR) - } + if (records.length === 0) { + throw new KeeperSdkError( + "At least one record UID or title is required.", + TRANSFER_ERROR, + ); + } + if (!newOwnerEmail) { + throw new KeeperSdkError("New owner email is required.", TRANSFER_ERROR); + } - const results: TransferNestedShareRecordResultItem[] = [] - const accountUid = requireAuthAccountUid(auth) + const results: TransferNestedShareRecordResultItem[] = []; + const accountUid = requireAuthAccountUid(auth); - try { - for (const identifier of records) { - const recordUid = resolveNsfRecordIdentifier(storage, identifier) - if (!recordUid) { - throw new KeeperSdkError(`Record '${identifier}' not found`, ResultCodes.NSF_NOT_FOUND) - } - ensureNestedShareRecord(storage, recordUid, identifier) - checkRecordChangeOwnershipPermission(storage, recordUid, auth.username, accountUid) - results.push( - await transferNestedShareRecordOwnership(storage, auth, recordUid, newOwnerEmail) - ) - } - - return { - results, - success: results.every((item) => item.success), - } - } catch (err) { - if (err instanceof KeeperSdkError) throw err + try { + for (const identifier of records) { + const recordUid = resolveNsfRecordIdentifier(storage, identifier); + if (!recordUid) { throw new KeeperSdkError( - `Failed to transfer nested share record ownership: ${extractErrorMessage(err)}`, - TRANSFER_ERROR - ) + `Record '${identifier}' not found`, + ResultCodes.NSF_NOT_FOUND, + ); + } + ensureNestedShareRecord(storage, recordUid, identifier); + checkRecordChangeOwnershipPermission( + storage, + recordUid, + auth.username, + accountUid, + ); + results.push( + await transferNestedShareRecordOwnership( + storage, + auth, + recordUid, + newOwnerEmail, + ), + ); } + + return { + results, + success: results.every((item) => item.success), + }; + } catch (err) { + if (err instanceof KeeperSdkError) throw err; + throw new KeeperSdkError( + `Failed to transfer nested share record ownership: ${extractErrorMessage(err)}`, + TRANSFER_ERROR, + ); + } } export function formatTransferNestedShareRecordResults( - results: TransferNestedShareRecordResultItem[] + results: TransferNestedShareRecordResultItem[], ): string { - if (results.length === 0) return '' - const lines: string[] = [] - for (const item of results) { - lines.push( - `${item.recordUid} ${item.success ? NsfResultStatus.Success : NsfResultStatus.Failed} ${item.message}` - ) - } - return lines.join('\n') + if (results.length === 0) return ""; + const lines: string[] = []; + for (const item of results) { + lines.push( + `${item.recordUid} ${item.success ? NsfResultStatus.Success : NsfResultStatus.Failed} ${item.message}`, + ); + } + return lines.join("\n"); } diff --git a/KeeperSdk/src/nestedShareFolders/nsfTypes.ts b/KeeperSdk/src/nestedShareFolders/nsfTypes.ts index aa5d4f55..cc2e57f9 100644 --- a/KeeperSdk/src/nestedShareFolders/nsfTypes.ts +++ b/KeeperSdk/src/nestedShareFolders/nsfTypes.ts @@ -1,649 +1,670 @@ -import type { DRecord, Records, record as RecordProto } from '@keeper-security/keeperapi' -import { Folder } from '@keeper-security/keeperapi' -import type { NsfFolderColor } from './nsfConstants' -import type { NsfItemType } from './nsfHelpers' -import type { RecordFieldEntry } from './nsfRecordData' +import type { + DRecord, + Records, + record as RecordProto, +} from "@keeper-security/keeperapi"; +import { Folder } from "@keeper-security/keeperapi"; +import type { NsfFolderColor } from "./nsfConstants"; +import type { NsfItemType } from "./nsfHelpers"; +import type { RecordFieldEntry } from "./nsfRecordData"; export enum NsfAccessRoleLabel { - Owner = 'owner', - Navigator = 'navigator', - Requestor = 'requestor', - Viewer = 'viewer', - SharedManager = 'shared-manager', - ContentManager = 'content-manager', - ContentShareManager = 'content-share-manager', - FullManager = 'full-manager', - Unresolved = 'unresolved', - Unknown = 'unknown', + Owner = "owner", + Navigator = "navigator", + Requestor = "requestor", + Viewer = "viewer", + SharedManager = "shared-manager", + ContentManager = "content-manager", + ContentShareManager = "content-share-manager", + FullManager = "full-manager", + Unresolved = "unresolved", + Unknown = "unknown", } export const NSF_ACCESS_ROLE_LABELS: Record = { - [Folder.AccessRoleType.NAVIGATOR]: NsfAccessRoleLabel.Navigator, - [Folder.AccessRoleType.REQUESTOR]: NsfAccessRoleLabel.Requestor, - [Folder.AccessRoleType.VIEWER]: NsfAccessRoleLabel.Viewer, - [Folder.AccessRoleType.SHARED_MANAGER]: NsfAccessRoleLabel.SharedManager, - [Folder.AccessRoleType.CONTENT_MANAGER]: NsfAccessRoleLabel.ContentManager, - [Folder.AccessRoleType.CONTENT_SHARE_MANAGER]: NsfAccessRoleLabel.ContentShareManager, - [Folder.AccessRoleType.MANAGER]: NsfAccessRoleLabel.FullManager, - [Folder.AccessRoleType.UNRESOLVED]: NsfAccessRoleLabel.Unresolved, -} + [Folder.AccessRoleType.NAVIGATOR]: NsfAccessRoleLabel.Navigator, + [Folder.AccessRoleType.REQUESTOR]: NsfAccessRoleLabel.Requestor, + [Folder.AccessRoleType.VIEWER]: NsfAccessRoleLabel.Viewer, + [Folder.AccessRoleType.SHARED_MANAGER]: NsfAccessRoleLabel.SharedManager, + [Folder.AccessRoleType.CONTENT_MANAGER]: NsfAccessRoleLabel.ContentManager, + [Folder.AccessRoleType.CONTENT_SHARE_MANAGER]: + NsfAccessRoleLabel.ContentShareManager, + [Folder.AccessRoleType.MANAGER]: NsfAccessRoleLabel.FullManager, + [Folder.AccessRoleType.UNRESOLVED]: NsfAccessRoleLabel.Unresolved, +}; export enum NsfObjectKind { - Folder = 'folder', - Record = 'record', + Folder = "folder", + Record = "record", } export enum GetNsfFormat { - Detail = 'detail', - JSON = 'json', + Detail = "detail", + JSON = "json", } -export type GetNsfFormatInput = GetNsfFormat | `${GetNsfFormat}` +export type GetNsfFormatInput = GetNsfFormat | `${GetNsfFormat}`; export type GetNsfOptions = { - format?: GetNsfFormatInput - verbose?: boolean - unmask?: boolean -} + format?: GetNsfFormatInput; + verbose?: boolean; + unmask?: boolean; +}; export type NsfFolderAccessRow = { - username: string - role: NsfAccessRoleLabel -} + username: string; + role: NsfAccessRoleLabel; +}; export type NsfFolderPermission = { - accessTypeUid: string - accessType: string - accessRoleType: string - inherited?: boolean - hidden?: boolean -} + accessTypeUid: string; + accessType: string; + accessRoleType: string; + inherited?: boolean; + hidden?: boolean; +}; export type NsfRecordPermission = { - username: string - accountUid?: string - owner: boolean - shareAdmin: boolean - shareable: boolean - editable: boolean - awaitingApproval: boolean - expiration?: number - role?: NsfAccessRoleLabel -} + username: string; + accountUid?: string; + owner: boolean; + shareAdmin: boolean; + shareable: boolean; + editable: boolean; + awaitingApproval: boolean; + expiration?: number; + role?: NsfAccessRoleLabel; +}; export type NsfFolderSummary = { - uid: string - title: string - type: string -} + uid: string; + title: string; + type: string; +}; export type NsfFolderView = { - objectType: NsfObjectKind.Folder - folderUid: string - name: string - parentUid: string - path: string - userPermissions: NsfFolderAccessRow[] - shareAdmins: NsfFolderAccessRow[] - teamPermissions: NsfFolderPermission[] - records: NsfFolderSummary[] -} + objectType: NsfObjectKind.Folder; + folderUid: string; + name: string; + parentUid: string; + path: string; + userPermissions: NsfFolderAccessRow[]; + shareAdmins: NsfFolderAccessRow[]; + teamPermissions: NsfFolderPermission[]; + records: NsfFolderSummary[]; +}; export type NsfRecordFieldView = { - type: string - label?: string - value: string[] -} + type: string; + label?: string; + value: string[]; +}; export type NsfRecordFolderView = { - uid: string - path: string -} + uid: string; + path: string; +}; export type NsfRecordJsonUserPermission = { - username: string - owner: boolean - shareable: boolean - editable: boolean - role: NsfAccessRoleLabel -} + username: string; + owner: boolean; + shareable: boolean; + editable: boolean; + role: NsfAccessRoleLabel; +}; export type NsfRecordJsonView = { - record_uid: string - title: string - type: string - version: number - revision: number - folder?: NsfRecordFolderView - fields: { type: string; value: unknown[] }[] - notes?: string - user_permissions: NsfRecordJsonUserPermission[] - share_admins: string[] -} + record_uid: string; + title: string; + type: string; + version: number; + revision: number; + folder?: NsfRecordFolderView; + fields: { type: string; value: unknown[] }[]; + notes?: string; + user_permissions: NsfRecordJsonUserPermission[]; + share_admins: string[]; +}; export type NsfRecordView = { - objectType: NsfObjectKind.Record - recordUid: string - title: string - type: string - revision: number - version: number - folder?: NsfRecordFolderView - folderLocation: string - login?: string - password?: string - url?: string - notes?: string - fields: NsfRecordFieldView[] - userPermissions: NsfRecordPermission[] - shareAdmins: string[] -} + objectType: NsfObjectKind.Record; + recordUid: string; + title: string; + type: string; + revision: number; + version: number; + folder?: NsfRecordFolderView; + folderLocation: string; + login?: string; + password?: string; + url?: string; + notes?: string; + fields: NsfRecordFieldView[]; + userPermissions: NsfRecordPermission[]; + shareAdmins: string[]; +}; export type GetNsfResult = - | { kind: NsfObjectKind.Folder; view: NsfFolderView } - | { kind: NsfObjectKind.Record; view: NsfRecordView } + | { kind: NsfObjectKind.Folder; view: NsfFolderView } + | { kind: NsfObjectKind.Record; view: NsfRecordView }; -export type NsfFolderColorInput = NsfFolderColor | `${NsfFolderColor}` +export type NsfFolderColorInput = NsfFolderColor | `${NsfFolderColor}`; export type MkdirNsfInput = { - folder: string - color?: NsfFolderColorInput - noInheritPermissions?: boolean - baseFolderUid?: string | null -} + folder: string; + color?: NsfFolderColorInput; + noInheritPermissions?: boolean; + baseFolderUid?: string | null; +}; export type MkdirNsfResult = { - folderUid: string - created: boolean - message?: string -} + folderUid: string; + created: boolean; + message?: string; +}; export type FolderSegmentCreateSpec = { - segmentName: string - color?: NsfFolderColor - inheritPermissions: boolean -} + segmentName: string; + color?: NsfFolderColor; + inheritPermissions: boolean; +}; export type FolderCreatePayload = { - folderUid: string - folderName: string - parentUid: string | null - inheritPermissions: boolean - folderData: Folder.IFolderData -} + folderUid: string; + folderName: string; + parentUid: string | null; + inheritPermissions: boolean; + folderData: Folder.IFolderData; +}; export type AddNsfRecordInput = { - title: string - recordType: string - folder?: string - notes?: string - fieldEntries?: RecordFieldEntry[] - customEntries?: RecordFieldEntry[] - recordData?: Record - force?: boolean - hasFileFields?: boolean -} + title: string; + recordType: string; + folder?: string; + notes?: string; + fieldEntries?: RecordFieldEntry[]; + customEntries?: RecordFieldEntry[]; + recordData?: Record; + force?: boolean; + hasFileFields?: boolean; +}; export type AddNsfRecordsInput = { - records: AddNsfRecordInput[] -} + records: AddNsfRecordInput[]; +}; export type NsfRecordOperationResult = { - recordUid: string - success: boolean - status: string - message?: string - revision?: number -} + recordUid: string; + success: boolean; + status: string; + message?: string; + revision?: number; +}; -export type AddNsfRecordResult = NsfRecordOperationResult +export type AddNsfRecordResult = NsfRecordOperationResult; export type AddNsfRecordsResult = { - added: AddNsfRecordResult[] - revision?: number -} + added: AddNsfRecordResult[]; + revision?: number; +}; export type RecordAddPayload = { - recordUid: string - recordAdd: RecordProto.v3.IRecordAdd -} + recordUid: string; + recordAdd: RecordProto.v3.IRecordAdd; +}; export type UpdateNsfRecordInput = { - records: string[] - title?: string - recordType?: string - notes?: string - fieldEntries?: RecordFieldEntry[] - customEntries?: RecordFieldEntry[] -} + records: string[]; + title?: string; + recordType?: string; + notes?: string; + fieldEntries?: RecordFieldEntry[]; + customEntries?: RecordFieldEntry[]; +}; export type UpdateNsfRecordItemInput = { - record: string - title?: string - recordType?: string - notes?: string - fieldEntries?: RecordFieldEntry[] - customEntries?: RecordFieldEntry[] -} + record: string; + title?: string; + recordType?: string; + notes?: string; + fieldEntries?: RecordFieldEntry[]; + customEntries?: RecordFieldEntry[]; +}; export type UpdateNsfRecordsInput = { - records: UpdateNsfRecordItemInput[] -} + records: UpdateNsfRecordItemInput[]; +}; -export type UpdateNsfRecordResultItem = NsfRecordOperationResult +export type UpdateNsfRecordResultItem = NsfRecordOperationResult; export type UpdateNsfRecordResult = { - updated: UpdateNsfRecordResultItem[] -} + updated: UpdateNsfRecordResultItem[]; +}; export type RecordUpdatePayload = { - recordUid: string - storedRecord: DRecord | undefined - mergedRecordData: Record - recordUpdate: Records.IRecordUpdate -} + recordUid: string; + storedRecord: DRecord | undefined; + mergedRecordData: Record; + recordUpdate: Records.IRecordUpdate; +}; export enum ListNsfFormat { - Table = 'table', - CSV = 'csv', - JSON = 'json', + Table = "table", + CSV = "csv", + JSON = "json", } -export type ListNsfFormatInput = ListNsfFormat | `${ListNsfFormat}` +export type ListNsfFormatInput = ListNsfFormat | `${ListNsfFormat}`; export type ListNsfOptions = { - folders?: boolean - records?: boolean - format?: ListNsfFormatInput -} + folders?: boolean; + records?: boolean; + format?: ListNsfFormatInput; +}; export type ListNsfRow = { - itemType: NsfItemType - uid: string - title: string - type: string - description: string - parentOrFolder: string -} + itemType: NsfItemType; + uid: string; + title: string; + type: string; + description: string; + parentOrFolder: string; +}; export type FormattedListNsfTable = { - headers: string[] - rows: string[][] -} + headers: string[]; + rows: string[][]; +}; export enum NsfRemoveOperation { - OwnerTrash = 'owner-trash', - FolderTrash = 'folder-trash', - Unlink = 'unlink', + OwnerTrash = "owner-trash", + FolderTrash = "folder-trash", + Unlink = "unlink", } -export type NsfRemoveOperationInput = NsfRemoveOperation | `${NsfRemoveOperation}` +export type NsfRemoveOperationInput = + | NsfRemoveOperation + | `${NsfRemoveOperation}`; export type RemoveNsfRecordInput = { - records: string[] - folder?: string - operation?: NsfRemoveOperationInput - force?: boolean - dryRun?: boolean -} + records: string[]; + folder?: string; + operation?: NsfRemoveOperationInput; + force?: boolean; + dryRun?: boolean; +}; export type NsfRemovePreviewItem = { - recordUid: string - folderUid: string - status: string - impact?: { - foldersCount: number - recordsCount: number - affectedUsersCount: number - affectedTeamsCount: number - warnings: string[] - } - error?: { code: number; message: string } -} + recordUid: string; + folderUid: string; + status: string; + impact?: { + foldersCount: number; + recordsCount: number; + affectedUsersCount: number; + affectedTeamsCount: number; + warnings: string[]; + }; + error?: { code: number; message: string }; +}; export type RemoveNsfRecordResult = { - confirmed: boolean - dryRun: boolean - preview: NsfRemovePreviewItem[] - message?: string -} + confirmed: boolean; + dryRun: boolean; + preview: NsfRemovePreviewItem[]; + message?: string; +}; export enum NsfRemoveFolderOperation { - FolderTrash = 'folder-trash', - DeletePermanent = 'delete-permanent', + FolderTrash = "folder-trash", + DeletePermanent = "delete-permanent", } -export type NsfRemoveFolderOperationInput = NsfRemoveFolderOperation | `${NsfRemoveFolderOperation}` +export type NsfRemoveFolderOperationInput = + | NsfRemoveFolderOperation + | `${NsfRemoveFolderOperation}`; export type RemoveNsfFolderInput = { - folders: string[] - operation?: NsfRemoveFolderOperationInput - force?: boolean - dryRun?: boolean - quiet?: boolean -} + folders: string[]; + operation?: NsfRemoveFolderOperationInput; + force?: boolean; + dryRun?: boolean; + quiet?: boolean; +}; export type NsfRemoveFolderPreviewItem = { - folderUid: string - name: string - status: string - impact?: { - foldersCount: number - recordsCount: number - affectedUsersCount: number - affectedTeamsCount: number - warnings: string[] - } - error?: { code: number; message: string } -} + folderUid: string; + name: string; + status: string; + impact?: { + foldersCount: number; + recordsCount: number; + affectedUsersCount: number; + affectedTeamsCount: number; + warnings: string[]; + }; + error?: { code: number; message: string }; +}; export type RemoveNsfFolderResult = { - confirmed: boolean - dryRun: boolean - operation: NsfRemoveFolderOperation - preview: NsfRemoveFolderPreviewItem[] - message?: string -} + confirmed: boolean; + dryRun: boolean; + operation: NsfRemoveFolderOperation; + preview: NsfRemoveFolderPreviewItem[]; + message?: string; +}; export enum GetNsfRecordDetailsFormat { - Table = 'table', - JSON = 'json', + Table = "table", + JSON = "json", } -export type GetNsfRecordDetailsFormatInput = GetNsfRecordDetailsFormat | `${GetNsfRecordDetailsFormat}` +export type GetNsfRecordDetailsFormatInput = + | GetNsfRecordDetailsFormat + | `${GetNsfRecordDetailsFormat}`; export type NsfRecordDetailsItem = { - recordUid: string - title: string - type: string - revision: number - version: number -} + recordUid: string; + title: string; + type: string; + revision: number; + version: number; +}; export type GetNsfRecordDetailsResult = { - data: NsfRecordDetailsItem[] - forbiddenRecords: string[] -} + data: NsfRecordDetailsItem[]; + forbiddenRecords: string[]; +}; export type GetNsfRecordDetailsInput = { - records: string[] - format?: GetNsfRecordDetailsFormatInput -} + records: string[]; + format?: GetNsfRecordDetailsFormatInput; +}; export type LinkNsfRecordResult = { - success: boolean - recordUid: string - folderUid: string - status: string - message: string -} + success: boolean; + recordUid: string; + folderUid: string; + status: string; + message: string; +}; -const ACCESS_ROLE_LABEL_VALUES = new Set(Object.values(NsfAccessRoleLabel)) +const ACCESS_ROLE_LABEL_VALUES = new Set( + Object.values(NsfAccessRoleLabel), +); export function toNsfAccessRoleLabel(role: string): NsfAccessRoleLabel { - if (ACCESS_ROLE_LABEL_VALUES.has(role)) { - return role as NsfAccessRoleLabel - } - return NsfAccessRoleLabel.Unknown + if (ACCESS_ROLE_LABEL_VALUES.has(role)) { + return role as NsfAccessRoleLabel; + } + return NsfAccessRoleLabel.Unknown; } -export function resolveRecordPermissionRole(entry: NsfRecordPermission): NsfAccessRoleLabel { - if (entry.owner) return NsfAccessRoleLabel.Owner - if (entry.shareAdmin) return NsfAccessRoleLabel.SharedManager - if (entry.role) return entry.role - return NsfAccessRoleLabel.ContentManager +export function resolveRecordPermissionRole( + entry: NsfRecordPermission, +): NsfAccessRoleLabel { + if (entry.owner) return NsfAccessRoleLabel.Owner; + if (entry.shareAdmin) return NsfAccessRoleLabel.SharedManager; + if (entry.role) return entry.role; + return NsfAccessRoleLabel.ContentManager; } export enum NsfFolderShareAction { - Grant = 'grant', - Remove = 'remove', + Grant = "grant", + Remove = "remove", } export enum NsfFolderShareActionTaken { - AlreadyHadAccess = 'already_had_access', - Updated = 'updated', - Granted = 'granted', - Removed = 'removed', + AlreadyHadAccess = "already_had_access", + Updated = "updated", + Granted = "granted", + Removed = "removed", } export enum NsfRecordShareAction { - Grant = 'grant', - Revoke = 'revoke', - Owner = 'owner', + Grant = "grant", + Revoke = "revoke", + Owner = "owner", } export enum NsfRecordShareActionTaken { - Grant = 'grant', - Update = 'update', - Revoke = 'revoke', - Owner = 'owner', - NoAccess = 'no_access', - Skipped = 'skipped', + Grant = "grant", + Update = "update", + Revoke = "revoke", + Owner = "owner", + NoAccess = "no_access", + Skipped = "skipped", } export enum NsfRecordPermissionAction { - Grant = 'grant', - Revoke = 'revoke', + Grant = "grant", + Revoke = "revoke", } export enum NsfResultStatus { - Success = 'success', - Failed = 'failed', + Success = "success", + Failed = "failed", } export enum NsfTransferApiStatus { - Success = 'transfer_record_success', + Success = "transfer_record_success", } export enum NsfPermissionFailureCode { - Skipped = 'skipped', + Skipped = "skipped", } export type NsfTeamPublicKeys = { - rsaPublicKey?: Uint8Array - eccPublicKey?: Uint8Array - aesTeamKey?: Uint8Array -} + rsaPublicKey?: Uint8Array; + eccPublicKey?: Uint8Array; + aesTeamKey?: Uint8Array; +}; export type NsfResolvedShareRecipient = { - recipient: string - isTeam: boolean - accountUid?: Uint8Array -} + recipient: string; + isTeam: boolean; + accountUid?: Uint8Array; +}; export type NsfFolderAccessOperationResult = { - folderUid: string - recipient: string - success: boolean - message: string -} + folderUid: string; + recipient: string; + success: boolean; + message: string; +}; export type NsfDirectUserRecordShare = { - recordUid: string - email: string - accessRoleType: number - expiration?: number -} + recordUid: string; + email: string; + accessRoleType: number; + expiration?: number; +}; -export type NsfFolderShareActionInput = NsfFolderShareAction | `${NsfFolderShareAction}` +export type NsfFolderShareActionInput = + | NsfFolderShareAction + | `${NsfFolderShareAction}`; export type ParseShareExpirationInput = { - expireAt?: string - expireIn?: string - expirationTimestamp?: number - cmdName?: string -} + expireAt?: string; + expireIn?: string; + expirationTimestamp?: number; + cmdName?: string; +}; export type ShareNestedShareFolderInput = { - folders: string[] - recipients: string[] - action?: NsfFolderShareActionInput - role?: string - expireAt?: string - expireIn?: string - expirationTimestamp?: number -} + folders: string[]; + recipients: string[]; + action?: NsfFolderShareActionInput; + role?: string; + expireAt?: string; + expireIn?: string; + expirationTimestamp?: number; +}; export type NsfFolderShareResultItem = { - folderUid: string - recipient: string - isTeam: boolean - success: boolean - actionTaken: NsfFolderShareActionTaken - message?: string -} + folderUid: string; + recipient: string; + isTeam: boolean; + success: boolean; + actionTaken: NsfFolderShareActionTaken; + message?: string; +}; export type ShareNestedShareFolderResult = { - results: NsfFolderShareResultItem[] -} + results: NsfFolderShareResultItem[]; +}; -export type NsfRecordShareActionInput = NsfRecordShareAction | `${NsfRecordShareAction}` +export type NsfRecordShareActionInput = + | NsfRecordShareAction + | `${NsfRecordShareAction}`; export type ShareNestedShareRecordInput = { - record: string - emails: string[] - action?: NsfRecordShareActionInput - role?: string - recursive?: boolean - dryRun?: boolean - /** Absolute expiration (ISO datetime or `never`). Mutually exclusive with expireIn. */ - expireAt?: string - /** Relative expiration (e.g. `30d`, `6mo`, `1y`, `24h`, `30mi`, or `never`). Mutually exclusive with expireAt. */ - expireIn?: string - /** Pre-parsed expiration in milliseconds; `-1` = never. Mutually exclusive with expireAt/expireIn. */ - expirationTimestamp?: number -} + record: string; + emails: string[]; + action?: NsfRecordShareActionInput; + role?: string; + recursive?: boolean; + dryRun?: boolean; + /** Absolute expiration (ISO datetime or `never`). Mutually exclusive with expireIn. */ + expireAt?: string; + /** Relative expiration (e.g. `30d`, `6mo`, `1y`, `24h`, `30mi`, or `never`). Mutually exclusive with expireAt. */ + expireIn?: string; + /** Pre-parsed expiration in milliseconds; `-1` = never. Mutually exclusive with expireAt/expireIn. */ + expirationTimestamp?: number; +}; export type NsfRecordSharePlanItem = { - recordUid: string - title: string - email: string - action: NsfRecordShareAction - role?: string - expirationTimestamp?: number -} + recordUid: string; + title: string; + email: string; + action: NsfRecordShareAction; + role?: string; + expirationTimestamp?: number; +}; export type NsfRecordShareResultItem = { - recordUid: string - email: string - success: boolean - actionTaken: NsfRecordShareActionTaken - message?: string -} + recordUid: string; + email: string; + success: boolean; + actionTaken: NsfRecordShareActionTaken; + message?: string; +}; export type ShareNestedShareRecordResult = { - dryRun: boolean - plan: NsfRecordSharePlanItem[] - results: NsfRecordShareResultItem[] -} + dryRun: boolean; + plan: NsfRecordSharePlanItem[]; + results: NsfRecordShareResultItem[]; +}; -export type NsfRecordPermissionActionInput = NsfRecordPermissionAction | `${NsfRecordPermissionAction}` +export type NsfRecordPermissionActionInput = + | NsfRecordPermissionAction + | `${NsfRecordPermissionAction}`; export type UpdateNsfRecordPermissionInput = { - folder?: string - action: NsfRecordPermissionActionInput - role?: string - recursive?: boolean - dryRun?: boolean - force?: boolean -} + folder?: string; + action: NsfRecordPermissionActionInput; + role?: string; + recursive?: boolean; + dryRun?: boolean; + force?: boolean; +}; export type NsfRecordPermissionPlanItem = { - recordUid: string - title: string - email: string - curRole: string - newRole?: string - reason?: string -} + recordUid: string; + title: string; + email: string; + curRole: string; + newRole?: string; + reason?: string; +}; export type NsfRecordPermissionPlan = { - grants: NsfRecordPermissionPlanItem[] - revokes: NsfRecordPermissionPlanItem[] - skipped: NsfRecordPermissionPlanItem[] -} + grants: NsfRecordPermissionPlanItem[]; + revokes: NsfRecordPermissionPlanItem[]; + skipped: NsfRecordPermissionPlanItem[]; +}; export type NsfRecordPermissionFailure = { - recordUid: string - email: string - code: string - message: string -} + recordUid: string; + email: string; + code: string; + message: string; +}; export type UpdateNsfRecordPermissionResult = { - confirmed: boolean - dryRun: boolean - folderDisplayName: string - plan: NsfRecordPermissionPlan - grantFailures: NsfRecordPermissionFailure[] - revokeFailures: NsfRecordPermissionFailure[] - message?: string -} + confirmed: boolean; + dryRun: boolean; + folderDisplayName: string; + plan: NsfRecordPermissionPlan; + grantFailures: NsfRecordPermissionFailure[]; + revokeFailures: NsfRecordPermissionFailure[]; + message?: string; +}; export type NsfShortcutRow = { - recordUid: string - title: string - folders: string[] -} + recordUid: string; + title: string; + folders: string[]; +}; export type ListNsfShortcutsOptions = { - target?: string - format?: ListNsfFormatInput -} + target?: string; + format?: ListNsfFormatInput; +}; export type KeepNsfShortcutInput = { - record: string - folder?: string - dryRun?: boolean -} + record: string; + folder?: string; + dryRun?: boolean; +}; export type KeepNsfShortcutPlanItem = { - recordUid: string - title: string - keepFolderUid: string - keepFolderLabel: string - removeFolderUids: string[] - removeFolderLabels: string[] -} + recordUid: string; + title: string; + keepFolderUid: string; + keepFolderLabel: string; + removeFolderUids: string[]; + removeFolderLabels: string[]; +}; export type KeepNsfShortcutResultItem = { - folderUid: string - success: boolean - message: string -} + folderUid: string; + success: boolean; + message: string; +}; export type KeepNsfShortcutResult = { - dryRun: boolean - plan: KeepNsfShortcutPlanItem - results: KeepNsfShortcutResultItem[] - nothingToDo: boolean -} + dryRun: boolean; + plan: KeepNsfShortcutPlanItem; + results: KeepNsfShortcutResultItem[]; + nothingToDo: boolean; +}; export type TransferNestedShareRecordInput = { - records: string[] - newOwnerEmail: string -} + records: string[]; + newOwnerEmail: string; +}; export type TransferNestedShareRecordResultItem = { - recordUid: string - success: boolean - message: string -} + recordUid: string; + success: boolean; + message: string; +}; export type TransferNestedShareRecordResult = { - results: TransferNestedShareRecordResultItem[] - success: boolean -} + results: TransferNestedShareRecordResultItem[]; + success: boolean; +}; export type UpdateNsfFolderInput = { - folder: string - name?: string - color?: NsfFolderColorInput - quiet?: boolean -} + folder: string; + name?: string; + color?: NsfFolderColorInput; + quiet?: boolean; +}; export type UpdateNsfFolderResult = { - folderUid: string - updated: boolean - message?: string -} + folderUid: string; + updated: boolean; + message?: string; +}; diff --git a/KeeperSdk/src/nestedShareFolders/removeNsfFolder.ts b/KeeperSdk/src/nestedShareFolders/removeNsfFolder.ts index 6e34567d..fc3b2352 100644 --- a/KeeperSdk/src/nestedShareFolders/removeNsfFolder.ts +++ b/KeeperSdk/src/nestedShareFolders/removeNsfFolder.ts @@ -1,231 +1,274 @@ -import type { Auth, folder as FolderProto } from '@keeper-security/keeperapi' -import { folder, normal64Bytes, removeFolderMessage, webSafe64FromBytes } from '@keeper-security/keeperapi' -import type { InMemoryStorage } from '../storage/InMemoryStorage' -import { KeeperSdkError, ResultCodes, extractErrorMessage } from '../utils' -import { NSF_MAX_FOLDER_REMOVALS } from './nsfConstants' +import type { Auth, folder as FolderProto } from "@keeper-security/keeperapi"; import { - checkFolderDeletePermission, - ensureNestedShareFolder, - getFolderDisplayName, - requireAuthAccountUid, - resolveNsfFolderIdentifier, -} from './nsfHelpers' + folder, + normal64Bytes, + removeFolderMessage, + webSafe64FromBytes, +} from "@keeper-security/keeperapi"; +import type { InMemoryStorage } from "../storage/InMemoryStorage"; +import { KeeperSdkError, ResultCodes, extractErrorMessage } from "../utils"; +import { NSF_MAX_FOLDER_REMOVALS } from "./nsfConstants"; +import { + checkFolderDeletePermission, + ensureNestedShareFolder, + getFolderDisplayName, + requireAuthAccountUid, + resolveNsfFolderIdentifier, +} from "./nsfHelpers"; import { - NsfRemoveFolderOperation, - type NsfRemoveFolderOperationInput, - type NsfRemoveFolderPreviewItem, - type RemoveNsfFolderInput, - type RemoveNsfFolderResult, -} from './nsfTypes' - -const { RemoveAction, FolderOperationType, RemoveStatus } = folder.v3.remove -const REMOVE_SUCCESS_STATUS = RemoveStatus[RemoveStatus.REMOVE_STATUS_SUCCESS] -const TRASH_ACTION_LABEL = 'moved to trash' -const PERMANENT_DELETE_ACTION_LABEL = 'permanently deleted' - -const OPERATION_MAP: Record = { - [NsfRemoveFolderOperation.FolderTrash]: FolderOperationType.FOLDER_MOVE_TO_FOLDER_TRASH, - [NsfRemoveFolderOperation.DeletePermanent]: FolderOperationType.FOLDER_DELETE_PERMANENT, -} + NsfRemoveFolderOperation, + type NsfRemoveFolderOperationInput, + type NsfRemoveFolderPreviewItem, + type RemoveNsfFolderInput, + type RemoveNsfFolderResult, +} from "./nsfTypes"; + +const { RemoveAction, FolderOperationType, RemoveStatus } = folder.v3.remove; +const REMOVE_SUCCESS_STATUS = RemoveStatus[RemoveStatus.REMOVE_STATUS_SUCCESS]; +const TRASH_ACTION_LABEL = "moved to trash"; +const PERMANENT_DELETE_ACTION_LABEL = "permanently deleted"; + +const OPERATION_MAP: Record< + NsfRemoveFolderOperation, + FolderProto.v3.remove.FolderOperationType +> = { + [NsfRemoveFolderOperation.FolderTrash]: + FolderOperationType.FOLDER_MOVE_TO_FOLDER_TRASH, + [NsfRemoveFolderOperation.DeletePermanent]: + FolderOperationType.FOLDER_DELETE_PERMANENT, +}; function normalizeOperation( - operation: NsfRemoveFolderOperationInput = NsfRemoveFolderOperation.FolderTrash + operation: NsfRemoveFolderOperationInput = NsfRemoveFolderOperation.FolderTrash, ): NsfRemoveFolderOperation { - const value = operation as NsfRemoveFolderOperation - if (value in OPERATION_MAP) return value - throw new KeeperSdkError( - `Invalid operation '${operation}'. Use: folder-trash, delete-permanent.`, - ResultCodes.NSF_REMOVE_FAILED - ) + const value = operation as NsfRemoveFolderOperation; + if (value in OPERATION_MAP) return value; + throw new KeeperSdkError( + `Invalid operation '${operation}'. Use: folder-trash, delete-permanent.`, + ResultCodes.NSF_REMOVE_FAILED, + ); } type RemovalSpec = { - folderUid: string - name: string - operation: FolderProto.v3.remove.FolderOperationType -} + folderUid: string; + name: string; + operation: FolderProto.v3.remove.FolderOperationType; +}; function buildRemovals( - storage: InMemoryStorage, - auth: Auth, - folderIdentifiers: string[], - operation: NsfRemoveFolderOperation + storage: InMemoryStorage, + auth: Auth, + folderIdentifiers: string[], + operation: NsfRemoveFolderOperation, ): RemovalSpec[] { - if (folderIdentifiers.length === 0) { - throw new KeeperSdkError('Enter the name or UID of at least one folder.', ResultCodes.NSF_NOT_FOUND) - } - if (folderIdentifiers.length > NSF_MAX_FOLDER_REMOVALS) { - throw new KeeperSdkError( - `Maximum ${NSF_MAX_FOLDER_REMOVALS} folders per request.`, - ResultCodes.NSF_TOO_MANY_FOLDERS - ) - } + if (folderIdentifiers.length === 0) { + throw new KeeperSdkError( + "Enter the name or UID of at least one folder.", + ResultCodes.NSF_NOT_FOUND, + ); + } + if (folderIdentifiers.length > NSF_MAX_FOLDER_REMOVALS) { + throw new KeeperSdkError( + `Maximum ${NSF_MAX_FOLDER_REMOVALS} folders per request.`, + ResultCodes.NSF_TOO_MANY_FOLDERS, + ); + } - const accountUid = requireAuthAccountUid(auth) + const accountUid = requireAuthAccountUid(auth); - const removals: RemovalSpec[] = [] - for (const identifier of folderIdentifiers) { - const folderUid = resolveNsfFolderIdentifier(storage, identifier) - if (!folderUid) { - throw new KeeperSdkError(`Folder '${identifier}' not found`, ResultCodes.NSF_NOT_FOUND) - } - ensureNestedShareFolder(storage, folderUid, identifier) - checkFolderDeletePermission(storage, folderUid, auth.username, accountUid) - removals.push({ - folderUid, - name: getFolderDisplayName(storage, folderUid), - operation: OPERATION_MAP[operation], - }) + const removals: RemovalSpec[] = []; + for (const identifier of folderIdentifiers) { + const folderUid = resolveNsfFolderIdentifier(storage, identifier); + if (!folderUid) { + throw new KeeperSdkError( + `Folder '${identifier}' not found`, + ResultCodes.NSF_NOT_FOUND, + ); } - return removals + ensureNestedShareFolder(storage, folderUid, identifier); + checkFolderDeletePermission(storage, folderUid, auth.username, accountUid); + removals.push({ + folderUid, + name: getFolderDisplayName(storage, folderUid), + operation: OPERATION_MAP[operation], + }); + } + return removals; } -function toRemovalInput(spec: RemovalSpec): FolderProto.v3.remove.IFolderRemoval { - return { - folderUid: normal64Bytes(spec.folderUid), - operationType: spec.operation, - } +function toRemovalInput( + spec: RemovalSpec, +): FolderProto.v3.remove.IFolderRemoval { + return { + folderUid: normal64Bytes(spec.folderUid), + operationType: spec.operation, + }; } async function executeRemove( - auth: Auth, - removals: RemovalSpec[], - action: FolderProto.v3.remove.RemoveAction, - confirmationToken?: Uint8Array + auth: Auth, + removals: RemovalSpec[], + action: FolderProto.v3.remove.RemoveAction, + confirmationToken?: Uint8Array, ): Promise { - return auth.executeRest( - removeFolderMessage({ - action, - folders: removals.map(toRemovalInput), - confirmationToken, - }) - ) + return auth.executeRest( + removeFolderMessage({ + action, + folders: removals.map(toRemovalInput), + confirmationToken, + }), + ); } -function mapPreviewItem(spec: RemovalSpec, item: FolderProto.v3.remove.IRemoveResult): NsfRemoveFolderPreviewItem { - return { - folderUid: item.itemUid?.length ? webSafe64FromBytes(item.itemUid) : spec.folderUid, - name: spec.name, - status: item.status == null ? 'REMOVE_STATUS_UNKNOWN' : (RemoveStatus[item.status] ?? String(item.status)), - impact: item.impact - ? { - foldersCount: item.impact.foldersCount ?? 0, - recordsCount: item.impact.recordsCount ?? 0, - affectedUsersCount: item.impact.affectedUsersCount ?? 0, - affectedTeamsCount: item.impact.affectedTeamsCount ?? 0, - warnings: [...(item.impact.warnings ?? [])], - } - : undefined, - error: item.error - ? { - code: item.error.code ?? 0, - message: item.error.message ?? '', - } - : undefined, - } +function mapPreviewItem( + spec: RemovalSpec, + item: FolderProto.v3.remove.IRemoveResult, +): NsfRemoveFolderPreviewItem { + return { + folderUid: item.itemUid?.length + ? webSafe64FromBytes(item.itemUid) + : spec.folderUid, + name: spec.name, + status: + item.status == null + ? "REMOVE_STATUS_UNKNOWN" + : (RemoveStatus[item.status] ?? String(item.status)), + impact: item.impact + ? { + foldersCount: item.impact.foldersCount ?? 0, + recordsCount: item.impact.recordsCount ?? 0, + affectedUsersCount: item.impact.affectedUsersCount ?? 0, + affectedTeamsCount: item.impact.affectedTeamsCount ?? 0, + warnings: [...(item.impact.warnings ?? [])], + } + : undefined, + error: item.error + ? { + code: item.error.code ?? 0, + message: item.error.message ?? "", + } + : undefined, + }; } function mapPreview( - removals: RemovalSpec[], - response: FolderProto.v3.remove.IRemoveResponse + removals: RemovalSpec[], + response: FolderProto.v3.remove.IRemoveResponse, ): NsfRemoveFolderPreviewItem[] { - return (response.results ?? []).map((item, index) => { - const spec = removals[index] - if (!spec) { - throw new KeeperSdkError('Folder removal preview mismatch.', ResultCodes.NSF_REMOVE_FAILED) - } - return mapPreviewItem(spec, item) - }) + return (response.results ?? []).map((item, index) => { + const spec = removals[index]; + if (!spec) { + throw new KeeperSdkError( + "Folder removal preview mismatch.", + ResultCodes.NSF_REMOVE_FAILED, + ); + } + return mapPreviewItem(spec, item); + }); } function hasPreviewErrors(preview: NsfRemoveFolderPreviewItem[]): boolean { - return preview.some((item) => item.error != null || item.status !== REMOVE_SUCCESS_STATUS) + return preview.some( + (item) => item.error != null || item.status !== REMOVE_SUCCESS_STATUS, + ); } export function formatRemoveNsfFolderPreview( - preview: NsfRemoveFolderPreviewItem[], - operation: NsfRemoveFolderOperation, - quiet = false + preview: NsfRemoveFolderPreviewItem[], + operation: NsfRemoveFolderOperation, + quiet = false, ): string { - const action = - operation === NsfRemoveFolderOperation.DeletePermanent - ? PERMANENT_DELETE_ACTION_LABEL - : TRASH_ACTION_LABEL - const lines: string[] = [] - - for (const item of preview) { - lines.push(`\nThe following folder will be ${action}:`) - lines.push(` ${item.name} [${item.folderUid}]`) - if (item.impact && !quiet) { - const parts = [ - `sub-folders=${item.impact.foldersCount}`, - `records=${item.impact.recordsCount}`, - `users=${item.impact.affectedUsersCount}`, - `teams=${item.impact.affectedTeamsCount}`, - ] - lines.push(` Impact: ${parts.join(', ')}`) - for (const warning of item.impact.warnings) { - lines.push(` Warning: ${warning}`) - } - } - if (item.error?.message) { - lines.push(` Error: ${item.error.message}`) - } + const action = + operation === NsfRemoveFolderOperation.DeletePermanent + ? PERMANENT_DELETE_ACTION_LABEL + : TRASH_ACTION_LABEL; + const lines: string[] = []; + + for (const item of preview) { + lines.push(`\nThe following folder will be ${action}:`); + lines.push(` ${item.name} [${item.folderUid}]`); + if (item.impact && !quiet) { + const parts = [ + `sub-folders=${item.impact.foldersCount}`, + `records=${item.impact.recordsCount}`, + `users=${item.impact.affectedUsersCount}`, + `teams=${item.impact.affectedTeamsCount}`, + ]; + lines.push(` Impact: ${parts.join(", ")}`); + for (const warning of item.impact.warnings) { + lines.push(` Warning: ${warning}`); + } + } + if (item.error?.message) { + lines.push(` Error: ${item.error.message}`); } + } - return lines.join('\n').trimEnd() + return lines.join("\n").trimEnd(); } export async function removeNestedShareFolders( - storage: InMemoryStorage, - auth: Auth, - input: RemoveNsfFolderInput + storage: InMemoryStorage, + auth: Auth, + input: RemoveNsfFolderInput, ): Promise { - const operation = normalizeOperation(input.operation) - const dryRun = input.dryRun ?? false - const removals = buildRemovals(storage, auth, input.folders, operation) - - try { - const previewResponse = await executeRemove(auth, removals, RemoveAction.REMOVE_ACTION_PREVIEW) - const preview = mapPreview(removals, previewResponse) - - if (hasPreviewErrors(preview)) { - throw new KeeperSdkError( - formatRemoveNsfFolderPreview(preview, operation, input.quiet) || 'Folder removal preview failed.', - ResultCodes.NSF_REMOVE_FAILED - ) - } + const operation = normalizeOperation(input.operation); + const dryRun = input.dryRun ?? false; + const removals = buildRemovals(storage, auth, input.folders, operation); - if (dryRun || !previewResponse.confirmationToken?.length) { - return { confirmed: false, dryRun, operation, preview } - } + try { + const previewResponse = await executeRemove( + auth, + removals, + RemoveAction.REMOVE_ACTION_PREVIEW, + ); + const preview = mapPreview(removals, previewResponse); - if (!input.force) { - return { - confirmed: false, - dryRun: false, - operation, - preview, - message: 'Confirmation required. Set force=true to proceed.', - } - } + if (hasPreviewErrors(preview)) { + throw new KeeperSdkError( + formatRemoveNsfFolderPreview(preview, operation, input.quiet) || + "Folder removal preview failed.", + ResultCodes.NSF_REMOVE_FAILED, + ); + } - await executeRemove(auth, removals, RemoveAction.REMOVE_ACTION_CONFIRM, previewResponse.confirmationToken) - const actionLabel = - operation === NsfRemoveFolderOperation.DeletePermanent ? 'Permanently deleted' : 'Moved to trash' - return { - confirmed: true, - dryRun: false, - operation, - preview, - message: `${actionLabel} ${removals.length} folder(s).`, - } - } catch (err) { - if (err instanceof KeeperSdkError) throw err - throw new KeeperSdkError( - `Failed to remove nested share folder(s): ${extractErrorMessage(err)}`, - ResultCodes.NSF_REMOVE_FAILED - ) + if (dryRun || !previewResponse.confirmationToken?.length) { + return { confirmed: false, dryRun, operation, preview }; + } + + if (!input.force) { + return { + confirmed: false, + dryRun: false, + operation, + preview, + message: "Confirmation required. Set force=true to proceed.", + }; } + + await executeRemove( + auth, + removals, + RemoveAction.REMOVE_ACTION_CONFIRM, + previewResponse.confirmationToken, + ); + const actionLabel = + operation === NsfRemoveFolderOperation.DeletePermanent + ? "Permanently deleted" + : "Moved to trash"; + return { + confirmed: true, + dryRun: false, + operation, + preview, + message: `${actionLabel} ${removals.length} folder(s).`, + }; + } catch (err) { + if (err instanceof KeeperSdkError) throw err; + throw new KeeperSdkError( + `Failed to remove nested share folder(s): ${extractErrorMessage(err)}`, + ResultCodes.NSF_REMOVE_FAILED, + ); + } } diff --git a/KeeperSdk/src/nestedShareFolders/removeNsfRecord.ts b/KeeperSdk/src/nestedShareFolders/removeNsfRecord.ts index 2afae04e..1e5f1bfd 100644 --- a/KeeperSdk/src/nestedShareFolders/removeNsfRecord.ts +++ b/KeeperSdk/src/nestedShareFolders/removeNsfRecord.ts @@ -1,234 +1,309 @@ -import type { Auth, folder as FolderProto } from '@keeper-security/keeperapi' -import { folder, normal64Bytes, removeRecordMessage, webSafe64FromBytes } from '@keeper-security/keeperapi' -import type { InMemoryStorage } from '../storage/InMemoryStorage' -import { KeeperSdkError, ResultCodes, extractErrorMessage } from '../utils' +import type { Auth, folder as FolderProto } from "@keeper-security/keeperapi"; import { - checkFolderRemovePermission, - checkRecordDeletePermission, - ensureNestedShareRecord, - findNestedShareFoldersForRecord, - isRootFolderUid, - resolveNsfFolderIdentifier, - resolveNsfRecordIdentifier, -} from './nsfHelpers' -import { NSF_MAX_RECORD_BATCH } from './nsfConstants' + folder, + normal64Bytes, + removeRecordMessage, + webSafe64FromBytes, +} from "@keeper-security/keeperapi"; +import type { InMemoryStorage } from "../storage/InMemoryStorage"; +import { KeeperSdkError, ResultCodes, extractErrorMessage } from "../utils"; import { - NsfRemoveOperation, - type NsfRemoveOperationInput, - type NsfRemovePreviewItem, - type RemoveNsfRecordInput, - type RemoveNsfRecordResult, -} from './nsfTypes' - -const { RemoveAction, RecordOperationType, RemoveStatus } = folder.v3.remove -const REMOVE_SUCCESS_STATUS = RemoveStatus[RemoveStatus.REMOVE_STATUS_SUCCESS] - -const OPERATION_MAP: Record = { - [NsfRemoveOperation.Unlink]: RecordOperationType.UNLINK_FROM_FOLDER, - [NsfRemoveOperation.FolderTrash]: RecordOperationType.MOVE_TO_FOLDER_TRASH, - [NsfRemoveOperation.OwnerTrash]: RecordOperationType.MOVE_TO_OWNER_TRASH, -} + checkFolderRemovePermission, + checkRecordDeletePermission, + ensureNestedShareRecord, + findNestedShareFoldersForRecord, + isRootFolderUid, + resolveNsfFolderIdentifier, + resolveNsfRecordIdentifier, +} from "./nsfHelpers"; +import { NSF_MAX_RECORD_BATCH } from "./nsfConstants"; +import { + NsfRemoveOperation, + type NsfRemoveOperationInput, + type NsfRemovePreviewItem, + type RemoveNsfRecordInput, + type RemoveNsfRecordResult, +} from "./nsfTypes"; -function normalizeOperation(operation: NsfRemoveOperationInput = NsfRemoveOperation.OwnerTrash): NsfRemoveOperation { - const value = operation as NsfRemoveOperation - if (value in OPERATION_MAP) return value - throw new KeeperSdkError( - `Invalid operation '${operation}'. Use: owner-trash, folder-trash, unlink.`, - ResultCodes.NSF_REMOVE_FAILED - ) +const { RemoveAction, RecordOperationType, RemoveStatus } = folder.v3.remove; +const REMOVE_SUCCESS_STATUS = RemoveStatus[RemoveStatus.REMOVE_STATUS_SUCCESS]; + +const OPERATION_MAP: Record< + NsfRemoveOperation, + FolderProto.v3.remove.RecordOperationType +> = { + [NsfRemoveOperation.Unlink]: RecordOperationType.UNLINK_FROM_FOLDER, + [NsfRemoveOperation.FolderTrash]: RecordOperationType.MOVE_TO_FOLDER_TRASH, + [NsfRemoveOperation.OwnerTrash]: RecordOperationType.MOVE_TO_OWNER_TRASH, +}; + +function normalizeOperation( + operation: NsfRemoveOperationInput = NsfRemoveOperation.OwnerTrash, +): NsfRemoveOperation { + const value = operation as NsfRemoveOperation; + if (value in OPERATION_MAP) return value; + throw new KeeperSdkError( + `Invalid operation '${operation}'. Use: owner-trash, folder-trash, unlink.`, + ResultCodes.NSF_REMOVE_FAILED, + ); } -function mapPreviewItem(item: FolderProto.v3.remove.IRemoveResult): NsfRemovePreviewItem { - return { - recordUid: item.itemUid?.length ? webSafe64FromBytes(item.itemUid) : '', - folderUid: item.folderUid?.length ? webSafe64FromBytes(item.folderUid) : '', - status: item.status == null ? 'REMOVE_STATUS_UNKNOWN' : (RemoveStatus[item.status] ?? String(item.status)), - impact: item.impact - ? { - foldersCount: item.impact.foldersCount ?? 0, - recordsCount: item.impact.recordsCount ?? 0, - affectedUsersCount: item.impact.affectedUsersCount ?? 0, - affectedTeamsCount: item.impact.affectedTeamsCount ?? 0, - warnings: [...(item.impact.warnings ?? [])], - } - : undefined, - error: item.error - ? { - code: item.error.code ?? 0, - message: item.error.message ?? '', - } - : undefined, - } +function mapPreviewItem( + item: FolderProto.v3.remove.IRemoveResult, +): NsfRemovePreviewItem { + return { + recordUid: item.itemUid?.length ? webSafe64FromBytes(item.itemUid) : "", + folderUid: item.folderUid?.length ? webSafe64FromBytes(item.folderUid) : "", + status: + item.status == null + ? "REMOVE_STATUS_UNKNOWN" + : (RemoveStatus[item.status] ?? String(item.status)), + impact: item.impact + ? { + foldersCount: item.impact.foldersCount ?? 0, + recordsCount: item.impact.recordsCount ?? 0, + affectedUsersCount: item.impact.affectedUsersCount ?? 0, + affectedTeamsCount: item.impact.affectedTeamsCount ?? 0, + warnings: [...(item.impact.warnings ?? [])], + } + : undefined, + error: item.error + ? { + code: item.error.code ?? 0, + message: item.error.message ?? "", + } + : undefined, + }; } function hasPreviewErrors(preview: NsfRemovePreviewItem[]): boolean { - return preview.some((item) => item.error != null || item.status !== REMOVE_SUCCESS_STATUS) + return preview.some( + (item) => item.error != null || item.status !== REMOVE_SUCCESS_STATUS, + ); } type RemovalSpec = { - recordUid: string - folderUid?: string - operation: FolderProto.v3.remove.RecordOperationType -} + recordUid: string; + folderUid?: string; + operation: FolderProto.v3.remove.RecordOperationType; +}; function buildRemovals( - storage: InMemoryStorage, - auth: Auth, - recordIdentifiers: string[], - folderIdentifier: string | undefined, - operation: NsfRemoveOperation + storage: InMemoryStorage, + auth: Auth, + recordIdentifiers: string[], + folderIdentifier: string | undefined, + operation: NsfRemoveOperation, ): RemovalSpec[] { - if (recordIdentifiers.length === 0) { - throw new KeeperSdkError('At least one record UID or title is required.', ResultCodes.NSF_NOT_FOUND) - } - if (recordIdentifiers.length > NSF_MAX_RECORD_BATCH) { - throw new KeeperSdkError(`Maximum ${NSF_MAX_RECORD_BATCH} records per request.`, ResultCodes.NSF_TOO_MANY_RECORDS) - } - if (operation === NsfRemoveOperation.Unlink && !folderIdentifier?.trim()) { - throw new KeeperSdkError( - '--folder is required when operation is "unlink".', - ResultCodes.NSF_FOLDER_REQUIRED - ) - } + if (recordIdentifiers.length === 0) { + throw new KeeperSdkError( + "At least one record UID or title is required.", + ResultCodes.NSF_NOT_FOUND, + ); + } + if (recordIdentifiers.length > NSF_MAX_RECORD_BATCH) { + throw new KeeperSdkError( + `Maximum ${NSF_MAX_RECORD_BATCH} records per request.`, + ResultCodes.NSF_TOO_MANY_RECORDS, + ); + } + if (operation === NsfRemoveOperation.Unlink && !folderIdentifier?.trim()) { + throw new KeeperSdkError( + '--folder is required when operation is "unlink".', + ResultCodes.NSF_FOLDER_REQUIRED, + ); + } - const folderUid = folderIdentifier ? resolveNsfFolderIdentifier(storage, folderIdentifier) : undefined - if (folderIdentifier && !folderUid) { - throw new KeeperSdkError(`Folder '${folderIdentifier}' not found`, ResultCodes.NSF_NOT_FOUND) - } + const folderUid = folderIdentifier + ? resolveNsfFolderIdentifier(storage, folderIdentifier) + : undefined; + if (folderIdentifier && !folderUid) { + throw new KeeperSdkError( + `Folder '${folderIdentifier}' not found`, + ResultCodes.NSF_NOT_FOUND, + ); + } - const accountUid = auth.accountUid - if (!accountUid?.length) { - throw new KeeperSdkError('Not logged in. Call login() first.', ResultCodes.NOT_LOGGED_IN) - } + const accountUid = auth.accountUid; + if (!accountUid?.length) { + throw new KeeperSdkError( + "Not logged in. Call login() first.", + ResultCodes.NOT_LOGGED_IN, + ); + } - const removals: RemovalSpec[] = [] - for (const identifier of recordIdentifiers) { - const recordUid = resolveNsfRecordIdentifier(storage, identifier) - if (!recordUid) { - throw new KeeperSdkError(`Record '${identifier}' not found`, ResultCodes.NSF_NOT_FOUND) - } - ensureNestedShareRecord(storage, recordUid, identifier) - - let ctxFolder = folderUid - if (!ctxFolder) { - const folders = findNestedShareFoldersForRecord(storage, recordUid) - if (folders.length === 0 && operation !== NsfRemoveOperation.OwnerTrash) { - throw new KeeperSdkError( - `No folder context for record '${identifier}'. Use folder option or owner-trash operation.`, - ResultCodes.NSF_NOT_FOUND - ) - } - ctxFolder = folders[0] - } + const removals: RemovalSpec[] = []; + for (const identifier of recordIdentifiers) { + const recordUid = resolveNsfRecordIdentifier(storage, identifier); + if (!recordUid) { + throw new KeeperSdkError( + `Record '${identifier}' not found`, + ResultCodes.NSF_NOT_FOUND, + ); + } + ensureNestedShareRecord(storage, recordUid, identifier); - if (operation === NsfRemoveOperation.OwnerTrash) { - checkRecordDeletePermission(storage, recordUid, auth.username, accountUid, ctxFolder) - } else { - if (!ctxFolder || isRootFolderUid(storage, ctxFolder)) { - throw new KeeperSdkError( - `Folder context is required for '${operation}' operation.`, - ResultCodes.NSF_FOLDER_REQUIRED - ) - } - checkFolderRemovePermission(storage, ctxFolder, recordUid, auth.username, accountUid) - } + let ctxFolder = folderUid; + if (!ctxFolder) { + const folders = findNestedShareFoldersForRecord(storage, recordUid); + if (folders.length === 0 && operation !== NsfRemoveOperation.OwnerTrash) { + throw new KeeperSdkError( + `No folder context for record '${identifier}'. Use folder option or owner-trash operation.`, + ResultCodes.NSF_NOT_FOUND, + ); + } + ctxFolder = folders[0]; + } - removals.push({ - recordUid, - folderUid: ctxFolder, - operation: OPERATION_MAP[operation], - }) + if (operation === NsfRemoveOperation.OwnerTrash) { + checkRecordDeletePermission( + storage, + recordUid, + auth.username, + accountUid, + ctxFolder, + ); + } else { + if (!ctxFolder || isRootFolderUid(storage, ctxFolder)) { + throw new KeeperSdkError( + `Folder context is required for '${operation}' operation.`, + ResultCodes.NSF_FOLDER_REQUIRED, + ); + } + checkFolderRemovePermission( + storage, + ctxFolder, + recordUid, + auth.username, + accountUid, + ); } - return removals + + removals.push({ + recordUid, + folderUid: ctxFolder, + operation: OPERATION_MAP[operation], + }); + } + return removals; } async function executeRemove( - auth: Auth, - removals: RemovalSpec[], - action: FolderProto.v3.remove.RemoveAction, - confirmationToken?: Uint8Array + auth: Auth, + removals: RemovalSpec[], + action: FolderProto.v3.remove.RemoveAction, + confirmationToken?: Uint8Array, ): Promise { - return auth.executeRest( - removeRecordMessage({ - action, - records: removals.map((spec) => ({ - recordUid: normal64Bytes(spec.recordUid), - folderUid: spec.folderUid ? normal64Bytes(spec.folderUid) : new Uint8Array(0), - operationType: spec.operation, - })), - confirmationToken, - }) - ) + return auth.executeRest( + removeRecordMessage({ + action, + records: removals.map((spec) => ({ + recordUid: normal64Bytes(spec.recordUid), + folderUid: spec.folderUid + ? normal64Bytes(spec.folderUid) + : new Uint8Array(0), + operationType: spec.operation, + })), + confirmationToken, + }), + ); } -export function collectRemoveNsfWarnings(preview: NsfRemovePreviewItem[]): string[] { - const warnings = new Set() - for (const item of preview) { - for (const warning of item.impact?.warnings ?? []) { - if (warning) warnings.add(warning) - } +export function collectRemoveNsfWarnings( + preview: NsfRemovePreviewItem[], +): string[] { + const warnings = new Set(); + for (const item of preview) { + for (const warning of item.impact?.warnings ?? []) { + if (warning) warnings.add(warning); } - return [...warnings] + } + return [...warnings]; } -export function formatRemoveNsfPreview(preview: NsfRemovePreviewItem[]): string { - const lines: string[] = [] - for (const item of preview) { - lines.push(`Record: ${item.recordUid}`) - if (item.folderUid) lines.push(` Folder: ${item.folderUid}`) - if (item.status !== REMOVE_SUCCESS_STATUS) { - lines.push(` Status: ${item.status}`) - } - if (item.impact) { - lines.push( - ` Impact: folders=${item.impact.foldersCount}, records=${item.impact.recordsCount}, users=${item.impact.affectedUsersCount}, teams=${item.impact.affectedTeamsCount}` - ) - } - if (item.error?.message) { - lines.push(` Error: ${item.error.message}`) - } - lines.push('') +export function formatRemoveNsfPreview( + preview: NsfRemovePreviewItem[], +): string { + const lines: string[] = []; + for (const item of preview) { + lines.push(`Record: ${item.recordUid}`); + if (item.folderUid) lines.push(` Folder: ${item.folderUid}`); + if (item.status !== REMOVE_SUCCESS_STATUS) { + lines.push(` Status: ${item.status}`); + } + if (item.impact) { + lines.push( + ` Impact: folders=${item.impact.foldersCount}, records=${item.impact.recordsCount}, users=${item.impact.affectedUsersCount}, teams=${item.impact.affectedTeamsCount}`, + ); + } + if (item.error?.message) { + lines.push(` Error: ${item.error.message}`); } - return lines.join('\n').trimEnd() + lines.push(""); + } + return lines.join("\n").trimEnd(); } export async function removeNestedShareRecords( - storage: InMemoryStorage, - auth: Auth, - input: RemoveNsfRecordInput + storage: InMemoryStorage, + auth: Auth, + input: RemoveNsfRecordInput, ): Promise { - const operation = normalizeOperation(input.operation) - const dryRun = input.dryRun ?? false - const removals = buildRemovals(storage, auth, input.records, input.folder, operation) + const operation = normalizeOperation(input.operation); + const dryRun = input.dryRun ?? false; + const removals = buildRemovals( + storage, + auth, + input.records, + input.folder, + operation, + ); - try { - const previewResponse = await executeRemove(auth, removals, RemoveAction.REMOVE_ACTION_PREVIEW) - const preview = (previewResponse.results ?? []).map(mapPreviewItem) + try { + const previewResponse = await executeRemove( + auth, + removals, + RemoveAction.REMOVE_ACTION_PREVIEW, + ); + const preview = (previewResponse.results ?? []).map(mapPreviewItem); - if (hasPreviewErrors(preview)) { - throw new KeeperSdkError(formatRemoveNsfPreview(preview) || 'Removal preview failed.', ResultCodes.NSF_REMOVE_FAILED) - } - - if (dryRun || !previewResponse.confirmationToken?.length) { - return { confirmed: false, dryRun, preview } - } + if (hasPreviewErrors(preview)) { + throw new KeeperSdkError( + formatRemoveNsfPreview(preview) || "Removal preview failed.", + ResultCodes.NSF_REMOVE_FAILED, + ); + } - if (!input.force) { - return { confirmed: false, dryRun: false, preview, message: 'Confirmation required. Set force=true to proceed.' } - } + if (dryRun || !previewResponse.confirmationToken?.length) { + return { confirmed: false, dryRun, preview }; + } - await executeRemove(auth, removals, RemoveAction.REMOVE_ACTION_CONFIRM, previewResponse.confirmationToken) - return { - confirmed: true, - dryRun: false, - preview, - message: `Removed ${removals.length} record(s).`, - } - } catch (err) { - if (err instanceof KeeperSdkError) throw err - throw new KeeperSdkError( - `Failed to remove nested share record(s): ${extractErrorMessage(err)}`, - ResultCodes.NSF_REMOVE_FAILED - ) + if (!input.force) { + return { + confirmed: false, + dryRun: false, + preview, + message: "Confirmation required. Set force=true to proceed.", + }; } + + await executeRemove( + auth, + removals, + RemoveAction.REMOVE_ACTION_CONFIRM, + previewResponse.confirmationToken, + ); + return { + confirmed: true, + dryRun: false, + preview, + message: `Removed ${removals.length} record(s).`, + }; + } catch (err) { + if (err instanceof KeeperSdkError) throw err; + throw new KeeperSdkError( + `Failed to remove nested share record(s): ${extractErrorMessage(err)}`, + ResultCodes.NSF_REMOVE_FAILED, + ); + } } diff --git a/KeeperSdk/src/nestedShareFolders/updateNsfFolder.ts b/KeeperSdk/src/nestedShareFolders/updateNsfFolder.ts index 177620f2..e823bbd5 100644 --- a/KeeperSdk/src/nestedShareFolders/updateNsfFolder.ts +++ b/KeeperSdk/src/nestedShareFolders/updateNsfFolder.ts @@ -1,160 +1,199 @@ -import type { Auth } from '@keeper-security/keeperapi' -import { Folder, folderUpdateMessage, normal64Bytes, platform } from '@keeper-security/keeperapi' -import type { InMemoryStorage } from '../storage/InMemoryStorage' -import { KeeperSdkError, ResultCodes, extractErrorMessage } from '../utils' -import { NSF_FOLDER_COLORS, type NsfFolderColor } from './nsfConstants' +import type { Auth } from "@keeper-security/keeperapi"; import { - checkFolderEditPermission, - ensureNestedShareFolder, - getFolderDisplayName, - getKeeperDriveFolder, - parseFolderModifyStatus, - patchNsfFolderMetadata, - requireAuthAccountUid, - resolveNsfFolderIdentifier, -} from './nsfHelpers' -import type { NsfFolderColorInput, UpdateNsfFolderInput, UpdateNsfFolderResult } from './nsfTypes' + Folder, + folderUpdateMessage, + normal64Bytes, + platform, +} from "@keeper-security/keeperapi"; +import type { InMemoryStorage } from "../storage/InMemoryStorage"; +import { KeeperSdkError, ResultCodes, extractErrorMessage } from "../utils"; +import { NSF_FOLDER_COLORS, type NsfFolderColor } from "./nsfConstants"; +import { + checkFolderEditPermission, + ensureNestedShareFolder, + getFolderDisplayName, + getKeeperDriveFolder, + parseFolderModifyStatus, + patchNsfFolderMetadata, + requireAuthAccountUid, + resolveNsfFolderIdentifier, +} from "./nsfHelpers"; +import type { + NsfFolderColorInput, + UpdateNsfFolderInput, + UpdateNsfFolderResult, +} from "./nsfTypes"; type NsfFolderMetadata = { - name: string - color?: string -} + name: string; + color?: string; +}; function normalizeColor(color: NsfFolderColorInput): NsfFolderColor { - if (!(NSF_FOLDER_COLORS as readonly string[]).includes(color)) { - throw new KeeperSdkError( - `Invalid color '${color}'. Use: ${NSF_FOLDER_COLORS.join(', ')}.`, - ResultCodes.NSF_UPDATE_FAILED - ) - } - return color + if (!(NSF_FOLDER_COLORS as readonly string[]).includes(color)) { + throw new KeeperSdkError( + `Invalid color '${color}'. Use: ${NSF_FOLDER_COLORS.join(", ")}.`, + ResultCodes.NSF_UPDATE_FAILED, + ); + } + return color; } -function readExistingMetadata(folderUid: string, storage: InMemoryStorage): NsfFolderMetadata { - const folder = getKeeperDriveFolder(storage, folderUid) - if (!folder) { - throw new KeeperSdkError(`Folder '${folderUid}' not found`, ResultCodes.NSF_NOT_FOUND) - } - const data = folder.data as NsfFolderMetadata - return { - name: data.name || '', - color: data.color, - } +function readExistingMetadata( + folderUid: string, + storage: InMemoryStorage, +): NsfFolderMetadata { + const folder = getKeeperDriveFolder(storage, folderUid); + if (!folder) { + throw new KeeperSdkError( + `Folder '${folderUid}' not found`, + ResultCodes.NSF_NOT_FOUND, + ); + } + const data = folder.data as NsfFolderMetadata; + return { + name: data.name || "", + color: data.color, + }; } function mergeFolderMetadata( - existing: NsfFolderMetadata, - newName: string | undefined, - color: NsfFolderColor | undefined + existing: NsfFolderMetadata, + newName: string | undefined, + color: NsfFolderColor | undefined, ): NsfFolderMetadata { - const metadata: NsfFolderMetadata = { - name: newName !== undefined ? newName : existing.name, - } - if (color !== undefined) { - if (color !== 'none') metadata.color = color - } else if (existing.color && existing.color !== 'none') { - metadata.color = existing.color - } - return metadata + const metadata: NsfFolderMetadata = { + name: newName !== undefined ? newName : existing.name, + }; + if (color !== undefined) { + if (color !== "none") metadata.color = color; + } else if (existing.color && existing.color !== "none") { + metadata.color = existing.color; + } + return metadata; } async function buildUpdateFolderData( - storage: InMemoryStorage, - folderUid: string, - metadata: NsfFolderMetadata + storage: InMemoryStorage, + folderUid: string, + metadata: NsfFolderMetadata, ): Promise { - const folderKey = await storage.getKeyBytes(folderUid) - if (!folderKey) { - throw new KeeperSdkError( - `Folder key not available for ${folderUid}. Run sync() first.`, - ResultCodes.NSF_MISSING_KEY - ) - } - - const encryptedData = await platform.aesGcmEncrypt( - platform.stringToBytes(JSON.stringify(metadata)), - folderKey - ) - - return Folder.FolderData.create({ - folderUid: normal64Bytes(folderUid), - data: encryptedData, - }) + const folderKey = await storage.getKeyBytes(folderUid); + if (!folderKey) { + throw new KeeperSdkError( + `Folder key not available for ${folderUid}. Run sync() first.`, + ResultCodes.NSF_MISSING_KEY, + ); + } + + const encryptedData = await platform.aesGcmEncrypt( + platform.stringToBytes(JSON.stringify(metadata)), + folderKey, + ); + + return Folder.FolderData.create({ + folderUid: normal64Bytes(folderUid), + data: encryptedData, + }); } function buildSuccessMessage( - folderDisplayName: string, - newName: string | undefined, - color: NsfFolderColor | undefined, - quiet?: boolean + folderDisplayName: string, + newName: string | undefined, + color: NsfFolderColor | undefined, + quiet?: boolean, ): string | undefined { - if (quiet) return undefined - if (newName !== undefined) { - return `Folder "${folderDisplayName}" has been renamed to "${newName}".` - } - if (color !== undefined) { - return `Folder "${folderDisplayName}" color has been updated.` - } - return `Folder "${folderDisplayName}" has been updated.` + if (quiet) return undefined; + if (newName !== undefined) { + return `Folder "${folderDisplayName}" has been renamed to "${newName}".`; + } + if (color !== undefined) { + return `Folder "${folderDisplayName}" color has been updated.`; + } + return `Folder "${folderDisplayName}" has been updated.`; } export async function updateNestedShareFolder( - storage: InMemoryStorage, - auth: Auth, - input: UpdateNsfFolderInput + storage: InMemoryStorage, + auth: Auth, + input: UpdateNsfFolderInput, ): Promise { - const folderArg = input.folder?.trim() - if (!folderArg) { - throw new KeeperSdkError('Enter the path or UID of existing folder.', ResultCodes.NSF_UPDATE_FAILED) + const folderArg = input.folder?.trim(); + if (!folderArg) { + throw new KeeperSdkError( + "Enter the path or UID of existing folder.", + ResultCodes.NSF_UPDATE_FAILED, + ); + } + + let newName = input.name; + if (newName !== undefined) { + newName = newName.trim(); + if (!newName) { + throw new KeeperSdkError( + "Folder name cannot be empty", + ResultCodes.NSF_UPDATE_FAILED, + ); } + } + + const color = + input.color !== undefined ? normalizeColor(input.color) : undefined; + if (newName === undefined && color === undefined) { + throw new KeeperSdkError( + "New folder name and/or color parameters are required.", + ResultCodes.NSF_UPDATE_FAILED, + ); + } + + const folderUid = resolveNsfFolderIdentifier(storage, folderArg); + if (!folderUid) { + throw new KeeperSdkError( + `Folder '${folderArg}' not found`, + ResultCodes.NSF_NOT_FOUND, + ); + } + + ensureNestedShareFolder(storage, folderUid, folderArg); + const accountUid = requireAuthAccountUid(auth); + checkFolderEditPermission(storage, folderUid, auth.username, accountUid); + + const folderDisplayName = getFolderDisplayName(storage, folderUid); + + try { + const existing = readExistingMetadata(folderUid, storage); + const metadata = mergeFolderMetadata(existing, newName, color); + const folderData = await buildUpdateFolderData( + storage, + folderUid, + metadata, + ); + + const response = await auth.executeRest( + folderUpdateMessage({ folderData: [folderData] }), + ); + parseFolderModifyStatus( + response.folderUpdateResults?.[0], + ResultCodes.NSF_UPDATE_FAILED, + ); + + await patchNsfFolderMetadata(storage, folderUid, metadata); - let newName = input.name - if (newName !== undefined) { - newName = newName.trim() - if (!newName) { - throw new KeeperSdkError('Folder name cannot be empty', ResultCodes.NSF_UPDATE_FAILED) - } - } - - const color = input.color !== undefined ? normalizeColor(input.color) : undefined - if (newName === undefined && color === undefined) { - throw new KeeperSdkError( - 'New folder name and/or color parameters are required.', - ResultCodes.NSF_UPDATE_FAILED - ) - } - - const folderUid = resolveNsfFolderIdentifier(storage, folderArg) - if (!folderUid) { - throw new KeeperSdkError(`Folder '${folderArg}' not found`, ResultCodes.NSF_NOT_FOUND) - } - - ensureNestedShareFolder(storage, folderUid, folderArg) - const accountUid = requireAuthAccountUid(auth) - checkFolderEditPermission(storage, folderUid, auth.username, accountUid) - - const folderDisplayName = getFolderDisplayName(storage, folderUid) - - try { - const existing = readExistingMetadata(folderUid, storage) - const metadata = mergeFolderMetadata(existing, newName, color) - const folderData = await buildUpdateFolderData(storage, folderUid, metadata) - - const response = await auth.executeRest(folderUpdateMessage({ folderData: [folderData] })) - parseFolderModifyStatus(response.folderUpdateResults?.[0], ResultCodes.NSF_UPDATE_FAILED) - - await patchNsfFolderMetadata(storage, folderUid, metadata) - - return { - folderUid, - updated: true, - message: buildSuccessMessage(folderDisplayName, newName, color, input.quiet), - } - } catch (err) { - if (err instanceof KeeperSdkError) throw err - throw new KeeperSdkError( - `Failed to update nested share folder: ${extractErrorMessage(err)}`, - ResultCodes.NSF_UPDATE_FAILED - ) - } + return { + folderUid, + updated: true, + message: buildSuccessMessage( + folderDisplayName, + newName, + color, + input.quiet, + ), + }; + } catch (err) { + if (err instanceof KeeperSdkError) throw err; + throw new KeeperSdkError( + `Failed to update nested share folder: ${extractErrorMessage(err)}`, + ResultCodes.NSF_UPDATE_FAILED, + ); + } } diff --git a/KeeperSdk/src/nestedShareFolders/updateNsfRecord.ts b/KeeperSdk/src/nestedShareFolders/updateNsfRecord.ts index 8829ed38..7de09bac 100644 --- a/KeeperSdk/src/nestedShareFolders/updateNsfRecord.ts +++ b/KeeperSdk/src/nestedShareFolders/updateNsfRecord.ts @@ -1,196 +1,231 @@ -import type { Auth, DRecord } from '@keeper-security/keeperapi' -import { keeperDriveRecordsUpdate, normal64Bytes, platform } from '@keeper-security/keeperapi' -import type { InMemoryStorage } from '../storage/InMemoryStorage' -import { VaultObjectKind } from '../folders/folderHelpers' -import { KeeperSdkError, ResultCodes, extractErrorMessage } from '../utils' -import { NSF_MAX_RECORD_BATCH } from './nsfConstants' -import { resolveRecordKeyBytes } from './nsfRecordCrypto' -import { getPaddedJsonBytes, mergeNsfRecordData } from './nsfRecordData' +import type { Auth, DRecord } from "@keeper-security/keeperapi"; import { - checkRecordEditPermission, - ensureNestedShareRecord, - nsfToNumber, - parseRecordModifyStatus, - requireAuthAccountUid, - resolveNsfRecordIdentifier, -} from './nsfHelpers' -import { validateNsfRecordType } from './nsfRecordTypes' + keeperDriveRecordsUpdate, + normal64Bytes, + platform, +} from "@keeper-security/keeperapi"; +import type { InMemoryStorage } from "../storage/InMemoryStorage"; +import { VaultObjectKind } from "../folders/folderHelpers"; +import { KeeperSdkError, ResultCodes, extractErrorMessage } from "../utils"; +import { NSF_MAX_RECORD_BATCH } from "./nsfConstants"; +import { resolveRecordKeyBytes } from "./nsfRecordCrypto"; +import { getPaddedJsonBytes, mergeNsfRecordData } from "./nsfRecordData"; +import { + checkRecordEditPermission, + ensureNestedShareRecord, + nsfToNumber, + parseRecordModifyStatus, + requireAuthAccountUid, + resolveNsfRecordIdentifier, +} from "./nsfHelpers"; +import { validateNsfRecordType } from "./nsfRecordTypes"; import type { - RecordUpdatePayload, - UpdateNsfRecordInput, - UpdateNsfRecordItemInput, - UpdateNsfRecordsInput, - UpdateNsfRecordResult, - UpdateNsfRecordResultItem, -} from './nsfTypes' - -type UpdateNsfRecordChanges = Omit - -function loadStoredRecordData(storage: InMemoryStorage, recordUid: string): Record { - const record = storage.getByUid(VaultObjectKind.Record, recordUid) - if (record?.data && typeof record.data === 'object') { - return structuredClone(record.data) as Record - } - return { fields: [] } + RecordUpdatePayload, + UpdateNsfRecordInput, + UpdateNsfRecordItemInput, + UpdateNsfRecordsInput, + UpdateNsfRecordResult, + UpdateNsfRecordResultItem, +} from "./nsfTypes"; + +type UpdateNsfRecordChanges = Omit; + +function loadStoredRecordData( + storage: InMemoryStorage, + recordUid: string, +): Record { + const record = storage.getByUid(VaultObjectKind.Record, recordUid); + if (record?.data && typeof record.data === "object") { + return structuredClone(record.data) as Record; + } + return { fields: [] }; } function isPerRecordUpdateInput( - input: UpdateNsfRecordInput | UpdateNsfRecordsInput + input: UpdateNsfRecordInput | UpdateNsfRecordsInput, ): input is UpdateNsfRecordsInput { - const first = input.records[0] - return first != null && typeof first === 'object' && 'record' in first + const first = input.records[0]; + return first != null && typeof first === "object" && "record" in first; } -function toUpdateItems(input: UpdateNsfRecordInput | UpdateNsfRecordsInput): UpdateNsfRecordItemInput[] { - if (isPerRecordUpdateInput(input)) { - return input.records - } - const { records, ...changes } = input - return records.map((record) => ({ record, ...changes })) +function toUpdateItems( + input: UpdateNsfRecordInput | UpdateNsfRecordsInput, +): UpdateNsfRecordItemInput[] { + if (isPerRecordUpdateInput(input)) { + return input.records; + } + const { records, ...changes } = input; + return records.map((record) => ({ record, ...changes })); } function hasUpdateChanges(changes: UpdateNsfRecordChanges): boolean { - return !!( - changes.title?.trim() || - changes.recordType?.trim() || - changes.notes?.trim() || - changes.fieldEntries?.length || - changes.customEntries?.length - ) + return !!( + changes.title?.trim() || + changes.recordType?.trim() || + changes.notes?.trim() || + changes.fieldEntries?.length || + changes.customEntries?.length + ); } async function buildRecordUpdatePayload( - storage: InMemoryStorage, - auth: Auth, - recordUid: string, - changes: UpdateNsfRecordChanges + storage: InMemoryStorage, + auth: Auth, + recordUid: string, + changes: UpdateNsfRecordChanges, ): Promise { - const storedRecord = storage.getByUid(VaultObjectKind.Record, recordUid) - const recordKey = await resolveRecordKeyBytes(storage, auth, recordUid) - if (!recordKey) { - throw new KeeperSdkError( - `Record key not available for ${recordUid}. Run sync() first.`, - ResultCodes.NSF_MISSING_KEY - ) - } - - const mergedRecordData = mergeNsfRecordData(loadStoredRecordData(storage, recordUid), changes) - return { - recordUid, - storedRecord, - mergedRecordData, - recordUpdate: { - recordUid: normal64Bytes(recordUid), - clientModifiedTime: Date.now(), - revision: storedRecord?.revision ?? 0, - data: await platform.aesGcmEncrypt(getPaddedJsonBytes(mergedRecordData), recordKey), - }, - } + const storedRecord = storage.getByUid( + VaultObjectKind.Record, + recordUid, + ); + const recordKey = await resolveRecordKeyBytes(storage, auth, recordUid); + if (!recordKey) { + throw new KeeperSdkError( + `Record key not available for ${recordUid}. Run sync() first.`, + ResultCodes.NSF_MISSING_KEY, + ); + } + + const mergedRecordData = mergeNsfRecordData( + loadStoredRecordData(storage, recordUid), + changes, + ); + return { + recordUid, + storedRecord, + mergedRecordData, + recordUpdate: { + recordUid: normal64Bytes(recordUid), + clientModifiedTime: Date.now(), + revision: storedRecord?.revision ?? 0, + data: await platform.aesGcmEncrypt( + getPaddedJsonBytes(mergedRecordData), + recordKey, + ), + }, + }; } export async function updateNestedShareRecords( - storage: InMemoryStorage, - auth: Auth, - input: UpdateNsfRecordInput | UpdateNsfRecordsInput + storage: InMemoryStorage, + auth: Auth, + input: UpdateNsfRecordInput | UpdateNsfRecordsInput, ): Promise { - const items = toUpdateItems(input) - if (items.length === 0) { - throw new KeeperSdkError('Record UID is required.', ResultCodes.NSF_UPDATE_FAILED) - } - if (items.length > NSF_MAX_RECORD_BATCH) { - throw new KeeperSdkError( - `Maximum ${NSF_MAX_RECORD_BATCH} records per request.`, - ResultCodes.NSF_TOO_MANY_RECORDS - ) + const items = toUpdateItems(input); + if (items.length === 0) { + throw new KeeperSdkError( + "Record UID is required.", + ResultCodes.NSF_UPDATE_FAILED, + ); + } + if (items.length > NSF_MAX_RECORD_BATCH) { + throw new KeeperSdkError( + `Maximum ${NSF_MAX_RECORD_BATCH} records per request.`, + ResultCodes.NSF_TOO_MANY_RECORDS, + ); + } + + for (const item of items) { + if (!hasUpdateChanges(item)) { + throw new KeeperSdkError( + `At least one field to update is required for record '${item.record}'.`, + ResultCodes.NSF_UPDATE_FAILED, + ); } + } - for (const item of items) { - if (!hasUpdateChanges(item)) { - throw new KeeperSdkError( - `At least one field to update is required for record '${item.record}'.`, - ResultCodes.NSF_UPDATE_FAILED - ) - } + const recordTypes = new Set(); + for (const item of items) { + if (item.recordType?.trim()) { + recordTypes.add(item.recordType.trim()); } - - const recordTypes = new Set() + } + for (const recordType of recordTypes) { + await validateNsfRecordType( + auth, + recordType, + ResultCodes.NSF_UPDATE_FAILED, + ); + } + + const accountUid = requireAuthAccountUid(auth); + + try { + const payloads: RecordUpdatePayload[] = []; for (const item of items) { - if (item.recordType?.trim()) { - recordTypes.add(item.recordType.trim()) - } - } - for (const recordType of recordTypes) { - await validateNsfRecordType(auth, recordType, ResultCodes.NSF_UPDATE_FAILED) + const { record: identifier, ...changes } = item; + const recordUid = resolveNsfRecordIdentifier(storage, identifier); + if (!recordUid) { + throw new KeeperSdkError( + `Record '${identifier}' not found`, + ResultCodes.NSF_NOT_FOUND, + ); + } + ensureNestedShareRecord(storage, recordUid, identifier); + checkRecordEditPermission(storage, recordUid, auth.username, accountUid); + payloads.push( + await buildRecordUpdatePayload(storage, auth, recordUid, changes), + ); } - const accountUid = requireAuthAccountUid(auth) - - try { - const payloads: RecordUpdatePayload[] = [] - for (const item of items) { - const { record: identifier, ...changes } = item - const recordUid = resolveNsfRecordIdentifier(storage, identifier) - if (!recordUid) { - throw new KeeperSdkError(`Record '${identifier}' not found`, ResultCodes.NSF_NOT_FOUND) - } - ensureNestedShareRecord(storage, recordUid, identifier) - checkRecordEditPermission(storage, recordUid, auth.username, accountUid) - payloads.push(await buildRecordUpdatePayload(storage, auth, recordUid, changes)) - } - - const response = await auth.executeRest( - keeperDriveRecordsUpdate({ - records: payloads.map((entry) => entry.recordUpdate), - clientTime: Date.now(), - }) - ) - const revision = nsfToNumber(response.revision) - - const updated: UpdateNsfRecordResultItem[] = [] - for (let index = 0; index < payloads.length; index++) { - const payload = payloads[index] - const { statusName, message } = parseRecordModifyStatus( - response.records?.[index], - ResultCodes.NSF_UPDATE_FAILED - ) - const itemRevision = revision ?? payload.storedRecord?.revision - - if (payload.storedRecord) { - await storage.put({ - ...payload.storedRecord, - data: payload.mergedRecordData, - revision: itemRevision ?? payload.storedRecord.revision, - clientModifiedTime: Date.now(), - }) - } - - updated.push({ - recordUid: payload.recordUid, - success: true, - status: statusName, - message, - revision: itemRevision, - }) - } - - return { updated } - } catch (err) { - if (err instanceof KeeperSdkError) throw err - throw new KeeperSdkError( - `Failed to update nested share record(s): ${extractErrorMessage(err)}`, - ResultCodes.NSF_UPDATE_FAILED - ) + const response = await auth.executeRest( + keeperDriveRecordsUpdate({ + records: payloads.map((entry) => entry.recordUpdate), + clientTime: Date.now(), + }), + ); + const revision = nsfToNumber(response.revision); + + const updated: UpdateNsfRecordResultItem[] = []; + for (let index = 0; index < payloads.length; index++) { + const payload = payloads[index]; + const { statusName, message } = parseRecordModifyStatus( + response.records?.[index], + ResultCodes.NSF_UPDATE_FAILED, + ); + const itemRevision = revision ?? payload.storedRecord?.revision; + + if (payload.storedRecord) { + await storage.put({ + ...payload.storedRecord, + data: payload.mergedRecordData, + revision: itemRevision ?? payload.storedRecord.revision, + clientModifiedTime: Date.now(), + }); + } + + updated.push({ + recordUid: payload.recordUid, + success: true, + status: statusName, + message, + revision: itemRevision, + }); } + + return { updated }; + } catch (err) { + if (err instanceof KeeperSdkError) throw err; + throw new KeeperSdkError( + `Failed to update nested share record(s): ${extractErrorMessage(err)}`, + ResultCodes.NSF_UPDATE_FAILED, + ); + } } export async function updateNestedShareRecord( - storage: InMemoryStorage, - auth: Auth, - input: UpdateNsfRecordItemInput + storage: InMemoryStorage, + auth: Auth, + input: UpdateNsfRecordItemInput, ): Promise { - const { updated } = await updateNestedShareRecords(storage, auth, { records: [input] }) - if (!updated[0]) { - throw new KeeperSdkError('Failed to update nested share record.', ResultCodes.NSF_UPDATE_FAILED) - } - return updated[0] + const { updated } = await updateNestedShareRecords(storage, auth, { + records: [input], + }); + if (!updated[0]) { + throw new KeeperSdkError( + "Failed to update nested share record.", + ResultCodes.NSF_UPDATE_FAILED, + ); + } + return updated[0]; } diff --git a/KeeperSdk/src/records/RecordOperations.ts b/KeeperSdk/src/records/RecordOperations.ts index acee9afa..b03749b4 100644 --- a/KeeperSdk/src/records/RecordOperations.ts +++ b/KeeperSdk/src/records/RecordOperations.ts @@ -1,549 +1,607 @@ import { - Auth, - Records, - platform, - generateEncryptionKey, - generateUidBytes, - webSafe64FromBytes, - recordsAddMessage, - recordsUpdateMessage, - recordPreDeleteCommand, - recordDeleteCommand, - recordAddCommand, - moveCommand, - getRecordHistoryCommand, - normal64Bytes, -} from '@keeper-security/keeperapi' + Auth, + Records, + platform, + generateEncryptionKey, + generateUidBytes, + webSafe64FromBytes, + recordsAddMessage, + recordsUpdateMessage, + recordPreDeleteCommand, + recordDeleteCommand, + recordAddCommand, + moveCommand, + getRecordHistoryCommand, + normal64Bytes, +} from "@keeper-security/keeperapi"; import type { - DSharedFolder, - DSharedFolderFolder, - DSharedFolderRecord, - DUserFolder, - DRecord, - KeeperPreDeleteResponse, - MoveObject, - MoveRequest, - TransitionKeyObject, - RecordPreDeleteObject, - GetRecordHistoryResponse, -} from '@keeper-security/keeperapi' -import { extractErrorMessage, KeeperSdkError, logger } from '../utils' -import { RecordVersion } from './RecordUtils' -import { InMemoryStorage } from '../storage/InMemoryStorage' -import { DeleteResolution, FolderKind, VaultObjectKind } from '../folders/folderHelpers' + DSharedFolder, + DSharedFolderFolder, + DSharedFolderRecord, + DUserFolder, + DRecord, + KeeperPreDeleteResponse, + MoveObject, + MoveRequest, + TransitionKeyObject, + RecordPreDeleteObject, + GetRecordHistoryResponse, +} from "@keeper-security/keeperapi"; +import { extractErrorMessage, KeeperSdkError, logger } from "../utils"; +import { RecordVersion } from "./RecordUtils"; +import { InMemoryStorage } from "../storage/InMemoryStorage"; +import { + DeleteResolution, + FolderKind, + VaultObjectKind, +} from "../folders/folderHelpers"; enum ResultCode { - Success = 'success', - OK = 'OK', + Success = "success", + OK = "OK", } -const MIN_RECORD_PAD_BYTES = 384 -const PAD_BLOCK_SIZE = 16 +const MIN_RECORD_PAD_BYTES = 384; +const PAD_BLOCK_SIZE = 16; function getPaddedJsonBytes(data: Record): Uint8Array { - const json = JSON.stringify(data) - const paddedLength = Math.ceil(Math.max(MIN_RECORD_PAD_BYTES, json.length) / PAD_BLOCK_SIZE) * PAD_BLOCK_SIZE - const padded = json.padEnd(paddedLength, ' ') - return new TextEncoder().encode(padded) + const json = JSON.stringify(data); + const paddedLength = + Math.ceil(Math.max(MIN_RECORD_PAD_BYTES, json.length) / PAD_BLOCK_SIZE) * + PAD_BLOCK_SIZE; + const padded = json.padEnd(paddedLength, " "); + return new TextEncoder().encode(padded); } export type PasswordRecordData = { - title: string - login?: string - password?: string - url?: string - notes?: string - custom?: { name: string; value: string; type?: string }[] - totp?: string -} - -function buildLegacyPasswordExtra(data: PasswordRecordData, recordUid: string): Record { - const totp = data.totp?.trim() - if (!totp) { - return {} - } - return { - files: [], - fields: [ - { - id: recordUid, - field_type: 'totp', - field_title: 'One-Time Password', - data: totp, - }, - ], - } + title: string; + login?: string; + password?: string; + url?: string; + notes?: string; + custom?: { name: string; value: string; type?: string }[]; + totp?: string; +}; + +function buildLegacyPasswordExtra( + data: PasswordRecordData, + recordUid: string, +): Record { + const totp = data.totp?.trim(); + if (!totp) { + return {}; + } + return { + files: [], + fields: [ + { + id: recordUid, + field_type: "totp", + field_title: "One-Time Password", + data: totp, + }, + ], + }; } export type RecordFieldInput = { - type: string - value: any[] - label?: string -} + type: string; + value: any[]; + label?: string; +}; export type TypedRecordData = { - type: string - title: string - fields?: RecordFieldInput[] - custom?: RecordFieldInput[] - notes?: string -} + type: string; + title: string; + fields?: RecordFieldInput[]; + custom?: RecordFieldInput[]; + notes?: string; +}; export type NewRecordInput = - | { version: 2; data: PasswordRecordData; folderUid?: string } - | { version: 3; data: TypedRecordData; folderUid?: string } + | { version: 2; data: PasswordRecordData; folderUid?: string } + | { version: 3; data: TypedRecordData; folderUid?: string }; export type AddRecordResult = { - recordUid: string - success: boolean - status?: string -} + recordUid: string; + success: boolean; + status?: string; +}; export type UpdateRecordResult = { - recordUid: string - success: boolean - status?: string -} + recordUid: string; + success: boolean; + status?: string; +}; export type DeleteRecordResult = { - recordUid: string - success: boolean - message?: string -} + recordUid: string; + success: boolean; + message?: string; +}; export async function addRecord( - auth: Auth, - input: NewRecordInput + auth: Auth, + input: NewRecordInput, ): Promise { - if (!input.data.title || !input.data.title.trim()) { - throw new KeeperSdkError('Record title is required.', 'missing_record_title') - } - if (input.version === 3 && !input.data.type?.trim()) { - throw new KeeperSdkError('Record type is required for v3 records.', 'missing_record_type') - } - if (input.version === 2) { - return addPasswordRecord(auth, input.data, input.folderUid) - } - return addTypedRecord(auth, input.data, input.folderUid) + if (!input.data.title || !input.data.title.trim()) { + throw new KeeperSdkError( + "Record title is required.", + "missing_record_title", + ); + } + if (input.version === 3 && !input.data.type?.trim()) { + throw new KeeperSdkError( + "Record type is required for v3 records.", + "missing_record_type", + ); + } + if (input.version === 2) { + return addPasswordRecord(auth, input.data, input.folderUid); + } + return addTypedRecord(auth, input.data, input.folderUid); } async function addPasswordRecord( - auth: Auth, - data: PasswordRecordData, - folderUid?: string + auth: Auth, + data: PasswordRecordData, + folderUid?: string, ): Promise { - const recordUidBytes = generateUidBytes() - const recordKey = generateEncryptionKey() - const recordUid = webSafe64FromBytes(recordUidBytes) - - const recordDataJson = JSON.stringify({ - title: data.title || '', - secret1: data.login || '', - secret2: data.password || '', - link: data.url || '', - notes: data.notes || '', - custom: (data.custom || []).map((c) => ({ - name: c.name, - value: c.value, - type: c.type || 'text', - })), - }) - - const extraJson = JSON.stringify(buildLegacyPasswordExtra(data, recordUid)) - - const dataBytes = new TextEncoder().encode(recordDataJson) - const extraBytes = new TextEncoder().encode(extraJson) - - const encryptedData = await platform.aesCbcEncrypt(dataBytes, recordKey, true) - const encryptedExtra = await platform.aesCbcEncrypt(extraBytes, recordKey, true) - const encryptedRecordKey = await platform.aesCbcEncrypt(recordKey, auth.dataKey!, true) - - const cmd = recordAddCommand({ - record_uid: recordUid, - record_key: webSafe64FromBytes(encryptedRecordKey), - record_type: 'password', - folder_type: FolderKind.UserFolder, - how_long_ago: 0, - folder_uid: folderUid || '', - folder_key: '', - data: webSafe64FromBytes(encryptedData), - extra: webSafe64FromBytes(encryptedExtra), - non_shared_data: '', - file_ids: [], - }) - - const response = await auth.executeRestCommand(cmd) - - return { - recordUid, - success: response.result_code === ResultCode.Success, - status: response.result_code, - } + const recordUidBytes = generateUidBytes(); + const recordKey = generateEncryptionKey(); + const recordUid = webSafe64FromBytes(recordUidBytes); + + const recordDataJson = JSON.stringify({ + title: data.title || "", + secret1: data.login || "", + secret2: data.password || "", + link: data.url || "", + notes: data.notes || "", + custom: (data.custom || []).map((c) => ({ + name: c.name, + value: c.value, + type: c.type || "text", + })), + }); + + const extraJson = JSON.stringify(buildLegacyPasswordExtra(data, recordUid)); + + const dataBytes = new TextEncoder().encode(recordDataJson); + const extraBytes = new TextEncoder().encode(extraJson); + + const encryptedData = await platform.aesCbcEncrypt( + dataBytes, + recordKey, + true, + ); + const encryptedExtra = await platform.aesCbcEncrypt( + extraBytes, + recordKey, + true, + ); + const encryptedRecordKey = await platform.aesCbcEncrypt( + recordKey, + auth.dataKey!, + true, + ); + + const cmd = recordAddCommand({ + record_uid: recordUid, + record_key: webSafe64FromBytes(encryptedRecordKey), + record_type: "password", + folder_type: FolderKind.UserFolder, + how_long_ago: 0, + folder_uid: folderUid || "", + folder_key: "", + data: webSafe64FromBytes(encryptedData), + extra: webSafe64FromBytes(encryptedExtra), + non_shared_data: "", + file_ids: [], + }); + + const response = await auth.executeRestCommand(cmd); + + return { + recordUid, + success: response.result_code === ResultCode.Success, + status: response.result_code, + }; } async function addTypedRecord( - auth: Auth, - data: TypedRecordData, - folderUid?: string + auth: Auth, + data: TypedRecordData, + folderUid?: string, ): Promise { - const recordUidBytes = generateUidBytes() - const recordKey = generateEncryptionKey() - const recordUid = webSafe64FromBytes(recordUidBytes) - - const recordPayload = { - type: data.type, - title: data.title, - fields: data.fields || [], - custom: data.custom || [], - notes: data.notes || '', - } - - const dataBytes = getPaddedJsonBytes(recordPayload) - const encryptedData = await platform.aesGcmEncrypt(dataBytes, recordKey) - const encryptedRecordKey = await platform.aesGcmEncrypt(recordKey, auth.dataKey!) - - const recordAdd: Records.IRecordAdd = { - recordUid: recordUidBytes, - recordKey: encryptedRecordKey, - clientModifiedTime: Date.now(), - data: encryptedData, - folderType: Records.RecordFolderType.user_folder, - } - - if (folderUid) { - recordAdd.folderUid = normal64Bytes(folderUid) - } - - const request: Records.IRecordsAddRequest = { - records: [recordAdd], - clientTime: Date.now(), - } - - const msg = recordsAddMessage(request) - const response = await auth.executeRest(msg) - - const recordStatus = response.records?.[0] - const success = - recordStatus?.status === Records.RecordModifyResult.RS_SUCCESS || - !recordStatus?.status - - return { - recordUid, - success, - status: recordStatus?.status != null - ? Records.RecordModifyResult[recordStatus.status] - : ResultCode.OK, - } + const recordUidBytes = generateUidBytes(); + const recordKey = generateEncryptionKey(); + const recordUid = webSafe64FromBytes(recordUidBytes); + + const recordPayload = { + type: data.type, + title: data.title, + fields: data.fields || [], + custom: data.custom || [], + notes: data.notes || "", + }; + + const dataBytes = getPaddedJsonBytes(recordPayload); + const encryptedData = await platform.aesGcmEncrypt(dataBytes, recordKey); + const encryptedRecordKey = await platform.aesGcmEncrypt( + recordKey, + auth.dataKey!, + ); + + const recordAdd: Records.IRecordAdd = { + recordUid: recordUidBytes, + recordKey: encryptedRecordKey, + clientModifiedTime: Date.now(), + data: encryptedData, + folderType: Records.RecordFolderType.user_folder, + }; + + if (folderUid) { + recordAdd.folderUid = normal64Bytes(folderUid); + } + + const request: Records.IRecordsAddRequest = { + records: [recordAdd], + clientTime: Date.now(), + }; + + const msg = recordsAddMessage(request); + const response = await auth.executeRest(msg); + + const recordStatus = response.records?.[0]; + const success = + recordStatus?.status === Records.RecordModifyResult.RS_SUCCESS || + !recordStatus?.status; + + return { + recordUid, + success, + status: + recordStatus?.status != null + ? Records.RecordModifyResult[recordStatus.status] + : ResultCode.OK, + }; } export async function updateRecord( - auth: Auth, - recordUid: string, - data: TypedRecordData, - revision: number, - recordKey: Uint8Array + auth: Auth, + recordUid: string, + data: TypedRecordData, + revision: number, + recordKey: Uint8Array, ): Promise { - if (!data.title || !data.title.trim()) { - throw new KeeperSdkError('Record title is required.', 'missing_record_title') - } - if (!data.type?.trim()) { - throw new KeeperSdkError('Record type is required.', 'missing_record_type') - } - const recordUidBytes = normal64Bytes(recordUid) - - const recordPayload = { - type: data.type, - title: data.title, - fields: data.fields || [], - custom: data.custom || [], - notes: data.notes || '', - } - - const dataBytes = getPaddedJsonBytes(recordPayload) - const encryptedData = await platform.aesGcmEncrypt(dataBytes, recordKey) - - const recordUpdate: Records.IRecordUpdate = { - recordUid: recordUidBytes, - clientModifiedTime: Date.now(), - revision, - data: encryptedData, - } - - const request: Records.IRecordsUpdateRequest = { - records: [recordUpdate], - clientTime: Date.now(), - } - - const msg = recordsUpdateMessage(request) - const response = await auth.executeRest(msg) - - const recordStatus = response.records?.[0] - const success = - recordStatus?.status === Records.RecordModifyResult.RS_SUCCESS || - !recordStatus?.status - - return { - recordUid, - success, - status: recordStatus?.status != null - ? Records.RecordModifyResult[recordStatus.status] - : ResultCode.OK, - } + if (!data.title || !data.title.trim()) { + throw new KeeperSdkError( + "Record title is required.", + "missing_record_title", + ); + } + if (!data.type?.trim()) { + throw new KeeperSdkError("Record type is required.", "missing_record_type"); + } + const recordUidBytes = normal64Bytes(recordUid); + + const recordPayload = { + type: data.type, + title: data.title, + fields: data.fields || [], + custom: data.custom || [], + notes: data.notes || "", + }; + + const dataBytes = getPaddedJsonBytes(recordPayload); + const encryptedData = await platform.aesGcmEncrypt(dataBytes, recordKey); + + const recordUpdate: Records.IRecordUpdate = { + recordUid: recordUidBytes, + clientModifiedTime: Date.now(), + revision, + data: encryptedData, + }; + + const request: Records.IRecordsUpdateRequest = { + records: [recordUpdate], + clientTime: Date.now(), + }; + + const msg = recordsUpdateMessage(request); + const response = await auth.executeRest(msg); + + const recordStatus = response.records?.[0]; + const success = + recordStatus?.status === Records.RecordModifyResult.RS_SUCCESS || + !recordStatus?.status; + + return { + recordUid, + success, + status: + recordStatus?.status != null + ? Records.RecordModifyResult[recordStatus.status] + : ResultCode.OK, + }; } export async function deleteRecord( - auth: Auth, - recordUid: string + auth: Auth, + recordUid: string, ): Promise { - const preDeleteRequest = { - objects: [ - { - object_uid: recordUid, - object_type: VaultObjectKind.Record, - from_uid: '', - from_type: FolderKind.UserFolder, - delete_resolution: DeleteResolution.Unlink, - } as RecordPreDeleteObject, - ], - } - - let preDeleteResponse: KeeperPreDeleteResponse - try { - const preDeleteCmd = recordPreDeleteCommand(preDeleteRequest) - preDeleteResponse = await auth.executeRestCommand(preDeleteCmd) - } catch (err) { - return { recordUid, success: false, message: extractErrorMessage(err) } - } - - const token = preDeleteResponse?.pre_delete_response?.pre_delete_token - if (!token) { - return { - recordUid, - success: false, - message: preDeleteResponse?.message || preDeleteResponse?.result_code || 'pre_delete failed: no token', - } - } - - try { - const deleteCmd = recordDeleteCommand({ pre_delete_token: token }) - await auth.executeRestCommand(deleteCmd) - } catch (err) { - return { recordUid, success: false, message: extractErrorMessage(err) } - } - - return { recordUid, success: true, message: ResultCode.Success } + const preDeleteRequest = { + objects: [ + { + object_uid: recordUid, + object_type: VaultObjectKind.Record, + from_uid: "", + from_type: FolderKind.UserFolder, + delete_resolution: DeleteResolution.Unlink, + } as RecordPreDeleteObject, + ], + }; + + let preDeleteResponse: KeeperPreDeleteResponse; + try { + const preDeleteCmd = recordPreDeleteCommand(preDeleteRequest); + preDeleteResponse = await auth.executeRestCommand(preDeleteCmd); + } catch (err) { + return { recordUid, success: false, message: extractErrorMessage(err) }; + } + + const token = preDeleteResponse?.pre_delete_response?.pre_delete_token; + if (!token) { + return { + recordUid, + success: false, + message: + preDeleteResponse?.message || + preDeleteResponse?.result_code || + "pre_delete failed: no token", + }; + } + + try { + const deleteCmd = recordDeleteCommand({ pre_delete_token: token }); + await auth.executeRestCommand(deleteCmd); + } catch (err) { + return { recordUid, success: false, message: extractErrorMessage(err) }; + } + + return { recordUid, success: true, message: ResultCode.Success }; } export type HistoryEntry = { - revision: number - version: number - userName: string - clientModifiedTime: number - data: Record | null -} + revision: number; + version: number; + userName: string; + clientModifiedTime: number; + data: Record | null; +}; export type RecordHistoryResult = { - recordUid: string - history: HistoryEntry[] -} + recordUid: string; + history: HistoryEntry[]; +}; export async function getRecordHistory( - auth: Auth, - recordUid: string, - recordKey: Uint8Array + auth: Auth, + recordUid: string, + recordKey: Uint8Array, ): Promise { - const cmd = getRecordHistoryCommand({ - record_uid: recordUid, - client_time: Date.now(), - }) - - let response: GetRecordHistoryResponse - try { - response = await auth.executeRestCommand(cmd) - } catch (err) { - throw KeeperSdkError.from(err) - } - - const rawHistory = response.history || [] - const history: HistoryEntry[] = [] - - for (const entry of rawHistory) { - let decryptedData: Record | null = null - - if (entry.data) { - try { - const dataBytes = normal64Bytes(entry.data) - const version = entry.version || 0 - let decrypted: Uint8Array - - if (version <= RecordVersion.Legacy) { - decrypted = await platform.aesCbcDecrypt(dataBytes, recordKey, true) - } else { - decrypted = await platform.aesGcmDecrypt(dataBytes, recordKey) - } - - decryptedData = JSON.parse(platform.bytesToString(decrypted)) - } catch (err) { - logger.debug(`Failed to decrypt history revision ${entry.revision}:`, extractErrorMessage(err)) - decryptedData = null - } + const cmd = getRecordHistoryCommand({ + record_uid: recordUid, + client_time: Date.now(), + }); + + let response: GetRecordHistoryResponse; + try { + response = await auth.executeRestCommand(cmd); + } catch (err) { + throw KeeperSdkError.from(err); + } + + const rawHistory = response.history || []; + const history: HistoryEntry[] = []; + + for (const entry of rawHistory) { + let decryptedData: Record | null = null; + + if (entry.data) { + try { + const dataBytes = normal64Bytes(entry.data); + const version = entry.version || 0; + let decrypted: Uint8Array; + + if (version <= RecordVersion.Legacy) { + decrypted = await platform.aesCbcDecrypt(dataBytes, recordKey, true); + } else { + decrypted = await platform.aesGcmDecrypt(dataBytes, recordKey); } - history.push({ - revision: entry.revision, - version: entry.version, - userName: entry.user_name || '', - clientModifiedTime: entry.client_modified_time || 0, - data: decryptedData, - }) - } - - return { recordUid, history } + decryptedData = JSON.parse(platform.bytesToString(decrypted)); + } catch (err) { + logger.debug( + `Failed to decrypt history revision ${entry.revision}:`, + extractErrorMessage(err), + ); + decryptedData = null; + } + } + + history.push({ + revision: entry.revision, + version: entry.version, + userName: entry.user_name || "", + clientModifiedTime: entry.client_modified_time || 0, + data: decryptedData, + }); + } + + return { recordUid, history }; } export type MoveRecordInput = { - recordUid: string - dstFolderUid: string - srcFolderUid?: string - link?: boolean - canEdit?: boolean - canShare?: boolean -} + recordUid: string; + dstFolderUid: string; + srcFolderUid?: string; + link?: boolean; + canEdit?: boolean; + canShare?: boolean; +}; export type MoveRecordResult = { - recordUid: string - success: boolean - message: string -} + recordUid: string; + success: boolean; + message: string; +}; type FolderInfo = { - uid: string - folderType: FolderKind - scopeUid: string -} + uid: string; + folderType: FolderKind; + scopeUid: string; +}; function resolveFolder(uid: string, storage: InMemoryStorage): FolderInfo { - if (!uid) { - return { uid: '', folderType: FolderKind.UserFolder, scopeUid: '' } - } - - if (storage.getByUid(FolderKind.UserFolder, uid)) { - return { uid, folderType: FolderKind.UserFolder, scopeUid: '' } - } - - if (storage.getByUid(FolderKind.SharedFolder, uid)) { - return { uid, folderType: FolderKind.SharedFolder, scopeUid: uid } - } - - const sfFolder = storage.getByUid(FolderKind.SharedFolderFolder, uid) - if (sfFolder) { - return { uid, folderType: FolderKind.SharedFolderFolder, scopeUid: sfFolder.sharedFolderUid } - } + if (!uid) { + return { uid: "", folderType: FolderKind.UserFolder, scopeUid: "" }; + } + + if (storage.getByUid(FolderKind.UserFolder, uid)) { + return { uid, folderType: FolderKind.UserFolder, scopeUid: "" }; + } + + if (storage.getByUid(FolderKind.SharedFolder, uid)) { + return { uid, folderType: FolderKind.SharedFolder, scopeUid: uid }; + } + + const sfFolder = storage.getByUid( + FolderKind.SharedFolderFolder, + uid, + ); + if (sfFolder) { + return { + uid, + folderType: FolderKind.SharedFolderFolder, + scopeUid: sfFolder.sharedFolderUid, + }; + } - return { uid, folderType: FolderKind.UserFolder, scopeUid: '' } + return { uid, folderType: FolderKind.UserFolder, scopeUid: "" }; } -async function findRecordSourceFolder(recordUid: string, storage: InMemoryStorage): Promise { - const folderKinds = [ - FolderKind.UserFolder, - FolderKind.SharedFolder, - FolderKind.SharedFolderFolder, - ] as const - - for (const kind of folderKinds) { - for (const folder of storage.getAll(kind)) { - const dependencies = (await storage.getDependencies(folder.uid)) || [] - if ( - dependencies.some( - (dependency) => dependency.kind === VaultObjectKind.Record && dependency.uid === recordUid - ) - ) { - return folder.uid - } - } - } - - const sharedFolderRecord = storage - .getAll(VaultObjectKind.SharedFolderRecord) - .find((candidate) => candidate.recordUid === recordUid) - return sharedFolderRecord ? sharedFolderRecord.sharedFolderUid : '' +async function findRecordSourceFolder( + recordUid: string, + storage: InMemoryStorage, +): Promise { + const folderKinds = [ + FolderKind.UserFolder, + FolderKind.SharedFolder, + FolderKind.SharedFolderFolder, + ] as const; + + for (const kind of folderKinds) { + for (const folder of storage.getAll< + DUserFolder | DSharedFolder | DSharedFolderFolder + >(kind)) { + const dependencies = (await storage.getDependencies(folder.uid)) || []; + if ( + dependencies.some( + (dependency) => + dependency.kind === VaultObjectKind.Record && + dependency.uid === recordUid, + ) + ) { + return folder.uid; + } + } + } + + const sharedFolderRecord = storage + .getAll(VaultObjectKind.SharedFolderRecord) + .find((candidate) => candidate.recordUid === recordUid); + return sharedFolderRecord ? sharedFolderRecord.sharedFolderUid : ""; } export async function moveRecord( - auth: Auth, - storage: InMemoryStorage, - input: MoveRecordInput + auth: Auth, + storage: InMemoryStorage, + input: MoveRecordInput, ): Promise { - const { - recordUid, - dstFolderUid, - link = false, - canEdit, - canShare, - } = input - - const dst = resolveFolder(dstFolderUid, storage) - - const srcUid = - input.srcFolderUid !== undefined ? input.srcFolderUid : await findRecordSourceFolder(recordUid, storage) - const src = resolveFolder(srcUid, storage) - - const moveObj: MoveObject = { - uid: recordUid, - type: VaultObjectKind.Record, - cascade: false, - from_type: src.folderType, - from_uid: src.uid || undefined, - can_edit: canEdit, - can_reshare: canShare, - } + const { recordUid, dstFolderUid, link = false, canEdit, canShare } = input; - const transitionKeys: TransitionKeyObject[] = [] + const dst = resolveFolder(dstFolderUid, storage); - if (src.scopeUid !== dst.scopeUid) { - const recordKey = await storage.getKeyBytes(recordUid) - if (!recordKey) { - return { recordUid, success: false, message: 'Record key not found' } - } - - let dstKey: Uint8Array | undefined - if (dst.scopeUid) { - dstKey = await storage.getKeyBytes(dst.scopeUid) - } else { - dstKey = auth.dataKey - } + const srcUid = + input.srcFolderUid !== undefined + ? input.srcFolderUid + : await findRecordSourceFolder(recordUid, storage); + const src = resolveFolder(srcUid, storage); - if (!dstKey) { - return { recordUid, success: false, message: 'Destination folder key not found' } - } + const moveObj: MoveObject = { + uid: recordUid, + type: VaultObjectKind.Record, + cascade: false, + from_type: src.folderType, + from_uid: src.uid || undefined, + can_edit: canEdit, + can_reshare: canShare, + }; - const record = storage.getByUid(VaultObjectKind.Record, recordUid) - const version = record?.version || RecordVersion.Typed + const transitionKeys: TransitionKeyObject[] = []; - let encryptedKey: Uint8Array - if (version >= RecordVersion.Typed) { - encryptedKey = await platform.aesGcmEncrypt(recordKey, dstKey) - } else { - encryptedKey = await platform.aesCbcEncrypt(recordKey, dstKey, true) - } - - transitionKeys.push({ uid: recordUid, key: webSafe64FromBytes(encryptedKey) }) + if (src.scopeUid !== dst.scopeUid) { + const recordKey = await storage.getKeyBytes(recordUid); + if (!recordKey) { + return { recordUid, success: false, message: "Record key not found" }; } - const request: MoveRequest = { - to_type: dst.folderType, - to_uid: dst.uid || undefined, - link, - move: [moveObj], - transition_keys: transitionKeys, + let dstKey: Uint8Array | undefined; + if (dst.scopeUid) { + dstKey = await storage.getKeyBytes(dst.scopeUid); + } else { + dstKey = auth.dataKey; } - try { - const cmd = moveCommand(request) - await auth.executeRestCommand(cmd) - } catch (err) { - return { recordUid, success: false, message: extractErrorMessage(err) } - } - - return { recordUid, success: true, message: 'Record moved successfully' } + if (!dstKey) { + return { + recordUid, + success: false, + message: "Destination folder key not found", + }; + } + + const record = storage.getByUid(VaultObjectKind.Record, recordUid); + const version = record?.version || RecordVersion.Typed; + + let encryptedKey: Uint8Array; + if (version >= RecordVersion.Typed) { + encryptedKey = await platform.aesGcmEncrypt(recordKey, dstKey); + } else { + encryptedKey = await platform.aesCbcEncrypt(recordKey, dstKey, true); + } + + transitionKeys.push({ + uid: recordUid, + key: webSafe64FromBytes(encryptedKey), + }); + } + + const request: MoveRequest = { + to_type: dst.folderType, + to_uid: dst.uid || undefined, + link, + move: [moveObj], + transition_keys: transitionKeys, + }; + + try { + const cmd = moveCommand(request); + await auth.executeRestCommand(cmd); + } catch (err) { + return { recordUid, success: false, message: extractErrorMessage(err) }; + } + + return { recordUid, success: true, message: "Record moved successfully" }; } diff --git a/KeeperSdk/src/records/RecordUtils.ts b/KeeperSdk/src/records/RecordUtils.ts index 74630faa..81cd8de2 100644 --- a/KeeperSdk/src/records/RecordUtils.ts +++ b/KeeperSdk/src/records/RecordUtils.ts @@ -1,282 +1,292 @@ -import type { DRecord } from '@keeper-security/keeperapi' -import { getTotpCode } from './Totp' +import type { DRecord } from "@keeper-security/keeperapi"; +import { getTotpCode } from "./Totp"; enum FieldType { - Login = 'login', - Password = 'password', - Url = 'url', - Note = 'note', - Text = 'text', + Login = "login", + Password = "password", + Url = "url", + Note = "note", + Text = "text", } export enum RecordVersion { - Legacy = 2, - Typed = 3, + Legacy = 2, + Typed = 3, } -const TOTP_FIELD_TYPES = new Set(['totp', 'oneTimeCode', 'otp']) -const MASKED_VALUE = '********' -const RECORD_SEPARATOR = '-'.repeat(50) +const TOTP_FIELD_TYPES = new Set(["totp", "oneTimeCode", "otp"]); +const MASKED_VALUE = "********"; +const RECORD_SEPARATOR = "-".repeat(50); type RecordField = { - type: string - value: any[] - label?: string - required?: boolean - privacyScreen?: boolean - enforceGeneration?: boolean - complexity?: { - length?: number - caps?: number - lowercase?: number - digits?: number - special?: number - } -} + type: string; + value: any[]; + label?: string; + required?: boolean; + privacyScreen?: boolean; + enforceGeneration?: boolean; + complexity?: { + length?: number; + caps?: number; + lowercase?: number; + digits?: number; + special?: number; + }; +}; type LegacyExtraField = { - type?: string - field_type?: string - value?: unknown - data?: unknown - label?: string - field_title?: string -} + type?: string; + field_type?: string; + value?: unknown; + data?: unknown; + label?: string; + field_title?: string; +}; function toFieldValueArray(v: unknown): any[] { - if (v == null) return [] - return Array.isArray(v) ? v : [v] + if (v == null) return []; + return Array.isArray(v) ? v : [v]; } function getLegacyExtraFields(record: DRecord): RecordField[] { - const raw = record.extra - if (raw == null) return [] - let extra: { fields?: LegacyExtraField[] } - if (typeof raw === 'string') { - try { - extra = JSON.parse(raw) - } catch { - return [] - } - } else if (typeof raw === 'object') { - extra = raw - } else { - return [] - } - if (!Array.isArray(extra.fields)) return [] - const out: RecordField[] = [] - for (const f of extra.fields) { - const typeName = f.type || f.field_type || FieldType.Text - const rawVal = f.value !== undefined && f.value !== null ? f.value : f.data - out.push({ - type: typeName, - value: toFieldValueArray(rawVal), - label: f.label || f.field_title, - }) + const raw = record.extra; + if (raw == null) return []; + let extra: { fields?: LegacyExtraField[] }; + if (typeof raw === "string") { + try { + extra = JSON.parse(raw); + } catch { + return []; } - return out + } else if (typeof raw === "object") { + extra = raw; + } else { + return []; + } + if (!Array.isArray(extra.fields)) return []; + const out: RecordField[] = []; + for (const f of extra.fields) { + const typeName = f.type || f.field_type || FieldType.Text; + const rawVal = f.value !== undefined && f.value !== null ? f.value : f.data; + out.push({ + type: typeName, + value: toFieldValueArray(rawVal), + label: f.label || f.field_title, + }); + } + return out; } export function getRecordTitle(record: DRecord): string { - if (!record.data) return '(no data)' - if (typeof record.data === 'string') { - try { - const parsed = JSON.parse(record.data) - return parsed.title || '(untitled)' - } catch { - return '(parse error)' - } + if (!record.data) return "(no data)"; + if (typeof record.data === "string") { + try { + const parsed = JSON.parse(record.data); + return parsed.title || "(untitled)"; + } catch { + return "(parse error)"; } - return record.data.title || '(untitled)' + } + return record.data.title || "(untitled)"; } export function getRecordType(record: DRecord): string { - if (record.version <= RecordVersion.Legacy) return 'legacy' - if (!record.data) return 'unknown' - return record.data.type || 'unknown' + if (record.version <= RecordVersion.Legacy) return "legacy"; + if (!record.data) return "unknown"; + return record.data.type || "unknown"; } export function getRecordFields(record: DRecord): RecordField[] { - if (!record.data) return [] - - if (record.version <= RecordVersion.Legacy) { - const fields: RecordField[] = [] - const d = record.data - if (d.secret1) fields.push({ type: FieldType.Login, value: [d.secret1] }) - if (d.secret2) fields.push({ type: FieldType.Password, value: [d.secret2] }) - if (d.link) fields.push({ type: FieldType.Url, value: [d.link] }) - if (d.notes) fields.push({ type: FieldType.Note, value: [d.notes] }) - if (Array.isArray(d.custom)) { - for (const c of d.custom) { - if (!c) continue - fields.push({ - type: c.type || FieldType.Text, - value: c.value != null && c.value !== '' ? [c.value] : [], - label: c.name, - }) - } - } - const extraFields = getLegacyExtraFields(record) - fields.push(...extraFields) - return fields + if (!record.data) return []; + + if (record.version <= RecordVersion.Legacy) { + const fields: RecordField[] = []; + const d = record.data; + if (d.secret1) fields.push({ type: FieldType.Login, value: [d.secret1] }); + if (d.secret2) + fields.push({ type: FieldType.Password, value: [d.secret2] }); + if (d.link) fields.push({ type: FieldType.Url, value: [d.link] }); + if (d.notes) fields.push({ type: FieldType.Note, value: [d.notes] }); + if (Array.isArray(d.custom)) { + for (const c of d.custom) { + if (!c) continue; + fields.push({ + type: c.type || FieldType.Text, + value: c.value != null && c.value !== "" ? [c.value] : [], + label: c.name, + }); + } } - - const fields: RecordField[] = [] - if (Array.isArray(record.data.fields)) { - for (const f of record.data.fields) { - fields.push({ - type: f.type || FieldType.Text, - value: Array.isArray(f.value) ? f.value : [f.value], - label: f.label, - required: f.required, - privacyScreen: f.privacyScreen, - enforceGeneration: f.enforceGeneration, - complexity: f.complexity, - }) - } + const extraFields = getLegacyExtraFields(record); + fields.push(...extraFields); + return fields; + } + + const fields: RecordField[] = []; + if (Array.isArray(record.data.fields)) { + for (const f of record.data.fields) { + fields.push({ + type: f.type || FieldType.Text, + value: Array.isArray(f.value) ? f.value : [f.value], + label: f.label, + required: f.required, + privacyScreen: f.privacyScreen, + enforceGeneration: f.enforceGeneration, + complexity: f.complexity, + }); } - if (Array.isArray(record.data.custom)) { - for (const f of record.data.custom) { - fields.push({ - type: f.type || FieldType.Text, - value: Array.isArray(f.value) ? f.value : [f.value], - label: f.label, - required: f.required, - privacyScreen: f.privacyScreen, - enforceGeneration: f.enforceGeneration, - complexity: f.complexity, - }) - } + } + if (Array.isArray(record.data.custom)) { + for (const f of record.data.custom) { + fields.push({ + type: f.type || FieldType.Text, + value: Array.isArray(f.value) ? f.value : [f.value], + label: f.label, + required: f.required, + privacyScreen: f.privacyScreen, + enforceGeneration: f.enforceGeneration, + complexity: f.complexity, + }); } - return fields + } + return fields; } export type RecordSummary = { - login?: string - password?: string - url?: string - fields: RecordField[] -} + login?: string; + password?: string; + url?: string; + fields: RecordField[]; +}; export function getRecordSummary(record: DRecord): RecordSummary { - const fields = getRecordFields(record) - if (record.version <= RecordVersion.Legacy) { - return { - login: record.data?.secret1, - password: record.data?.secret2, - url: record.data?.link, - fields, - } + const fields = getRecordFields(record); + if (record.version <= RecordVersion.Legacy) { + return { + login: record.data?.secret1, + password: record.data?.secret2, + url: record.data?.link, + fields, + }; + } + + let login: string | undefined; + let password: string | undefined; + let url: string | undefined; + + for (const f of fields) { + if (!login && f.type === FieldType.Login && f.value.length > 0) { + login = String(f.value[0]); + } else if ( + !password && + f.type === FieldType.Password && + f.value.length > 0 + ) { + password = String(f.value[0]); + } else if (!url && f.type === FieldType.Url && f.value.length > 0) { + const val = f.value[0]; + url = typeof val === "string" ? val : val?.value || val?.url; } + } - let login: string | undefined - let password: string | undefined - let url: string | undefined - - for (const f of fields) { - if (!login && f.type === FieldType.Login && f.value.length > 0) { - login = String(f.value[0]) - } else if (!password && f.type === FieldType.Password && f.value.length > 0) { - password = String(f.value[0]) - } else if (!url && f.type === FieldType.Url && f.value.length > 0) { - const val = f.value[0] - url = typeof val === 'string' ? val : val?.value || val?.url - } - } - - return { login, password, url, fields } + return { login, password, url, fields }; } export function getRecordTotpUrl(record: DRecord): string | undefined { - for (const field of getRecordFields(record)) { - if (!TOTP_FIELD_TYPES.has(field.type)) continue - for (const v of field.value) { - if (typeof v === 'string' && v.trim()) return v.trim() - } + for (const field of getRecordFields(record)) { + if (!TOTP_FIELD_TYPES.has(field.type)) continue; + for (const v of field.value) { + if (typeof v === "string" && v.trim()) return v.trim(); } - return undefined + } + return undefined; } export function getRecordPassword(record: DRecord): string | undefined { - return getRecordSummary(record).password + return getRecordSummary(record).password; } export function getRecordLogin(record: DRecord): string | undefined { - return getRecordSummary(record).login + return getRecordSummary(record).login; } export function getRecordUrl(record: DRecord): string | undefined { - return getRecordSummary(record).url + return getRecordSummary(record).url; } -const wordCache = new WeakMap() +const wordCache = new WeakMap(); export function searchRecords(records: DRecord[], criteria: string): DRecord[] { - if (!criteria.trim()) return records + if (!criteria.trim()) return records; - const searchWords = criteria.toLowerCase().split(/\s+/) + const searchWords = criteria.toLowerCase().split(/\s+/); - return records.filter((record) => { - let words = wordCache.get(record) - if (!words) { - words = collectRecordWords(record) - wordCache.set(record, words) - } - return searchWords.every((sw) => words!.some((w) => w.includes(sw))) - }) + return records.filter((record) => { + let words = wordCache.get(record); + if (!words) { + words = collectRecordWords(record); + wordCache.set(record, words); + } + return searchWords.every((sw) => words!.some((w) => w.includes(sw))); + }); } function collectRecordWords(record: DRecord): string[] { - const words: string[] = [] - const title = getRecordTitle(record) - if (title) words.push(...title.toLowerCase().split(/\s+/)) - - for (const field of getRecordFields(record)) { - if (field.label) words.push(field.label.toLowerCase()) - for (const v of field.value) { - if (typeof v === 'string') { - words.push(...v.toLowerCase().split(/\s+/)) - } else if (v && typeof v === 'object') { - for (const val of Object.values(v)) { - if (typeof val === 'string') { - words.push(...val.toLowerCase().split(/\s+/)) - } - } - } + const words: string[] = []; + const title = getRecordTitle(record); + if (title) words.push(...title.toLowerCase().split(/\s+/)); + + for (const field of getRecordFields(record)) { + if (field.label) words.push(field.label.toLowerCase()); + for (const v of field.value) { + if (typeof v === "string") { + words.push(...v.toLowerCase().split(/\s+/)); + } else if (v && typeof v === "object") { + for (const val of Object.values(v)) { + if (typeof val === "string") { + words.push(...val.toLowerCase().split(/\s+/)); + } } + } } + } - words.push(record.uid) - return words + words.push(record.uid); + return words; } export function formatRecord(record: DRecord, showDetails = false): string { - const summary = getRecordSummary(record) - const lines: string[] = [ - RECORD_SEPARATOR, - `Title: ${getRecordTitle(record)}`, - `Record UID: ${record.uid}`, - `Record Type: ${getRecordType(record)}`, - ] - - if (summary.login) lines.push(`Username: ${summary.login}`) - if (summary.url) lines.push(`URL: ${summary.url}`) - - if (showDetails) { - for (const field of summary.fields) { - if (field.type === FieldType.Login || field.type === FieldType.Url) continue - const isTotp = TOTP_FIELD_TYPES.has(field.type) - const isSensitive = field.type === FieldType.Password || isTotp - const label = isTotp ? 'TOTP URL' : field.label || field.type - lines.push(`${label}: ${isSensitive ? MASKED_VALUE : field.value.join(', ')}`) - } + const summary = getRecordSummary(record); + const lines: string[] = [ + RECORD_SEPARATOR, + `Title: ${getRecordTitle(record)}`, + `Record UID: ${record.uid}`, + `Record Type: ${getRecordType(record)}`, + ]; + + if (summary.login) lines.push(`Username: ${summary.login}`); + if (summary.url) lines.push(`URL: ${summary.url}`); + + if (showDetails) { + for (const field of summary.fields) { + if (field.type === FieldType.Login || field.type === FieldType.Url) + continue; + const isTotp = TOTP_FIELD_TYPES.has(field.type); + const isSensitive = field.type === FieldType.Password || isTotp; + const label = isTotp ? "TOTP URL" : field.label || field.type; + lines.push( + `${label}: ${isSensitive ? MASKED_VALUE : field.value.join(", ")}`, + ); + } - const totpUrl = getRecordTotpUrl(record) - const code = totpUrl ? getTotpCode(totpUrl) : null - if (code) { - lines.push(`Two Factor Code: ${code.code} valid for ${code.secondsRemaining} sec`) - } + const totpUrl = getRecordTotpUrl(record); + const code = totpUrl ? getTotpCode(totpUrl) : null; + if (code) { + lines.push( + `Two Factor Code: ${code.code} valid for ${code.secondsRemaining} sec`, + ); } + } - return lines.join('\n') + return lines.join("\n"); } diff --git a/KeeperSdk/src/records/Totp.ts b/KeeperSdk/src/records/Totp.ts index 1ba67d53..0f67a8cb 100644 --- a/KeeperSdk/src/records/Totp.ts +++ b/KeeperSdk/src/records/Totp.ts @@ -1,119 +1,127 @@ -import { createHmac } from 'crypto' +import { createHmac } from "crypto"; -export type TotpAlgorithm = 'SHA1' | 'SHA256' | 'SHA512' +export type TotpAlgorithm = "SHA1" | "SHA256" | "SHA512"; export type TotpParams = { - secret: string - algorithm: TotpAlgorithm - digits: number - period: number -} + secret: string; + algorithm: TotpAlgorithm; + digits: number; + period: number; +}; export type TotpCode = { - code: string - secondsRemaining: number - period: number -} + code: string; + secondsRemaining: number; + period: number; +}; -const BASE32_ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567' -const DEFAULT_DIGITS = 6 -const DEFAULT_PERIOD = 30 -const DEFAULT_ALGORITHM: TotpAlgorithm = 'SHA1' -const UINT32_MAX = 0x100000000 +const BASE32_ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"; +const DEFAULT_DIGITS = 6; +const DEFAULT_PERIOD = 30; +const DEFAULT_ALGORITHM: TotpAlgorithm = "SHA1"; +const UINT32_MAX = 0x100000000; function decodeBase32(input: string): Uint8Array { - const noWhitespace = input.replace(/\s+/g, '') - let endIndex = noWhitespace.length - while (endIndex > 0 && noWhitespace.charCodeAt(endIndex - 1) === 0x3d) endIndex-- - const cleaned = noWhitespace.slice(0, endIndex).toUpperCase() - const out: number[] = [] - let buffer = 0 - let bits = 0 - for (const ch of cleaned) { - const idx = BASE32_ALPHABET.indexOf(ch) - if (idx < 0) throw new Error(`Invalid base32 character "${ch}" in TOTP secret`) - buffer = (buffer << 5) | idx - bits += 5 - if (bits >= 8) { - bits -= 8 - out.push((buffer >> bits) & 0xff) - } + const noWhitespace = input.replace(/\s+/g, ""); + let endIndex = noWhitespace.length; + while (endIndex > 0 && noWhitespace.charCodeAt(endIndex - 1) === 0x3d) + endIndex--; + const cleaned = noWhitespace.slice(0, endIndex).toUpperCase(); + const out: number[] = []; + let buffer = 0; + let bits = 0; + for (const ch of cleaned) { + const idx = BASE32_ALPHABET.indexOf(ch); + if (idx < 0) + throw new Error(`Invalid base32 character "${ch}" in TOTP secret`); + buffer = (buffer << 5) | idx; + bits += 5; + if (bits >= 8) { + bits -= 8; + out.push((buffer >> bits) & 0xff); } - return Uint8Array.from(out) + } + return Uint8Array.from(out); } function normalizeAlgorithm(value: string | null | undefined): TotpAlgorithm { - const upper = (value || DEFAULT_ALGORITHM).toUpperCase() - return upper === 'SHA256' || upper === 'SHA512' ? upper : DEFAULT_ALGORITHM + const upper = (value || DEFAULT_ALGORITHM).toUpperCase(); + return upper === "SHA256" || upper === "SHA512" ? upper : DEFAULT_ALGORITHM; } function parsePositiveInt(value: string | null, fallback: number): number { - const parsed = parseInt(value || '', 10) - return Number.isFinite(parsed) && parsed > 0 ? parsed : fallback + const parsed = parseInt(value || "", 10); + return Number.isFinite(parsed) && parsed > 0 ? parsed : fallback; } export function parseTotpUrl(url: string): TotpParams | null { - if (!url?.trim()) return null - let params: URLSearchParams - try { - if (url.startsWith('otpauth://')) { - const u = new URL(url) - if (u.hostname.toLowerCase() !== 'totp') return null - params = u.searchParams - } else { - params = new URLSearchParams(url) - } - } catch { - return null - } - const secret = (params.get('secret') || '').trim() - if (!secret) return null - return { - secret, - algorithm: normalizeAlgorithm(params.get('algorithm')), - digits: parsePositiveInt(params.get('digits'), DEFAULT_DIGITS), - period: parsePositiveInt(params.get('period'), DEFAULT_PERIOD), + if (!url?.trim()) return null; + let params: URLSearchParams; + try { + if (url.startsWith("otpauth://")) { + const u = new URL(url); + if (u.hostname.toLowerCase() !== "totp") return null; + params = u.searchParams; + } else { + params = new URLSearchParams(url); } + } catch { + return null; + } + const secret = (params.get("secret") || "").trim(); + if (!secret) return null; + return { + secret, + algorithm: normalizeAlgorithm(params.get("algorithm")), + digits: parsePositiveInt(params.get("digits"), DEFAULT_DIGITS), + period: parsePositiveInt(params.get("period"), DEFAULT_PERIOD), + }; } function counterToBuffer(counter: number): Buffer { - const buf = Buffer.alloc(8) - buf.writeUInt32BE(Math.floor(counter / UINT32_MAX), 0) - buf.writeUInt32BE(counter % UINT32_MAX, 4) - return buf + const buf = Buffer.alloc(8); + buf.writeUInt32BE(Math.floor(counter / UINT32_MAX), 0); + buf.writeUInt32BE(counter % UINT32_MAX, 4); + return buf; } -export function getTotpCode(urlOrParams: string | TotpParams, now: number = Date.now()): TotpCode | null { - const params = typeof urlOrParams === 'string' ? parseTotpUrl(urlOrParams) : urlOrParams - if (!params) return null - if (!Number.isFinite(params.period) || params.period <= 0) return null - if (!Number.isFinite(params.digits) || params.digits <= 0) return null +export function getTotpCode( + urlOrParams: string | TotpParams, + now: number = Date.now(), +): TotpCode | null { + const params = + typeof urlOrParams === "string" ? parseTotpUrl(urlOrParams) : urlOrParams; + if (!params) return null; + if (!Number.isFinite(params.period) || params.period <= 0) return null; + if (!Number.isFinite(params.digits) || params.digits <= 0) return null; - let key: Uint8Array - try { - key = decodeBase32(params.secret) - } catch { - return null - } - if (key.length === 0) return null + let key: Uint8Array; + try { + key = decodeBase32(params.secret); + } catch { + return null; + } + if (key.length === 0) return null; - const seconds = Math.floor(now / 1000) - const counter = Math.floor(seconds / params.period) - const secondsRemaining = params.period - (seconds % params.period) + const seconds = Math.floor(now / 1000); + const counter = Math.floor(seconds / params.period); + const secondsRemaining = params.period - (seconds % params.period); - const digest = createHmac(params.algorithm.toLowerCase(), Buffer.from(key)) - .update(counterToBuffer(counter)) - .digest() + const digest = createHmac(params.algorithm.toLowerCase(), Buffer.from(key)) + .update(counterToBuffer(counter)) + .digest(); - if (digest.length === 0) return null - const offset = digest[digest.length - 1] & 0x0f - if (offset + 3 >= digest.length) return null - const binary = - ((digest[offset] & 0x7f) << 24) | - ((digest[offset + 1] & 0xff) << 16) | - ((digest[offset + 2] & 0xff) << 8) | - (digest[offset + 3] & 0xff) + if (digest.length === 0) return null; + const offset = digest[digest.length - 1] & 0x0f; + if (offset + 3 >= digest.length) return null; + const binary = + ((digest[offset] & 0x7f) << 24) | + ((digest[offset + 1] & 0xff) << 16) | + ((digest[offset + 2] & 0xff) << 8) | + (digest[offset + 3] & 0xff); - const code = (binary % 10 ** params.digits).toString().padStart(params.digits, '0') - return { code, secondsRemaining, period: params.period } + const code = (binary % 10 ** params.digits) + .toString() + .padStart(params.digits, "0"); + return { code, secondsRemaining, period: params.period }; } diff --git a/KeeperSdk/src/roles/RoleManager.ts b/KeeperSdk/src/roles/RoleManager.ts index 673bb2c7..932f16e2 100644 --- a/KeeperSdk/src/roles/RoleManager.ts +++ b/KeeperSdk/src/roles/RoleManager.ts @@ -1,144 +1,163 @@ -import type { Auth } from '@keeper-security/keeperapi' -import { KeeperSdkError, ResultCodes } from '../utils' -import { EnterpriseDataManager } from '../teams/enterpriseData' -import { formatRolesTable, listRoles, renderRolesAsciiTable } from './listRoles' +import type { Auth } from "@keeper-security/keeperapi"; +import { KeeperSdkError, ResultCodes } from "../utils"; +import { EnterpriseDataManager } from "../teams/enterpriseData"; +import { + formatRolesTable, + listRoles, + renderRolesAsciiTable, +} from "./listRoles"; import type { - FormatRolesTableOptions, - FormattedRolesTable, - ListRoleRow, - ListRolesOptions, -} from './roleTypes' + FormatRolesTableOptions, + FormattedRolesTable, + ListRoleRow, + ListRolesOptions, +} from "./roleTypes"; import { - formatRoleView, - roleViewTable, - viewRole, - type FormatRoleViewOptions, - type FormattedRoleViewTable, - type RoleView, -} from './viewRole' + formatRoleView, + roleViewTable, + viewRole, + type FormatRoleViewOptions, + type FormattedRoleViewTable, + type RoleView, +} from "./viewRole"; import { - addRoles, - formatAddRoleResult, - renderAddRoleAsciiTable, - type AddRoleInput, - type AddRoleResult, - type FormattedAddRoleTable, -} from './addRole' + addRoles, + formatAddRoleResult, + renderAddRoleAsciiTable, + type AddRoleInput, + type AddRoleResult, + type FormattedAddRoleTable, +} from "./addRole"; import { - updateRoles, - formatUpdateRoleResult, - renderUpdateRoleAsciiTable, - type UpdateRoleInput, - type UpdateRoleResult, - type FormattedUpdateRoleTable, -} from './updateRole' + updateRoles, + formatUpdateRoleResult, + renderUpdateRoleAsciiTable, + type UpdateRoleInput, + type UpdateRoleResult, + type FormattedUpdateRoleTable, +} from "./updateRole"; import { - deleteRoles, - formatDeleteRoleResult, - renderDeleteRoleAsciiTable, - type DeleteRoleInput, - type DeleteRoleResult, - type FormattedDeleteRoleTable, -} from './deleteRole' + deleteRoles, + formatDeleteRoleResult, + renderDeleteRoleAsciiTable, + type DeleteRoleInput, + type DeleteRoleResult, + type FormattedDeleteRoleTable, +} from "./deleteRole"; -export type AuthProvider = () => Auth +export type AuthProvider = () => Auth; export class RoleManager { - private readonly authProvider: AuthProvider - private enterpriseData: EnterpriseDataManager | null = null - - constructor(authProvider: AuthProvider) { - this.authProvider = authProvider - } - - public async listRoles(options: ListRolesOptions = {}): Promise { - return listRoles(this.requireAuth(), { - ...options, - enterpriseData: options.enterpriseData ?? this.getEnterpriseData(), - }) - } - - public formatRolesTable(rows: ListRoleRow[], options: FormatRolesTableOptions = {}): FormattedRolesTable { - return formatRolesTable(rows, options) - } - - public renderRolesAsciiTable( - table: FormattedRolesTable, - options: { minColWidth?: number } = {} - ): string { - return renderRolesAsciiTable(table, options) - } - - public async viewRole(identifier: string): Promise { - return viewRole(this.requireAuth(), identifier) - } - - public formatRoleView(view: RoleView, options: FormatRoleViewOptions = {}): FormattedRoleViewTable { - return formatRoleView(view, options) - } - - public roleViewTable(table: FormattedRoleViewTable): string { - return roleViewTable(table) - } - - public async addRoles(input: AddRoleInput): Promise { - const result = await addRoles(this.requireAuth(), input) - if (result.created > 0) this.invalidateEnterpriseData() - return result - } - - public formatAddRoleResult(result: AddRoleResult): FormattedAddRoleTable { - return formatAddRoleResult(result) - } - - public renderAddRoleAsciiTable(table: FormattedAddRoleTable): string { - return renderAddRoleAsciiTable(table) - } - - public async updateRoles(input: UpdateRoleInput): Promise { - const result = await updateRoles(this.requireAuth(), input) - if (result.updated > 0) this.invalidateEnterpriseData() - return result - } - - public formatUpdateRoleResult(result: UpdateRoleResult): FormattedUpdateRoleTable { - return formatUpdateRoleResult(result) - } - - public renderUpdateRoleAsciiTable(table: FormattedUpdateRoleTable): string { - return renderUpdateRoleAsciiTable(table) - } - - public async deleteRoles(input: DeleteRoleInput): Promise { - const result = await deleteRoles(this.requireAuth(), input) - if (result.deleted > 0) this.invalidateEnterpriseData() - return result - } - - public formatDeleteRoleResult(result: DeleteRoleResult): FormattedDeleteRoleTable { - return formatDeleteRoleResult(result) - } - - public renderDeleteRoleAsciiTable(table: FormattedDeleteRoleTable): string { - return renderDeleteRoleAsciiTable(table) - } - - private getEnterpriseData(): EnterpriseDataManager { - if (!this.enterpriseData) { - this.enterpriseData = new EnterpriseDataManager(this.requireAuth()) - } - return this.enterpriseData - } - - private invalidateEnterpriseData(): void { - this.enterpriseData?.clearCache() - } - - private requireAuth(): Auth { - const auth = this.authProvider() - if (!auth) { - throw new KeeperSdkError('You are not logged in. Please log in first.', ResultCodes.NOT_LOGGED_IN) - } - return auth - } + private readonly authProvider: AuthProvider; + private enterpriseData: EnterpriseDataManager | null = null; + + constructor(authProvider: AuthProvider) { + this.authProvider = authProvider; + } + + public async listRoles( + options: ListRolesOptions = {}, + ): Promise { + return listRoles(this.requireAuth(), { + ...options, + enterpriseData: options.enterpriseData ?? this.getEnterpriseData(), + }); + } + + public formatRolesTable( + rows: ListRoleRow[], + options: FormatRolesTableOptions = {}, + ): FormattedRolesTable { + return formatRolesTable(rows, options); + } + + public renderRolesAsciiTable( + table: FormattedRolesTable, + options: { minColWidth?: number } = {}, + ): string { + return renderRolesAsciiTable(table, options); + } + + public async viewRole(identifier: string): Promise { + return viewRole(this.requireAuth(), identifier); + } + + public formatRoleView( + view: RoleView, + options: FormatRoleViewOptions = {}, + ): FormattedRoleViewTable { + return formatRoleView(view, options); + } + + public roleViewTable(table: FormattedRoleViewTable): string { + return roleViewTable(table); + } + + public async addRoles(input: AddRoleInput): Promise { + const result = await addRoles(this.requireAuth(), input); + if (result.created > 0) this.invalidateEnterpriseData(); + return result; + } + + public formatAddRoleResult(result: AddRoleResult): FormattedAddRoleTable { + return formatAddRoleResult(result); + } + + public renderAddRoleAsciiTable(table: FormattedAddRoleTable): string { + return renderAddRoleAsciiTable(table); + } + + public async updateRoles(input: UpdateRoleInput): Promise { + const result = await updateRoles(this.requireAuth(), input); + if (result.updated > 0) this.invalidateEnterpriseData(); + return result; + } + + public formatUpdateRoleResult( + result: UpdateRoleResult, + ): FormattedUpdateRoleTable { + return formatUpdateRoleResult(result); + } + + public renderUpdateRoleAsciiTable(table: FormattedUpdateRoleTable): string { + return renderUpdateRoleAsciiTable(table); + } + + public async deleteRoles(input: DeleteRoleInput): Promise { + const result = await deleteRoles(this.requireAuth(), input); + if (result.deleted > 0) this.invalidateEnterpriseData(); + return result; + } + + public formatDeleteRoleResult( + result: DeleteRoleResult, + ): FormattedDeleteRoleTable { + return formatDeleteRoleResult(result); + } + + public renderDeleteRoleAsciiTable(table: FormattedDeleteRoleTable): string { + return renderDeleteRoleAsciiTable(table); + } + + private getEnterpriseData(): EnterpriseDataManager { + if (!this.enterpriseData) { + this.enterpriseData = new EnterpriseDataManager(this.requireAuth()); + } + return this.enterpriseData; + } + + private invalidateEnterpriseData(): void { + this.enterpriseData?.clearCache(); + } + + private requireAuth(): Auth { + const auth = this.authProvider(); + if (!auth) { + throw new KeeperSdkError( + "You are not logged in. Please log in first.", + ResultCodes.NOT_LOGGED_IN, + ); + } + return auth; + } } diff --git a/KeeperSdk/src/roles/addRole.ts b/KeeperSdk/src/roles/addRole.ts index 4804110c..6e915a74 100644 --- a/KeeperSdk/src/roles/addRole.ts +++ b/KeeperSdk/src/roles/addRole.ts @@ -1,230 +1,322 @@ import { - encryptObjectForStorage, - enterpriseAllocateIdsCommand, - roleAddCommand, - type Auth, - type RoleEditRequest, -} from '@keeper-security/keeperapi' -import { extractErrorMessage, KeeperSdkError, ResultCodes } from '../utils' -import { EnterpriseDataInclude, EnterpriseDataManager, type EnterpriseRole } from '../teams/enterpriseData' + encryptObjectForStorage, + enterpriseAllocateIdsCommand, + roleAddCommand, + type Auth, + type RoleEditRequest, +} from "@keeper-security/keeperapi"; +import { extractErrorMessage, KeeperSdkError, ResultCodes } from "../utils"; import { - applyDecryptedNodeNames, - applyEnterpriseNameToRoot, - parentNeedsNameLookup, - resolveParentNode, -} from '../teams/teamUtils' + EnterpriseDataInclude, + EnterpriseDataManager, + type EnterpriseRole, +} from "../teams/enterpriseData"; import { - applyDecryptedRoleNames, - applyRoleEnforcements, - assertCommandSucceeded, - buildRoleResultRows, - buildRolesByLowerName, - nodePathOrFallback, - normalizeIdentifiers, - parseEnforcements, - renderRoleResultTable, - resolveToggle, - ROLE_TABLE_HEADERS, - validateRoleName, - type RoleToggleInput, -} from './roleUtils' - -const ADD_ROLE_INCLUDES: EnterpriseDataInclude[] = [EnterpriseDataInclude.Nodes, EnterpriseDataInclude.Roles] + applyDecryptedNodeNames, + applyEnterpriseNameToRoot, + parentNeedsNameLookup, + resolveParentNode, +} from "../teams/teamUtils"; +import { + applyDecryptedRoleNames, + applyRoleEnforcements, + assertCommandSucceeded, + buildRoleResultRows, + buildRolesByLowerName, + nodePathOrFallback, + normalizeIdentifiers, + parseEnforcements, + renderRoleResultTable, + resolveToggle, + ROLE_TABLE_HEADERS, + validateRoleName, + type RoleToggleInput, +} from "./roleUtils"; + +const ADD_ROLE_INCLUDES: EnterpriseDataInclude[] = [ + EnterpriseDataInclude.Nodes, + EnterpriseDataInclude.Roles, +]; export enum AddRoleStatus { - Created = 'created', - Skipped = 'skipped', - Failed = 'failed', + Created = "created", + Skipped = "skipped", + Failed = "failed", } export enum AddRoleSkipReason { - AlreadyExistsInParent = 'already_exists_in_parent', - ExistsElsewhereDeclined = 'exists_elsewhere_declined', + AlreadyExistsInParent = "already_exists_in_parent", + ExistsElsewhereDeclined = "exists_elsewhere_declined", } export type AddRoleConflictPrompt = { - roleName: string - parentNodeId: number - parentNodeName: string - existingRoleId: number - existingRoleName: string - existingNodeId: number -} + roleName: string; + parentNodeId: number; + parentNodeName: string; + existingRoleId: number; + existingRoleName: string; + existingNodeId: number; +}; -export type AddRoleConfirm = (prompt: AddRoleConflictPrompt) => boolean | Promise +export type AddRoleConfirm = ( + prompt: AddRoleConflictPrompt, +) => boolean | Promise; export type AddRoleInput = { - roles: string[] - parent?: string | number | null - newUser?: RoleToggleInput - visibleBelow?: RoleToggleInput - enforcements?: string[] - force?: boolean - confirm?: AddRoleConfirm -} + roles: string[]; + parent?: string | number | null; + newUser?: RoleToggleInput; + visibleBelow?: RoleToggleInput; + enforcements?: string[]; + force?: boolean; + confirm?: AddRoleConfirm; +}; export type AddRoleItemResult = { - roleId: number - roleName: string - nodeId: number - status: AddRoleStatus - skipReason?: AddRoleSkipReason - message?: string -} + roleId: number; + roleName: string; + nodeId: number; + status: AddRoleStatus; + skipReason?: AddRoleSkipReason; + message?: string; +}; export type AddRoleResult = { - success: boolean - parentNodeId: number - parentNodeName: string - items: AddRoleItemResult[] - created: number - skipped: number - failed: number -} + success: boolean; + parentNodeId: number; + parentNodeName: string; + items: AddRoleItemResult[]; + created: number; + skipped: number; + failed: number; +}; export type FormattedAddRoleTable = { - headers: string[] - rows: string[][] - parentNodeName: string - summary: string -} + headers: string[]; + rows: string[][]; + parentNodeName: string; + summary: string; +}; + +export async function addRoles( + auth: Auth, + input: AddRoleInput, +): Promise { + const requestedNames = normalizeIdentifiers(input.roles); + if (requestedNames.length === 0) { + throw new KeeperSdkError("No roles to add.", ResultCodes.NO_ROLES_TO_ADD); + } + requestedNames.forEach(validateRoleName); + + const force = input.force === true; + const newUserInherit = resolveToggle(input.newUser) ?? false; + const visibleBelow = resolveToggle(input.visibleBelow) ?? false; + const enforcements = parseEnforcements(input.enforcements ?? []); -export async function addRoles(auth: Auth, input: AddRoleInput): Promise { - const requestedNames = normalizeIdentifiers(input.roles) - if (requestedNames.length === 0) { - throw new KeeperSdkError('No roles to add.', ResultCodes.NO_ROLES_TO_ADD) + const enterpriseData = new EnterpriseDataManager(auth); + const [response, displayNames] = await Promise.all([ + enterpriseData.getData(ADD_ROLE_INCLUDES), + enterpriseData.getDisplayNames(), + ]); + + const nodes = response.nodes || []; + applyDecryptedNodeNames(nodes, displayNames.nodes); + applyEnterpriseNameToRoot(nodes, response.enterprise_name); + if (parentNeedsNameLookup(input.parent ?? null)) + await enterpriseData.decryptNodeNames(nodes); + + const roles = response.roles || []; + applyDecryptedRoleNames(roles, displayNames.roles); + const rolesByLowerName = buildRolesByLowerName(roles); + + const parentNode = resolveParentNode(nodes, input.parent ?? null); + const parentNodeId = parentNode.node_id; + const parentNodeName = nodePathOrFallback(nodes, parentNode); + + const treeKey = await enterpriseData.getTreeKey(); + if (!treeKey) { + throw new KeeperSdkError( + "Enterprise tree key is unavailable. The current user may not have permission to administer roles.", + ResultCodes.ENTERPRISE_TREE_KEY_UNAVAILABLE, + ); + } + + const items: AddRoleItemResult[] = []; + const seenLowerNames = new Set(); + for (const name of requestedNames) { + const lower = name.toLowerCase(); + if (seenLowerNames.has(lower)) continue; + seenLowerNames.add(lower); + + const conflicts = rolesByLowerName.get(lower) || []; + const sameParent = conflicts.find((role) => role.node_id === parentNodeId); + if (sameParent) { + items.push( + skippedItem( + sameParent.role_id, + name, + sameParent.node_id, + AddRoleSkipReason.AlreadyExistsInParent, + `Role "${name}" already exists in parent node ${parentNodeId}.`, + ), + ); + continue; } - requestedNames.forEach(validateRoleName) - - const force = input.force === true - const newUserInherit = resolveToggle(input.newUser) ?? false - const visibleBelow = resolveToggle(input.visibleBelow) ?? false - const enforcements = parseEnforcements(input.enforcements ?? []) - - const enterpriseData = new EnterpriseDataManager(auth) - const [response, displayNames] = await Promise.all([ - enterpriseData.getData(ADD_ROLE_INCLUDES), - enterpriseData.getDisplayNames(), - ]) - - const nodes = response.nodes || [] - applyDecryptedNodeNames(nodes, displayNames.nodes) - applyEnterpriseNameToRoot(nodes, response.enterprise_name) - if (parentNeedsNameLookup(input.parent ?? null)) await enterpriseData.decryptNodeNames(nodes) - - const roles = response.roles || [] - applyDecryptedRoleNames(roles, displayNames.roles) - const rolesByLowerName = buildRolesByLowerName(roles) - - const parentNode = resolveParentNode(nodes, input.parent ?? null) - const parentNodeId = parentNode.node_id - const parentNodeName = nodePathOrFallback(nodes, parentNode) - - const treeKey = await enterpriseData.getTreeKey() - if (!treeKey) { - throw new KeeperSdkError( - 'Enterprise tree key is unavailable. The current user may not have permission to administer roles.', - ResultCodes.ENTERPRISE_TREE_KEY_UNAVAILABLE - ) + + if (conflicts.length > 0 && !force) { + const confirmed = await confirmCrossNode(input.confirm, conflicts[0], { + roleName: name, + parentNodeId, + parentNodeName, + }); + if (!confirmed) { + items.push( + skippedItem( + conflicts[0].role_id, + name, + conflicts[0].node_id, + AddRoleSkipReason.ExistsElsewhereDeclined, + `Role "${name}" exists in node ${conflicts[0].node_id}; creation declined.`, + ), + ); + continue; + } } - const items: AddRoleItemResult[] = [] - const seenLowerNames = new Set() - for (const name of requestedNames) { - const lower = name.toLowerCase() - if (seenLowerNames.has(lower)) continue - seenLowerNames.add(lower) - - const conflicts = rolesByLowerName.get(lower) || [] - const sameParent = conflicts.find((role) => role.node_id === parentNodeId) - if (sameParent) { - items.push(skippedItem(sameParent.role_id, name, sameParent.node_id, AddRoleSkipReason.AlreadyExistsInParent, - `Role "${name}" already exists in parent node ${parentNodeId}.`)) - continue - } - - if (conflicts.length > 0 && !force) { - const confirmed = await confirmCrossNode(input.confirm, conflicts[0], { roleName: name, parentNodeId, parentNodeName }) - if (!confirmed) { - items.push(skippedItem(conflicts[0].role_id, name, conflicts[0].node_id, AddRoleSkipReason.ExistsElsewhereDeclined, - `Role "${name}" exists in node ${conflicts[0].node_id}; creation declined.`)) - continue - } - } - - try { - const roleId = await allocateRoleId(auth) - const encryptedData = await encryptObjectForStorage({ displayname: name }, treeKey) - await sendRoleAdd(auth, { - role_id: roleId, - node_id: parentNodeId, - encrypted_data: encryptedData, - visible_below: visibleBelow, - new_user_inherit: newUserInherit, - }) - await applyRoleEnforcements(auth, roleId, enforcements) - items.push({ roleId, roleName: name, nodeId: parentNodeId, status: AddRoleStatus.Created }) - } catch (err) { - items.push({ roleId: 0, roleName: name, nodeId: parentNodeId, status: AddRoleStatus.Failed, message: extractErrorMessage(err) }) - } + try { + const roleId = await allocateRoleId(auth); + const encryptedData = await encryptObjectForStorage( + { displayname: name }, + treeKey, + ); + await sendRoleAdd(auth, { + role_id: roleId, + node_id: parentNodeId, + encrypted_data: encryptedData, + visible_below: visibleBelow, + new_user_inherit: newUserInherit, + }); + await applyRoleEnforcements(auth, roleId, enforcements); + items.push({ + roleId, + roleName: name, + nodeId: parentNodeId, + status: AddRoleStatus.Created, + }); + } catch (err) { + items.push({ + roleId: 0, + roleName: name, + nodeId: parentNodeId, + status: AddRoleStatus.Failed, + message: extractErrorMessage(err), + }); } + } - return finalizeResult(items, parentNodeId, parentNodeName) + return finalizeResult(items, parentNodeId, parentNodeName); } -export function formatAddRoleResult(result: AddRoleResult): FormattedAddRoleTable { - return { - headers: [...ROLE_TABLE_HEADERS], - rows: buildRoleResultRows(result.items, (item) => item.message || (item.skipReason ?? '')), - parentNodeName: result.parentNodeName, - summary: `Created: ${result.created} Skipped: ${result.skipped} Failed: ${result.failed}`, - } +export function formatAddRoleResult( + result: AddRoleResult, +): FormattedAddRoleTable { + return { + headers: [...ROLE_TABLE_HEADERS], + rows: buildRoleResultRows( + result.items, + (item) => item.message || (item.skipReason ?? ""), + ), + parentNodeName: result.parentNodeName, + summary: `Created: ${result.created} Skipped: ${result.skipped} Failed: ${result.failed}`, + }; } export function renderAddRoleAsciiTable(table: FormattedAddRoleTable): string { - return renderRoleResultTable(table.headers, table.rows, table.summary, [`Parent: ${table.parentNodeName}`]) + return renderRoleResultTable(table.headers, table.rows, table.summary, [ + `Parent: ${table.parentNodeName}`, + ]); } async function allocateRoleId(auth: Auth): Promise { - const response = await auth.executeRestCommand(enterpriseAllocateIdsCommand({ number_requested: 1 })) - if (!response.base_id) { - throw new KeeperSdkError('Failed to allocate enterprise ID for new role.', ResultCodes.ROLE_ID_ALLOCATION_FAILED) - } - return response.base_id + const response = await auth.executeRestCommand( + enterpriseAllocateIdsCommand({ number_requested: 1 }), + ); + if (!response.base_id) { + throw new KeeperSdkError( + "Failed to allocate enterprise ID for new role.", + ResultCodes.ROLE_ID_ALLOCATION_FAILED, + ); + } + return response.base_id; } -async function sendRoleAdd(auth: Auth, payload: RoleEditRequest): Promise { - const response = await auth.executeRestCommand(roleAddCommand(payload)) - assertCommandSucceeded(response, `role_add failed for role_id=${payload.role_id}`, ResultCodes.ROLE_ADD_FAILED) +async function sendRoleAdd( + auth: Auth, + payload: RoleEditRequest, +): Promise { + const response = await auth.executeRestCommand(roleAddCommand(payload)); + assertCommandSucceeded( + response, + `role_add failed for role_id=${payload.role_id}`, + ResultCodes.ROLE_ADD_FAILED, + ); } async function confirmCrossNode( - confirm: AddRoleConfirm | undefined, - existing: EnterpriseRole, - context: { roleName: string; parentNodeId: number; parentNodeName: string } + confirm: AddRoleConfirm | undefined, + existing: EnterpriseRole, + context: { roleName: string; parentNodeId: number; parentNodeName: string }, ): Promise { - if (!confirm) return false - return (await confirm({ - ...context, - existingRoleId: existing.role_id, - existingRoleName: (existing.displayName || '').trim() || String(existing.role_id), - existingNodeId: existing.node_id ?? 0, + if (!confirm) return false; + return ( + (await confirm({ + ...context, + existingRoleId: existing.role_id, + existingRoleName: + (existing.displayName || "").trim() || String(existing.role_id), + existingNodeId: existing.node_id ?? 0, })) === true + ); } function skippedItem( - roleId: number, - roleName: string, - nodeId: number, - skipReason: AddRoleSkipReason, - message: string + roleId: number, + roleName: string, + nodeId: number, + skipReason: AddRoleSkipReason, + message: string, ): AddRoleItemResult { - return { roleId, roleName, nodeId, status: AddRoleStatus.Skipped, skipReason, message } + return { + roleId, + roleName, + nodeId, + status: AddRoleStatus.Skipped, + skipReason, + message, + }; } -function finalizeResult(items: AddRoleItemResult[], parentNodeId: number, parentNodeName: string): AddRoleResult { - const created = items.filter((item) => item.status === AddRoleStatus.Created).length - const skipped = items.filter((item) => item.status === AddRoleStatus.Skipped).length - const failed = items.filter((item) => item.status === AddRoleStatus.Failed).length - return { success: failed === 0 && created > 0, parentNodeId, parentNodeName, items, created, skipped, failed } +function finalizeResult( + items: AddRoleItemResult[], + parentNodeId: number, + parentNodeName: string, +): AddRoleResult { + const created = items.filter( + (item) => item.status === AddRoleStatus.Created, + ).length; + const skipped = items.filter( + (item) => item.status === AddRoleStatus.Skipped, + ).length; + const failed = items.filter( + (item) => item.status === AddRoleStatus.Failed, + ).length; + return { + success: failed === 0 && created > 0, + parentNodeId, + parentNodeName, + items, + created, + skipped, + failed, + }; } diff --git a/KeeperSdk/src/roles/deleteRole.ts b/KeeperSdk/src/roles/deleteRole.ts index 9a893a73..b0b83f4c 100644 --- a/KeeperSdk/src/roles/deleteRole.ts +++ b/KeeperSdk/src/roles/deleteRole.ts @@ -1,98 +1,134 @@ -import { roleDeleteCommand, type Auth } from '@keeper-security/keeperapi' -import { extractErrorMessage, KeeperSdkError, ResultCodes } from '../utils' -import { EnterpriseDataInclude, EnterpriseDataManager } from '../teams/enterpriseData' +import { roleDeleteCommand, type Auth } from "@keeper-security/keeperapi"; +import { extractErrorMessage, KeeperSdkError, ResultCodes } from "../utils"; import { - applyDecryptedRoleNames, - assertCommandSucceeded, - buildRoleResultRows, - normalizeIdentifiers, - renderRoleResultTable, - resolveExistingRoles, - ROLE_TABLE_HEADERS, -} from './roleUtils' + EnterpriseDataInclude, + EnterpriseDataManager, +} from "../teams/enterpriseData"; +import { + applyDecryptedRoleNames, + assertCommandSucceeded, + buildRoleResultRows, + normalizeIdentifiers, + renderRoleResultTable, + resolveExistingRoles, + ROLE_TABLE_HEADERS, +} from "./roleUtils"; -const DELETE_ROLE_INCLUDES: EnterpriseDataInclude[] = [EnterpriseDataInclude.Roles] +const DELETE_ROLE_INCLUDES: EnterpriseDataInclude[] = [ + EnterpriseDataInclude.Roles, +]; export enum DeleteRoleStatus { - Deleted = 'deleted', - Failed = 'failed', + Deleted = "deleted", + Failed = "failed", } export type DeleteRoleInput = { - roles: string[] -} + roles: string[]; +}; export type DeleteRoleItemResult = { - roleId: number - roleName: string - nodeId: number - status: DeleteRoleStatus - message?: string -} + roleId: number; + roleName: string; + nodeId: number; + status: DeleteRoleStatus; + message?: string; +}; export type DeleteRoleResult = { - success: boolean - items: DeleteRoleItemResult[] - deleted: number - failed: number -} + success: boolean; + items: DeleteRoleItemResult[]; + deleted: number; + failed: number; +}; export type FormattedDeleteRoleTable = { - headers: string[] - rows: string[][] - summary: string -} + headers: string[]; + rows: string[][]; + summary: string; +}; -export async function deleteRoles(auth: Auth, input: DeleteRoleInput): Promise { - const identifiers = normalizeIdentifiers(input.roles) - if (identifiers.length === 0) { - throw new KeeperSdkError('No roles to delete.', ResultCodes.NO_ROLES_TO_DELETE) - } +export async function deleteRoles( + auth: Auth, + input: DeleteRoleInput, +): Promise { + const identifiers = normalizeIdentifiers(input.roles); + if (identifiers.length === 0) { + throw new KeeperSdkError( + "No roles to delete.", + ResultCodes.NO_ROLES_TO_DELETE, + ); + } - const enterpriseData = new EnterpriseDataManager(auth) - const [response, displayNames] = await Promise.all([ - enterpriseData.getData(DELETE_ROLE_INCLUDES), - enterpriseData.getDisplayNames(), - ]) + const enterpriseData = new EnterpriseDataManager(auth); + const [response, displayNames] = await Promise.all([ + enterpriseData.getData(DELETE_ROLE_INCLUDES), + enterpriseData.getDisplayNames(), + ]); - const roles = response.roles || [] - applyDecryptedRoleNames(roles, displayNames.roles) - const resolvedRoles = resolveExistingRoles(roles, identifiers) + const roles = response.roles || []; + applyDecryptedRoleNames(roles, displayNames.roles); + const resolvedRoles = resolveExistingRoles(roles, identifiers); - const items: DeleteRoleItemResult[] = [] - for (const role of resolvedRoles) { - const roleName = (role.displayName || '').trim() || String(role.role_id) - const nodeId = role.node_id ?? 0 - try { - await sendRoleDelete(auth, role.role_id) - items.push({ roleId: role.role_id, roleName, nodeId, status: DeleteRoleStatus.Deleted }) - } catch (err) { - items.push({ roleId: role.role_id, roleName, nodeId, status: DeleteRoleStatus.Failed, message: extractErrorMessage(err) }) - } + const items: DeleteRoleItemResult[] = []; + for (const role of resolvedRoles) { + const roleName = (role.displayName || "").trim() || String(role.role_id); + const nodeId = role.node_id ?? 0; + try { + await sendRoleDelete(auth, role.role_id); + items.push({ + roleId: role.role_id, + roleName, + nodeId, + status: DeleteRoleStatus.Deleted, + }); + } catch (err) { + items.push({ + roleId: role.role_id, + roleName, + nodeId, + status: DeleteRoleStatus.Failed, + message: extractErrorMessage(err), + }); } + } - return finalizeResult(items) + return finalizeResult(items); } -export function formatDeleteRoleResult(result: DeleteRoleResult): FormattedDeleteRoleTable { - return { - headers: [...ROLE_TABLE_HEADERS], - rows: buildRoleResultRows(result.items, (item) => item.message || ''), - summary: `Deleted: ${result.deleted} Failed: ${result.failed}`, - } +export function formatDeleteRoleResult( + result: DeleteRoleResult, +): FormattedDeleteRoleTable { + return { + headers: [...ROLE_TABLE_HEADERS], + rows: buildRoleResultRows(result.items, (item) => item.message || ""), + summary: `Deleted: ${result.deleted} Failed: ${result.failed}`, + }; } -export function renderDeleteRoleAsciiTable(table: FormattedDeleteRoleTable): string { - return renderRoleResultTable(table.headers, table.rows, table.summary) +export function renderDeleteRoleAsciiTable( + table: FormattedDeleteRoleTable, +): string { + return renderRoleResultTable(table.headers, table.rows, table.summary); } async function sendRoleDelete(auth: Auth, roleId: number): Promise { - const response = await auth.executeRestCommand(roleDeleteCommand({ role_id: roleId })) - assertCommandSucceeded(response, `role_delete failed for role_id=${roleId}`, ResultCodes.ROLE_DELETE_FAILED) + const response = await auth.executeRestCommand( + roleDeleteCommand({ role_id: roleId }), + ); + assertCommandSucceeded( + response, + `role_delete failed for role_id=${roleId}`, + ResultCodes.ROLE_DELETE_FAILED, + ); } function finalizeResult(items: DeleteRoleItemResult[]): DeleteRoleResult { - const deleted = items.filter((item) => item.status === DeleteRoleStatus.Deleted).length - const failed = items.filter((item) => item.status === DeleteRoleStatus.Failed).length - return { success: failed === 0 && deleted > 0, items, deleted, failed } + const deleted = items.filter( + (item) => item.status === DeleteRoleStatus.Deleted, + ).length; + const failed = items.filter( + (item) => item.status === DeleteRoleStatus.Failed, + ).length; + return { success: failed === 0 && deleted > 0, items, deleted, failed }; } diff --git a/KeeperSdk/src/roles/index.ts b/KeeperSdk/src/roles/index.ts index b0e3b993..9d951a94 100644 --- a/KeeperSdk/src/roles/index.ts +++ b/KeeperSdk/src/roles/index.ts @@ -1,74 +1,78 @@ -export { listRoles, formatRolesTable, renderRolesAsciiTable } from './listRoles' +export { + listRoles, + formatRolesTable, + renderRolesAsciiTable, +} from "./listRoles"; export { - RoleColumn, - SUPPORTED_ROLE_COLUMNS, - DEFAULT_ROLE_COLUMNS, - ALL_COLUMNS_WILDCARD, -} from './roleTypes' + RoleColumn, + SUPPORTED_ROLE_COLUMNS, + DEFAULT_ROLE_COLUMNS, + ALL_COLUMNS_WILDCARD, +} from "./roleTypes"; export type { - ListRolesOptions, - ListRoleRow, - RoleColumnInput, - FormattedRolesTable, - FormatRolesTableOptions, -} from './roleTypes' + ListRolesOptions, + ListRoleRow, + RoleColumnInput, + FormattedRolesTable, + FormatRolesTableOptions, +} from "./roleTypes"; -export { viewRole, formatRoleView, roleViewTable } from './viewRole' +export { viewRole, formatRoleView, roleViewTable } from "./viewRole"; export type { - RoleView, - RoleTeamInfo, - RoleUserInfo, - RoleManagedNodeInfo, - RoleEnforcementInfo, - FormatRoleViewOptions, - FormattedRoleViewTable, - FormattedManagedNodePrivilegeTable, - RoleViewTableRow, -} from './viewRole' + RoleView, + RoleTeamInfo, + RoleUserInfo, + RoleManagedNodeInfo, + RoleEnforcementInfo, + FormatRoleViewOptions, + FormattedRoleViewTable, + FormattedManagedNodePrivilegeTable, + RoleViewTableRow, +} from "./viewRole"; -export { RoleManager } from './RoleManager' +export { RoleManager } from "./RoleManager"; export { - addRoles, - formatAddRoleResult, - renderAddRoleAsciiTable, - AddRoleStatus, - AddRoleSkipReason, -} from './addRole' + addRoles, + formatAddRoleResult, + renderAddRoleAsciiTable, + AddRoleStatus, + AddRoleSkipReason, +} from "./addRole"; export type { - AddRoleInput, - AddRoleResult, - AddRoleItemResult, - AddRoleConfirm, - AddRoleConflictPrompt, - FormattedAddRoleTable, -} from './addRole' + AddRoleInput, + AddRoleResult, + AddRoleItemResult, + AddRoleConfirm, + AddRoleConflictPrompt, + FormattedAddRoleTable, +} from "./addRole"; export { - updateRoles, - formatUpdateRoleResult, - renderUpdateRoleAsciiTable, - UpdateRoleStatus, -} from './updateRole' + updateRoles, + formatUpdateRoleResult, + renderUpdateRoleAsciiTable, + UpdateRoleStatus, +} from "./updateRole"; export type { - UpdateRoleInput, - UpdateRoleResult, - UpdateRoleItemResult, - FormattedUpdateRoleTable, -} from './updateRole' + UpdateRoleInput, + UpdateRoleResult, + UpdateRoleItemResult, + FormattedUpdateRoleTable, +} from "./updateRole"; export { - deleteRoles, - formatDeleteRoleResult, - renderDeleteRoleAsciiTable, - DeleteRoleStatus, -} from './deleteRole' + deleteRoles, + formatDeleteRoleResult, + renderDeleteRoleAsciiTable, + DeleteRoleStatus, +} from "./deleteRole"; export type { - DeleteRoleInput, - DeleteRoleResult, - DeleteRoleItemResult, - FormattedDeleteRoleTable, -} from './deleteRole' + DeleteRoleInput, + DeleteRoleResult, + DeleteRoleItemResult, + FormattedDeleteRoleTable, +} from "./deleteRole"; -export type { RoleToggleInput, RoleToggle, EnforcementPair } from './roleUtils' +export type { RoleToggleInput, RoleToggle, EnforcementPair } from "./roleUtils"; diff --git a/KeeperSdk/src/roles/listRoles.ts b/KeeperSdk/src/roles/listRoles.ts index efa4c1d9..6a2a2cde 100644 --- a/KeeperSdk/src/roles/listRoles.ts +++ b/KeeperSdk/src/roles/listRoles.ts @@ -1,341 +1,388 @@ -import type { Auth } from '@keeper-security/keeperapi' -import { isNumber, resolveSearchPattern, TOKEN_SEPARATOR_PATTERN } from '../utils' +import type { Auth } from "@keeper-security/keeperapi"; import { - EnterpriseDataInclude, - EnterpriseDataManager, - type EnterpriseDataManagerApi, - type EnterpriseDisplayNames, - type EnterpriseNode, - type EnterpriseRole, - type EnterpriseRolePrivilegeLink, - type EnterpriseRoleTeamLink, - type EnterpriseRoleUserLink, - type EnterpriseTeamRecord, - type EnterpriseUser, -} from '../teams/enterpriseData' -import { applyDecryptedNodeNames } from '../teams/teamUtils' + isNumber, + resolveSearchPattern, + TOKEN_SEPARATOR_PATTERN, +} from "../utils"; import { - ALL_COLUMNS_WILDCARD, - DEFAULT_ROLE_COLUMNS, - RoleColumn, - SUPPORTED_ROLE_COLUMNS, - type FormatRolesTableOptions, - type FormattedRolesTable, - type ListRoleRow, - type ListRolesOptions, -} from './roleTypes' - -const NODE_PATH_SEPARATOR = '\\' -const MIN_ASCII_COL_WIDTH = 2 + EnterpriseDataInclude, + EnterpriseDataManager, + type EnterpriseDataManagerApi, + type EnterpriseDisplayNames, + type EnterpriseNode, + type EnterpriseRole, + type EnterpriseRolePrivilegeLink, + type EnterpriseRoleTeamLink, + type EnterpriseRoleUserLink, + type EnterpriseTeamRecord, + type EnterpriseUser, +} from "../teams/enterpriseData"; +import { applyDecryptedNodeNames } from "../teams/teamUtils"; +import { + ALL_COLUMNS_WILDCARD, + DEFAULT_ROLE_COLUMNS, + RoleColumn, + SUPPORTED_ROLE_COLUMNS, + type FormatRolesTableOptions, + type FormattedRolesTable, + type ListRoleRow, + type ListRolesOptions, +} from "./roleTypes"; + +const NODE_PATH_SEPARATOR = "\\"; +const MIN_ASCII_COL_WIDTH = 2; const HEADER_BY_COLUMN: Record = { - [RoleColumn.VisibleBelow]: 'Visible Below', - [RoleColumn.DefaultRole]: 'Default Role', - [RoleColumn.Admin]: 'Admin', - [RoleColumn.Node]: 'Node', - [RoleColumn.UserCount]: 'User Count', - [RoleColumn.Users]: 'Users', - [RoleColumn.TeamCount]: 'Team Count', - [RoleColumn.Teams]: 'Teams', -} + [RoleColumn.VisibleBelow]: "Visible Below", + [RoleColumn.DefaultRole]: "Default Role", + [RoleColumn.Admin]: "Admin", + [RoleColumn.Node]: "Node", + [RoleColumn.UserCount]: "User Count", + [RoleColumn.Users]: "Users", + [RoleColumn.TeamCount]: "Team Count", + [RoleColumn.Teams]: "Teams", +}; type DecorateContext = { - nodePaths: Map - adminRoleIds: Set - roleUsers: Map> - roleTeams: Map> - usernameById: Map - teamNameById: Map -} - -export async function listRoles(auth: Auth, options: ListRolesOptions = {}): Promise { - const columns = resolveColumns(options.columns) - const includes = includesForColumns(columns) - const wantsDisplayNames = - columns.includes(RoleColumn.Node) || - columns.includes(RoleColumn.Teams) || - columns.includes(RoleColumn.TeamCount) - - const enterpriseData: EnterpriseDataManagerApi = - options.enterpriseData ?? new EnterpriseDataManager(auth) - const emptyDisplayNames: EnterpriseDisplayNames = { nodes: new Map(), roles: new Map() } - const [response, displayNames] = await Promise.all([ - enterpriseData.getData(includes), - wantsDisplayNames ? enterpriseData.getDisplayNames() : Promise.resolve(emptyDisplayNames), - ]) - - const roles = response.roles || [] - const nodes = response.nodes || [] - applyDecryptedNodeNames(nodes, displayNames.nodes) - - for (const role of roles) { - const display = displayNames.roles.get(role.role_id) - if (display) role.displayName = display - } - - const context: DecorateContext = { - nodePaths: buildNodePathLookup(nodes), - adminRoleIds: buildAdminRoleIds(response.role_privileges || []), - roleUsers: buildRoleUserMap(response.role_users || []), - roleTeams: buildRoleTeamMap(response.role_teams || []), - usernameById: buildUsernameMap(response.users || []), - teamNameById: buildTeamNameMap(response.teams || []), - } - - const pattern = resolveSearchPattern(options.pattern) - const rows: ListRoleRow[] = [] - for (const role of roles) { - const row = decorateRow(role, columns, context) - if (pattern && !rowMatchesPattern(row, pattern)) continue - rows.push(row) - } - - rows.sort((a, b) => a.name.localeCompare(b.name, undefined, { sensitivity: 'base' })) - return rows + nodePaths: Map; + adminRoleIds: Set; + roleUsers: Map>; + roleTeams: Map>; + usernameById: Map; + teamNameById: Map; +}; + +export async function listRoles( + auth: Auth, + options: ListRolesOptions = {}, +): Promise { + const columns = resolveColumns(options.columns); + const includes = includesForColumns(columns); + const wantsDisplayNames = + columns.includes(RoleColumn.Node) || + columns.includes(RoleColumn.Teams) || + columns.includes(RoleColumn.TeamCount); + + const enterpriseData: EnterpriseDataManagerApi = + options.enterpriseData ?? new EnterpriseDataManager(auth); + const emptyDisplayNames: EnterpriseDisplayNames = { + nodes: new Map(), + roles: new Map(), + }; + const [response, displayNames] = await Promise.all([ + enterpriseData.getData(includes), + wantsDisplayNames + ? enterpriseData.getDisplayNames() + : Promise.resolve(emptyDisplayNames), + ]); + + const roles = response.roles || []; + const nodes = response.nodes || []; + applyDecryptedNodeNames(nodes, displayNames.nodes); + + for (const role of roles) { + const display = displayNames.roles.get(role.role_id); + if (display) role.displayName = display; + } + + const context: DecorateContext = { + nodePaths: buildNodePathLookup(nodes), + adminRoleIds: buildAdminRoleIds(response.role_privileges || []), + roleUsers: buildRoleUserMap(response.role_users || []), + roleTeams: buildRoleTeamMap(response.role_teams || []), + usernameById: buildUsernameMap(response.users || []), + teamNameById: buildTeamNameMap(response.teams || []), + }; + + const pattern = resolveSearchPattern(options.pattern); + const rows: ListRoleRow[] = []; + for (const role of roles) { + const row = decorateRow(role, columns, context); + if (pattern && !rowMatchesPattern(row, pattern)) continue; + rows.push(row); + } + + rows.sort((a, b) => + a.name.localeCompare(b.name, undefined, { sensitivity: "base" }), + ); + return rows; } export function formatRolesTable( - rows: ListRoleRow[], - options: FormatRolesTableOptions = {} + rows: ListRoleRow[], + options: FormatRolesTableOptions = {}, ): FormattedRolesTable { - const columns = resolveColumns(options.columns) - const headers: string[] = ['#', 'Role ID', 'Name', ...columns.map((col) => HEADER_BY_COLUMN[col])] - - const outRows: string[][] = rows.map((row, rowIndex) => { - const cells: string[] = [String(rowIndex + 1), String(row.role_id), row.name] - for (const col of columns) cells.push(formatCell(row, col)) - return cells - }) - - return { headers, rows: outRows } + const columns = resolveColumns(options.columns); + const headers: string[] = [ + "#", + "Role ID", + "Name", + ...columns.map((col) => HEADER_BY_COLUMN[col]), + ]; + + const outRows: string[][] = rows.map((row, rowIndex) => { + const cells: string[] = [ + String(rowIndex + 1), + String(row.role_id), + row.name, + ]; + for (const col of columns) cells.push(formatCell(row, col)); + return cells; + }); + + return { headers, rows: outRows }; } export function renderRolesAsciiTable( - table: FormattedRolesTable, - options: { minColWidth?: number } = {} + table: FormattedRolesTable, + options: { minColWidth?: number } = {}, ): string { - const { minColWidth = MIN_ASCII_COL_WIDTH } = options - const { headers, rows } = table - const columnCount = headers.length - - const expandedRows: string[][][] = rows.map((row) => - row.map((cell) => (cell.includes('\n') ? cell.split('\n') : [cell])) - ) - - const columnWidths = new Array(columnCount).fill(0) + const { minColWidth = MIN_ASCII_COL_WIDTH } = options; + const { headers, rows } = table; + const columnCount = headers.length; + + const expandedRows: string[][][] = rows.map((row) => + row.map((cell) => (cell.includes("\n") ? cell.split("\n") : [cell])), + ); + + const columnWidths = new Array(columnCount).fill(0); + for (let ci = 0; ci < columnCount; ci += 1) { + columnWidths[ci] = Math.max(headers[ci].length, minColWidth); + } + for (const row of expandedRows) { for (let ci = 0; ci < columnCount; ci += 1) { - columnWidths[ci] = Math.max(headers[ci].length, minColWidth) - } - for (const row of expandedRows) { - for (let ci = 0; ci < columnCount; ci += 1) { - for (const line of row[ci]) { - columnWidths[ci] = Math.max(columnWidths[ci], line.length, minColWidth) - } - } + for (const line of row[ci]) { + columnWidths[ci] = Math.max(columnWidths[ci], line.length, minColWidth); + } } + } - const padCell = (cell: string, ci: number): string => - cell + ' '.repeat(columnWidths[ci] - cell.length) - const formatPhysicalRow = (cells: string[]): string => - cells.map((cell, ci) => padCell(cell, ci)).join(' ') + const padCell = (cell: string, ci: number): string => + cell + " ".repeat(columnWidths[ci] - cell.length); + const formatPhysicalRow = (cells: string[]): string => + cells.map((cell, ci) => padCell(cell, ci)).join(" "); - const ruleRow = formatPhysicalRow(columnWidths.map((w) => '-'.repeat(w))) - const lines: string[] = [formatPhysicalRow(headers), ruleRow] + const ruleRow = formatPhysicalRow(columnWidths.map((w) => "-".repeat(w))); + const lines: string[] = [formatPhysicalRow(headers), ruleRow]; - for (const row of expandedRows) { - const physicalLineCount = Math.max(...row.map((cell) => cell.length)) - for (let li = 0; li < physicalLineCount; li += 1) { - lines.push(formatPhysicalRow(row.map((cell) => cell[li] ?? ''))) - } + for (const row of expandedRows) { + const physicalLineCount = Math.max(...row.map((cell) => cell.length)); + for (let li = 0; li < physicalLineCount; li += 1) { + lines.push(formatPhysicalRow(row.map((cell) => cell[li] ?? ""))); } - return lines.join('\n') + } + return lines.join("\n"); } -function includesForColumns(columns: readonly RoleColumn[]): EnterpriseDataInclude[] { - const set = new Set([EnterpriseDataInclude.Roles]) - for (const col of columns) { - switch (col) { - case RoleColumn.Node: - set.add(EnterpriseDataInclude.Nodes) - break - case RoleColumn.Admin: - set.add(EnterpriseDataInclude.RolePrivileges) - break - case RoleColumn.UserCount: - case RoleColumn.Users: - set.add(EnterpriseDataInclude.RoleUsers) - if (col === RoleColumn.Users) set.add(EnterpriseDataInclude.Users) - break - case RoleColumn.TeamCount: - case RoleColumn.Teams: - set.add(EnterpriseDataInclude.RoleTeams) - if (col === RoleColumn.Teams) set.add(EnterpriseDataInclude.Teams) - break - } +function includesForColumns( + columns: readonly RoleColumn[], +): EnterpriseDataInclude[] { + const set = new Set([EnterpriseDataInclude.Roles]); + for (const col of columns) { + switch (col) { + case RoleColumn.Node: + set.add(EnterpriseDataInclude.Nodes); + break; + case RoleColumn.Admin: + set.add(EnterpriseDataInclude.RolePrivileges); + break; + case RoleColumn.UserCount: + case RoleColumn.Users: + set.add(EnterpriseDataInclude.RoleUsers); + if (col === RoleColumn.Users) set.add(EnterpriseDataInclude.Users); + break; + case RoleColumn.TeamCount: + case RoleColumn.Teams: + set.add(EnterpriseDataInclude.RoleTeams); + if (col === RoleColumn.Teams) set.add(EnterpriseDataInclude.Teams); + break; } - return Array.from(set) + } + return Array.from(set); } -function resolveColumns(input: ListRolesOptions['columns']): RoleColumn[] { - if (input == null) return [...DEFAULT_ROLE_COLUMNS] - if (input === ALL_COLUMNS_WILDCARD) return [...SUPPORTED_ROLE_COLUMNS] - - const requested = Array.isArray(input) ? input : input.split(',').map((p) => p.trim()) - const allowed = new Set(SUPPORTED_ROLE_COLUMNS) - const seen = new Set() - for (const col of requested) { - if (col && allowed.has(col)) seen.add(col as RoleColumn) - } - if (seen.size === 0) return [...DEFAULT_ROLE_COLUMNS] - return SUPPORTED_ROLE_COLUMNS.filter((col) => seen.has(col)) +function resolveColumns(input: ListRolesOptions["columns"]): RoleColumn[] { + if (input == null) return [...DEFAULT_ROLE_COLUMNS]; + if (input === ALL_COLUMNS_WILDCARD) return [...SUPPORTED_ROLE_COLUMNS]; + + const requested = Array.isArray(input) + ? input + : input.split(",").map((p) => p.trim()); + const allowed = new Set(SUPPORTED_ROLE_COLUMNS); + const seen = new Set(); + for (const col of requested) { + if (col && allowed.has(col)) seen.add(col as RoleColumn); + } + if (seen.size === 0) return [...DEFAULT_ROLE_COLUMNS]; + return SUPPORTED_ROLE_COLUMNS.filter((col) => seen.has(col)); } function roleDisplayName(role: EnterpriseRole): string { - return (role.displayName || '').trim() || String(role.role_id) + return (role.displayName || "").trim() || String(role.role_id); } function tokenize(text: string): string[] { - return text.split(TOKEN_SEPARATOR_PATTERN).filter((t) => t.length > 0) + return text.split(TOKEN_SEPARATOR_PATTERN).filter((t) => t.length > 0); } function rowMatchesPattern(row: ListRoleRow, pattern: string): boolean { - const lower = pattern.toLowerCase() - const tokens: string[] = [String(row.role_id), ...tokenize(row.name.toLowerCase())] - if (row.node) tokens.push(...tokenize(row.node.toLowerCase())) - if (row.user_count != null) tokens.push(String(row.user_count)) - if (row.team_count != null) tokens.push(String(row.team_count)) - for (const list of [row.users, row.teams]) { - if (!list) continue - for (const v of list) tokens.push(...tokenize(v.toLowerCase())) - } - return tokens.some((t) => t.includes(lower)) + const lower = pattern.toLowerCase(); + const tokens: string[] = [ + String(row.role_id), + ...tokenize(row.name.toLowerCase()), + ]; + if (row.node) tokens.push(...tokenize(row.node.toLowerCase())); + if (row.user_count != null) tokens.push(String(row.user_count)); + if (row.team_count != null) tokens.push(String(row.team_count)); + for (const list of [row.users, row.teams]) { + if (!list) continue; + for (const v of list) tokens.push(...tokenize(v.toLowerCase())); + } + return tokens.some((t) => t.includes(lower)); } function buildNodePathLookup(nodes: EnterpriseNode[]): Map { - return new Map( - nodes.map((node) => [ - node.node_id, - EnterpriseDataManager.getNodePath(nodes, node.node_id, { separator: NODE_PATH_SEPARATOR }), - ]) - ) + return new Map( + nodes.map((node) => [ + node.node_id, + EnterpriseDataManager.getNodePath(nodes, node.node_id, { + separator: NODE_PATH_SEPARATOR, + }), + ]), + ); } -function buildAdminRoleIds(privileges: EnterpriseRolePrivilegeLink[]): Set { - const set = new Set() - for (const p of privileges) set.add(p.role_id) - return set +function buildAdminRoleIds( + privileges: EnterpriseRolePrivilegeLink[], +): Set { + const set = new Set(); + for (const p of privileges) set.add(p.role_id); + return set; } -function buildRoleUserMap(links: EnterpriseRoleUserLink[]): Map> { - const map = new Map>() - for (const link of links) { - const set = map.get(link.role_id) - if (set) set.add(link.enterprise_user_id) - else map.set(link.role_id, new Set([link.enterprise_user_id])) - } - return map +function buildRoleUserMap( + links: EnterpriseRoleUserLink[], +): Map> { + const map = new Map>(); + for (const link of links) { + const set = map.get(link.role_id); + if (set) set.add(link.enterprise_user_id); + else map.set(link.role_id, new Set([link.enterprise_user_id])); + } + return map; } -function buildRoleTeamMap(links: EnterpriseRoleTeamLink[]): Map> { - const map = new Map>() - for (const link of links) { - const set = map.get(link.role_id) - if (set) set.add(link.team_uid) - else map.set(link.role_id, new Set([link.team_uid])) - } - return map +function buildRoleTeamMap( + links: EnterpriseRoleTeamLink[], +): Map> { + const map = new Map>(); + for (const link of links) { + const set = map.get(link.role_id); + if (set) set.add(link.team_uid); + else map.set(link.role_id, new Set([link.team_uid])); + } + return map; } function buildUsernameMap(users: EnterpriseUser[]): Map { - const map = new Map() - for (const user of users) { - if (isNumber(user.enterprise_user_id) && user.username) { - map.set(user.enterprise_user_id, user.username) - } + const map = new Map(); + for (const user of users) { + if (isNumber(user.enterprise_user_id) && user.username) { + map.set(user.enterprise_user_id, user.username); } - return map + } + return map; } function buildTeamNameMap(teams: EnterpriseTeamRecord[]): Map { - const map = new Map() - for (const team of teams) { - if (team.team_uid) map.set(team.team_uid, (team.name || team.team_uid).trim()) - } - return map + const map = new Map(); + for (const team of teams) { + if (team.team_uid) + map.set(team.team_uid, (team.name || team.team_uid).trim()); + } + return map; } -function resolveSortedNames(ids: Set, nameById: Map): string[] { - const result: string[] = [] - for (const id of ids) { - const name = nameById.get(id) - if (name) result.push(name) - } - return result.sort((a, b) => a.localeCompare(b, undefined, { sensitivity: 'base' })) +function resolveSortedNames( + ids: Set, + nameById: Map, +): string[] { + const result: string[] = []; + for (const id of ids) { + const name = nameById.get(id); + if (name) result.push(name); + } + return result.sort((a, b) => + a.localeCompare(b, undefined, { sensitivity: "base" }), + ); } function decorateRow( - role: EnterpriseRole, - columns: readonly RoleColumn[], - context: DecorateContext + role: EnterpriseRole, + columns: readonly RoleColumn[], + context: DecorateContext, ): ListRoleRow { - const row: ListRoleRow = { role_id: role.role_id, name: roleDisplayName(role) } - - for (const col of columns) { - switch (col) { - case RoleColumn.VisibleBelow: - row.visible_below = role.visible_below ?? false - break - case RoleColumn.DefaultRole: - row.default_role = role.new_user_inherit ?? false - break - case RoleColumn.Admin: - row.admin = context.adminRoleIds.has(role.role_id) - break - case RoleColumn.Node: - row.node = context.nodePaths.get(role.node_id ?? 0) ?? '' - break - case RoleColumn.UserCount: - row.user_count = context.roleUsers.get(role.role_id)?.size ?? 0 - break - case RoleColumn.Users: { - const ids = context.roleUsers.get(role.role_id) - row.users = ids ? resolveSortedNames(ids, context.usernameById) : [] - break - } - case RoleColumn.TeamCount: - row.team_count = context.roleTeams.get(role.role_id)?.size ?? 0 - break - case RoleColumn.Teams: { - const uids = context.roleTeams.get(role.role_id) - row.teams = uids ? resolveSortedNames(uids, context.teamNameById) : [] - break - } - } + const row: ListRoleRow = { + role_id: role.role_id, + name: roleDisplayName(role), + }; + + for (const col of columns) { + switch (col) { + case RoleColumn.VisibleBelow: + row.visible_below = role.visible_below ?? false; + break; + case RoleColumn.DefaultRole: + row.default_role = role.new_user_inherit ?? false; + break; + case RoleColumn.Admin: + row.admin = context.adminRoleIds.has(role.role_id); + break; + case RoleColumn.Node: + row.node = context.nodePaths.get(role.node_id ?? 0) ?? ""; + break; + case RoleColumn.UserCount: + row.user_count = context.roleUsers.get(role.role_id)?.size ?? 0; + break; + case RoleColumn.Users: { + const ids = context.roleUsers.get(role.role_id); + row.users = ids ? resolveSortedNames(ids, context.usernameById) : []; + break; + } + case RoleColumn.TeamCount: + row.team_count = context.roleTeams.get(role.role_id)?.size ?? 0; + break; + case RoleColumn.Teams: { + const uids = context.roleTeams.get(role.role_id); + row.teams = uids ? resolveSortedNames(uids, context.teamNameById) : []; + break; + } } - return row + } + return row; } function formatListCell(values: string[] | undefined): string { - return values?.length ? values.join('\n') : '' + return values?.length ? values.join("\n") : ""; } function formatCell(row: ListRoleRow, col: RoleColumn): string { - switch (col) { - case RoleColumn.VisibleBelow: - return row.visible_below == null ? '' : row.visible_below ? 'Yes' : 'No' - case RoleColumn.DefaultRole: - return row.default_role == null ? '' : row.default_role ? 'Yes' : 'No' - case RoleColumn.Admin: - return row.admin == null ? '' : row.admin ? 'Yes' : 'No' - case RoleColumn.Node: - return row.node ?? '' - case RoleColumn.UserCount: - return row.user_count == null ? '' : String(row.user_count) - case RoleColumn.Users: - return formatListCell(row.users) - case RoleColumn.TeamCount: - return row.team_count == null ? '' : String(row.team_count) - case RoleColumn.Teams: - return formatListCell(row.teams) - } + switch (col) { + case RoleColumn.VisibleBelow: + return row.visible_below == null ? "" : row.visible_below ? "Yes" : "No"; + case RoleColumn.DefaultRole: + return row.default_role == null ? "" : row.default_role ? "Yes" : "No"; + case RoleColumn.Admin: + return row.admin == null ? "" : row.admin ? "Yes" : "No"; + case RoleColumn.Node: + return row.node ?? ""; + case RoleColumn.UserCount: + return row.user_count == null ? "" : String(row.user_count); + case RoleColumn.Users: + return formatListCell(row.users); + case RoleColumn.TeamCount: + return row.team_count == null ? "" : String(row.team_count); + case RoleColumn.Teams: + return formatListCell(row.teams); + } } diff --git a/KeeperSdk/src/roles/roleTypes.ts b/KeeperSdk/src/roles/roleTypes.ts index 09f95e0c..a15e8990 100644 --- a/KeeperSdk/src/roles/roleTypes.ts +++ b/KeeperSdk/src/roles/roleTypes.ts @@ -1,53 +1,54 @@ -import type { EnterpriseDataManagerApi } from '../teams/enterpriseData' +import type { EnterpriseDataManagerApi } from "../teams/enterpriseData"; export enum RoleColumn { - VisibleBelow = 'visible_below', - DefaultRole = 'default_role', - Admin = 'admin', - Node = 'node', - UserCount = 'user_count', - Users = 'users', - TeamCount = 'team_count', - Teams = 'teams', + VisibleBelow = "visible_below", + DefaultRole = "default_role", + Admin = "admin", + Node = "node", + UserCount = "user_count", + Users = "users", + TeamCount = "team_count", + Teams = "teams", } -export type RoleColumnInput = RoleColumn | `${RoleColumn}` +export type RoleColumnInput = RoleColumn | `${RoleColumn}`; -export const SUPPORTED_ROLE_COLUMNS: readonly RoleColumn[] = Object.values(RoleColumn) +export const SUPPORTED_ROLE_COLUMNS: readonly RoleColumn[] = + Object.values(RoleColumn); export const DEFAULT_ROLE_COLUMNS: readonly RoleColumn[] = [ - RoleColumn.DefaultRole, - RoleColumn.Admin, - RoleColumn.Node, - RoleColumn.UserCount, -] + RoleColumn.DefaultRole, + RoleColumn.Admin, + RoleColumn.Node, + RoleColumn.UserCount, +]; -export const ALL_COLUMNS_WILDCARD = '*' as const +export const ALL_COLUMNS_WILDCARD = "*" as const; export type ListRolesOptions = { - pattern?: string | null - columns?: RoleColumnInput[] | typeof ALL_COLUMNS_WILDCARD | string | null - enterpriseData?: EnterpriseDataManagerApi -} + pattern?: string | null; + columns?: RoleColumnInput[] | typeof ALL_COLUMNS_WILDCARD | string | null; + enterpriseData?: EnterpriseDataManagerApi; +}; export type ListRoleRow = { - role_id: number - name: string - visible_below?: boolean - default_role?: boolean - admin?: boolean - node?: string - user_count?: number - users?: string[] - team_count?: number - teams?: string[] -} + role_id: number; + name: string; + visible_below?: boolean; + default_role?: boolean; + admin?: boolean; + node?: string; + user_count?: number; + users?: string[]; + team_count?: number; + teams?: string[]; +}; export type FormattedRolesTable = { - headers: string[] - rows: string[][] -} + headers: string[]; + rows: string[][]; +}; export type FormatRolesTableOptions = { - columns?: ListRolesOptions['columns'] -} + columns?: ListRolesOptions["columns"]; +}; diff --git a/KeeperSdk/src/roles/roleUtils.ts b/KeeperSdk/src/roles/roleUtils.ts index 5e3c5037..2843fbd2 100644 --- a/KeeperSdk/src/roles/roleUtils.ts +++ b/KeeperSdk/src/roles/roleUtils.ts @@ -1,229 +1,268 @@ import { - roleEnforcementAddCommand, - roleEnforcementRemoveCommand, - roleEnforcementUpdateCommand, - type Auth, - type KeeperResponse, -} from '@keeper-security/keeperapi' -import { KeeperSdkError, ResultCodes } from '../utils' + roleEnforcementAddCommand, + roleEnforcementRemoveCommand, + roleEnforcementUpdateCommand, + type Auth, + type KeeperResponse, +} from "@keeper-security/keeperapi"; +import { KeeperSdkError, ResultCodes } from "../utils"; import { - EnterpriseDataManager, - type EnterpriseNode, - type EnterpriseRole, - type EnterpriseRoleEnforcementLink, -} from '../teams/enterpriseData' + EnterpriseDataManager, + type EnterpriseNode, + type EnterpriseRole, + type EnterpriseRoleEnforcementLink, +} from "../teams/enterpriseData"; -export const ROLE_TABLE_HEADERS = ['#', 'Status', 'Role Name', 'Role ID', 'Node ID', 'Detail'] as const -export const NODE_PATH_SEPARATOR = '\\' +export const ROLE_TABLE_HEADERS = [ + "#", + "Status", + "Role Name", + "Role ID", + "Node ID", + "Detail", +] as const; +export const NODE_PATH_SEPARATOR = "\\"; -export type RoleToggle = 'on' | 'off' -export type RoleToggleInput = RoleToggle | `${RoleToggle}` | null | undefined -export type EnforcementPair = { key: string; value: string } +export type RoleToggle = "on" | "off"; +export type RoleToggleInput = RoleToggle | `${RoleToggle}` | null | undefined; +export type EnforcementPair = { key: string; value: string }; -type RoleResultRow = { status: string; roleName: string; roleId: number; nodeId: number } +type RoleResultRow = { + status: string; + roleName: string; + roleId: number; + nodeId: number; +}; -export function normalizeIdentifiers(values: ReadonlyArray | null | undefined): string[] { - return (values || []) - .map((value) => (typeof value === 'string' ? value.trim() : '')) - .filter((value) => value.length > 0) +export function normalizeIdentifiers( + values: ReadonlyArray | null | undefined, +): string[] { + return (values || []) + .map((value) => (typeof value === "string" ? value.trim() : "")) + .filter((value) => value.length > 0); } export function validateRoleName(name: string): void { - if (!name.trim()) { - throw new KeeperSdkError('Role name cannot be empty.', ResultCodes.ROLE_NAME_EMPTY) - } + if (!name.trim()) { + throw new KeeperSdkError( + "Role name cannot be empty.", + ResultCodes.ROLE_NAME_EMPTY, + ); + } } -export function buildRolesByLowerName(roles: EnterpriseRole[]): Map { - const map = new Map() - for (const role of roles) { - const key = (role.displayName || '').trim().toLowerCase() - if (!key) continue - const bucket = map.get(key) - if (bucket) bucket.push(role) - else map.set(key, [role]) - } - return map +export function buildRolesByLowerName( + roles: EnterpriseRole[], +): Map { + const map = new Map(); + for (const role of roles) { + const key = (role.displayName || "").trim().toLowerCase(); + if (!key) continue; + const bucket = map.get(key); + if (bucket) bucket.push(role); + else map.set(key, [role]); + } + return map; } -export function resolveExistingRoles(roles: EnterpriseRole[], identifiers: string[]): EnterpriseRole[] { - const byId = new Map(roles.map((role) => [role.role_id, role])) - const byLowerName = buildRolesByLowerName(roles) - - const found = new Map() - const missing: string[] = [] - for (const identifier of identifiers) { - const trimmed = identifier.trim() - const numeric = Number(trimmed) - if (Number.isInteger(numeric) && byId.has(numeric)) { - const match = byId.get(numeric)! - found.set(match.role_id, match) - continue - } - const nameMatches = byLowerName.get(trimmed.toLowerCase()) - if (!nameMatches || nameMatches.length === 0) { - missing.push(trimmed) - continue - } - if (nameMatches.length > 1) { - throw new KeeperSdkError( - `Role name "${trimmed}" is not unique. Use Role ID instead.`, - ResultCodes.MULTIPLE_ROLE_MATCHES - ) - } - found.set(nameMatches[0].role_id, nameMatches[0]) - } +export function resolveExistingRoles( + roles: EnterpriseRole[], + identifiers: string[], +): EnterpriseRole[] { + const byId = new Map( + roles.map((role) => [role.role_id, role]), + ); + const byLowerName = buildRolesByLowerName(roles); - if (missing.length > 0) { - throw new KeeperSdkError( - `Role(s) "${missing.join(', ')}" could not be resolved.`, - ResultCodes.ROLE_NOT_FOUND - ) + const found = new Map(); + const missing: string[] = []; + for (const identifier of identifiers) { + const trimmed = identifier.trim(); + const numeric = Number(trimmed); + if (Number.isInteger(numeric) && byId.has(numeric)) { + const match = byId.get(numeric)!; + found.set(match.role_id, match); + continue; + } + const nameMatches = byLowerName.get(trimmed.toLowerCase()); + if (!nameMatches || nameMatches.length === 0) { + missing.push(trimmed); + continue; } - return Array.from(found.values()) + if (nameMatches.length > 1) { + throw new KeeperSdkError( + `Role name "${trimmed}" is not unique. Use Role ID instead.`, + ResultCodes.MULTIPLE_ROLE_MATCHES, + ); + } + found.set(nameMatches[0].role_id, nameMatches[0]); + } + + if (missing.length > 0) { + throw new KeeperSdkError( + `Role(s) "${missing.join(", ")}" could not be resolved.`, + ResultCodes.ROLE_NOT_FOUND, + ); + } + return Array.from(found.values()); } export function parseEnforcements(rawList: string[]): EnforcementPair[] { - return rawList - .map((raw) => { - const sep = raw.indexOf(':') - if (sep < 1) return null - const key = raw.slice(0, sep).trim() - const value = raw.slice(sep + 1).trim() - return key && value ? ({ key, value } as EnforcementPair) : null - }) - .filter((entry): entry is EnforcementPair => entry !== null) + return rawList + .map((raw) => { + const sep = raw.indexOf(":"); + if (sep < 1) return null; + const key = raw.slice(0, sep).trim(); + const value = raw.slice(sep + 1).trim(); + return key && value ? ({ key, value } as EnforcementPair) : null; + }) + .filter((entry): entry is EnforcementPair => entry !== null); } export function resolveToggle(input: RoleToggleInput): boolean | undefined { - if (input === 'on') return true - if (input === 'off') return false - return undefined + if (input === "on") return true; + if (input === "off") return false; + return undefined; } -export function applyDecryptedRoleNames(roles: EnterpriseRole[], decrypted: Map): void { - if (decrypted.size === 0) return - for (const role of roles) { - const display = decrypted.get(role.role_id) - if (display) role.displayName = display - } +export function applyDecryptedRoleNames( + roles: EnterpriseRole[], + decrypted: Map, +): void { + if (decrypted.size === 0) return; + for (const role of roles) { + const display = decrypted.get(role.role_id); + if (display) role.displayName = display; + } } -export function nodePathOrFallback(nodes: EnterpriseNode[], node: EnterpriseNode): string { - const path = EnterpriseDataManager.getNodePath(nodes, node.node_id, { - omitRoot: false, - separator: NODE_PATH_SEPARATOR, - }) - return path || (node.displayName || '').trim() || String(node.node_id) +export function nodePathOrFallback( + nodes: EnterpriseNode[], + node: EnterpriseNode, +): string { + const path = EnterpriseDataManager.getNodePath(nodes, node.node_id, { + omitRoot: false, + separator: NODE_PATH_SEPARATOR, + }); + return path || (node.displayName || "").trim() || String(node.node_id); } -export function assertCommandSucceeded(response: KeeperResponse, fallbackMessage: string, fallbackCode: string): void { - if ((response.result || '').toLowerCase() === 'fail') { - throw new KeeperSdkError( - response.message || response.result_code || fallbackMessage, - response.result_code || fallbackCode - ) - } +export function assertCommandSucceeded( + response: KeeperResponse, + fallbackMessage: string, + fallbackCode: string, +): void { + if ((response.result || "").toLowerCase() === "fail") { + throw new KeeperSdkError( + response.message || response.result_code || fallbackMessage, + response.result_code || fallbackCode, + ); + } } -const ENFORCEMENT_FALSE = new Set(['false', 'f', '0', 'off', 'no', 'n']) -const ENFORCEMENT_TRUE = new Set(['true', 't', '1', 'on', 'yes', 'y']) +const ENFORCEMENT_FALSE = new Set(["false", "f", "0", "off", "no", "n"]); +const ENFORCEMENT_TRUE = new Set(["true", "t", "1", "on", "yes", "y"]); function normalizeEnforcementKey(key: string): string { - return key.trim().toLowerCase().replace(/-/g, '_') + return key.trim().toLowerCase().replace(/-/g, "_"); } function roleHasEnforcement( - roleId: number, - enforcement: string, - links: readonly EnterpriseRoleEnforcementLink[] + roleId: number, + enforcement: string, + links: readonly EnterpriseRoleEnforcementLink[], ): boolean { - return links.some( - (link) => - link.role_id === roleId && normalizeEnforcementKey(link.enforcement_type) === enforcement - ) + return links.some( + (link) => + link.role_id === roleId && + normalizeEnforcementKey(link.enforcement_type) === enforcement, + ); } export async function applyRoleEnforcements( - auth: Auth, - roleId: number, - pairs: EnforcementPair[], - existingLinks: readonly EnterpriseRoleEnforcementLink[] = [] + auth: Auth, + roleId: number, + pairs: EnforcementPair[], + existingLinks: readonly EnterpriseRoleEnforcementLink[] = [], ): Promise { - for (const { key, value } of pairs) { - const enforcement = normalizeEnforcementKey(key) - const lower = value.trim().toLowerCase() - - if (ENFORCEMENT_FALSE.has(lower)) { - if (!roleHasEnforcement(roleId, enforcement, existingLinks)) continue - const response = await auth.executeRestCommand( - roleEnforcementRemoveCommand({ role_id: roleId, enforcement }) - ) - assertCommandSucceeded( - response, - `role_enforcement_remove failed: ${enforcement}`, - ResultCodes.ROLE_ENFORCEMENT_FAILED - ) - continue - } - - if (ENFORCEMENT_TRUE.has(lower)) { - const exists = roleHasEnforcement(roleId, enforcement, existingLinks) - const response = await auth.executeRestCommand( - exists - ? roleEnforcementUpdateCommand({ role_id: roleId, enforcement }) - : roleEnforcementAddCommand({ role_id: roleId, enforcement }) - ) - assertCommandSucceeded( - response, - `role_enforcement_${exists ? 'update' : 'add'} failed: ${enforcement}`, - ResultCodes.ROLE_ENFORCEMENT_FAILED - ) - continue - } - - const exists = roleHasEnforcement(roleId, enforcement, existingLinks) - const response = await auth.executeRestCommand( - exists - ? roleEnforcementUpdateCommand({ role_id: roleId, enforcement, value }) - : roleEnforcementAddCommand({ role_id: roleId, enforcement, value }) - ) - assertCommandSucceeded( - response, - `role_enforcement_${exists ? 'update' : 'add'} failed: ${enforcement}`, - ResultCodes.ROLE_ENFORCEMENT_FAILED - ) + for (const { key, value } of pairs) { + const enforcement = normalizeEnforcementKey(key); + const lower = value.trim().toLowerCase(); + + if (ENFORCEMENT_FALSE.has(lower)) { + if (!roleHasEnforcement(roleId, enforcement, existingLinks)) continue; + const response = await auth.executeRestCommand( + roleEnforcementRemoveCommand({ role_id: roleId, enforcement }), + ); + assertCommandSucceeded( + response, + `role_enforcement_remove failed: ${enforcement}`, + ResultCodes.ROLE_ENFORCEMENT_FAILED, + ); + continue; } + + if (ENFORCEMENT_TRUE.has(lower)) { + const exists = roleHasEnforcement(roleId, enforcement, existingLinks); + const response = await auth.executeRestCommand( + exists + ? roleEnforcementUpdateCommand({ role_id: roleId, enforcement }) + : roleEnforcementAddCommand({ role_id: roleId, enforcement }), + ); + assertCommandSucceeded( + response, + `role_enforcement_${exists ? "update" : "add"} failed: ${enforcement}`, + ResultCodes.ROLE_ENFORCEMENT_FAILED, + ); + continue; + } + + const exists = roleHasEnforcement(roleId, enforcement, existingLinks); + const response = await auth.executeRestCommand( + exists + ? roleEnforcementUpdateCommand({ role_id: roleId, enforcement, value }) + : roleEnforcementAddCommand({ role_id: roleId, enforcement, value }), + ); + assertCommandSucceeded( + response, + `role_enforcement_${exists ? "update" : "add"} failed: ${enforcement}`, + ResultCodes.ROLE_ENFORCEMENT_FAILED, + ); + } } export function buildRoleResultRows( - items: ReadonlyArray, - detailFor: (item: T) => string + items: ReadonlyArray, + detailFor: (item: T) => string, ): string[][] { - return items.map((item, index) => [ - String(index + 1), - item.status, - item.roleName, - String(item.roleId), - String(item.nodeId), - detailFor(item), - ]) + return items.map((item, index) => [ + String(index + 1), + item.status, + item.roleName, + String(item.roleId), + String(item.nodeId), + detailFor(item), + ]); } export function renderRoleResultTable( - headers: ReadonlyArray, - rows: string[][], - summary: string, - prefixLines: ReadonlyArray = [] + headers: ReadonlyArray, + rows: string[][], + summary: string, + prefixLines: ReadonlyArray = [], ): string { - const widths = headers.map((header, i) => Math.max(header.length, ...rows.map((row) => (row[i] || '').length))) - const pad = (cell: string, i: number) => cell + ' '.repeat(Math.max(0, widths[i] - cell.length)) - const formatRow = (cells: ReadonlyArray) => cells.map((cell, i) => pad(cell, i)).join(' ') - return [ - ...prefixLines, - formatRow(headers), - formatRow(widths.map((width) => '-'.repeat(width))), - ...rows.map(formatRow), - summary, - ].join('\n') + const widths = headers.map((header, i) => + Math.max(header.length, ...rows.map((row) => (row[i] || "").length)), + ); + const pad = (cell: string, i: number) => + cell + " ".repeat(Math.max(0, widths[i] - cell.length)); + const formatRow = (cells: ReadonlyArray) => + cells.map((cell, i) => pad(cell, i)).join(" "); + return [ + ...prefixLines, + formatRow(headers), + formatRow(widths.map((width) => "-".repeat(width))), + ...rows.map(formatRow), + summary, + ].join("\n"); } diff --git a/KeeperSdk/src/roles/updateRole.ts b/KeeperSdk/src/roles/updateRole.ts index d0fc5679..6b3918ef 100644 --- a/KeeperSdk/src/roles/updateRole.ts +++ b/KeeperSdk/src/roles/updateRole.ts @@ -1,173 +1,229 @@ import { - encryptObjectForStorage, - roleUpdateCommand, - type Auth, - type RoleEditRequest, -} from '@keeper-security/keeperapi' -import { extractErrorMessage, KeeperSdkError, ResultCodes } from '../utils' -import { EnterpriseDataInclude, EnterpriseDataManager, type EnterpriseRole } from '../teams/enterpriseData' + encryptObjectForStorage, + roleUpdateCommand, + type Auth, + type RoleEditRequest, +} from "@keeper-security/keeperapi"; +import { extractErrorMessage, KeeperSdkError, ResultCodes } from "../utils"; import { - applyDecryptedNodeNames, - applyEnterpriseNameToRoot, - parentNeedsNameLookup, - resolveParentNode, -} from '../teams/teamUtils' + EnterpriseDataInclude, + EnterpriseDataManager, + type EnterpriseRole, +} from "../teams/enterpriseData"; import { - applyDecryptedRoleNames, - applyRoleEnforcements, - assertCommandSucceeded, - buildRoleResultRows, - normalizeIdentifiers, - parseEnforcements, - renderRoleResultTable, - resolveExistingRoles, - resolveToggle, - ROLE_TABLE_HEADERS, - type RoleToggleInput, -} from './roleUtils' + applyDecryptedNodeNames, + applyEnterpriseNameToRoot, + parentNeedsNameLookup, + resolveParentNode, +} from "../teams/teamUtils"; +import { + applyDecryptedRoleNames, + applyRoleEnforcements, + assertCommandSucceeded, + buildRoleResultRows, + normalizeIdentifiers, + parseEnforcements, + renderRoleResultTable, + resolveExistingRoles, + resolveToggle, + ROLE_TABLE_HEADERS, + type RoleToggleInput, +} from "./roleUtils"; const UPDATE_ROLE_BASE_INCLUDES: EnterpriseDataInclude[] = [ - EnterpriseDataInclude.Nodes, - EnterpriseDataInclude.Roles, -] + EnterpriseDataInclude.Nodes, + EnterpriseDataInclude.Roles, +]; export enum UpdateRoleStatus { - Updated = 'updated', - Failed = 'failed', + Updated = "updated", + Failed = "failed", } export type UpdateRoleInput = { - roles: string[] - name?: string - parent?: string | number | null - newUser?: RoleToggleInput - visibleBelow?: RoleToggleInput - enforcements?: string[] -} + roles: string[]; + name?: string; + parent?: string | number | null; + newUser?: RoleToggleInput; + visibleBelow?: RoleToggleInput; + enforcements?: string[]; +}; export type UpdateRoleItemResult = { - roleId: number - roleName: string - nodeId: number - status: UpdateRoleStatus - message?: string -} + roleId: number; + roleName: string; + nodeId: number; + status: UpdateRoleStatus; + message?: string; +}; export type UpdateRoleResult = { - success: boolean - items: UpdateRoleItemResult[] - updated: number - failed: number -} + success: boolean; + items: UpdateRoleItemResult[]; + updated: number; + failed: number; +}; export type FormattedUpdateRoleTable = { - headers: string[] - rows: string[][] - summary: string -} - -export async function updateRoles(auth: Auth, input: UpdateRoleInput): Promise { - const identifiers = normalizeIdentifiers(input.roles) - if (identifiers.length === 0) { - throw new KeeperSdkError('No roles to update.', ResultCodes.NO_ROLES_TO_UPDATE) - } - - const newName = input.name?.trim() || undefined - if (newName && identifiers.length > 1) { - throw new KeeperSdkError( - 'Cannot rename more than one role in a single update.', - ResultCodes.ROLE_RENAME_MULTI_NOT_ALLOWED - ) - } - - const newUserInherit = resolveToggle(input.newUser) - const visibleBelow = resolveToggle(input.visibleBelow) - const enforcements = parseEnforcements(input.enforcements ?? []) - const includes = [...UPDATE_ROLE_BASE_INCLUDES] - if (enforcements.length > 0) includes.push(EnterpriseDataInclude.RoleEnforcements) - - const enterpriseData = new EnterpriseDataManager(auth) - const [response, displayNames] = await Promise.all([ - enterpriseData.getData(includes), - enterpriseData.getDisplayNames(), - ]) - - const nodes = response.nodes || [] - applyDecryptedNodeNames(nodes, displayNames.nodes) - applyEnterpriseNameToRoot(nodes, response.enterprise_name) - if (parentNeedsNameLookup(input.parent ?? null)) await enterpriseData.decryptNodeNames(nodes) - - const roles = response.roles || [] - applyDecryptedRoleNames(roles, displayNames.roles) - const resolvedRoles = resolveExistingRoles(roles, identifiers) - - let overrideNodeId: number | null = null - if (input.parent !== undefined && input.parent !== null && input.parent !== '') { - overrideNodeId = resolveParentNode(nodes, input.parent).node_id + headers: string[]; + rows: string[][]; + summary: string; +}; + +export async function updateRoles( + auth: Auth, + input: UpdateRoleInput, +): Promise { + const identifiers = normalizeIdentifiers(input.roles); + if (identifiers.length === 0) { + throw new KeeperSdkError( + "No roles to update.", + ResultCodes.NO_ROLES_TO_UPDATE, + ); + } + + const newName = input.name?.trim() || undefined; + if (newName && identifiers.length > 1) { + throw new KeeperSdkError( + "Cannot rename more than one role in a single update.", + ResultCodes.ROLE_RENAME_MULTI_NOT_ALLOWED, + ); + } + + const newUserInherit = resolveToggle(input.newUser); + const visibleBelow = resolveToggle(input.visibleBelow); + const enforcements = parseEnforcements(input.enforcements ?? []); + const includes = [...UPDATE_ROLE_BASE_INCLUDES]; + if (enforcements.length > 0) + includes.push(EnterpriseDataInclude.RoleEnforcements); + + const enterpriseData = new EnterpriseDataManager(auth); + const [response, displayNames] = await Promise.all([ + enterpriseData.getData(includes), + enterpriseData.getDisplayNames(), + ]); + + const nodes = response.nodes || []; + applyDecryptedNodeNames(nodes, displayNames.nodes); + applyEnterpriseNameToRoot(nodes, response.enterprise_name); + if (parentNeedsNameLookup(input.parent ?? null)) + await enterpriseData.decryptNodeNames(nodes); + + const roles = response.roles || []; + applyDecryptedRoleNames(roles, displayNames.roles); + const resolvedRoles = resolveExistingRoles(roles, identifiers); + + let overrideNodeId: number | null = null; + if ( + input.parent !== undefined && + input.parent !== null && + input.parent !== "" + ) { + overrideNodeId = resolveParentNode(nodes, input.parent).node_id; + } + + const needsTreeKey = + Boolean(newName) || resolvedRoles.some((role) => !role.encrypted_data); + const treeKey = needsTreeKey ? await enterpriseData.getTreeKey() : null; + + const items: UpdateRoleItemResult[] = []; + for (const role of resolvedRoles) { + const targetNodeId = overrideNodeId ?? role.node_id ?? 0; + const currentName = (role.displayName || "").trim() || String(role.role_id); + + try { + const payload: RoleEditRequest = { + role_id: role.role_id, + node_id: targetNodeId, + encrypted_data: await resolveEncryptedData( + role, + newName, + currentName, + treeKey, + ), + visible_below: visibleBelow ?? role.visible_below ?? false, + new_user_inherit: newUserInherit ?? role.new_user_inherit ?? false, + }; + await sendRoleUpdate(auth, payload); + await applyRoleEnforcements( + auth, + role.role_id, + enforcements, + response.role_enforcements || [], + ); + items.push({ + roleId: role.role_id, + roleName: newName || currentName, + nodeId: targetNodeId, + status: UpdateRoleStatus.Updated, + }); + } catch (err) { + items.push({ + roleId: role.role_id, + roleName: currentName, + nodeId: role.node_id ?? 0, + status: UpdateRoleStatus.Failed, + message: extractErrorMessage(err), + }); } + } - const needsTreeKey = Boolean(newName) || resolvedRoles.some((role) => !role.encrypted_data) - const treeKey = needsTreeKey ? await enterpriseData.getTreeKey() : null - - const items: UpdateRoleItemResult[] = [] - for (const role of resolvedRoles) { - const targetNodeId = overrideNodeId ?? role.node_id ?? 0 - const currentName = (role.displayName || '').trim() || String(role.role_id) - - try { - const payload: RoleEditRequest = { - role_id: role.role_id, - node_id: targetNodeId, - encrypted_data: await resolveEncryptedData(role, newName, currentName, treeKey), - visible_below: visibleBelow ?? role.visible_below ?? false, - new_user_inherit: newUserInherit ?? role.new_user_inherit ?? false, - } - await sendRoleUpdate(auth, payload) - await applyRoleEnforcements(auth, role.role_id, enforcements, response.role_enforcements || []) - items.push({ roleId: role.role_id, roleName: newName || currentName, nodeId: targetNodeId, status: UpdateRoleStatus.Updated }) - } catch (err) { - items.push({ roleId: role.role_id, roleName: currentName, nodeId: role.node_id ?? 0, status: UpdateRoleStatus.Failed, message: extractErrorMessage(err) }) - } - } - - return finalizeResult(items) + return finalizeResult(items); } -export function formatUpdateRoleResult(result: UpdateRoleResult): FormattedUpdateRoleTable { - return { - headers: [...ROLE_TABLE_HEADERS], - rows: buildRoleResultRows(result.items, (item) => item.message || ''), - summary: `Updated: ${result.updated} Failed: ${result.failed}`, - } +export function formatUpdateRoleResult( + result: UpdateRoleResult, +): FormattedUpdateRoleTable { + return { + headers: [...ROLE_TABLE_HEADERS], + rows: buildRoleResultRows(result.items, (item) => item.message || ""), + summary: `Updated: ${result.updated} Failed: ${result.failed}`, + }; } -export function renderUpdateRoleAsciiTable(table: FormattedUpdateRoleTable): string { - return renderRoleResultTable(table.headers, table.rows, table.summary) +export function renderUpdateRoleAsciiTable( + table: FormattedUpdateRoleTable, +): string { + return renderRoleResultTable(table.headers, table.rows, table.summary); } async function resolveEncryptedData( - role: EnterpriseRole, - newName: string | undefined, - currentName: string, - treeKey: Uint8Array | null + role: EnterpriseRole, + newName: string | undefined, + currentName: string, + treeKey: Uint8Array | null, ): Promise { - if (!newName && role.encrypted_data) return role.encrypted_data - if (!treeKey) { - throw new KeeperSdkError( - `Enterprise tree key is unavailable; cannot ${newName ? 'rename role' : 'preserve role name'}.`, - ResultCodes.ENTERPRISE_TREE_KEY_UNAVAILABLE - ) - } - return encryptObjectForStorage({ displayname: newName || currentName }, treeKey) + if (!newName && role.encrypted_data) return role.encrypted_data; + if (!treeKey) { + throw new KeeperSdkError( + `Enterprise tree key is unavailable; cannot ${newName ? "rename role" : "preserve role name"}.`, + ResultCodes.ENTERPRISE_TREE_KEY_UNAVAILABLE, + ); + } + return encryptObjectForStorage( + { displayname: newName || currentName }, + treeKey, + ); } -async function sendRoleUpdate(auth: Auth, payload: RoleEditRequest): Promise { - const response = await auth.executeRestCommand(roleUpdateCommand(payload)) - assertCommandSucceeded(response, `role_update failed for role_id=${payload.role_id}`, ResultCodes.ROLE_UPDATE_FAILED) +async function sendRoleUpdate( + auth: Auth, + payload: RoleEditRequest, +): Promise { + const response = await auth.executeRestCommand(roleUpdateCommand(payload)); + assertCommandSucceeded( + response, + `role_update failed for role_id=${payload.role_id}`, + ResultCodes.ROLE_UPDATE_FAILED, + ); } function finalizeResult(items: UpdateRoleItemResult[]): UpdateRoleResult { - const updated = items.filter((item) => item.status === UpdateRoleStatus.Updated).length - const failed = items.filter((item) => item.status === UpdateRoleStatus.Failed).length - return { success: failed === 0 && updated > 0, items, updated, failed } + const updated = items.filter( + (item) => item.status === UpdateRoleStatus.Updated, + ).length; + const failed = items.filter( + (item) => item.status === UpdateRoleStatus.Failed, + ).length; + return { success: failed === 0 && updated > 0, items, updated, failed }; } diff --git a/KeeperSdk/src/roles/viewRole.ts b/KeeperSdk/src/roles/viewRole.ts index e0aa336d..8edef129 100644 --- a/KeeperSdk/src/roles/viewRole.ts +++ b/KeeperSdk/src/roles/viewRole.ts @@ -1,448 +1,520 @@ -import type { Auth } from '@keeper-security/keeperapi' -import { KeeperSdkError, ResultCodes } from '../utils' +import type { Auth } from "@keeper-security/keeperapi"; +import { KeeperSdkError, ResultCodes } from "../utils"; import { - EnterpriseDataInclude, - EnterpriseDataManager, - type EnterpriseDisplayNames, - type EnterpriseNode, - type EnterpriseRole, - type EnterpriseRoleEnforcementLink, - type EnterpriseRoleManagedNodeLink, - type EnterpriseRolePrivilegeLink, - type EnterpriseRoleTeamLink, - type EnterpriseRoleUserLink, - type EnterpriseTeamRecord, - type EnterpriseUser, -} from '../teams/enterpriseData' - -const NODE_PATH_SEPARATOR = '\\' + EnterpriseDataInclude, + EnterpriseDataManager, + type EnterpriseDisplayNames, + type EnterpriseNode, + type EnterpriseRole, + type EnterpriseRoleEnforcementLink, + type EnterpriseRoleManagedNodeLink, + type EnterpriseRolePrivilegeLink, + type EnterpriseRoleTeamLink, + type EnterpriseRoleUserLink, + type EnterpriseTeamRecord, + type EnterpriseUser, +} from "../teams/enterpriseData"; + +const NODE_PATH_SEPARATOR = "\\"; const VIEW_ROLE_INCLUDES: EnterpriseDataInclude[] = [ - EnterpriseDataInclude.Roles, - EnterpriseDataInclude.Nodes, - EnterpriseDataInclude.Teams, - EnterpriseDataInclude.Users, - EnterpriseDataInclude.RoleUsers, - EnterpriseDataInclude.RoleTeams, - EnterpriseDataInclude.RolePrivileges, - EnterpriseDataInclude.ManagedNodes, - EnterpriseDataInclude.RoleEnforcements, -] + EnterpriseDataInclude.Roles, + EnterpriseDataInclude.Nodes, + EnterpriseDataInclude.Teams, + EnterpriseDataInclude.Users, + EnterpriseDataInclude.RoleUsers, + EnterpriseDataInclude.RoleTeams, + EnterpriseDataInclude.RolePrivileges, + EnterpriseDataInclude.ManagedNodes, + EnterpriseDataInclude.RoleEnforcements, +]; export type RoleTeamInfo = { - team_uid: string - team_name: string -} + team_uid: string; + team_name: string; +}; export type RoleUserInfo = { - enterprise_user_id: number - username: string -} + enterprise_user_id: number; + username: string; +}; export type RoleManagedNodeInfo = { - node_id: number - node_name: string - cascade: boolean - privileges: string[] -} + node_id: number; + node_name: string; + cascade: boolean; + privileges: string[]; +}; export type RoleEnforcementInfo = { - name: string - value: string -} + name: string; + value: string; +}; export type RoleView = { - role_id: number - role_name: string - node_id: number - node_name: string - default_role: boolean - visible_below: boolean - role_teams?: RoleTeamInfo[] - role_users?: RoleUserInfo[] - managed_nodes?: RoleManagedNodeInfo[] - role_enforcements: RoleEnforcementInfo[] -} + role_id: number; + role_name: string; + node_id: number; + node_name: string; + default_role: boolean; + visible_below: boolean; + role_teams?: RoleTeamInfo[]; + role_users?: RoleUserInfo[]; + managed_nodes?: RoleManagedNodeInfo[]; + role_enforcements: RoleEnforcementInfo[]; +}; export type FormatRoleViewOptions = { - verbose?: boolean -} + verbose?: boolean; +}; export type RoleViewTableRow = { - label: string - value: string | string[] - id?: number | number[] -} + label: string; + value: string | string[]; + id?: number | number[]; +}; export type FormattedRoleViewTable = { - mainRows: RoleViewTableRow[] - enforcementRows: RoleEnforcementInfo[] - managedNodeTable: FormattedManagedNodePrivilegeTable | null - hasIdColumn: boolean -} + mainRows: RoleViewTableRow[]; + enforcementRows: RoleEnforcementInfo[]; + managedNodeTable: FormattedManagedNodePrivilegeTable | null; + hasIdColumn: boolean; +}; export type FormattedManagedNodePrivilegeTable = { - nodeHeaders: string[] - privilegeRows: Array<{ privilege: string; granted: boolean[] }> - cascadeRow: boolean[] -} - -export async function viewRole(auth: Auth, identifier: string): Promise { - const enterpriseData = new EnterpriseDataManager(auth) - const [response, displayNames] = await Promise.all([ - enterpriseData.getData(VIEW_ROLE_INCLUDES), - enterpriseData.getDisplayNames(), - ]) - - const role = resolveRole(response.roles || [], displayNames.roles, identifier) - const nodePath = resolveNodePath(response.nodes || [], displayNames, role.node_id ?? 0) - - const roleTeams = buildRoleTeams(response.role_teams || [], response.teams || [], role.role_id) - const roleUsers = buildRoleUsers(response.role_users || [], response.users || [], role.role_id) - const managedNodes = buildManagedNodes( - response.managed_nodes || [], - response.role_privileges || [], - response.nodes || [], - displayNames, - role.role_id, - response.enterprise_name - ) - const enforcements = buildEnforcements(response.role_enforcements || [], role.role_id) - - const view: RoleView = { - role_id: role.role_id, - role_name: (role.displayName || '').trim() || String(role.role_id), - node_id: role.node_id ?? 0, - node_name: nodePath, - default_role: role.new_user_inherit ?? false, - visible_below: role.visible_below ?? false, - role_enforcements: enforcements, - } - if (roleTeams.length > 0) view.role_teams = roleTeams - if (roleUsers.length > 0) view.role_users = roleUsers - if (managedNodes.length > 0) view.managed_nodes = managedNodes - - return view + nodeHeaders: string[]; + privilegeRows: Array<{ privilege: string; granted: boolean[] }>; + cascadeRow: boolean[]; +}; + +export async function viewRole( + auth: Auth, + identifier: string, +): Promise { + const enterpriseData = new EnterpriseDataManager(auth); + const [response, displayNames] = await Promise.all([ + enterpriseData.getData(VIEW_ROLE_INCLUDES), + enterpriseData.getDisplayNames(), + ]); + + const role = resolveRole( + response.roles || [], + displayNames.roles, + identifier, + ); + const nodePath = resolveNodePath( + response.nodes || [], + displayNames, + role.node_id ?? 0, + ); + + const roleTeams = buildRoleTeams( + response.role_teams || [], + response.teams || [], + role.role_id, + ); + const roleUsers = buildRoleUsers( + response.role_users || [], + response.users || [], + role.role_id, + ); + const managedNodes = buildManagedNodes( + response.managed_nodes || [], + response.role_privileges || [], + response.nodes || [], + displayNames, + role.role_id, + response.enterprise_name, + ); + const enforcements = buildEnforcements( + response.role_enforcements || [], + role.role_id, + ); + + const view: RoleView = { + role_id: role.role_id, + role_name: (role.displayName || "").trim() || String(role.role_id), + node_id: role.node_id ?? 0, + node_name: nodePath, + default_role: role.new_user_inherit ?? false, + visible_below: role.visible_below ?? false, + role_enforcements: enforcements, + }; + if (roleTeams.length > 0) view.role_teams = roleTeams; + if (roleUsers.length > 0) view.role_users = roleUsers; + if (managedNodes.length > 0) view.managed_nodes = managedNodes; + + return view; } export function formatRoleView( - view: RoleView, - options: FormatRoleViewOptions = {} + view: RoleView, + options: FormatRoleViewOptions = {}, ): FormattedRoleViewTable { - const verbose = options.verbose === true - - const mainRows: RoleViewTableRow[] = [ - { label: 'Role ID', value: String(view.role_id) }, - { label: 'Role Name', value: view.role_name }, - { - label: 'Node Name', - value: view.node_name, - id: verbose ? view.node_id : undefined, - }, - { label: 'Default Role', value: boolText(view.default_role) }, - { label: 'Visible Below', value: boolText(view.visible_below) }, - ] - - if (view.role_users && view.role_users.length > 0) { - mainRows.push({ - label: 'User(s)', - value: view.role_users.map((u) => u.username), - id: verbose ? view.role_users.map((u) => u.enterprise_user_id) : undefined, - }) - } - - if (view.role_teams && view.role_teams.length > 0) { - mainRows.push({ - label: 'Team(s)', - value: view.role_teams.map((t) => t.team_name), - }) - } - - const managedNodeTable = buildFormattedManagedNodeTable(view.managed_nodes ?? []) - - return { - mainRows, - enforcementRows: view.role_enforcements, - managedNodeTable, - hasIdColumn: verbose, - } + const verbose = options.verbose === true; + + const mainRows: RoleViewTableRow[] = [ + { label: "Role ID", value: String(view.role_id) }, + { label: "Role Name", value: view.role_name }, + { + label: "Node Name", + value: view.node_name, + id: verbose ? view.node_id : undefined, + }, + { label: "Default Role", value: boolText(view.default_role) }, + { label: "Visible Below", value: boolText(view.visible_below) }, + ]; + + if (view.role_users && view.role_users.length > 0) { + mainRows.push({ + label: "User(s)", + value: view.role_users.map((u) => u.username), + id: verbose + ? view.role_users.map((u) => u.enterprise_user_id) + : undefined, + }); + } + + if (view.role_teams && view.role_teams.length > 0) { + mainRows.push({ + label: "Team(s)", + value: view.role_teams.map((t) => t.team_name), + }); + } + + const managedNodeTable = buildFormattedManagedNodeTable( + view.managed_nodes ?? [], + ); + + return { + mainRows, + enforcementRows: view.role_enforcements, + managedNodeTable, + hasIdColumn: verbose, + }; } export function roleViewTable(table: FormattedRoleViewTable): string { - const sections: string[] = [] + const sections: string[] = []; - sections.push(renderMainSection(table)) + sections.push(renderMainSection(table)); - sections.push(renderEnforcementsSection(table.enforcementRows)) + sections.push(renderEnforcementsSection(table.enforcementRows)); - if (table.managedNodeTable) { - sections.push(renderManagedNodesSection(table.managedNodeTable)) - } + if (table.managedNodeTable) { + sections.push(renderManagedNodesSection(table.managedNodeTable)); + } - return sections.join('\n\n') + return sections.join("\n\n"); } function resolveRole( - roles: EnterpriseRole[], - decryptedNames: Map, - identifier: string + roles: EnterpriseRole[], + decryptedNames: Map, + identifier: string, ): EnterpriseRole { - const trimmed = (identifier ?? '').trim() - if (!trimmed) { - throw new KeeperSdkError('Role name or ID is required.', ResultCodes.ROLE_REQUIRED) - } - - for (const role of roles) { - const display = decryptedNames.get(role.role_id) - if (display) role.displayName = display - } - - const numeric = Number(trimmed) - if (Number.isFinite(numeric) && Number.isInteger(numeric)) { - const byId = roles.find((r) => r.role_id === numeric) - if (byId) return byId - } - - const lowered = trimmed.toLowerCase() - const nameMatches = roles.filter( - (r) => (r.displayName || '').trim().toLowerCase() === lowered - ) - if (nameMatches.length === 1) return nameMatches[0] - if (nameMatches.length > 1) { - throw new KeeperSdkError( - `Multiple roles match name "${trimmed}". Specify the role ID instead.`, - ResultCodes.MULTIPLE_ROLE_MATCHES - ) - } - throw new KeeperSdkError(`Role "${trimmed}" does not exist.`, ResultCodes.ROLE_NOT_FOUND) + const trimmed = (identifier ?? "").trim(); + if (!trimmed) { + throw new KeeperSdkError( + "Role name or ID is required.", + ResultCodes.ROLE_REQUIRED, + ); + } + + for (const role of roles) { + const display = decryptedNames.get(role.role_id); + if (display) role.displayName = display; + } + + const numeric = Number(trimmed); + if (Number.isFinite(numeric) && Number.isInteger(numeric)) { + const byId = roles.find((r) => r.role_id === numeric); + if (byId) return byId; + } + + const lowered = trimmed.toLowerCase(); + const nameMatches = roles.filter( + (r) => (r.displayName || "").trim().toLowerCase() === lowered, + ); + if (nameMatches.length === 1) return nameMatches[0]; + if (nameMatches.length > 1) { + throw new KeeperSdkError( + `Multiple roles match name "${trimmed}". Specify the role ID instead.`, + ResultCodes.MULTIPLE_ROLE_MATCHES, + ); + } + throw new KeeperSdkError( + `Role "${trimmed}" does not exist.`, + ResultCodes.ROLE_NOT_FOUND, + ); } function resolveNodePath( - nodes: EnterpriseNode[], - displayNames: EnterpriseDisplayNames, - nodeId: number + nodes: EnterpriseNode[], + displayNames: EnterpriseDisplayNames, + nodeId: number, ): string { - for (const node of nodes) { - const display = displayNames.nodes.get(node.node_id) - if (display) node.displayName = display - } - return EnterpriseDataManager.getNodePath(nodes, nodeId, { - omitRoot: false, - separator: NODE_PATH_SEPARATOR, - }) + for (const node of nodes) { + const display = displayNames.nodes.get(node.node_id); + if (display) node.displayName = display; + } + return EnterpriseDataManager.getNodePath(nodes, nodeId, { + omitRoot: false, + separator: NODE_PATH_SEPARATOR, + }); } function buildRoleTeams( - roleTeamLinks: EnterpriseRoleTeamLink[], - teams: EnterpriseTeamRecord[], - roleId: number + roleTeamLinks: EnterpriseRoleTeamLink[], + teams: EnterpriseTeamRecord[], + roleId: number, ): RoleTeamInfo[] { - const teamByUid = new Map() - for (const team of teams) teamByUid.set(team.team_uid, team) - - const result: RoleTeamInfo[] = [] - for (const link of roleTeamLinks) { - if (link.role_id !== roleId) continue - const team = teamByUid.get(link.team_uid) - if (team) result.push({ team_uid: team.team_uid, team_name: (team.name || team.team_uid).trim() }) - } - result.sort((a, b) => a.team_name.localeCompare(b.team_name, undefined, { sensitivity: 'base' })) - return result + const teamByUid = new Map(); + for (const team of teams) teamByUid.set(team.team_uid, team); + + const result: RoleTeamInfo[] = []; + for (const link of roleTeamLinks) { + if (link.role_id !== roleId) continue; + const team = teamByUid.get(link.team_uid); + if (team) + result.push({ + team_uid: team.team_uid, + team_name: (team.name || team.team_uid).trim(), + }); + } + result.sort((a, b) => + a.team_name.localeCompare(b.team_name, undefined, { sensitivity: "base" }), + ); + return result; } function buildRoleUsers( - roleUserLinks: EnterpriseRoleUserLink[], - users: EnterpriseUser[], - roleId: number + roleUserLinks: EnterpriseRoleUserLink[], + users: EnterpriseUser[], + roleId: number, ): RoleUserInfo[] { - const userById = new Map() - for (const user of users) userById.set(user.enterprise_user_id, user) - - const result: RoleUserInfo[] = [] - for (const link of roleUserLinks) { - if (link.role_id !== roleId) continue - const user = userById.get(link.enterprise_user_id) - if (user?.username) { - result.push({ enterprise_user_id: link.enterprise_user_id, username: user.username }) - } + const userById = new Map(); + for (const user of users) userById.set(user.enterprise_user_id, user); + + const result: RoleUserInfo[] = []; + for (const link of roleUserLinks) { + if (link.role_id !== roleId) continue; + const user = userById.get(link.enterprise_user_id); + if (user?.username) { + result.push({ + enterprise_user_id: link.enterprise_user_id, + username: user.username, + }); } - result.sort((a, b) => a.username.localeCompare(b.username, undefined, { sensitivity: 'base' })) - return result + } + result.sort((a, b) => + a.username.localeCompare(b.username, undefined, { sensitivity: "base" }), + ); + return result; } function buildManagedNodes( - managedNodeLinks: EnterpriseRoleManagedNodeLink[], - privileges: EnterpriseRolePrivilegeLink[], - nodes: EnterpriseNode[], - displayNames: EnterpriseDisplayNames, - roleId: number, - enterpriseName?: string + managedNodeLinks: EnterpriseRoleManagedNodeLink[], + privileges: EnterpriseRolePrivilegeLink[], + nodes: EnterpriseNode[], + displayNames: EnterpriseDisplayNames, + roleId: number, + enterpriseName?: string, ): RoleManagedNodeInfo[] { - const nodeById = new Map() - for (const node of nodes) { - const display = displayNames.nodes.get(node.node_id) - if (display) node.displayName = display - nodeById.set(node.node_id, node) - } - - const privilegesByNode = new Map() - for (const p of privileges) { - if (p.role_id !== roleId || !p.privilege_type) continue - const list = privilegesByNode.get(p.managed_node_id) - if (list) list.push(p.privilege_type) - else privilegesByNode.set(p.managed_node_id, [p.privilege_type]) - } - - const result: RoleManagedNodeInfo[] = [] - for (const link of managedNodeLinks) { - if (link.role_id !== roleId) continue - const node = nodeById.get(link.managed_node_id) - let nodeName = (node?.displayName || '').trim() - if (!nodeName && node && !node.parent_id && enterpriseName) nodeName = enterpriseName - if (!nodeName) nodeName = String(link.managed_node_id) - const nodePrivileges = (privilegesByNode.get(link.managed_node_id) ?? []).sort() - result.push({ - node_id: link.managed_node_id, - node_name: nodeName, - cascade: link.cascade_node_management, - privileges: nodePrivileges, - }) - } - result.sort((a, b) => a.node_name.localeCompare(b.node_name, undefined, { sensitivity: 'base' })) - return result + const nodeById = new Map(); + for (const node of nodes) { + const display = displayNames.nodes.get(node.node_id); + if (display) node.displayName = display; + nodeById.set(node.node_id, node); + } + + const privilegesByNode = new Map(); + for (const p of privileges) { + if (p.role_id !== roleId || !p.privilege_type) continue; + const list = privilegesByNode.get(p.managed_node_id); + if (list) list.push(p.privilege_type); + else privilegesByNode.set(p.managed_node_id, [p.privilege_type]); + } + + const result: RoleManagedNodeInfo[] = []; + for (const link of managedNodeLinks) { + if (link.role_id !== roleId) continue; + const node = nodeById.get(link.managed_node_id); + let nodeName = (node?.displayName || "").trim(); + if (!nodeName && node && !node.parent_id && enterpriseName) + nodeName = enterpriseName; + if (!nodeName) nodeName = String(link.managed_node_id); + const nodePrivileges = ( + privilegesByNode.get(link.managed_node_id) ?? [] + ).sort(); + result.push({ + node_id: link.managed_node_id, + node_name: nodeName, + cascade: link.cascade_node_management, + privileges: nodePrivileges, + }); + } + result.sort((a, b) => + a.node_name.localeCompare(b.node_name, undefined, { sensitivity: "base" }), + ); + return result; } function buildEnforcements( - links: EnterpriseRoleEnforcementLink[], - roleId: number + links: EnterpriseRoleEnforcementLink[], + roleId: number, ): RoleEnforcementInfo[] { - const result: RoleEnforcementInfo[] = [] - for (const link of links) { - if (link.role_id !== roleId || !link.value) continue - result.push({ name: link.enforcement_type, value: link.value }) - } - result.sort((a, b) => a.name.localeCompare(b.name, undefined, { sensitivity: 'base' })) - return result + const result: RoleEnforcementInfo[] = []; + for (const link of links) { + if (link.role_id !== roleId || !link.value) continue; + result.push({ name: link.enforcement_type, value: link.value }); + } + result.sort((a, b) => + a.name.localeCompare(b.name, undefined, { sensitivity: "base" }), + ); + return result; } function buildFormattedManagedNodeTable( - managedNodes: RoleManagedNodeInfo[] + managedNodes: RoleManagedNodeInfo[], ): FormattedManagedNodePrivilegeTable | null { - if (managedNodes.length === 0) return null - - const allPrivileges = new Set() - for (const mn of managedNodes) { - for (const p of mn.privileges) allPrivileges.add(p) - } - - const privileges = [...allPrivileges].sort() - const privilegeRows = privileges.map((privilege) => ({ - privilege, - granted: managedNodes.map((mn) => mn.privileges.includes(privilege)), - })) - - return { - nodeHeaders: managedNodes.map((mn) => mn.node_name), - privilegeRows, - cascadeRow: managedNodes.map((mn) => mn.cascade), - } + if (managedNodes.length === 0) return null; + + const allPrivileges = new Set(); + for (const mn of managedNodes) { + for (const p of mn.privileges) allPrivileges.add(p); + } + + const privileges = [...allPrivileges].sort(); + const privilegeRows = privileges.map((privilege) => ({ + privilege, + granted: managedNodes.map((mn) => mn.privileges.includes(privilege)), + })); + + return { + nodeHeaders: managedNodes.map((mn) => mn.node_name), + privilegeRows, + cascadeRow: managedNodes.map((mn) => mn.cascade), + }; } function renderMainSection(table: FormattedRoleViewTable): string { - const { mainRows, hasIdColumn } = table - - const labelWidth = mainRows.reduce((max, row) => Math.max(max, row.label.length), 0) - const expandedRows = mainRows.map((row) => ({ - label: row.label, - valueLines: asLines(row.value), - idLines: hasIdColumn ? asIdLines(row.id) : [], - })) - - const valueWidth = expandedRows.reduce( - (max, row) => Math.max(max, ...row.valueLines.map((l) => l.length)), - 0 - ) - const idWidth = hasIdColumn - ? expandedRows.reduce((max, row) => Math.max(max, ...row.idLines.map((l) => l.length)), 0) - : 0 - - const columnWidths = hasIdColumn ? [labelWidth, valueWidth, idWidth] : [labelWidth, valueWidth] - const lines: string[] = [] - for (const row of expandedRows) { - const lineCount = Math.max(row.valueLines.length, hasIdColumn ? row.idLines.length : 0, 1) - for (let li = 0; li < lineCount; li++) { - const cells = [ - li === 0 ? row.label : '', - row.valueLines[li] ?? '', - ...(hasIdColumn ? [row.idLines[li] ?? ''] : []), - ] - lines.push(formatAsciiRow(cells, columnWidths)) - } + const { mainRows, hasIdColumn } = table; + + const labelWidth = mainRows.reduce( + (max, row) => Math.max(max, row.label.length), + 0, + ); + const expandedRows = mainRows.map((row) => ({ + label: row.label, + valueLines: asLines(row.value), + idLines: hasIdColumn ? asIdLines(row.id) : [], + })); + + const valueWidth = expandedRows.reduce( + (max, row) => Math.max(max, ...row.valueLines.map((l) => l.length)), + 0, + ); + const idWidth = hasIdColumn + ? expandedRows.reduce( + (max, row) => Math.max(max, ...row.idLines.map((l) => l.length)), + 0, + ) + : 0; + + const columnWidths = hasIdColumn + ? [labelWidth, valueWidth, idWidth] + : [labelWidth, valueWidth]; + const lines: string[] = []; + for (const row of expandedRows) { + const lineCount = Math.max( + row.valueLines.length, + hasIdColumn ? row.idLines.length : 0, + 1, + ); + for (let li = 0; li < lineCount; li++) { + const cells = [ + li === 0 ? row.label : "", + row.valueLines[li] ?? "", + ...(hasIdColumn ? [row.idLines[li] ?? ""] : []), + ]; + lines.push(formatAsciiRow(cells, columnWidths)); } - return lines.join('\n') + } + return lines.join("\n"); } function renderEnforcementsSection(rows: RoleEnforcementInfo[]): string { - const title = 'Role Enforcements' - if (rows.length === 0) return `${title}\n (none)` - - const nameWidth = Math.max('Name'.length, ...rows.map((r) => r.name.length)) - const valWidth = Math.max('Value'.length, ...rows.map((r) => r.value.length)) - const columnWidths = [nameWidth, valWidth] - - const lines: string[] = [ - title, - formatAsciiRow(['Name', 'Value'], columnWidths), - formatAsciiRow(['-'.repeat(nameWidth), '-'.repeat(valWidth)], columnWidths), - ...rows.map((r) => formatAsciiRow([r.name, r.value], columnWidths)), - ] - return lines.join('\n') + const title = "Role Enforcements"; + if (rows.length === 0) return `${title}\n (none)`; + + const nameWidth = Math.max("Name".length, ...rows.map((r) => r.name.length)); + const valWidth = Math.max("Value".length, ...rows.map((r) => r.value.length)); + const columnWidths = [nameWidth, valWidth]; + + const lines: string[] = [ + title, + formatAsciiRow(["Name", "Value"], columnWidths), + formatAsciiRow(["-".repeat(nameWidth), "-".repeat(valWidth)], columnWidths), + ...rows.map((r) => formatAsciiRow([r.name, r.value], columnWidths)), + ]; + return lines.join("\n"); } -function renderManagedNodesSection(table: FormattedManagedNodePrivilegeTable): string { - const title = 'Managed Node Privileges' - const colHeaders = ['Privilege', ...table.nodeHeaders] - - const colWidths = colHeaders.map((h) => h.length) - for (const row of table.privilegeRows) { - colWidths[0] = Math.max(colWidths[0], row.privilege.length) - row.granted.forEach((_, i) => { - colWidths[i + 1] = Math.max(colWidths[i + 1], 1) - }) - } - colWidths[0] = Math.max(colWidths[0], 'Cascade Node Permissions'.length) - - const formatRow = (cells: string[]) => formatAsciiRow(cells, colWidths) - - const rule = formatRow(colWidths.map((w) => '-'.repeat(w))) - const lines: string[] = [ - title, - formatRow(colHeaders), - rule, - ...table.privilegeRows.map((row) => - formatRow([row.privilege, ...row.granted.map((g) => (g ? 'X' : ''))]) - ), - rule, - formatRow(['Cascade Node Permissions', ...table.cascadeRow.map((c) => (c ? 'X' : ''))]), - ] - return lines.join('\n') +function renderManagedNodesSection( + table: FormattedManagedNodePrivilegeTable, +): string { + const title = "Managed Node Privileges"; + const colHeaders = ["Privilege", ...table.nodeHeaders]; + + const colWidths = colHeaders.map((h) => h.length); + for (const row of table.privilegeRows) { + colWidths[0] = Math.max(colWidths[0], row.privilege.length); + row.granted.forEach((_, i) => { + colWidths[i + 1] = Math.max(colWidths[i + 1], 1); + }); + } + colWidths[0] = Math.max(colWidths[0], "Cascade Node Permissions".length); + + const formatRow = (cells: string[]) => formatAsciiRow(cells, colWidths); + + const rule = formatRow(colWidths.map((w) => "-".repeat(w))); + const lines: string[] = [ + title, + formatRow(colHeaders), + rule, + ...table.privilegeRows.map((row) => + formatRow([row.privilege, ...row.granted.map((g) => (g ? "X" : ""))]), + ), + rule, + formatRow([ + "Cascade Node Permissions", + ...table.cascadeRow.map((c) => (c ? "X" : "")), + ]), + ]; + return lines.join("\n"); } function boolText(value: boolean): string { - return value ? 'True' : 'False' + return value ? "True" : "False"; } function asLines(value: string | string[]): string[] { - if (Array.isArray(value)) return value.length > 0 ? value : [''] - return [value] + if (Array.isArray(value)) return value.length > 0 ? value : [""]; + return [value]; } function asIdLines(id: number | number[] | undefined): string[] { - if (id == null) return [] - if (Array.isArray(id)) return id.length > 0 ? id.map(String) : [''] - return [String(id)] + if (id == null) return []; + if (Array.isArray(id)) return id.length > 0 ? id.map(String) : [""]; + return [String(id)]; } function formatAsciiRow(cells: string[], widths: number[]): string { - return cells.map((cell, index) => cell + ' '.repeat(Math.max(0, widths[index] - cell.length))).join(' ') -} \ No newline at end of file + return cells + .map( + (cell, index) => + cell + " ".repeat(Math.max(0, widths[index] - cell.length)), + ) + .join(" "); +} diff --git a/KeeperSdk/src/sharedFolders/SharedFolderManager.ts b/KeeperSdk/src/sharedFolders/SharedFolderManager.ts index bac940f3..f088145d 100644 --- a/KeeperSdk/src/sharedFolders/SharedFolderManager.ts +++ b/KeeperSdk/src/sharedFolders/SharedFolderManager.ts @@ -1,57 +1,64 @@ -import type { Auth } from '@keeper-security/keeperapi' -import { InMemoryStorage } from '../storage/InMemoryStorage' -import { KeeperSdkError, ResultCodes } from '../utils' +import type { Auth } from "@keeper-security/keeperapi"; +import { InMemoryStorage } from "../storage/InMemoryStorage"; +import { KeeperSdkError, ResultCodes } from "../utils"; import { - formatSharedFoldersTable, - listSharedFolders, - renderSharedFoldersAsciiTable, -} from './listSharedFolders' + formatSharedFoldersTable, + listSharedFolders, + renderSharedFoldersAsciiTable, +} from "./listSharedFolders"; import type { - FormattedSharedFoldersTable, - ListSharedFolderRow, - ListSharedFoldersOptions, -} from './listSharedFolders' -import { shareFolder } from './shareFolder' -import type { ShareFolderInput, ShareFolderResult } from './shareFolder' + FormattedSharedFoldersTable, + ListSharedFolderRow, + ListSharedFoldersOptions, +} from "./listSharedFolders"; +import { shareFolder } from "./shareFolder"; +import type { ShareFolderInput, ShareFolderResult } from "./shareFolder"; -export type AuthProvider = () => Auth +export type AuthProvider = () => Auth; export class SharedFolderManager { - private readonly storage: InMemoryStorage - private readonly authProvider: AuthProvider + private readonly storage: InMemoryStorage; + private readonly authProvider: AuthProvider; - constructor(storage: InMemoryStorage, authProvider: AuthProvider) { - this.storage = storage - this.authProvider = authProvider - } + constructor(storage: InMemoryStorage, authProvider: AuthProvider) { + this.storage = storage; + this.authProvider = authProvider; + } - private requireAuth(): Auth { - const auth = this.authProvider() - if (!auth) { - throw new KeeperSdkError('Not logged in. Call login() first.', ResultCodes.NOT_LOGGED_IN) - } - return auth + private requireAuth(): Auth { + const auth = this.authProvider(); + if (!auth) { + throw new KeeperSdkError( + "Not logged in. Call login() first.", + ResultCodes.NOT_LOGGED_IN, + ); } + return auth; + } - public listSharedFolders(options: ListSharedFoldersOptions = {}): ListSharedFolderRow[] { - return listSharedFolders(this.storage, options) - } + public listSharedFolders( + options: ListSharedFoldersOptions = {}, + ): ListSharedFolderRow[] { + return listSharedFolders(this.storage, options); + } - public formatSharedFoldersTable( - rows: ListSharedFolderRow[], - options: { verbose?: boolean; columnWidth?: number } = {} - ): FormattedSharedFoldersTable { - return formatSharedFoldersTable(rows, options) - } + public formatSharedFoldersTable( + rows: ListSharedFolderRow[], + options: { verbose?: boolean; columnWidth?: number } = {}, + ): FormattedSharedFoldersTable { + return formatSharedFoldersTable(rows, options); + } - public renderSharedFoldersAsciiTable( - table: FormattedSharedFoldersTable, - options: { minColWidth?: number } = {} - ): string { - return renderSharedFoldersAsciiTable(table, options) - } + public renderSharedFoldersAsciiTable( + table: FormattedSharedFoldersTable, + options: { minColWidth?: number } = {}, + ): string { + return renderSharedFoldersAsciiTable(table, options); + } - public async shareFolder(input: ShareFolderInput): Promise { - return shareFolder(this.requireAuth(), this.storage, input) - } + public async shareFolder( + input: ShareFolderInput, + ): Promise { + return shareFolder(this.requireAuth(), this.storage, input); + } } diff --git a/KeeperSdk/src/sharedFolders/listSharedFolders.ts b/KeeperSdk/src/sharedFolders/listSharedFolders.ts index ac484bf3..660dc89a 100644 --- a/KeeperSdk/src/sharedFolders/listSharedFolders.ts +++ b/KeeperSdk/src/sharedFolders/listSharedFolders.ts @@ -1,173 +1,212 @@ import type { - DSharedFolder, - DSharedFolderRecord, - DSharedFolderTeam, - DSharedFolderUser, -} from '@keeper-security/keeperapi' -import { InMemoryStorage } from '../storage/InMemoryStorage' -import { TOKEN_SEPARATOR_PATTERN } from '../utils' -import { FolderKind, VaultObjectKind } from '../folders/folderHelpers' + DSharedFolder, + DSharedFolderRecord, + DSharedFolderTeam, + DSharedFolderUser, +} from "@keeper-security/keeperapi"; +import { InMemoryStorage } from "../storage/InMemoryStorage"; +import { TOKEN_SEPARATOR_PATTERN } from "../utils"; +import { FolderKind, VaultObjectKind } from "../folders/folderHelpers"; export type ListSharedFoldersOptions = { - pattern?: string | null - verbose?: boolean - includeDetails?: boolean -} + pattern?: string | null; + verbose?: boolean; + includeDetails?: boolean; +}; export type ListSharedFolderRow = { - shared_folder_uid: string - name: string - team_count?: number - user_count?: number - record_count?: number - default_manage_records?: boolean - default_manage_users?: boolean - default_can_edit?: boolean - default_can_share?: boolean -} - -const DEFAULT_COLUMN_WIDTH = 40 -const MIN_TRUNCATE_PREFIX = 3 + shared_folder_uid: string; + name: string; + team_count?: number; + user_count?: number; + record_count?: number; + default_manage_records?: boolean; + default_manage_users?: boolean; + default_can_edit?: boolean; + default_can_share?: boolean; +}; + +const DEFAULT_COLUMN_WIDTH = 40; +const MIN_TRUNCATE_PREFIX = 3; function sharedFolderDisplayName(folder: DSharedFolder): string { - return (folder.name || folder.uid).trim() || folder.uid + return (folder.name || folder.uid).trim() || folder.uid; } -function findSharedFolders(storage: InMemoryStorage, pattern: string): DSharedFolder[] { - const searchWords = tokenize(pattern.toLowerCase()) - const matches: DSharedFolder[] = [] - for (const sharedFolder of storage.getAll(FolderKind.SharedFolder)) { - const uid = sharedFolder.uid - const name = sharedFolderDisplayName(sharedFolder).toLowerCase() - const entityWords = tokenize(`${uid} ${name}`) - if (matchEntity(entityWords, searchWords)) { - matches.push(sharedFolder) - } +function findSharedFolders( + storage: InMemoryStorage, + pattern: string, +): DSharedFolder[] { + const searchWords = tokenize(pattern.toLowerCase()); + const matches: DSharedFolder[] = []; + for (const sharedFolder of storage.getAll( + FolderKind.SharedFolder, + )) { + const uid = sharedFolder.uid; + const name = sharedFolderDisplayName(sharedFolder).toLowerCase(); + const entityWords = tokenize(`${uid} ${name}`); + if (matchEntity(entityWords, searchWords)) { + matches.push(sharedFolder); } - return matches + } + return matches; } function matchEntity(entityWords: string[], searchWords: string[]): boolean { - if (!searchWords || searchWords.length === 0) return true - if (!entityWords || entityWords.length === 0) return false - for (const entityWord of entityWords) { - for (const searchWord of searchWords) { - if (searchWord.length <= entityWord.length && entityWord.includes(searchWord)) { - return true - } - } + if (!searchWords || searchWords.length === 0) return true; + if (!entityWords || entityWords.length === 0) return false; + for (const entityWord of entityWords) { + for (const searchWord of searchWords) { + if ( + searchWord.length <= entityWord.length && + entityWord.includes(searchWord) + ) { + return true; + } } - return false + } + return false; } function tokenize(text: string): string[] { - return text.split(TOKEN_SEPARATOR_PATTERN).filter((token) => token.length > 0) + return text + .split(TOKEN_SEPARATOR_PATTERN) + .filter((token) => token.length > 0); } -function countBySharedFolderUid(items: T[], sharedFolderUid: string): number { - let count = 0 - for (const item of items) { - if (item.sharedFolderUid === sharedFolderUid) count += 1 - } - return count +function countBySharedFolderUid( + items: T[], + sharedFolderUid: string, +): number { + let count = 0; + for (const item of items) { + if (item.sharedFolderUid === sharedFolderUid) count += 1; + } + return count; } -function countTeamsForFolder(storage: InMemoryStorage, sharedFolderUid: string): number { - return countBySharedFolderUid(storage.getAll(VaultObjectKind.SharedFolderTeam), sharedFolderUid) +function countTeamsForFolder( + storage: InMemoryStorage, + sharedFolderUid: string, +): number { + return countBySharedFolderUid( + storage.getAll(VaultObjectKind.SharedFolderTeam), + sharedFolderUid, + ); } -function countUsersForFolder(storage: InMemoryStorage, sharedFolderUid: string): number { - return countBySharedFolderUid(storage.getAll(VaultObjectKind.SharedFolderUser), sharedFolderUid) +function countUsersForFolder( + storage: InMemoryStorage, + sharedFolderUid: string, +): number { + return countBySharedFolderUid( + storage.getAll(VaultObjectKind.SharedFolderUser), + sharedFolderUid, + ); } -function countRecordsForFolder(storage: InMemoryStorage, sharedFolderUid: string): number { - return countBySharedFolderUid( - storage.getAll(VaultObjectKind.SharedFolderRecord), - sharedFolderUid - ) +function countRecordsForFolder( + storage: InMemoryStorage, + sharedFolderUid: string, +): number { + return countBySharedFolderUid( + storage.getAll(VaultObjectKind.SharedFolderRecord), + sharedFolderUid, + ); } export function listSharedFolders( - storage: InMemoryStorage, - options: ListSharedFoldersOptions = {} + storage: InMemoryStorage, + options: ListSharedFoldersOptions = {}, ): ListSharedFolderRow[] { - const { pattern, includeDetails = false } = options - const sharedFolders: DSharedFolder[] = pattern - ? findSharedFolders(storage, pattern) - : storage.getAll(FolderKind.SharedFolder) - - return sharedFolders.map((sharedFolder) => { - const shared_folder_uid = sharedFolder.uid - const name = sharedFolderDisplayName(sharedFolder) - const row: ListSharedFolderRow = { shared_folder_uid, name } - if (includeDetails) { - row.record_count = countRecordsForFolder(storage, shared_folder_uid) - row.user_count = countUsersForFolder(storage, shared_folder_uid) - row.team_count = countTeamsForFolder(storage, shared_folder_uid) - row.default_manage_records = sharedFolder.defaultManageRecords - row.default_manage_users = sharedFolder.defaultManageUsers - row.default_can_edit = sharedFolder.defaultCanEdit - row.default_can_share = sharedFolder.defaultCanShare - } - return row - }) + const { pattern, includeDetails = false } = options; + const sharedFolders: DSharedFolder[] = pattern + ? findSharedFolders(storage, pattern) + : storage.getAll(FolderKind.SharedFolder); + + return sharedFolders.map((sharedFolder) => { + const shared_folder_uid = sharedFolder.uid; + const name = sharedFolderDisplayName(sharedFolder); + const row: ListSharedFolderRow = { shared_folder_uid, name }; + if (includeDetails) { + row.record_count = countRecordsForFolder(storage, shared_folder_uid); + row.user_count = countUsersForFolder(storage, shared_folder_uid); + row.team_count = countTeamsForFolder(storage, shared_folder_uid); + row.default_manage_records = sharedFolder.defaultManageRecords; + row.default_manage_users = sharedFolder.defaultManageUsers; + row.default_can_edit = sharedFolder.defaultCanEdit; + row.default_can_share = sharedFolder.defaultCanShare; + } + return row; + }); } export type FormattedSharedFoldersTable = { - headers: string[] - rows: string[][] -} + headers: string[]; + rows: string[][]; +}; function truncateText(text: string, maxLength: number): string { - if (!text) return '' - if (text.length <= maxLength) return text - if (maxLength <= MIN_TRUNCATE_PREFIX) return text.slice(0, maxLength) - return `${text.slice(0, maxLength - MIN_TRUNCATE_PREFIX)}...` + if (!text) return ""; + if (text.length <= maxLength) return text; + if (maxLength <= MIN_TRUNCATE_PREFIX) return text.slice(0, maxLength); + return `${text.slice(0, maxLength - MIN_TRUNCATE_PREFIX)}...`; } export function formatSharedFoldersTable( - rows: ListSharedFolderRow[], - options: { verbose?: boolean; columnWidth?: number } = {} + rows: ListSharedFolderRow[], + options: { verbose?: boolean; columnWidth?: number } = {}, ): FormattedSharedFoldersTable { - const { verbose = false, columnWidth = DEFAULT_COLUMN_WIDTH } = options - const maxWidth = verbose ? null : columnWidth - const headers = ['#', 'Shared Folder UID', 'Name'] - const outRows: string[][] = rows.map((row, rowIndex) => { - const uid = maxWidth == null ? row.shared_folder_uid : truncateText(row.shared_folder_uid, maxWidth) - const name = maxWidth == null ? row.name : truncateText(row.name, maxWidth) - return [String(rowIndex + 1), uid, name] - }) - return { headers, rows: outRows } + const { verbose = false, columnWidth = DEFAULT_COLUMN_WIDTH } = options; + const maxWidth = verbose ? null : columnWidth; + const headers = ["#", "Shared Folder UID", "Name"]; + const outRows: string[][] = rows.map((row, rowIndex) => { + const uid = + maxWidth == null + ? row.shared_folder_uid + : truncateText(row.shared_folder_uid, maxWidth); + const name = maxWidth == null ? row.name : truncateText(row.name, maxWidth); + return [String(rowIndex + 1), uid, name]; + }); + return { headers, rows: outRows }; } export function renderSharedFoldersAsciiTable( - table: FormattedSharedFoldersTable, - options: { minColWidth?: number } = {} + table: FormattedSharedFoldersTable, + options: { minColWidth?: number } = {}, ): string { - const { minColWidth = 2 } = options - const { headers, rows } = table - const columnCount = headers.length - const columnWidths: number[] = new Array(columnCount).fill(0) + const { minColWidth = 2 } = options; + const { headers, rows } = table; + const columnCount = headers.length; + const columnWidths: number[] = new Array(columnCount).fill(0); + for (let columnIndex = 0; columnIndex < columnCount; columnIndex += 1) { + columnWidths[columnIndex] = Math.max( + headers[columnIndex].length, + minColWidth, + ); + } + for (const row of rows) { for (let columnIndex = 0; columnIndex < columnCount; columnIndex += 1) { - columnWidths[columnIndex] = Math.max(headers[columnIndex].length, minColWidth) - } - for (const row of rows) { - for (let columnIndex = 0; columnIndex < columnCount; columnIndex += 1) { - const cell = row[columnIndex] || '' - columnWidths[columnIndex] = Math.max(columnWidths[columnIndex], cell.length, minColWidth) - } - } - const padCell = (cell: string, columnIndex: number) => - cell + ' '.repeat(columnWidths[columnIndex] - cell.length) - const formatRow = (cells: string[]) => cells.map((cell, columnIndex) => padCell(cell, columnIndex)).join(' ') - const ruleRow = Array.from({ length: columnCount }, (_unused, columnIndex) => - '-'.repeat(columnWidths[columnIndex]) - ) - .map((dashes, columnIndex) => padCell(dashes, columnIndex)) - .join(' ') - const lines: string[] = [formatRow(headers), ruleRow] - for (const row of rows) { - lines.push(formatRow(row)) + const cell = row[columnIndex] || ""; + columnWidths[columnIndex] = Math.max( + columnWidths[columnIndex], + cell.length, + minColWidth, + ); } - return lines.join('\n') + } + const padCell = (cell: string, columnIndex: number) => + cell + " ".repeat(columnWidths[columnIndex] - cell.length); + const formatRow = (cells: string[]) => + cells.map((cell, columnIndex) => padCell(cell, columnIndex)).join(" "); + const ruleRow = Array.from({ length: columnCount }, (_unused, columnIndex) => + "-".repeat(columnWidths[columnIndex]), + ) + .map((dashes, columnIndex) => padCell(dashes, columnIndex)) + .join(" "); + const lines: string[] = [formatRow(headers), ruleRow]; + for (const row of rows) { + lines.push(formatRow(row)); + } + return lines.join("\n"); } diff --git a/KeeperSdk/src/sharedFolders/shareFolder.ts b/KeeperSdk/src/sharedFolders/shareFolder.ts index 98d622c9..d229390b 100644 --- a/KeeperSdk/src/sharedFolders/shareFolder.ts +++ b/KeeperSdk/src/sharedFolders/shareFolder.ts @@ -1,457 +1,546 @@ import type { - Auth, - Authentication, - DSharedFolder, - DSharedFolderFolder, - DSharedFolderUser, - DUserFolder, -} from '@keeper-security/keeperapi' + Auth, + Authentication, + DSharedFolder, + DSharedFolderFolder, + DSharedFolderUser, + DUserFolder, +} from "@keeper-security/keeperapi"; import { - Folder, - getPublicKeysMessage, - normal64Bytes, - platform, - sharedFolderUpdateV3Message, -} from '@keeper-security/keeperapi' -import { InMemoryStorage } from '../storage/InMemoryStorage' -import { extractErrorMessage, isBoolean, isObject, isValidEmail, KeeperSdkError } from '../utils' -import { FolderKind, FolderResultStatus, VaultObjectKind } from '../folders/folderHelpers' + Folder, + getPublicKeysMessage, + normal64Bytes, + platform, + sharedFolderUpdateV3Message, +} from "@keeper-security/keeperapi"; +import { InMemoryStorage } from "../storage/InMemoryStorage"; +import { + extractErrorMessage, + isBoolean, + isObject, + isValidEmail, + KeeperSdkError, +} from "../utils"; +import { + FolderKind, + FolderResultStatus, + VaultObjectKind, +} from "../folders/folderHelpers"; export enum ShareFolderAction { - Grant = 'grant', - Remove = 'remove', + Grant = "grant", + Remove = "remove", } -export type ShareFolderActionInput = ShareFolderAction | `${ShareFolderAction}` +export type ShareFolderActionInput = ShareFolderAction | `${ShareFolderAction}`; export enum ShareFolderUserResultStatus { - Success = 'success', - Invited = 'invited', - MissingPublicKey = 'missing_public_key', - Unknown = 'unknown', + Success = "success", + Invited = "invited", + MissingPublicKey = "missing_public_key", + Unknown = "unknown", } export type ShareFolderInput = { - folder: string - emails: string[] - action?: ShareFolderActionInput - manageRecords?: boolean - manageUsers?: boolean -} + folder: string; + emails: string[]; + action?: ShareFolderActionInput; + manageRecords?: boolean; + manageUsers?: boolean; +}; export type ShareFolderUserStatus = { - email: string - success: boolean - status: string - message?: string -} + email: string; + success: boolean; + status: string; + message?: string; +}; export type ShareFolderResult = { - success: boolean - message?: string - folderUid: string - folderKind: FolderKind.SharedFolder - sharedFolderUid: string - results: ShareFolderUserStatus[] -} + success: boolean; + message?: string; + folderUid: string; + folderKind: FolderKind.SharedFolder; + sharedFolderUid: string; + results: ShareFolderUserStatus[]; +}; type ResolvedFolder = - | { - kind: FolderKind.SharedFolder - folderUid: string - sharedFolderUid: string - displayName: string - } - | { - kind: FolderKind.SharedFolderFolder - folderUid: string - sharedFolderUid: string - displayName: string - } - | { kind: FolderKind.UserFolder; folderUid: string; displayName: string } + | { + kind: FolderKind.SharedFolder; + folderUid: string; + sharedFolderUid: string; + displayName: string; + } + | { + kind: FolderKind.SharedFolderFolder; + folderUid: string; + sharedFolderUid: string; + displayName: string; + } + | { kind: FolderKind.UserFolder; folderUid: string; displayName: string }; type UserPublicKeys = { - rsaPublicKey: Uint8Array | null - eccPublicKey: Uint8Array | null - errorCode?: string - message?: string - username: string -} + rsaPublicKey: Uint8Array | null; + eccPublicKey: Uint8Array | null; + errorCode?: string; + message?: string; + username: string; +}; function toSetBoolean(value: boolean | undefined): Folder.SetBooleanValue { - if (value === true) return Folder.SetBooleanValue.BOOLEAN_TRUE - if (value === false) return Folder.SetBooleanValue.BOOLEAN_FALSE - return Folder.SetBooleanValue.BOOLEAN_NO_CHANGE + if (value === true) return Folder.SetBooleanValue.BOOLEAN_TRUE; + if (value === false) return Folder.SetBooleanValue.BOOLEAN_FALSE; + return Folder.SetBooleanValue.BOOLEAN_NO_CHANGE; } function dataName(data: unknown): string { - if (isObject(data)) { - const { title, name } = data as { title?: string; name?: string } - return (title || name || '').trim() - } - return '' + if (isObject(data)) { + const { title, name } = data as { title?: string; name?: string }; + return (title || name || "").trim(); + } + return ""; } -function resolveFolder(storage: InMemoryStorage, nameOrUid: string): ResolvedFolder | undefined { - const trimmedNameOrUid = nameOrUid.trim() - if (!trimmedNameOrUid) return undefined - - const sharedFolder = storage.getByUid(FolderKind.SharedFolder, trimmedNameOrUid) - if (sharedFolder) { - return { - kind: FolderKind.SharedFolder, - folderUid: sharedFolder.uid, - sharedFolderUid: sharedFolder.uid, - displayName: (sharedFolder.name || sharedFolder.uid).trim() || sharedFolder.uid, - } - } - const sharedFolderFolder = storage.getByUid(FolderKind.SharedFolderFolder, trimmedNameOrUid) - if (sharedFolderFolder) { - return { - kind: FolderKind.SharedFolderFolder, - folderUid: sharedFolderFolder.uid, - sharedFolderUid: sharedFolderFolder.sharedFolderUid, - displayName: dataName(sharedFolderFolder.data) || sharedFolderFolder.uid, - } - } - const userFolder = storage.getByUid(FolderKind.UserFolder, trimmedNameOrUid) - if (userFolder) { - return { - kind: FolderKind.UserFolder, - folderUid: userFolder.uid, - displayName: dataName(userFolder.data) || userFolder.uid, - } - } - - const lowerNameOrUid = trimmedNameOrUid.toLowerCase() - for (const candidateSharedFolder of storage.getAll(FolderKind.SharedFolder)) { - if ((candidateSharedFolder.name || '').trim().toLowerCase() === lowerNameOrUid) { - return { - kind: FolderKind.SharedFolder, - folderUid: candidateSharedFolder.uid, - sharedFolderUid: candidateSharedFolder.uid, - displayName: candidateSharedFolder.name || candidateSharedFolder.uid, - } - } +function resolveFolder( + storage: InMemoryStorage, + nameOrUid: string, +): ResolvedFolder | undefined { + const trimmedNameOrUid = nameOrUid.trim(); + if (!trimmedNameOrUid) return undefined; + + const sharedFolder = storage.getByUid( + FolderKind.SharedFolder, + trimmedNameOrUid, + ); + if (sharedFolder) { + return { + kind: FolderKind.SharedFolder, + folderUid: sharedFolder.uid, + sharedFolderUid: sharedFolder.uid, + displayName: + (sharedFolder.name || sharedFolder.uid).trim() || sharedFolder.uid, + }; + } + const sharedFolderFolder = storage.getByUid( + FolderKind.SharedFolderFolder, + trimmedNameOrUid, + ); + if (sharedFolderFolder) { + return { + kind: FolderKind.SharedFolderFolder, + folderUid: sharedFolderFolder.uid, + sharedFolderUid: sharedFolderFolder.sharedFolderUid, + displayName: dataName(sharedFolderFolder.data) || sharedFolderFolder.uid, + }; + } + const userFolder = storage.getByUid( + FolderKind.UserFolder, + trimmedNameOrUid, + ); + if (userFolder) { + return { + kind: FolderKind.UserFolder, + folderUid: userFolder.uid, + displayName: dataName(userFolder.data) || userFolder.uid, + }; + } + + const lowerNameOrUid = trimmedNameOrUid.toLowerCase(); + for (const candidateSharedFolder of storage.getAll( + FolderKind.SharedFolder, + )) { + if ( + (candidateSharedFolder.name || "").trim().toLowerCase() === lowerNameOrUid + ) { + return { + kind: FolderKind.SharedFolder, + folderUid: candidateSharedFolder.uid, + sharedFolderUid: candidateSharedFolder.uid, + displayName: candidateSharedFolder.name || candidateSharedFolder.uid, + }; } - for (const candidateSharedFolderFolder of storage.getAll(FolderKind.SharedFolderFolder)) { - const candidateName = dataName(candidateSharedFolderFolder.data) - if (candidateName && candidateName.toLowerCase() === lowerNameOrUid) { - return { - kind: FolderKind.SharedFolderFolder, - folderUid: candidateSharedFolderFolder.uid, - sharedFolderUid: candidateSharedFolderFolder.sharedFolderUid, - displayName: candidateName, - } - } + } + for (const candidateSharedFolderFolder of storage.getAll( + FolderKind.SharedFolderFolder, + )) { + const candidateName = dataName(candidateSharedFolderFolder.data); + if (candidateName && candidateName.toLowerCase() === lowerNameOrUid) { + return { + kind: FolderKind.SharedFolderFolder, + folderUid: candidateSharedFolderFolder.uid, + sharedFolderUid: candidateSharedFolderFolder.sharedFolderUid, + displayName: candidateName, + }; } - for (const candidateUserFolder of storage.getAll(FolderKind.UserFolder)) { - const candidateName = dataName(candidateUserFolder.data) - if (candidateName && candidateName.toLowerCase() === lowerNameOrUid) { - return { - kind: FolderKind.UserFolder, - folderUid: candidateUserFolder.uid, - displayName: candidateName, - } - } + } + for (const candidateUserFolder of storage.getAll( + FolderKind.UserFolder, + )) { + const candidateName = dataName(candidateUserFolder.data); + if (candidateName && candidateName.toLowerCase() === lowerNameOrUid) { + return { + kind: FolderKind.UserFolder, + folderUid: candidateUserFolder.uid, + displayName: candidateName, + }; } + } - return undefined + return undefined; } -async function fetchUserPublicKeys(auth: Auth, emails: string[]): Promise> { - const usernameToKeys = new Map() - if (emails.length === 0) return usernameToKeys - - const keysRequest = getPublicKeysMessage({ usernames: emails }) - let response: Authentication.IGetPublicKeysResponse - try { - response = await auth.executeRest(keysRequest) - } catch (err) { - throw new KeeperSdkError(`Failed to fetch public keys: ${extractErrorMessage(err)}`) - } - for (const entry of response.keyResponses || []) { - const username = (entry.username || '').toLowerCase() - if (!username) continue - usernameToKeys.set(username, { - username: entry.username || '', - rsaPublicKey: entry.publicKey && entry.publicKey.length > 0 ? (entry.publicKey as Uint8Array) : null, - eccPublicKey: - entry.publicEccKey && entry.publicEccKey.length > 0 ? (entry.publicEccKey as Uint8Array) : null, - errorCode: entry.errorCode || undefined, - message: entry.message || undefined, - }) - } - return usernameToKeys +async function fetchUserPublicKeys( + auth: Auth, + emails: string[], +): Promise> { + const usernameToKeys = new Map(); + if (emails.length === 0) return usernameToKeys; + + const keysRequest = getPublicKeysMessage({ usernames: emails }); + let response: Authentication.IGetPublicKeysResponse; + try { + response = await auth.executeRest(keysRequest); + } catch (err) { + throw new KeeperSdkError( + `Failed to fetch public keys: ${extractErrorMessage(err)}`, + ); + } + for (const entry of response.keyResponses || []) { + const username = (entry.username || "").toLowerCase(); + if (!username) continue; + usernameToKeys.set(username, { + username: entry.username || "", + rsaPublicKey: + entry.publicKey && entry.publicKey.length > 0 + ? (entry.publicKey as Uint8Array) + : null, + eccPublicKey: + entry.publicEccKey && entry.publicEccKey.length > 0 + ? (entry.publicEccKey as Uint8Array) + : null, + errorCode: entry.errorCode || undefined, + message: entry.message || undefined, + }); + } + return usernameToKeys; } function dedupeEmails(emails: string[]): string[] { - const seen = new Set() - const dedupedEmails: string[] = [] - for (const rawEmail of emails) { - const normalized = (rawEmail || '').trim().toLowerCase() - if (!normalized) continue - if (seen.has(normalized)) continue - seen.add(normalized) - dedupedEmails.push(normalized) - } - return dedupedEmails + const seen = new Set(); + const dedupedEmails: string[] = []; + for (const rawEmail of emails) { + const normalized = (rawEmail || "").trim().toLowerCase(); + if (!normalized) continue; + if (seen.has(normalized)) continue; + seen.add(normalized); + dedupedEmails.push(normalized); + } + return dedupedEmails; } async function removeFromSharedFolder( - auth: Auth, - sharedFolder: DSharedFolder, - resolved: Extract, - emails: string[] + auth: Auth, + sharedFolder: DSharedFolder, + resolved: Extract< + ResolvedFolder, + { kind: FolderKind.SharedFolder | FolderKind.SharedFolderFolder } + >, + emails: string[], ): Promise { - const updateRequest: Folder.ISharedFolderUpdateV3Request = { - sharedFolderUid: normal64Bytes(sharedFolder.uid), - revision: sharedFolder.revision, - forceUpdate: false, - sharedFolderRemoveUser: emails, - } - - let response: Folder.ISharedFolderUpdateV3ResponseV2 - try { - response = await auth.executeRest(sharedFolderUpdateV3Message({ sharedFoldersUpdateV3: [updateRequest] })) - } catch (err) { - return { - success: false, - folderUid: resolved.folderUid, - sharedFolderUid: sharedFolder.uid, - folderKind: FolderKind.SharedFolder, - message: `shared_folder_update_v3 (remove) failed for "${resolved.displayName}" (uid=${sharedFolder.uid}): ${extractErrorMessage(err)}`, - results: [], - } - } - - const innerResponse = (response.sharedFoldersUpdateV3Response || [])[0] - const requestOk = !innerResponse?.status || innerResponse.status === FolderResultStatus.Success - - const userResults: ShareFolderUserStatus[] = [] - for (const userStatus of innerResponse?.sharedFolderRemoveUserStatus || []) { - const status = userStatus.status || ShareFolderUserResultStatus.Unknown - userResults.push({ - email: userStatus.username || '', - success: status === FolderResultStatus.Success, - status, - }) - } - - const allUsersOk = userResults.length > 0 && userResults.every((userResult) => userResult.success) - - const failureReason = !requestOk - ? innerResponse?.status || - `shared_folder_update_v3 (remove) failed for "${resolved.displayName}" (uid=${sharedFolder.uid}): server returned no status` - : undefined - + const updateRequest: Folder.ISharedFolderUpdateV3Request = { + sharedFolderUid: normal64Bytes(sharedFolder.uid), + revision: sharedFolder.revision, + forceUpdate: false, + sharedFolderRemoveUser: emails, + }; + + let response: Folder.ISharedFolderUpdateV3ResponseV2; + try { + response = await auth.executeRest( + sharedFolderUpdateV3Message({ sharedFoldersUpdateV3: [updateRequest] }), + ); + } catch (err) { return { - success: requestOk && allUsersOk, - folderUid: resolved.folderUid, - sharedFolderUid: sharedFolder.uid, - folderKind: FolderKind.SharedFolder, - message: failureReason, - results: userResults, - } + success: false, + folderUid: resolved.folderUid, + sharedFolderUid: sharedFolder.uid, + folderKind: FolderKind.SharedFolder, + message: `shared_folder_update_v3 (remove) failed for "${resolved.displayName}" (uid=${sharedFolder.uid}): ${extractErrorMessage(err)}`, + results: [], + }; + } + + const innerResponse = (response.sharedFoldersUpdateV3Response || [])[0]; + const requestOk = + !innerResponse?.status || + innerResponse.status === FolderResultStatus.Success; + + const userResults: ShareFolderUserStatus[] = []; + for (const userStatus of innerResponse?.sharedFolderRemoveUserStatus || []) { + const status = userStatus.status || ShareFolderUserResultStatus.Unknown; + userResults.push({ + email: userStatus.username || "", + success: status === FolderResultStatus.Success, + status, + }); + } + + const allUsersOk = + userResults.length > 0 && + userResults.every((userResult) => userResult.success); + + const failureReason = !requestOk + ? innerResponse?.status || + `shared_folder_update_v3 (remove) failed for "${resolved.displayName}" (uid=${sharedFolder.uid}): server returned no status` + : undefined; + + return { + success: requestOk && allUsersOk, + folderUid: resolved.folderUid, + sharedFolderUid: sharedFolder.uid, + folderKind: FolderKind.SharedFolder, + message: failureReason, + results: userResults, + }; } async function shareWithSharedFolder( - auth: Auth, - storage: InMemoryStorage, - resolved: Extract, - input: ShareFolderInput + auth: Auth, + storage: InMemoryStorage, + resolved: Extract< + ResolvedFolder, + { kind: FolderKind.SharedFolder | FolderKind.SharedFolderFolder } + >, + input: ShareFolderInput, ): Promise { - const sharedFolder = storage.getByUid(FolderKind.SharedFolder, resolved.sharedFolderUid) - if (!sharedFolder) { - throw new KeeperSdkError(`Shared folder "${resolved.sharedFolderUid}" not found.`, 'shared_folder_not_found') - } - const sharedFolderKey = await storage.getKeyBytes(sharedFolder.uid) - if (!sharedFolderKey) { - throw new KeeperSdkError( - 'Shared folder encryption key not available. Sync the vault and try again.', - 'shared_folder_key_missing' - ) - } - - const emails = dedupeEmails(input.emails) - if (emails.length === 0) { - throw new KeeperSdkError('Provide at least one user email.', 'no_emails') - } - - const invalidEmails = emails.filter((email) => !isValidEmail(email)) - if (invalidEmails.length > 0) { - throw new KeeperSdkError(`Invalid email(s): ${invalidEmails.join(', ')}`, 'invalid_email') - } - - if (input.action === ShareFolderAction.Remove) { - return removeFromSharedFolder(auth, sharedFolder, resolved, emails) - } - - const existingMembers = new Set() - for (const sharedFolderUser of storage.getAll(VaultObjectKind.SharedFolderUser)) { - if (sharedFolderUser.sharedFolderUid === sharedFolder.uid && sharedFolderUser.accountUsername) { - existingMembers.add(sharedFolderUser.accountUsername.toLowerCase()) - } - } - - const newEmails = emails.filter((email) => !existingMembers.has(email)) - const usernameToKeys = await fetchUserPublicKeys(auth, newEmails) - - const usersToAdd: Folder.ISharedFolderUpdateUser[] = [] - const usersToUpdate: Folder.ISharedFolderUpdateUser[] = [] - const userResults: ShareFolderUserStatus[] = [] - - const newUserManageRecords = isBoolean(input.manageRecords) - ? input.manageRecords - : sharedFolder.defaultManageRecords - const newUserManageUsers = isBoolean(input.manageUsers) - ? input.manageUsers - : sharedFolder.defaultManageUsers - - for (const email of emails) { - if (existingMembers.has(email)) { - usersToUpdate.push({ - username: email, - manageRecords: toSetBoolean(input.manageRecords), - manageUsers: toSetBoolean(input.manageUsers), - }) - continue - } - - const publicKeys = usernameToKeys.get(email) - if (!publicKeys) { - userResults.push({ - email, - success: false, - status: ShareFolderUserResultStatus.MissingPublicKey, - message: `No public key returned for user "${email}" (folder="${resolved.displayName}")`, - }) - continue - } - if (publicKeys.errorCode) { - userResults.push({ - email, - success: false, - status: publicKeys.errorCode, - message: publicKeys.message || publicKeys.errorCode, - }) - continue - } - - let encryptedKey: Uint8Array - let encryptedKeyType: Folder.EncryptedKeyType - if (publicKeys.rsaPublicKey) { - const rsaPublicKeyBase64 = platform.bytesToBase64(publicKeys.rsaPublicKey) - encryptedKey = platform.publicEncrypt(sharedFolderKey, rsaPublicKeyBase64) - encryptedKeyType = Folder.EncryptedKeyType.encrypted_by_public_key - } else if (publicKeys.eccPublicKey) { - encryptedKey = await platform.publicEncryptEC(sharedFolderKey, publicKeys.eccPublicKey) - encryptedKeyType = Folder.EncryptedKeyType.encrypted_by_public_key_ecc - } else { - userResults.push({ - email, - success: false, - status: ShareFolderUserResultStatus.MissingPublicKey, - message: `No usable public key for user "${email}" (folder="${resolved.displayName}")`, - }) - continue - } - - usersToAdd.push({ - username: email, - manageRecords: toSetBoolean(newUserManageRecords), - manageUsers: toSetBoolean(newUserManageUsers), - typedSharedFolderKey: { encryptedKey, encryptedKeyType }, - }) + const sharedFolder = storage.getByUid( + FolderKind.SharedFolder, + resolved.sharedFolderUid, + ); + if (!sharedFolder) { + throw new KeeperSdkError( + `Shared folder "${resolved.sharedFolderUid}" not found.`, + "shared_folder_not_found", + ); + } + const sharedFolderKey = await storage.getKeyBytes(sharedFolder.uid); + if (!sharedFolderKey) { + throw new KeeperSdkError( + "Shared folder encryption key not available. Sync the vault and try again.", + "shared_folder_key_missing", + ); + } + + const emails = dedupeEmails(input.emails); + if (emails.length === 0) { + throw new KeeperSdkError("Provide at least one user email.", "no_emails"); + } + + const invalidEmails = emails.filter((email) => !isValidEmail(email)); + if (invalidEmails.length > 0) { + throw new KeeperSdkError( + `Invalid email(s): ${invalidEmails.join(", ")}`, + "invalid_email", + ); + } + + if (input.action === ShareFolderAction.Remove) { + return removeFromSharedFolder(auth, sharedFolder, resolved, emails); + } + + const existingMembers = new Set(); + for (const sharedFolderUser of storage.getAll( + VaultObjectKind.SharedFolderUser, + )) { + if ( + sharedFolderUser.sharedFolderUid === sharedFolder.uid && + sharedFolderUser.accountUsername + ) { + existingMembers.add(sharedFolderUser.accountUsername.toLowerCase()); } - - if (usersToAdd.length === 0 && usersToUpdate.length === 0) { - return { - success: false, - folderUid: resolved.folderUid, - sharedFolderUid: sharedFolder.uid, - folderKind: FolderKind.SharedFolder, - message: `No users could be processed for shared folder "${resolved.displayName}" (uid=${sharedFolder.uid}).`, - results: userResults, - } + } + + const newEmails = emails.filter((email) => !existingMembers.has(email)); + const usernameToKeys = await fetchUserPublicKeys(auth, newEmails); + + const usersToAdd: Folder.ISharedFolderUpdateUser[] = []; + const usersToUpdate: Folder.ISharedFolderUpdateUser[] = []; + const userResults: ShareFolderUserStatus[] = []; + + const newUserManageRecords = isBoolean(input.manageRecords) + ? input.manageRecords + : sharedFolder.defaultManageRecords; + const newUserManageUsers = isBoolean(input.manageUsers) + ? input.manageUsers + : sharedFolder.defaultManageUsers; + + for (const email of emails) { + if (existingMembers.has(email)) { + usersToUpdate.push({ + username: email, + manageRecords: toSetBoolean(input.manageRecords), + manageUsers: toSetBoolean(input.manageUsers), + }); + continue; } - const updateRequest: Folder.ISharedFolderUpdateV3Request = { - sharedFolderUid: normal64Bytes(sharedFolder.uid), - revision: sharedFolder.revision, - forceUpdate: false, + const publicKeys = usernameToKeys.get(email); + if (!publicKeys) { + userResults.push({ + email, + success: false, + status: ShareFolderUserResultStatus.MissingPublicKey, + message: `No public key returned for user "${email}" (folder="${resolved.displayName}")`, + }); + continue; } - if (usersToAdd.length > 0) updateRequest.sharedFolderAddUser = usersToAdd - if (usersToUpdate.length > 0) updateRequest.sharedFolderUpdateUser = usersToUpdate - - let response: Folder.ISharedFolderUpdateV3ResponseV2 - try { - response = await auth.executeRest(sharedFolderUpdateV3Message({ sharedFoldersUpdateV3: [updateRequest] })) - } catch (err) { - return { - success: false, - folderUid: resolved.folderUid, - sharedFolderUid: sharedFolder.uid, - folderKind: FolderKind.SharedFolder, - message: `shared_folder_update_v3 (grant) failed for "${resolved.displayName}" (uid=${sharedFolder.uid}): ${extractErrorMessage(err)}`, - results: userResults, - } + if (publicKeys.errorCode) { + userResults.push({ + email, + success: false, + status: publicKeys.errorCode, + message: publicKeys.message || publicKeys.errorCode, + }); + continue; } - const innerResponse = (response.sharedFoldersUpdateV3Response || [])[0] - const requestOk = !innerResponse?.status || innerResponse.status === FolderResultStatus.Success - - for (const addUserStatus of innerResponse?.sharedFolderAddUserStatus || []) { - const status = addUserStatus.status || ShareFolderUserResultStatus.Unknown - const success = status === FolderResultStatus.Success || status === FolderResultStatus.Invited - userResults.push({ - email: addUserStatus.username || '', - success, - status, - }) - } - for (const updateUserStatus of innerResponse?.sharedFolderUpdateUserStatus || []) { - const status = updateUserStatus.status || ShareFolderUserResultStatus.Unknown - userResults.push({ - email: updateUserStatus.username || '', - success: status === FolderResultStatus.Success, - status, - }) + let encryptedKey: Uint8Array; + let encryptedKeyType: Folder.EncryptedKeyType; + if (publicKeys.rsaPublicKey) { + const rsaPublicKeyBase64 = platform.bytesToBase64( + publicKeys.rsaPublicKey, + ); + encryptedKey = platform.publicEncrypt( + sharedFolderKey, + rsaPublicKeyBase64, + ); + encryptedKeyType = Folder.EncryptedKeyType.encrypted_by_public_key; + } else if (publicKeys.eccPublicKey) { + encryptedKey = await platform.publicEncryptEC( + sharedFolderKey, + publicKeys.eccPublicKey, + ); + encryptedKeyType = Folder.EncryptedKeyType.encrypted_by_public_key_ecc; + } else { + userResults.push({ + email, + success: false, + status: ShareFolderUserResultStatus.MissingPublicKey, + message: `No usable public key for user "${email}" (folder="${resolved.displayName}")`, + }); + continue; } - const allUsersOk = userResults.length > 0 && userResults.every((userResult) => userResult.success) - - const failureReason = !requestOk - ? innerResponse?.status || - `shared_folder_update_v3 (grant) failed for "${resolved.displayName}" (uid=${sharedFolder.uid}): server returned no status` - : undefined + usersToAdd.push({ + username: email, + manageRecords: toSetBoolean(newUserManageRecords), + manageUsers: toSetBoolean(newUserManageUsers), + typedSharedFolderKey: { encryptedKey, encryptedKeyType }, + }); + } + if (usersToAdd.length === 0 && usersToUpdate.length === 0) { return { - success: requestOk && allUsersOk, - folderUid: resolved.folderUid, - sharedFolderUid: sharedFolder.uid, - folderKind: FolderKind.SharedFolder, - message: failureReason, - results: userResults, - } + success: false, + folderUid: resolved.folderUid, + sharedFolderUid: sharedFolder.uid, + folderKind: FolderKind.SharedFolder, + message: `No users could be processed for shared folder "${resolved.displayName}" (uid=${sharedFolder.uid}).`, + results: userResults, + }; + } + + const updateRequest: Folder.ISharedFolderUpdateV3Request = { + sharedFolderUid: normal64Bytes(sharedFolder.uid), + revision: sharedFolder.revision, + forceUpdate: false, + }; + if (usersToAdd.length > 0) updateRequest.sharedFolderAddUser = usersToAdd; + if (usersToUpdate.length > 0) + updateRequest.sharedFolderUpdateUser = usersToUpdate; + + let response: Folder.ISharedFolderUpdateV3ResponseV2; + try { + response = await auth.executeRest( + sharedFolderUpdateV3Message({ sharedFoldersUpdateV3: [updateRequest] }), + ); + } catch (err) { + return { + success: false, + folderUid: resolved.folderUid, + sharedFolderUid: sharedFolder.uid, + folderKind: FolderKind.SharedFolder, + message: `shared_folder_update_v3 (grant) failed for "${resolved.displayName}" (uid=${sharedFolder.uid}): ${extractErrorMessage(err)}`, + results: userResults, + }; + } + + const innerResponse = (response.sharedFoldersUpdateV3Response || [])[0]; + const requestOk = + !innerResponse?.status || + innerResponse.status === FolderResultStatus.Success; + + for (const addUserStatus of innerResponse?.sharedFolderAddUserStatus || []) { + const status = addUserStatus.status || ShareFolderUserResultStatus.Unknown; + const success = + status === FolderResultStatus.Success || + status === FolderResultStatus.Invited; + userResults.push({ + email: addUserStatus.username || "", + success, + status, + }); + } + for (const updateUserStatus of innerResponse?.sharedFolderUpdateUserStatus || + []) { + const status = + updateUserStatus.status || ShareFolderUserResultStatus.Unknown; + userResults.push({ + email: updateUserStatus.username || "", + success: status === FolderResultStatus.Success, + status, + }); + } + + const allUsersOk = + userResults.length > 0 && + userResults.every((userResult) => userResult.success); + + const failureReason = !requestOk + ? innerResponse?.status || + `shared_folder_update_v3 (grant) failed for "${resolved.displayName}" (uid=${sharedFolder.uid}): server returned no status` + : undefined; + + return { + success: requestOk && allUsersOk, + folderUid: resolved.folderUid, + sharedFolderUid: sharedFolder.uid, + folderKind: FolderKind.SharedFolder, + message: failureReason, + results: userResults, + }; } export async function shareFolder( - auth: Auth, - storage: InMemoryStorage, - input: ShareFolderInput + auth: Auth, + storage: InMemoryStorage, + input: ShareFolderInput, ): Promise { - const resolved = resolveFolder(storage, input.folder) - if (!resolved) { - throw new KeeperSdkError(`Folder "${input.folder}" was not found.`, 'folder_not_found') - } - - if (resolved.kind === FolderKind.UserFolder) { - throw new KeeperSdkError( - `"${resolved.displayName}" is a personal folder. Only shared folders can be shared.`, - 'not_a_shared_folder' - ) - } - - return shareWithSharedFolder(auth, storage, resolved, input) + const resolved = resolveFolder(storage, input.folder); + if (!resolved) { + throw new KeeperSdkError( + `Folder "${input.folder}" was not found.`, + "folder_not_found", + ); + } + + if (resolved.kind === FolderKind.UserFolder) { + throw new KeeperSdkError( + `"${resolved.displayName}" is a personal folder. Only shared folders can be shared.`, + "not_a_shared_folder", + ); + } + + return shareWithSharedFolder(auth, storage, resolved, input); } diff --git a/KeeperSdk/src/sharing/Sharing.ts b/KeeperSdk/src/sharing/Sharing.ts index 9046f369..6ca20049 100644 --- a/KeeperSdk/src/sharing/Sharing.ts +++ b/KeeperSdk/src/sharing/Sharing.ts @@ -1,282 +1,310 @@ import { - Auth, - Records, - Authentication, - platform, - getPublicKeysMessage, - getRecordsDetailsMessage, - webSafe64FromBytes, - recordsShareUpdateMessage, - normal64Bytes, -} from '@keeper-security/keeperapi' -import { extractErrorMessage, KeeperSdkError } from '../utils/errors' + Auth, + Records, + Authentication, + platform, + getPublicKeysMessage, + getRecordsDetailsMessage, + webSafe64FromBytes, + recordsShareUpdateMessage, + normal64Bytes, +} from "@keeper-security/keeperapi"; +import { extractErrorMessage, KeeperSdkError } from "../utils/errors"; enum ShareStatus { - Success = 'success', - PendingAccept = 'pending_accept', - MissingPublicKey = 'missing_public_key', - Error = 'error', - Unknown = 'unknown', + Success = "success", + PendingAccept = "pending_accept", + MissingPublicKey = "missing_public_key", + Error = "error", + Unknown = "unknown", } export type ShareRecordInput = { - recordUid: string - email: string - canEdit?: boolean - canShare?: boolean -} + recordUid: string; + email: string; + canEdit?: boolean; + canShare?: boolean; +}; export type ShareRecordResult = { - recordUid: string - email: string - success: boolean - status: string - message: string -} + recordUid: string; + email: string; + success: boolean; + status: string; + message: string; +}; export type RemoveShareInput = { - recordUid: string - email: string -} + recordUid: string; + email: string; +}; export type RemoveShareResult = { - recordUid: string - email: string - success: boolean - status: string - message: string -} + recordUid: string; + email: string; + success: boolean; + status: string; + message: string; +}; type UserKeys = { - username: string - rsaPublicKey: Uint8Array | null - eccPublicKey: Uint8Array | null - errorCode: string | null -} + username: string; + rsaPublicKey: Uint8Array | null; + eccPublicKey: Uint8Array | null; + errorCode: string | null; +}; async function loadUserPublicKey(auth: Auth, email: string): Promise { - const msg = getPublicKeysMessage({ usernames: [email] }) - let response: Authentication.IGetPublicKeysResponse - - try { - response = await auth.executeRest(msg) - } catch (err) { - throw new KeeperSdkError(`Failed to fetch public key for ${email}: ${extractErrorMessage(err)}`) - } - - const keyResponses = response.keyResponses || [] - if (keyResponses.length === 0) { - throw new KeeperSdkError(`No public key returned for ${email}`, 'missing_public_key') - } - - const entry = keyResponses[0] - if (entry.errorCode) { - throw new KeeperSdkError( - `Public key lookup failed for ${email}: ${entry.errorCode} - ${entry.message || ''}`, - entry.errorCode - ) - } - - return { - username: entry.username || email, - rsaPublicKey: entry.publicKey && entry.publicKey.length > 0 ? (entry.publicKey as Uint8Array) : null, - eccPublicKey: entry.publicEccKey && entry.publicEccKey.length > 0 ? (entry.publicEccKey as Uint8Array) : null, - errorCode: entry.errorCode || null, - } + const msg = getPublicKeysMessage({ usernames: [email] }); + let response: Authentication.IGetPublicKeysResponse; + + try { + response = await auth.executeRest(msg); + } catch (err) { + throw new KeeperSdkError( + `Failed to fetch public key for ${email}: ${extractErrorMessage(err)}`, + ); + } + + const keyResponses = response.keyResponses || []; + if (keyResponses.length === 0) { + throw new KeeperSdkError( + `No public key returned for ${email}`, + "missing_public_key", + ); + } + + const entry = keyResponses[0]; + if (entry.errorCode) { + throw new KeeperSdkError( + `Public key lookup failed for ${email}: ${entry.errorCode} - ${entry.message || ""}`, + entry.errorCode, + ); + } + + return { + username: entry.username || email, + rsaPublicKey: + entry.publicKey && entry.publicKey.length > 0 + ? (entry.publicKey as Uint8Array) + : null, + eccPublicKey: + entry.publicEccKey && entry.publicEccKey.length > 0 + ? (entry.publicEccKey as Uint8Array) + : null, + errorCode: entry.errorCode || null, + }; } export async function shareRecord( - auth: Auth, - recordKey: Uint8Array, - input: ShareRecordInput + auth: Auth, + recordKey: Uint8Array, + input: ShareRecordInput, ): Promise { - const { recordUid, email, canEdit = false, canShare = false } = input - - const userKeys = await loadUserPublicKey(auth, email) - - let encryptedRecordKey: Uint8Array - let useEccKey = false - - if (userKeys.eccPublicKey) { - encryptedRecordKey = await platform.publicEncryptEC(recordKey, userKeys.eccPublicKey) - useEccKey = true - } else if (userKeys.rsaPublicKey) { - const rsaKeyBase64 = platform.bytesToBase64(userKeys.rsaPublicKey) - encryptedRecordKey = platform.publicEncrypt(recordKey, rsaKeyBase64) - useEccKey = false - } else { - return { - recordUid, - email, - success: false, - status: ShareStatus.MissingPublicKey, - message: `No usable public key available for ${email}`, - } - } - - const sharedRecord: Records.ISharedRecord = { - toUsername: email, - recordUid: normal64Bytes(recordUid), - recordKey: encryptedRecordKey, - editable: canEdit, - shareable: canShare, - useEccKey, - } - - const msg = recordsShareUpdateMessage({ addSharedRecord: [sharedRecord] }) - - let response: Records.IRecordShareUpdateResponse - try { - response = await auth.executeRest(msg) - } catch (err) { - return { - recordUid, - email, - success: false, - status: ShareStatus.Error, - message: extractErrorMessage(err), - } - } - - const addStatuses = response.addSharedRecordStatus || [] - if (addStatuses.length > 0) { - const st = addStatuses[0] - const isSuccess = st.status === ShareStatus.Success || st.status === ShareStatus.PendingAccept - return { - recordUid, - email: st.username || email, - success: isSuccess, - status: st.status || ShareStatus.Unknown, - message: st.message || st.status || '', - } - } - + const { recordUid, email, canEdit = false, canShare = false } = input; + + const userKeys = await loadUserPublicKey(auth, email); + + let encryptedRecordKey: Uint8Array; + let useEccKey = false; + + if (userKeys.eccPublicKey) { + encryptedRecordKey = await platform.publicEncryptEC( + recordKey, + userKeys.eccPublicKey, + ); + useEccKey = true; + } else if (userKeys.rsaPublicKey) { + const rsaKeyBase64 = platform.bytesToBase64(userKeys.rsaPublicKey); + encryptedRecordKey = platform.publicEncrypt(recordKey, rsaKeyBase64); + useEccKey = false; + } else { + return { + recordUid, + email, + success: false, + status: ShareStatus.MissingPublicKey, + message: `No usable public key available for ${email}`, + }; + } + + const sharedRecord: Records.ISharedRecord = { + toUsername: email, + recordUid: normal64Bytes(recordUid), + recordKey: encryptedRecordKey, + editable: canEdit, + shareable: canShare, + useEccKey, + }; + + const msg = recordsShareUpdateMessage({ addSharedRecord: [sharedRecord] }); + + let response: Records.IRecordShareUpdateResponse; + try { + response = await auth.executeRest(msg); + } catch (err) { + return { + recordUid, + email, + success: false, + status: ShareStatus.Error, + message: extractErrorMessage(err), + }; + } + + const addStatuses = response.addSharedRecordStatus || []; + if (addStatuses.length > 0) { + const st = addStatuses[0]; + const isSuccess = + st.status === ShareStatus.Success || + st.status === ShareStatus.PendingAccept; return { - recordUid, - email, - success: true, - status: ShareStatus.Success, - message: 'Record shared successfully', - } + recordUid, + email: st.username || email, + success: isSuccess, + status: st.status || ShareStatus.Unknown, + message: st.message || st.status || "", + }; + } + + return { + recordUid, + email, + success: true, + status: ShareStatus.Success, + message: "Record shared successfully", + }; } -export async function removeRecordShare(auth: Auth, input: RemoveShareInput): Promise { - const { recordUid, email } = input - - const msg = recordsShareUpdateMessage({ - removeSharedRecord: [ - { - toUsername: email, - recordUid: normal64Bytes(recordUid), - }, - ], - }) - - let response: Records.IRecordShareUpdateResponse - try { - response = await auth.executeRest(msg) - } catch (err) { - return { - recordUid, - email, - success: false, - status: ShareStatus.Error, - message: extractErrorMessage(err), - } - } - - const removeStatuses = response.removeSharedRecordStatus || [] - if (removeStatuses.length > 0) { - const st = removeStatuses[0] - return { - recordUid, - email: st.username || email, - success: st.status === ShareStatus.Success, - status: st.status || ShareStatus.Unknown, - message: st.message || st.status || '', - } - } +export async function removeRecordShare( + auth: Auth, + input: RemoveShareInput, +): Promise { + const { recordUid, email } = input; + const msg = recordsShareUpdateMessage({ + removeSharedRecord: [ + { + toUsername: email, + recordUid: normal64Bytes(recordUid), + }, + ], + }); + + let response: Records.IRecordShareUpdateResponse; + try { + response = await auth.executeRest(msg); + } catch (err) { return { - recordUid, - email, - success: true, - status: ShareStatus.Success, - message: 'Share removed successfully', - } + recordUid, + email, + success: false, + status: ShareStatus.Error, + message: extractErrorMessage(err), + }; + } + + const removeStatuses = response.removeSharedRecordStatus || []; + if (removeStatuses.length > 0) { + const st = removeStatuses[0]; + return { + recordUid, + email: st.username || email, + success: st.status === ShareStatus.Success, + status: st.status || ShareStatus.Unknown, + message: st.message || st.status || "", + }; + } + + return { + recordUid, + email, + success: true, + status: ShareStatus.Success, + message: "Share removed successfully", + }; } export type RecordUserPermission = { - username: string - accountUid?: string - owner: boolean - shareAdmin: boolean - shareable: boolean - editable: boolean - awaitingApproval: boolean - expiration?: number -} + username: string; + accountUid?: string; + owner: boolean; + shareAdmin: boolean; + shareable: boolean; + editable: boolean; + awaitingApproval: boolean; + expiration?: number; +}; export type RecordSharedFolderPermission = { - sharedFolderUid: string - resharable: boolean - editable: boolean - revision?: number - expiration?: number -} + sharedFolderUid: string; + resharable: boolean; + editable: boolean; + revision?: number; + expiration?: number; +}; export type RecordShareInfo = { - recordUid: string - userPermissions: RecordUserPermission[] - sharedFolderPermissions: RecordSharedFolderPermission[] -} + recordUid: string; + userPermissions: RecordUserPermission[]; + sharedFolderPermissions: RecordSharedFolderPermission[]; +}; function bytesToUid(bytes: Uint8Array | null | undefined): string | undefined { - return bytes && bytes.length > 0 ? webSafe64FromBytes(bytes) : undefined + return bytes && bytes.length > 0 ? webSafe64FromBytes(bytes) : undefined; } -function longToNumber(value: number | { toNumber: () => number } | null | undefined): number | undefined { - if (value == null) return undefined - return typeof value === 'number' ? value : value.toNumber() +function longToNumber( + value: number | { toNumber: () => number } | null | undefined, +): number | undefined { + if (value == null) return undefined; + return typeof value === "number" ? value : value.toNumber(); } -export async function getRecordShareInfo(auth: Auth, recordUid: string): Promise { - const msg = getRecordsDetailsMessage({ - clientTime: Date.now(), - recordUid: [normal64Bytes(recordUid)], - recordDetailsInclude: Records.RecordDetailsInclude.SHARE_ONLY, - }) - - let response: Records.IGetRecordDataWithAccessInfoResponse - try { - response = await auth.executeRest(msg) - } catch (err) { - throw new KeeperSdkError( - `Failed to fetch share info for ${recordUid}: ${extractErrorMessage(err)}` - ) - } - - const detail = response.recordDataWithAccessInfo?.[0] - if (!detail) return null - - const userPermissions: RecordUserPermission[] = (detail.userPermission ?? []).map((u) => ({ - username: u.username || '', - accountUid: bytesToUid(u.accountUid), - owner: !!u.owner, - shareAdmin: !!u.shareAdmin, - shareable: !!u.sharable, - editable: !!u.editable, - awaitingApproval: !!u.awaitingApproval, - expiration: longToNumber(u.expiration as number | null | undefined), - })) - - const sharedFolderPermissions: RecordSharedFolderPermission[] = (detail.sharedFolderPermission ?? []).map((s) => ({ - sharedFolderUid: bytesToUid(s.sharedFolderUid) ?? '', - resharable: !!s.resharable, - editable: !!s.editable, - revision: longToNumber(s.revision as number | null | undefined), - expiration: longToNumber(s.expiration as number | null | undefined), - })) - - return { recordUid, userPermissions, sharedFolderPermissions } +export async function getRecordShareInfo( + auth: Auth, + recordUid: string, +): Promise { + const msg = getRecordsDetailsMessage({ + clientTime: Date.now(), + recordUid: [normal64Bytes(recordUid)], + recordDetailsInclude: Records.RecordDetailsInclude.SHARE_ONLY, + }); + + let response: Records.IGetRecordDataWithAccessInfoResponse; + try { + response = await auth.executeRest(msg); + } catch (err) { + throw new KeeperSdkError( + `Failed to fetch share info for ${recordUid}: ${extractErrorMessage(err)}`, + ); + } + + const detail = response.recordDataWithAccessInfo?.[0]; + if (!detail) return null; + + const userPermissions: RecordUserPermission[] = ( + detail.userPermission ?? [] + ).map((u) => ({ + username: u.username || "", + accountUid: bytesToUid(u.accountUid), + owner: !!u.owner, + shareAdmin: !!u.shareAdmin, + shareable: !!u.sharable, + editable: !!u.editable, + awaitingApproval: !!u.awaitingApproval, + expiration: longToNumber(u.expiration as number | null | undefined), + })); + + const sharedFolderPermissions: RecordSharedFolderPermission[] = ( + detail.sharedFolderPermission ?? [] + ).map((s) => ({ + sharedFolderUid: bytesToUid(s.sharedFolderUid) ?? "", + resharable: !!s.resharable, + editable: !!s.editable, + revision: longToNumber(s.revision as number | null | undefined), + expiration: longToNumber(s.expiration as number | null | undefined), + })); + + return { recordUid, userPermissions, sharedFolderPermissions }; } diff --git a/KeeperSdk/src/storage/InMemoryStorage.ts b/KeeperSdk/src/storage/InMemoryStorage.ts index 4ba42312..9a3df5e1 100644 --- a/KeeperSdk/src/storage/InMemoryStorage.ts +++ b/KeeperSdk/src/storage/InMemoryStorage.ts @@ -1,167 +1,181 @@ import type { - VaultStorage, - VaultStorageData, - VaultStorageKind, - VaultStorageResult, - Dependency, - Dependencies, - RemovedDependencies, - DRecord, -} from '@keeper-security/keeperapi' -import { webSafe64FromBytes } from '@keeper-security/keeperapi' -import { VaultObjectKind } from '../folders/folderHelpers' + VaultStorage, + VaultStorageData, + VaultStorageKind, + VaultStorageResult, + Dependency, + Dependencies, + RemovedDependencies, + DRecord, +} from "@keeper-security/keeperapi"; +import { webSafe64FromBytes } from "@keeper-security/keeperapi"; +import { VaultObjectKind } from "../folders/folderHelpers"; export class InMemoryStorage implements VaultStorage { - private keys = new Map() - // eslint-disable-next-line @typescript-eslint/no-explicit-any -- KeyStorage.saveObject is unconstrained - private objects = new Map() - private store = new Map>() - private dependenciesByParent = new Map() - private arrayCache = new Map() - - public async getKeyBytes(keyId: string): Promise { - return this.keys.get(keyId) - } - - public async saveKeyBytes(keyId: string, key: Uint8Array): Promise { - this.keys.set(keyId, key) - } - - public async getObject(key: string): Promise { - return this.objects.get(key) as T | undefined - } - - public async saveObject(key: string, value: T): Promise { - this.objects.set(key, value) - } - - public async put(item: VaultStorageData): Promise { - const kind = item.kind - if (!this.store.has(kind)) { - this.store.set(kind, new Map()) + private keys = new Map(); + // eslint-disable-next-line @typescript-eslint/no-explicit-any -- KeyStorage.saveObject is unconstrained + private objects = new Map(); + private store = new Map>(); + private dependenciesByParent = new Map(); + private arrayCache = new Map(); + + public async getKeyBytes(keyId: string): Promise { + return this.keys.get(keyId); + } + + public async saveKeyBytes(keyId: string, key: Uint8Array): Promise { + this.keys.set(keyId, key); + } + + public async getObject(key: string): Promise { + return this.objects.get(key) as T | undefined; + } + + public async saveObject(key: string, value: T): Promise { + this.objects.set(key, value); + } + + public async put(item: VaultStorageData): Promise { + const kind = item.kind; + if (!this.store.has(kind)) { + this.store.set(kind, new Map()); + } + const uid = this.extractUid(item); + this.store.get(kind)!.set(uid, item); + this.arrayCache.delete(kind); + } + + public async get( + kind: T, + uid?: string, + ): Promise> { + const kindMap = this.store.get(kind); + if (!kindMap) return undefined as VaultStorageResult; + + if (uid) { + return kindMap.get(uid) as VaultStorageResult; + } + const first = kindMap.values().next(); + return (first.done ? undefined : first.value) as VaultStorageResult; + } + + public async delete( + kind: VaultStorageKind, + uid: string | Uint8Array, + ): Promise { + const uidStr = typeof uid === "string" ? uid : webSafe64FromBytes(uid); + this.store.get(kind)?.delete(uidStr); + this.arrayCache.delete(kind); + } + + public async clear(): Promise { + this.store.clear(); + this.keys.clear(); + this.objects.clear(); + this.dependenciesByParent.clear(); + this.arrayCache.clear(); + } + + public async getDependencies(uid: string): Promise { + return this.dependenciesByParent.get(uid); + } + + public async addDependencies(dependencies: Dependencies): Promise { + for (const [parentUid, children] of Object.entries(dependencies)) { + if (!this.dependenciesByParent.has(parentUid)) { + this.dependenciesByParent.set(parentUid, []); + } + const existing = this.dependenciesByParent.get(parentUid)!; + const seenChildUids = new Set( + existing.map((dependency) => dependency.uid), + ); + for (const child of children) { + if (!seenChildUids.has(child.uid)) { + existing.push(child); + seenChildUids.add(child.uid); } - const uid = this.extractUid(item) - this.store.get(kind)!.set(uid, item) - this.arrayCache.delete(kind) - } - - public async get(kind: T, uid?: string): Promise> { - const kindMap = this.store.get(kind) - if (!kindMap) return undefined as VaultStorageResult - - if (uid) { - return kindMap.get(uid) as VaultStorageResult + } + } + } + + public async removeDependencies( + dependencies: RemovedDependencies, + ): Promise { + for (const [parentUid, children] of Object.entries(dependencies)) { + if (children === "*") { + this.dependenciesByParent.delete(parentUid); + } else { + const existing = this.dependenciesByParent.get(parentUid); + if (existing) { + const removeSet = children as Set; + this.dependenciesByParent.set( + parentUid, + existing.filter((dependency) => !removeSet.has(dependency.uid)), + ); } - const first = kindMap.values().next() - return (first.done ? undefined : first.value) as VaultStorageResult - } - - public async delete(kind: VaultStorageKind, uid: string | Uint8Array): Promise { - const uidStr = typeof uid === 'string' ? uid : webSafe64FromBytes(uid) - this.store.get(kind)?.delete(uidStr) - this.arrayCache.delete(kind) - } - - public async clear(): Promise { - this.store.clear() - this.keys.clear() - this.objects.clear() - this.dependenciesByParent.clear() - this.arrayCache.clear() - } - - public async getDependencies(uid: string): Promise { - return this.dependenciesByParent.get(uid) - } - - public async addDependencies(dependencies: Dependencies): Promise { - for (const [parentUid, children] of Object.entries(dependencies)) { - if (!this.dependenciesByParent.has(parentUid)) { - this.dependenciesByParent.set(parentUid, []) - } - const existing = this.dependenciesByParent.get(parentUid)! - const seenChildUids = new Set(existing.map((dependency) => dependency.uid)) - for (const child of children) { - if (!seenChildUids.has(child.uid)) { - existing.push(child) - seenChildUids.add(child.uid) - } - } - } - } - - public async removeDependencies(dependencies: RemovedDependencies): Promise { - for (const [parentUid, children] of Object.entries(dependencies)) { - if (children === '*') { - this.dependenciesByParent.delete(parentUid) - } else { - const existing = this.dependenciesByParent.get(parentUid) - if (existing) { - const removeSet = children as Set - this.dependenciesByParent.set( - parentUid, - existing.filter((dependency) => !removeSet.has(dependency.uid)) - ) - } - } - } - } - - public getAll(kind: VaultStorageKind): T[] { - const cached = this.arrayCache.get(kind) - if (cached) return cached as T[] - - const kindMap = this.store.get(kind) - if (!kindMap) return [] - - const arr = Array.from(kindMap.values()) - this.arrayCache.set(kind, arr) - return arr as T[] - } - - public getRecords(): DRecord[] { - return this.getAll(VaultObjectKind.Record) - } - - public getByUid(kind: VaultStorageKind, uid: string): T | undefined { - return this.store.get(kind)?.get(uid) as T | undefined - } - - public getCount(kind: VaultStorageKind): number { - return this.store.get(kind)?.size ?? 0 - } - - private extractUid(item: VaultStorageData): string { - const record = item as VaultStorageData & { - uid?: string - token?: string - sharedFolderUid?: string - recordUid?: string - folderUid?: string - accountUid?: string | Uint8Array - teamUid?: string - } - const accountUidStr = - typeof record.accountUid === 'string' - ? record.accountUid - : record.accountUid instanceof Uint8Array - ? webSafe64FromBytes(record.accountUid) - : undefined - if (record.uid) return record.uid - if (record.token) return record.token - if (record.sharedFolderUid && record.recordUid) { - return `${record.sharedFolderUid}:${record.recordUid}` - } - if (record.sharedFolderUid && accountUidStr) { - return `${record.sharedFolderUid}:${accountUidStr}` - } - if (record.sharedFolderUid && record.teamUid) { - return `${record.sharedFolderUid}:${record.teamUid}` - } - if (record.folderUid && record.recordUid) { - return `${record.folderUid}:${record.recordUid}` - } - if (item.kind === VaultObjectKind.User && accountUidStr) return accountUidStr - return '_singleton_' - } + } + } + } + + public getAll(kind: VaultStorageKind): T[] { + const cached = this.arrayCache.get(kind); + if (cached) return cached as T[]; + + const kindMap = this.store.get(kind); + if (!kindMap) return []; + + const arr = Array.from(kindMap.values()); + this.arrayCache.set(kind, arr); + return arr as T[]; + } + + public getRecords(): DRecord[] { + return this.getAll(VaultObjectKind.Record); + } + + public getByUid( + kind: VaultStorageKind, + uid: string, + ): T | undefined { + return this.store.get(kind)?.get(uid) as T | undefined; + } + + public getCount(kind: VaultStorageKind): number { + return this.store.get(kind)?.size ?? 0; + } + + private extractUid(item: VaultStorageData): string { + const record = item as VaultStorageData & { + uid?: string; + token?: string; + sharedFolderUid?: string; + recordUid?: string; + folderUid?: string; + accountUid?: string | Uint8Array; + teamUid?: string; + }; + const accountUidStr = + typeof record.accountUid === "string" + ? record.accountUid + : record.accountUid instanceof Uint8Array + ? webSafe64FromBytes(record.accountUid) + : undefined; + if (record.uid) return record.uid; + if (record.token) return record.token; + if (record.sharedFolderUid && record.recordUid) { + return `${record.sharedFolderUid}:${record.recordUid}`; + } + if (record.sharedFolderUid && accountUidStr) { + return `${record.sharedFolderUid}:${accountUidStr}`; + } + if (record.sharedFolderUid && record.teamUid) { + return `${record.sharedFolderUid}:${record.teamUid}`; + } + if (record.folderUid && record.recordUid) { + return `${record.folderUid}:${record.recordUid}`; + } + if (item.kind === VaultObjectKind.User && accountUidStr) + return accountUidStr; + return "_singleton_"; + } } diff --git a/KeeperSdk/src/teams/TeamManager.ts b/KeeperSdk/src/teams/TeamManager.ts index 4b8ad230..e39bcc61 100644 --- a/KeeperSdk/src/teams/TeamManager.ts +++ b/KeeperSdk/src/teams/TeamManager.ts @@ -1,125 +1,143 @@ -import type { Auth } from '@keeper-security/keeperapi' -import { KeeperSdkError, ResultCodes } from '../utils' +import type { Auth } from "@keeper-security/keeperapi"; +import { KeeperSdkError, ResultCodes } from "../utils"; import { - formatTeamsTable, - listTeams, - renderTeamsAsciiTable, - type FormatTeamsTableOptions, - type FormattedTeamsTable, - type ListTeamRow, - type ListTeamsOptions, -} from './listTeams' + formatTeamsTable, + listTeams, + renderTeamsAsciiTable, + type FormatTeamsTableOptions, + type FormattedTeamsTable, + type ListTeamRow, + type ListTeamsOptions, +} from "./listTeams"; import { - formatTeamView, - teamViewTable, - viewTeam, - type FormatTeamViewOptions, - type FormattedTeamViewTable, - type TeamView, -} from './viewTeam' + formatTeamView, + teamViewTable, + viewTeam, + type FormatTeamViewOptions, + type FormattedTeamViewTable, + type TeamView, +} from "./viewTeam"; import { - addTeams, - formatAddTeamResult, - renderAddTeamAsciiTable, - type AddTeamInput, - type AddTeamResult, - type FormatAddTeamResultOptions, - type FormattedAddTeamTable, -} from './addTeam' + addTeams, + formatAddTeamResult, + renderAddTeamAsciiTable, + type AddTeamInput, + type AddTeamResult, + type FormatAddTeamResultOptions, + type FormattedAddTeamTable, +} from "./addTeam"; import { - formatUpdateTeamResult, - renderUpdateTeamAsciiTable, - updateTeams, - type FormattedUpdateTeamTable, - type UpdateTeamInput, - type UpdateTeamResult, -} from './updateTeam' + formatUpdateTeamResult, + renderUpdateTeamAsciiTable, + updateTeams, + type FormattedUpdateTeamTable, + type UpdateTeamInput, + type UpdateTeamResult, +} from "./updateTeam"; import { - deleteTeams, - formatDeleteTeamResult, - renderDeleteTeamAsciiTable, - type DeleteTeamInput, - type DeleteTeamResult, - type FormattedDeleteTeamTable, -} from './deleteTeam' + deleteTeams, + formatDeleteTeamResult, + renderDeleteTeamAsciiTable, + type DeleteTeamInput, + type DeleteTeamResult, + type FormattedDeleteTeamTable, +} from "./deleteTeam"; -export type AuthProvider = () => Auth +export type AuthProvider = () => Auth; export class TeamManager { - private readonly authProvider: AuthProvider - - constructor(authProvider: AuthProvider) { - this.authProvider = authProvider - } - - public async listTeams(options: ListTeamsOptions = {}): Promise { - return listTeams(this.requireAuth(), options) - } - - public formatTeamsTable(rows: ListTeamRow[], options: FormatTeamsTableOptions = {}): FormattedTeamsTable { - return formatTeamsTable(rows, options) - } - - public renderTeamsAsciiTable(table: FormattedTeamsTable, options: { minColWidth?: number } = {}): string { - return renderTeamsAsciiTable(table, options) - } - - public async viewTeam(identifier: string): Promise { - return viewTeam(this.requireAuth(), identifier) - } - - public formatTeamView(view: TeamView, options: FormatTeamViewOptions = {}): FormattedTeamViewTable { - return formatTeamView(view, options) - } - - public teamViewTable(table: FormattedTeamViewTable): string { - return teamViewTable(table) - } - - public async addTeams(input: AddTeamInput): Promise { - return addTeams(this.requireAuth(), input) - } - - public formatAddTeamResult( - result: AddTeamResult, - options: FormatAddTeamResultOptions = {} - ): FormattedAddTeamTable { - return formatAddTeamResult(result, options) - } - - public renderAddTeamAsciiTable(table: FormattedAddTeamTable): string { - return renderAddTeamAsciiTable(table) - } - - public async updateTeams(input: UpdateTeamInput): Promise { - return updateTeams(this.requireAuth(), input) - } - - public formatUpdateTeamResult(result: UpdateTeamResult): FormattedUpdateTeamTable { - return formatUpdateTeamResult(result) - } - - public renderUpdateTeamAsciiTable(table: FormattedUpdateTeamTable): string { - return renderUpdateTeamAsciiTable(table) - } - - public async deleteTeams(input: DeleteTeamInput): Promise { - return deleteTeams(this.requireAuth(), input) - } - - public formatDeleteTeamResult(result: DeleteTeamResult): FormattedDeleteTeamTable { - return formatDeleteTeamResult(result) - } - - public renderDeleteTeamAsciiTable(table: FormattedDeleteTeamTable): string { - return renderDeleteTeamAsciiTable(table) - } - - private requireAuth(): Auth { - const auth = this.authProvider() - if (!auth) { - throw new KeeperSdkError('You are not logged in. Please log in first.', ResultCodes.NOT_LOGGED_IN) - } - return auth - } + private readonly authProvider: AuthProvider; + + constructor(authProvider: AuthProvider) { + this.authProvider = authProvider; + } + + public async listTeams( + options: ListTeamsOptions = {}, + ): Promise { + return listTeams(this.requireAuth(), options); + } + + public formatTeamsTable( + rows: ListTeamRow[], + options: FormatTeamsTableOptions = {}, + ): FormattedTeamsTable { + return formatTeamsTable(rows, options); + } + + public renderTeamsAsciiTable( + table: FormattedTeamsTable, + options: { minColWidth?: number } = {}, + ): string { + return renderTeamsAsciiTable(table, options); + } + + public async viewTeam(identifier: string): Promise { + return viewTeam(this.requireAuth(), identifier); + } + + public formatTeamView( + view: TeamView, + options: FormatTeamViewOptions = {}, + ): FormattedTeamViewTable { + return formatTeamView(view, options); + } + + public teamViewTable(table: FormattedTeamViewTable): string { + return teamViewTable(table); + } + + public async addTeams(input: AddTeamInput): Promise { + return addTeams(this.requireAuth(), input); + } + + public formatAddTeamResult( + result: AddTeamResult, + options: FormatAddTeamResultOptions = {}, + ): FormattedAddTeamTable { + return formatAddTeamResult(result, options); + } + + public renderAddTeamAsciiTable(table: FormattedAddTeamTable): string { + return renderAddTeamAsciiTable(table); + } + + public async updateTeams(input: UpdateTeamInput): Promise { + return updateTeams(this.requireAuth(), input); + } + + public formatUpdateTeamResult( + result: UpdateTeamResult, + ): FormattedUpdateTeamTable { + return formatUpdateTeamResult(result); + } + + public renderUpdateTeamAsciiTable(table: FormattedUpdateTeamTable): string { + return renderUpdateTeamAsciiTable(table); + } + + public async deleteTeams(input: DeleteTeamInput): Promise { + return deleteTeams(this.requireAuth(), input); + } + + public formatDeleteTeamResult( + result: DeleteTeamResult, + ): FormattedDeleteTeamTable { + return formatDeleteTeamResult(result); + } + + public renderDeleteTeamAsciiTable(table: FormattedDeleteTeamTable): string { + return renderDeleteTeamAsciiTable(table); + } + + private requireAuth(): Auth { + const auth = this.authProvider(); + if (!auth) { + throw new KeeperSdkError( + "You are not logged in. Please log in first.", + ResultCodes.NOT_LOGGED_IN, + ); + } + return auth; + } } diff --git a/KeeperSdk/src/teams/addTeam.ts b/KeeperSdk/src/teams/addTeam.ts index 732c7912..39b9b7b8 100644 --- a/KeeperSdk/src/teams/addTeam.ts +++ b/KeeperSdk/src/teams/addTeam.ts @@ -1,490 +1,525 @@ import { - encryptForStorage, - encryptKey, - generateEncryptionKey, - generateUid, - platform, - webSafe64FromBytes, - type Auth, - type KeeperResponse, - type RestCommand, -} from '@keeper-security/keeperapi' -import { extractErrorMessage, KeeperSdkError, ResultCodes } from '../utils' + encryptForStorage, + encryptKey, + generateEncryptionKey, + generateUid, + platform, + webSafe64FromBytes, + type Auth, + type KeeperResponse, + type RestCommand, +} from "@keeper-security/keeperapi"; +import { extractErrorMessage, KeeperSdkError, ResultCodes } from "../utils"; import { - EnterpriseDataInclude, - EnterpriseDataManager, - type EnterpriseNode, - type EnterpriseQueuedTeamRecord, - type EnterpriseTeamRecord, -} from './enterpriseData' + EnterpriseDataInclude, + EnterpriseDataManager, + type EnterpriseNode, + type EnterpriseQueuedTeamRecord, + type EnterpriseTeamRecord, +} from "./enterpriseData"; import { - applyDecryptedNodeNames, - applyEnterpriseNameToRoot, - NODE_PATH_SEPARATOR, - parentNeedsNameLookup, - resolveParentNode, - TEAM_TABLE_HEADERS, - validateTeamName, -} from './teamUtils' - -const TEAM_ADD_COMMAND = 'team_add' + applyDecryptedNodeNames, + applyEnterpriseNameToRoot, + NODE_PATH_SEPARATOR, + parentNeedsNameLookup, + resolveParentNode, + TEAM_TABLE_HEADERS, + validateTeamName, +} from "./teamUtils"; + +const TEAM_ADD_COMMAND = "team_add"; const ADD_TEAM_INCLUDES: EnterpriseDataInclude[] = [ - EnterpriseDataInclude.Nodes, - EnterpriseDataInclude.Teams, - EnterpriseDataInclude.QueuedTeams, -] + EnterpriseDataInclude.Nodes, + EnterpriseDataInclude.Teams, + EnterpriseDataInclude.QueuedTeams, +]; export enum TeamRestriction { - On = 'on', - Off = 'off', + On = "on", + Off = "off", } -export type TeamRestrictionInput = TeamRestriction | `${TeamRestriction}` | null | undefined +export type TeamRestrictionInput = + | TeamRestriction + | `${TeamRestriction}` + | null + | undefined; export enum AddTeamStatus { - Created = 'created', - Skipped = 'skipped', - Failed = 'failed', + Created = "created", + Skipped = "skipped", + Failed = "failed", } export enum AddTeamSkipReason { - AlreadyExistsInParent = 'already_exists_in_parent', - ExistsElsewhereDeclined = 'exists_elsewhere_declined', + AlreadyExistsInParent = "already_exists_in_parent", + ExistsElsewhereDeclined = "exists_elsewhere_declined", } export enum AddTeamSourceKind { - NewName = 'new_name', - QueuedTeam = 'queued_team', + NewName = "new_name", + QueuedTeam = "queued_team", } export type AddTeamConflictPrompt = { - teamName: string - parentNodeId: number - parentNodeName: string - existingTeamUid: string - existingTeamName: string - existingNodeId: number - existingNodeName: string -} - -export type AddTeamConfirm = (prompt: AddTeamConflictPrompt) => boolean | Promise + teamName: string; + parentNodeId: number; + parentNodeName: string; + existingTeamUid: string; + existingTeamName: string; + existingNodeId: number; + existingNodeName: string; +}; + +export type AddTeamConfirm = ( + prompt: AddTeamConflictPrompt, +) => boolean | Promise; export type AddTeamInput = { - teams: string[] - parent?: string | number | null - restrictEdit?: TeamRestrictionInput - restrictShare?: TeamRestrictionInput - restrictView?: TeamRestrictionInput - force?: boolean - confirm?: AddTeamConfirm -} + teams: string[]; + parent?: string | number | null; + restrictEdit?: TeamRestrictionInput; + restrictShare?: TeamRestrictionInput; + restrictView?: TeamRestrictionInput; + force?: boolean; + confirm?: AddTeamConfirm; +}; export type AddTeamItemResult = { - teamUid: string - teamName: string - nodeId: number - source: AddTeamSourceKind - status: AddTeamStatus - skipReason?: AddTeamSkipReason - message?: string -} + teamUid: string; + teamName: string; + nodeId: number; + source: AddTeamSourceKind; + status: AddTeamStatus; + skipReason?: AddTeamSkipReason; + message?: string; +}; export type AddTeamResult = { - success: boolean - parentNodeId: number - parentNodeName: string - items: AddTeamItemResult[] - created: number - skipped: number - failed: number -} + success: boolean; + parentNodeId: number; + parentNodeName: string; + items: AddTeamItemResult[]; + created: number; + skipped: number; + failed: number; +}; type ResolvedRequest = - | { kind: AddTeamSourceKind.NewName; teamUid: string; teamName: string } - | { - kind: AddTeamSourceKind.QueuedTeam - teamUid: string - teamName: string - queued: EnterpriseQueuedTeamRecord - } + | { kind: AddTeamSourceKind.NewName; teamUid: string; teamName: string } + | { + kind: AddTeamSourceKind.QueuedTeam; + teamUid: string; + teamName: string; + queued: EnterpriseQueuedTeamRecord; + }; type TeamAddRequestPayload = { - team_uid: string - team_name: string - node_id: number - public_key: string - private_key: string - team_key: string - encrypted_team_key: string - ecc_public_key: string - ecc_private_key: string - restrict_edit: boolean - restrict_share: boolean - restrict_view: boolean - manage_only: boolean -} - -export async function addTeams(auth: Auth, input: AddTeamInput): Promise { - const requestedNames = (input.teams || []) - .map((value) => (typeof value === 'string' ? value.trim() : '')) - .filter((value) => value.length > 0) - - if (requestedNames.length === 0) { - throw new KeeperSdkError('No teams to add.', ResultCodes.NO_TEAMS_TO_ADD) + team_uid: string; + team_name: string; + node_id: number; + public_key: string; + private_key: string; + team_key: string; + encrypted_team_key: string; + ecc_public_key: string; + ecc_private_key: string; + restrict_edit: boolean; + restrict_share: boolean; + restrict_view: boolean; + manage_only: boolean; +}; + +export async function addTeams( + auth: Auth, + input: AddTeamInput, +): Promise { + const requestedNames = (input.teams || []) + .map((value) => (typeof value === "string" ? value.trim() : "")) + .filter((value) => value.length > 0); + + if (requestedNames.length === 0) { + throw new KeeperSdkError("No teams to add.", ResultCodes.NO_TEAMS_TO_ADD); + } + + for (const name of requestedNames) { + validateTeamName(name); + } + + const force = input.force === true; + const restrictEdit = resolveRestriction(input.restrictEdit); + const restrictShare = resolveRestriction(input.restrictShare); + const restrictView = resolveRestriction(input.restrictView); + + const needsNameLookup = parentNeedsNameLookup(input.parent ?? null); + + const enterpriseData = new EnterpriseDataManager(auth); + const response = await enterpriseData.getData(ADD_TEAM_INCLUDES); + const nodes = response.nodes || []; + if (needsNameLookup) { + const displayNames = await enterpriseData.getDisplayNames(); + applyDecryptedNodeNames(nodes, displayNames.nodes); + await enterpriseData.decryptNodeNames(nodes); + } + applyEnterpriseNameToRoot(nodes, response.enterprise_name); + + const parentNode = resolveParentNode(nodes, input.parent ?? null); + const parentNodeId = parentNode.node_id; + const parentNodeName = nodePathOrFallback(nodes, parentNode); + + const existingTeams = response.teams || []; + const queuedTeams = response.queued_teams || []; + const queuedByUid = buildQueuedByUid(queuedTeams); + const queuedByLowerName = buildQueuedByLowerName(queuedTeams); + const teamsByLowerName = buildTeamsByLowerName(existingTeams); + + const queuedRequests: ResolvedRequest[] = []; + const newRequests: ResolvedRequest[] = []; + const items: AddTeamItemResult[] = []; + const seenLowerNames = new Set(); + + for (const raw of requestedNames) { + const lower = raw.toLowerCase(); + if (seenLowerNames.has(lower)) continue; + seenLowerNames.add(lower); + + const queued = queuedByUid.get(raw) || queuedByLowerName.get(lower); + if (queued) { + queuedRequests.push({ + kind: AddTeamSourceKind.QueuedTeam, + teamUid: queued.team_uid, + teamName: queued.name || raw, + queued, + }); + continue; } - for (const name of requestedNames) { - validateTeamName(name) + const conflicts = teamsByLowerName.get(lower) || []; + const sameParent = conflicts.find((team) => team.node_id === parentNodeId); + if (sameParent) { + items.push({ + teamUid: sameParent.team_uid, + teamName: sameParent.name || raw, + nodeId: sameParent.node_id, + source: AddTeamSourceKind.NewName, + status: AddTeamStatus.Skipped, + skipReason: AddTeamSkipReason.AlreadyExistsInParent, + message: `Team "${sameParent.name || raw}" already exists in parent node ${parentNodeId}.`, + }); + continue; } - const force = input.force === true - const restrictEdit = resolveRestriction(input.restrictEdit) - const restrictShare = resolveRestriction(input.restrictShare) - const restrictView = resolveRestriction(input.restrictView) - - const needsNameLookup = parentNeedsNameLookup(input.parent ?? null) - - const enterpriseData = new EnterpriseDataManager(auth) - const response = await enterpriseData.getData(ADD_TEAM_INCLUDES) - const nodes = response.nodes || [] - if (needsNameLookup) { - const displayNames = await enterpriseData.getDisplayNames() - applyDecryptedNodeNames(nodes, displayNames.nodes) - await enterpriseData.decryptNodeNames(nodes) - } - applyEnterpriseNameToRoot(nodes, response.enterprise_name) - - const parentNode = resolveParentNode(nodes, input.parent ?? null) - const parentNodeId = parentNode.node_id - const parentNodeName = nodePathOrFallback(nodes, parentNode) - - const existingTeams = response.teams || [] - const queuedTeams = response.queued_teams || [] - const queuedByUid = buildQueuedByUid(queuedTeams) - const queuedByLowerName = buildQueuedByLowerName(queuedTeams) - const teamsByLowerName = buildTeamsByLowerName(existingTeams) - - const queuedRequests: ResolvedRequest[] = [] - const newRequests: ResolvedRequest[] = [] - const items: AddTeamItemResult[] = [] - const seenLowerNames = new Set() - - for (const raw of requestedNames) { - const lower = raw.toLowerCase() - if (seenLowerNames.has(lower)) continue - seenLowerNames.add(lower) - - const queued = queuedByUid.get(raw) || queuedByLowerName.get(lower) - if (queued) { - queuedRequests.push({ - kind: AddTeamSourceKind.QueuedTeam, - teamUid: queued.team_uid, - teamName: queued.name || raw, - queued, - }) - continue - } - - const conflicts = teamsByLowerName.get(lower) || [] - const sameParent = conflicts.find((team) => team.node_id === parentNodeId) - if (sameParent) { - items.push({ - teamUid: sameParent.team_uid, - teamName: sameParent.name || raw, - nodeId: sameParent.node_id, - source: AddTeamSourceKind.NewName, - status: AddTeamStatus.Skipped, - skipReason: AddTeamSkipReason.AlreadyExistsInParent, - message: `Team "${sameParent.name || raw}" already exists in parent node ${parentNodeId}.`, - }) - continue - } - - if (conflicts.length > 0 && !force) { - const confirmed = await confirmCrossNode(input.confirm, conflicts[0], { - teamName: raw, - parentNodeId, - parentNodeName, - existingNodeName: nodePathById(nodes, conflicts[0].node_id), - }) - if (!confirmed) { - items.push({ - teamUid: conflicts[0].team_uid, - teamName: raw, - nodeId: conflicts[0].node_id, - source: AddTeamSourceKind.NewName, - status: AddTeamStatus.Skipped, - skipReason: AddTeamSkipReason.ExistsElsewhereDeclined, - message: `Team "${raw}" already exists in node ${conflicts[0].node_id}; creation declined.`, - }) - continue - } - } - - newRequests.push({ - kind: AddTeamSourceKind.NewName, - teamUid: generateUid(), - teamName: raw, - }) - } - - const planned = [...queuedRequests, ...newRequests] - if (planned.length === 0) { - return finalizeResult(items, parentNodeId, parentNodeName) - } - - const treeKey = await enterpriseData.getTreeKey() - if (!treeKey) { - throw new KeeperSdkError( - 'Enterprise tree key is unavailable. The current user may not have permission to administer teams.', - ResultCodes.ENTERPRISE_TREE_KEY_UNAVAILABLE - ) - } - const dataKey = auth.dataKey - if (!dataKey) { - throw new KeeperSdkError( - 'Data key not available. Ensure you are logged in.', - ResultCodes.DATA_KEY_MISSING - ) + if (conflicts.length > 0 && !force) { + const confirmed = await confirmCrossNode(input.confirm, conflicts[0], { + teamName: raw, + parentNodeId, + parentNodeName, + existingNodeName: nodePathById(nodes, conflicts[0].node_id), + }); + if (!confirmed) { + items.push({ + teamUid: conflicts[0].team_uid, + teamName: raw, + nodeId: conflicts[0].node_id, + source: AddTeamSourceKind.NewName, + status: AddTeamStatus.Skipped, + skipReason: AddTeamSkipReason.ExistsElsewhereDeclined, + message: `Team "${raw}" already exists in node ${conflicts[0].node_id}; creation declined.`, + }); + continue; + } } - for (const request of planned) { - try { - await sendTeamAdd(auth, request, parentNodeId, dataKey, treeKey, { - restrictEdit, - restrictShare, - restrictView, - }) - items.push({ - teamUid: request.teamUid, - teamName: request.teamName, - nodeId: parentNodeId, - source: request.kind, - status: AddTeamStatus.Created, - }) - } catch (err) { - items.push({ - teamUid: request.teamUid, - teamName: request.teamName, - nodeId: parentNodeId, - source: request.kind, - status: AddTeamStatus.Failed, - message: extractErrorMessage(err), - }) - } + newRequests.push({ + kind: AddTeamSourceKind.NewName, + teamUid: generateUid(), + teamName: raw, + }); + } + + const planned = [...queuedRequests, ...newRequests]; + if (planned.length === 0) { + return finalizeResult(items, parentNodeId, parentNodeName); + } + + const treeKey = await enterpriseData.getTreeKey(); + if (!treeKey) { + throw new KeeperSdkError( + "Enterprise tree key is unavailable. The current user may not have permission to administer teams.", + ResultCodes.ENTERPRISE_TREE_KEY_UNAVAILABLE, + ); + } + const dataKey = auth.dataKey; + if (!dataKey) { + throw new KeeperSdkError( + "Data key not available. Ensure you are logged in.", + ResultCodes.DATA_KEY_MISSING, + ); + } + + for (const request of planned) { + try { + await sendTeamAdd(auth, request, parentNodeId, dataKey, treeKey, { + restrictEdit, + restrictShare, + restrictView, + }); + items.push({ + teamUid: request.teamUid, + teamName: request.teamName, + nodeId: parentNodeId, + source: request.kind, + status: AddTeamStatus.Created, + }); + } catch (err) { + items.push({ + teamUid: request.teamUid, + teamName: request.teamName, + nodeId: parentNodeId, + source: request.kind, + status: AddTeamStatus.Failed, + message: extractErrorMessage(err), + }); } + } - return finalizeResult(items, parentNodeId, parentNodeName) + return finalizeResult(items, parentNodeId, parentNodeName); } function resolveRestriction(input: TeamRestrictionInput): boolean { - if (input === undefined || input === null) return false - return String(input).toLowerCase() === TeamRestriction.On + if (input === undefined || input === null) return false; + return String(input).toLowerCase() === TeamRestriction.On; } -function nodePathOrFallback(nodes: EnterpriseNode[], node: EnterpriseNode): string { - const path = EnterpriseDataManager.getNodePath(nodes, node.node_id, { - omitRoot: false, - separator: NODE_PATH_SEPARATOR, - }) - return path || (node.displayName || '').trim() || String(node.node_id) +function nodePathOrFallback( + nodes: EnterpriseNode[], + node: EnterpriseNode, +): string { + const path = EnterpriseDataManager.getNodePath(nodes, node.node_id, { + omitRoot: false, + separator: NODE_PATH_SEPARATOR, + }); + return path || (node.displayName || "").trim() || String(node.node_id); } function nodePathById(nodes: EnterpriseNode[], nodeId: number): string { - return ( - EnterpriseDataManager.getNodePath(nodes, nodeId, { - omitRoot: false, - separator: NODE_PATH_SEPARATOR, - }) || String(nodeId) - ) + return ( + EnterpriseDataManager.getNodePath(nodes, nodeId, { + omitRoot: false, + separator: NODE_PATH_SEPARATOR, + }) || String(nodeId) + ); } -function buildTeamsByLowerName(teams: EnterpriseTeamRecord[]): Map { - const map = new Map() - for (const team of teams) { - const key = (team.name || '').trim().toLowerCase() - if (!key) continue - const existing = map.get(key) - if (existing) existing.push(team) - else map.set(key, [team]) - } - return map +function buildTeamsByLowerName( + teams: EnterpriseTeamRecord[], +): Map { + const map = new Map(); + for (const team of teams) { + const key = (team.name || "").trim().toLowerCase(); + if (!key) continue; + const existing = map.get(key); + if (existing) existing.push(team); + else map.set(key, [team]); + } + return map; } -function buildQueuedByUid(queued: EnterpriseQueuedTeamRecord[]): Map { - const map = new Map() - for (const team of queued) { - if (team.team_uid) map.set(team.team_uid, team) - } - return map +function buildQueuedByUid( + queued: EnterpriseQueuedTeamRecord[], +): Map { + const map = new Map(); + for (const team of queued) { + if (team.team_uid) map.set(team.team_uid, team); + } + return map; } function buildQueuedByLowerName( - queued: EnterpriseQueuedTeamRecord[] + queued: EnterpriseQueuedTeamRecord[], ): Map { - const map = new Map() - for (const team of queued) { - const key = (team.name || '').trim().toLowerCase() - if (!key) continue - if (!map.has(key)) map.set(key, team) - } - return map + const map = new Map(); + for (const team of queued) { + const key = (team.name || "").trim().toLowerCase(); + if (!key) continue; + if (!map.has(key)) map.set(key, team); + } + return map; } async function confirmCrossNode( - confirm: AddTeamConfirm | undefined, - existing: EnterpriseTeamRecord, - context: { - teamName: string - parentNodeId: number - parentNodeName: string - existingNodeName: string - } + confirm: AddTeamConfirm | undefined, + existing: EnterpriseTeamRecord, + context: { + teamName: string; + parentNodeId: number; + parentNodeName: string; + existingNodeName: string; + }, ): Promise { - if (!confirm) return false - const result = await confirm({ - teamName: context.teamName, - parentNodeId: context.parentNodeId, - parentNodeName: context.parentNodeName, - existingTeamUid: existing.team_uid, - existingTeamName: existing.name || context.teamName, - existingNodeId: existing.node_id, - existingNodeName: context.existingNodeName, - }) - return result === true + if (!confirm) return false; + const result = await confirm({ + teamName: context.teamName, + parentNodeId: context.parentNodeId, + parentNodeName: context.parentNodeName, + existingTeamUid: existing.team_uid, + existingTeamName: existing.name || context.teamName, + existingNodeId: existing.node_id, + existingNodeName: context.existingNodeName, + }); + return result === true; } async function sendTeamAdd( - auth: Auth, - request: ResolvedRequest, - parentNodeId: number, - dataKey: Uint8Array, - treeKey: Uint8Array, - restrictions: { restrictEdit: boolean; restrictShare: boolean; restrictView: boolean } + auth: Auth, + request: ResolvedRequest, + parentNodeId: number, + dataKey: Uint8Array, + treeKey: Uint8Array, + restrictions: { + restrictEdit: boolean; + restrictShare: boolean; + restrictView: boolean; + }, ): Promise { - const teamKeyBytes = generateEncryptionKey() - const [rsaKeyPair, eccKeyPair] = await Promise.all([ - platform.generateRSAKeyPair(), - platform.generateECKeyPair(), - ]) - const encryptedPrivateKey = await encryptForStorage(rsaKeyPair.privateKey, teamKeyBytes) - const encryptedEccPrivateKey = await encryptKey(eccKeyPair.privateKey, teamKeyBytes) - const encryptedTeamKeyByDataKey = await encryptForStorage(teamKeyBytes, dataKey) - const encryptedTeamKeyByTreeKey = await encryptKey(teamKeyBytes, treeKey) - - const payload: TeamAddRequestPayload = { - team_uid: request.teamUid, - team_name: request.teamName, - node_id: parentNodeId, - public_key: webSafe64FromBytes(rsaKeyPair.publicKey), - private_key: encryptedPrivateKey, - team_key: encryptedTeamKeyByDataKey, - encrypted_team_key: encryptedTeamKeyByTreeKey, - ecc_public_key: webSafe64FromBytes(eccKeyPair.publicKey), - ecc_private_key: encryptedEccPrivateKey, - restrict_edit: restrictions.restrictEdit, - restrict_share: restrictions.restrictShare, - restrict_view: restrictions.restrictView, - manage_only: true, - } - - const command: RestCommand = { - baseRequest: { command: TEAM_ADD_COMMAND }, - request: payload, - authorization: {}, - } - - const response = await auth.executeRestCommand(command) - const result = (response.result || '').toLowerCase() - if (result && result !== 'success') { - throw new KeeperSdkError( - response.message || - response.result_code || - `team_add failed for "${request.teamName}" (uid=${request.teamUid})`, - response.result_code || ResultCodes.TEAM_ADD_FAILED - ) - } + const teamKeyBytes = generateEncryptionKey(); + const [rsaKeyPair, eccKeyPair] = await Promise.all([ + platform.generateRSAKeyPair(), + platform.generateECKeyPair(), + ]); + const encryptedPrivateKey = await encryptForStorage( + rsaKeyPair.privateKey, + teamKeyBytes, + ); + const encryptedEccPrivateKey = await encryptKey( + eccKeyPair.privateKey, + teamKeyBytes, + ); + const encryptedTeamKeyByDataKey = await encryptForStorage( + teamKeyBytes, + dataKey, + ); + const encryptedTeamKeyByTreeKey = await encryptKey(teamKeyBytes, treeKey); + + const payload: TeamAddRequestPayload = { + team_uid: request.teamUid, + team_name: request.teamName, + node_id: parentNodeId, + public_key: webSafe64FromBytes(rsaKeyPair.publicKey), + private_key: encryptedPrivateKey, + team_key: encryptedTeamKeyByDataKey, + encrypted_team_key: encryptedTeamKeyByTreeKey, + ecc_public_key: webSafe64FromBytes(eccKeyPair.publicKey), + ecc_private_key: encryptedEccPrivateKey, + restrict_edit: restrictions.restrictEdit, + restrict_share: restrictions.restrictShare, + restrict_view: restrictions.restrictView, + manage_only: true, + }; + + const command: RestCommand = { + baseRequest: { command: TEAM_ADD_COMMAND }, + request: payload, + authorization: {}, + }; + + const response = await auth.executeRestCommand(command); + const result = (response.result || "").toLowerCase(); + if (result && result !== "success") { + throw new KeeperSdkError( + response.message || + response.result_code || + `team_add failed for "${request.teamName}" (uid=${request.teamUid})`, + response.result_code || ResultCodes.TEAM_ADD_FAILED, + ); + } } function finalizeResult( - items: AddTeamItemResult[], - parentNodeId: number, - parentNodeName: string + items: AddTeamItemResult[], + parentNodeId: number, + parentNodeName: string, ): AddTeamResult { - const created = items.filter((item) => item.status === AddTeamStatus.Created).length - const skipped = items.filter((item) => item.status === AddTeamStatus.Skipped).length - const failed = items.filter((item) => item.status === AddTeamStatus.Failed).length - return { - success: failed === 0 && created > 0, - parentNodeId, - parentNodeName, - items, - created, - skipped, - failed, - } + const created = items.filter( + (item) => item.status === AddTeamStatus.Created, + ).length; + const skipped = items.filter( + (item) => item.status === AddTeamStatus.Skipped, + ).length; + const failed = items.filter( + (item) => item.status === AddTeamStatus.Failed, + ).length; + return { + success: failed === 0 && created > 0, + parentNodeId, + parentNodeName, + items, + created, + skipped, + failed, + }; } export type FormatAddTeamResultOptions = { - showSkipped?: boolean -} + showSkipped?: boolean; +}; export type FormattedAddTeamRow = { - status: string - name: string - teamUid: string - nodeId: number - detail: string -} + status: string; + name: string; + teamUid: string; + nodeId: number; + detail: string; +}; export type FormattedAddTeamTable = { - headers: string[] - rows: string[][] - parentNodeName: string - summary: string -} + headers: string[]; + rows: string[][]; + parentNodeName: string; + summary: string; +}; export function formatAddTeamResult( - result: AddTeamResult, - options: FormatAddTeamResultOptions = {} + result: AddTeamResult, + options: FormatAddTeamResultOptions = {}, ): FormattedAddTeamTable { - const showSkipped = options.showSkipped !== false - const visible = result.items.filter( - (item) => showSkipped || item.status !== AddTeamStatus.Skipped - ) - - const rows = visible.map((item, index) => [ - String(index + 1), - item.status, - item.teamName, - item.teamUid, - String(item.nodeId), - item.message || (item.skipReason ? item.skipReason : ''), - ]) - - return { - headers: [...TEAM_TABLE_HEADERS], - rows, - parentNodeName: result.parentNodeName, - summary: `Created: ${result.created} Skipped: ${result.skipped} Failed: ${result.failed}`, - } + const showSkipped = options.showSkipped !== false; + const visible = result.items.filter( + (item) => showSkipped || item.status !== AddTeamStatus.Skipped, + ); + + const rows = visible.map((item, index) => [ + String(index + 1), + item.status, + item.teamName, + item.teamUid, + String(item.nodeId), + item.message || (item.skipReason ? item.skipReason : ""), + ]); + + return { + headers: [...TEAM_TABLE_HEADERS], + rows, + parentNodeName: result.parentNodeName, + summary: `Created: ${result.created} Skipped: ${result.skipped} Failed: ${result.failed}`, + }; } export function renderAddTeamAsciiTable(table: FormattedAddTeamTable): string { - const { headers, rows } = table - const widths = headers.map((header, index) => - Math.max(header.length, ...rows.map((row) => (row[index] || '').length)) - ) - const padCell = (cell: string, columnIndex: number): string => - cell + ' '.repeat(Math.max(0, widths[columnIndex] - cell.length)) - const formatRow = (cells: string[]): string => - cells.map((cell, columnIndex) => padCell(cell, columnIndex)).join(' ') - - const lines: string[] = [] - lines.push(`Parent: ${table.parentNodeName}`) - lines.push(formatRow(headers)) - lines.push(formatRow(widths.map((width) => '-'.repeat(width)))) - for (const row of rows) lines.push(formatRow(row)) - lines.push(table.summary) - return lines.join('\n') + const { headers, rows } = table; + const widths = headers.map((header, index) => + Math.max(header.length, ...rows.map((row) => (row[index] || "").length)), + ); + const padCell = (cell: string, columnIndex: number): string => + cell + " ".repeat(Math.max(0, widths[columnIndex] - cell.length)); + const formatRow = (cells: string[]): string => + cells.map((cell, columnIndex) => padCell(cell, columnIndex)).join(" "); + + const lines: string[] = []; + lines.push(`Parent: ${table.parentNodeName}`); + lines.push(formatRow(headers)); + lines.push(formatRow(widths.map((width) => "-".repeat(width)))); + for (const row of rows) lines.push(formatRow(row)); + lines.push(table.summary); + return lines.join("\n"); } diff --git a/KeeperSdk/src/teams/deleteTeam.ts b/KeeperSdk/src/teams/deleteTeam.ts index 704969e3..4ffa709a 100644 --- a/KeeperSdk/src/teams/deleteTeam.ts +++ b/KeeperSdk/src/teams/deleteTeam.ts @@ -1,154 +1,171 @@ -import type { Auth, KeeperResponse, RestCommand } from '@keeper-security/keeperapi' -import { extractErrorMessage, KeeperSdkError, ResultCodes } from '../utils' -import { - EnterpriseDataInclude, - EnterpriseDataManager, -} from './enterpriseData' -import { resolveExistingTeams, TEAM_TABLE_HEADERS } from './teamUtils' - -const TEAM_DELETE_COMMAND = 'team_delete' -const DELETE_TEAM_INCLUDES: EnterpriseDataInclude[] = [EnterpriseDataInclude.Teams] +import type { + Auth, + KeeperResponse, + RestCommand, +} from "@keeper-security/keeperapi"; +import { extractErrorMessage, KeeperSdkError, ResultCodes } from "../utils"; +import { EnterpriseDataInclude, EnterpriseDataManager } from "./enterpriseData"; +import { resolveExistingTeams, TEAM_TABLE_HEADERS } from "./teamUtils"; + +const TEAM_DELETE_COMMAND = "team_delete"; +const DELETE_TEAM_INCLUDES: EnterpriseDataInclude[] = [ + EnterpriseDataInclude.Teams, +]; export enum DeleteTeamStatus { - Deleted = 'deleted', - Failed = 'failed', + Deleted = "deleted", + Failed = "failed", } export type DeleteTeamInput = { - teams: string[] -} + teams: string[]; +}; export type DeleteTeamItemResult = { - teamUid: string - teamName: string - nodeId: number - status: DeleteTeamStatus - message?: string -} + teamUid: string; + teamName: string; + nodeId: number; + status: DeleteTeamStatus; + message?: string; +}; export type DeleteTeamResult = { - success: boolean - items: DeleteTeamItemResult[] - deleted: number - failed: number -} + success: boolean; + items: DeleteTeamItemResult[]; + deleted: number; + failed: number; +}; type TeamDeleteRequestPayload = { - team_uid: string -} - -export async function deleteTeams(auth: Auth, input: DeleteTeamInput): Promise { - const requestedIdentifiers = (input.teams || []) - .map((value) => (typeof value === 'string' ? value.trim() : '')) - .filter((value) => value.length > 0) - - if (requestedIdentifiers.length === 0) { - throw new KeeperSdkError('No teams to delete.', ResultCodes.NO_TEAMS_TO_DELETE) - } - - const enterpriseData = new EnterpriseDataManager(auth) - const response = await enterpriseData.getData(DELETE_TEAM_INCLUDES) - const allTeams = response.teams || [] - const resolvedTeams = resolveExistingTeams(allTeams, requestedIdentifiers) - - const items: DeleteTeamItemResult[] = [] - for (const team of resolvedTeams) { - try { - await sendTeamDelete(auth, team.team_uid) - items.push({ - teamUid: team.team_uid, - teamName: team.name || '', - nodeId: team.node_id, - status: DeleteTeamStatus.Deleted, - }) - } catch (err) { - items.push({ - teamUid: team.team_uid, - teamName: team.name || '', - nodeId: team.node_id, - status: DeleteTeamStatus.Failed, - message: extractErrorMessage(err), - }) - } + team_uid: string; +}; + +export async function deleteTeams( + auth: Auth, + input: DeleteTeamInput, +): Promise { + const requestedIdentifiers = (input.teams || []) + .map((value) => (typeof value === "string" ? value.trim() : "")) + .filter((value) => value.length > 0); + + if (requestedIdentifiers.length === 0) { + throw new KeeperSdkError( + "No teams to delete.", + ResultCodes.NO_TEAMS_TO_DELETE, + ); + } + + const enterpriseData = new EnterpriseDataManager(auth); + const response = await enterpriseData.getData(DELETE_TEAM_INCLUDES); + const allTeams = response.teams || []; + const resolvedTeams = resolveExistingTeams(allTeams, requestedIdentifiers); + + const items: DeleteTeamItemResult[] = []; + for (const team of resolvedTeams) { + try { + await sendTeamDelete(auth, team.team_uid); + items.push({ + teamUid: team.team_uid, + teamName: team.name || "", + nodeId: team.node_id, + status: DeleteTeamStatus.Deleted, + }); + } catch (err) { + items.push({ + teamUid: team.team_uid, + teamName: team.name || "", + nodeId: team.node_id, + status: DeleteTeamStatus.Failed, + message: extractErrorMessage(err), + }); } + } - return finalizeResult(items) + return finalizeResult(items); } async function sendTeamDelete(auth: Auth, teamUid: string): Promise { - const command: RestCommand = { - baseRequest: { command: TEAM_DELETE_COMMAND }, - request: { team_uid: teamUid }, - authorization: {}, - } - const response = await auth.executeRestCommand(command) - const result = (response.result || '').toLowerCase() - if (result && result !== 'success') { - throw new KeeperSdkError( - response.message || - response.result_code || - `team_delete failed for team_uid=${teamUid}`, - response.result_code || ResultCodes.TEAM_DELETE_FAILED - ) - } + const command: RestCommand = { + baseRequest: { command: TEAM_DELETE_COMMAND }, + request: { team_uid: teamUid }, + authorization: {}, + }; + const response = await auth.executeRestCommand(command); + const result = (response.result || "").toLowerCase(); + if (result && result !== "success") { + throw new KeeperSdkError( + response.message || + response.result_code || + `team_delete failed for team_uid=${teamUid}`, + response.result_code || ResultCodes.TEAM_DELETE_FAILED, + ); + } } function finalizeResult(items: DeleteTeamItemResult[]): DeleteTeamResult { - const deleted = items.filter((item) => item.status === DeleteTeamStatus.Deleted).length - const failed = items.filter((item) => item.status === DeleteTeamStatus.Failed).length - return { - success: failed === 0 && deleted > 0, - items, - deleted, - failed, - } + const deleted = items.filter( + (item) => item.status === DeleteTeamStatus.Deleted, + ).length; + const failed = items.filter( + (item) => item.status === DeleteTeamStatus.Failed, + ).length; + return { + success: failed === 0 && deleted > 0, + items, + deleted, + failed, + }; } export type FormattedDeleteTeamRow = { - status: string - teamName: string - teamUid: string - nodeId: number - detail: string -} + status: string; + teamName: string; + teamUid: string; + nodeId: number; + detail: string; +}; export type FormattedDeleteTeamTable = { - headers: string[] - rows: string[][] - summary: string -} - -export function formatDeleteTeamResult(result: DeleteTeamResult): FormattedDeleteTeamTable { - const rows = result.items.map((item, index) => [ - String(index + 1), - item.status, - item.teamName, - item.teamUid, - String(item.nodeId), - item.message || '', - ]) - - return { - headers: [...TEAM_TABLE_HEADERS], - rows, - summary: `Deleted: ${result.deleted} Failed: ${result.failed}`, - } + headers: string[]; + rows: string[][]; + summary: string; +}; + +export function formatDeleteTeamResult( + result: DeleteTeamResult, +): FormattedDeleteTeamTable { + const rows = result.items.map((item, index) => [ + String(index + 1), + item.status, + item.teamName, + item.teamUid, + String(item.nodeId), + item.message || "", + ]); + + return { + headers: [...TEAM_TABLE_HEADERS], + rows, + summary: `Deleted: ${result.deleted} Failed: ${result.failed}`, + }; } -export function renderDeleteTeamAsciiTable(table: FormattedDeleteTeamTable): string { - const { headers, rows } = table - const widths = headers.map((header, index) => - Math.max(header.length, ...rows.map((row) => (row[index] || '').length)) - ) - const padCell = (cell: string, columnIndex: number): string => - cell + ' '.repeat(Math.max(0, widths[columnIndex] - cell.length)) - const formatRow = (cells: string[]): string => - cells.map((cell, columnIndex) => padCell(cell, columnIndex)).join(' ') - - const lines: string[] = [] - lines.push(formatRow(headers)) - lines.push(formatRow(widths.map((width) => '-'.repeat(width)))) - for (const row of rows) lines.push(formatRow(row)) - lines.push(table.summary) - return lines.join('\n') +export function renderDeleteTeamAsciiTable( + table: FormattedDeleteTeamTable, +): string { + const { headers, rows } = table; + const widths = headers.map((header, index) => + Math.max(header.length, ...rows.map((row) => (row[index] || "").length)), + ); + const padCell = (cell: string, columnIndex: number): string => + cell + " ".repeat(Math.max(0, widths[columnIndex] - cell.length)); + const formatRow = (cells: string[]): string => + cells.map((cell, columnIndex) => padCell(cell, columnIndex)).join(" "); + + const lines: string[] = []; + lines.push(formatRow(headers)); + lines.push(formatRow(widths.map((width) => "-".repeat(width)))); + for (const row of rows) lines.push(formatRow(row)); + lines.push(table.summary); + return lines.join("\n"); } diff --git a/KeeperSdk/src/teams/enterpriseData.ts b/KeeperSdk/src/teams/enterpriseData.ts index d9336218..d73bd268 100644 --- a/KeeperSdk/src/teams/enterpriseData.ts +++ b/KeeperSdk/src/teams/enterpriseData.ts @@ -1,661 +1,795 @@ import { - decryptObjectFromStorage, - Enterprise, - getEnterpriseDataForUserMessage, - getEnterpriseDataKeysMessage, - normal64Bytes, - platform, - webSafe64FromBytes, - type Auth, -} from '@keeper-security/keeperapi' -import { extractErrorMessage, isNumber, logger } from '../utils' - -const DEFAULT_NODE_PATH_SEPARATOR = '\\' -const MAX_CONTINUATIONS = 50 - + decryptObjectFromStorage, + Enterprise, + getEnterpriseDataForUserMessage, + getEnterpriseDataKeysMessage, + normal64Bytes, + platform, + webSafe64FromBytes, + type Auth, +} from "@keeper-security/keeperapi"; +import { extractErrorMessage, isNumber, logger } from "../utils"; + +const DEFAULT_NODE_PATH_SEPARATOR = "\\"; +const MAX_CONTINUATIONS = 50; export enum EnterpriseDataInclude { - Nodes = 'nodes', - Users = 'users', - Roles = 'roles', - RoleUsers = 'role_users', - RoleTeams = 'role_teams', - RolePrivileges = 'role_privileges', - ManagedNodes = 'managed_nodes', - RoleEnforcements = 'role_enforcements', - Teams = 'teams', - TeamUsers = 'team_users', - QueuedTeams = 'queued_teams', - QueuedTeamUsers = 'queued_team_users', - UserAliases = 'user_aliases', + Nodes = "nodes", + Users = "users", + Roles = "roles", + RoleUsers = "role_users", + RoleTeams = "role_teams", + RolePrivileges = "role_privileges", + ManagedNodes = "managed_nodes", + RoleEnforcements = "role_enforcements", + Teams = "teams", + TeamUsers = "team_users", + QueuedTeams = "queued_teams", + QueuedTeamUsers = "queued_team_users", + UserAliases = "user_aliases", } -const INCLUDE_TO_ENTITY: Record = { - [EnterpriseDataInclude.Nodes]: Enterprise.EnterpriseDataEntity.NODES, - [EnterpriseDataInclude.Users]: Enterprise.EnterpriseDataEntity.USERS, - [EnterpriseDataInclude.Roles]: Enterprise.EnterpriseDataEntity.ROLES, - [EnterpriseDataInclude.RoleUsers]: Enterprise.EnterpriseDataEntity.ROLE_USERS, - [EnterpriseDataInclude.RoleTeams]: Enterprise.EnterpriseDataEntity.ROLE_TEAMS, - [EnterpriseDataInclude.RolePrivileges]: Enterprise.EnterpriseDataEntity.ROLE_PRIVILEGES, - [EnterpriseDataInclude.ManagedNodes]: Enterprise.EnterpriseDataEntity.MANAGED_NODES, - [EnterpriseDataInclude.RoleEnforcements]: Enterprise.EnterpriseDataEntity.ROLE_ENFORCEMENTS, - [EnterpriseDataInclude.Teams]: Enterprise.EnterpriseDataEntity.TEAMS, - [EnterpriseDataInclude.TeamUsers]: Enterprise.EnterpriseDataEntity.TEAM_USERS, - [EnterpriseDataInclude.QueuedTeams]: Enterprise.EnterpriseDataEntity.QUEUED_TEAMS, - [EnterpriseDataInclude.QueuedTeamUsers]: Enterprise.EnterpriseDataEntity.QUEUED_TEAM_USERS, - [EnterpriseDataInclude.UserAliases]: Enterprise.EnterpriseDataEntity.USER_ALIASES, -} +const INCLUDE_TO_ENTITY: Record< + EnterpriseDataInclude, + Enterprise.EnterpriseDataEntity +> = { + [EnterpriseDataInclude.Nodes]: Enterprise.EnterpriseDataEntity.NODES, + [EnterpriseDataInclude.Users]: Enterprise.EnterpriseDataEntity.USERS, + [EnterpriseDataInclude.Roles]: Enterprise.EnterpriseDataEntity.ROLES, + [EnterpriseDataInclude.RoleUsers]: Enterprise.EnterpriseDataEntity.ROLE_USERS, + [EnterpriseDataInclude.RoleTeams]: Enterprise.EnterpriseDataEntity.ROLE_TEAMS, + [EnterpriseDataInclude.RolePrivileges]: + Enterprise.EnterpriseDataEntity.ROLE_PRIVILEGES, + [EnterpriseDataInclude.ManagedNodes]: + Enterprise.EnterpriseDataEntity.MANAGED_NODES, + [EnterpriseDataInclude.RoleEnforcements]: + Enterprise.EnterpriseDataEntity.ROLE_ENFORCEMENTS, + [EnterpriseDataInclude.Teams]: Enterprise.EnterpriseDataEntity.TEAMS, + [EnterpriseDataInclude.TeamUsers]: Enterprise.EnterpriseDataEntity.TEAM_USERS, + [EnterpriseDataInclude.QueuedTeams]: + Enterprise.EnterpriseDataEntity.QUEUED_TEAMS, + [EnterpriseDataInclude.QueuedTeamUsers]: + Enterprise.EnterpriseDataEntity.QUEUED_TEAM_USERS, + [EnterpriseDataInclude.UserAliases]: + Enterprise.EnterpriseDataEntity.USER_ALIASES, +}; export type EnterpriseNode = { - node_id: number - parent_id?: number - encrypted_data?: string - displayName?: string -} + node_id: number; + parent_id?: number; + encrypted_data?: string; + displayName?: string; +}; export type EnterpriseUser = { - enterprise_user_id: number - username: string - status?: string - node_id?: number - encrypted_data?: string - full_name?: string - job_title?: string - lock?: number - account_share_expiration?: number - tfa_enabled?: boolean -} + enterprise_user_id: number; + username: string; + status?: string; + node_id?: number; + encrypted_data?: string; + full_name?: string; + job_title?: string; + lock?: number; + account_share_expiration?: number; + tfa_enabled?: boolean; +}; export type EnterpriseRole = { - role_id: number - node_id?: number - encrypted_data?: string - displayName?: string - visible_below?: boolean - new_user_inherit?: boolean -} + role_id: number; + node_id?: number; + encrypted_data?: string; + displayName?: string; + visible_below?: boolean; + new_user_inherit?: boolean; +}; export type EnterpriseRolePrivilegeLink = { - role_id: number - managed_node_id: number - privilege_type?: string -} + role_id: number; + managed_node_id: number; + privilege_type?: string; +}; export type EnterpriseRoleManagedNodeLink = { - role_id: number - managed_node_id: number - cascade_node_management: boolean -} + role_id: number; + managed_node_id: number; + cascade_node_management: boolean; +}; export type EnterpriseRoleEnforcementLink = { - role_id: number - enforcement_type: string - value?: string -} + role_id: number; + enforcement_type: string; + value?: string; +}; export type EnterpriseTeamRecord = { - team_uid: string - name: string - node_id: number - restrict_view?: boolean - restrict_edit?: boolean - restrict_share?: boolean - restrict_sharing?: boolean - encrypted_data?: string - encrypted_team_key?: string -} + team_uid: string; + name: string; + node_id: number; + restrict_view?: boolean; + restrict_edit?: boolean; + restrict_share?: boolean; + restrict_sharing?: boolean; + encrypted_data?: string; + encrypted_team_key?: string; +}; export type EnterpriseTeamUserLink = { - team_uid: string - enterprise_user_id: number - user_type?: string -} + team_uid: string; + enterprise_user_id: number; + user_type?: string; +}; export type EnterpriseRoleUserLink = { - role_id: number - enterprise_user_id: number -} + role_id: number; + enterprise_user_id: number; +}; export type EnterpriseRoleTeamLink = { - role_id: number - team_uid: string -} + role_id: number; + team_uid: string; +}; export type EnterpriseQueuedTeamRecord = { - team_uid: string - name: string - node_id: number - encrypted_data?: string -} + team_uid: string; + name: string; + node_id: number; + encrypted_data?: string; +}; export type EnterpriseQueuedTeamUserLink = { - team_uid: string - enterprise_user_id: number -} + team_uid: string; + enterprise_user_id: number; +}; export type EnterpriseUserAliasLink = { - enterprise_user_id: number - username: string -} + enterprise_user_id: number; + username: string; +}; export type GetEnterpriseDataResponse = { - enterprise_name?: string - nodes?: EnterpriseNode[] - users?: EnterpriseUser[] - roles?: EnterpriseRole[] - teams?: EnterpriseTeamRecord[] - team_users?: EnterpriseTeamUserLink[] - role_users?: EnterpriseRoleUserLink[] - role_teams?: EnterpriseRoleTeamLink[] - role_privileges?: EnterpriseRolePrivilegeLink[] - managed_nodes?: EnterpriseRoleManagedNodeLink[] - role_enforcements?: EnterpriseRoleEnforcementLink[] - queued_teams?: EnterpriseQueuedTeamRecord[] - queued_team_users?: EnterpriseQueuedTeamUserLink[] - user_aliases?: EnterpriseUserAliasLink[] -} + enterprise_name?: string; + nodes?: EnterpriseNode[]; + users?: EnterpriseUser[]; + roles?: EnterpriseRole[]; + teams?: EnterpriseTeamRecord[]; + team_users?: EnterpriseTeamUserLink[]; + role_users?: EnterpriseRoleUserLink[]; + role_teams?: EnterpriseRoleTeamLink[]; + role_privileges?: EnterpriseRolePrivilegeLink[]; + managed_nodes?: EnterpriseRoleManagedNodeLink[]; + role_enforcements?: EnterpriseRoleEnforcementLink[]; + queued_teams?: EnterpriseQueuedTeamRecord[]; + queued_team_users?: EnterpriseQueuedTeamUserLink[]; + user_aliases?: EnterpriseUserAliasLink[]; +}; export type NodePathOptions = { - omitRoot?: boolean - separator?: string -} + omitRoot?: boolean; + separator?: string; +}; -export type DecryptedNodeNames = Map -export type DecryptedRoleNames = Map +export type DecryptedNodeNames = Map; +export type DecryptedRoleNames = Map; export type EnterpriseDisplayNames = { - nodes: DecryptedNodeNames - roles: DecryptedRoleNames -} + nodes: DecryptedNodeNames; + roles: DecryptedRoleNames; +}; -type LongLike = number | { toNumber: () => number; toString: () => string } | undefined | null +type LongLike = + | number + | { toNumber: () => number; toString: () => string } + | undefined + | null; export interface EnterpriseDataManagerApi { - getData(includes: EnterpriseDataInclude[]): Promise - getDisplayNames(): Promise - getTreeKey(): Promise - decryptNodeNames(nodes: EnterpriseNode[]): Promise - clearCache(): void + getData( + includes: EnterpriseDataInclude[], + ): Promise; + getDisplayNames(): Promise; + getTreeKey(): Promise; + decryptNodeNames(nodes: EnterpriseNode[]): Promise; + clearCache(): void; } export class EnterpriseDataManager implements EnterpriseDataManagerApi { - private readonly auth: Auth - private displayNamesPromise: Promise | null = null - private treeKeyPromise: Promise | null = null - private readonly dataCache = new Map>() - - constructor(auth: Auth) { - this.auth = auth - } - - public async getData(includes: EnterpriseDataInclude[]): Promise { - const key = EnterpriseDataManager.cacheKeyForIncludes(includes) - let promise = this.dataCache.get(key) - if (!promise) { - promise = this.fetchEnterpriseData(includes) - this.dataCache.set(key, promise) - } - return promise - } - - public async getDisplayNames(): Promise { - if (!this.displayNamesPromise) { - this.displayNamesPromise = this.fetchDisplayNames() - } - return this.displayNamesPromise - } - - public async decryptNodeNames(nodes: EnterpriseNode[]): Promise { - if (!nodes || nodes.length === 0) return 0 - - const needsDecrypt = nodes.some( - (node) => !!node.encrypted_data && !(node.displayName || '').trim() - ) - if (!needsDecrypt) return 0 - - const displayNames = await this.getDisplayNames() - if (displayNames.nodes.size > 0) { - for (const node of nodes) { - if ((node.displayName || '').trim()) continue - const cached = displayNames.nodes.get(node.node_id) - if (cached) node.displayName = cached - } - } - - const treeKey = await this.getTreeKey() - if (!treeKey) { - logger.warn( - 'Enterprise node names unavailable: could not decrypt enterprise tree key. ' + - 'Use numeric node IDs (visible in error listings).' - ) - return 0 - } - - let decryptedCount = 0 - for (const node of nodes) { - if ((node.displayName || '').trim()) continue - if (!node.encrypted_data) continue - const display = await EnterpriseDataManager.decryptDisplayName(node.encrypted_data, treeKey) - if (display) { - node.displayName = display - decryptedCount++ - } - } - if (decryptedCount > 0) { - logger.debug(`Decrypted ${decryptedCount} enterprise node name(s) using tree key.`) - } - return decryptedCount - } - - public clearCache(): void { - this.dataCache.clear() - this.displayNamesPromise = null - this.treeKeyPromise = null - } - - public static getNodePath( - nodes: EnterpriseNode[], - nodeId: number, - options: NodePathOptions = {} - ): string { - const { omitRoot = true, separator = DEFAULT_NODE_PATH_SEPARATOR } = options - const byId = new Map() - for (const node of nodes) byId.set(node.node_id, node) - - const visited = new Set() - const segments: string[] = [] - let currentId: number | undefined = nodeId - while (isNumber(currentId) && currentId > 0 && !visited.has(currentId)) { - visited.add(currentId) - const node = byId.get(currentId) - if (!node) break - const parentId = node.parent_id || 0 - const isRoot = parentId === 0 - if (!isRoot || !omitRoot) { - const segmentName = (node.displayName || '').trim() - if (segmentName) segments.push(segmentName) - } - currentId = parentId - } - segments.reverse() - return segments.join(separator) - } - - private static cacheKeyForIncludes(includes: EnterpriseDataInclude[]): string { - return [...includes].sort().join(',') - } - - private async fetchEnterpriseData( - includes: EnterpriseDataInclude[] - ): Promise { - const interesting = new Set( - includes.map((key) => INCLUDE_TO_ENTITY[key]) - ) - const aggregate: GetEnterpriseDataResponse = {} - let continuationToken: Uint8Array | undefined - - for (let iteration = 0; iteration < MAX_CONTINUATIONS; iteration += 1) { - const request: Enterprise.IEnterpriseDataRequest = {} - if (continuationToken) request.continuationToken = continuationToken - - const response = await this.auth.executeRest(getEnterpriseDataForUserMessage(request)) - - if (response.generalData?.enterpriseName) { - aggregate.enterprise_name = response.generalData.enterpriseName - } - - for (const chunk of response.data || []) { - const entity = chunk.entity ?? Enterprise.EnterpriseDataEntity.UNKNOWN - if (!interesting.has(entity)) continue - EnterpriseDataManager.applyChunk(chunk, aggregate) - } - - if (!response.hasMore) break - if (!response.continuationToken || response.continuationToken.length === 0) break - continuationToken = response.continuationToken - } - - return aggregate + private readonly auth: Auth; + private displayNamesPromise: Promise | null = null; + private treeKeyPromise: Promise | null = null; + private readonly dataCache = new Map< + string, + Promise + >(); + + constructor(auth: Auth) { + this.auth = auth; + } + + public async getData( + includes: EnterpriseDataInclude[], + ): Promise { + const key = EnterpriseDataManager.cacheKeyForIncludes(includes); + let promise = this.dataCache.get(key); + if (!promise) { + promise = this.fetchEnterpriseData(includes); + this.dataCache.set(key, promise); } + return promise; + } - private async fetchDisplayNames(): Promise { - const empty: EnterpriseDisplayNames = { nodes: new Map(), roles: new Map() } - - const treeKey = await this.getTreeKey() - if (!treeKey) return empty - - const data = await this.getData([EnterpriseDataInclude.Nodes, EnterpriseDataInclude.Roles]) - - const nodes: DecryptedNodeNames = new Map() - for (const node of data.nodes || []) { - if (!isNumber(node.node_id)) continue - if (!node.encrypted_data) continue - const display = await EnterpriseDataManager.decryptDisplayName(node.encrypted_data, treeKey) - if (display) nodes.set(node.node_id, display) - } - - const roles: DecryptedRoleNames = new Map() - for (const role of data.roles || []) { - if (!isNumber(role.role_id)) continue - if (!role.encrypted_data) continue - const display = await EnterpriseDataManager.decryptDisplayName(role.encrypted_data, treeKey) - if (display) roles.set(role.role_id, display) - } - - return { nodes, roles } + public async getDisplayNames(): Promise { + if (!this.displayNamesPromise) { + this.displayNamesPromise = this.fetchDisplayNames(); } - - public async getTreeKey(): Promise { - if (!this.treeKeyPromise) { - this.treeKeyPromise = this.fetchAndDecryptTreeKey() - } - return this.treeKeyPromise + return this.displayNamesPromise; + } + + public async decryptNodeNames(nodes: EnterpriseNode[]): Promise { + if (!nodes || nodes.length === 0) return 0; + + const needsDecrypt = nodes.some( + (node) => !!node.encrypted_data && !(node.displayName || "").trim(), + ); + if (!needsDecrypt) return 0; + + const displayNames = await this.getDisplayNames(); + if (displayNames.nodes.size > 0) { + for (const node of nodes) { + if ((node.displayName || "").trim()) continue; + const cached = displayNames.nodes.get(node.node_id); + if (cached) node.displayName = cached; + } } - private async fetchAndDecryptTreeKey(): Promise { - let response: Enterprise.IGetEnterpriseDataKeysResponse - try { - response = await this.auth.executeRest(getEnterpriseDataKeysMessage()) - } catch (err) { - logger.debug(`enterprise/get_enterprise_data_keys failed: ${extractErrorMessage(err)}`) - return null - } - - const treeKey = response.treeKey - if (!treeKey || !treeKey.treeKey) { - logger.debug( - `enterprise/get_enterprise_data_keys: no tree key returned (user is likely not an enterprise admin)` - ) - return null - } - - return this.decryptTreeKey(treeKey) + const treeKey = await this.getTreeKey(); + if (!treeKey) { + logger.warn( + "Enterprise node names unavailable: could not decrypt enterprise tree key. " + + "Use numeric node IDs (visible in error listings).", + ); + return 0; } - private async decryptTreeKey(treeKey: Enterprise.ITreeKey): Promise { - if (!treeKey.treeKey) return null - const encrypted = normal64Bytes(treeKey.treeKey) - const keyType = (treeKey.keyTypeId ?? 0) as Enterprise.BackupKeyType - - try { - switch (keyType) { - case Enterprise.BackupKeyType.ENCRYPTED_BY_DATA_KEY: { - if (!this.auth.dataKey) return null - return await platform.aesCbcDecrypt(encrypted, this.auth.dataKey, true) - } - case Enterprise.BackupKeyType.ENCRYPTED_BY_DATA_KEY_GCM: { - if (!this.auth.dataKey) return null - return await platform.aesGcmDecrypt(encrypted, this.auth.dataKey) - } - case Enterprise.BackupKeyType.ENCRYPTED_BY_PUBLIC_KEY: { - if (!this.auth.privateKey) return null - return platform.privateDecrypt(encrypted, this.auth.privateKey) - } - case Enterprise.BackupKeyType.ENCRYPTED_BY_PUBLIC_KEY_ECC: { - if (!this.auth.eccPrivateKey) return null - return await platform.privateDecryptEC(encrypted, this.auth.eccPrivateKey) - } - default: - logger.debug(`Unsupported tree-key keyTypeId=${keyType}`) - return null - } - } catch (err) { - logger.debug( - `Tree-key decryption failed (keyTypeId=${keyType}): ${extractErrorMessage(err)}` - ) - return null - } + let decryptedCount = 0; + for (const node of nodes) { + if ((node.displayName || "").trim()) continue; + if (!node.encrypted_data) continue; + const display = await EnterpriseDataManager.decryptDisplayName( + node.encrypted_data, + treeKey, + ); + if (display) { + node.displayName = display; + decryptedCount++; + } } - - private static async decryptDisplayName(encrypted: string, treeKey: Uint8Array): Promise { - try { - const decrypted = await decryptObjectFromStorage<{ displayname?: string }>(encrypted, treeKey) - return (decrypted?.displayname || '').trim() - } catch { - return '' - } + if (decryptedCount > 0) { + logger.debug( + `Decrypted ${decryptedCount} enterprise node name(s) using tree key.`, + ); } - - private static toNumber(value: LongLike): number { - if (value == null) return 0 - if (isNumber(value)) return value - if (typeof value.toNumber === 'function') return value.toNumber() - const parsed = Number(value.toString()) - return Number.isFinite(parsed) ? parsed : 0 + return decryptedCount; + } + + public clearCache(): void { + this.dataCache.clear(); + this.displayNamesPromise = null; + this.treeKeyPromise = null; + } + + public static getNodePath( + nodes: EnterpriseNode[], + nodeId: number, + options: NodePathOptions = {}, + ): string { + const { omitRoot = true, separator = DEFAULT_NODE_PATH_SEPARATOR } = + options; + const byId = new Map(); + for (const node of nodes) byId.set(node.node_id, node); + + const visited = new Set(); + const segments: string[] = []; + let currentId: number | undefined = nodeId; + while (isNumber(currentId) && currentId > 0 && !visited.has(currentId)) { + visited.add(currentId); + const node = byId.get(currentId); + if (!node) break; + const parentId = node.parent_id || 0; + const isRoot = parentId === 0; + if (!isRoot || !omitRoot) { + const segmentName = (node.displayName || "").trim(); + if (segmentName) segments.push(segmentName); + } + currentId = parentId; } - - private static toUid(bytes: Uint8Array | null | undefined): string { - return bytes && bytes.length > 0 ? webSafe64FromBytes(bytes) : '' + segments.reverse(); + return segments.join(separator); + } + + private static cacheKeyForIncludes( + includes: EnterpriseDataInclude[], + ): string { + return [...includes].sort().join(","); + } + + private async fetchEnterpriseData( + includes: EnterpriseDataInclude[], + ): Promise { + const interesting = new Set( + includes.map((key) => INCLUDE_TO_ENTITY[key]), + ); + const aggregate: GetEnterpriseDataResponse = {}; + let continuationToken: Uint8Array | undefined; + + for (let iteration = 0; iteration < MAX_CONTINUATIONS; iteration += 1) { + const request: Enterprise.IEnterpriseDataRequest = {}; + if (continuationToken) request.continuationToken = continuationToken; + + const response = await this.auth.executeRest( + getEnterpriseDataForUserMessage(request), + ); + + if (response.generalData?.enterpriseName) { + aggregate.enterprise_name = response.generalData.enterpriseName; + } + + for (const chunk of response.data || []) { + const entity = chunk.entity ?? Enterprise.EnterpriseDataEntity.UNKNOWN; + if (!interesting.has(entity)) continue; + EnterpriseDataManager.applyChunk(chunk, aggregate); + } + + if (!response.hasMore) break; + if ( + !response.continuationToken || + response.continuationToken.length === 0 + ) + break; + continuationToken = response.continuationToken; } - private static decodeChunk( - chunkData: Uint8Array[] | null | undefined, - decoder: (bytes: Uint8Array) => T - ): T[] { - if (!chunkData || chunkData.length === 0) return [] - const results: T[] = [] - for (const bytes of chunkData) { - try { - results.push(decoder(bytes)) - } catch { - } - } - return results + return aggregate; + } + + private async fetchDisplayNames(): Promise { + const empty: EnterpriseDisplayNames = { + nodes: new Map(), + roles: new Map(), + }; + + const treeKey = await this.getTreeKey(); + if (!treeKey) return empty; + + const data = await this.getData([ + EnterpriseDataInclude.Nodes, + EnterpriseDataInclude.Roles, + ]); + + const nodes: DecryptedNodeNames = new Map(); + for (const node of data.nodes || []) { + if (!isNumber(node.node_id)) continue; + if (!node.encrypted_data) continue; + const display = await EnterpriseDataManager.decryptDisplayName( + node.encrypted_data, + treeKey, + ); + if (display) nodes.set(node.node_id, display); } - private static decodeNodeChunk(bytes: Uint8Array): EnterpriseNode { - const message = Enterprise.Node.decode(bytes) - const node: EnterpriseNode = { node_id: EnterpriseDataManager.toNumber(message.nodeId) } - if (message.parentId != null) node.parent_id = EnterpriseDataManager.toNumber(message.parentId) - if (message.encryptedData) node.encrypted_data = message.encryptedData - return node + const roles: DecryptedRoleNames = new Map(); + for (const role of data.roles || []) { + if (!isNumber(role.role_id)) continue; + if (!role.encrypted_data) continue; + const display = await EnterpriseDataManager.decryptDisplayName( + role.encrypted_data, + treeKey, + ); + if (display) roles.set(role.role_id, display); } - private static decodeUserChunk(bytes: Uint8Array): EnterpriseUser { - const message = Enterprise.User.decode(bytes) - const user: EnterpriseUser = { - enterprise_user_id: EnterpriseDataManager.toNumber(message.enterpriseUserId), - username: message.username || '', - } - if (message.status) user.status = message.status - if (message.nodeId != null) user.node_id = EnterpriseDataManager.toNumber(message.nodeId) - if (message.encryptedData) user.encrypted_data = message.encryptedData - if (message.fullName) user.full_name = message.fullName - if (message.jobTitle) user.job_title = message.jobTitle - if (message.lock != null) user.lock = message.lock - if (message.accountShareExpiration != null) { - user.account_share_expiration = EnterpriseDataManager.toNumber(message.accountShareExpiration) - } - if (message.tfaEnabled != null) user.tfa_enabled = message.tfaEnabled - return user - } + return { nodes, roles }; + } - private static decodeRoleChunk(bytes: Uint8Array): EnterpriseRole { - const message = Enterprise.Role.decode(bytes) - const out: EnterpriseRole = { role_id: EnterpriseDataManager.toNumber(message.roleId) } - if (message.nodeId != null) out.node_id = EnterpriseDataManager.toNumber(message.nodeId) - if (message.encryptedData) out.encrypted_data = message.encryptedData - if (message.visibleBelow != null) out.visible_below = message.visibleBelow - if (message.newUserInherit != null) out.new_user_inherit = message.newUserInherit - return out + public async getTreeKey(): Promise { + if (!this.treeKeyPromise) { + this.treeKeyPromise = this.fetchAndDecryptTreeKey(); } - - private static decodeRolePrivilegeChunk(bytes: Uint8Array): EnterpriseRolePrivilegeLink { - const message = Enterprise.RolePrivilege.decode(bytes) - const out: EnterpriseRolePrivilegeLink = { - role_id: EnterpriseDataManager.toNumber(message.roleId), - managed_node_id: EnterpriseDataManager.toNumber(message.managedNodeId), - } - if (message.privilegeType) out.privilege_type = message.privilegeType - return out + return this.treeKeyPromise; + } + + private async fetchAndDecryptTreeKey(): Promise { + let response: Enterprise.IGetEnterpriseDataKeysResponse; + try { + response = await this.auth.executeRest(getEnterpriseDataKeysMessage()); + } catch (err) { + logger.debug( + `enterprise/get_enterprise_data_keys failed: ${extractErrorMessage(err)}`, + ); + return null; } - private static decodeManagedNodeChunk(bytes: Uint8Array): EnterpriseRoleManagedNodeLink { - const message = Enterprise.ManagedNode.decode(bytes) - return { - role_id: EnterpriseDataManager.toNumber(message.roleId), - managed_node_id: EnterpriseDataManager.toNumber(message.managedNodeId), - cascade_node_management: message.cascadeNodeManagement === true, - } + const treeKey = response.treeKey; + if (!treeKey || !treeKey.treeKey) { + logger.debug( + `enterprise/get_enterprise_data_keys: no tree key returned (user is likely not an enterprise admin)`, + ); + return null; } - private static decodeRoleEnforcementChunk(bytes: Uint8Array): EnterpriseRoleEnforcementLink { - const message = Enterprise.RoleEnforcement.decode(bytes) - const out: EnterpriseRoleEnforcementLink = { - role_id: EnterpriseDataManager.toNumber(message.roleId), - enforcement_type: message.enforcementType || '', + return this.decryptTreeKey(treeKey); + } + + private async decryptTreeKey( + treeKey: Enterprise.ITreeKey, + ): Promise { + if (!treeKey.treeKey) return null; + const encrypted = normal64Bytes(treeKey.treeKey); + const keyType = (treeKey.keyTypeId ?? 0) as Enterprise.BackupKeyType; + + try { + switch (keyType) { + case Enterprise.BackupKeyType.ENCRYPTED_BY_DATA_KEY: { + if (!this.auth.dataKey) return null; + return await platform.aesCbcDecrypt( + encrypted, + this.auth.dataKey, + true, + ); } - if (message.value) out.value = message.value - return out - } - - private static decodeTeamChunk(bytes: Uint8Array): EnterpriseTeamRecord { - const message = Enterprise.Team.decode(bytes) - const team: EnterpriseTeamRecord = { - team_uid: EnterpriseDataManager.toUid(message.teamUid), - name: message.name || '', - node_id: EnterpriseDataManager.toNumber(message.nodeId), - restrict_view: message.restrictView === true, - restrict_edit: message.restrictEdit === true, - restrict_share: message.restrictShare === true, + case Enterprise.BackupKeyType.ENCRYPTED_BY_DATA_KEY_GCM: { + if (!this.auth.dataKey) return null; + return await platform.aesGcmDecrypt(encrypted, this.auth.dataKey); } - if (message.encryptedData) team.encrypted_data = message.encryptedData - if (message.encryptedTeamKey) team.encrypted_team_key = message.encryptedTeamKey - return team - } - - private static decodeTeamUserChunk(bytes: Uint8Array): EnterpriseTeamUserLink { - const message = Enterprise.TeamUser.decode(bytes) - const teamUser: EnterpriseTeamUserLink = { - team_uid: EnterpriseDataManager.toUid(message.teamUid), - enterprise_user_id: EnterpriseDataManager.toNumber(message.enterpriseUserId), + case Enterprise.BackupKeyType.ENCRYPTED_BY_PUBLIC_KEY: { + if (!this.auth.privateKey) return null; + return platform.privateDecrypt(encrypted, this.auth.privateKey); } - if (message.userType) teamUser.user_type = message.userType - return teamUser - } - - private static decodeRoleUserChunk(bytes: Uint8Array): EnterpriseRoleUserLink { - const message = Enterprise.RoleUser.decode(bytes) - return { - role_id: EnterpriseDataManager.toNumber(message.roleId), - enterprise_user_id: EnterpriseDataManager.toNumber(message.enterpriseUserId), + case Enterprise.BackupKeyType.ENCRYPTED_BY_PUBLIC_KEY_ECC: { + if (!this.auth.eccPrivateKey) return null; + return await platform.privateDecryptEC( + encrypted, + this.auth.eccPrivateKey, + ); } + default: + logger.debug(`Unsupported tree-key keyTypeId=${keyType}`); + return null; + } + } catch (err) { + logger.debug( + `Tree-key decryption failed (keyTypeId=${keyType}): ${extractErrorMessage(err)}`, + ); + return null; } - - private static decodeRoleTeamChunk(bytes: Uint8Array): EnterpriseRoleTeamLink { - const message = Enterprise.RoleTeam.decode(bytes) - return { - role_id: EnterpriseDataManager.toNumber(message.roleId), - team_uid: EnterpriseDataManager.toUid(message.teamUid), - } + } + + private static async decryptDisplayName( + encrypted: string, + treeKey: Uint8Array, + ): Promise { + try { + const decrypted = await decryptObjectFromStorage<{ + displayname?: string; + }>(encrypted, treeKey); + return (decrypted?.displayname || "").trim(); + } catch { + return ""; } - - private static decodeQueuedTeamChunk(bytes: Uint8Array): EnterpriseQueuedTeamRecord { - const message = Enterprise.QueuedTeam.decode(bytes) - const queuedTeam: EnterpriseQueuedTeamRecord = { - team_uid: EnterpriseDataManager.toUid(message.teamUid), - name: message.name || '', - node_id: EnterpriseDataManager.toNumber(message.nodeId), - } - if (message.encryptedData) queuedTeam.encrypted_data = message.encryptedData - return queuedTeam + } + + private static toNumber(value: LongLike): number { + if (value == null) return 0; + if (isNumber(value)) return value; + if (typeof value.toNumber === "function") return value.toNumber(); + const parsed = Number(value.toString()); + return Number.isFinite(parsed) ? parsed : 0; + } + + private static toUid(bytes: Uint8Array | null | undefined): string { + return bytes && bytes.length > 0 ? webSafe64FromBytes(bytes) : ""; + } + + private static decodeChunk( + chunkData: Uint8Array[] | null | undefined, + decoder: (bytes: Uint8Array) => T, + ): T[] { + if (!chunkData || chunkData.length === 0) return []; + const results: T[] = []; + for (const bytes of chunkData) { + try { + results.push(decoder(bytes)); + } catch {} } - - private static decodeUserAliasChunk(bytes: Uint8Array): EnterpriseUserAliasLink { - const message = Enterprise.UserAlias.decode(bytes) - return { - enterprise_user_id: EnterpriseDataManager.toNumber(message.enterpriseUserId), - username: message.username || '', - } + return results; + } + + private static decodeNodeChunk(bytes: Uint8Array): EnterpriseNode { + const message = Enterprise.Node.decode(bytes); + const node: EnterpriseNode = { + node_id: EnterpriseDataManager.toNumber(message.nodeId), + }; + if (message.parentId != null) + node.parent_id = EnterpriseDataManager.toNumber(message.parentId); + if (message.encryptedData) node.encrypted_data = message.encryptedData; + return node; + } + + private static decodeUserChunk(bytes: Uint8Array): EnterpriseUser { + const message = Enterprise.User.decode(bytes); + const user: EnterpriseUser = { + enterprise_user_id: EnterpriseDataManager.toNumber( + message.enterpriseUserId, + ), + username: message.username || "", + }; + if (message.status) user.status = message.status; + if (message.nodeId != null) + user.node_id = EnterpriseDataManager.toNumber(message.nodeId); + if (message.encryptedData) user.encrypted_data = message.encryptedData; + if (message.fullName) user.full_name = message.fullName; + if (message.jobTitle) user.job_title = message.jobTitle; + if (message.lock != null) user.lock = message.lock; + if (message.accountShareExpiration != null) { + user.account_share_expiration = EnterpriseDataManager.toNumber( + message.accountShareExpiration, + ); } - - private static applyChunk( - chunk: Enterprise.IEnterpriseData, - target: GetEnterpriseDataResponse - ): void { - const entity = chunk.entity ?? Enterprise.EnterpriseDataEntity.UNKNOWN - const data = chunk.data || [] - - switch (entity) { - case Enterprise.EnterpriseDataEntity.NODES: - target.nodes = (target.nodes || []).concat( - EnterpriseDataManager.decodeChunk(data, EnterpriseDataManager.decodeNodeChunk) - ) - break - case Enterprise.EnterpriseDataEntity.USERS: - target.users = (target.users || []).concat( - EnterpriseDataManager.decodeChunk(data, EnterpriseDataManager.decodeUserChunk) - ) - break - case Enterprise.EnterpriseDataEntity.ROLES: - target.roles = (target.roles || []).concat( - EnterpriseDataManager.decodeChunk(data, EnterpriseDataManager.decodeRoleChunk) - ) - break - case Enterprise.EnterpriseDataEntity.TEAMS: - target.teams = (target.teams || []).concat( - EnterpriseDataManager.decodeChunk(data, EnterpriseDataManager.decodeTeamChunk) - ) - break - case Enterprise.EnterpriseDataEntity.TEAM_USERS: - target.team_users = (target.team_users || []).concat( - EnterpriseDataManager.decodeChunk(data, EnterpriseDataManager.decodeTeamUserChunk) - ) - break - case Enterprise.EnterpriseDataEntity.ROLE_USERS: - target.role_users = (target.role_users || []).concat( - EnterpriseDataManager.decodeChunk(data, EnterpriseDataManager.decodeRoleUserChunk) - ) - break - case Enterprise.EnterpriseDataEntity.ROLE_TEAMS: - target.role_teams = (target.role_teams || []).concat( - EnterpriseDataManager.decodeChunk(data, EnterpriseDataManager.decodeRoleTeamChunk) - ) - break - case Enterprise.EnterpriseDataEntity.QUEUED_TEAMS: - target.queued_teams = (target.queued_teams || []).concat( - EnterpriseDataManager.decodeChunk(data, EnterpriseDataManager.decodeQueuedTeamChunk) - ) - break - case Enterprise.EnterpriseDataEntity.QUEUED_TEAM_USERS: { - const flatLinks: EnterpriseQueuedTeamUserLink[] = [] - for (const bytes of data) { - try { - const message = Enterprise.QueuedTeamUser.decode(bytes) - const teamUid = EnterpriseDataManager.toUid(message.teamUid) - if (!teamUid) continue - for (const userId of message.users || []) { - flatLinks.push({ - team_uid: teamUid, - enterprise_user_id: EnterpriseDataManager.toNumber(userId), - }) - } - } catch {} - } - target.queued_team_users = (target.queued_team_users || []).concat(flatLinks) - break + if (message.tfaEnabled != null) user.tfa_enabled = message.tfaEnabled; + return user; + } + + private static decodeRoleChunk(bytes: Uint8Array): EnterpriseRole { + const message = Enterprise.Role.decode(bytes); + const out: EnterpriseRole = { + role_id: EnterpriseDataManager.toNumber(message.roleId), + }; + if (message.nodeId != null) + out.node_id = EnterpriseDataManager.toNumber(message.nodeId); + if (message.encryptedData) out.encrypted_data = message.encryptedData; + if (message.visibleBelow != null) out.visible_below = message.visibleBelow; + if (message.newUserInherit != null) + out.new_user_inherit = message.newUserInherit; + return out; + } + + private static decodeRolePrivilegeChunk( + bytes: Uint8Array, + ): EnterpriseRolePrivilegeLink { + const message = Enterprise.RolePrivilege.decode(bytes); + const out: EnterpriseRolePrivilegeLink = { + role_id: EnterpriseDataManager.toNumber(message.roleId), + managed_node_id: EnterpriseDataManager.toNumber(message.managedNodeId), + }; + if (message.privilegeType) out.privilege_type = message.privilegeType; + return out; + } + + private static decodeManagedNodeChunk( + bytes: Uint8Array, + ): EnterpriseRoleManagedNodeLink { + const message = Enterprise.ManagedNode.decode(bytes); + return { + role_id: EnterpriseDataManager.toNumber(message.roleId), + managed_node_id: EnterpriseDataManager.toNumber(message.managedNodeId), + cascade_node_management: message.cascadeNodeManagement === true, + }; + } + + private static decodeRoleEnforcementChunk( + bytes: Uint8Array, + ): EnterpriseRoleEnforcementLink { + const message = Enterprise.RoleEnforcement.decode(bytes); + const out: EnterpriseRoleEnforcementLink = { + role_id: EnterpriseDataManager.toNumber(message.roleId), + enforcement_type: message.enforcementType || "", + }; + if (message.value) out.value = message.value; + return out; + } + + private static decodeTeamChunk(bytes: Uint8Array): EnterpriseTeamRecord { + const message = Enterprise.Team.decode(bytes); + const team: EnterpriseTeamRecord = { + team_uid: EnterpriseDataManager.toUid(message.teamUid), + name: message.name || "", + node_id: EnterpriseDataManager.toNumber(message.nodeId), + restrict_view: message.restrictView === true, + restrict_edit: message.restrictEdit === true, + restrict_share: message.restrictShare === true, + }; + if (message.encryptedData) team.encrypted_data = message.encryptedData; + if (message.encryptedTeamKey) + team.encrypted_team_key = message.encryptedTeamKey; + return team; + } + + private static decodeTeamUserChunk( + bytes: Uint8Array, + ): EnterpriseTeamUserLink { + const message = Enterprise.TeamUser.decode(bytes); + const teamUser: EnterpriseTeamUserLink = { + team_uid: EnterpriseDataManager.toUid(message.teamUid), + enterprise_user_id: EnterpriseDataManager.toNumber( + message.enterpriseUserId, + ), + }; + if (message.userType) teamUser.user_type = message.userType; + return teamUser; + } + + private static decodeRoleUserChunk( + bytes: Uint8Array, + ): EnterpriseRoleUserLink { + const message = Enterprise.RoleUser.decode(bytes); + return { + role_id: EnterpriseDataManager.toNumber(message.roleId), + enterprise_user_id: EnterpriseDataManager.toNumber( + message.enterpriseUserId, + ), + }; + } + + private static decodeRoleTeamChunk( + bytes: Uint8Array, + ): EnterpriseRoleTeamLink { + const message = Enterprise.RoleTeam.decode(bytes); + return { + role_id: EnterpriseDataManager.toNumber(message.roleId), + team_uid: EnterpriseDataManager.toUid(message.teamUid), + }; + } + + private static decodeQueuedTeamChunk( + bytes: Uint8Array, + ): EnterpriseQueuedTeamRecord { + const message = Enterprise.QueuedTeam.decode(bytes); + const queuedTeam: EnterpriseQueuedTeamRecord = { + team_uid: EnterpriseDataManager.toUid(message.teamUid), + name: message.name || "", + node_id: EnterpriseDataManager.toNumber(message.nodeId), + }; + if (message.encryptedData) + queuedTeam.encrypted_data = message.encryptedData; + return queuedTeam; + } + + private static decodeUserAliasChunk( + bytes: Uint8Array, + ): EnterpriseUserAliasLink { + const message = Enterprise.UserAlias.decode(bytes); + return { + enterprise_user_id: EnterpriseDataManager.toNumber( + message.enterpriseUserId, + ), + username: message.username || "", + }; + } + + private static applyChunk( + chunk: Enterprise.IEnterpriseData, + target: GetEnterpriseDataResponse, + ): void { + const entity = chunk.entity ?? Enterprise.EnterpriseDataEntity.UNKNOWN; + const data = chunk.data || []; + + switch (entity) { + case Enterprise.EnterpriseDataEntity.NODES: + target.nodes = (target.nodes || []).concat( + EnterpriseDataManager.decodeChunk( + data, + EnterpriseDataManager.decodeNodeChunk, + ), + ); + break; + case Enterprise.EnterpriseDataEntity.USERS: + target.users = (target.users || []).concat( + EnterpriseDataManager.decodeChunk( + data, + EnterpriseDataManager.decodeUserChunk, + ), + ); + break; + case Enterprise.EnterpriseDataEntity.ROLES: + target.roles = (target.roles || []).concat( + EnterpriseDataManager.decodeChunk( + data, + EnterpriseDataManager.decodeRoleChunk, + ), + ); + break; + case Enterprise.EnterpriseDataEntity.TEAMS: + target.teams = (target.teams || []).concat( + EnterpriseDataManager.decodeChunk( + data, + EnterpriseDataManager.decodeTeamChunk, + ), + ); + break; + case Enterprise.EnterpriseDataEntity.TEAM_USERS: + target.team_users = (target.team_users || []).concat( + EnterpriseDataManager.decodeChunk( + data, + EnterpriseDataManager.decodeTeamUserChunk, + ), + ); + break; + case Enterprise.EnterpriseDataEntity.ROLE_USERS: + target.role_users = (target.role_users || []).concat( + EnterpriseDataManager.decodeChunk( + data, + EnterpriseDataManager.decodeRoleUserChunk, + ), + ); + break; + case Enterprise.EnterpriseDataEntity.ROLE_TEAMS: + target.role_teams = (target.role_teams || []).concat( + EnterpriseDataManager.decodeChunk( + data, + EnterpriseDataManager.decodeRoleTeamChunk, + ), + ); + break; + case Enterprise.EnterpriseDataEntity.QUEUED_TEAMS: + target.queued_teams = (target.queued_teams || []).concat( + EnterpriseDataManager.decodeChunk( + data, + EnterpriseDataManager.decodeQueuedTeamChunk, + ), + ); + break; + case Enterprise.EnterpriseDataEntity.QUEUED_TEAM_USERS: { + const flatLinks: EnterpriseQueuedTeamUserLink[] = []; + for (const bytes of data) { + try { + const message = Enterprise.QueuedTeamUser.decode(bytes); + const teamUid = EnterpriseDataManager.toUid(message.teamUid); + if (!teamUid) continue; + for (const userId of message.users || []) { + flatLinks.push({ + team_uid: teamUid, + enterprise_user_id: EnterpriseDataManager.toNumber(userId), + }); } - case Enterprise.EnterpriseDataEntity.USER_ALIASES: - target.user_aliases = (target.user_aliases || []).concat( - EnterpriseDataManager.decodeChunk(data, EnterpriseDataManager.decodeUserAliasChunk) - ) - break - case Enterprise.EnterpriseDataEntity.ROLE_PRIVILEGES: - target.role_privileges = (target.role_privileges || []).concat( - EnterpriseDataManager.decodeChunk(data, EnterpriseDataManager.decodeRolePrivilegeChunk) - ) - break - case Enterprise.EnterpriseDataEntity.MANAGED_NODES: - target.managed_nodes = (target.managed_nodes || []).concat( - EnterpriseDataManager.decodeChunk(data, EnterpriseDataManager.decodeManagedNodeChunk) - ) - break - case Enterprise.EnterpriseDataEntity.ROLE_ENFORCEMENTS: - target.role_enforcements = (target.role_enforcements || []).concat( - EnterpriseDataManager.decodeChunk(data, EnterpriseDataManager.decodeRoleEnforcementChunk) - ) - break - default: - break + } catch {} } + target.queued_team_users = (target.queued_team_users || []).concat( + flatLinks, + ); + break; + } + case Enterprise.EnterpriseDataEntity.USER_ALIASES: + target.user_aliases = (target.user_aliases || []).concat( + EnterpriseDataManager.decodeChunk( + data, + EnterpriseDataManager.decodeUserAliasChunk, + ), + ); + break; + case Enterprise.EnterpriseDataEntity.ROLE_PRIVILEGES: + target.role_privileges = (target.role_privileges || []).concat( + EnterpriseDataManager.decodeChunk( + data, + EnterpriseDataManager.decodeRolePrivilegeChunk, + ), + ); + break; + case Enterprise.EnterpriseDataEntity.MANAGED_NODES: + target.managed_nodes = (target.managed_nodes || []).concat( + EnterpriseDataManager.decodeChunk( + data, + EnterpriseDataManager.decodeManagedNodeChunk, + ), + ); + break; + case Enterprise.EnterpriseDataEntity.ROLE_ENFORCEMENTS: + target.role_enforcements = (target.role_enforcements || []).concat( + EnterpriseDataManager.decodeChunk( + data, + EnterpriseDataManager.decodeRoleEnforcementChunk, + ), + ); + break; + default: + break; } -} \ No newline at end of file + } +} diff --git a/KeeperSdk/src/teams/listTeams.ts b/KeeperSdk/src/teams/listTeams.ts index 391238aa..699320d8 100644 --- a/KeeperSdk/src/teams/listTeams.ts +++ b/KeeperSdk/src/teams/listTeams.ts @@ -1,373 +1,426 @@ -import type { Auth } from '@keeper-security/keeperapi' -import { isNumber, TOKEN_SEPARATOR_PATTERN } from '../utils' +import type { Auth } from "@keeper-security/keeperapi"; +import { isNumber, TOKEN_SEPARATOR_PATTERN } from "../utils"; import { - EnterpriseDataInclude, - EnterpriseDataManager, - type DecryptedRoleNames, - type EnterpriseDisplayNames, - type EnterpriseNode, - type EnterpriseRole, - type EnterpriseTeamRecord, - type EnterpriseTeamUserLink, - type EnterpriseUser, - type GetEnterpriseDataResponse, -} from './enterpriseData' + EnterpriseDataInclude, + EnterpriseDataManager, + type DecryptedRoleNames, + type EnterpriseDisplayNames, + type EnterpriseNode, + type EnterpriseRole, + type EnterpriseTeamRecord, + type EnterpriseTeamUserLink, + type EnterpriseUser, + type GetEnterpriseDataResponse, +} from "./enterpriseData"; export enum TeamColumn { - Restricts = 'restricts', - Node = 'node', - UserCount = 'user_count', - Users = 'users', - RoleCount = 'role_count', - Roles = 'roles', + Restricts = "restricts", + Node = "node", + UserCount = "user_count", + Users = "users", + RoleCount = "role_count", + Roles = "roles", } -export type TeamColumnInput = TeamColumn | `${TeamColumn}` +export type TeamColumnInput = TeamColumn | `${TeamColumn}`; -export const SUPPORTED_TEAM_COLUMNS: readonly TeamColumn[] = Object.values(TeamColumn) +export const SUPPORTED_TEAM_COLUMNS: readonly TeamColumn[] = + Object.values(TeamColumn); export const DEFAULT_TEAM_COLUMNS: readonly TeamColumn[] = [ - TeamColumn.Restricts, - TeamColumn.Node, - TeamColumn.UserCount, - TeamColumn.RoleCount, -] + TeamColumn.Restricts, + TeamColumn.Node, + TeamColumn.UserCount, + TeamColumn.RoleCount, +]; -const NODE_PATH_SEPARATOR = '\\' -const MIN_ASCII_COL_WIDTH = 2 -const ALL_COLUMNS_WILDCARD = '*' +const NODE_PATH_SEPARATOR = "\\"; +const MIN_ASCII_COL_WIDTH = 2; +const ALL_COLUMNS_WILDCARD = "*"; const HEADER_BY_COLUMN: Record = { - [TeamColumn.Restricts]: 'Restricts', - [TeamColumn.Node]: 'Node', - [TeamColumn.UserCount]: 'User Count', - [TeamColumn.Users]: 'Users', - [TeamColumn.RoleCount]: 'Role Count', - [TeamColumn.Roles]: 'Roles', -} + [TeamColumn.Restricts]: "Restricts", + [TeamColumn.Node]: "Node", + [TeamColumn.UserCount]: "User Count", + [TeamColumn.Users]: "Users", + [TeamColumn.RoleCount]: "Role Count", + [TeamColumn.Roles]: "Roles", +}; export type ListTeamsOptions = { - pattern?: string | null - columns?: TeamColumnInput[] | typeof ALL_COLUMNS_WILDCARD | string | null -} + pattern?: string | null; + columns?: TeamColumnInput[] | typeof ALL_COLUMNS_WILDCARD | string | null; +}; export type ListTeamRow = { - team_uid: string - name: string - restricts?: string - node?: string - user_count?: number - users?: string[] - role_count?: number - roles?: string[] -} + team_uid: string; + name: string; + restricts?: string; + node?: string; + user_count?: number; + users?: string[]; + role_count?: number; + roles?: string[]; +}; export type FormattedTeamsTable = { - headers: string[] - rows: string[][] -} + headers: string[]; + rows: string[][]; +}; export type FormatTeamsTableOptions = { - columns?: ListTeamsOptions['columns'] -} + columns?: ListTeamsOptions["columns"]; +}; type DecorateContext = { - nodePaths: Map - teamUsers: Map> - roleTeams: Map> - usernameById: Map - roleNameById: Map -} + nodePaths: Map; + teamUsers: Map>; + roleTeams: Map>; + usernameById: Map; + roleNameById: Map; +}; export function formatTeamRestricts(team: EnterpriseTeamRecord): string { - const r = team.restrict_view === true ? 'R ' : ' ' - const w = team.restrict_edit === true ? 'W ' : ' ' - const restrictShare = team.restrict_share === true || team.restrict_sharing === true - const s = restrictShare ? 'S' : ' ' - return r + w + s + const r = team.restrict_view === true ? "R " : " "; + const w = team.restrict_edit === true ? "W " : " "; + const restrictShare = + team.restrict_share === true || team.restrict_sharing === true; + const s = restrictShare ? "S" : " "; + return r + w + s; } -export async function listTeams(auth: Auth, options: ListTeamsOptions = {}): Promise { - const columns = resolveColumns(options.columns) - const includes = includesForColumns(columns) - const wantsDisplayNames = columns.includes(TeamColumn.Node) || columns.includes(TeamColumn.Roles) - - const enterpriseData = new EnterpriseDataManager(auth) - const emptyDisplayNames: EnterpriseDisplayNames = { nodes: new Map(), roles: new Map() } - const [response, displayNames] = await Promise.all([ - enterpriseData.getData(includes), - wantsDisplayNames ? enterpriseData.getDisplayNames() : Promise.resolve(emptyDisplayNames), - ]) - - const teams = response.teams || [] - const nodes = response.nodes || [] - applyDecryptedNodeNames(nodes, displayNames.nodes) - - const context: DecorateContext = { - nodePaths: buildNodePathLookup(nodes), - teamUsers: buildTeamUserMap(response.team_users || []), - roleTeams: buildRoleTeamMap(response), - usernameById: buildUserUsernameMap(response.users || []), - roleNameById: buildRoleNameMap(response.roles || [], displayNames.roles), - } - - const pattern = options.pattern?.trim() || null - const rows: ListTeamRow[] = [] - for (const team of teams) { - const row: ListTeamRow = { - team_uid: team.team_uid, - name: teamDisplayName(team), - } - decorateRow(row, team, columns, context) - if (pattern && !rowMatchesPattern(row, pattern)) continue - rows.push(row) - } - - rows.sort((a, b) => a.name.localeCompare(b.name, undefined, { sensitivity: 'base' })) - return rows +export async function listTeams( + auth: Auth, + options: ListTeamsOptions = {}, +): Promise { + const columns = resolveColumns(options.columns); + const includes = includesForColumns(columns); + const wantsDisplayNames = + columns.includes(TeamColumn.Node) || columns.includes(TeamColumn.Roles); + + const enterpriseData = new EnterpriseDataManager(auth); + const emptyDisplayNames: EnterpriseDisplayNames = { + nodes: new Map(), + roles: new Map(), + }; + const [response, displayNames] = await Promise.all([ + enterpriseData.getData(includes), + wantsDisplayNames + ? enterpriseData.getDisplayNames() + : Promise.resolve(emptyDisplayNames), + ]); + + const teams = response.teams || []; + const nodes = response.nodes || []; + applyDecryptedNodeNames(nodes, displayNames.nodes); + + const context: DecorateContext = { + nodePaths: buildNodePathLookup(nodes), + teamUsers: buildTeamUserMap(response.team_users || []), + roleTeams: buildRoleTeamMap(response), + usernameById: buildUserUsernameMap(response.users || []), + roleNameById: buildRoleNameMap(response.roles || [], displayNames.roles), + }; + + const pattern = options.pattern?.trim() || null; + const rows: ListTeamRow[] = []; + for (const team of teams) { + const row: ListTeamRow = { + team_uid: team.team_uid, + name: teamDisplayName(team), + }; + decorateRow(row, team, columns, context); + if (pattern && !rowMatchesPattern(row, pattern)) continue; + rows.push(row); + } + + rows.sort((a, b) => + a.name.localeCompare(b.name, undefined, { sensitivity: "base" }), + ); + return rows; } export function formatTeamsTable( - rows: ListTeamRow[], - options: FormatTeamsTableOptions = {} + rows: ListTeamRow[], + options: FormatTeamsTableOptions = {}, ): FormattedTeamsTable { - const columns = resolveColumns(options.columns) - const headers: string[] = ['#', 'Team UID', 'Name', ...columns.map((column) => HEADER_BY_COLUMN[column])] - - const outRows: string[][] = rows.map((row, rowIndex) => { - const cells: string[] = [String(rowIndex + 1), row.team_uid, row.name] - for (const column of columns) cells.push(formatCell(row, column)) - return cells - }) - - return { headers, rows: outRows } + const columns = resolveColumns(options.columns); + const headers: string[] = [ + "#", + "Team UID", + "Name", + ...columns.map((column) => HEADER_BY_COLUMN[column]), + ]; + + const outRows: string[][] = rows.map((row, rowIndex) => { + const cells: string[] = [String(rowIndex + 1), row.team_uid, row.name]; + for (const column of columns) cells.push(formatCell(row, column)); + return cells; + }); + + return { headers, rows: outRows }; } export function renderTeamsAsciiTable( - table: FormattedTeamsTable, - options: { minColWidth?: number } = {} + table: FormattedTeamsTable, + options: { minColWidth?: number } = {}, ): string { - const { minColWidth = MIN_ASCII_COL_WIDTH } = options - const { headers, rows } = table - const columnCount = headers.length - - const expandedRows: string[][][] = rows.map((row) => - row.map((cell) => (cell.includes('\n') ? cell.split('\n') : [cell])) - ) - - const columnWidths = new Array(columnCount).fill(0) + const { minColWidth = MIN_ASCII_COL_WIDTH } = options; + const { headers, rows } = table; + const columnCount = headers.length; + + const expandedRows: string[][][] = rows.map((row) => + row.map((cell) => (cell.includes("\n") ? cell.split("\n") : [cell])), + ); + + const columnWidths = new Array(columnCount).fill(0); + for (let columnIndex = 0; columnIndex < columnCount; columnIndex += 1) { + columnWidths[columnIndex] = Math.max( + headers[columnIndex].length, + minColWidth, + ); + } + for (const row of expandedRows) { for (let columnIndex = 0; columnIndex < columnCount; columnIndex += 1) { - columnWidths[columnIndex] = Math.max(headers[columnIndex].length, minColWidth) + for (const line of row[columnIndex]) { + columnWidths[columnIndex] = Math.max( + columnWidths[columnIndex], + line.length, + minColWidth, + ); + } } - for (const row of expandedRows) { - for (let columnIndex = 0; columnIndex < columnCount; columnIndex += 1) { - for (const line of row[columnIndex]) { - columnWidths[columnIndex] = Math.max(columnWidths[columnIndex], line.length, minColWidth) - } - } - } - - const padCell = (cell: string, columnIndex: number): string => - cell + ' '.repeat(columnWidths[columnIndex] - cell.length) - const formatPhysicalRow = (cells: string[]): string => - cells.map((cell, columnIndex) => padCell(cell, columnIndex)).join(' ') - - const ruleRow = formatPhysicalRow(columnWidths.map((width) => '-'.repeat(width))) - const lines: string[] = [formatPhysicalRow(headers), ruleRow] - - for (const row of expandedRows) { - const physicalLineCount = Math.max(...row.map((cell) => cell.length)) - for (let lineIndex = 0; lineIndex < physicalLineCount; lineIndex += 1) { - const physicalCells: string[] = row.map((cell) => cell[lineIndex] ?? '') - lines.push(formatPhysicalRow(physicalCells)) - } + } + + const padCell = (cell: string, columnIndex: number): string => + cell + " ".repeat(columnWidths[columnIndex] - cell.length); + const formatPhysicalRow = (cells: string[]): string => + cells.map((cell, columnIndex) => padCell(cell, columnIndex)).join(" "); + + const ruleRow = formatPhysicalRow( + columnWidths.map((width) => "-".repeat(width)), + ); + const lines: string[] = [formatPhysicalRow(headers), ruleRow]; + + for (const row of expandedRows) { + const physicalLineCount = Math.max(...row.map((cell) => cell.length)); + for (let lineIndex = 0; lineIndex < physicalLineCount; lineIndex += 1) { + const physicalCells: string[] = row.map((cell) => cell[lineIndex] ?? ""); + lines.push(formatPhysicalRow(physicalCells)); } - return lines.join('\n') + } + return lines.join("\n"); } -function includesForColumns(columns: readonly TeamColumn[]): EnterpriseDataInclude[] { - const set = new Set([EnterpriseDataInclude.Teams]) - for (const column of columns) { - switch (column) { - case TeamColumn.Node: - set.add(EnterpriseDataInclude.Nodes) - break - case TeamColumn.UserCount: - case TeamColumn.Users: - set.add(EnterpriseDataInclude.TeamUsers) - if (column === TeamColumn.Users) set.add(EnterpriseDataInclude.Users) - break - case TeamColumn.RoleCount: - case TeamColumn.Roles: - set.add(EnterpriseDataInclude.RoleTeams) - if (column === TeamColumn.Roles) set.add(EnterpriseDataInclude.Roles) - break - } +function includesForColumns( + columns: readonly TeamColumn[], +): EnterpriseDataInclude[] { + const set = new Set([EnterpriseDataInclude.Teams]); + for (const column of columns) { + switch (column) { + case TeamColumn.Node: + set.add(EnterpriseDataInclude.Nodes); + break; + case TeamColumn.UserCount: + case TeamColumn.Users: + set.add(EnterpriseDataInclude.TeamUsers); + if (column === TeamColumn.Users) set.add(EnterpriseDataInclude.Users); + break; + case TeamColumn.RoleCount: + case TeamColumn.Roles: + set.add(EnterpriseDataInclude.RoleTeams); + if (column === TeamColumn.Roles) set.add(EnterpriseDataInclude.Roles); + break; } - return Array.from(set) + } + return Array.from(set); } -function resolveColumns(input: ListTeamsOptions['columns']): TeamColumn[] { - if (input == null) return [...DEFAULT_TEAM_COLUMNS] - if (input === ALL_COLUMNS_WILDCARD) return [...SUPPORTED_TEAM_COLUMNS] - - const requested = Array.isArray(input) ? input : input.split(',').map((part) => part.trim()) - const allowed = new Set(SUPPORTED_TEAM_COLUMNS) - const seen = new Set() - for (const column of requested) { - if (column && allowed.has(column)) seen.add(column as TeamColumn) - } - if (seen.size === 0) return [...DEFAULT_TEAM_COLUMNS] - return SUPPORTED_TEAM_COLUMNS.filter((column) => seen.has(column)) +function resolveColumns(input: ListTeamsOptions["columns"]): TeamColumn[] { + if (input == null) return [...DEFAULT_TEAM_COLUMNS]; + if (input === ALL_COLUMNS_WILDCARD) return [...SUPPORTED_TEAM_COLUMNS]; + + const requested = Array.isArray(input) + ? input + : input.split(",").map((part) => part.trim()); + const allowed = new Set(SUPPORTED_TEAM_COLUMNS); + const seen = new Set(); + for (const column of requested) { + if (column && allowed.has(column)) seen.add(column as TeamColumn); + } + if (seen.size === 0) return [...DEFAULT_TEAM_COLUMNS]; + return SUPPORTED_TEAM_COLUMNS.filter((column) => seen.has(column)); } function teamDisplayName(team: { name?: string; team_uid: string }): string { - return (team.name || team.team_uid || '').trim() || team.team_uid + return (team.name || team.team_uid || "").trim() || team.team_uid; } function tokenize(text: string): string[] { - return text.split(TOKEN_SEPARATOR_PATTERN).filter((token) => token.length > 0) + return text + .split(TOKEN_SEPARATOR_PATTERN) + .filter((token) => token.length > 0); } function rowMatchesPattern(row: ListTeamRow, pattern: string): boolean { - const lowered = pattern.toLowerCase() - const tokens: string[] = [] - tokens.push(row.team_uid.toLowerCase()) - tokens.push(...tokenize(row.name.toLowerCase())) - if (row.restricts) tokens.push(row.restricts.toLowerCase()) - if (row.node) tokens.push(...tokenize(row.node.toLowerCase())) - if (row.user_count != null) tokens.push(String(row.user_count)) - if (row.role_count != null) tokens.push(String(row.role_count)) - for (const list of [row.users, row.roles]) { - if (!list) continue - for (const value of list) tokens.push(...tokenize(value.toLowerCase())) - } - return tokens.some((token) => token.includes(lowered)) + const lowered = pattern.toLowerCase(); + const tokens: string[] = []; + tokens.push(row.team_uid.toLowerCase()); + tokens.push(...tokenize(row.name.toLowerCase())); + if (row.restricts) tokens.push(row.restricts.toLowerCase()); + if (row.node) tokens.push(...tokenize(row.node.toLowerCase())); + if (row.user_count != null) tokens.push(String(row.user_count)); + if (row.role_count != null) tokens.push(String(row.role_count)); + for (const list of [row.users, row.roles]) { + if (!list) continue; + for (const value of list) tokens.push(...tokenize(value.toLowerCase())); + } + return tokens.some((token) => token.includes(lowered)); } -function applyDecryptedNodeNames(nodes: EnterpriseNode[], decrypted: Map): void { - if (decrypted.size === 0) return - for (const node of nodes) { - const display = decrypted.get(node.node_id) - if (display) node.displayName = display - } +function applyDecryptedNodeNames( + nodes: EnterpriseNode[], + decrypted: Map, +): void { + if (decrypted.size === 0) return; + for (const node of nodes) { + const display = decrypted.get(node.node_id); + if (display) node.displayName = display; + } } function buildNodePathLookup(nodes: EnterpriseNode[]): Map { - return new Map( - nodes.map((node) => [ - node.node_id, - EnterpriseDataManager.getNodePath(nodes, node.node_id, { separator: NODE_PATH_SEPARATOR }), - ]) - ) + return new Map( + nodes.map((node) => [ + node.node_id, + EnterpriseDataManager.getNodePath(nodes, node.node_id, { + separator: NODE_PATH_SEPARATOR, + }), + ]), + ); } -function buildTeamUserMap(links: EnterpriseTeamUserLink[]): Map> { - const byTeam = new Map>() - for (const link of links) { - if (!link.team_uid) continue - const set = byTeam.get(link.team_uid) - if (set) set.add(link.enterprise_user_id) - else byTeam.set(link.team_uid, new Set([link.enterprise_user_id])) - } - return byTeam +function buildTeamUserMap( + links: EnterpriseTeamUserLink[], +): Map> { + const byTeam = new Map>(); + for (const link of links) { + if (!link.team_uid) continue; + const set = byTeam.get(link.team_uid); + if (set) set.add(link.enterprise_user_id); + else byTeam.set(link.team_uid, new Set([link.enterprise_user_id])); + } + return byTeam; } -function buildRoleTeamMap(response: GetEnterpriseDataResponse): Map> { - const map = new Map>() - for (const link of response.role_teams || []) { - if (!link.team_uid) continue - const set = map.get(link.team_uid) - if (set) set.add(link.role_id) - else map.set(link.team_uid, new Set([link.role_id])) - } - return map +function buildRoleTeamMap( + response: GetEnterpriseDataResponse, +): Map> { + const map = new Map>(); + for (const link of response.role_teams || []) { + if (!link.team_uid) continue; + const set = map.get(link.team_uid); + if (set) set.add(link.role_id); + else map.set(link.team_uid, new Set([link.role_id])); + } + return map; } function buildUserUsernameMap(users: EnterpriseUser[]): Map { - const map = new Map() - for (const user of users) { - if (isNumber(user.enterprise_user_id ) && user.username) { - map.set(user.enterprise_user_id, user.username) - } + const map = new Map(); + for (const user of users) { + if (isNumber(user.enterprise_user_id) && user.username) { + map.set(user.enterprise_user_id, user.username); } - return map + } + return map; } -function buildRoleNameMap(roles: EnterpriseRole[], decrypted: DecryptedRoleNames): Map { - const map = new Map() - for (const role of roles) { - if (isNumber(role.role_id)) continue - const display = (role.displayName || decrypted.get(role.role_id) || '').trim() - map.set(role.role_id, display || String(role.role_id)) - } - return map +function buildRoleNameMap( + roles: EnterpriseRole[], + decrypted: DecryptedRoleNames, +): Map { + const map = new Map(); + for (const role of roles) { + if (isNumber(role.role_id)) continue; + const display = ( + role.displayName || + decrypted.get(role.role_id) || + "" + ).trim(); + map.set(role.role_id, display || String(role.role_id)); + } + return map; } -function resolveSortedNames(ids: Set, nameById: Map): string[] { - const result: string[] = [] - for (const id of ids) { - const name = nameById.get(id) - if (name) result.push(name) - } - result.sort((a, b) => a.localeCompare(b, undefined, { sensitivity: 'base' })) - return result +function resolveSortedNames( + ids: Set, + nameById: Map, +): string[] { + const result: string[] = []; + for (const id of ids) { + const name = nameById.get(id); + if (name) result.push(name); + } + result.sort((a, b) => a.localeCompare(b, undefined, { sensitivity: "base" })); + return result; } function decorateRow( - row: ListTeamRow, - team: EnterpriseTeamRecord, - columns: readonly TeamColumn[], - context: DecorateContext + row: ListTeamRow, + team: EnterpriseTeamRecord, + columns: readonly TeamColumn[], + context: DecorateContext, ): void { - const { nodePaths, teamUsers, roleTeams, usernameById, roleNameById } = context - - for (const column of columns) { - switch (column) { - case TeamColumn.Restricts: - row.restricts = formatTeamRestricts(team) - break - case TeamColumn.Node: - row.node = nodePaths.get(team.node_id) || '' - break - case TeamColumn.UserCount: - row.user_count = teamUsers.get(team.team_uid)?.size ?? 0 - break - case TeamColumn.Users: { - const ids = teamUsers.get(team.team_uid) - row.users = ids ? resolveSortedNames(ids, usernameById) : [] - break - } - case TeamColumn.RoleCount: - row.role_count = roleTeams.get(team.team_uid)?.size ?? 0 - break - case TeamColumn.Roles: { - const ids = roleTeams.get(team.team_uid) - row.roles = ids ? resolveSortedNames(ids, roleNameById) : [] - break - } - } + const { nodePaths, teamUsers, roleTeams, usernameById, roleNameById } = + context; + + for (const column of columns) { + switch (column) { + case TeamColumn.Restricts: + row.restricts = formatTeamRestricts(team); + break; + case TeamColumn.Node: + row.node = nodePaths.get(team.node_id) || ""; + break; + case TeamColumn.UserCount: + row.user_count = teamUsers.get(team.team_uid)?.size ?? 0; + break; + case TeamColumn.Users: { + const ids = teamUsers.get(team.team_uid); + row.users = ids ? resolveSortedNames(ids, usernameById) : []; + break; + } + case TeamColumn.RoleCount: + row.role_count = roleTeams.get(team.team_uid)?.size ?? 0; + break; + case TeamColumn.Roles: { + const ids = roleTeams.get(team.team_uid); + row.roles = ids ? resolveSortedNames(ids, roleNameById) : []; + break; + } } + } } function formatListCell(values: string[] | undefined): string { - if (!values || values.length === 0) return '' - return values.join('\n') + if (!values || values.length === 0) return ""; + return values.join("\n"); } function formatCell(row: ListTeamRow, column: TeamColumn): string { - switch (column) { - case TeamColumn.Restricts: - return row.restricts ?? '' - case TeamColumn.Node: - return row.node ?? '' - case TeamColumn.UserCount: - return row.user_count == null ? '' : String(row.user_count) - case TeamColumn.Users: - return formatListCell(row.users) - case TeamColumn.RoleCount: - return row.role_count == null ? '' : String(row.role_count) - case TeamColumn.Roles: - return formatListCell(row.roles) - } + switch (column) { + case TeamColumn.Restricts: + return row.restricts ?? ""; + case TeamColumn.Node: + return row.node ?? ""; + case TeamColumn.UserCount: + return row.user_count == null ? "" : String(row.user_count); + case TeamColumn.Users: + return formatListCell(row.users); + case TeamColumn.RoleCount: + return row.role_count == null ? "" : String(row.role_count); + case TeamColumn.Roles: + return formatListCell(row.roles); + } } diff --git a/KeeperSdk/src/teams/teamUtils.ts b/KeeperSdk/src/teams/teamUtils.ts index 35cb89d9..ccd9acdf 100644 --- a/KeeperSdk/src/teams/teamUtils.ts +++ b/KeeperSdk/src/teams/teamUtils.ts @@ -1,205 +1,235 @@ -import { isNumber, KeeperSdkError, ResultCodes } from '../utils' -import { EnterpriseDataManager, type EnterpriseNode, type EnterpriseTeamRecord } from './enterpriseData' - -export const NODE_PATH_SEPARATOR = '\\' -export const MAX_TEAM_NAME_LENGTH = 100 -export const TEAM_TABLE_HEADERS = ['#', 'Status', 'Team Name', 'Team UID', 'Node ID', 'Detail'] +import { isNumber, KeeperSdkError, ResultCodes } from "../utils"; +import { + EnterpriseDataManager, + type EnterpriseNode, + type EnterpriseTeamRecord, +} from "./enterpriseData"; + +export const NODE_PATH_SEPARATOR = "\\"; +export const MAX_TEAM_NAME_LENGTH = 100; +export const TEAM_TABLE_HEADERS = [ + "#", + "Status", + "Team Name", + "Team UID", + "Node ID", + "Detail", +]; export function validateTeamName(name: string): void { - if (name.length > MAX_TEAM_NAME_LENGTH) { - throw new KeeperSdkError( - `Team name exceeds ${MAX_TEAM_NAME_LENGTH} characters: "${name.substring(0, 30)}..."`, - ResultCodes.TEAM_NAME_TOO_LONG - ) - } + if (name.length > MAX_TEAM_NAME_LENGTH) { + throw new KeeperSdkError( + `Team name exceeds ${MAX_TEAM_NAME_LENGTH} characters: "${name.substring(0, 30)}..."`, + ResultCodes.TEAM_NAME_TOO_LONG, + ); + } } export function resolveExistingTeams( - teams: EnterpriseTeamRecord[], - identifiers: string[], - queuedTeams: EnterpriseTeamRecord[] = [] + teams: EnterpriseTeamRecord[], + identifiers: string[], + queuedTeams: EnterpriseTeamRecord[] = [], ): EnterpriseTeamRecord[] { - const byUid = new Map() - const byLowerName = new Map() - for (const team of teams) { - if (!team.team_uid) continue - byUid.set(team.team_uid, team) - const key = (team.name || '').trim().toLowerCase() - if (!key) continue - const existing = byLowerName.get(key) - if (existing) existing.push(team) - else byLowerName.set(key, [team]) - } - for (const team of queuedTeams) { - if (!team.team_uid || byUid.has(team.team_uid)) continue - const resolved: EnterpriseTeamRecord = { - team_uid: team.team_uid, - name: team.name, - node_id: team.node_id ?? 0, - ...(team.encrypted_team_key ? { encrypted_team_key: team.encrypted_team_key } : {}), - } - byUid.set(team.team_uid, resolved) - const key = (team.name || '').trim().toLowerCase() - if (!key || byLowerName.has(key)) continue - byLowerName.set(key, [resolved]) - } - - const found = new Map() - const missing: string[] = [] - for (const identifier of identifiers) { - const uidMatch = byUid.get(identifier) - if (uidMatch) { - found.set(uidMatch.team_uid, uidMatch) - continue - } - const nameMatches = byLowerName.get(identifier.toLowerCase()) - if (!nameMatches || nameMatches.length === 0) { - missing.push(identifier) - continue - } - if (nameMatches.length > 1) { - throw new KeeperSdkError( - `Team name "${identifier}" is not unique. Use Team UID.`, - ResultCodes.MULTIPLE_TEAM_MATCHES - ) - } - found.set(nameMatches[0].team_uid, nameMatches[0]) - } - - if (missing.length > 0) { - throw new KeeperSdkError( - `Team name(s) "${missing.join(', ')}" could not be resolved.`, - ResultCodes.TEAM_NOT_FOUND - ) - } - return Array.from(found.values()) + const byUid = new Map(); + const byLowerName = new Map(); + for (const team of teams) { + if (!team.team_uid) continue; + byUid.set(team.team_uid, team); + const key = (team.name || "").trim().toLowerCase(); + if (!key) continue; + const existing = byLowerName.get(key); + if (existing) existing.push(team); + else byLowerName.set(key, [team]); + } + for (const team of queuedTeams) { + if (!team.team_uid || byUid.has(team.team_uid)) continue; + const resolved: EnterpriseTeamRecord = { + team_uid: team.team_uid, + name: team.name, + node_id: team.node_id ?? 0, + ...(team.encrypted_team_key + ? { encrypted_team_key: team.encrypted_team_key } + : {}), + }; + byUid.set(team.team_uid, resolved); + const key = (team.name || "").trim().toLowerCase(); + if (!key || byLowerName.has(key)) continue; + byLowerName.set(key, [resolved]); + } + + const found = new Map(); + const missing: string[] = []; + for (const identifier of identifiers) { + const uidMatch = byUid.get(identifier); + if (uidMatch) { + found.set(uidMatch.team_uid, uidMatch); + continue; + } + const nameMatches = byLowerName.get(identifier.toLowerCase()); + if (!nameMatches || nameMatches.length === 0) { + missing.push(identifier); + continue; + } + if (nameMatches.length > 1) { + throw new KeeperSdkError( + `Team name "${identifier}" is not unique. Use Team UID.`, + ResultCodes.MULTIPLE_TEAM_MATCHES, + ); + } + found.set(nameMatches[0].team_uid, nameMatches[0]); + } + + if (missing.length > 0) { + throw new KeeperSdkError( + `Team name(s) "${missing.join(", ")}" could not be resolved.`, + ResultCodes.TEAM_NOT_FOUND, + ); + } + return Array.from(found.values()); } -function buildNodeNotFoundMessage(nodes: EnterpriseNode[], requested: string): string { - const lines: string[] = [`Parent node "${requested}" was not found.`] - if (nodes.length === 0) { - lines.push('No enterprise nodes are visible to the current user.') - return lines.join(' ') - } - const sorted = [...nodes].sort((a, b) => a.node_id - b.node_id) - const visible = sorted.slice(0, 25) - lines.push('Available nodes (id parent_id name):') - for (const node of visible) { - const own = (node.displayName || '').trim() || '' - const parent = node.parent_id || 0 - lines.push(` ${node.node_id} ${parent} ${own}`) - } - if (sorted.length > visible.length) { - lines.push(` ...and ${sorted.length - visible.length} more`) - } - return lines.join('\n') +function buildNodeNotFoundMessage( + nodes: EnterpriseNode[], + requested: string, +): string { + const lines: string[] = [`Parent node "${requested}" was not found.`]; + if (nodes.length === 0) { + lines.push("No enterprise nodes are visible to the current user."); + return lines.join(" "); + } + const sorted = [...nodes].sort((a, b) => a.node_id - b.node_id); + const visible = sorted.slice(0, 25); + lines.push("Available nodes (id parent_id name):"); + for (const node of visible) { + const own = (node.displayName || "").trim() || ""; + const parent = node.parent_id || 0; + lines.push(` ${node.node_id} ${parent} ${own}`); + } + if (sorted.length > visible.length) { + lines.push(` ...and ${sorted.length - visible.length} more`); + } + return lines.join("\n"); } export function resolveParentNode( - nodes: EnterpriseNode[], - identifier: string | number | null + nodes: EnterpriseNode[], + identifier: string | number | null, ): EnterpriseNode { - if (identifier === null || identifier === undefined || identifier === '') { - const root = nodes.find((node) => !node.parent_id || node.parent_id === 0) - if (!root) { - throw new KeeperSdkError( - buildNodeNotFoundMessage(nodes, ''), - ResultCodes.PARENT_NODE_NOT_FOUND - ) - } - return root - } - - if (typeof identifier === 'number') { - if (!isNumber(identifier)) { - throw new KeeperSdkError( - `Parent node "${identifier}" is not a valid node id.`, - ResultCodes.PARENT_NODE_REQUIRED - ) - } - const byId = nodes.find((node) => node.node_id === identifier) - if (!byId) { - throw new KeeperSdkError( - buildNodeNotFoundMessage(nodes, String(identifier)), - ResultCodes.PARENT_NODE_NOT_FOUND - ) - } - return byId - } - - const trimmed = identifier.trim() - if (!trimmed) { - throw new KeeperSdkError('Parent node is required.', ResultCodes.PARENT_NODE_REQUIRED) - } - - const numeric = Number(trimmed) - if (Number.isFinite(numeric) && Number.isInteger(numeric)) { - const byId = nodes.find((node) => node.node_id === numeric) - if (byId) return byId - } - - const lowered = trimmed.toLowerCase() - const byExactName = nodes.filter((node) => (node.displayName || '').trim().toLowerCase() === lowered) - if (byExactName.length === 1) return byExactName[0] - if (byExactName.length > 1) { - throw new KeeperSdkError( - `Multiple nodes match name "${trimmed}". Specify the node id instead.`, - ResultCodes.MULTIPLE_PARENT_NODE_MATCHES - ) - } - - const byPath = nodes.filter((node) => { - const path = EnterpriseDataManager.getNodePath(nodes, node.node_id, { - omitRoot: false, - separator: NODE_PATH_SEPARATOR, - }) - return path.trim().toLowerCase() === lowered - }) - if (byPath.length === 1) return byPath[0] - if (byPath.length > 1) { - throw new KeeperSdkError( - `Multiple nodes match path "${trimmed}". Specify the node id instead.`, - ResultCodes.MULTIPLE_PARENT_NODE_MATCHES - ) - } - + if (identifier === null || identifier === undefined || identifier === "") { + const root = nodes.find((node) => !node.parent_id || node.parent_id === 0); + if (!root) { + throw new KeeperSdkError( + buildNodeNotFoundMessage(nodes, ""), + ResultCodes.PARENT_NODE_NOT_FOUND, + ); + } + return root; + } + + if (typeof identifier === "number") { + if (!isNumber(identifier)) { + throw new KeeperSdkError( + `Parent node "${identifier}" is not a valid node id.`, + ResultCodes.PARENT_NODE_REQUIRED, + ); + } + const byId = nodes.find((node) => node.node_id === identifier); + if (!byId) { + throw new KeeperSdkError( + buildNodeNotFoundMessage(nodes, String(identifier)), + ResultCodes.PARENT_NODE_NOT_FOUND, + ); + } + return byId; + } + + const trimmed = identifier.trim(); + if (!trimmed) { + throw new KeeperSdkError( + "Parent node is required.", + ResultCodes.PARENT_NODE_REQUIRED, + ); + } + + const numeric = Number(trimmed); + if (Number.isFinite(numeric) && Number.isInteger(numeric)) { + const byId = nodes.find((node) => node.node_id === numeric); + if (byId) return byId; + } + + const lowered = trimmed.toLowerCase(); + const byExactName = nodes.filter( + (node) => (node.displayName || "").trim().toLowerCase() === lowered, + ); + if (byExactName.length === 1) return byExactName[0]; + if (byExactName.length > 1) { throw new KeeperSdkError( - buildNodeNotFoundMessage(nodes, trimmed), - ResultCodes.PARENT_NODE_NOT_FOUND - ) + `Multiple nodes match name "${trimmed}". Specify the node id instead.`, + ResultCodes.MULTIPLE_PARENT_NODE_MATCHES, + ); + } + + const byPath = nodes.filter((node) => { + const path = EnterpriseDataManager.getNodePath(nodes, node.node_id, { + omitRoot: false, + separator: NODE_PATH_SEPARATOR, + }); + return path.trim().toLowerCase() === lowered; + }); + if (byPath.length === 1) return byPath[0]; + if (byPath.length > 1) { + throw new KeeperSdkError( + `Multiple nodes match path "${trimmed}". Specify the node id instead.`, + ResultCodes.MULTIPLE_PARENT_NODE_MATCHES, + ); + } + + throw new KeeperSdkError( + buildNodeNotFoundMessage(nodes, trimmed), + ResultCodes.PARENT_NODE_NOT_FOUND, + ); } -export function applyDecryptedNodeNames(nodes: EnterpriseNode[], decrypted: Map): void { - if (decrypted.size === 0) return - for (const node of nodes) { - const display = decrypted.get(node.node_id) - if (display) node.displayName = display - } +export function applyDecryptedNodeNames( + nodes: EnterpriseNode[], + decrypted: Map, +): void { + if (decrypted.size === 0) return; + for (const node of nodes) { + const display = decrypted.get(node.node_id); + if (display) node.displayName = display; + } } export function applyEnterpriseNameToRoot( - nodes: EnterpriseNode[], - enterpriseName: string | undefined + nodes: EnterpriseNode[], + enterpriseName: string | undefined, ): void { - const fallback = (enterpriseName || '').trim() - if (!fallback) return - for (const node of nodes) { - const isRoot = !node.parent_id || node.parent_id === 0 - if (!isRoot) continue - if (!(node.displayName || '').trim()) { - node.displayName = fallback - } - } + const fallback = (enterpriseName || "").trim(); + if (!fallback) return; + for (const node of nodes) { + const isRoot = !node.parent_id || node.parent_id === 0; + if (!isRoot) continue; + if (!(node.displayName || "").trim()) { + node.displayName = fallback; + } + } } -export function parentNeedsNameLookup(parent: string | number | null | undefined): boolean { - if (parent === undefined || parent === null || parent === '') return false - if (typeof parent === 'number') return false - const trimmed = parent.trim() - if (!trimmed) return false - const numeric = Number(trimmed) - if (Number.isFinite(numeric) && Number.isInteger(numeric) && trimmed === String(numeric)) { - return false - } - return true +export function parentNeedsNameLookup( + parent: string | number | null | undefined, +): boolean { + if (parent === undefined || parent === null || parent === "") return false; + if (typeof parent === "number") return false; + const trimmed = parent.trim(); + if (!trimmed) return false; + const numeric = Number(trimmed); + if ( + Number.isFinite(numeric) && + Number.isInteger(numeric) && + trimmed === String(numeric) + ) { + return false; + } + return true; } diff --git a/KeeperSdk/src/teams/updateTeam.ts b/KeeperSdk/src/teams/updateTeam.ts index 50056b28..d54c6701 100644 --- a/KeeperSdk/src/teams/updateTeam.ts +++ b/KeeperSdk/src/teams/updateTeam.ts @@ -1,231 +1,257 @@ -import type { Auth, KeeperResponse, RestCommand } from '@keeper-security/keeperapi' -import { extractErrorMessage, KeeperSdkError, ResultCodes } from '../utils' +import type { + Auth, + KeeperResponse, + RestCommand, +} from "@keeper-security/keeperapi"; +import { extractErrorMessage, KeeperSdkError, ResultCodes } from "../utils"; +import { EnterpriseDataInclude, EnterpriseDataManager } from "./enterpriseData"; +import { TeamRestriction, type TeamRestrictionInput } from "./addTeam"; import { - EnterpriseDataInclude, - EnterpriseDataManager, -} from './enterpriseData' -import { TeamRestriction, type TeamRestrictionInput } from './addTeam' -import { - applyDecryptedNodeNames, - applyEnterpriseNameToRoot, - parentNeedsNameLookup, - resolveExistingTeams, - resolveParentNode, - TEAM_TABLE_HEADERS, - validateTeamName, -} from './teamUtils' - -const TEAM_UPDATE_COMMAND = 'team_update' + applyDecryptedNodeNames, + applyEnterpriseNameToRoot, + parentNeedsNameLookup, + resolveExistingTeams, + resolveParentNode, + TEAM_TABLE_HEADERS, + validateTeamName, +} from "./teamUtils"; + +const TEAM_UPDATE_COMMAND = "team_update"; const UPDATE_TEAM_INCLUDES: EnterpriseDataInclude[] = [ - EnterpriseDataInclude.Nodes, - EnterpriseDataInclude.Teams, -] + EnterpriseDataInclude.Nodes, + EnterpriseDataInclude.Teams, +]; export enum UpdateTeamStatus { - Updated = 'updated', - Failed = 'failed', + Updated = "updated", + Failed = "failed", } export type UpdateTeamInput = { - teams: string[] - name?: string - parent?: string | number | null - restrictEdit?: TeamRestrictionInput - restrictShare?: TeamRestrictionInput - restrictView?: TeamRestrictionInput -} + teams: string[]; + name?: string; + parent?: string | number | null; + restrictEdit?: TeamRestrictionInput; + restrictShare?: TeamRestrictionInput; + restrictView?: TeamRestrictionInput; +}; export type UpdateTeamItemResult = { - teamUid: string - teamName: string - nodeId: number - status: UpdateTeamStatus - message?: string -} + teamUid: string; + teamName: string; + nodeId: number; + status: UpdateTeamStatus; + message?: string; +}; export type UpdateTeamResult = { - success: boolean - items: UpdateTeamItemResult[] - updated: number - failed: number -} + success: boolean; + items: UpdateTeamItemResult[]; + updated: number; + failed: number; +}; type TeamUpdateRequestPayload = { - team_uid: string - team_name: string - node_id: number - restrict_edit: boolean - restrict_share: boolean - restrict_view: boolean -} + team_uid: string; + team_name: string; + node_id: number; + restrict_edit: boolean; + restrict_share: boolean; + restrict_view: boolean; +}; -export async function updateTeams(auth: Auth, input: UpdateTeamInput): Promise { - const requestedIdentifiers = (input.teams || []) - .map((value) => (typeof value === 'string' ? value.trim() : '')) - .filter((value) => value.length > 0) +export async function updateTeams( + auth: Auth, + input: UpdateTeamInput, +): Promise { + const requestedIdentifiers = (input.teams || []) + .map((value) => (typeof value === "string" ? value.trim() : "")) + .filter((value) => value.length > 0); - if (requestedIdentifiers.length === 0) { - throw new KeeperSdkError('No teams to update.', ResultCodes.NO_TEAMS_TO_UPDATE) - } + if (requestedIdentifiers.length === 0) { + throw new KeeperSdkError( + "No teams to update.", + ResultCodes.NO_TEAMS_TO_UPDATE, + ); + } - const newName = input.name?.trim() ? input.name.trim() : undefined - if (newName) validateTeamName(newName) - if (newName && requestedIdentifiers.length > 1) { - throw new KeeperSdkError( - 'Cannot rename more than one team in a single update.', - ResultCodes.MULTIPLE_TEAM_RENAME_NOT_ALLOWED - ) - } + const newName = input.name?.trim() ? input.name.trim() : undefined; + if (newName) validateTeamName(newName); + if (newName && requestedIdentifiers.length > 1) { + throw new KeeperSdkError( + "Cannot rename more than one team in a single update.", + ResultCodes.MULTIPLE_TEAM_RENAME_NOT_ALLOWED, + ); + } - const restrictEditOverride = resolveOptionalRestriction(input.restrictEdit) - const restrictShareOverride = resolveOptionalRestriction(input.restrictShare) - const restrictViewOverride = resolveOptionalRestriction(input.restrictView) + const restrictEditOverride = resolveOptionalRestriction(input.restrictEdit); + const restrictShareOverride = resolveOptionalRestriction(input.restrictShare); + const restrictViewOverride = resolveOptionalRestriction(input.restrictView); - const parentIdentifier = input.parent - const needsNameLookup = parentNeedsNameLookup(parentIdentifier) + const parentIdentifier = input.parent; + const needsNameLookup = parentNeedsNameLookup(parentIdentifier); - const enterpriseData = new EnterpriseDataManager(auth) - const response = await enterpriseData.getData(UPDATE_TEAM_INCLUDES) - const nodes = response.nodes || [] - applyEnterpriseNameToRoot(nodes, response.enterprise_name) + const enterpriseData = new EnterpriseDataManager(auth); + const response = await enterpriseData.getData(UPDATE_TEAM_INCLUDES); + const nodes = response.nodes || []; + applyEnterpriseNameToRoot(nodes, response.enterprise_name); - if (needsNameLookup) { - const displayNames = await enterpriseData.getDisplayNames() - applyDecryptedNodeNames(nodes, displayNames.nodes) - await enterpriseData.decryptNodeNames(nodes) - } + if (needsNameLookup) { + const displayNames = await enterpriseData.getDisplayNames(); + applyDecryptedNodeNames(nodes, displayNames.nodes); + await enterpriseData.decryptNodeNames(nodes); + } + + const allTeams = response.teams || []; + const resolvedTeams = resolveExistingTeams(allTeams, requestedIdentifiers); - const allTeams = response.teams || [] - const resolvedTeams = resolveExistingTeams(allTeams, requestedIdentifiers) - - let overrideNodeId: number | null = null - if (parentIdentifier !== undefined && parentIdentifier !== null && parentIdentifier !== '') { - try { - overrideNodeId = resolveParentNode(nodes, parentIdentifier).node_id - } catch (err) { - throw new KeeperSdkError( - extractErrorMessage(err), - ResultCodes.PARENT_NODE_NOT_FOUND - ) - } + let overrideNodeId: number | null = null; + if ( + parentIdentifier !== undefined && + parentIdentifier !== null && + parentIdentifier !== "" + ) { + try { + overrideNodeId = resolveParentNode(nodes, parentIdentifier).node_id; + } catch (err) { + throw new KeeperSdkError( + extractErrorMessage(err), + ResultCodes.PARENT_NODE_NOT_FOUND, + ); } + } - const items: UpdateTeamItemResult[] = [] - for (const team of resolvedTeams) { - const targetNodeId = overrideNodeId ?? team.node_id - const payload: TeamUpdateRequestPayload = { - team_uid: team.team_uid, - team_name: newName || team.name || '', - node_id: targetNodeId, - restrict_edit: restrictEditOverride ?? team.restrict_edit === true, - restrict_share: restrictShareOverride ?? (team.restrict_share === true || team.restrict_sharing === true), - restrict_view: restrictViewOverride ?? team.restrict_view === true, - } - - try { - await sendTeamUpdate(auth, payload) - items.push({ - teamUid: team.team_uid, - teamName: payload.team_name, - nodeId: targetNodeId, - status: UpdateTeamStatus.Updated, - }) - } catch (err) { - items.push({ - teamUid: team.team_uid, - teamName: team.name || '', - nodeId: team.node_id, - status: UpdateTeamStatus.Failed, - message: extractErrorMessage(err), - }) - } + const items: UpdateTeamItemResult[] = []; + for (const team of resolvedTeams) { + const targetNodeId = overrideNodeId ?? team.node_id; + const payload: TeamUpdateRequestPayload = { + team_uid: team.team_uid, + team_name: newName || team.name || "", + node_id: targetNodeId, + restrict_edit: restrictEditOverride ?? team.restrict_edit === true, + restrict_share: + restrictShareOverride ?? + (team.restrict_share === true || team.restrict_sharing === true), + restrict_view: restrictViewOverride ?? team.restrict_view === true, + }; + + try { + await sendTeamUpdate(auth, payload); + items.push({ + teamUid: team.team_uid, + teamName: payload.team_name, + nodeId: targetNodeId, + status: UpdateTeamStatus.Updated, + }); + } catch (err) { + items.push({ + teamUid: team.team_uid, + teamName: team.name || "", + nodeId: team.node_id, + status: UpdateTeamStatus.Failed, + message: extractErrorMessage(err), + }); } + } - return finalizeResult(items) + return finalizeResult(items); } -function resolveOptionalRestriction(input: TeamRestrictionInput): boolean | undefined { - if (input === undefined || input === null) return undefined - const lower = String(input).toLowerCase() - if (lower === TeamRestriction.On) return true - if (lower === TeamRestriction.Off) return false - return undefined +function resolveOptionalRestriction( + input: TeamRestrictionInput, +): boolean | undefined { + if (input === undefined || input === null) return undefined; + const lower = String(input).toLowerCase(); + if (lower === TeamRestriction.On) return true; + if (lower === TeamRestriction.Off) return false; + return undefined; } -async function sendTeamUpdate(auth: Auth, payload: TeamUpdateRequestPayload): Promise { - const command: RestCommand = { - baseRequest: { command: TEAM_UPDATE_COMMAND }, - request: payload, - authorization: {}, - } - const response = await auth.executeRestCommand(command) - const result = (response.result || '').toLowerCase() - if (result && result !== 'success') { - throw new KeeperSdkError( - response.message || - response.result_code || - `team_update failed for team_uid=${payload.team_uid}`, - response.result_code || ResultCodes.TEAM_UPDATE_FAILED - ) - } +async function sendTeamUpdate( + auth: Auth, + payload: TeamUpdateRequestPayload, +): Promise { + const command: RestCommand = { + baseRequest: { command: TEAM_UPDATE_COMMAND }, + request: payload, + authorization: {}, + }; + const response = await auth.executeRestCommand(command); + const result = (response.result || "").toLowerCase(); + if (result && result !== "success") { + throw new KeeperSdkError( + response.message || + response.result_code || + `team_update failed for team_uid=${payload.team_uid}`, + response.result_code || ResultCodes.TEAM_UPDATE_FAILED, + ); + } } function finalizeResult(items: UpdateTeamItemResult[]): UpdateTeamResult { - const updated = items.filter((item) => item.status === UpdateTeamStatus.Updated).length - const failed = items.filter((item) => item.status === UpdateTeamStatus.Failed).length - return { - success: failed === 0 && updated > 0, - items, - updated, - failed, - } + const updated = items.filter( + (item) => item.status === UpdateTeamStatus.Updated, + ).length; + const failed = items.filter( + (item) => item.status === UpdateTeamStatus.Failed, + ).length; + return { + success: failed === 0 && updated > 0, + items, + updated, + failed, + }; } export type FormattedUpdateTeamRow = { - status: string - teamName: string - teamUid: string - nodeId: number - detail: string -} + status: string; + teamName: string; + teamUid: string; + nodeId: number; + detail: string; +}; export type FormattedUpdateTeamTable = { - headers: string[] - rows: string[][] - summary: string -} + headers: string[]; + rows: string[][]; + summary: string; +}; -export function formatUpdateTeamResult(result: UpdateTeamResult): FormattedUpdateTeamTable { - const rows = result.items.map((item, index) => [ - String(index + 1), - item.status, - item.teamName, - item.teamUid, - String(item.nodeId), - item.message || '', - ]) - - return { - headers: [...TEAM_TABLE_HEADERS], - rows, - summary: `Updated: ${result.updated} Failed: ${result.failed}`, - } +export function formatUpdateTeamResult( + result: UpdateTeamResult, +): FormattedUpdateTeamTable { + const rows = result.items.map((item, index) => [ + String(index + 1), + item.status, + item.teamName, + item.teamUid, + String(item.nodeId), + item.message || "", + ]); + + return { + headers: [...TEAM_TABLE_HEADERS], + rows, + summary: `Updated: ${result.updated} Failed: ${result.failed}`, + }; } -export function renderUpdateTeamAsciiTable(table: FormattedUpdateTeamTable): string { - const { headers, rows } = table - const widths = headers.map((header, index) => - Math.max(header.length, ...rows.map((row) => (row[index] || '').length)) - ) - const padCell = (cell: string, columnIndex: number): string => - cell + ' '.repeat(Math.max(0, widths[columnIndex] - cell.length)) - const formatRow = (cells: string[]): string => - cells.map((cell, columnIndex) => padCell(cell, columnIndex)).join(' ') - - const lines: string[] = [] - lines.push(formatRow(headers)) - lines.push(formatRow(widths.map((width) => '-'.repeat(width)))) - for (const row of rows) lines.push(formatRow(row)) - lines.push(table.summary) - return lines.join('\n') +export function renderUpdateTeamAsciiTable( + table: FormattedUpdateTeamTable, +): string { + const { headers, rows } = table; + const widths = headers.map((header, index) => + Math.max(header.length, ...rows.map((row) => (row[index] || "").length)), + ); + const padCell = (cell: string, columnIndex: number): string => + cell + " ".repeat(Math.max(0, widths[columnIndex] - cell.length)); + const formatRow = (cells: string[]): string => + cells.map((cell, columnIndex) => padCell(cell, columnIndex)).join(" "); + + const lines: string[] = []; + lines.push(formatRow(headers)); + lines.push(formatRow(widths.map((width) => "-".repeat(width)))); + for (const row of rows) lines.push(formatRow(row)); + lines.push(table.summary); + return lines.join("\n"); } diff --git a/KeeperSdk/src/teams/viewTeam.ts b/KeeperSdk/src/teams/viewTeam.ts index bda5c4f2..f61669d9 100644 --- a/KeeperSdk/src/teams/viewTeam.ts +++ b/KeeperSdk/src/teams/viewTeam.ts @@ -1,248 +1,301 @@ -import type { Auth } from '@keeper-security/keeperapi' -import { KeeperSdkError, ResultCodes } from '../utils' +import type { Auth } from "@keeper-security/keeperapi"; +import { KeeperSdkError, ResultCodes } from "../utils"; import { - EnterpriseDataInclude, - EnterpriseDataManager, - type EnterpriseDisplayNames, - type EnterpriseNode, - type EnterpriseRoleTeamLink, - type EnterpriseTeamRecord, - type EnterpriseTeamUserLink, - type EnterpriseUser, -} from './enterpriseData' - -const NODE_PATH_SEPARATOR = '\\' + EnterpriseDataInclude, + EnterpriseDataManager, + type EnterpriseDisplayNames, + type EnterpriseNode, + type EnterpriseRoleTeamLink, + type EnterpriseTeamRecord, + type EnterpriseTeamUserLink, + type EnterpriseUser, +} from "./enterpriseData"; + +const NODE_PATH_SEPARATOR = "\\"; const VIEW_TEAM_INCLUDES: EnterpriseDataInclude[] = [ - EnterpriseDataInclude.Teams, - EnterpriseDataInclude.TeamUsers, - EnterpriseDataInclude.RoleTeams, - EnterpriseDataInclude.Roles, - EnterpriseDataInclude.Users, - EnterpriseDataInclude.Nodes, -] + EnterpriseDataInclude.Teams, + EnterpriseDataInclude.TeamUsers, + EnterpriseDataInclude.RoleTeams, + EnterpriseDataInclude.Roles, + EnterpriseDataInclude.Users, + EnterpriseDataInclude.Nodes, +]; export type TeamRoleInfo = { - role_id: number - role_name: string -} + role_id: number; + role_name: string; +}; export type TeamUserInfo = { - enterprise_user_id: number - username: string -} + enterprise_user_id: number; + username: string; +}; export type TeamView = { - team_uid: string - team_name: string - node_id: number - node_name: string - restrict_view: boolean - restrict_edit: boolean - restrict_share: boolean - team_roles?: TeamRoleInfo[] - team_users?: TeamUserInfo[] -} + team_uid: string; + team_name: string; + node_id: number; + node_name: string; + restrict_view: boolean; + restrict_edit: boolean; + restrict_share: boolean; + team_roles?: TeamRoleInfo[]; + team_users?: TeamUserInfo[]; +}; export type FormatTeamViewOptions = { - verbose?: boolean -} + verbose?: boolean; +}; export type TeamViewTableRow = { - label: string - value: string | string[] - id?: number | number[] -} + label: string; + value: string | string[]; + id?: number | number[]; +}; export type FormattedTeamViewTable = { - rows: TeamViewTableRow[] - hasIdColumn: boolean -} + rows: TeamViewTableRow[]; + hasIdColumn: boolean; +}; -export async function viewTeam(auth: Auth, identifier: string): Promise { - const enterpriseData = new EnterpriseDataManager(auth) - const [response, displayNames] = await Promise.all([ - enterpriseData.getData(VIEW_TEAM_INCLUDES), - enterpriseData.getDisplayNames(), - ]) - - const team = resolveTeam(response.teams || [], identifier) - const nodePath = resolveNodePath(response.nodes || [], displayNames, team.node_id) - const teamUsers = buildTeamUsers(response.users || [], response.team_users || [], team.team_uid) - const teamRoles = buildTeamRoles(response.role_teams || [], displayNames.roles, team.team_uid) - - const view: TeamView = { - team_uid: team.team_uid, - team_name: team.name, - node_id: team.node_id, - node_name: nodePath, - restrict_view: team.restrict_view === true, - restrict_edit: team.restrict_edit === true, - restrict_share: team.restrict_share === true || team.restrict_sharing === true, - } - if (teamRoles.length > 0) view.team_roles = teamRoles - if (teamUsers.length > 0) view.team_users = teamUsers - return view +export async function viewTeam( + auth: Auth, + identifier: string, +): Promise { + const enterpriseData = new EnterpriseDataManager(auth); + const [response, displayNames] = await Promise.all([ + enterpriseData.getData(VIEW_TEAM_INCLUDES), + enterpriseData.getDisplayNames(), + ]); + + const team = resolveTeam(response.teams || [], identifier); + const nodePath = resolveNodePath( + response.nodes || [], + displayNames, + team.node_id, + ); + const teamUsers = buildTeamUsers( + response.users || [], + response.team_users || [], + team.team_uid, + ); + const teamRoles = buildTeamRoles( + response.role_teams || [], + displayNames.roles, + team.team_uid, + ); + + const view: TeamView = { + team_uid: team.team_uid, + team_name: team.name, + node_id: team.node_id, + node_name: nodePath, + restrict_view: team.restrict_view === true, + restrict_edit: team.restrict_edit === true, + restrict_share: + team.restrict_share === true || team.restrict_sharing === true, + }; + if (teamRoles.length > 0) view.team_roles = teamRoles; + if (teamUsers.length > 0) view.team_users = teamUsers; + return view; } -export function formatTeamView(view: TeamView, options: FormatTeamViewOptions = {}): FormattedTeamViewTable { - const verbose = options.verbose === true - const rows: TeamViewTableRow[] = [ - { label: 'Team UID', value: view.team_uid }, - { label: 'Team Name', value: view.team_name }, - { - label: 'Node Name', - value: view.node_name, - id: verbose ? view.node_id : undefined, - }, - { label: 'Restrict Edit', value: boolText(view.restrict_edit) }, - { label: 'Restrict Share', value: boolText(view.restrict_share) }, - { label: 'Restrict View', value: boolText(view.restrict_view) }, - ] - - if (view.team_roles && view.team_roles.length > 0) { - rows.push({ - label: 'Role(s)', - value: view.team_roles.map((role) => role.role_name), - id: verbose ? view.team_roles.map((role) => role.role_id) : undefined, - }) - } +export function formatTeamView( + view: TeamView, + options: FormatTeamViewOptions = {}, +): FormattedTeamViewTable { + const verbose = options.verbose === true; + const rows: TeamViewTableRow[] = [ + { label: "Team UID", value: view.team_uid }, + { label: "Team Name", value: view.team_name }, + { + label: "Node Name", + value: view.node_name, + id: verbose ? view.node_id : undefined, + }, + { label: "Restrict Edit", value: boolText(view.restrict_edit) }, + { label: "Restrict Share", value: boolText(view.restrict_share) }, + { label: "Restrict View", value: boolText(view.restrict_view) }, + ]; - if (view.team_users && view.team_users.length > 0) { - rows.push({ - label: 'User(s)', - value: view.team_users.map((user) => user.username), - id: verbose ? view.team_users.map((user) => user.enterprise_user_id) : undefined, - }) - } + if (view.team_roles && view.team_roles.length > 0) { + rows.push({ + label: "Role(s)", + value: view.team_roles.map((role) => role.role_name), + id: verbose ? view.team_roles.map((role) => role.role_id) : undefined, + }); + } - return { rows, hasIdColumn: verbose } + if (view.team_users && view.team_users.length > 0) { + rows.push({ + label: "User(s)", + value: view.team_users.map((user) => user.username), + id: verbose + ? view.team_users.map((user) => user.enterprise_user_id) + : undefined, + }); + } + + return { rows, hasIdColumn: verbose }; } export function teamViewTable(table: FormattedTeamViewTable): string { - const labelWidth = table.rows.reduce((max, row) => Math.max(max, row.label.length), 0) - const expandedRows = table.rows.map((row) => ({ - label: row.label, - valueLines: asLines(row.value), - idLines: table.hasIdColumn ? asIdLines(row.id) : [], - })) - - const valueWidth = expandedRows.reduce( - (max, row) => Math.max(max, ...row.valueLines.map((line) => line.length)), - 0 - ) - const idWidth = table.hasIdColumn - ? expandedRows.reduce((max, row) => Math.max(max, ...row.idLines.map((line) => line.length)), 0) - : 0 - - const padRight = (text: string, width: number): string => - text + ' '.repeat(Math.max(0, width - text.length)) - const padLeft = (text: string, width: number): string => - ' '.repeat(Math.max(0, width - text.length)) + text - - const lines: string[] = [] - for (const row of expandedRows) { - const lineCount = Math.max(row.valueLines.length, table.hasIdColumn ? row.idLines.length : 0, 1) - for (let lineIndex = 0; lineIndex < lineCount; lineIndex += 1) { - const isFirstLine = lineIndex === 0 - const labelCell = padLeft(isFirstLine ? row.label : '', labelWidth) - const valueCell = padRight(row.valueLines[lineIndex] ?? '', valueWidth) - const cells: string[] = [labelCell, valueCell] - if (table.hasIdColumn) { - const idCell = padRight(row.idLines[lineIndex] ?? '', idWidth) - cells.push(idCell) - } - lines.push(cells.join(' ').trimEnd()) - } + const labelWidth = table.rows.reduce( + (max, row) => Math.max(max, row.label.length), + 0, + ); + const expandedRows = table.rows.map((row) => ({ + label: row.label, + valueLines: asLines(row.value), + idLines: table.hasIdColumn ? asIdLines(row.id) : [], + })); + + const valueWidth = expandedRows.reduce( + (max, row) => Math.max(max, ...row.valueLines.map((line) => line.length)), + 0, + ); + const idWidth = table.hasIdColumn + ? expandedRows.reduce( + (max, row) => Math.max(max, ...row.idLines.map((line) => line.length)), + 0, + ) + : 0; + + const padRight = (text: string, width: number): string => + text + " ".repeat(Math.max(0, width - text.length)); + const padLeft = (text: string, width: number): string => + " ".repeat(Math.max(0, width - text.length)) + text; + + const lines: string[] = []; + for (const row of expandedRows) { + const lineCount = Math.max( + row.valueLines.length, + table.hasIdColumn ? row.idLines.length : 0, + 1, + ); + for (let lineIndex = 0; lineIndex < lineCount; lineIndex += 1) { + const isFirstLine = lineIndex === 0; + const labelCell = padLeft(isFirstLine ? row.label : "", labelWidth); + const valueCell = padRight(row.valueLines[lineIndex] ?? "", valueWidth); + const cells: string[] = [labelCell, valueCell]; + if (table.hasIdColumn) { + const idCell = padRight(row.idLines[lineIndex] ?? "", idWidth); + cells.push(idCell); + } + lines.push(cells.join(" ").trimEnd()); } - return lines.join('\n') + } + return lines.join("\n"); } -function resolveTeam(teams: EnterpriseTeamRecord[], identifier: string): EnterpriseTeamRecord { - const trimmed = (identifier ?? '').trim() - if (!trimmed) { - throw new KeeperSdkError('Team name or UID is required.', ResultCodes.TEAM_REQUIRED) - } +function resolveTeam( + teams: EnterpriseTeamRecord[], + identifier: string, +): EnterpriseTeamRecord { + const trimmed = (identifier ?? "").trim(); + if (!trimmed) { + throw new KeeperSdkError( + "Team name or UID is required.", + ResultCodes.TEAM_REQUIRED, + ); + } - const uidMatch = teams.find((team) => team.team_uid === trimmed) - if (uidMatch) return uidMatch - - const lowered = trimmed.toLowerCase() - const nameMatches = teams.filter((team) => (team.name || '').trim().toLowerCase() === lowered) - if (nameMatches.length === 1) return nameMatches[0] - if (nameMatches.length > 1) { - throw new KeeperSdkError( - `Multiple teams match name "${trimmed}". Specify the team UID instead.`, - ResultCodes.MULTIPLE_TEAM_MATCHES - ) - } - throw new KeeperSdkError(`Team "${trimmed}" does not exist.`, ResultCodes.TEAM_NOT_FOUND) + const uidMatch = teams.find((team) => team.team_uid === trimmed); + if (uidMatch) return uidMatch; + + const lowered = trimmed.toLowerCase(); + const nameMatches = teams.filter( + (team) => (team.name || "").trim().toLowerCase() === lowered, + ); + if (nameMatches.length === 1) return nameMatches[0]; + if (nameMatches.length > 1) { + throw new KeeperSdkError( + `Multiple teams match name "${trimmed}". Specify the team UID instead.`, + ResultCodes.MULTIPLE_TEAM_MATCHES, + ); + } + throw new KeeperSdkError( + `Team "${trimmed}" does not exist.`, + ResultCodes.TEAM_NOT_FOUND, + ); } function resolveNodePath( - nodes: EnterpriseNode[], - displayNames: EnterpriseDisplayNames, - nodeId: number + nodes: EnterpriseNode[], + displayNames: EnterpriseDisplayNames, + nodeId: number, ): string { - if (displayNames.nodes.size > 0) { - for (const node of nodes) { - const display = displayNames.nodes.get(node.node_id) - if (display) node.displayName = display - } + if (displayNames.nodes.size > 0) { + for (const node of nodes) { + const display = displayNames.nodes.get(node.node_id); + if (display) node.displayName = display; } - return EnterpriseDataManager.getNodePath(nodes, nodeId, { omitRoot: false, separator: NODE_PATH_SEPARATOR }) + } + return EnterpriseDataManager.getNodePath(nodes, nodeId, { + omitRoot: false, + separator: NODE_PATH_SEPARATOR, + }); } function buildTeamUsers( - users: EnterpriseUser[], - teamUserLinks: EnterpriseTeamUserLink[], - teamUid: string + users: EnterpriseUser[], + teamUserLinks: EnterpriseTeamUserLink[], + teamUid: string, ): TeamUserInfo[] { - const userById = new Map() - for (const user of users) userById.set(user.enterprise_user_id, user) + const userById = new Map(); + for (const user of users) userById.set(user.enterprise_user_id, user); - const memberIds = new Set() - for (const link of teamUserLinks) { - if (link.team_uid === teamUid) memberIds.add(link.enterprise_user_id) - } + const memberIds = new Set(); + for (const link of teamUserLinks) { + if (link.team_uid === teamUid) memberIds.add(link.enterprise_user_id); + } - const result: TeamUserInfo[] = [] - for (const id of memberIds) { - const user = userById.get(id) - if (user && user.username) result.push({ enterprise_user_id: id, username: user.username }) - } - result.sort((a, b) => a.username.localeCompare(b.username, undefined, { sensitivity: 'base' })) - return result + const result: TeamUserInfo[] = []; + for (const id of memberIds) { + const user = userById.get(id); + if (user && user.username) + result.push({ enterprise_user_id: id, username: user.username }); + } + result.sort((a, b) => + a.username.localeCompare(b.username, undefined, { sensitivity: "base" }), + ); + return result; } function buildTeamRoles( - roleTeamLinks: EnterpriseRoleTeamLink[], - decryptedRoleNames: Map, - teamUid: string + roleTeamLinks: EnterpriseRoleTeamLink[], + decryptedRoleNames: Map, + teamUid: string, ): TeamRoleInfo[] { - const roleIds = new Set() - for (const link of roleTeamLinks) { - if (link.team_uid === teamUid) roleIds.add(link.role_id) - } + const roleIds = new Set(); + for (const link of roleTeamLinks) { + if (link.team_uid === teamUid) roleIds.add(link.role_id); + } - const result: TeamRoleInfo[] = [] - for (const id of roleIds) { - result.push({ role_id: id, role_name: decryptedRoleNames.get(id) || String(id) }) - } - result.sort((a, b) => a.role_name.localeCompare(b.role_name, undefined, { sensitivity: 'base' })) - return result + const result: TeamRoleInfo[] = []; + for (const id of roleIds) { + result.push({ + role_id: id, + role_name: decryptedRoleNames.get(id) || String(id), + }); + } + result.sort((a, b) => + a.role_name.localeCompare(b.role_name, undefined, { sensitivity: "base" }), + ); + return result; } function boolText(value: boolean): string { - return value ? 'True' : 'False' + return value ? "True" : "False"; } function asLines(value: string | string[]): string[] { - if (Array.isArray(value)) return value.length > 0 ? value : [''] - return [value] + if (Array.isArray(value)) return value.length > 0 ? value : [""]; + return [value]; } function asIdLines(id: number | number[] | undefined): string[] { - if (id == null) return [] - if (Array.isArray(id)) return id.length > 0 ? id.map(String) : [''] - return [String(id)] + if (id == null) return []; + if (Array.isArray(id)) return id.length > 0 ? id.map(String) : [""]; + return [String(id)]; } diff --git a/KeeperSdk/src/users/UserManager.ts b/KeeperSdk/src/users/UserManager.ts index 6db91cc2..aee8b44a 100644 --- a/KeeperSdk/src/users/UserManager.ts +++ b/KeeperSdk/src/users/UserManager.ts @@ -1,149 +1,201 @@ -import type { Auth } from '@keeper-security/keeperapi' -import { KeeperSdkError, ResultCodes } from '../utils' -import { addUsers, formatAddUserResult, renderAddUserAsciiTable } from './addUser' -import { updateUsers, formatUpdateUserResult, renderUpdateUserAsciiTable } from './updateUser' -import { deleteUsers, formatDeleteUserResult, renderDeleteUserAsciiTable } from './deleteUser' -import { actionUsers, formatUserActionResult, renderUserActionAsciiTable } from './actionUser' -import { aliasUser } from './aliasUser' -import { addUsersToTeams, removeUsersFromTeams, formatTeamUserResult, renderTeamUserAsciiTable } from './teamUser' -import { listUsers, formatUsersTable, renderUsersAsciiTable } from './listUsers' -import { viewUser, formatUserView, userViewTable } from './viewUser' +import type { Auth } from "@keeper-security/keeperapi"; +import { KeeperSdkError, ResultCodes } from "../utils"; +import { + addUsers, + formatAddUserResult, + renderAddUserAsciiTable, +} from "./addUser"; +import { + updateUsers, + formatUpdateUserResult, + renderUpdateUserAsciiTable, +} from "./updateUser"; +import { + deleteUsers, + formatDeleteUserResult, + renderDeleteUserAsciiTable, +} from "./deleteUser"; +import { + actionUsers, + formatUserActionResult, + renderUserActionAsciiTable, +} from "./actionUser"; +import { aliasUser } from "./aliasUser"; +import { + addUsersToTeams, + removeUsersFromTeams, + formatTeamUserResult, + renderTeamUserAsciiTable, +} from "./teamUser"; +import { + listUsers, + formatUsersTable, + renderUsersAsciiTable, +} from "./listUsers"; +import { viewUser, formatUserView, userViewTable } from "./viewUser"; import type { - UserColumnInput, - ListUsersOptions, - ListUserRow, - FormattedUsersTable, - FormatUsersTableOptions, - UserView, - FormatUserViewOptions, - FormattedUserViewTable, - AddUserInput, - AddUserResult, - FormatAddUserResultOptions, - FormattedAddUserTable, - UpdateUserInput, - UpdateUserResult, - FormattedUpdateUserTable, - DeleteUserInput, - DeleteUserResult, - FormattedDeleteUserTable, - UserActionInput, - UserActionResult, - FormattedUserActionTable, - AliasUserInput, - AliasUserResult, - AddUsersToTeamsInput, - RemoveUsersFromTeamsInput, - TeamUserResult, - FormattedTeamUserTable, -} from './userTypes' - -export type AuthProvider = () => Auth + UserColumnInput, + ListUsersOptions, + ListUserRow, + FormattedUsersTable, + FormatUsersTableOptions, + UserView, + FormatUserViewOptions, + FormattedUserViewTable, + AddUserInput, + AddUserResult, + FormatAddUserResultOptions, + FormattedAddUserTable, + UpdateUserInput, + UpdateUserResult, + FormattedUpdateUserTable, + DeleteUserInput, + DeleteUserResult, + FormattedDeleteUserTable, + UserActionInput, + UserActionResult, + FormattedUserActionTable, + AliasUserInput, + AliasUserResult, + AddUsersToTeamsInput, + RemoveUsersFromTeamsInput, + TeamUserResult, + FormattedTeamUserTable, +} from "./userTypes"; + +export type AuthProvider = () => Auth; export class UserManager { - private readonly authProvider: AuthProvider - - constructor(authProvider: AuthProvider) { - this.authProvider = authProvider - } - - public async listUsers(options: ListUsersOptions = {}): Promise { - return listUsers(this.requireAuth(), options) - } - - public formatUsersTable(rows: ListUserRow[], options: FormatUsersTableOptions = {}): FormattedUsersTable { - return formatUsersTable(rows, options) - } - - public renderUsersAsciiTable(table: FormattedUsersTable, options: { minColWidth?: number } = {}): string { - return renderUsersAsciiTable(table, options) - } - - public async viewUser(identifier: string): Promise { - return viewUser(this.requireAuth(), identifier) - } - - public formatUserView(view: UserView, options: FormatUserViewOptions = {}): FormattedUserViewTable { - return formatUserView(view, options) - } - - public userViewTable(table: FormattedUserViewTable): string { - return userViewTable(table) - } - - public async addUsers(input: AddUserInput): Promise { - return addUsers(this.requireAuth(), input) - } - - public formatAddUserResult(result: AddUserResult, options: FormatAddUserResultOptions = {}): FormattedAddUserTable { - return formatAddUserResult(result, options) - } - - public renderAddUserAsciiTable(table: FormattedAddUserTable): string { - return renderAddUserAsciiTable(table) - } - - public async updateUsers(input: UpdateUserInput): Promise { - return updateUsers(this.requireAuth(), input) - } - - public formatUpdateUserResult(result: UpdateUserResult): FormattedUpdateUserTable { - return formatUpdateUserResult(result) - } - - public renderUpdateUserAsciiTable(table: FormattedUpdateUserTable): string { - return renderUpdateUserAsciiTable(table) - } - - public async deleteUsers(input: DeleteUserInput): Promise { - return deleteUsers(this.requireAuth(), input) - } - - public formatDeleteUserResult(result: DeleteUserResult): FormattedDeleteUserTable { - return formatDeleteUserResult(result) - } - - public renderDeleteUserAsciiTable(table: FormattedDeleteUserTable): string { - return renderDeleteUserAsciiTable(table) - } - - public async actionUsers(input: UserActionInput): Promise { - return actionUsers(this.requireAuth(), input) - } - - public formatUserActionResult(result: UserActionResult): FormattedUserActionTable { - return formatUserActionResult(result) - } - - public renderUserActionAsciiTable(table: FormattedUserActionTable): string { - return renderUserActionAsciiTable(table) - } - - public async aliasUser(input: AliasUserInput): Promise { - return aliasUser(this.requireAuth(), input) - } - - public async addUsersToTeams(input: AddUsersToTeamsInput): Promise { - return addUsersToTeams(this.requireAuth(), input) - } - - public async removeUsersFromTeams(input: RemoveUsersFromTeamsInput): Promise { - return removeUsersFromTeams(this.requireAuth(), input) - } - - public formatTeamUserResult(result: TeamUserResult): FormattedTeamUserTable { - return formatTeamUserResult(result) - } - - public renderTeamUserAsciiTable(table: FormattedTeamUserTable): string { - return renderTeamUserAsciiTable(table) - } - - private requireAuth(): Auth { - const auth = this.authProvider() - if (!auth) { - throw new KeeperSdkError('You are not logged in. Please log in first.', ResultCodes.NOT_LOGGED_IN) - } - return auth - } -} \ No newline at end of file + private readonly authProvider: AuthProvider; + + constructor(authProvider: AuthProvider) { + this.authProvider = authProvider; + } + + public async listUsers( + options: ListUsersOptions = {}, + ): Promise { + return listUsers(this.requireAuth(), options); + } + + public formatUsersTable( + rows: ListUserRow[], + options: FormatUsersTableOptions = {}, + ): FormattedUsersTable { + return formatUsersTable(rows, options); + } + + public renderUsersAsciiTable( + table: FormattedUsersTable, + options: { minColWidth?: number } = {}, + ): string { + return renderUsersAsciiTable(table, options); + } + + public async viewUser(identifier: string): Promise { + return viewUser(this.requireAuth(), identifier); + } + + public formatUserView( + view: UserView, + options: FormatUserViewOptions = {}, + ): FormattedUserViewTable { + return formatUserView(view, options); + } + + public userViewTable(table: FormattedUserViewTable): string { + return userViewTable(table); + } + + public async addUsers(input: AddUserInput): Promise { + return addUsers(this.requireAuth(), input); + } + + public formatAddUserResult( + result: AddUserResult, + options: FormatAddUserResultOptions = {}, + ): FormattedAddUserTable { + return formatAddUserResult(result, options); + } + + public renderAddUserAsciiTable(table: FormattedAddUserTable): string { + return renderAddUserAsciiTable(table); + } + + public async updateUsers(input: UpdateUserInput): Promise { + return updateUsers(this.requireAuth(), input); + } + + public formatUpdateUserResult( + result: UpdateUserResult, + ): FormattedUpdateUserTable { + return formatUpdateUserResult(result); + } + + public renderUpdateUserAsciiTable(table: FormattedUpdateUserTable): string { + return renderUpdateUserAsciiTable(table); + } + + public async deleteUsers(input: DeleteUserInput): Promise { + return deleteUsers(this.requireAuth(), input); + } + + public formatDeleteUserResult( + result: DeleteUserResult, + ): FormattedDeleteUserTable { + return formatDeleteUserResult(result); + } + + public renderDeleteUserAsciiTable(table: FormattedDeleteUserTable): string { + return renderDeleteUserAsciiTable(table); + } + + public async actionUsers(input: UserActionInput): Promise { + return actionUsers(this.requireAuth(), input); + } + + public formatUserActionResult( + result: UserActionResult, + ): FormattedUserActionTable { + return formatUserActionResult(result); + } + + public renderUserActionAsciiTable(table: FormattedUserActionTable): string { + return renderUserActionAsciiTable(table); + } + + public async aliasUser(input: AliasUserInput): Promise { + return aliasUser(this.requireAuth(), input); + } + + public async addUsersToTeams( + input: AddUsersToTeamsInput, + ): Promise { + return addUsersToTeams(this.requireAuth(), input); + } + + public async removeUsersFromTeams( + input: RemoveUsersFromTeamsInput, + ): Promise { + return removeUsersFromTeams(this.requireAuth(), input); + } + + public formatTeamUserResult(result: TeamUserResult): FormattedTeamUserTable { + return formatTeamUserResult(result); + } + + public renderTeamUserAsciiTable(table: FormattedTeamUserTable): string { + return renderTeamUserAsciiTable(table); + } + + private requireAuth(): Auth { + const auth = this.authProvider(); + if (!auth) { + throw new KeeperSdkError( + "You are not logged in. Please log in first.", + ResultCodes.NOT_LOGGED_IN, + ); + } + return auth; + } +} diff --git a/KeeperSdk/src/users/actionUser.ts b/KeeperSdk/src/users/actionUser.ts index bacc22ae..15818043 100644 --- a/KeeperSdk/src/users/actionUser.ts +++ b/KeeperSdk/src/users/actionUser.ts @@ -1,351 +1,404 @@ import { - Enterprise, - enterpriseUsersLockMessage, - type Auth, - type KeeperResponse, - type RestCommand, -} from '@keeper-security/keeperapi' -import { extractErrorMessage, isNumber, KeeperSdkError, logger, ResultCodes } from '../utils' + Enterprise, + enterpriseUsersLockMessage, + type Auth, + type KeeperResponse, + type RestCommand, +} from "@keeper-security/keeperapi"; import { - EnterpriseDataInclude, - EnterpriseDataManager, - type EnterpriseUser, -} from '../teams/enterpriseData' + extractErrorMessage, + isNumber, + KeeperSdkError, + logger, + ResultCodes, +} from "../utils"; import { - EnterpriseUserStatus, - normalizeEmailInputs, - UserAction, - UserActionStatus, - UserActionSkipReason, - type UserActionInput, - type UserActionItemResult, - type UserActionResult, - type FormattedUserActionTable, -} from './userTypes' - -export { UserAction, UserActionStatus, UserActionSkipReason } -export type { UserActionInput, UserActionItemResult, UserActionResult, FormattedUserActionTable } - -const EXPIRE_PASSWORD_COMMAND = 'set_master_password_expire' -const ALL_USERS_SENTINEL = '@all' -const ACTIONS_NOT_SUPPORTING_ALL = new Set([UserAction.Lock, UserAction.ExpirePassword]) -const LOCK_UNLOCK_BATCH_SIZE = 1000 -const SELF_ACTION_MESSAGE = 'This operation cannot be done on yourself.' - -const ACTION_USER_INCLUDES: EnterpriseDataInclude[] = [EnterpriseDataInclude.Users] - -const USER_ACTION_TABLE_HEADERS = ['#', 'Status', 'Email', 'User ID', 'Detail'] + EnterpriseDataInclude, + EnterpriseDataManager, + type EnterpriseUser, +} from "../teams/enterpriseData"; +import { + EnterpriseUserStatus, + normalizeEmailInputs, + UserAction, + UserActionStatus, + UserActionSkipReason, + type UserActionInput, + type UserActionItemResult, + type UserActionResult, + type FormattedUserActionTable, +} from "./userTypes"; + +export { UserAction, UserActionStatus, UserActionSkipReason }; +export type { + UserActionInput, + UserActionItemResult, + UserActionResult, + FormattedUserActionTable, +}; + +const EXPIRE_PASSWORD_COMMAND = "set_master_password_expire"; +const ALL_USERS_SENTINEL = "@all"; +const ACTIONS_NOT_SUPPORTING_ALL = new Set([ + UserAction.Lock, + UserAction.ExpirePassword, +]); +const LOCK_UNLOCK_BATCH_SIZE = 1000; +const SELF_ACTION_MESSAGE = "This operation cannot be done on yourself."; + +const ACTION_USER_INCLUDES: EnterpriseDataInclude[] = [ + EnterpriseDataInclude.Users, +]; + +const USER_ACTION_TABLE_HEADERS = ["#", "Status", "Email", "User ID", "Detail"]; type ExpirePasswordPayload = { - email: string -} + email: string; +}; type ActionUserTarget = - | { kind: 'user'; user: EnterpriseUser } - | { kind: 'not_found'; identifier: string } - -export async function actionUsers(auth: Auth, input: UserActionInput): Promise { - const identifiers = normalizeEmailInputs(input.emails) - - if (identifiers.length === 0) { - throw new KeeperSdkError('No users provided.', ResultCodes.NO_USERS_TO_ACTION) + | { kind: "user"; user: EnterpriseUser } + | { kind: "not_found"; identifier: string }; + +export async function actionUsers( + auth: Auth, + input: UserActionInput, +): Promise { + const identifiers = normalizeEmailInputs(input.emails); + + if (identifiers.length === 0) { + throw new KeeperSdkError( + "No users provided.", + ResultCodes.NO_USERS_TO_ACTION, + ); + } + + const isAll = identifiers.includes(ALL_USERS_SENTINEL); + + if (isAll && ACTIONS_NOT_SUPPORTING_ALL.has(input.action)) { + throw new KeeperSdkError( + `The '${input.action}' action does not support @all.`, + ResultCodes.USER_ACTION_ALL_NOT_SUPPORTED, + ); + } + + const enterpriseData = new EnterpriseDataManager(auth); + const response = await enterpriseData.getData(ACTION_USER_INCLUDES); + const allUsers = response.users || []; + + const targets: ActionUserTarget[] = isAll + ? allUsers.map((user) => ({ kind: "user" as const, user })) + : resolveActionUserTargets(allUsers, identifiers); + const callerEnterpriseUserId = resolveCallerEnterpriseUserId(auth, allUsers); + + const items: UserActionItemResult[] = []; + const batchTargets = new Map(); + + for (const target of targets) { + if (target.kind === "not_found") { + items.push({ + username: target.identifier, + status: UserActionStatus.Failed, + message: `User "${target.identifier}" does not exist.`, + }); + continue; } - const isAll = identifiers.includes(ALL_USERS_SENTINEL) - - if (isAll && ACTIONS_NOT_SUPPORTING_ALL.has(input.action)) { - throw new KeeperSdkError( - `The '${input.action}' action does not support @all.`, - ResultCodes.USER_ACTION_ALL_NOT_SUPPORTED - ) + const user = target.user; + const item: UserActionItemResult = { + username: user.username, + enterpriseUserId: user.enterprise_user_id, + status: UserActionStatus.Failed, + }; + + if (user.status !== EnterpriseUserStatus.Active) { + const masked = maskEmail(user.username); + logger.warn(`User "${masked}" is not active and will be skipped.`); + item.status = UserActionStatus.Skipped; + item.skipReason = UserActionSkipReason.Inactive; + items.push(item); + continue; } - const enterpriseData = new EnterpriseDataManager(auth) - const response = await enterpriseData.getData(ACTION_USER_INCLUDES) - const allUsers = response.users || [] - - const targets: ActionUserTarget[] = isAll - ? allUsers.map((user) => ({ kind: 'user' as const, user })) - : resolveActionUserTargets(allUsers, identifiers) - const callerEnterpriseUserId = resolveCallerEnterpriseUserId(auth, allUsers) - - const items: UserActionItemResult[] = [] - const batchTargets = new Map() - - for (const target of targets) { - if (target.kind === 'not_found') { - items.push({ - username: target.identifier, - status: UserActionStatus.Failed, - message: `User "${target.identifier}" does not exist.`, - }) - continue - } - - const user = target.user - const item: UserActionItemResult = { - username: user.username, - enterpriseUserId: user.enterprise_user_id, - status: UserActionStatus.Failed, - } - - if (user.status !== EnterpriseUserStatus.Active) { - const masked = maskEmail(user.username) - logger.warn(`User "${masked}" is not active and will be skipped.`) - item.status = UserActionStatus.Skipped - item.skipReason = UserActionSkipReason.Inactive - items.push(item) - continue - } - - items.push(item) - - if (input.action === UserAction.Lock || input.action === UserAction.Unlock) { - if (callerEnterpriseUserId !== null && user.enterprise_user_id === callerEnterpriseUserId) { - logger.warn(`User "${maskEmail(user.username)}" is the logged-in user and will be skipped for lock/unlock.`) - item.status = UserActionStatus.Failed - item.message = SELF_ACTION_MESSAGE - continue - } - batchTargets.set(user.enterprise_user_id, item) - continue - } - - try { - await sendExpirePassword(auth, user.username) - item.status = UserActionStatus.Success - } catch (err) { - item.message = extractErrorMessage(err) - } + items.push(item); + + if ( + input.action === UserAction.Lock || + input.action === UserAction.Unlock + ) { + if ( + callerEnterpriseUserId !== null && + user.enterprise_user_id === callerEnterpriseUserId + ) { + logger.warn( + `User "${maskEmail(user.username)}" is the logged-in user and will be skipped for lock/unlock.`, + ); + item.status = UserActionStatus.Failed; + item.message = SELF_ACTION_MESSAGE; + continue; + } + batchTargets.set(user.enterprise_user_id, item); + continue; } - if (input.action === UserAction.Lock || input.action === UserAction.Unlock) { - await sendBatchLockUnlock(auth, input.action, batchTargets) + try { + await sendExpirePassword(auth, user.username); + item.status = UserActionStatus.Success; + } catch (err) { + item.message = extractErrorMessage(err); } + } - return finalizeResult(items) + if (input.action === UserAction.Lock || input.action === UserAction.Unlock) { + await sendBatchLockUnlock(auth, input.action, batchTargets); + } + + return finalizeResult(items); } async function sendBatchLockUnlock( - auth: Auth, - action: UserAction.Lock | UserAction.Unlock, - batchTargets: Map + auth: Auth, + action: UserAction.Lock | UserAction.Unlock, + batchTargets: Map, ): Promise { - if (batchTargets.size === 0) { - return + if (batchTargets.size === 0) { + return; + } + + const enterpriseUserIds = [...batchTargets.keys()]; + + for (const chunk of chunkArray(enterpriseUserIds, LOCK_UNLOCK_BATCH_SIZE)) { + const response = await auth.executeRest( + enterpriseUsersLockMessage({ + lockEnterpriseUserIds: action === UserAction.Lock ? chunk : [], + disableEnterpriseUserIds: [], + unlockEnterpriseUserIds: action === UserAction.Unlock ? chunk : [], + deleteIfPending: false, + }), + ); + + const seen = new Set(); + for (const lockResponse of response.response || []) { + const enterpriseUserId = toEnterpriseUserId( + lockResponse.enterpriseUserId, + ); + if (enterpriseUserId === null) { + continue; + } + + seen.add(enterpriseUserId); + const item = batchTargets.get(enterpriseUserId); + if (!item) { + continue; + } + + applyLockUserResponse(item, lockResponse, action); } - const enterpriseUserIds = [...batchTargets.keys()] - - for (const chunk of chunkArray(enterpriseUserIds, LOCK_UNLOCK_BATCH_SIZE)) { - const response = await auth.executeRest( - enterpriseUsersLockMessage({ - lockEnterpriseUserIds: action === UserAction.Lock ? chunk : [], - disableEnterpriseUserIds: [], - unlockEnterpriseUserIds: action === UserAction.Unlock ? chunk : [], - deleteIfPending: false, - }) - ) - - const seen = new Set() - for (const lockResponse of response.response || []) { - const enterpriseUserId = toEnterpriseUserId(lockResponse.enterpriseUserId) - if (enterpriseUserId === null) { - continue - } - - seen.add(enterpriseUserId) - const item = batchTargets.get(enterpriseUserId) - if (!item) { - continue - } - - applyLockUserResponse(item, lockResponse, action) - } - - for (const enterpriseUserId of chunk) { - if (seen.has(enterpriseUserId)) { - continue - } - const item = batchTargets.get(enterpriseUserId) - if (!item) { - continue - } - item.status = UserActionStatus.Failed - item.message = 'No response received for user.' - } + for (const enterpriseUserId of chunk) { + if (seen.has(enterpriseUserId)) { + continue; + } + const item = batchTargets.get(enterpriseUserId); + if (!item) { + continue; + } + item.status = UserActionStatus.Failed; + item.message = "No response received for user."; } + } } function applyLockUserResponse( - item: UserActionItemResult, - lockResponse: Enterprise.ILockUserResponse, - action: UserAction.Lock | UserAction.Unlock + item: UserActionItemResult, + lockResponse: Enterprise.ILockUserResponse, + action: UserAction.Lock | UserAction.Unlock, ): void { - const status = lockResponse.status ?? Enterprise.UserLockStatus.UNKNOWN_LOCK_STATUS - const errorMessage = lockResponse.errorMessage || '' - - switch (status) { - case Enterprise.UserLockStatus.LOCKED: - if (action === UserAction.Lock) { - item.status = UserActionStatus.Success - } else { - item.status = UserActionStatus.Failed - item.message = errorMessage || 'User is locked.' - } - break - case Enterprise.UserLockStatus.UNLOCKED: - if (action === UserAction.Unlock) { - item.status = UserActionStatus.Success - } else { - item.status = UserActionStatus.Failed - item.message = errorMessage || 'User is unlocked.' - } - break - case Enterprise.UserLockStatus.CANT_BE_PENDING: - item.status = UserActionStatus.Skipped - item.skipReason = UserActionSkipReason.Pending - item.message = errorMessage || 'Pending user was not modified.' - break - case Enterprise.UserLockStatus.DELETED: - item.status = UserActionStatus.Success - item.message = errorMessage || 'Pending user was deleted.' - break - case Enterprise.UserLockStatus.DISABLED: - item.status = UserActionStatus.Failed - item.message = errorMessage || 'User was disabled.' - break - default: - item.status = UserActionStatus.Failed - item.message = errorMessage || 'Lock operation failed.' - } + const status = + lockResponse.status ?? Enterprise.UserLockStatus.UNKNOWN_LOCK_STATUS; + const errorMessage = lockResponse.errorMessage || ""; + + switch (status) { + case Enterprise.UserLockStatus.LOCKED: + if (action === UserAction.Lock) { + item.status = UserActionStatus.Success; + } else { + item.status = UserActionStatus.Failed; + item.message = errorMessage || "User is locked."; + } + break; + case Enterprise.UserLockStatus.UNLOCKED: + if (action === UserAction.Unlock) { + item.status = UserActionStatus.Success; + } else { + item.status = UserActionStatus.Failed; + item.message = errorMessage || "User is unlocked."; + } + break; + case Enterprise.UserLockStatus.CANT_BE_PENDING: + item.status = UserActionStatus.Skipped; + item.skipReason = UserActionSkipReason.Pending; + item.message = errorMessage || "Pending user was not modified."; + break; + case Enterprise.UserLockStatus.DELETED: + item.status = UserActionStatus.Success; + item.message = errorMessage || "Pending user was deleted."; + break; + case Enterprise.UserLockStatus.DISABLED: + item.status = UserActionStatus.Failed; + item.message = errorMessage || "User was disabled."; + break; + default: + item.status = UserActionStatus.Failed; + item.message = errorMessage || "Lock operation failed."; + } } async function sendExpirePassword(auth: Auth, email: string): Promise { - const command: RestCommand = { - baseRequest: { command: EXPIRE_PASSWORD_COMMAND }, - request: { email }, - authorization: {}, - } - const response = await auth.executeRestCommand(command) - const result = (response.result || '').toLowerCase() - if (result && result !== 'success') { - throw new KeeperSdkError( - response.message || - response.result_code || - `${EXPIRE_PASSWORD_COMMAND} failed for "${maskEmail(email)}"`, - response.result_code || ResultCodes.USER_ACTION_FAILED - ) - } + const command: RestCommand = { + baseRequest: { command: EXPIRE_PASSWORD_COMMAND }, + request: { email }, + authorization: {}, + }; + const response = await auth.executeRestCommand(command); + const result = (response.result || "").toLowerCase(); + if (result && result !== "success") { + throw new KeeperSdkError( + response.message || + response.result_code || + `${EXPIRE_PASSWORD_COMMAND} failed for "${maskEmail(email)}"`, + response.result_code || ResultCodes.USER_ACTION_FAILED, + ); + } } function chunkArray(values: T[], size: number): T[][] { - const chunks: T[][] = [] - for (let index = 0; index < values.length; index += size) { - chunks.push(values.slice(index, index + size)) - } - return chunks + const chunks: T[][] = []; + for (let index = 0; index < values.length; index += size) { + chunks.push(values.slice(index, index + size)); + } + return chunks; } function toEnterpriseUserId(value: unknown): number | null { - if (value == null) { - return null - } - const numericId = - typeof value === 'object' && 'toNumber' in value - ? (value as { toNumber(): number }).toNumber() - : Number(value) - return isNumber(numericId) && numericId > 0 ? numericId : null + if (value == null) { + return null; + } + const numericId = + typeof value === "object" && "toNumber" in value + ? (value as { toNumber(): number }).toNumber() + : Number(value); + return isNumber(numericId) && numericId > 0 ? numericId : null; } function maskEmail(email: string): string { - return email.includes('@') ? `***@${email.split('@')[1]}` : '***' + return email.includes("@") ? `***@${email.split("@")[1]}` : "***"; } -function resolveActionUserTargets(allUsers: EnterpriseUser[], identifiers: string[]): ActionUserTarget[] { - const byEmail = new Map() - const byId = new Map() - for (const user of allUsers) { - if (user.username) byEmail.set(user.username.toLowerCase(), user) - byId.set(user.enterprise_user_id, user) +function resolveActionUserTargets( + allUsers: EnterpriseUser[], + identifiers: string[], +): ActionUserTarget[] { + const byEmail = new Map(); + const byId = new Map(); + for (const user of allUsers) { + if (user.username) byEmail.set(user.username.toLowerCase(), user); + byId.set(user.enterprise_user_id, user); + } + + const result: ActionUserTarget[] = []; + const seen = new Set(); + + for (const identifier of identifiers) { + const trimmed = identifier.trim(); + const numericId = Number(trimmed); + let user: EnterpriseUser | undefined; + + if (Number.isInteger(numericId)) { + user = byId.get(numericId); } - - const result: ActionUserTarget[] = [] - const seen = new Set() - - for (const identifier of identifiers) { - const trimmed = identifier.trim() - const numericId = Number(trimmed) - let user: EnterpriseUser | undefined - - if (Number.isInteger(numericId)) { - user = byId.get(numericId) - } - if (!user) { - user = byEmail.get(trimmed.toLowerCase()) - } - if (!user) { - result.push({ kind: 'not_found', identifier: trimmed }) - continue - } - if (!seen.has(user.enterprise_user_id)) { - seen.add(user.enterprise_user_id) - result.push({ kind: 'user', user }) - } + if (!user) { + user = byEmail.get(trimmed.toLowerCase()); + } + if (!user) { + result.push({ kind: "not_found", identifier: trimmed }); + continue; } + if (!seen.has(user.enterprise_user_id)) { + seen.add(user.enterprise_user_id); + result.push({ kind: "user", user }); + } + } - return result + return result; } -function resolveCallerEnterpriseUserId(auth: Auth, allUsers: EnterpriseUser[]): number | null { - const username = auth.username.trim().toLowerCase() - if (!username) { - return null - } - const match = allUsers.find((user) => user.username?.trim().toLowerCase() === username) - return match?.enterprise_user_id ?? null +function resolveCallerEnterpriseUserId( + auth: Auth, + allUsers: EnterpriseUser[], +): number | null { + const username = auth.username.trim().toLowerCase(); + if (!username) { + return null; + } + const match = allUsers.find( + (user) => user.username?.trim().toLowerCase() === username, + ); + return match?.enterprise_user_id ?? null; } function finalizeResult(items: UserActionItemResult[]): UserActionResult { - let succeeded = 0, skipped = 0, failed = 0 - for (const item of items) { - if (item.status === UserActionStatus.Success) succeeded++ - else if (item.status === UserActionStatus.Skipped) skipped++ - else failed++ - } - return { success: failed === 0 && succeeded > 0, items, succeeded, skipped, failed } + let succeeded = 0, + skipped = 0, + failed = 0; + for (const item of items) { + if (item.status === UserActionStatus.Success) succeeded++; + else if (item.status === UserActionStatus.Skipped) skipped++; + else failed++; + } + return { + success: failed === 0 && succeeded > 0, + items, + succeeded, + skipped, + failed, + }; } -export function formatUserActionResult(result: UserActionResult): FormattedUserActionTable { - const rows = result.items.map((item, index) => [ - String(index + 1), - item.status, - item.username, - item.enterpriseUserId != null ? String(item.enterpriseUserId) : '', - item.message || item.skipReason || '', - ]) - return { - headers: [...USER_ACTION_TABLE_HEADERS], - rows, - summary: `Succeeded: ${result.succeeded} Skipped: ${result.skipped} Failed: ${result.failed}`, - } +export function formatUserActionResult( + result: UserActionResult, +): FormattedUserActionTable { + const rows = result.items.map((item, index) => [ + String(index + 1), + item.status, + item.username, + item.enterpriseUserId != null ? String(item.enterpriseUserId) : "", + item.message || item.skipReason || "", + ]); + return { + headers: [...USER_ACTION_TABLE_HEADERS], + rows, + summary: `Succeeded: ${result.succeeded} Skipped: ${result.skipped} Failed: ${result.failed}`, + }; } -export function renderUserActionAsciiTable(table: FormattedUserActionTable): string { - const { headers, rows } = table - const widths = headers.map((header, index) => - Math.max(header.length, ...rows.map((row) => (row[index] || '').length)) - ) - const padCell = (cell: string, columnIndex: number): string => - cell.padEnd(widths[columnIndex]) - const formatRow = (cells: string[]): string => - cells.map((cell, columnIndex) => padCell(cell, columnIndex)).join(' ') - - const lines: string[] = [ - formatRow(headers), - formatRow(widths.map((w) => '-'.repeat(w))), - ...rows.map(formatRow), - table.summary, - ] - return lines.join('\n') +export function renderUserActionAsciiTable( + table: FormattedUserActionTable, +): string { + const { headers, rows } = table; + const widths = headers.map((header, index) => + Math.max(header.length, ...rows.map((row) => (row[index] || "").length)), + ); + const padCell = (cell: string, columnIndex: number): string => + cell.padEnd(widths[columnIndex]); + const formatRow = (cells: string[]): string => + cells.map((cell, columnIndex) => padCell(cell, columnIndex)).join(" "); + + const lines: string[] = [ + formatRow(headers), + formatRow(widths.map((w) => "-".repeat(w))), + ...rows.map(formatRow), + table.summary, + ]; + return lines.join("\n"); } diff --git a/KeeperSdk/src/users/addUser.ts b/KeeperSdk/src/users/addUser.ts index f0816063..e9e1f33d 100644 --- a/KeeperSdk/src/users/addUser.ts +++ b/KeeperSdk/src/users/addUser.ts @@ -1,287 +1,349 @@ import { - encryptObjectForStorage, - type Auth, - type KeeperResponse, - type RestCommand, -} from '@keeper-security/keeperapi' -import { extractErrorMessage, isNumber, isValidEmail, KeeperSdkError, ResultCodes } from '../utils' + encryptObjectForStorage, + type Auth, + type KeeperResponse, + type RestCommand, +} from "@keeper-security/keeperapi"; import { - EnterpriseDataInclude, - EnterpriseDataManager, - type EnterpriseUser, -} from '../teams/enterpriseData' + extractErrorMessage, + isNumber, + isValidEmail, + KeeperSdkError, + ResultCodes, +} from "../utils"; import { - applyDecryptedNodeNames, - applyEnterpriseNameToRoot, - parentNeedsNameLookup, - resolveParentNode, -} from '../teams/teamUtils' + EnterpriseDataInclude, + EnterpriseDataManager, + type EnterpriseUser, +} from "../teams/enterpriseData"; import { - EnterpriseUserStatus, - normalizeEmailInputs, - validateUserProfileFields, - AddUserStatus, - AddUserSkipReason, - type AddUserInput, - type AddUserItemResult, - type AddUserResult, - type FormatAddUserResultOptions, - type FormattedAddUserTable, -} from './userTypes' - -export { AddUserStatus, AddUserSkipReason } -export type { AddUserInput, AddUserItemResult, AddUserResult, FormatAddUserResultOptions, FormattedAddUserTable } - -const USER_ADD_COMMAND = 'enterprise_user_add' -const ALLOCATE_IDS_COMMAND = 'enterprise_allocate_ids' -const REINVITE_COMMAND = 'resend_enterprise_invite' + applyDecryptedNodeNames, + applyEnterpriseNameToRoot, + parentNeedsNameLookup, + resolveParentNode, +} from "../teams/teamUtils"; +import { + EnterpriseUserStatus, + normalizeEmailInputs, + validateUserProfileFields, + AddUserStatus, + AddUserSkipReason, + type AddUserInput, + type AddUserItemResult, + type AddUserResult, + type FormatAddUserResultOptions, + type FormattedAddUserTable, +} from "./userTypes"; + +export { AddUserStatus, AddUserSkipReason }; +export type { + AddUserInput, + AddUserItemResult, + AddUserResult, + FormatAddUserResultOptions, + FormattedAddUserTable, +}; + +const USER_ADD_COMMAND = "enterprise_user_add"; +const ALLOCATE_IDS_COMMAND = "enterprise_allocate_ids"; +const REINVITE_COMMAND = "resend_enterprise_invite"; const ADD_USER_INCLUDES: EnterpriseDataInclude[] = [ - EnterpriseDataInclude.Nodes, - EnterpriseDataInclude.Users, -] - -const USER_TABLE_HEADERS = ['#', 'Status', 'Email', 'User ID', 'Node ID', 'Detail'] + EnterpriseDataInclude.Nodes, + EnterpriseDataInclude.Users, +]; + +const USER_TABLE_HEADERS = [ + "#", + "Status", + "Email", + "User ID", + "Node ID", + "Detail", +]; type UserAddPayload = { - enterprise_user_id: number - enterprise_user_username: string - node_id: number - encrypted_data: string - full_name?: string - job_title?: string -} + enterprise_user_id: number; + enterprise_user_username: string; + node_id: number; + encrypted_data: string; + full_name?: string; + job_title?: string; +}; type AllocateIdsPayload = { - number_requested: number -} + number_requested: number; +}; type ReinvitePayload = { - enterprise_user_id: number -} + enterprise_user_id: number; +}; type AllocateIdsResponse = KeeperResponse & { - base_id: number -} - -export async function addUsers(auth: Auth, input: AddUserInput): Promise { - const rawEmails = [ - ...new Map( - normalizeEmailInputs(input.emails) - .map((e) => [e.toLowerCase(), e] as const) - ).values(), - ] - - if (rawEmails.length === 0) { - throw new KeeperSdkError('No emails provided.', ResultCodes.NO_USERS_TO_ADD) + base_id: number; +}; + +export async function addUsers( + auth: Auth, + input: AddUserInput, +): Promise { + const rawEmails = [ + ...new Map( + normalizeEmailInputs(input.emails).map( + (e) => [e.toLowerCase(), e] as const, + ), + ).values(), + ]; + + if (rawEmails.length === 0) { + throw new KeeperSdkError( + "No emails provided.", + ResultCodes.NO_USERS_TO_ADD, + ); + } + + const parentIdentifier = input.parent ?? null; + const needsNameLookup = parentNeedsNameLookup(parentIdentifier); + + const enterpriseData = new EnterpriseDataManager(auth); + const response = await enterpriseData.getData(ADD_USER_INCLUDES); + const nodes = response.nodes || []; + const existingUsers = response.users || []; + + applyEnterpriseNameToRoot(nodes, response.enterprise_name); + + if (needsNameLookup) { + const displayNames = await enterpriseData.getDisplayNames(); + applyDecryptedNodeNames(nodes, displayNames.nodes); + await enterpriseData.decryptNodeNames(nodes); + } + + const parentNode = resolveParentNode(nodes, parentIdentifier); + const parentNodeId = parentNode.node_id; + const parentNodeName = + EnterpriseDataManager.getNodePath(nodes, parentNode.node_id, { + omitRoot: false, + }) || + (parentNode.displayName || "").trim() || + String(parentNode.node_id); + + const treeKey = await enterpriseData.getTreeKey(); + if (!treeKey) { + throw new KeeperSdkError( + "Enterprise tree key is unavailable.", + ResultCodes.ENTERPRISE_TREE_KEY_UNAVAILABLE, + ); + } + + const existingByEmail = buildExistingByEmail(existingUsers); + const fullName = (input.fullName || "").trim() || undefined; + const jobTitle = (input.jobTitle || "").trim() || undefined; + validateUserProfileFields(fullName, jobTitle); + + const items: AddUserItemResult[] = []; + + for (const raw of rawEmails) { + const email = raw.toLowerCase(); + const item: AddUserItemResult = { + username: raw, + status: AddUserStatus.Failed, + }; + + if (!isValidEmail(email)) { + item.status = AddUserStatus.Skipped; + item.skipReason = AddUserSkipReason.InvalidEmail; + item.message = `"${raw}" is not a valid email address.`; + items.push(item); + continue; } - const parentIdentifier = input.parent ?? null - const needsNameLookup = parentNeedsNameLookup(parentIdentifier) - - const enterpriseData = new EnterpriseDataManager(auth) - const response = await enterpriseData.getData(ADD_USER_INCLUDES) - const nodes = response.nodes || [] - const existingUsers = response.users || [] - - applyEnterpriseNameToRoot(nodes, response.enterprise_name) - - if (needsNameLookup) { - const displayNames = await enterpriseData.getDisplayNames() - applyDecryptedNodeNames(nodes, displayNames.nodes) - await enterpriseData.decryptNodeNames(nodes) - } - - const parentNode = resolveParentNode(nodes, parentIdentifier) - const parentNodeId = parentNode.node_id - const parentNodeName = - EnterpriseDataManager.getNodePath(nodes, parentNode.node_id, { omitRoot: false }) || - (parentNode.displayName || '').trim() || - String(parentNode.node_id) - - const treeKey = await enterpriseData.getTreeKey() - if (!treeKey) { - throw new KeeperSdkError( - 'Enterprise tree key is unavailable.', - ResultCodes.ENTERPRISE_TREE_KEY_UNAVAILABLE - ) - } - - const existingByEmail = buildExistingByEmail(existingUsers) - const fullName = (input.fullName || '').trim() || undefined - const jobTitle = (input.jobTitle || '').trim() || undefined - validateUserProfileFields(fullName, jobTitle) - - const items: AddUserItemResult[] = [] + const existing = existingByEmail.get(email); + if (existing) { + item.enterpriseUserId = existing.enterprise_user_id; + item.nodeId = existing.node_id; - for (const raw of rawEmails) { - const email = raw.toLowerCase() - const item: AddUserItemResult = { - username: raw, - status: AddUserStatus.Failed, - } - - if (!isValidEmail(email)) { - item.status = AddUserStatus.Skipped - item.skipReason = AddUserSkipReason.InvalidEmail - item.message = `"${raw}" is not a valid email address.` - items.push(item) - continue - } - - const existing = existingByEmail.get(email) - if (existing) { - item.enterpriseUserId = existing.enterprise_user_id - item.nodeId = existing.node_id - - if (existing.status === EnterpriseUserStatus.Invited) { - try { - await sendReinvite(auth, existing.enterprise_user_id) - item.status = AddUserStatus.Reinvited - item.message = 'Invitation resent.' - } catch (err) { - item.message = extractErrorMessage(err) - } - } else { - item.status = AddUserStatus.Skipped - item.skipReason = AddUserSkipReason.AlreadyExists - item.message = `User "${raw}" has already accepted the invitation.` - } - items.push(item) - continue - } - - item.username = email + if (existing.status === EnterpriseUserStatus.Invited) { try { - const enterpriseUserId = await allocateEnterpriseId(auth) - const encryptedData = await encryptObjectForStorage({ displayname: fullName || '' }, treeKey) - await sendUserAdd(auth, { - enterprise_user_id: enterpriseUserId, - enterprise_user_username: email, - node_id: parentNodeId, - encrypted_data: encryptedData, - full_name: fullName, - job_title: jobTitle, - }) - item.enterpriseUserId = enterpriseUserId - item.nodeId = parentNodeId - item.status = AddUserStatus.Added + await sendReinvite(auth, existing.enterprise_user_id); + item.status = AddUserStatus.Reinvited; + item.message = "Invitation resent."; } catch (err) { - item.message = extractErrorMessage(err) + item.message = extractErrorMessage(err); } - items.push(item) + } else { + item.status = AddUserStatus.Skipped; + item.skipReason = AddUserSkipReason.AlreadyExists; + item.message = `User "${raw}" has already accepted the invitation.`; + } + items.push(item); + continue; + } + + item.username = email; + try { + const enterpriseUserId = await allocateEnterpriseId(auth); + const encryptedData = await encryptObjectForStorage( + { displayname: fullName || "" }, + treeKey, + ); + await sendUserAdd(auth, { + enterprise_user_id: enterpriseUserId, + enterprise_user_username: email, + node_id: parentNodeId, + encrypted_data: encryptedData, + full_name: fullName, + job_title: jobTitle, + }); + item.enterpriseUserId = enterpriseUserId; + item.nodeId = parentNodeId; + item.status = AddUserStatus.Added; + } catch (err) { + item.message = extractErrorMessage(err); } + items.push(item); + } - return finalizeResult(items, parentNodeId, parentNodeName) + return finalizeResult(items, parentNodeId, parentNodeName); } async function allocateEnterpriseId(auth: Auth): Promise { - const command: RestCommand = { - baseRequest: { command: ALLOCATE_IDS_COMMAND }, - request: { number_requested: 1 }, - authorization: {}, - } - const response = await auth.executeRestCommand(command) - assertCommandSuccess(response, 'enterprise_allocate_ids failed') - if (!isNumber(response.base_id) || response.base_id === 0) { - throw new KeeperSdkError('Failed to allocate enterprise user ID.', ResultCodes.USER_ADD_FAILED) - } - return response.base_id + const command: RestCommand = { + baseRequest: { command: ALLOCATE_IDS_COMMAND }, + request: { number_requested: 1 }, + authorization: {}, + }; + const response = await auth.executeRestCommand(command); + assertCommandSuccess(response, "enterprise_allocate_ids failed"); + if (!isNumber(response.base_id) || response.base_id === 0) { + throw new KeeperSdkError( + "Failed to allocate enterprise user ID.", + ResultCodes.USER_ADD_FAILED, + ); + } + return response.base_id; } async function sendUserAdd(auth: Auth, payload: UserAddPayload): Promise { - const command: RestCommand = { - baseRequest: { command: USER_ADD_COMMAND }, - request: payload, - authorization: {}, - } - const response = await auth.executeRestCommand(command) - assertCommandSuccess(response, `${USER_ADD_COMMAND} failed for "${payload.enterprise_user_username}"`) + const command: RestCommand = { + baseRequest: { command: USER_ADD_COMMAND }, + request: payload, + authorization: {}, + }; + const response = await auth.executeRestCommand(command); + assertCommandSuccess( + response, + `${USER_ADD_COMMAND} failed for "${payload.enterprise_user_username}"`, + ); } -async function sendReinvite(auth: Auth, enterpriseUserId: number): Promise { - const command: RestCommand = { - baseRequest: { command: REINVITE_COMMAND }, - request: { enterprise_user_id: enterpriseUserId }, - authorization: {}, - } - const response = await auth.executeRestCommand(command) - assertCommandSuccess(response, `${REINVITE_COMMAND} failed for user_id=${enterpriseUserId}`) +async function sendReinvite( + auth: Auth, + enterpriseUserId: number, +): Promise { + const command: RestCommand = { + baseRequest: { command: REINVITE_COMMAND }, + request: { enterprise_user_id: enterpriseUserId }, + authorization: {}, + }; + const response = await auth.executeRestCommand(command); + assertCommandSuccess( + response, + `${REINVITE_COMMAND} failed for user_id=${enterpriseUserId}`, + ); } -function assertCommandSuccess(response: KeeperResponse, fallbackMessage: string): void { - const result = (response.result || '').toLowerCase() - if (result && result !== 'success') { - throw new KeeperSdkError( - response.message || response.result_code || fallbackMessage, - response.result_code || ResultCodes.USER_ADD_FAILED - ) - } +function assertCommandSuccess( + response: KeeperResponse, + fallbackMessage: string, +): void { + const result = (response.result || "").toLowerCase(); + if (result && result !== "success") { + throw new KeeperSdkError( + response.message || response.result_code || fallbackMessage, + response.result_code || ResultCodes.USER_ADD_FAILED, + ); + } } -function buildExistingByEmail(users: EnterpriseUser[]): Map { - const map = new Map() - for (const u of users) { - if (u.username) map.set(u.username.toLowerCase(), u) - } - return map +function buildExistingByEmail( + users: EnterpriseUser[], +): Map { + const map = new Map(); + for (const u of users) { + if (u.username) map.set(u.username.toLowerCase(), u); + } + return map; } function finalizeResult( - items: AddUserItemResult[], - parentNodeId: number, - parentNodeName: string + items: AddUserItemResult[], + parentNodeId: number, + parentNodeName: string, ): AddUserResult { - let added = 0, reinvited = 0, skipped = 0, failed = 0 - for (const item of items) { - if (item.status === AddUserStatus.Added) added++ - else if (item.status === AddUserStatus.Reinvited) reinvited++ - else if (item.status === AddUserStatus.Skipped) skipped++ - else failed++ - } - return { success: failed === 0 && (added > 0 || reinvited > 0), parentNodeId, parentNodeName, items, added, reinvited, skipped, failed } + let added = 0, + reinvited = 0, + skipped = 0, + failed = 0; + for (const item of items) { + if (item.status === AddUserStatus.Added) added++; + else if (item.status === AddUserStatus.Reinvited) reinvited++; + else if (item.status === AddUserStatus.Skipped) skipped++; + else failed++; + } + return { + success: failed === 0 && (added > 0 || reinvited > 0), + parentNodeId, + parentNodeName, + items, + added, + reinvited, + skipped, + failed, + }; } export function formatAddUserResult( - result: AddUserResult, - options: FormatAddUserResultOptions = {} + result: AddUserResult, + options: FormatAddUserResultOptions = {}, ): FormattedAddUserTable { - const showSkipped = options.showSkipped !== false - const visible = result.items.filter((item) => showSkipped || item.status !== AddUserStatus.Skipped) - - const rows = visible.map((item, index) => [ - String(index + 1), - item.status, - item.username, - item.enterpriseUserId != null ? String(item.enterpriseUserId) : '', - item.nodeId != null ? String(item.nodeId) : '', - item.message || item.skipReason || '', - ]) - - return { - headers: [...USER_TABLE_HEADERS], - rows, - parentNodeName: result.parentNodeName, - summary: `Added: ${result.added} Reinvited: ${result.reinvited} Skipped: ${result.skipped} Failed: ${result.failed}`, - } + const showSkipped = options.showSkipped !== false; + const visible = result.items.filter( + (item) => showSkipped || item.status !== AddUserStatus.Skipped, + ); + + const rows = visible.map((item, index) => [ + String(index + 1), + item.status, + item.username, + item.enterpriseUserId != null ? String(item.enterpriseUserId) : "", + item.nodeId != null ? String(item.nodeId) : "", + item.message || item.skipReason || "", + ]); + + return { + headers: [...USER_TABLE_HEADERS], + rows, + parentNodeName: result.parentNodeName, + summary: `Added: ${result.added} Reinvited: ${result.reinvited} Skipped: ${result.skipped} Failed: ${result.failed}`, + }; } export function renderAddUserAsciiTable(table: FormattedAddUserTable): string { - const { headers, rows } = table - const widths = headers.map((header, index) => - Math.max(header.length, ...rows.map((row) => (row[index] || '').length)) - ) - const padCell = (cell: string, columnIndex: number): string => - cell.padEnd(widths[columnIndex]) - const formatRow = (cells: string[]): string => - cells.map((cell, columnIndex) => padCell(cell, columnIndex)).join(' ') - - const lines: string[] = [ - `Parent: ${table.parentNodeName}`, - formatRow(headers), - formatRow(widths.map((w) => '-'.repeat(w))), - ...rows.map(formatRow), - table.summary, - ] - return lines.join('\n') + const { headers, rows } = table; + const widths = headers.map((header, index) => + Math.max(header.length, ...rows.map((row) => (row[index] || "").length)), + ); + const padCell = (cell: string, columnIndex: number): string => + cell.padEnd(widths[columnIndex]); + const formatRow = (cells: string[]): string => + cells.map((cell, columnIndex) => padCell(cell, columnIndex)).join(" "); + + const lines: string[] = [ + `Parent: ${table.parentNodeName}`, + formatRow(headers), + formatRow(widths.map((w) => "-".repeat(w))), + ...rows.map(formatRow), + table.summary, + ]; + return lines.join("\n"); } diff --git a/KeeperSdk/src/users/aliasUser.ts b/KeeperSdk/src/users/aliasUser.ts index 90af0aa0..839c3b74 100644 --- a/KeeperSdk/src/users/aliasUser.ts +++ b/KeeperSdk/src/users/aliasUser.ts @@ -1,122 +1,177 @@ import { - enterpriseUserAddAliasMessage, - enterpriseUserDeleteAliasMessage, - enterpriseUserSetPrimaryAliasMessage, - type Auth, -} from '@keeper-security/keeperapi' -import { extractErrorMessage, KeeperSdkError, logger, ResultCodes } from '../utils' + enterpriseUserAddAliasMessage, + enterpriseUserDeleteAliasMessage, + enterpriseUserSetPrimaryAliasMessage, + type Auth, +} from "@keeper-security/keeperapi"; import { - EnterpriseDataInclude, - EnterpriseDataManager, - type EnterpriseUser, - type EnterpriseUserAliasLink, -} from '../teams/enterpriseData' + extractErrorMessage, + KeeperSdkError, + logger, + ResultCodes, +} from "../utils"; import { - resolveExistingUsers, - AliasOperation, - type AliasUserInput, - type AliasUserResult, -} from './userTypes' + EnterpriseDataInclude, + EnterpriseDataManager, + type EnterpriseUser, + type EnterpriseUserAliasLink, +} from "../teams/enterpriseData"; +import { + resolveExistingUsers, + AliasOperation, + type AliasUserInput, + type AliasUserResult, +} from "./userTypes"; -export { AliasOperation } -export type { AliasUserInput, AliasUserResult } +export { AliasOperation }; +export type { AliasUserInput, AliasUserResult }; const ALIAS_USER_INCLUDES: EnterpriseDataInclude[] = [ - EnterpriseDataInclude.Users, - EnterpriseDataInclude.UserAliases, -] - -export async function aliasUser(auth: Auth, input: AliasUserInput): Promise { - const alias = input.alias.trim().toLowerCase() + EnterpriseDataInclude.Users, + EnterpriseDataInclude.UserAliases, +]; - if (!alias) { - throw new KeeperSdkError('Alias is required.', ResultCodes.USER_ALIAS_FAILED) - } - - const identifier = input.email.trim() - if (!identifier) { - throw new KeeperSdkError('User email or ID is required.', ResultCodes.USER_NOT_FOUND) - } - - const enterpriseData = new EnterpriseDataManager(auth) - const response = await enterpriseData.getData(ALIAS_USER_INCLUDES) - - const [user] = resolveExistingUsers(response.users || [], [identifier]) - const existingAliases = (response.user_aliases || []).filter( - (a) => a.enterprise_user_id === user.enterprise_user_id - ) - - if (input.operation === AliasOperation.Add) { - return addAlias(auth, user, existingAliases, alias) - } - return removeAlias(auth, user, existingAliases, alias) +export async function aliasUser( + auth: Auth, + input: AliasUserInput, +): Promise { + const alias = input.alias.trim().toLowerCase(); + + if (!alias) { + throw new KeeperSdkError( + "Alias is required.", + ResultCodes.USER_ALIAS_FAILED, + ); + } + + const identifier = input.email.trim(); + if (!identifier) { + throw new KeeperSdkError( + "User email or ID is required.", + ResultCodes.USER_NOT_FOUND, + ); + } + + const enterpriseData = new EnterpriseDataManager(auth); + const response = await enterpriseData.getData(ALIAS_USER_INCLUDES); + + const [user] = resolveExistingUsers(response.users || [], [identifier]); + const existingAliases = (response.user_aliases || []).filter( + (a) => a.enterprise_user_id === user.enterprise_user_id, + ); + + if (input.operation === AliasOperation.Add) { + return addAlias(auth, user, existingAliases, alias); + } + return removeAlias(auth, user, existingAliases, alias); } async function addAlias( - auth: Auth, - user: EnterpriseUser, - existingAliases: EnterpriseUserAliasLink[], - alias: string + auth: Auth, + user: EnterpriseUser, + existingAliases: EnterpriseUserAliasLink[], + alias: string, ): Promise { - const base = { username: user.username, enterpriseUserId: user.enterprise_user_id, alias, operation: AliasOperation.Add } - - if (user.username === alias) { - logger.info(`Alias "${alias}" is already the primary email for this user.`) - return { ...base, success: true, detail: 'Alias is already the primary email.' } + const base = { + username: user.username, + enterpriseUserId: user.enterprise_user_id, + alias, + operation: AliasOperation.Add, + }; + + if (user.username === alias) { + logger.info(`Alias "${alias}" is already the primary email for this user.`); + return { + ...base, + success: true, + detail: "Alias is already the primary email.", + }; + } + + const alreadyExists = existingAliases.some((a) => a.username === alias); + + try { + if (alreadyExists) { + await sendSetPrimaryAlias(auth, user.enterprise_user_id, alias); + return { ...base, success: true, detail: "Alias promoted to primary." }; } - const alreadyExists = existingAliases.some((a) => a.username === alias) - - try { - if (alreadyExists) { - await sendSetPrimaryAlias(auth, user.enterprise_user_id, alias) - return { ...base, success: true, detail: 'Alias promoted to primary.' } - } - - await sendAddAlias(auth, user.enterprise_user_id, alias) - return { ...base, success: true, detail: 'Alias added.' } - } catch (err) { - throw new KeeperSdkError(extractErrorMessage(err), ResultCodes.USER_ALIAS_FAILED) - } + await sendAddAlias(auth, user.enterprise_user_id, alias); + return { ...base, success: true, detail: "Alias added." }; + } catch (err) { + throw new KeeperSdkError( + extractErrorMessage(err), + ResultCodes.USER_ALIAS_FAILED, + ); + } } async function removeAlias( - auth: Auth, - user: EnterpriseUser, - existingAliases: EnterpriseUserAliasLink[], - alias: string + auth: Auth, + user: EnterpriseUser, + existingAliases: EnterpriseUserAliasLink[], + alias: string, ): Promise { - const base = { username: user.username, enterpriseUserId: user.enterprise_user_id, alias, operation: AliasOperation.Remove } - - const exists = alias === user.username || existingAliases.some((a) => a.username === alias) - - if (!exists) { - logger.info(`Alias "${alias}" does not exist for user.`) - return { ...base, success: false, detail: 'Alias does not exist.' } - } - try { - await sendDeleteAlias(auth, user.enterprise_user_id, alias) - return { ...base, success: true, detail: 'Alias removed.' } - } catch (err) { - throw new KeeperSdkError(extractErrorMessage(err), ResultCodes.USER_ALIAS_FAILED) - } + const base = { + username: user.username, + enterpriseUserId: user.enterprise_user_id, + alias, + operation: AliasOperation.Remove, + }; + + const exists = + alias === user.username || + existingAliases.some((a) => a.username === alias); + + if (!exists) { + logger.info(`Alias "${alias}" does not exist for user.`); + return { ...base, success: false, detail: "Alias does not exist." }; + } + try { + await sendDeleteAlias(auth, user.enterprise_user_id, alias); + return { ...base, success: true, detail: "Alias removed." }; + } catch (err) { + throw new KeeperSdkError( + extractErrorMessage(err), + ResultCodes.USER_ALIAS_FAILED, + ); + } } -async function sendAddAlias(auth: Auth, enterpriseUserId: number, alias: string): Promise { - const response = await auth.executeRest( - enterpriseUserAddAliasMessage({ enterpriseUserId, alias, primary: true }) - ) - for (const status of response.status || []) { - if (status.status && status.status !== 'success') { - throw new KeeperSdkError(`Add alias failed: ${status.status}`, ResultCodes.USER_ALIAS_FAILED) - } +async function sendAddAlias( + auth: Auth, + enterpriseUserId: number, + alias: string, +): Promise { + const response = await auth.executeRest( + enterpriseUserAddAliasMessage({ enterpriseUserId, alias, primary: true }), + ); + for (const status of response.status || []) { + if (status.status && status.status !== "success") { + throw new KeeperSdkError( + `Add alias failed: ${status.status}`, + ResultCodes.USER_ALIAS_FAILED, + ); } + } } -async function sendSetPrimaryAlias(auth: Auth, enterpriseUserId: number, alias: string): Promise { - await auth.executeRestAction(enterpriseUserSetPrimaryAliasMessage({ enterpriseUserId, alias })) +async function sendSetPrimaryAlias( + auth: Auth, + enterpriseUserId: number, + alias: string, +): Promise { + await auth.executeRestAction( + enterpriseUserSetPrimaryAliasMessage({ enterpriseUserId, alias }), + ); } -async function sendDeleteAlias(auth: Auth, enterpriseUserId: number, alias: string): Promise { - await auth.executeRestAction(enterpriseUserDeleteAliasMessage({ enterpriseUserId, alias })) +async function sendDeleteAlias( + auth: Auth, + enterpriseUserId: number, + alias: string, +): Promise { + await auth.executeRestAction( + enterpriseUserDeleteAliasMessage({ enterpriseUserId, alias }), + ); } diff --git a/KeeperSdk/src/users/deleteUser.ts b/KeeperSdk/src/users/deleteUser.ts index 327dd94e..f536dbdb 100644 --- a/KeeperSdk/src/users/deleteUser.ts +++ b/KeeperSdk/src/users/deleteUser.ts @@ -1,127 +1,148 @@ import { - type Auth, - type KeeperResponse, - type RestCommand, -} from '@keeper-security/keeperapi' -import { extractErrorMessage, KeeperSdkError, ResultCodes } from '../utils' + type Auth, + type KeeperResponse, + type RestCommand, +} from "@keeper-security/keeperapi"; +import { extractErrorMessage, KeeperSdkError, ResultCodes } from "../utils"; import { - EnterpriseDataInclude, - EnterpriseDataManager, -} from '../teams/enterpriseData' + EnterpriseDataInclude, + EnterpriseDataManager, +} from "../teams/enterpriseData"; import { - normalizeEmailInputs, - resolveExistingUsers, - DeleteUserStatus, - type DeleteUserInput, - type DeleteUserItemResult, - type DeleteUserResult, - type FormattedDeleteUserTable, -} from './userTypes' - -export { DeleteUserStatus } -export type { DeleteUserInput, DeleteUserItemResult, DeleteUserResult, FormattedDeleteUserTable } - -const USER_DELETE_COMMAND = 'enterprise_user_delete' - -const DELETE_USER_INCLUDES: EnterpriseDataInclude[] = [EnterpriseDataInclude.Users] + normalizeEmailInputs, + resolveExistingUsers, + DeleteUserStatus, + type DeleteUserInput, + type DeleteUserItemResult, + type DeleteUserResult, + type FormattedDeleteUserTable, +} from "./userTypes"; + +export { DeleteUserStatus }; +export type { + DeleteUserInput, + DeleteUserItemResult, + DeleteUserResult, + FormattedDeleteUserTable, +}; + +const USER_DELETE_COMMAND = "enterprise_user_delete"; + +const DELETE_USER_INCLUDES: EnterpriseDataInclude[] = [ + EnterpriseDataInclude.Users, +]; type UserDeletePayload = { - enterprise_user_id: number -} - -export async function deleteUsers(auth: Auth, input: DeleteUserInput): Promise { - const rawEmails = normalizeEmailInputs(input.emails) - - if (rawEmails.length === 0) { - throw new KeeperSdkError('No users provided for deletion.', ResultCodes.NO_USERS_TO_DELETE) + enterprise_user_id: number; +}; + +export async function deleteUsers( + auth: Auth, + input: DeleteUserInput, +): Promise { + const rawEmails = normalizeEmailInputs(input.emails); + + if (rawEmails.length === 0) { + throw new KeeperSdkError( + "No users provided for deletion.", + ResultCodes.NO_USERS_TO_DELETE, + ); + } + + const enterpriseData = new EnterpriseDataManager(auth); + const response = await enterpriseData.getData(DELETE_USER_INCLUDES); + const allUsers = response.users || []; + const resolvedUsers = resolveExistingUsers(allUsers, rawEmails); + + const items: DeleteUserItemResult[] = []; + + for (const user of resolvedUsers) { + const item: DeleteUserItemResult = { + username: user.username, + enterpriseUserId: user.enterprise_user_id, + status: DeleteUserStatus.Failed, + }; + + try { + await sendUserDelete(auth, user.enterprise_user_id); + item.status = DeleteUserStatus.Deleted; + } catch (err) { + item.message = extractErrorMessage(err); } + items.push(item); + } - const enterpriseData = new EnterpriseDataManager(auth) - const response = await enterpriseData.getData(DELETE_USER_INCLUDES) - const allUsers = response.users || [] - const resolvedUsers = resolveExistingUsers(allUsers, rawEmails) - - const items: DeleteUserItemResult[] = [] - - for (const user of resolvedUsers) { - const item: DeleteUserItemResult = { - username: user.username, - enterpriseUserId: user.enterprise_user_id, - status: DeleteUserStatus.Failed, - } - - try { - await sendUserDelete(auth, user.enterprise_user_id) - item.status = DeleteUserStatus.Deleted - } catch (err) { - item.message = extractErrorMessage(err) - } - items.push(item) - } - - return finalizeResult(items) + return finalizeResult(items); } -async function sendUserDelete(auth: Auth, enterpriseUserId: number): Promise { - const command: RestCommand = { - baseRequest: { command: USER_DELETE_COMMAND }, - request: { enterprise_user_id: enterpriseUserId }, - authorization: {}, - } - const response = await auth.executeRestCommand(command) - const result = (response.result || '').toLowerCase() - if (result && result !== 'success') { - throw new KeeperSdkError( - response.message || - response.result_code || - `${USER_DELETE_COMMAND} failed for user_id=${enterpriseUserId}`, - response.result_code || ResultCodes.USER_DELETE_FAILED - ) - } +async function sendUserDelete( + auth: Auth, + enterpriseUserId: number, +): Promise { + const command: RestCommand = { + baseRequest: { command: USER_DELETE_COMMAND }, + request: { enterprise_user_id: enterpriseUserId }, + authorization: {}, + }; + const response = await auth.executeRestCommand(command); + const result = (response.result || "").toLowerCase(); + if (result && result !== "success") { + throw new KeeperSdkError( + response.message || + response.result_code || + `${USER_DELETE_COMMAND} failed for user_id=${enterpriseUserId}`, + response.result_code || ResultCodes.USER_DELETE_FAILED, + ); + } } function finalizeResult(items: DeleteUserItemResult[]): DeleteUserResult { - let deleted = 0, failed = 0 - for (const item of items) { - if (item.status === DeleteUserStatus.Deleted) deleted++ - else failed++ - } - return { success: failed === 0 && deleted > 0, items, deleted, failed } + let deleted = 0, + failed = 0; + for (const item of items) { + if (item.status === DeleteUserStatus.Deleted) deleted++; + else failed++; + } + return { success: failed === 0 && deleted > 0, items, deleted, failed }; } -const USER_DELETE_TABLE_HEADERS = ['#', 'Status', 'Email', 'User ID', 'Detail'] - -export function formatDeleteUserResult(result: DeleteUserResult): FormattedDeleteUserTable { - const rows = result.items.map((item, index) => [ - String(index + 1), - item.status, - item.username, - String(item.enterpriseUserId), - item.message || '', - ]) - - return { - headers: [...USER_DELETE_TABLE_HEADERS], - rows, - summary: `Deleted: ${result.deleted} Failed: ${result.failed}`, - } +const USER_DELETE_TABLE_HEADERS = ["#", "Status", "Email", "User ID", "Detail"]; + +export function formatDeleteUserResult( + result: DeleteUserResult, +): FormattedDeleteUserTable { + const rows = result.items.map((item, index) => [ + String(index + 1), + item.status, + item.username, + String(item.enterpriseUserId), + item.message || "", + ]); + + return { + headers: [...USER_DELETE_TABLE_HEADERS], + rows, + summary: `Deleted: ${result.deleted} Failed: ${result.failed}`, + }; } -export function renderDeleteUserAsciiTable(table: FormattedDeleteUserTable): string { - const { headers, rows } = table - const widths = headers.map((header, index) => - Math.max(header.length, ...rows.map((row) => (row[index] || '').length)) - ) - const padCell = (cell: string, columnIndex: number): string => - cell.padEnd(widths[columnIndex]) - const formatRow = (cells: string[]): string => - cells.map((cell, columnIndex) => padCell(cell, columnIndex)).join(' ') - - const lines: string[] = [ - formatRow(headers), - formatRow(widths.map((w) => '-'.repeat(w))), - ...rows.map(formatRow), - table.summary, - ] - return lines.join('\n') +export function renderDeleteUserAsciiTable( + table: FormattedDeleteUserTable, +): string { + const { headers, rows } = table; + const widths = headers.map((header, index) => + Math.max(header.length, ...rows.map((row) => (row[index] || "").length)), + ); + const padCell = (cell: string, columnIndex: number): string => + cell.padEnd(widths[columnIndex]); + const formatRow = (cells: string[]): string => + cells.map((cell, columnIndex) => padCell(cell, columnIndex)).join(" "); + + const lines: string[] = [ + formatRow(headers), + formatRow(widths.map((w) => "-".repeat(w))), + ...rows.map(formatRow), + table.summary, + ]; + return lines.join("\n"); } diff --git a/KeeperSdk/src/users/listUsers.ts b/KeeperSdk/src/users/listUsers.ts index 6ec295cf..b8e81bda 100644 --- a/KeeperSdk/src/users/listUsers.ts +++ b/KeeperSdk/src/users/listUsers.ts @@ -1,459 +1,548 @@ -import type { Auth } from '@keeper-security/keeperapi' -import { isNumber, TOKEN_SEPARATOR_PATTERN } from '../utils' +import type { Auth } from "@keeper-security/keeperapi"; +import { isNumber, TOKEN_SEPARATOR_PATTERN } from "../utils"; import { - EnterpriseDataInclude, - EnterpriseDataManager, - type EnterpriseDisplayNames, - type EnterpriseNode, - type EnterpriseQueuedTeamRecord, - type EnterpriseQueuedTeamUserLink, - type EnterpriseRole, - type EnterpriseRoleTeamLink, - type EnterpriseRoleUserLink, - type EnterpriseTeamRecord, - type EnterpriseTeamUserLink, - type EnterpriseUser, - type EnterpriseUserAliasLink, -} from '../teams/enterpriseData' -import { applyDecryptedNodeNames } from '../teams/teamUtils' + EnterpriseDataInclude, + EnterpriseDataManager, + type EnterpriseDisplayNames, + type EnterpriseNode, + type EnterpriseQueuedTeamRecord, + type EnterpriseQueuedTeamUserLink, + type EnterpriseRole, + type EnterpriseRoleTeamLink, + type EnterpriseRoleUserLink, + type EnterpriseTeamRecord, + type EnterpriseTeamUserLink, + type EnterpriseUser, + type EnterpriseUserAliasLink, +} from "../teams/enterpriseData"; +import { applyDecryptedNodeNames } from "../teams/teamUtils"; import { - formatUserStatus, - formatTransferStatus, - UserColumn, - type UserColumnInput, - type ListUsersOptions, - type ListUserRow, - type FormattedUsersTable, - type FormatUsersTableOptions, -} from './userTypes' - -export { UserColumn } -export type { UserColumnInput, ListUsersOptions, ListUserRow, FormattedUsersTable, FormatUsersTableOptions } - -export const SUPPORTED_USER_COLUMNS: readonly UserColumn[] = Object.values(UserColumn) + formatUserStatus, + formatTransferStatus, + UserColumn, + type UserColumnInput, + type ListUsersOptions, + type ListUserRow, + type FormattedUsersTable, + type FormatUsersTableOptions, +} from "./userTypes"; + +export { UserColumn }; +export type { + UserColumnInput, + ListUsersOptions, + ListUserRow, + FormattedUsersTable, + FormatUsersTableOptions, +}; + +export const SUPPORTED_USER_COLUMNS: readonly UserColumn[] = + Object.values(UserColumn); export const DEFAULT_USER_COLUMNS: readonly UserColumn[] = [ - UserColumn.Name, - UserColumn.Status, - UserColumn.TransferStatus, - UserColumn.Node, -] + UserColumn.Name, + UserColumn.Status, + UserColumn.TransferStatus, + UserColumn.Node, +]; -const NODE_PATH_SEPARATOR = '\\' -const MIN_ASCII_COL_WIDTH = 2 -const ALL_COLUMNS_WILDCARD = '*' +const NODE_PATH_SEPARATOR = "\\"; +const MIN_ASCII_COL_WIDTH = 2; +const ALL_COLUMNS_WILDCARD = "*"; const HEADER_BY_COLUMN: Record = { - [UserColumn.Name]: 'Name', - [UserColumn.Status]: 'Status', - [UserColumn.TransferStatus]: 'Transfer Status', - [UserColumn.Node]: 'Node', - [UserColumn.TeamCount]: 'Team Count', - [UserColumn.Teams]: 'Teams', - [UserColumn.QueuedTeamCount]: 'Queued Team Count', - [UserColumn.QueuedTeams]: 'Queued Teams', - [UserColumn.RoleCount]: 'Role Count', - [UserColumn.Roles]: 'Roles', - [UserColumn.Alias]: 'Alias', - [UserColumn.TwoFaEnabled]: '2FA Enabled', -} + [UserColumn.Name]: "Name", + [UserColumn.Status]: "Status", + [UserColumn.TransferStatus]: "Transfer Status", + [UserColumn.Node]: "Node", + [UserColumn.TeamCount]: "Team Count", + [UserColumn.Teams]: "Teams", + [UserColumn.QueuedTeamCount]: "Queued Team Count", + [UserColumn.QueuedTeams]: "Queued Teams", + [UserColumn.RoleCount]: "Role Count", + [UserColumn.Roles]: "Roles", + [UserColumn.Alias]: "Alias", + [UserColumn.TwoFaEnabled]: "2FA Enabled", +}; type DecorateContext = { - nodePaths: Map - userTeams: Map> - userQueuedTeams: Map> - userRoles: Map> - teamNameByUid: Map - queuedTeamNameByUid: Map - roleNameById: Map - userAliases: Map -} - -export async function listUsers(auth: Auth, options: ListUsersOptions = {}): Promise { - const columns = resolveColumns(options.columns) - const includes = includesForColumns(columns) - const wantsDisplayNames = columns.includes(UserColumn.Node) - - const enterpriseData = new EnterpriseDataManager(auth) - const emptyDisplayNames: EnterpriseDisplayNames = { nodes: new Map(), roles: new Map() } - const [response, displayNames] = await Promise.all([ - enterpriseData.getData(includes), - wantsDisplayNames ? enterpriseData.getDisplayNames() : Promise.resolve(emptyDisplayNames), - ]) - - const nodes = response.nodes || [] - applyDecryptedNodeNames(nodes, displayNames.nodes) - - const context: DecorateContext = { - nodePaths: buildNodePathLookup(nodes), - userTeams: buildUserTeamMap(response.team_users || []), - userQueuedTeams: buildUserQueuedTeamMap(response.queued_team_users || []), - userRoles: buildUserRolesMap( - response.role_users || [], - response.role_teams || [], - response.team_users || [] - ), - teamNameByUid: buildTeamNameMap(response.teams || []), - queuedTeamNameByUid: buildTeamNameMap(response.queued_teams || []), - roleNameById: buildRoleNameMap(response.roles || [], displayNames.roles), - userAliases: buildUserAliasMap(response.user_aliases || []), - } - - const pattern = options.pattern?.trim() || null - const rows: ListUserRow[] = [] - for (const user of response.users || []) { - const row: ListUserRow = { - enterprise_user_id: user.enterprise_user_id, - username: user.username, - } - decorateRow(row, user, columns, context) - if (pattern && !rowMatchesPattern(row, pattern)) continue - rows.push(row) - } - - rows.sort((a, b) => a.username.localeCompare(b.username, undefined, { sensitivity: 'base' })) - return rows + nodePaths: Map; + userTeams: Map>; + userQueuedTeams: Map>; + userRoles: Map>; + teamNameByUid: Map; + queuedTeamNameByUid: Map; + roleNameById: Map; + userAliases: Map; +}; + +export async function listUsers( + auth: Auth, + options: ListUsersOptions = {}, +): Promise { + const columns = resolveColumns(options.columns); + const includes = includesForColumns(columns); + const wantsDisplayNames = columns.includes(UserColumn.Node); + + const enterpriseData = new EnterpriseDataManager(auth); + const emptyDisplayNames: EnterpriseDisplayNames = { + nodes: new Map(), + roles: new Map(), + }; + const [response, displayNames] = await Promise.all([ + enterpriseData.getData(includes), + wantsDisplayNames + ? enterpriseData.getDisplayNames() + : Promise.resolve(emptyDisplayNames), + ]); + + const nodes = response.nodes || []; + applyDecryptedNodeNames(nodes, displayNames.nodes); + + const context: DecorateContext = { + nodePaths: buildNodePathLookup(nodes), + userTeams: buildUserTeamMap(response.team_users || []), + userQueuedTeams: buildUserQueuedTeamMap(response.queued_team_users || []), + userRoles: buildUserRolesMap( + response.role_users || [], + response.role_teams || [], + response.team_users || [], + ), + teamNameByUid: buildTeamNameMap(response.teams || []), + queuedTeamNameByUid: buildTeamNameMap(response.queued_teams || []), + roleNameById: buildRoleNameMap(response.roles || [], displayNames.roles), + userAliases: buildUserAliasMap(response.user_aliases || []), + }; + + const pattern = options.pattern?.trim() || null; + const rows: ListUserRow[] = []; + for (const user of response.users || []) { + const row: ListUserRow = { + enterprise_user_id: user.enterprise_user_id, + username: user.username, + }; + decorateRow(row, user, columns, context); + if (pattern && !rowMatchesPattern(row, pattern)) continue; + rows.push(row); + } + + rows.sort((a, b) => + a.username.localeCompare(b.username, undefined, { sensitivity: "base" }), + ); + return rows; } export function formatUsersTable( - rows: ListUserRow[], - options: FormatUsersTableOptions = {} + rows: ListUserRow[], + options: FormatUsersTableOptions = {}, ): FormattedUsersTable { - const columns = resolveColumns(options.columns) - const headers: string[] = ['#', 'User ID', 'Email', ...columns.map((col) => HEADER_BY_COLUMN[col])] - - const outRows: string[][] = rows.map((row, idx) => { - const cells: string[] = [String(idx + 1), String(row.enterprise_user_id), row.username] - for (const col of columns) cells.push(formatCell(row, col)) - return cells - }) - - return { headers, rows: outRows } + const columns = resolveColumns(options.columns); + const headers: string[] = [ + "#", + "User ID", + "Email", + ...columns.map((col) => HEADER_BY_COLUMN[col]), + ]; + + const outRows: string[][] = rows.map((row, idx) => { + const cells: string[] = [ + String(idx + 1), + String(row.enterprise_user_id), + row.username, + ]; + for (const col of columns) cells.push(formatCell(row, col)); + return cells; + }); + + return { headers, rows: outRows }; } export function renderUsersAsciiTable( - table: FormattedUsersTable, - options: { minColWidth?: number } = {} + table: FormattedUsersTable, + options: { minColWidth?: number } = {}, ): string { - const { minColWidth = MIN_ASCII_COL_WIDTH } = options - const { headers, rows } = table - const columnCount = headers.length - - const expandedRows: string[][][] = rows.map((row) => - row.map((cell) => (cell.includes('\n') ? cell.split('\n') : [cell])) - ) - - const columnWidths = new Array(columnCount).fill(0) + const { minColWidth = MIN_ASCII_COL_WIDTH } = options; + const { headers, rows } = table; + const columnCount = headers.length; + + const expandedRows: string[][][] = rows.map((row) => + row.map((cell) => (cell.includes("\n") ? cell.split("\n") : [cell])), + ); + + const columnWidths = new Array(columnCount).fill(0); + for (let ci = 0; ci < columnCount; ci += 1) { + columnWidths[ci] = Math.max(headers[ci].length, minColWidth); + } + for (const row of expandedRows) { for (let ci = 0; ci < columnCount; ci += 1) { - columnWidths[ci] = Math.max(headers[ci].length, minColWidth) - } - for (const row of expandedRows) { - for (let ci = 0; ci < columnCount; ci += 1) { - for (const line of row[ci]) { - columnWidths[ci] = Math.max(columnWidths[ci], line.length, minColWidth) - } - } + for (const line of row[ci]) { + columnWidths[ci] = Math.max(columnWidths[ci], line.length, minColWidth); + } } + } - const padCell = (cell: string, ci: number): string => cell.padEnd(columnWidths[ci]) - const formatPhysicalRow = (cells: string[]): string => - cells.map((cell, ci) => padCell(cell, ci)).join(' ') + const padCell = (cell: string, ci: number): string => + cell.padEnd(columnWidths[ci]); + const formatPhysicalRow = (cells: string[]): string => + cells.map((cell, ci) => padCell(cell, ci)).join(" "); - const ruleRow = formatPhysicalRow(columnWidths.map((w) => '-'.repeat(w))) - const lines: string[] = [formatPhysicalRow(headers), ruleRow] + const ruleRow = formatPhysicalRow(columnWidths.map((w) => "-".repeat(w))); + const lines: string[] = [formatPhysicalRow(headers), ruleRow]; - for (const row of expandedRows) { - const physicalLineCount = Math.max(...row.map((cell) => cell.length)) - for (let li = 0; li < physicalLineCount; li += 1) { - lines.push(formatPhysicalRow(row.map((cell) => cell[li] ?? ''))) - } + for (const row of expandedRows) { + const physicalLineCount = Math.max(...row.map((cell) => cell.length)); + for (let li = 0; li < physicalLineCount; li += 1) { + lines.push(formatPhysicalRow(row.map((cell) => cell[li] ?? ""))); } - return lines.join('\n') + } + return lines.join("\n"); } -function includesForColumns(columns: readonly UserColumn[]): EnterpriseDataInclude[] { - const set = new Set([EnterpriseDataInclude.Users]) - for (const col of columns) { - switch (col) { - case UserColumn.Node: - set.add(EnterpriseDataInclude.Nodes) - break - case UserColumn.TeamCount: - set.add(EnterpriseDataInclude.TeamUsers) - break - case UserColumn.Teams: - set.add(EnterpriseDataInclude.TeamUsers) - set.add(EnterpriseDataInclude.Teams) - break - case UserColumn.QueuedTeamCount: - set.add(EnterpriseDataInclude.QueuedTeamUsers) - break - case UserColumn.QueuedTeams: - set.add(EnterpriseDataInclude.QueuedTeamUsers) - set.add(EnterpriseDataInclude.QueuedTeams) - set.add(EnterpriseDataInclude.Teams) - break - case UserColumn.RoleCount: - case UserColumn.Roles: - set.add(EnterpriseDataInclude.RoleUsers) - set.add(EnterpriseDataInclude.RoleTeams) - set.add(EnterpriseDataInclude.TeamUsers) - if (col === UserColumn.Roles) set.add(EnterpriseDataInclude.Roles) - break - case UserColumn.Alias: - set.add(EnterpriseDataInclude.UserAliases) - break - } +function includesForColumns( + columns: readonly UserColumn[], +): EnterpriseDataInclude[] { + const set = new Set([EnterpriseDataInclude.Users]); + for (const col of columns) { + switch (col) { + case UserColumn.Node: + set.add(EnterpriseDataInclude.Nodes); + break; + case UserColumn.TeamCount: + set.add(EnterpriseDataInclude.TeamUsers); + break; + case UserColumn.Teams: + set.add(EnterpriseDataInclude.TeamUsers); + set.add(EnterpriseDataInclude.Teams); + break; + case UserColumn.QueuedTeamCount: + set.add(EnterpriseDataInclude.QueuedTeamUsers); + break; + case UserColumn.QueuedTeams: + set.add(EnterpriseDataInclude.QueuedTeamUsers); + set.add(EnterpriseDataInclude.QueuedTeams); + set.add(EnterpriseDataInclude.Teams); + break; + case UserColumn.RoleCount: + case UserColumn.Roles: + set.add(EnterpriseDataInclude.RoleUsers); + set.add(EnterpriseDataInclude.RoleTeams); + set.add(EnterpriseDataInclude.TeamUsers); + if (col === UserColumn.Roles) set.add(EnterpriseDataInclude.Roles); + break; + case UserColumn.Alias: + set.add(EnterpriseDataInclude.UserAliases); + break; } - return Array.from(set) + } + return Array.from(set); } -function resolveColumns(input: ListUsersOptions['columns']): UserColumn[] { - if (input == null) return [...DEFAULT_USER_COLUMNS] - if (input === ALL_COLUMNS_WILDCARD) return [...SUPPORTED_USER_COLUMNS] - - const requested = Array.isArray(input) ? input : input.split(',').map((p) => p.trim()) - const allowed = new Set(SUPPORTED_USER_COLUMNS) - const seen = new Set() - for (const col of requested) { - if (col && allowed.has(col)) seen.add(col as UserColumn) - } - if (seen.size === 0) return [...DEFAULT_USER_COLUMNS] - return SUPPORTED_USER_COLUMNS.filter((col) => seen.has(col)) +function resolveColumns(input: ListUsersOptions["columns"]): UserColumn[] { + if (input == null) return [...DEFAULT_USER_COLUMNS]; + if (input === ALL_COLUMNS_WILDCARD) return [...SUPPORTED_USER_COLUMNS]; + + const requested = Array.isArray(input) + ? input + : input.split(",").map((p) => p.trim()); + const allowed = new Set(SUPPORTED_USER_COLUMNS); + const seen = new Set(); + for (const col of requested) { + if (col && allowed.has(col)) seen.add(col as UserColumn); + } + if (seen.size === 0) return [...DEFAULT_USER_COLUMNS]; + return SUPPORTED_USER_COLUMNS.filter((col) => seen.has(col)); } function rowMatchesPattern(row: ListUserRow, pattern: string): boolean { - const lowered = pattern.toLowerCase() - const tokens: string[] = [String(row.enterprise_user_id)] - - const addText = (value: string | undefined): void => { - if (value) tokens.push(...value.toLowerCase().split(TOKEN_SEPARATOR_PATTERN).filter(Boolean)) - } - const addList = (values: string[] | undefined): void => { - values?.forEach((v) => addText(v)) - } - - addText(row.username) - addText(row.name) - addText(row.status) - addText(row.transfer_status) - addText(row.node) - if (row.team_count != null) tokens.push(String(row.team_count)) - if (row.queued_team_count != null) tokens.push(String(row.queued_team_count)) - if (row.role_count != null) tokens.push(String(row.role_count)) - if (row.tfa_enabled != null) tokens.push(String(row.tfa_enabled)) - addList(row.teams) - addList(row.queued_teams) - addList(row.roles) - addList(row.alias) - - return tokens.some((t) => t.includes(lowered)) + const lowered = pattern.toLowerCase(); + const tokens: string[] = [String(row.enterprise_user_id)]; + + const addText = (value: string | undefined): void => { + if (value) + tokens.push( + ...value.toLowerCase().split(TOKEN_SEPARATOR_PATTERN).filter(Boolean), + ); + }; + const addList = (values: string[] | undefined): void => { + values?.forEach((v) => addText(v)); + }; + + addText(row.username); + addText(row.name); + addText(row.status); + addText(row.transfer_status); + addText(row.node); + if (row.team_count != null) tokens.push(String(row.team_count)); + if (row.queued_team_count != null) tokens.push(String(row.queued_team_count)); + if (row.role_count != null) tokens.push(String(row.role_count)); + if (row.tfa_enabled != null) tokens.push(String(row.tfa_enabled)); + addList(row.teams); + addList(row.queued_teams); + addList(row.roles); + addList(row.alias); + + return tokens.some((t) => t.includes(lowered)); } function buildNodePathLookup(nodes: EnterpriseNode[]): Map { - return new Map( - nodes.map((node) => [ - node.node_id, - EnterpriseDataManager.getNodePath(nodes, node.node_id, { - omitRoot: true, - separator: NODE_PATH_SEPARATOR, - }), - ]) - ) + return new Map( + nodes.map((node) => [ + node.node_id, + EnterpriseDataManager.getNodePath(nodes, node.node_id, { + omitRoot: true, + separator: NODE_PATH_SEPARATOR, + }), + ]), + ); } -function buildUserTeamMap(links: EnterpriseTeamUserLink[]): Map> { - const map = new Map>() - for (const link of links) { - if (!link.team_uid) continue - const set = map.get(link.enterprise_user_id) - if (set) set.add(link.team_uid) - else map.set(link.enterprise_user_id, new Set([link.team_uid])) - } - return map +function buildUserTeamMap( + links: EnterpriseTeamUserLink[], +): Map> { + const map = new Map>(); + for (const link of links) { + if (!link.team_uid) continue; + const set = map.get(link.enterprise_user_id); + if (set) set.add(link.team_uid); + else map.set(link.enterprise_user_id, new Set([link.team_uid])); + } + return map; } -function buildUserQueuedTeamMap(links: EnterpriseQueuedTeamUserLink[]): Map> { - const map = new Map>() - for (const link of links) { - if (!link.team_uid) continue - const set = map.get(link.enterprise_user_id) - if (set) set.add(link.team_uid) - else map.set(link.enterprise_user_id, new Set([link.team_uid])) - } - return map +function buildUserQueuedTeamMap( + links: EnterpriseQueuedTeamUserLink[], +): Map> { + const map = new Map>(); + for (const link of links) { + if (!link.team_uid) continue; + const set = map.get(link.enterprise_user_id); + if (set) set.add(link.team_uid); + else map.set(link.enterprise_user_id, new Set([link.team_uid])); + } + return map; } function buildUserRolesMap( - roleUsers: EnterpriseRoleUserLink[], - roleTeams: EnterpriseRoleTeamLink[], - teamUsers: EnterpriseTeamUserLink[] + roleUsers: EnterpriseRoleUserLink[], + roleTeams: EnterpriseRoleTeamLink[], + teamUsers: EnterpriseTeamUserLink[], ): Map> { - const map = new Map>() - - for (const link of roleUsers) { - const set = map.get(link.enterprise_user_id) - if (set) set.add(link.role_id) - else map.set(link.enterprise_user_id, new Set([link.role_id])) + const map = new Map>(); + + for (const link of roleUsers) { + const set = map.get(link.enterprise_user_id); + if (set) set.add(link.role_id); + else map.set(link.enterprise_user_id, new Set([link.role_id])); + } + + const rolesForTeam = new Map>(); + for (const link of roleTeams) { + if (!link.team_uid) continue; + const set = rolesForTeam.get(link.team_uid); + if (set) set.add(link.role_id); + else rolesForTeam.set(link.team_uid, new Set([link.role_id])); + } + + for (const link of teamUsers) { + if (!link.team_uid) continue; + const teamRoles = rolesForTeam.get(link.team_uid); + if (!teamRoles) continue; + const userRoles = map.get(link.enterprise_user_id); + if (userRoles) { + for (const roleId of teamRoles) userRoles.add(roleId); + } else { + map.set(link.enterprise_user_id, new Set(teamRoles)); } + } - const rolesForTeam = new Map>() - for (const link of roleTeams) { - if (!link.team_uid) continue - const set = rolesForTeam.get(link.team_uid) - if (set) set.add(link.role_id) - else rolesForTeam.set(link.team_uid, new Set([link.role_id])) - } - - for (const link of teamUsers) { - if (!link.team_uid) continue - const teamRoles = rolesForTeam.get(link.team_uid) - if (!teamRoles) continue - const userRoles = map.get(link.enterprise_user_id) - if (userRoles) { - for (const roleId of teamRoles) userRoles.add(roleId) - } else { - map.set(link.enterprise_user_id, new Set(teamRoles)) - } - } - - return map + return map; } -function buildTeamNameMap(teams: Array): Map { - const map = new Map() - for (const team of teams) { - if (team.team_uid) map.set(team.team_uid, (team.name || team.team_uid).trim() || team.team_uid) - } - return map +function buildTeamNameMap( + teams: Array, +): Map { + const map = new Map(); + for (const team of teams) { + if (team.team_uid) + map.set( + team.team_uid, + (team.name || team.team_uid).trim() || team.team_uid, + ); + } + return map; } -function buildRoleNameMap(roles: EnterpriseRole[], decrypted: Map): Map { - const map = new Map() - for (const role of roles) { - if (!isNumber(role.role_id)) continue - const display = (role.displayName || decrypted.get(role.role_id) || '').trim() - map.set(role.role_id, display || String(role.role_id)) - } - return map +function buildRoleNameMap( + roles: EnterpriseRole[], + decrypted: Map, +): Map { + const map = new Map(); + for (const role of roles) { + if (!isNumber(role.role_id)) continue; + const display = ( + role.displayName || + decrypted.get(role.role_id) || + "" + ).trim(); + map.set(role.role_id, display || String(role.role_id)); + } + return map; } -function buildUserAliasMap(links: EnterpriseUserAliasLink[]): Map { - const map = new Map>() - for (const link of links) { - if (!link.username) continue - const set = map.get(link.enterprise_user_id) - if (set) set.add(link.username) - else map.set(link.enterprise_user_id, new Set([link.username])) - } - const result = new Map() - for (const [userId, aliases] of map) { - result.set(userId, [...aliases].sort((a, b) => a.localeCompare(b, undefined, { sensitivity: 'base' }))) - } - return result +function buildUserAliasMap( + links: EnterpriseUserAliasLink[], +): Map { + const map = new Map>(); + for (const link of links) { + if (!link.username) continue; + const set = map.get(link.enterprise_user_id); + if (set) set.add(link.username); + else map.set(link.enterprise_user_id, new Set([link.username])); + } + const result = new Map(); + for (const [userId, aliases] of map) { + result.set( + userId, + [...aliases].sort((a, b) => + a.localeCompare(b, undefined, { sensitivity: "base" }), + ), + ); + } + return result; } -function resolveSortedNames(keys: Set, nameByKey: Map): string[] { - const names: string[] = [] - for (const key of keys) { - const name = nameByKey.get(key) - if (name) names.push(name) - } - return names.sort((a, b) => a.localeCompare(b, undefined, { sensitivity: 'base' })) +function resolveSortedNames( + keys: Set, + nameByKey: Map, +): string[] { + const names: string[] = []; + for (const key of keys) { + const name = nameByKey.get(key); + if (name) names.push(name); + } + return names.sort((a, b) => + a.localeCompare(b, undefined, { sensitivity: "base" }), + ); } function resolveQueuedTeamNames( - teamUids: Set, - teamNameByUid: Map, - queuedTeamNameByUid: Map + teamUids: Set, + teamNameByUid: Map, + queuedTeamNameByUid: Map, ): string[] { - const names = new Set() - for (const uid of teamUids) { - const fromTeams = teamNameByUid.get(uid) - if (fromTeams) names.add(fromTeams) - const fromQueued = queuedTeamNameByUid.get(uid) - if (fromQueued) names.add(fromQueued) - } - return [...names].sort((a, b) => a.localeCompare(b, undefined, { sensitivity: 'base' })) + const names = new Set(); + for (const uid of teamUids) { + const fromTeams = teamNameByUid.get(uid); + if (fromTeams) names.add(fromTeams); + const fromQueued = queuedTeamNameByUid.get(uid); + if (fromQueued) names.add(fromQueued); + } + return [...names].sort((a, b) => + a.localeCompare(b, undefined, { sensitivity: "base" }), + ); } function decorateRow( - row: ListUserRow, - user: EnterpriseUser, - columns: readonly UserColumn[], - ctx: DecorateContext + row: ListUserRow, + user: EnterpriseUser, + columns: readonly UserColumn[], + ctx: DecorateContext, ): void { - for (const col of columns) { - switch (col) { - case UserColumn.Name: - row.name = (user.full_name || '').trim() - break - case UserColumn.Status: - row.status = formatUserStatus(user) - break - case UserColumn.TransferStatus: - row.transfer_status = formatTransferStatus(user) - break - case UserColumn.Node: - row.node = user.node_id != null ? (ctx.nodePaths.get(user.node_id) ?? '') : '' - break - case UserColumn.TeamCount: - row.team_count = ctx.userTeams.get(user.enterprise_user_id)?.size ?? 0 - break - case UserColumn.Teams: { - const teamUids = ctx.userTeams.get(user.enterprise_user_id) - row.teams = teamUids ? resolveSortedNames(teamUids, ctx.teamNameByUid) : [] - break - } - case UserColumn.QueuedTeamCount: - row.queued_team_count = ctx.userQueuedTeams.get(user.enterprise_user_id)?.size ?? 0 - break - case UserColumn.QueuedTeams: { - const queuedUids = ctx.userQueuedTeams.get(user.enterprise_user_id) - row.queued_teams = queuedUids - ? resolveQueuedTeamNames(queuedUids, ctx.teamNameByUid, ctx.queuedTeamNameByUid) - : [] - break - } - case UserColumn.RoleCount: - row.role_count = ctx.userRoles.get(user.enterprise_user_id)?.size ?? 0 - break - case UserColumn.Roles: { - const roleIds = ctx.userRoles.get(user.enterprise_user_id) - row.roles = roleIds ? resolveSortedNames(roleIds, ctx.roleNameById) : [] - break - } - case UserColumn.Alias: { - const aliases = ctx.userAliases.get(user.enterprise_user_id) - row.alias = aliases - ? aliases.filter((a) => a.toLowerCase() !== user.username.toLowerCase()) - : [] - break - } - case UserColumn.TwoFaEnabled: - row.tfa_enabled = user.tfa_enabled ?? false - break - } + for (const col of columns) { + switch (col) { + case UserColumn.Name: + row.name = (user.full_name || "").trim(); + break; + case UserColumn.Status: + row.status = formatUserStatus(user); + break; + case UserColumn.TransferStatus: + row.transfer_status = formatTransferStatus(user); + break; + case UserColumn.Node: + row.node = + user.node_id != null ? (ctx.nodePaths.get(user.node_id) ?? "") : ""; + break; + case UserColumn.TeamCount: + row.team_count = ctx.userTeams.get(user.enterprise_user_id)?.size ?? 0; + break; + case UserColumn.Teams: { + const teamUids = ctx.userTeams.get(user.enterprise_user_id); + row.teams = teamUids + ? resolveSortedNames(teamUids, ctx.teamNameByUid) + : []; + break; + } + case UserColumn.QueuedTeamCount: + row.queued_team_count = + ctx.userQueuedTeams.get(user.enterprise_user_id)?.size ?? 0; + break; + case UserColumn.QueuedTeams: { + const queuedUids = ctx.userQueuedTeams.get(user.enterprise_user_id); + row.queued_teams = queuedUids + ? resolveQueuedTeamNames( + queuedUids, + ctx.teamNameByUid, + ctx.queuedTeamNameByUid, + ) + : []; + break; + } + case UserColumn.RoleCount: + row.role_count = ctx.userRoles.get(user.enterprise_user_id)?.size ?? 0; + break; + case UserColumn.Roles: { + const roleIds = ctx.userRoles.get(user.enterprise_user_id); + row.roles = roleIds + ? resolveSortedNames(roleIds, ctx.roleNameById) + : []; + break; + } + case UserColumn.Alias: { + const aliases = ctx.userAliases.get(user.enterprise_user_id); + row.alias = aliases + ? aliases.filter( + (a) => a.toLowerCase() !== user.username.toLowerCase(), + ) + : []; + break; + } + case UserColumn.TwoFaEnabled: + row.tfa_enabled = user.tfa_enabled ?? false; + break; } + } } function formatListCell(values: string[] | undefined): string { - return values && values.length > 0 ? values.join('\n') : '' + return values && values.length > 0 ? values.join("\n") : ""; } function formatCell(row: ListUserRow, col: UserColumn): string { - switch (col) { - case UserColumn.Name: return row.name ?? '' - case UserColumn.Status: return row.status ?? '' - case UserColumn.TransferStatus: return row.transfer_status ?? '' - case UserColumn.Node: return row.node ?? '' - case UserColumn.TeamCount: return row.team_count == null ? '' : String(row.team_count) - case UserColumn.Teams: return formatListCell(row.teams) - case UserColumn.QueuedTeamCount: return row.queued_team_count == null ? '' : String(row.queued_team_count) - case UserColumn.QueuedTeams: return formatListCell(row.queued_teams) - case UserColumn.RoleCount: return row.role_count == null ? '' : String(row.role_count) - case UserColumn.Roles: return formatListCell(row.roles) - case UserColumn.Alias: return formatListCell(row.alias) - case UserColumn.TwoFaEnabled: return row.tfa_enabled == null ? '' : String(row.tfa_enabled) - } + switch (col) { + case UserColumn.Name: + return row.name ?? ""; + case UserColumn.Status: + return row.status ?? ""; + case UserColumn.TransferStatus: + return row.transfer_status ?? ""; + case UserColumn.Node: + return row.node ?? ""; + case UserColumn.TeamCount: + return row.team_count == null ? "" : String(row.team_count); + case UserColumn.Teams: + return formatListCell(row.teams); + case UserColumn.QueuedTeamCount: + return row.queued_team_count == null ? "" : String(row.queued_team_count); + case UserColumn.QueuedTeams: + return formatListCell(row.queued_teams); + case UserColumn.RoleCount: + return row.role_count == null ? "" : String(row.role_count); + case UserColumn.Roles: + return formatListCell(row.roles); + case UserColumn.Alias: + return formatListCell(row.alias); + case UserColumn.TwoFaEnabled: + return row.tfa_enabled == null ? "" : String(row.tfa_enabled); + } } diff --git a/KeeperSdk/src/users/teamUser.ts b/KeeperSdk/src/users/teamUser.ts index 93d7838f..4e8f6e23 100644 --- a/KeeperSdk/src/users/teamUser.ts +++ b/KeeperSdk/src/users/teamUser.ts @@ -1,699 +1,876 @@ import { - type Auth, - type Authentication, - Enterprise, - type KeeperResponse, - type RestCommand, - decryptKey, - getPublicKeysMessage, - normal64Bytes, - platform, - teamQueueUserCommand, - teamsEnterpriseUsersAdd, - teamsEnterpriseUsersRemove, - webSafe64FromBytes, -} from '@keeper-security/keeperapi' -import { extractErrorMessage, isNumber, KeeperSdkError, logger, ResultCodes } from '../utils' + type Auth, + type Authentication, + Enterprise, + type KeeperResponse, + type RestCommand, + decryptKey, + getPublicKeysMessage, + normal64Bytes, + platform, + teamQueueUserCommand, + teamsEnterpriseUsersAdd, + teamsEnterpriseUsersRemove, + webSafe64FromBytes, +} from "@keeper-security/keeperapi"; import { - EnterpriseDataInclude, - EnterpriseDataManager, - type EnterpriseQueuedTeamRecord, - type EnterpriseTeamRecord, - type EnterpriseUser, - type EnterpriseTeamUserLink, -} from '../teams/enterpriseData' -import { resolveExistingTeams } from '../teams/teamUtils' + extractErrorMessage, + isNumber, + KeeperSdkError, + logger, + ResultCodes, +} from "../utils"; import { - normalizeEmailInputs, - resolveExistingUsers, - EnterpriseUserStatus, - TeamUserStatus, - TeamUserSkipReason, - type AddUsersToTeamsInput, - type RemoveUsersFromTeamsInput, - type TeamUserItemResult, - type TeamUserResult, - type FormattedTeamUserTable, -} from './userTypes' - -export { TeamUserStatus, TeamUserSkipReason } + EnterpriseDataInclude, + EnterpriseDataManager, + type EnterpriseQueuedTeamRecord, + type EnterpriseTeamRecord, + type EnterpriseUser, + type EnterpriseTeamUserLink, +} from "../teams/enterpriseData"; +import { resolveExistingTeams } from "../teams/teamUtils"; +import { + normalizeEmailInputs, + resolveExistingUsers, + EnterpriseUserStatus, + TeamUserStatus, + TeamUserSkipReason, + type AddUsersToTeamsInput, + type RemoveUsersFromTeamsInput, + type TeamUserItemResult, + type TeamUserResult, + type FormattedTeamUserTable, +} from "./userTypes"; + +export { TeamUserStatus, TeamUserSkipReason }; export type { - AddUsersToTeamsInput, - RemoveUsersFromTeamsInput, - TeamUserItemResult, - TeamUserResult, - FormattedTeamUserTable, -} - -const SUCCESS_RESULT = 'success' -const MAX_TEAM_USERS_PER_REQUEST = 1000 -const MAX_USERS_PER_OPERATION = MAX_TEAM_USERS_PER_REQUEST -const MAX_TEAMS_PER_OPERATION = 100 -const MAX_RESPONSE_MESSAGE_LENGTH = 500 -const UNEXPECTED_TEAM_RESPONSE_MESSAGE = 'Unexpected API response: no team results returned' -const MISSING_TEAM_RESPONSE_MESSAGE = 'Team add response missing for this team' -const UNEXPECTED_REMOVE_RESPONSE_MESSAGE = 'Unexpected API response: no remove results returned' -const MISSING_REMOVE_RESPONSE_MESSAGE = 'Team remove response missing for this user' + AddUsersToTeamsInput, + RemoveUsersFromTeamsInput, + TeamUserItemResult, + TeamUserResult, + FormattedTeamUserTable, +}; + +const SUCCESS_RESULT = "success"; +const MAX_TEAM_USERS_PER_REQUEST = 1000; +const MAX_USERS_PER_OPERATION = MAX_TEAM_USERS_PER_REQUEST; +const MAX_TEAMS_PER_OPERATION = 100; +const MAX_RESPONSE_MESSAGE_LENGTH = 500; +const UNEXPECTED_TEAM_RESPONSE_MESSAGE = + "Unexpected API response: no team results returned"; +const MISSING_TEAM_RESPONSE_MESSAGE = "Team add response missing for this team"; +const UNEXPECTED_REMOVE_RESPONSE_MESSAGE = + "Unexpected API response: no remove results returned"; +const MISSING_REMOVE_RESPONSE_MESSAGE = + "Team remove response missing for this user"; const TEAM_USER_INCLUDES: EnterpriseDataInclude[] = [ - EnterpriseDataInclude.Users, - EnterpriseDataInclude.Teams, - EnterpriseDataInclude.QueuedTeams, - EnterpriseDataInclude.TeamUsers, - EnterpriseDataInclude.QueuedTeamUsers, -] - -const TEAM_USER_TABLE_HEADERS = ['#', 'Status', 'User Email', 'User ID', 'Team Name', 'Team UID', 'Detail'] - -type ResolvedTeam = Pick + EnterpriseDataInclude.Users, + EnterpriseDataInclude.Teams, + EnterpriseDataInclude.QueuedTeams, + EnterpriseDataInclude.TeamUsers, + EnterpriseDataInclude.QueuedTeamUsers, +]; + +const TEAM_USER_TABLE_HEADERS = [ + "#", + "Status", + "User Email", + "User ID", + "Team Name", + "Team UID", + "Detail", +]; + +type ResolvedTeam = Pick< + EnterpriseTeamRecord, + "team_uid" | "name" | "encrypted_team_key" +>; type UserPublicKeys = { - rsaPublicKey: Uint8Array | null - eccPublicKey: Uint8Array | null - errorCode?: string - message?: string -} + rsaPublicKey: Uint8Array | null; + eccPublicKey: Uint8Array | null; + errorCode?: string; + message?: string; +}; type EncryptedTeamKey = { - key: Uint8Array - keyType: Enterprise.EncryptedKeyType -} + key: Uint8Array; + keyType: Enterprise.EncryptedKeyType; +}; type PreparedBatchUser = { - user: EnterpriseUser - encryptedKey: EncryptedTeamKey -} + user: EnterpriseUser; + encryptedKey: EncryptedTeamKey; +}; type PreparedBatchTeam = { - team: ResolvedTeam - prepared: PreparedBatchUser[] -} + team: ResolvedTeam; + prepared: PreparedBatchUser[]; +}; type TeamUserContext = { - enterpriseData: EnterpriseDataManager - teams: ResolvedTeam[] - users: EnterpriseUser[] - membership: Set -} + enterpriseData: EnterpriseDataManager; + teams: ResolvedTeam[]; + users: EnterpriseUser[]; + membership: Set; +}; -type InvitedQueueEntry = { user: EnterpriseUser; team: ResolvedTeam } +type InvitedQueueEntry = { user: EnterpriseUser; team: ResolvedTeam }; type AddBatchPreparation = { - items: TeamUserItemResult[] - batchTeams: PreparedBatchTeam[] - invitedQueue: InvitedQueueEntry[] -} + items: TeamUserItemResult[]; + batchTeams: PreparedBatchTeam[]; + invitedQueue: InvitedQueueEntry[]; +}; -type PreparedRemoveEntry = { user: EnterpriseUser; team: ResolvedTeam } +type PreparedRemoveEntry = { user: EnterpriseUser; team: ResolvedTeam }; type RemoveBatchPreparation = { - items: TeamUserItemResult[] - toRemove: PreparedRemoveEntry[] -} + items: TeamUserItemResult[]; + toRemove: PreparedRemoveEntry[]; +}; -type TeamUserItemBase = Omit +type TeamUserItemBase = Omit; -const membershipKey = (userId: number, teamUid: string): string => `${userId}:${teamUid}` +const membershipKey = (userId: number, teamUid: string): string => + `${userId}:${teamUid}`; -const buildItemBase = (user: EnterpriseUser, team: ResolvedTeam): TeamUserItemBase => ({ - username: user.username, - enterpriseUserId: user.enterprise_user_id, - teamUid: team.team_uid, - teamName: team.name, -}) +const buildItemBase = ( + user: EnterpriseUser, + team: ResolvedTeam, +): TeamUserItemBase => ({ + username: user.username, + enterpriseUserId: user.enterprise_user_id, + teamUid: team.team_uid, + teamName: team.name, +}); const toResolvedTeam = (team: EnterpriseTeamRecord): ResolvedTeam => ({ - team_uid: team.team_uid, - name: team.name, - encrypted_team_key: team.encrypted_team_key, -}) - -const toQueuedTeamRecord = (team: EnterpriseQueuedTeamRecord): EnterpriseTeamRecord => ({ - team_uid: team.team_uid, - name: team.name, - node_id: team.node_id, -}) - -const toPublicKeyBytes = (value: Uint8Array | null | undefined): Uint8Array | null => - value && value.length > 0 ? value : null + team_uid: team.team_uid, + name: team.name, + encrypted_team_key: team.encrypted_team_key, +}); + +const toQueuedTeamRecord = ( + team: EnterpriseQueuedTeamRecord, +): EnterpriseTeamRecord => ({ + team_uid: team.team_uid, + name: team.name, + node_id: team.node_id, +}); + +const toPublicKeyBytes = ( + value: Uint8Array | null | undefined, +): Uint8Array | null => (value && value.length > 0 ? value : null); const normalizeTeamIdentifiers = (teams: string[] | undefined): string[] => - (teams || []).map((t) => t.trim()).filter((t) => t.length > 0) + (teams || []).map((t) => t.trim()).filter((t) => t.length > 0); function buildMembershipSet( - teamUsers: EnterpriseTeamUserLink[] | undefined, - queuedTeamUsers: EnterpriseTeamUserLink[] | undefined + teamUsers: EnterpriseTeamUserLink[] | undefined, + queuedTeamUsers: EnterpriseTeamUserLink[] | undefined, ): Set { - const membership = new Set() - for (const link of [...(teamUsers || []), ...(queuedTeamUsers || [])]) { - membership.add(membershipKey(link.enterprise_user_id, link.team_uid)) - } - return membership -} - -async function fetchUserPublicKeys(auth: Auth, emails: string[]): Promise> { - const result = new Map() - if (emails.length === 0) return result - - let response: Authentication.IGetPublicKeysResponse - try { - response = await auth.executeRest(getPublicKeysMessage({ usernames: emails })) - } catch (err) { - throw new KeeperSdkError( - `Failed to fetch public keys: ${extractErrorMessage(err)}`, - ResultCodes.TEAM_USER_ADD_FAILED - ) - } - - for (const entry of response.keyResponses || []) { - const username = (entry.username || '').toLowerCase() - if (!username) continue - result.set(username, { - rsaPublicKey: toPublicKeyBytes(entry.publicKey ?? undefined), - eccPublicKey: toPublicKeyBytes(entry.publicEccKey ?? undefined), - errorCode: entry.errorCode || undefined, - message: entry.message || undefined, - }) - } - return result + const membership = new Set(); + for (const link of [...(teamUsers || []), ...(queuedTeamUsers || [])]) { + membership.add(membershipKey(link.enterprise_user_id, link.team_uid)); + } + return membership; +} + +async function fetchUserPublicKeys( + auth: Auth, + emails: string[], +): Promise> { + const result = new Map(); + if (emails.length === 0) return result; + + let response: Authentication.IGetPublicKeysResponse; + try { + response = await auth.executeRest( + getPublicKeysMessage({ usernames: emails }), + ); + } catch (err) { + throw new KeeperSdkError( + `Failed to fetch public keys: ${extractErrorMessage(err)}`, + ResultCodes.TEAM_USER_ADD_FAILED, + ); + } + + for (const entry of response.keyResponses || []) { + const username = (entry.username || "").toLowerCase(); + if (!username) continue; + result.set(username, { + rsaPublicKey: toPublicKeyBytes(entry.publicKey ?? undefined), + eccPublicKey: toPublicKeyBytes(entry.publicEccKey ?? undefined), + errorCode: entry.errorCode || undefined, + message: entry.message || undefined, + }); + } + return result; } async function encryptTeamKeyForUser( - teamKey: Uint8Array, - publicKeys: UserPublicKeys + teamKey: Uint8Array, + publicKeys: UserPublicKeys, ): Promise { - if (publicKeys.rsaPublicKey) { - return { - key: platform.publicEncrypt(teamKey, platform.bytesToBase64(publicKeys.rsaPublicKey)), - keyType: Enterprise.EncryptedKeyType.KT_ENCRYPTED_BY_PUBLIC_KEY, - } - } + if (publicKeys.rsaPublicKey) { return { - key: await platform.publicEncryptEC(teamKey, publicKeys.eccPublicKey as Uint8Array), - keyType: Enterprise.EncryptedKeyType.KT_ENCRYPTED_BY_PUBLIC_KEY_ECC, - } + key: platform.publicEncrypt( + teamKey, + platform.bytesToBase64(publicKeys.rsaPublicKey), + ), + keyType: Enterprise.EncryptedKeyType.KT_ENCRYPTED_BY_PUBLIC_KEY, + }; + } + return { + key: await platform.publicEncryptEC( + teamKey, + publicKeys.eccPublicKey as Uint8Array, + ), + keyType: Enterprise.EncryptedKeyType.KT_ENCRYPTED_BY_PUBLIC_KEY_ECC, + }; } async function getDecryptedTeamKey( - team: ResolvedTeam, - treeKey: Uint8Array, - cache: Map + team: ResolvedTeam, + treeKey: Uint8Array, + cache: Map, ): Promise { - if (cache.has(team.team_uid)) return cache.get(team.team_uid) ?? null - if (!team.encrypted_team_key) { - cache.set(team.team_uid, null) - return null - } - try { - const key = await decryptKey(team.encrypted_team_key, treeKey) - cache.set(team.team_uid, key) - return key - } catch (err) { - logger.warn(`Could not decrypt key for team "${team.name}": ${extractErrorMessage(err)}`) - cache.set(team.team_uid, null) - return null - } + if (cache.has(team.team_uid)) return cache.get(team.team_uid) ?? null; + if (!team.encrypted_team_key) { + cache.set(team.team_uid, null); + return null; + } + try { + const key = await decryptKey(team.encrypted_team_key, treeKey); + cache.set(team.team_uid, key); + return key; + } catch (err) { + logger.warn( + `Could not decrypt key for team "${team.name}": ${extractErrorMessage(err)}`, + ); + cache.set(team.team_uid, null); + return null; + } } async function loadTeamUserContext( - auth: Auth, - rawUsers: string[], - rawTeams: string[] + auth: Auth, + rawUsers: string[], + rawTeams: string[], ): Promise { - const emails = normalizeEmailInputs(rawUsers) - if (emails.length === 0) { - throw new KeeperSdkError('No users provided.', ResultCodes.NO_USERS_TO_UPDATE) - } - const teamIdentifiers = normalizeTeamIdentifiers(rawTeams) - if (teamIdentifiers.length === 0) { - throw new KeeperSdkError('No teams provided.', ResultCodes.NO_TEAMS_FOR_USER_OP) - } - validateOperationLimits(emails.length, teamIdentifiers.length) - - const enterpriseData = new EnterpriseDataManager(auth) - const response = await enterpriseData.getData(TEAM_USER_INCLUDES) - const queuedTeams = (response.queued_teams || []).map(toQueuedTeamRecord) - - return { - enterpriseData, - teams: resolveExistingTeams(response.teams || [], teamIdentifiers, queuedTeams).map(toResolvedTeam), - users: resolveExistingUsers(response.users || [], emails), - membership: buildMembershipSet(response.team_users, response.queued_team_users), - } -} - -function determineUserType(hideSharedFolders: boolean | undefined): Enterprise.TeamUserType | undefined { - if (hideSharedFolders === true) return Enterprise.TeamUserType.ADMIN_ONLY - if (hideSharedFolders === false) return Enterprise.TeamUserType.USER - return undefined -} - -function pickPublicKeyError(publicKeys: UserPublicKeys | undefined, username: string): string { - return publicKeys?.message || publicKeys?.errorCode || `No public key for "${username}"` -} - -function hasUsablePublicKey(publicKeys: UserPublicKeys | undefined): publicKeys is UserPublicKeys { - return !!publicKeys && !publicKeys.errorCode && !!(publicKeys.eccPublicKey || publicKeys.rsaPublicKey) + const emails = normalizeEmailInputs(rawUsers); + if (emails.length === 0) { + throw new KeeperSdkError( + "No users provided.", + ResultCodes.NO_USERS_TO_UPDATE, + ); + } + const teamIdentifiers = normalizeTeamIdentifiers(rawTeams); + if (teamIdentifiers.length === 0) { + throw new KeeperSdkError( + "No teams provided.", + ResultCodes.NO_TEAMS_FOR_USER_OP, + ); + } + validateOperationLimits(emails.length, teamIdentifiers.length); + + const enterpriseData = new EnterpriseDataManager(auth); + const response = await enterpriseData.getData(TEAM_USER_INCLUDES); + const queuedTeams = (response.queued_teams || []).map(toQueuedTeamRecord); + + return { + enterpriseData, + teams: resolveExistingTeams( + response.teams || [], + teamIdentifiers, + queuedTeams, + ).map(toResolvedTeam), + users: resolveExistingUsers(response.users || [], emails), + membership: buildMembershipSet( + response.team_users, + response.queued_team_users, + ), + }; +} + +function determineUserType( + hideSharedFolders: boolean | undefined, +): Enterprise.TeamUserType | undefined { + if (hideSharedFolders === true) return Enterprise.TeamUserType.ADMIN_ONLY; + if (hideSharedFolders === false) return Enterprise.TeamUserType.USER; + return undefined; +} + +function pickPublicKeyError( + publicKeys: UserPublicKeys | undefined, + username: string, +): string { + return ( + publicKeys?.message || + publicKeys?.errorCode || + `No public key for "${username}"` + ); +} + +function hasUsablePublicKey( + publicKeys: UserPublicKeys | undefined, +): publicKeys is UserPublicKeys { + return ( + !!publicKeys && + !publicKeys.errorCode && + !!(publicKeys.eccPublicKey || publicKeys.rsaPublicKey) + ); } function sanitizeResponseMessage(value: string): string { - return value.replace(/[\u0000-\u0008\u000B\u000C\u000E-\u001F\u007F]/g, '').slice(0, MAX_RESPONSE_MESSAGE_LENGTH) + return value + .replace(/[\u0000-\u0008\u000B\u000C\u000E-\u001F\u007F]/g, "") + .slice(0, MAX_RESPONSE_MESSAGE_LENGTH); } function pickResponseError( - message?: string | null, - resultCode?: string | null, - additionalInfo?: string | null, - fallback?: string + message?: string | null, + resultCode?: string | null, + additionalInfo?: string | null, + fallback?: string, ): string | undefined { - for (const candidate of [message, resultCode, additionalInfo, fallback]) { - if (typeof candidate === 'string' && candidate.trim().length > 0) { - return sanitizeResponseMessage(candidate.trim()) - } + for (const candidate of [message, resultCode, additionalInfo, fallback]) { + if (typeof candidate === "string" && candidate.trim().length > 0) { + return sanitizeResponseMessage(candidate.trim()); } - return undefined + } + return undefined; } function toEnterpriseUserId(value: unknown): number | null { - const id = typeof value === 'number' ? value : Number(value) - return isNumber(id) && id > 0 ? Math.trunc(id) : null + const id = typeof value === "number" ? value : Number(value); + return isNumber(id) && id > 0 ? Math.trunc(id) : null; } function validateOperationLimits(userCount: number, teamCount: number): void { - if (userCount > MAX_USERS_PER_OPERATION) { - throw new KeeperSdkError( - `Cannot process more than ${MAX_USERS_PER_OPERATION} users at once.`, - ResultCodes.NO_USERS_TO_UPDATE - ) - } - if (teamCount > MAX_TEAMS_PER_OPERATION) { - throw new KeeperSdkError( - `Cannot process more than ${MAX_TEAMS_PER_OPERATION} teams at once.`, - ResultCodes.NO_TEAMS_FOR_USER_OP - ) - } -} - -function validateBatchEntryCount(count: number, operation: 'add' | 'remove'): void { - if (count > MAX_TEAM_USERS_PER_REQUEST) { - const code = operation === 'add' ? ResultCodes.TEAM_USER_ADD_FAILED : ResultCodes.TEAM_USER_REMOVE_FAILED - throw new KeeperSdkError( - `Cannot ${operation} more than ${MAX_TEAM_USERS_PER_REQUEST} user-team pairs in one batch request.`, - code - ) - } + if (userCount > MAX_USERS_PER_OPERATION) { + throw new KeeperSdkError( + `Cannot process more than ${MAX_USERS_PER_OPERATION} users at once.`, + ResultCodes.NO_USERS_TO_UPDATE, + ); + } + if (teamCount > MAX_TEAMS_PER_OPERATION) { + throw new KeeperSdkError( + `Cannot process more than ${MAX_TEAMS_PER_OPERATION} teams at once.`, + ResultCodes.NO_TEAMS_FOR_USER_OP, + ); + } +} + +function validateBatchEntryCount( + count: number, + operation: "add" | "remove", +): void { + if (count > MAX_TEAM_USERS_PER_REQUEST) { + const code = + operation === "add" + ? ResultCodes.TEAM_USER_ADD_FAILED + : ResultCodes.TEAM_USER_REMOVE_FAILED; + throw new KeeperSdkError( + `Cannot ${operation} more than ${MAX_TEAM_USERS_PER_REQUEST} user-team pairs in one batch request.`, + code, + ); + } } async function prepareAddBatches( - teams: ResolvedTeam[], - users: EnterpriseUser[], - membership: Set, - publicKeyMap: Map, - treeKey: Uint8Array + teams: ResolvedTeam[], + users: EnterpriseUser[], + membership: Set, + publicKeyMap: Map, + treeKey: Uint8Array, ): Promise { - const items: TeamUserItemResult[] = [] - const batchTeams: PreparedBatchTeam[] = [] - const invitedQueue: InvitedQueueEntry[] = [] - const teamKeyCache = new Map() - - for (const team of teams) { - const prepared: PreparedBatchUser[] = [] - - for (const user of users) { - const base = buildItemBase(user, team) - - if (membership.has(membershipKey(user.enterprise_user_id, team.team_uid))) { - items.push({ ...base, status: TeamUserStatus.Skipped, skipReason: TeamUserSkipReason.AlreadyMember }) - continue - } - - if (user.status !== EnterpriseUserStatus.Active) { - invitedQueue.push({ user, team }) - continue - } - - const publicKeys = publicKeyMap.get(user.username.toLowerCase()) - if (!hasUsablePublicKey(publicKeys)) { - items.push({ - ...base, - status: TeamUserStatus.MissingPublicKey, - message: pickPublicKeyError(publicKeys, user.username), - }) - continue - } - - const teamKey = await getDecryptedTeamKey(team, treeKey, teamKeyCache) - if (!teamKey) { - items.push({ - ...base, - status: TeamUserStatus.Failed, - message: `Team key for "${team.name}" is unavailable.`, - }) - continue - } - - try { - prepared.push({ user, encryptedKey: await encryptTeamKeyForUser(teamKey, publicKeys) }) - } catch (err) { - items.push({ ...base, status: TeamUserStatus.Failed, message: extractErrorMessage(err) }) - } - } - - if (prepared.length > 0) batchTeams.push({ team, prepared }) + const items: TeamUserItemResult[] = []; + const batchTeams: PreparedBatchTeam[] = []; + const invitedQueue: InvitedQueueEntry[] = []; + const teamKeyCache = new Map(); + + for (const team of teams) { + const prepared: PreparedBatchUser[] = []; + + for (const user of users) { + const base = buildItemBase(user, team); + + if ( + membership.has(membershipKey(user.enterprise_user_id, team.team_uid)) + ) { + items.push({ + ...base, + status: TeamUserStatus.Skipped, + skipReason: TeamUserSkipReason.AlreadyMember, + }); + continue; + } + + if (user.status !== EnterpriseUserStatus.Active) { + invitedQueue.push({ user, team }); + continue; + } + + const publicKeys = publicKeyMap.get(user.username.toLowerCase()); + if (!hasUsablePublicKey(publicKeys)) { + items.push({ + ...base, + status: TeamUserStatus.MissingPublicKey, + message: pickPublicKeyError(publicKeys, user.username), + }); + continue; + } + + const teamKey = await getDecryptedTeamKey(team, treeKey, teamKeyCache); + if (!teamKey) { + items.push({ + ...base, + status: TeamUserStatus.Failed, + message: `Team key for "${team.name}" is unavailable.`, + }); + continue; + } + + try { + prepared.push({ + user, + encryptedKey: await encryptTeamKeyForUser(teamKey, publicKeys), + }); + } catch (err) { + items.push({ + ...base, + status: TeamUserStatus.Failed, + message: extractErrorMessage(err), + }); + } } - return { items, batchTeams, invitedQueue } + if (prepared.length > 0) batchTeams.push({ team, prepared }); + } + + return { items, batchTeams, invitedQueue }; } function buildAddTeamRequests( - batchTeams: PreparedBatchTeam[], - userType: Enterprise.TeamUserType | undefined + batchTeams: PreparedBatchTeam[], + userType: Enterprise.TeamUserType | undefined, ): Enterprise.ITeamsEnterpriseUsersAddTeamRequest[] { - return batchTeams.map(({ team, prepared }) => ({ - teamUid: normal64Bytes(team.team_uid), - users: prepared.map(({ user, encryptedKey }) => { - const userReq: Enterprise.ITeamsEnterpriseUsersAddUserRequest = { - enterpriseUserId: user.enterprise_user_id, - typedTeamKey: { key: encryptedKey.key, keyType: encryptedKey.keyType }, - } - if (userType !== undefined) userReq.userType = userType - return userReq - }), - })) -} - -function markAllBatchUsersFailed(batchTeams: PreparedBatchTeam[], message: string): TeamUserItemResult[] { - return batchTeams.flatMap(({ team, prepared }) => - prepared.map(({ user }) => ({ ...buildItemBase(user, team), status: TeamUserStatus.Failed, message })) - ) + return batchTeams.map(({ team, prepared }) => ({ + teamUid: normal64Bytes(team.team_uid), + users: prepared.map(({ user, encryptedKey }) => { + const userReq: Enterprise.ITeamsEnterpriseUsersAddUserRequest = { + enterpriseUserId: user.enterprise_user_id, + typedTeamKey: { key: encryptedKey.key, keyType: encryptedKey.keyType }, + }; + if (userType !== undefined) userReq.userType = userType; + return userReq; + }), + })); +} + +function markAllBatchUsersFailed( + batchTeams: PreparedBatchTeam[], + message: string, +): TeamUserItemResult[] { + return batchTeams.flatMap(({ team, prepared }) => + prepared.map(({ user }) => ({ + ...buildItemBase(user, team), + status: TeamUserStatus.Failed, + message, + })), + ); } function mergeTeamResponse( - prepTeam: PreparedBatchTeam, - teamResp: Enterprise.ITeamsEnterpriseUsersAddTeamResponse + prepTeam: PreparedBatchTeam, + teamResp: Enterprise.ITeamsEnterpriseUsersAddTeamResponse, ): TeamUserItemResult[] { - const userMap = new Map(prepTeam.prepared.map((p) => [p.user.enterprise_user_id, p.user])) - const teamFailureMessage = - teamResp.success === false - ? pickResponseError(teamResp.message, teamResp.resultCode, teamResp.additionalInfo, 'Team add failed') - : undefined - - const items: TeamUserItemResult[] = [] - for (const userResp of teamResp.users || []) { - const enterpriseUserId = toEnterpriseUserId(userResp.enterpriseUserId) - if (enterpriseUserId === null) continue - const user = userMap.get(enterpriseUserId) - if (!user) continue - const success = userResp.success === true - items.push({ - ...buildItemBase(user, prepTeam.team), - status: success ? TeamUserStatus.Added : TeamUserStatus.Failed, - message: success - ? undefined - : pickResponseError( - userResp.message, - userResp.resultCode, - userResp.additionalInfo, - teamFailureMessage - ), - }) - userMap.delete(enterpriseUserId) - } - - for (const user of userMap.values()) { - items.push({ - ...buildItemBase(user, prepTeam.team), - status: teamFailureMessage ? TeamUserStatus.Failed : TeamUserStatus.Added, - message: teamFailureMessage, - }) - } - return items + const userMap = new Map( + prepTeam.prepared.map((p) => [p.user.enterprise_user_id, p.user]), + ); + const teamFailureMessage = + teamResp.success === false + ? pickResponseError( + teamResp.message, + teamResp.resultCode, + teamResp.additionalInfo, + "Team add failed", + ) + : undefined; + + const items: TeamUserItemResult[] = []; + for (const userResp of teamResp.users || []) { + const enterpriseUserId = toEnterpriseUserId(userResp.enterpriseUserId); + if (enterpriseUserId === null) continue; + const user = userMap.get(enterpriseUserId); + if (!user) continue; + const success = userResp.success === true; + items.push({ + ...buildItemBase(user, prepTeam.team), + status: success ? TeamUserStatus.Added : TeamUserStatus.Failed, + message: success + ? undefined + : pickResponseError( + userResp.message, + userResp.resultCode, + userResp.additionalInfo, + teamFailureMessage, + ), + }); + userMap.delete(enterpriseUserId); + } + + for (const user of userMap.values()) { + items.push({ + ...buildItemBase(user, prepTeam.team), + status: teamFailureMessage ? TeamUserStatus.Failed : TeamUserStatus.Added, + message: teamFailureMessage, + }); + } + return items; } async function sendTeamsEnterpriseUsersAdd( - auth: Auth, - batchTeams: PreparedBatchTeam[], - userType: Enterprise.TeamUserType | undefined + auth: Auth, + batchTeams: PreparedBatchTeam[], + userType: Enterprise.TeamUserType | undefined, ): Promise { - if (batchTeams.length === 0) return [] - - validateBatchEntryCount( - batchTeams.reduce((count, batch) => count + batch.prepared.length, 0), - 'add' - ) - - let response: Enterprise.ITeamsEnterpriseUsersAddResponse - try { - response = await auth.executeRest( - teamsEnterpriseUsersAdd({ teams: buildAddTeamRequests(batchTeams, userType) }) - ) - } catch (err) { - return markAllBatchUsersFailed(batchTeams, extractErrorMessage(err)) - } - - const teamResponses = response.teams ?? [] - if (teamResponses.length === 0) { - return markAllBatchUsersFailed(batchTeams, UNEXPECTED_TEAM_RESPONSE_MESSAGE) - } - - const items: TeamUserItemResult[] = [] - const teamMap = new Map(batchTeams.map((p) => [p.team.team_uid, p])) - - for (const teamResp of teamResponses) { - const teamUid = teamResp.teamUid ? webSafe64FromBytes(teamResp.teamUid as Uint8Array) : '' - const prepTeam = teamMap.get(teamUid) - if (!prepTeam) continue - items.push(...mergeTeamResponse(prepTeam, teamResp)) - teamMap.delete(teamUid) - } - - for (const prepTeam of teamMap.values()) { - for (const { user } of prepTeam.prepared) { - items.push({ - ...buildItemBase(user, prepTeam.team), - status: TeamUserStatus.Failed, - message: MISSING_TEAM_RESPONSE_MESSAGE, - }) - } + if (batchTeams.length === 0) return []; + + validateBatchEntryCount( + batchTeams.reduce((count, batch) => count + batch.prepared.length, 0), + "add", + ); + + let response: Enterprise.ITeamsEnterpriseUsersAddResponse; + try { + response = await auth.executeRest( + teamsEnterpriseUsersAdd({ + teams: buildAddTeamRequests(batchTeams, userType), + }), + ); + } catch (err) { + return markAllBatchUsersFailed(batchTeams, extractErrorMessage(err)); + } + + const teamResponses = response.teams ?? []; + if (teamResponses.length === 0) { + return markAllBatchUsersFailed( + batchTeams, + UNEXPECTED_TEAM_RESPONSE_MESSAGE, + ); + } + + const items: TeamUserItemResult[] = []; + const teamMap = new Map(batchTeams.map((p) => [p.team.team_uid, p])); + + for (const teamResp of teamResponses) { + const teamUid = teamResp.teamUid + ? webSafe64FromBytes(teamResp.teamUid as Uint8Array) + : ""; + const prepTeam = teamMap.get(teamUid); + if (!prepTeam) continue; + items.push(...mergeTeamResponse(prepTeam, teamResp)); + teamMap.delete(teamUid); + } + + for (const prepTeam of teamMap.values()) { + for (const { user } of prepTeam.prepared) { + items.push({ + ...buildItemBase(user, prepTeam.team), + status: TeamUserStatus.Failed, + message: MISSING_TEAM_RESPONSE_MESSAGE, + }); } - return items + } + return items; } async function executeTeamUserCommand( - auth: Auth, - command: RestCommand<{ enterprise_user_id: number; team_uid: string }, KeeperResponse>, - fallbackErrorCode: string + auth: Auth, + command: RestCommand< + { enterprise_user_id: number; team_uid: string }, + KeeperResponse + >, + fallbackErrorCode: string, ): Promise { - const response = await auth.executeRestCommand(command) - const result = (response.result || '').toLowerCase() - if (result && result !== SUCCESS_RESULT) { - const { enterprise_user_id: userId, team_uid: teamUid } = command.request - throw new KeeperSdkError( - response.message || - response.result_code || - `${command.baseRequest.command} failed for user=${userId}, team=${teamUid}`, - response.result_code || fallbackErrorCode - ) - } + const response = await auth.executeRestCommand(command); + const result = (response.result || "").toLowerCase(); + if (result && result !== SUCCESS_RESULT) { + const { enterprise_user_id: userId, team_uid: teamUid } = command.request; + throw new KeeperSdkError( + response.message || + response.result_code || + `${command.baseRequest.command} failed for user=${userId}, team=${teamUid}`, + response.result_code || fallbackErrorCode, + ); + } } function prepareRemoveEntries( - teams: ResolvedTeam[], - users: EnterpriseUser[], - membership: Set + teams: ResolvedTeam[], + users: EnterpriseUser[], + membership: Set, ): RemoveBatchPreparation { - const items: TeamUserItemResult[] = [] - const toRemove: PreparedRemoveEntry[] = [] - - for (const team of teams) { - for (const user of users) { - const base = buildItemBase(user, team) - if (!membership.has(membershipKey(user.enterprise_user_id, team.team_uid))) { - items.push({ ...base, status: TeamUserStatus.Skipped, skipReason: TeamUserSkipReason.NotMember }) - continue - } - toRemove.push({ user, team }) - } + const items: TeamUserItemResult[] = []; + const toRemove: PreparedRemoveEntry[] = []; + + for (const team of teams) { + for (const user of users) { + const base = buildItemBase(user, team); + if ( + !membership.has(membershipKey(user.enterprise_user_id, team.team_uid)) + ) { + items.push({ + ...base, + status: TeamUserStatus.Skipped, + skipReason: TeamUserSkipReason.NotMember, + }); + continue; + } + toRemove.push({ user, team }); } + } - return { items, toRemove } + return { items, toRemove }; } -function markAllRemoveFailed(entries: PreparedRemoveEntry[], message: string): TeamUserItemResult[] { - return entries.map(({ user, team }) => ({ - ...buildItemBase(user, team), - status: TeamUserStatus.Failed, - message, - })) +function markAllRemoveFailed( + entries: PreparedRemoveEntry[], + message: string, +): TeamUserItemResult[] { + return entries.map(({ user, team }) => ({ + ...buildItemBase(user, team), + status: TeamUserStatus.Failed, + message, + })); } async function sendTeamsEnterpriseUsersRemove( - auth: Auth, - entries: PreparedRemoveEntry[] + auth: Auth, + entries: PreparedRemoveEntry[], ): Promise { - if (entries.length === 0) return [] - - validateBatchEntryCount(entries.length, 'remove') - - const request: Enterprise.ITeamEnterpriseUserRemovesRequest = { - teamEnterpriseUserRemove: entries.map(({ user, team }) => ({ - teamUid: normal64Bytes(team.team_uid), - enterpriseUserId: user.enterprise_user_id, - })), - } - - let response: Enterprise.ITeamEnterpriseUserRemovesResponse + if (entries.length === 0) return []; + + validateBatchEntryCount(entries.length, "remove"); + + const request: Enterprise.ITeamEnterpriseUserRemovesRequest = { + teamEnterpriseUserRemove: entries.map(({ user, team }) => ({ + teamUid: normal64Bytes(team.team_uid), + enterpriseUserId: user.enterprise_user_id, + })), + }; + + let response: Enterprise.ITeamEnterpriseUserRemovesResponse; + try { + response = await auth.executeRest(teamsEnterpriseUsersRemove(request)); + } catch (err) { + return markAllRemoveFailed(entries, extractErrorMessage(err)); + } + + const removeResponses = response.teamEnterpriseUserRemoveResponse ?? []; + if (removeResponses.length === 0) { + return markAllRemoveFailed(entries, UNEXPECTED_REMOVE_RESPONSE_MESSAGE); + } + + const entryMap = new Map( + entries.map((entry) => [ + membershipKey(entry.user.enterprise_user_id, entry.team.team_uid), + entry, + ]), + ); + const items: TeamUserItemResult[] = []; + + for (const userResp of removeResponses) { + const remove = userResp.teamEnterpriseUserRemove; + const teamUid = remove?.teamUid + ? webSafe64FromBytes(remove.teamUid as Uint8Array) + : ""; + const enterpriseUserId = toEnterpriseUserId(remove?.enterpriseUserId); + if (!teamUid || enterpriseUserId === null) continue; + + const entry = entryMap.get(membershipKey(enterpriseUserId, teamUid)); + if (!entry) continue; + + const success = userResp.success === true; + items.push({ + ...buildItemBase(entry.user, entry.team), + status: success ? TeamUserStatus.Removed : TeamUserStatus.Failed, + message: success + ? undefined + : pickResponseError( + userResp.message, + userResp.resultCode, + userResp.additionalInfo, + "Team remove failed", + ), + }); + entryMap.delete(membershipKey(enterpriseUserId, teamUid)); + } + + for (const entry of entryMap.values()) { + items.push({ + ...buildItemBase(entry.user, entry.team), + status: TeamUserStatus.Failed, + message: MISSING_REMOVE_RESPONSE_MESSAGE, + }); + } + + return items; +} + +async function processInvitedQueue( + auth: Auth, + invitedQueue: InvitedQueueEntry[], +): Promise { + const items: TeamUserItemResult[] = []; + for (const { user, team } of invitedQueue) { + const base = buildItemBase(user, team); try { - response = await auth.executeRest(teamsEnterpriseUsersRemove(request)) + await executeTeamUserCommand( + auth, + teamQueueUserCommand({ + enterprise_user_id: user.enterprise_user_id, + team_uid: team.team_uid, + }), + ResultCodes.TEAM_USER_ADD_FAILED, + ); + items.push({ ...base, status: TeamUserStatus.Added }); } catch (err) { - return markAllRemoveFailed(entries, extractErrorMessage(err)) - } - - const removeResponses = response.teamEnterpriseUserRemoveResponse ?? [] - if (removeResponses.length === 0) { - return markAllRemoveFailed(entries, UNEXPECTED_REMOVE_RESPONSE_MESSAGE) - } - - const entryMap = new Map( - entries.map((entry) => [membershipKey(entry.user.enterprise_user_id, entry.team.team_uid), entry]) - ) - const items: TeamUserItemResult[] = [] - - for (const userResp of removeResponses) { - const remove = userResp.teamEnterpriseUserRemove - const teamUid = remove?.teamUid ? webSafe64FromBytes(remove.teamUid as Uint8Array) : '' - const enterpriseUserId = toEnterpriseUserId(remove?.enterpriseUserId) - if (!teamUid || enterpriseUserId === null) continue - - const entry = entryMap.get(membershipKey(enterpriseUserId, teamUid)) - if (!entry) continue - - const success = userResp.success === true - items.push({ - ...buildItemBase(entry.user, entry.team), - status: success ? TeamUserStatus.Removed : TeamUserStatus.Failed, - message: success - ? undefined - : pickResponseError(userResp.message, userResp.resultCode, userResp.additionalInfo, 'Team remove failed'), - }) - entryMap.delete(membershipKey(enterpriseUserId, teamUid)) - } - - for (const entry of entryMap.values()) { - items.push({ - ...buildItemBase(entry.user, entry.team), - status: TeamUserStatus.Failed, - message: MISSING_REMOVE_RESPONSE_MESSAGE, - }) - } - - return items -} - -async function processInvitedQueue(auth: Auth, invitedQueue: InvitedQueueEntry[]): Promise { - const items: TeamUserItemResult[] = [] - for (const { user, team } of invitedQueue) { - const base = buildItemBase(user, team) - try { - await executeTeamUserCommand( - auth, - teamQueueUserCommand({ enterprise_user_id: user.enterprise_user_id, team_uid: team.team_uid }), - ResultCodes.TEAM_USER_ADD_FAILED - ) - items.push({ ...base, status: TeamUserStatus.Added }) - } catch (err) { - items.push({ ...base, status: TeamUserStatus.Failed, message: extractErrorMessage(err) }) - } + items.push({ + ...base, + status: TeamUserStatus.Failed, + message: extractErrorMessage(err), + }); } - return items + } + return items; } -export async function addUsersToTeams(auth: Auth, input: AddUsersToTeamsInput): Promise { - const ctx = await loadTeamUserContext(auth, input.users, input.teams || []) - - const treeKey = await ctx.enterpriseData.getTreeKey() - if (!treeKey) { - throw new KeeperSdkError('Enterprise tree key is unavailable.', ResultCodes.ENTERPRISE_TREE_KEY_UNAVAILABLE) - } - - const publicKeyMap = await fetchUserPublicKeys( +export async function addUsersToTeams( + auth: Auth, + input: AddUsersToTeamsInput, +): Promise { + const ctx = await loadTeamUserContext(auth, input.users, input.teams || []); + + const treeKey = await ctx.enterpriseData.getTreeKey(); + if (!treeKey) { + throw new KeeperSdkError( + "Enterprise tree key is unavailable.", + ResultCodes.ENTERPRISE_TREE_KEY_UNAVAILABLE, + ); + } + + const publicKeyMap = await fetchUserPublicKeys( + auth, + ctx.users + .filter((u) => u.status === EnterpriseUserStatus.Active) + .map((u) => u.username), + ); + + const { items, batchTeams, invitedQueue } = await prepareAddBatches( + ctx.teams, + ctx.users, + ctx.membership, + publicKeyMap, + treeKey, + ); + + if (batchTeams.length > 0) { + items.push( + ...(await sendTeamsEnterpriseUsersAdd( auth, - ctx.users.filter((u) => u.status === EnterpriseUserStatus.Active).map((u) => u.username) - ) - - const { items, batchTeams, invitedQueue } = await prepareAddBatches( - ctx.teams, - ctx.users, - ctx.membership, - publicKeyMap, - treeKey - ) - - if (batchTeams.length > 0) { - items.push(...(await sendTeamsEnterpriseUsersAdd(auth, batchTeams, determineUserType(input.hideSharedFolders)))) - } - items.push(...(await processInvitedQueue(auth, invitedQueue))) + batchTeams, + determineUserType(input.hideSharedFolders), + )), + ); + } + items.push(...(await processInvitedQueue(auth, invitedQueue))); - return finalizeResult(items) + return finalizeResult(items); } export async function removeUsersFromTeams( - auth: Auth, - input: RemoveUsersFromTeamsInput + auth: Auth, + input: RemoveUsersFromTeamsInput, ): Promise { - const ctx = await loadTeamUserContext(auth, input.users, input.teams || []) - const { items, toRemove } = prepareRemoveEntries(ctx.teams, ctx.users, ctx.membership) + const ctx = await loadTeamUserContext(auth, input.users, input.teams || []); + const { items, toRemove } = prepareRemoveEntries( + ctx.teams, + ctx.users, + ctx.membership, + ); - if (toRemove.length > 0) { - items.push(...(await sendTeamsEnterpriseUsersRemove(auth, toRemove))) - } + if (toRemove.length > 0) { + items.push(...(await sendTeamsEnterpriseUsersRemove(auth, toRemove))); + } - return finalizeResult(items) + return finalizeResult(items); } function finalizeResult(items: TeamUserItemResult[]): TeamUserResult { - let succeeded = 0 - let skipped = 0 - let failed = 0 - for (const item of items) { - if (item.status === TeamUserStatus.Added || item.status === TeamUserStatus.Removed) succeeded++ - else if (item.status === TeamUserStatus.Skipped) skipped++ - else failed++ - } - return { success: failed === 0 && succeeded > 0, items, succeeded, skipped, failed } -} - -export function formatTeamUserResult(result: TeamUserResult): FormattedTeamUserTable { - const rows = result.items.map((item, index) => [ - String(index + 1), - item.status, - item.username, - String(item.enterpriseUserId), - item.teamName, - item.teamUid, - item.message || item.skipReason || '', - ]) - return { - headers: [...TEAM_USER_TABLE_HEADERS], - rows, - summary: `Succeeded: ${result.succeeded} Skipped: ${result.skipped} Failed: ${result.failed}`, - } -} - -export function renderTeamUserAsciiTable(table: FormattedTeamUserTable): string { - const { headers, rows } = table - const widths = headers.map((header, columnIndex) => - Math.max(header.length, ...rows.map((row) => (row[columnIndex] || '').length)) + let succeeded = 0; + let skipped = 0; + let failed = 0; + for (const item of items) { + if ( + item.status === TeamUserStatus.Added || + item.status === TeamUserStatus.Removed ) - const padCell = (cell: string, columnIndex: number): string => - cell + ' '.repeat(Math.max(0, widths[columnIndex] - cell.length)) - const formatRow = (cells: string[]): string => - cells.map((cell, columnIndex) => padCell(cell, columnIndex)).join(' ') - - return [ - formatRow(headers), - formatRow(widths.map((w) => '-'.repeat(w))), - ...rows.map(formatRow), - table.summary, - ].join('\n') + succeeded++; + else if (item.status === TeamUserStatus.Skipped) skipped++; + else failed++; + } + return { + success: failed === 0 && succeeded > 0, + items, + succeeded, + skipped, + failed, + }; +} + +export function formatTeamUserResult( + result: TeamUserResult, +): FormattedTeamUserTable { + const rows = result.items.map((item, index) => [ + String(index + 1), + item.status, + item.username, + String(item.enterpriseUserId), + item.teamName, + item.teamUid, + item.message || item.skipReason || "", + ]); + return { + headers: [...TEAM_USER_TABLE_HEADERS], + rows, + summary: `Succeeded: ${result.succeeded} Skipped: ${result.skipped} Failed: ${result.failed}`, + }; +} + +export function renderTeamUserAsciiTable( + table: FormattedTeamUserTable, +): string { + const { headers, rows } = table; + const widths = headers.map((header, columnIndex) => + Math.max( + header.length, + ...rows.map((row) => (row[columnIndex] || "").length), + ), + ); + const padCell = (cell: string, columnIndex: number): string => + cell + " ".repeat(Math.max(0, widths[columnIndex] - cell.length)); + const formatRow = (cells: string[]): string => + cells.map((cell, columnIndex) => padCell(cell, columnIndex)).join(" "); + + return [ + formatRow(headers), + formatRow(widths.map((w) => "-".repeat(w))), + ...rows.map(formatRow), + table.summary, + ].join("\n"); } diff --git a/KeeperSdk/src/users/updateUser.ts b/KeeperSdk/src/users/updateUser.ts index feb1932a..6ec7cbc9 100644 --- a/KeeperSdk/src/users/updateUser.ts +++ b/KeeperSdk/src/users/updateUser.ts @@ -1,330 +1,390 @@ import { - encryptObjectForStorage, - type Auth, - type KeeperResponse, - type RestCommand, - teamEnterpriseUserRemoveCommand, -} from '@keeper-security/keeperapi' -import { extractErrorMessage, isNumber, KeeperSdkError, ResultCodes } from '../utils' + encryptObjectForStorage, + type Auth, + type KeeperResponse, + type RestCommand, + teamEnterpriseUserRemoveCommand, +} from "@keeper-security/keeperapi"; import { - EnterpriseDataInclude, - EnterpriseDataManager, - type EnterpriseRole, - type EnterpriseTeamRecord, -} from '../teams/enterpriseData' + extractErrorMessage, + isNumber, + KeeperSdkError, + ResultCodes, +} from "../utils"; import { - applyDecryptedNodeNames, - applyEnterpriseNameToRoot, - parentNeedsNameLookup, - resolveParentNode, -} from '../teams/teamUtils' + EnterpriseDataInclude, + EnterpriseDataManager, + type EnterpriseRole, + type EnterpriseTeamRecord, +} from "../teams/enterpriseData"; import { - normalizeEmailInputs, - validateUserProfileFields, - resolveExistingUsers, - UpdateUserStatus, - type UpdateUserInput, - type UpdateUserItemResult, - type UpdateUserResult, - type FormattedUpdateUserTable, -} from './userTypes' - -export { UpdateUserStatus } -export type { UpdateUserInput, UpdateUserItemResult, UpdateUserResult, FormattedUpdateUserTable } - -const USER_UPDATE_COMMAND = 'enterprise_user_update' -const ROLE_USER_REMOVE_COMMAND = 'role_user_remove' + applyDecryptedNodeNames, + applyEnterpriseNameToRoot, + parentNeedsNameLookup, + resolveParentNode, +} from "../teams/teamUtils"; +import { + normalizeEmailInputs, + validateUserProfileFields, + resolveExistingUsers, + UpdateUserStatus, + type UpdateUserInput, + type UpdateUserItemResult, + type UpdateUserResult, + type FormattedUpdateUserTable, +} from "./userTypes"; + +export { UpdateUserStatus }; +export type { + UpdateUserInput, + UpdateUserItemResult, + UpdateUserResult, + FormattedUpdateUserTable, +}; + +const USER_UPDATE_COMMAND = "enterprise_user_update"; +const ROLE_USER_REMOVE_COMMAND = "role_user_remove"; const UPDATE_USER_INCLUDES: EnterpriseDataInclude[] = [ - EnterpriseDataInclude.Nodes, - EnterpriseDataInclude.Users, - EnterpriseDataInclude.Teams, - EnterpriseDataInclude.QueuedTeams, - EnterpriseDataInclude.TeamUsers, - EnterpriseDataInclude.QueuedTeamUsers, - EnterpriseDataInclude.Roles, - EnterpriseDataInclude.RoleUsers, -] - -const USER_UPDATE_TABLE_HEADERS = ['#', 'Status', 'Email', 'User ID', 'Node ID', 'Detail'] + EnterpriseDataInclude.Nodes, + EnterpriseDataInclude.Users, + EnterpriseDataInclude.Teams, + EnterpriseDataInclude.QueuedTeams, + EnterpriseDataInclude.TeamUsers, + EnterpriseDataInclude.QueuedTeamUsers, + EnterpriseDataInclude.Roles, + EnterpriseDataInclude.RoleUsers, +]; + +const USER_UPDATE_TABLE_HEADERS = [ + "#", + "Status", + "Email", + "User ID", + "Node ID", + "Detail", +]; type UserUpdatePayload = { - enterprise_user_id: number - enterprise_user_username: string - node_id: number - encrypted_data?: string - full_name?: string - job_title?: string -} + enterprise_user_id: number; + enterprise_user_username: string; + node_id: number; + encrypted_data?: string; + full_name?: string; + job_title?: string; +}; type RoleUserRemovePayload = { - role_id: number - enterprise_user_id: number -} - -export async function updateUsers(auth: Auth, input: UpdateUserInput): Promise { - const rawEmails = normalizeEmailInputs(input.emails) - - if (rawEmails.length === 0) { - throw new KeeperSdkError('No users provided for update.', ResultCodes.NO_USERS_TO_UPDATE) - } - - const parentIdentifier = input.parent ?? null - const needsNameLookup = parentNeedsNameLookup(parentIdentifier) - const hasProfileChange = parentIdentifier !== null || !!input.fullName || !!input.jobTitle - - const enterpriseData = new EnterpriseDataManager(auth) - const [response, displayNames] = await Promise.all([ - enterpriseData.getData(UPDATE_USER_INCLUDES), - enterpriseData.getDisplayNames(), - ]) - - const nodes = response.nodes || [] - applyEnterpriseNameToRoot(nodes, response.enterprise_name) - - if (needsNameLookup) { - applyDecryptedNodeNames(nodes, displayNames.nodes) - await enterpriseData.decryptNodeNames(nodes) - } - - const resolvedUsers = resolveExistingUsers(response.users || [], rawEmails) - - const overrideNodeId: number | null = - parentIdentifier !== null && parentIdentifier !== '' - ? resolveParentNode(nodes, parentIdentifier).node_id - : null - - const treeKey = hasProfileChange ? await enterpriseData.getTreeKey() : null - if (hasProfileChange && !treeKey) { - throw new KeeperSdkError( - 'Enterprise tree key is unavailable.', - ResultCodes.ENTERPRISE_TREE_KEY_UNAVAILABLE - ) + role_id: number; + enterprise_user_id: number; +}; + +export async function updateUsers( + auth: Auth, + input: UpdateUserInput, +): Promise { + const rawEmails = normalizeEmailInputs(input.emails); + + if (rawEmails.length === 0) { + throw new KeeperSdkError( + "No users provided for update.", + ResultCodes.NO_USERS_TO_UPDATE, + ); + } + + const parentIdentifier = input.parent ?? null; + const needsNameLookup = parentNeedsNameLookup(parentIdentifier); + const hasProfileChange = + parentIdentifier !== null || !!input.fullName || !!input.jobTitle; + + const enterpriseData = new EnterpriseDataManager(auth); + const [response, displayNames] = await Promise.all([ + enterpriseData.getData(UPDATE_USER_INCLUDES), + enterpriseData.getDisplayNames(), + ]); + + const nodes = response.nodes || []; + applyEnterpriseNameToRoot(nodes, response.enterprise_name); + + if (needsNameLookup) { + applyDecryptedNodeNames(nodes, displayNames.nodes); + await enterpriseData.decryptNodeNames(nodes); + } + + const resolvedUsers = resolveExistingUsers(response.users || [], rawEmails); + + const overrideNodeId: number | null = + parentIdentifier !== null && parentIdentifier !== "" + ? resolveParentNode(nodes, parentIdentifier).node_id + : null; + + const treeKey = hasProfileChange ? await enterpriseData.getTreeKey() : null; + if (hasProfileChange && !treeKey) { + throw new KeeperSdkError( + "Enterprise tree key is unavailable.", + ResultCodes.ENTERPRISE_TREE_KEY_UNAVAILABLE, + ); + } + + const removeTeamUids = resolveTeamUids( + input.removeTeam || [], + response.teams || [], + response.queued_teams || [], + ); + const removeRoleIds = resolveRoleIds( + input.removeRole || [], + response.roles || [], + displayNames.roles, + ); + + const fullName = (input.fullName || "").trim() || undefined; + const jobTitle = (input.jobTitle || "").trim() || undefined; + validateUserProfileFields(fullName, jobTitle); + + const items: UpdateUserItemResult[] = []; + + for (const user of resolvedUsers) { + const targetNodeId = overrideNodeId ?? user.node_id ?? 0; + const item: UpdateUserItemResult = { + username: user.username, + enterpriseUserId: user.enterprise_user_id, + nodeId: targetNodeId, + status: UpdateUserStatus.Failed, + }; + + try { + if (hasProfileChange && treeKey !== null) { + const encryptedData = + fullName !== undefined + ? await encryptObjectForStorage({ displayname: fullName }, treeKey) + : undefined; + await sendUserUpdate(auth, { + enterprise_user_id: user.enterprise_user_id, + enterprise_user_username: user.username, + node_id: targetNodeId, + encrypted_data: encryptedData, + full_name: fullName, + job_title: jobTitle, + }); + } + + for (const teamUid of removeTeamUids) { + await sendTeamUserRemove(auth, user.enterprise_user_id, teamUid); + } + + for (const roleId of removeRoleIds) { + await sendRoleUserRemove(auth, roleId, user.enterprise_user_id); + } + + item.status = UpdateUserStatus.Updated; + } catch (err) { + item.nodeId = user.node_id ?? 0; + item.message = extractErrorMessage(err); } + items.push(item); + } - const removeTeamUids = resolveTeamUids(input.removeTeam || [], response.teams || [], response.queued_teams || []) - const removeRoleIds = resolveRoleIds(input.removeRole || [], response.roles || [], displayNames.roles) - - const fullName = (input.fullName || '').trim() || undefined - const jobTitle = (input.jobTitle || '').trim() || undefined - validateUserProfileFields(fullName, jobTitle) - - const items: UpdateUserItemResult[] = [] - - for (const user of resolvedUsers) { - const targetNodeId = overrideNodeId ?? (user.node_id ?? 0) - const item: UpdateUserItemResult = { - username: user.username, - enterpriseUserId: user.enterprise_user_id, - nodeId: targetNodeId, - status: UpdateUserStatus.Failed, - } - - try { - if (hasProfileChange && treeKey !== null) { - const encryptedData = fullName !== undefined - ? await encryptObjectForStorage({ displayname: fullName }, treeKey) - : undefined - await sendUserUpdate(auth, { - enterprise_user_id: user.enterprise_user_id, - enterprise_user_username: user.username, - node_id: targetNodeId, - encrypted_data: encryptedData, - full_name: fullName, - job_title: jobTitle, - }) - } - - for (const teamUid of removeTeamUids) { - await sendTeamUserRemove(auth, user.enterprise_user_id, teamUid) - } - - for (const roleId of removeRoleIds) { - await sendRoleUserRemove(auth, roleId, user.enterprise_user_id) - } - - item.status = UpdateUserStatus.Updated - } catch (err) { - item.nodeId = user.node_id ?? 0 - item.message = extractErrorMessage(err) - } - items.push(item) - } - - return finalizeResult(items) + return finalizeResult(items); } -async function sendUserUpdate(auth: Auth, payload: UserUpdatePayload): Promise { - const command: RestCommand = { - baseRequest: { command: USER_UPDATE_COMMAND }, - request: payload, - authorization: {}, - } - const response = await auth.executeRestCommand(command) - const result = (response.result || '').toLowerCase() - if (result && result !== 'success') { - throw new KeeperSdkError( - response.message || - response.result_code || - `${USER_UPDATE_COMMAND} failed for "${payload.enterprise_user_username}"`, - response.result_code || ResultCodes.USER_UPDATE_FAILED - ) - } +async function sendUserUpdate( + auth: Auth, + payload: UserUpdatePayload, +): Promise { + const command: RestCommand = { + baseRequest: { command: USER_UPDATE_COMMAND }, + request: payload, + authorization: {}, + }; + const response = await auth.executeRestCommand(command); + const result = (response.result || "").toLowerCase(); + if (result && result !== "success") { + throw new KeeperSdkError( + response.message || + response.result_code || + `${USER_UPDATE_COMMAND} failed for "${payload.enterprise_user_username}"`, + response.result_code || ResultCodes.USER_UPDATE_FAILED, + ); + } } -async function sendTeamUserRemove(auth: Auth, enterpriseUserId: number, teamUid: string): Promise { - const command = teamEnterpriseUserRemoveCommand({ - enterprise_user_id: enterpriseUserId, - team_uid: teamUid, - }) - const response = await auth.executeRestCommand(command) - const result = (response.result || '').toLowerCase() - if (result && result !== 'success') { - throw new KeeperSdkError( - response.message || - response.result_code || - `team_enterprise_user_remove failed for user=${enterpriseUserId}, team=${teamUid}`, - response.result_code || ResultCodes.USER_UPDATE_FAILED - ) - } +async function sendTeamUserRemove( + auth: Auth, + enterpriseUserId: number, + teamUid: string, +): Promise { + const command = teamEnterpriseUserRemoveCommand({ + enterprise_user_id: enterpriseUserId, + team_uid: teamUid, + }); + const response = await auth.executeRestCommand(command); + const result = (response.result || "").toLowerCase(); + if (result && result !== "success") { + throw new KeeperSdkError( + response.message || + response.result_code || + `team_enterprise_user_remove failed for user=${enterpriseUserId}, team=${teamUid}`, + response.result_code || ResultCodes.USER_UPDATE_FAILED, + ); + } } -async function sendRoleUserRemove(auth: Auth, roleId: number, enterpriseUserId: number): Promise { - const command: RestCommand = { - baseRequest: { command: ROLE_USER_REMOVE_COMMAND }, - request: { role_id: roleId, enterprise_user_id: enterpriseUserId }, - authorization: {}, - } - const response = await auth.executeRestCommand(command) - const result = (response.result || '').toLowerCase() - if (result && result !== 'success') { - throw new KeeperSdkError( - response.message || - response.result_code || - `${ROLE_USER_REMOVE_COMMAND} failed for user=${enterpriseUserId}, role=${roleId}`, - response.result_code || ResultCodes.USER_UPDATE_FAILED - ) - } +async function sendRoleUserRemove( + auth: Auth, + roleId: number, + enterpriseUserId: number, +): Promise { + const command: RestCommand = { + baseRequest: { command: ROLE_USER_REMOVE_COMMAND }, + request: { role_id: roleId, enterprise_user_id: enterpriseUserId }, + authorization: {}, + }; + const response = await auth.executeRestCommand(command); + const result = (response.result || "").toLowerCase(); + if (result && result !== "success") { + throw new KeeperSdkError( + response.message || + response.result_code || + `${ROLE_USER_REMOVE_COMMAND} failed for user=${enterpriseUserId}, role=${roleId}`, + response.result_code || ResultCodes.USER_UPDATE_FAILED, + ); + } } function resolveTeamUids( - identifiers: string[], - teams: EnterpriseTeamRecord[], - queuedTeams: EnterpriseTeamRecord[] + identifiers: string[], + teams: EnterpriseTeamRecord[], + queuedTeams: EnterpriseTeamRecord[], ): string[] { - if (identifiers.length === 0) return [] + if (identifiers.length === 0) return []; - const uidSet = new Set() - const byLowerName = new Map() + const uidSet = new Set(); + const byLowerName = new Map(); - for (const t of teams) { - if (t.team_uid) { - uidSet.add(t.team_uid) - const lower = (t.name || '').trim().toLowerCase() - if (lower && !byLowerName.has(lower)) byLowerName.set(lower, t.team_uid) - } + for (const t of teams) { + if (t.team_uid) { + uidSet.add(t.team_uid); + const lower = (t.name || "").trim().toLowerCase(); + if (lower && !byLowerName.has(lower)) byLowerName.set(lower, t.team_uid); } - for (const t of queuedTeams) { - if (t.team_uid) { - uidSet.add(t.team_uid) - const lower = (t.name || '').trim().toLowerCase() - if (lower && !byLowerName.has(lower)) byLowerName.set(lower, t.team_uid) - } + } + for (const t of queuedTeams) { + if (t.team_uid) { + uidSet.add(t.team_uid); + const lower = (t.name || "").trim().toLowerCase(); + if (lower && !byLowerName.has(lower)) byLowerName.set(lower, t.team_uid); } - - const seen = new Set() - const result: string[] = [] - for (const id of identifiers) { - const trimmed = id.trim() - const uid = (uidSet.has(trimmed) ? trimmed : undefined) ?? byLowerName.get(trimmed.toLowerCase()) - if (!uid) { - throw new KeeperSdkError(`Team "${trimmed}" does not exist.`, ResultCodes.TEAM_NOT_FOUND) - } - if (!seen.has(uid)) { - seen.add(uid) - result.push(uid) - } + } + + const seen = new Set(); + const result: string[] = []; + for (const id of identifiers) { + const trimmed = id.trim(); + const uid = + (uidSet.has(trimmed) ? trimmed : undefined) ?? + byLowerName.get(trimmed.toLowerCase()); + if (!uid) { + throw new KeeperSdkError( + `Team "${trimmed}" does not exist.`, + ResultCodes.TEAM_NOT_FOUND, + ); + } + if (!seen.has(uid)) { + seen.add(uid); + result.push(uid); } - return result + } + return result; } function resolveRoleIds( - identifiers: string[], - roles: EnterpriseRole[], - decryptedRoleNames: Map + identifiers: string[], + roles: EnterpriseRole[], + decryptedRoleNames: Map, ): number[] { - if (identifiers.length === 0) return [] - - const idSet = new Set() - const byLowerName = new Map() - - for (const r of roles) { - if (!isNumber(r.role_id)) continue - idSet.add(r.role_id) - const lower = (decryptedRoleNames.get(r.role_id) || '').trim().toLowerCase() - if (lower && !byLowerName.has(lower)) byLowerName.set(lower, r.role_id) + if (identifiers.length === 0) return []; + + const idSet = new Set(); + const byLowerName = new Map(); + + for (const r of roles) { + if (!isNumber(r.role_id)) continue; + idSet.add(r.role_id); + const lower = (decryptedRoleNames.get(r.role_id) || "") + .trim() + .toLowerCase(); + if (lower && !byLowerName.has(lower)) byLowerName.set(lower, r.role_id); + } + + const seen = new Set(); + const result: number[] = []; + for (const id of identifiers) { + const trimmed = id.trim(); + const numericId = Number(trimmed); + let roleId: number | undefined; + + if (Number.isInteger(numericId)) + roleId = idSet.has(numericId) ? numericId : undefined; + if (roleId === undefined) roleId = byLowerName.get(trimmed.toLowerCase()); + if (roleId === undefined) { + throw new KeeperSdkError( + `Role "${trimmed}" does not exist.`, + ResultCodes.ROLE_NOT_FOUND, + ); } - - const seen = new Set() - const result: number[] = [] - for (const id of identifiers) { - const trimmed = id.trim() - const numericId = Number(trimmed) - let roleId: number | undefined - - if (Number.isInteger(numericId)) roleId = idSet.has(numericId) ? numericId : undefined - if (roleId === undefined) roleId = byLowerName.get(trimmed.toLowerCase()) - if (roleId === undefined) { - throw new KeeperSdkError(`Role "${trimmed}" does not exist.`, ResultCodes.ROLE_NOT_FOUND) - } - if (!seen.has(roleId)) { - seen.add(roleId) - result.push(roleId) - } + if (!seen.has(roleId)) { + seen.add(roleId); + result.push(roleId); } - return result + } + return result; } function finalizeResult(items: UpdateUserItemResult[]): UpdateUserResult { - let updated = 0, failed = 0 - for (const item of items) { - if (item.status === UpdateUserStatus.Updated) updated++ - else failed++ - } - return { success: failed === 0 && updated > 0, items, updated, failed } + let updated = 0, + failed = 0; + for (const item of items) { + if (item.status === UpdateUserStatus.Updated) updated++; + else failed++; + } + return { success: failed === 0 && updated > 0, items, updated, failed }; } -export function formatUpdateUserResult(result: UpdateUserResult): FormattedUpdateUserTable { - const rows = result.items.map((item, index) => [ - String(index + 1), - item.status, - item.username, - String(item.enterpriseUserId), - String(item.nodeId), - item.message || '', - ]) - return { - headers: [...USER_UPDATE_TABLE_HEADERS], - rows, - summary: `Updated: ${result.updated} Failed: ${result.failed}`, - } +export function formatUpdateUserResult( + result: UpdateUserResult, +): FormattedUpdateUserTable { + const rows = result.items.map((item, index) => [ + String(index + 1), + item.status, + item.username, + String(item.enterpriseUserId), + String(item.nodeId), + item.message || "", + ]); + return { + headers: [...USER_UPDATE_TABLE_HEADERS], + rows, + summary: `Updated: ${result.updated} Failed: ${result.failed}`, + }; } -export function renderUpdateUserAsciiTable(table: FormattedUpdateUserTable): string { - const { headers, rows } = table - const widths = headers.map((header, index) => - Math.max(header.length, ...rows.map((row) => (row[index] || '').length)) - ) - const padCell = (cell: string, columnIndex: number): string => - cell.padEnd(widths[columnIndex]) - const formatRow = (cells: string[]): string => - cells.map((cell, columnIndex) => padCell(cell, columnIndex)).join(' ') - - const lines: string[] = [ - formatRow(headers), - formatRow(widths.map((w) => '-'.repeat(w))), - ...rows.map(formatRow), - table.summary, - ] - return lines.join('\n') +export function renderUpdateUserAsciiTable( + table: FormattedUpdateUserTable, +): string { + const { headers, rows } = table; + const widths = headers.map((header, index) => + Math.max(header.length, ...rows.map((row) => (row[index] || "").length)), + ); + const padCell = (cell: string, columnIndex: number): string => + cell.padEnd(widths[columnIndex]); + const formatRow = (cells: string[]): string => + cells.map((cell, columnIndex) => padCell(cell, columnIndex)).join(" "); + + const lines: string[] = [ + formatRow(headers), + formatRow(widths.map((w) => "-".repeat(w))), + ...rows.map(formatRow), + table.summary, + ]; + return lines.join("\n"); } diff --git a/KeeperSdk/src/users/userTypes.ts b/KeeperSdk/src/users/userTypes.ts index 760486f9..47823c0d 100644 --- a/KeeperSdk/src/users/userTypes.ts +++ b/KeeperSdk/src/users/userTypes.ts @@ -1,395 +1,404 @@ -import { KeeperSdkError, ResultCodes } from '../utils' -import type { EnterpriseUser } from '../teams/enterpriseData' +import { KeeperSdkError, ResultCodes } from "../utils"; +import type { EnterpriseUser } from "../teams/enterpriseData"; -export const MAX_FULL_NAME_LENGTH = 255 -export const MAX_JOB_TITLE_LENGTH = 255 +export const MAX_FULL_NAME_LENGTH = 255; +export const MAX_JOB_TITLE_LENGTH = 255; export enum EnterpriseUserStatus { - Active = 'active', - Invited = 'invited', + Active = "active", + Invited = "invited", } export enum UserColumn { - Name = 'name', - Status = 'status', - TransferStatus = 'transfer_status', - Node = 'node', - TeamCount = 'team_count', - Teams = 'teams', - QueuedTeamCount = 'queued_team_count', - QueuedTeams = 'queued_teams', - RoleCount = 'role_count', - Roles = 'roles', - Alias = 'alias', - TwoFaEnabled = '2fa_enabled', + Name = "name", + Status = "status", + TransferStatus = "transfer_status", + Node = "node", + TeamCount = "team_count", + Teams = "teams", + QueuedTeamCount = "queued_team_count", + QueuedTeams = "queued_teams", + RoleCount = "role_count", + Roles = "roles", + Alias = "alias", + TwoFaEnabled = "2fa_enabled", } export enum AddUserStatus { - Added = 'added', - Reinvited = 'reinvited', - Skipped = 'skipped', - Failed = 'failed', + Added = "added", + Reinvited = "reinvited", + Skipped = "skipped", + Failed = "failed", } export enum AddUserSkipReason { - AlreadyExists = 'already_exists', - InvalidEmail = 'invalid_email', + AlreadyExists = "already_exists", + InvalidEmail = "invalid_email", } export enum UpdateUserStatus { - Updated = 'updated', - Failed = 'failed', + Updated = "updated", + Failed = "failed", } export enum DeleteUserStatus { - Deleted = 'deleted', - Failed = 'failed', + Deleted = "deleted", + Failed = "failed", } export enum UserAction { - Lock = 'lock', - Unlock = 'unlock', - ExpirePassword = 'expire_password', + Lock = "lock", + Unlock = "unlock", + ExpirePassword = "expire_password", } export enum UserActionStatus { - Success = 'success', - Skipped = 'skipped', - Failed = 'failed', + Success = "success", + Skipped = "skipped", + Failed = "failed", } export enum UserActionSkipReason { - Inactive = 'inactive', - Pending = 'pending', + Inactive = "inactive", + Pending = "pending", } -export type UserColumnInput = UserColumn | `${UserColumn}` +export type UserColumnInput = UserColumn | `${UserColumn}`; export type UserTeamInfo = { - team_uid: string - name: string -} + team_uid: string; + name: string; +}; export type UserRoleInfo = { - role_id: number - role_name: string -} + role_id: number; + role_name: string; +}; export type ListUsersOptions = { - pattern?: string | null - columns?: UserColumnInput[] | '*' | string | null -} + pattern?: string | null; + columns?: UserColumnInput[] | "*" | string | null; +}; export type ListUserRow = { - enterprise_user_id: number - username: string - name?: string - status?: string - transfer_status?: string - node?: string - team_count?: number - teams?: string[] - queued_team_count?: number - queued_teams?: string[] - role_count?: number - roles?: string[] - alias?: string[] - tfa_enabled?: boolean -} + enterprise_user_id: number; + username: string; + name?: string; + status?: string; + transfer_status?: string; + node?: string; + team_count?: number; + teams?: string[]; + queued_team_count?: number; + queued_teams?: string[]; + role_count?: number; + roles?: string[]; + alias?: string[]; + tfa_enabled?: boolean; +}; export type FormattedUsersTable = { - headers: string[] - rows: string[][] -} + headers: string[]; + rows: string[][]; +}; export type FormatUsersTableOptions = { - columns?: ListUsersOptions['columns'] -} + columns?: ListUsersOptions["columns"]; +}; export type UserView = { - enterprise_user_id: number - username: string - node_id: number - node_name: string - full_name: string - status: string - tfa_enabled: boolean - transfer_status: string - aliases?: string[] - teams?: UserTeamInfo[] - queued_teams?: UserTeamInfo[] - roles?: UserRoleInfo[] - share_admins?: string[] -} + enterprise_user_id: number; + username: string; + node_id: number; + node_name: string; + full_name: string; + status: string; + tfa_enabled: boolean; + transfer_status: string; + aliases?: string[]; + teams?: UserTeamInfo[]; + queued_teams?: UserTeamInfo[]; + roles?: UserRoleInfo[]; + share_admins?: string[]; +}; export type FormatUserViewOptions = { - verbose?: boolean -} + verbose?: boolean; +}; export type UserViewTableRow = { - label: string - value: string | string[] - id?: string | string[] -} + label: string; + value: string | string[]; + id?: string | string[]; +}; export type FormattedUserViewTable = { - rows: UserViewTableRow[] - hasIdColumn: boolean -} + rows: UserViewTableRow[]; + hasIdColumn: boolean; +}; export type AddUserInput = { - emails: string[] - parent?: string | number | null - fullName?: string - jobTitle?: string -} + emails: string[]; + parent?: string | number | null; + fullName?: string; + jobTitle?: string; +}; export type AddUserItemResult = { - username: string - enterpriseUserId?: number - nodeId?: number - status: AddUserStatus - skipReason?: AddUserSkipReason - message?: string -} + username: string; + enterpriseUserId?: number; + nodeId?: number; + status: AddUserStatus; + skipReason?: AddUserSkipReason; + message?: string; +}; export type AddUserResult = { - success: boolean - parentNodeId: number - parentNodeName: string - items: AddUserItemResult[] - added: number - reinvited: number - skipped: number - failed: number -} + success: boolean; + parentNodeId: number; + parentNodeName: string; + items: AddUserItemResult[]; + added: number; + reinvited: number; + skipped: number; + failed: number; +}; export type FormatAddUserResultOptions = { - showSkipped?: boolean -} + showSkipped?: boolean; +}; export type FormattedAddUserTable = { - headers: string[] - rows: string[][] - parentNodeName: string - summary: string -} + headers: string[]; + rows: string[][]; + parentNodeName: string; + summary: string; +}; export type UpdateUserInput = { - emails: string[] - parent?: string | number | null - fullName?: string - jobTitle?: string - removeTeam?: string[] - removeRole?: string[] -} + emails: string[]; + parent?: string | number | null; + fullName?: string; + jobTitle?: string; + removeTeam?: string[]; + removeRole?: string[]; +}; export type UpdateUserItemResult = { - username: string - enterpriseUserId: number - nodeId: number - status: UpdateUserStatus - message?: string -} + username: string; + enterpriseUserId: number; + nodeId: number; + status: UpdateUserStatus; + message?: string; +}; export type UpdateUserResult = { - success: boolean - items: UpdateUserItemResult[] - updated: number - failed: number -} + success: boolean; + items: UpdateUserItemResult[]; + updated: number; + failed: number; +}; export type FormattedUpdateUserTable = { - headers: string[] - rows: string[][] - summary: string -} + headers: string[]; + rows: string[][]; + summary: string; +}; export type DeleteUserInput = { - emails: string[] -} + emails: string[]; +}; export type DeleteUserItemResult = { - username: string - enterpriseUserId: number - status: DeleteUserStatus - message?: string -} + username: string; + enterpriseUserId: number; + status: DeleteUserStatus; + message?: string; +}; export type DeleteUserResult = { - success: boolean - items: DeleteUserItemResult[] - deleted: number - failed: number -} + success: boolean; + items: DeleteUserItemResult[]; + deleted: number; + failed: number; +}; export type FormattedDeleteUserTable = { - headers: string[] - rows: string[][] - summary: string -} + headers: string[]; + rows: string[][]; + summary: string; +}; export type UserActionInput = { - emails: string[] - action: UserAction -} + emails: string[]; + action: UserAction; +}; export type UserActionItemResult = { - username: string - enterpriseUserId?: number - status: UserActionStatus - skipReason?: UserActionSkipReason - message?: string -} + username: string; + enterpriseUserId?: number; + status: UserActionStatus; + skipReason?: UserActionSkipReason; + message?: string; +}; export type UserActionResult = { - success: boolean - items: UserActionItemResult[] - succeeded: number - skipped: number - failed: number -} + success: boolean; + items: UserActionItemResult[]; + succeeded: number; + skipped: number; + failed: number; +}; export type FormattedUserActionTable = { - headers: string[] - rows: string[][] - summary: string -} + headers: string[]; + rows: string[][]; + summary: string; +}; export enum AliasOperation { - Add = 'add', - Remove = 'remove', + Add = "add", + Remove = "remove", } export type AliasUserInput = { - email: string - operation: AliasOperation - alias: string -} + email: string; + operation: AliasOperation; + alias: string; +}; export type AliasUserResult = { - success: boolean - username: string - enterpriseUserId: number - alias: string - operation: AliasOperation - detail: string -} + success: boolean; + username: string; + enterpriseUserId: number; + alias: string; + operation: AliasOperation; + detail: string; +}; export enum TeamUserStatus { - Added = 'added', - Removed = 'removed', - Skipped = 'skipped', - Failed = 'failed', - MissingPublicKey = 'missing_public_key', + Added = "added", + Removed = "removed", + Skipped = "skipped", + Failed = "failed", + MissingPublicKey = "missing_public_key", } export enum TeamUserSkipReason { - AlreadyMember = 'already_member', - NotMember = 'not_member', + AlreadyMember = "already_member", + NotMember = "not_member", } export type AddUsersToTeamsInput = { - users: string[] - teams: string[] - hideSharedFolders?: boolean -} + users: string[]; + teams: string[]; + hideSharedFolders?: boolean; +}; export type RemoveUsersFromTeamsInput = { - users: string[] - teams: string[] -} + users: string[]; + teams: string[]; +}; export type TeamUserItemResult = { - username: string - enterpriseUserId: number - teamUid: string - teamName: string - status: TeamUserStatus - skipReason?: TeamUserSkipReason - message?: string -} + username: string; + enterpriseUserId: number; + teamUid: string; + teamName: string; + status: TeamUserStatus; + skipReason?: TeamUserSkipReason; + message?: string; +}; export type TeamUserResult = { - success: boolean - items: TeamUserItemResult[] - succeeded: number - skipped: number - failed: number -} + success: boolean; + items: TeamUserItemResult[]; + succeeded: number; + skipped: number; + failed: number; +}; export type FormattedTeamUserTable = { - headers: string[] - rows: string[][] - summary: string -} + headers: string[]; + rows: string[][]; + summary: string; +}; export function normalizeEmailInputs(emails: string[] | undefined): string[] { - return (emails || []).map((e) => e.trim()).filter((e) => e.length > 0) -} - -export function validateUserProfileFields(fullName: string | undefined, jobTitle: string | undefined): void { - if (fullName !== undefined && fullName.length > MAX_FULL_NAME_LENGTH) { - throw new KeeperSdkError( - `Full name exceeds ${MAX_FULL_NAME_LENGTH} characters.`, - ResultCodes.USER_UPDATE_FAILED - ) + return (emails || []).map((e) => e.trim()).filter((e) => e.length > 0); +} + +export function validateUserProfileFields( + fullName: string | undefined, + jobTitle: string | undefined, +): void { + if (fullName !== undefined && fullName.length > MAX_FULL_NAME_LENGTH) { + throw new KeeperSdkError( + `Full name exceeds ${MAX_FULL_NAME_LENGTH} characters.`, + ResultCodes.USER_UPDATE_FAILED, + ); + } + if (jobTitle !== undefined && jobTitle.length > MAX_JOB_TITLE_LENGTH) { + throw new KeeperSdkError( + `Job title exceeds ${MAX_JOB_TITLE_LENGTH} characters.`, + ResultCodes.USER_UPDATE_FAILED, + ); + } +} + +export function resolveExistingUsers( + users: EnterpriseUser[], + identifiers: string[], +): EnterpriseUser[] { + const byEmail = new Map(); + const byId = new Map(); + for (const u of users) { + if (u.username) byEmail.set(u.username.toLowerCase(), u); + byId.set(u.enterprise_user_id, u); + } + + const result: EnterpriseUser[] = []; + const seen = new Set(); + + for (const identifier of identifiers) { + const trimmed = identifier.trim(); + const numericId = Number(trimmed); + let user: EnterpriseUser | undefined; + + if (Number.isInteger(numericId)) { + user = byId.get(numericId); } - if (jobTitle !== undefined && jobTitle.length > MAX_JOB_TITLE_LENGTH) { - throw new KeeperSdkError( - `Job title exceeds ${MAX_JOB_TITLE_LENGTH} characters.`, - ResultCodes.USER_UPDATE_FAILED - ) + if (!user) { + user = byEmail.get(trimmed.toLowerCase()); } -} - -export function resolveExistingUsers(users: EnterpriseUser[], identifiers: string[]): EnterpriseUser[] { - const byEmail = new Map() - const byId = new Map() - for (const u of users) { - if (u.username) byEmail.set(u.username.toLowerCase(), u) - byId.set(u.enterprise_user_id, u) + if (!user) { + throw new KeeperSdkError( + `User "${trimmed}" does not exist.`, + ResultCodes.USER_NOT_FOUND, + ); } - - const result: EnterpriseUser[] = [] - const seen = new Set() - - for (const identifier of identifiers) { - const trimmed = identifier.trim() - const numericId = Number(trimmed) - let user: EnterpriseUser | undefined - - if (Number.isInteger(numericId)) { - user = byId.get(numericId) - } - if (!user) { - user = byEmail.get(trimmed.toLowerCase()) - } - if (!user) { - throw new KeeperSdkError(`User "${trimmed}" does not exist.`, ResultCodes.USER_NOT_FOUND) - } - if (!seen.has(user.enterprise_user_id)) { - seen.add(user.enterprise_user_id) - result.push(user) - } + if (!seen.has(user.enterprise_user_id)) { + seen.add(user.enterprise_user_id); + result.push(user); } + } - return result + return result; } -export type FormattedUserStatus = 'Active' | 'Invited' | 'Locked' | 'Disabled' +export type FormattedUserStatus = "Active" | "Invited" | "Locked" | "Disabled"; export function formatUserStatus(user: EnterpriseUser): FormattedUserStatus { - if (user.status === EnterpriseUserStatus.Invited) return 'Invited' - if (user.lock === 1) return 'Locked' - if ((user.lock ?? 0) > 1) return 'Disabled' - return 'Active' + if (user.status === EnterpriseUserStatus.Invited) return "Invited"; + if (user.lock === 1) return "Locked"; + if ((user.lock ?? 0) > 1) return "Disabled"; + return "Active"; } export function formatTransferStatus(user: EnterpriseUser): string { - const exp = user.account_share_expiration - if (exp != null && exp > 0) { - return new Date(exp) < new Date() ? 'Blocked' : 'Pending Transfer' - } - return '' -} \ No newline at end of file + const exp = user.account_share_expiration; + if (exp != null && exp > 0) { + return new Date(exp) < new Date() ? "Blocked" : "Pending Transfer"; + } + return ""; +} diff --git a/KeeperSdk/src/users/viewUser.ts b/KeeperSdk/src/users/viewUser.ts index d8d4c910..e31abafa 100644 --- a/KeeperSdk/src/users/viewUser.ts +++ b/KeeperSdk/src/users/viewUser.ts @@ -1,284 +1,359 @@ -import { Enterprise, type Auth } from '@keeper-security/keeperapi' -import { extractErrorMessage, isNumber, KeeperSdkError, ResultCodes, logger } from '../utils' +import { Enterprise, type Auth } from "@keeper-security/keeperapi"; import { - EnterpriseDataInclude, - EnterpriseDataManager, - type EnterpriseQueuedTeamRecord, - type EnterpriseQueuedTeamUserLink, - type EnterpriseRoleUserLink, - type EnterpriseTeamRecord, - type EnterpriseTeamUserLink, - type EnterpriseUser, - type EnterpriseUserAliasLink, -} from '../teams/enterpriseData' + extractErrorMessage, + isNumber, + KeeperSdkError, + ResultCodes, + logger, +} from "../utils"; import { - formatTransferStatus, - formatUserStatus, - type FormattedUserViewTable, - type FormatUserViewOptions, - type UserRoleInfo, - type UserTeamInfo, - type UserView, - type UserViewTableRow, -} from './userTypes' - -const NODE_PATH_SEPARATOR = '\\' + EnterpriseDataInclude, + EnterpriseDataManager, + type EnterpriseQueuedTeamRecord, + type EnterpriseQueuedTeamUserLink, + type EnterpriseRoleUserLink, + type EnterpriseTeamRecord, + type EnterpriseTeamUserLink, + type EnterpriseUser, + type EnterpriseUserAliasLink, +} from "../teams/enterpriseData"; +import { + formatTransferStatus, + formatUserStatus, + type FormattedUserViewTable, + type FormatUserViewOptions, + type UserRoleInfo, + type UserTeamInfo, + type UserView, + type UserViewTableRow, +} from "./userTypes"; + +const NODE_PATH_SEPARATOR = "\\"; const VIEW_USER_INCLUDES: EnterpriseDataInclude[] = [ - EnterpriseDataInclude.Users, - EnterpriseDataInclude.Nodes, - EnterpriseDataInclude.Teams, - EnterpriseDataInclude.TeamUsers, - EnterpriseDataInclude.QueuedTeamUsers, - EnterpriseDataInclude.QueuedTeams, - EnterpriseDataInclude.RoleUsers, - EnterpriseDataInclude.Roles, - EnterpriseDataInclude.UserAliases, -] - -export async function viewUser(auth: Auth, identifier: string): Promise { - const enterpriseData = new EnterpriseDataManager(auth) - const [response, displayNames] = await Promise.all([ - enterpriseData.getData(VIEW_USER_INCLUDES), - enterpriseData.getDisplayNames(), - ]) - - const user = resolveUser(response.users || [], identifier) - - const nodes = response.nodes || [] - for (const node of nodes) { - const display = displayNames.nodes.get(node.node_id) - if (display) node.displayName = display - } - const nodeName = EnterpriseDataManager.getNodePath(nodes, user.node_id ?? 0, { - omitRoot: false, - separator: NODE_PATH_SEPARATOR, - }) - - const view: UserView = { - enterprise_user_id: user.enterprise_user_id, - username: user.username, - node_id: user.node_id ?? 0, - node_name: nodeName, - full_name: (user.full_name || '').trim(), - status: formatUserStatus(user), - tfa_enabled: user.tfa_enabled ?? false, - transfer_status: formatTransferStatus(user), - } - - const aliases = buildAliases(response.user_aliases || [], user) - if (aliases.length > 0) view.aliases = aliases - - const teams = buildUserTeams(response.team_users || [], response.teams || [], user.enterprise_user_id) - if (teams.length > 0) view.teams = teams - - const queuedTeams = buildUserQueuedTeams( - response.queued_team_users || [], - response.teams || [], - response.queued_teams || [], - user.enterprise_user_id - ) - if (queuedTeams.length > 0) view.queued_teams = queuedTeams - - const roles = buildUserRoles(response.role_users || [], displayNames.roles, user.enterprise_user_id) - if (roles.length > 0) view.roles = roles - - const shareAdmins = await fetchShareAdmins(auth, user.username) - if (shareAdmins.length > 0) view.share_admins = shareAdmins - - return view + EnterpriseDataInclude.Users, + EnterpriseDataInclude.Nodes, + EnterpriseDataInclude.Teams, + EnterpriseDataInclude.TeamUsers, + EnterpriseDataInclude.QueuedTeamUsers, + EnterpriseDataInclude.QueuedTeams, + EnterpriseDataInclude.RoleUsers, + EnterpriseDataInclude.Roles, + EnterpriseDataInclude.UserAliases, +]; + +export async function viewUser( + auth: Auth, + identifier: string, +): Promise { + const enterpriseData = new EnterpriseDataManager(auth); + const [response, displayNames] = await Promise.all([ + enterpriseData.getData(VIEW_USER_INCLUDES), + enterpriseData.getDisplayNames(), + ]); + + const user = resolveUser(response.users || [], identifier); + + const nodes = response.nodes || []; + for (const node of nodes) { + const display = displayNames.nodes.get(node.node_id); + if (display) node.displayName = display; + } + const nodeName = EnterpriseDataManager.getNodePath(nodes, user.node_id ?? 0, { + omitRoot: false, + separator: NODE_PATH_SEPARATOR, + }); + + const view: UserView = { + enterprise_user_id: user.enterprise_user_id, + username: user.username, + node_id: user.node_id ?? 0, + node_name: nodeName, + full_name: (user.full_name || "").trim(), + status: formatUserStatus(user), + tfa_enabled: user.tfa_enabled ?? false, + transfer_status: formatTransferStatus(user), + }; + + const aliases = buildAliases(response.user_aliases || [], user); + if (aliases.length > 0) view.aliases = aliases; + + const teams = buildUserTeams( + response.team_users || [], + response.teams || [], + user.enterprise_user_id, + ); + if (teams.length > 0) view.teams = teams; + + const queuedTeams = buildUserQueuedTeams( + response.queued_team_users || [], + response.teams || [], + response.queued_teams || [], + user.enterprise_user_id, + ); + if (queuedTeams.length > 0) view.queued_teams = queuedTeams; + + const roles = buildUserRoles( + response.role_users || [], + displayNames.roles, + user.enterprise_user_id, + ); + if (roles.length > 0) view.roles = roles; + + const shareAdmins = await fetchShareAdmins(auth, user.username); + if (shareAdmins.length > 0) view.share_admins = shareAdmins; + + return view; } -export function formatUserView(view: UserView, options: FormatUserViewOptions = {}): FormattedUserViewTable { - const verbose = options.verbose === true - - const rows: UserViewTableRow[] = [ - { label: 'User ID', value: String(view.enterprise_user_id) }, - { label: 'Email', value: view.username }, - { label: 'Full Name', value: view.full_name }, - { label: 'Node Name', value: view.node_name, id: verbose ? String(view.node_id) : undefined }, - { label: 'Status', value: view.status }, - { label: 'Transfer Status', value: view.transfer_status }, - { label: '2FA Enabled', value: String(view.tfa_enabled) }, - ] - - if (view.aliases && view.aliases.length > 0) { - rows.push({ label: 'Email Alias(es)', value: view.aliases }) - } - if (view.teams && view.teams.length > 0) { - rows.push({ - label: 'Team(s)', - value: view.teams.map((t) => t.name), - id: verbose ? view.teams.map((t) => t.team_uid) : undefined, - }) - } - if (view.queued_teams && view.queued_teams.length > 0) { - rows.push({ - label: 'Queued Team(s)', - value: view.queued_teams.map((t) => t.name), - id: verbose ? view.queued_teams.map((t) => t.team_uid) : undefined, - }) - } - if (view.roles && view.roles.length > 0) { - rows.push({ - label: 'Role(s)', - value: view.roles.map((r) => r.role_name), - id: verbose ? view.roles.map((r) => String(r.role_id)) : undefined, - }) - } - if (view.share_admins && view.share_admins.length > 0) { - rows.push({ label: 'Share Admin(s)', value: view.share_admins }) - } - - return { rows, hasIdColumn: verbose } +export function formatUserView( + view: UserView, + options: FormatUserViewOptions = {}, +): FormattedUserViewTable { + const verbose = options.verbose === true; + + const rows: UserViewTableRow[] = [ + { label: "User ID", value: String(view.enterprise_user_id) }, + { label: "Email", value: view.username }, + { label: "Full Name", value: view.full_name }, + { + label: "Node Name", + value: view.node_name, + id: verbose ? String(view.node_id) : undefined, + }, + { label: "Status", value: view.status }, + { label: "Transfer Status", value: view.transfer_status }, + { label: "2FA Enabled", value: String(view.tfa_enabled) }, + ]; + + if (view.aliases && view.aliases.length > 0) { + rows.push({ label: "Email Alias(es)", value: view.aliases }); + } + if (view.teams && view.teams.length > 0) { + rows.push({ + label: "Team(s)", + value: view.teams.map((t) => t.name), + id: verbose ? view.teams.map((t) => t.team_uid) : undefined, + }); + } + if (view.queued_teams && view.queued_teams.length > 0) { + rows.push({ + label: "Queued Team(s)", + value: view.queued_teams.map((t) => t.name), + id: verbose ? view.queued_teams.map((t) => t.team_uid) : undefined, + }); + } + if (view.roles && view.roles.length > 0) { + rows.push({ + label: "Role(s)", + value: view.roles.map((r) => r.role_name), + id: verbose ? view.roles.map((r) => String(r.role_id)) : undefined, + }); + } + if (view.share_admins && view.share_admins.length > 0) { + rows.push({ label: "Share Admin(s)", value: view.share_admins }); + } + + return { rows, hasIdColumn: verbose }; } export function userViewTable(table: FormattedUserViewTable): string { - const labelWidth = table.rows.reduce((max, row) => Math.max(max, row.label.length), 0) - - const expandedRows = table.rows.map((row) => ({ - label: row.label, - valueLines: asLines(row.value), - idLines: table.hasIdColumn ? asLines(row.id ?? []) : [], - })) - - const valueWidth = expandedRows.reduce( - (max, row) => Math.max(max, ...row.valueLines.map((l) => l.length)), - 0 - ) - const idWidth = table.hasIdColumn - ? expandedRows.reduce((max, row) => Math.max(max, ...row.idLines.map((l) => l.length)), 0) - : 0 - - const padLeft = (text: string, width: number): string => - ' '.repeat(Math.max(0, width - text.length)) + text - const padRight = (text: string, width: number): string => - text + ' '.repeat(Math.max(0, width - text.length)) - - const lines: string[] = [] - for (const row of expandedRows) { - const lineCount = Math.max(row.valueLines.length, table.hasIdColumn ? row.idLines.length : 0, 1) - for (let li = 0; li < lineCount; li += 1) { - const labelCell = padLeft(li === 0 ? row.label : '', labelWidth) - const valueCell = padRight(row.valueLines[li] ?? '', valueWidth) - const cells: string[] = [labelCell, valueCell] - if (table.hasIdColumn) cells.push(padRight(row.idLines[li] ?? '', idWidth)) - lines.push(cells.join(' ').trimEnd()) - } + const labelWidth = table.rows.reduce( + (max, row) => Math.max(max, row.label.length), + 0, + ); + + const expandedRows = table.rows.map((row) => ({ + label: row.label, + valueLines: asLines(row.value), + idLines: table.hasIdColumn ? asLines(row.id ?? []) : [], + })); + + const valueWidth = expandedRows.reduce( + (max, row) => Math.max(max, ...row.valueLines.map((l) => l.length)), + 0, + ); + const idWidth = table.hasIdColumn + ? expandedRows.reduce( + (max, row) => Math.max(max, ...row.idLines.map((l) => l.length)), + 0, + ) + : 0; + + const padLeft = (text: string, width: number): string => + " ".repeat(Math.max(0, width - text.length)) + text; + const padRight = (text: string, width: number): string => + text + " ".repeat(Math.max(0, width - text.length)); + + const lines: string[] = []; + for (const row of expandedRows) { + const lineCount = Math.max( + row.valueLines.length, + table.hasIdColumn ? row.idLines.length : 0, + 1, + ); + for (let li = 0; li < lineCount; li += 1) { + const labelCell = padLeft(li === 0 ? row.label : "", labelWidth); + const valueCell = padRight(row.valueLines[li] ?? "", valueWidth); + const cells: string[] = [labelCell, valueCell]; + if (table.hasIdColumn) + cells.push(padRight(row.idLines[li] ?? "", idWidth)); + lines.push(cells.join(" ").trimEnd()); } - return lines.join('\n') + } + return lines.join("\n"); } -function resolveUser(users: EnterpriseUser[], identifier: string): EnterpriseUser { - const trimmed = (identifier ?? '').trim() - if (!trimmed) { - throw new KeeperSdkError('User email or ID is required.', ResultCodes.USER_NOT_FOUND) - } - - const numericId = Number(trimmed) - if (Number.isInteger(numericId)) { - const byId = users.find((u) => u.enterprise_user_id === numericId) - if (byId) return byId - } - - const lowered = trimmed.toLowerCase() - const byEmail = users.filter((u) => (u.username || '').toLowerCase() === lowered) - if (byEmail.length === 1) return byEmail[0] - if (byEmail.length > 1) { - throw new KeeperSdkError( - `Multiple users match "${trimmed}". Specify the enterprise user ID instead.`, - ResultCodes.MULTIPLE_USER_MATCHES - ) - } - - throw new KeeperSdkError(`User "${trimmed}" does not exist.`, ResultCodes.USER_NOT_FOUND) +function resolveUser( + users: EnterpriseUser[], + identifier: string, +): EnterpriseUser { + const trimmed = (identifier ?? "").trim(); + if (!trimmed) { + throw new KeeperSdkError( + "User email or ID is required.", + ResultCodes.USER_NOT_FOUND, + ); + } + + const numericId = Number(trimmed); + if (Number.isInteger(numericId)) { + const byId = users.find((u) => u.enterprise_user_id === numericId); + if (byId) return byId; + } + + const lowered = trimmed.toLowerCase(); + const byEmail = users.filter( + (u) => (u.username || "").toLowerCase() === lowered, + ); + if (byEmail.length === 1) return byEmail[0]; + if (byEmail.length > 1) { + throw new KeeperSdkError( + `Multiple users match "${trimmed}". Specify the enterprise user ID instead.`, + ResultCodes.MULTIPLE_USER_MATCHES, + ); + } + + throw new KeeperSdkError( + `User "${trimmed}" does not exist.`, + ResultCodes.USER_NOT_FOUND, + ); } -function buildAliases(links: EnterpriseUserAliasLink[], user: EnterpriseUser): string[] { - const primary = user.username.toLowerCase() - return links - .filter((l) => l.enterprise_user_id === user.enterprise_user_id && l.username.toLowerCase() !== primary) - .map((l) => l.username) - .sort((a, b) => a.localeCompare(b, undefined, { sensitivity: 'base' })) +function buildAliases( + links: EnterpriseUserAliasLink[], + user: EnterpriseUser, +): string[] { + const primary = user.username.toLowerCase(); + return links + .filter( + (l) => + l.enterprise_user_id === user.enterprise_user_id && + l.username.toLowerCase() !== primary, + ) + .map((l) => l.username) + .sort((a, b) => a.localeCompare(b, undefined, { sensitivity: "base" })); } function buildUserTeams( - teamUsers: EnterpriseTeamUserLink[], - teams: EnterpriseTeamRecord[], - userId: number + teamUsers: EnterpriseTeamUserLink[], + teams: EnterpriseTeamRecord[], + userId: number, ): UserTeamInfo[] { - const teamByUid = new Map(teams.filter((t) => t.team_uid).map((t) => [t.team_uid, t])) - - return teamUsers - .filter((link) => link.enterprise_user_id === userId) - .flatMap((link) => { - const team = teamByUid.get(link.team_uid) - return team ? [{ team_uid: team.team_uid, name: team.name || team.team_uid }] : [] - }) - .sort((a, b) => a.name.localeCompare(b.name, undefined, { sensitivity: 'base' })) + const teamByUid = new Map( + teams.filter((t) => t.team_uid).map((t) => [t.team_uid, t]), + ); + + return teamUsers + .filter((link) => link.enterprise_user_id === userId) + .flatMap((link) => { + const team = teamByUid.get(link.team_uid); + return team + ? [{ team_uid: team.team_uid, name: team.name || team.team_uid }] + : []; + }) + .sort((a, b) => + a.name.localeCompare(b.name, undefined, { sensitivity: "base" }), + ); } function buildUserQueuedTeams( - queuedTeamUsers: EnterpriseQueuedTeamUserLink[], - teams: EnterpriseTeamRecord[], - queuedTeams: EnterpriseQueuedTeamRecord[], - userId: number + queuedTeamUsers: EnterpriseQueuedTeamUserLink[], + teams: EnterpriseTeamRecord[], + queuedTeams: EnterpriseQueuedTeamRecord[], + userId: number, ): UserTeamInfo[] { - const teamByUid = new Map() - for (const t of teams) { - if (t.team_uid) teamByUid.set(t.team_uid, t.name || t.team_uid) - } - for (const qt of queuedTeams) { - if (qt.team_uid && !teamByUid.has(qt.team_uid)) teamByUid.set(qt.team_uid, qt.name || qt.team_uid) - } - - return queuedTeamUsers - .filter((link) => link.enterprise_user_id === userId) - .flatMap((link) => { - const name = teamByUid.get(link.team_uid) - return name ? [{ team_uid: link.team_uid, name }] : [] - }) - .sort((a, b) => a.name.localeCompare(b.name, undefined, { sensitivity: 'base' })) + const teamByUid = new Map(); + for (const t of teams) { + if (t.team_uid) teamByUid.set(t.team_uid, t.name || t.team_uid); + } + for (const qt of queuedTeams) { + if (qt.team_uid && !teamByUid.has(qt.team_uid)) + teamByUid.set(qt.team_uid, qt.name || qt.team_uid); + } + + return queuedTeamUsers + .filter((link) => link.enterprise_user_id === userId) + .flatMap((link) => { + const name = teamByUid.get(link.team_uid); + return name ? [{ team_uid: link.team_uid, name }] : []; + }) + .sort((a, b) => + a.name.localeCompare(b.name, undefined, { sensitivity: "base" }), + ); } function buildUserRoles( - roleUsers: EnterpriseRoleUserLink[], - decryptedRoleNames: Map, - userId: number + roleUsers: EnterpriseRoleUserLink[], + decryptedRoleNames: Map, + userId: number, ): UserRoleInfo[] { - return roleUsers - .filter((link) => link.enterprise_user_id === userId && isNumber(link.role_id)) - .map((link) => ({ - role_id: link.role_id, - role_name: decryptedRoleNames.get(link.role_id) || String(link.role_id), - })) - .sort((a, b) => a.role_name.localeCompare(b.role_name, undefined, { sensitivity: 'base' })) + return roleUsers + .filter( + (link) => link.enterprise_user_id === userId && isNumber(link.role_id), + ) + .map((link) => ({ + role_id: link.role_id, + role_name: decryptedRoleNames.get(link.role_id) || String(link.role_id), + })) + .sort((a, b) => + a.role_name.localeCompare(b.role_name, undefined, { + sensitivity: "base", + }), + ); } -async function fetchShareAdmins(auth: Auth, username: string): Promise { - try { - const message = { - path: 'enterprise/get_sharing_admins', - toBytes(): Uint8Array { - return Enterprise.GetSharingAdminsRequest.encode({ username }).finish() - }, - fromBytes(data: Uint8Array): Enterprise.IGetSharingAdminsResponse { - return Enterprise.GetSharingAdminsResponse.decode(data) - }, - } - const response = await auth.executeRest(message) - return (response.userProfileExts || []) - .map((ext) => ext.email || '') - .filter((email) => email.length > 0) - .sort((a, b) => a.localeCompare(b, undefined, { sensitivity: 'base' })) - } catch (err) { - const masked = username.includes('@') ? `***@${username.split('@')[1]}` : '***' - logger.warn(`get_sharing_admins failed for ${masked}: ${extractErrorMessage(err)}`) - return [] - } +async function fetchShareAdmins( + auth: Auth, + username: string, +): Promise { + try { + const message = { + path: "enterprise/get_sharing_admins", + toBytes(): Uint8Array { + return Enterprise.GetSharingAdminsRequest.encode({ username }).finish(); + }, + fromBytes(data: Uint8Array): Enterprise.IGetSharingAdminsResponse { + return Enterprise.GetSharingAdminsResponse.decode(data); + }, + }; + const response = await auth.executeRest(message); + return (response.userProfileExts || []) + .map((ext) => ext.email || "") + .filter((email) => email.length > 0) + .sort((a, b) => a.localeCompare(b, undefined, { sensitivity: "base" })); + } catch (err) { + const masked = username.includes("@") + ? `***@${username.split("@")[1]}` + : "***"; + logger.warn( + `get_sharing_admins failed for ${masked}: ${extractErrorMessage(err)}`, + ); + return []; + } } function asLines(value: string | string[]): string[] { - if (Array.isArray(value)) return value.length > 0 ? value : [''] - return value.length > 0 ? [value] : [''] + if (Array.isArray(value)) return value.length > 0 ? value : [""]; + return value.length > 0 ? [value] : [""]; } diff --git a/KeeperSdk/src/utils/Logger.ts b/KeeperSdk/src/utils/Logger.ts index d9d1ceef..e0f810a4 100644 --- a/KeeperSdk/src/utils/Logger.ts +++ b/KeeperSdk/src/utils/Logger.ts @@ -1,87 +1,91 @@ export enum LogLevel { - DEBUG = 0, - INFO = 1, - WARN = 2, - ERROR = 3, - NONE = 4, + DEBUG = 0, + INFO = 1, + WARN = 2, + ERROR = 3, + NONE = 4, } export interface ILogger { - debug(...args: unknown[]): void - info(...args: unknown[]): void - warn(...args: unknown[]): void - error(...args: unknown[]): void + debug(...args: unknown[]): void; + info(...args: unknown[]): void; + warn(...args: unknown[]): void; + error(...args: unknown[]): void; } -const CREDENTIAL_PATTERN = /\b(password|passwd|pwd|secret|api[_-]?key|auth[_-]?token)\s*[:=]\s*\S+/gi +const CREDENTIAL_PATTERN = + /\b(password|passwd|pwd|secret|api[_-]?key|auth[_-]?token)\s*[:=]\s*\S+/gi; function redactSensitiveString(value: string): string { - return value.replace(CREDENTIAL_PATTERN, (_, key: string) => `${key}=[REDACTED]`) + return value.replace( + CREDENTIAL_PATTERN, + (_, key: string) => `${key}=[REDACTED]`, + ); } function sanitizeArg(arg: unknown): unknown { - if (typeof arg === 'string') return redactSensitiveString(arg) - if (Array.isArray(arg)) return arg.map(sanitizeArg) - return arg + if (typeof arg === "string") return redactSensitiveString(arg); + if (Array.isArray(arg)) return arg.map(sanitizeArg); + return arg; } export function writeOutput(message: string): void { - process.stdout.write(message.endsWith('\n') ? message : `${message}\n`) + process.stdout.write(message.endsWith("\n") ? message : `${message}\n`); } export class ConsoleLogger implements ILogger { - private level: LogLevel + private level: LogLevel; - constructor(level: LogLevel = LogLevel.INFO) { - this.level = level - } + constructor(level: LogLevel = LogLevel.INFO) { + this.level = level; + } - public setLevel(level: LogLevel): void { - this.level = level - } + public setLevel(level: LogLevel): void { + this.level = level; + } - public getLevel(): LogLevel { - return this.level - } + public getLevel(): LogLevel { + return this.level; + } - public debug(...args: unknown[]): void { - if (this.level <= LogLevel.DEBUG) console.debug(...args.map(sanitizeArg)) - } + public debug(...args: unknown[]): void { + if (this.level <= LogLevel.DEBUG) console.debug(...args.map(sanitizeArg)); + } - public info(...args: unknown[]): void { - if (this.level <= LogLevel.INFO) console.log(...args.map(sanitizeArg)) - } + public info(...args: unknown[]): void { + if (this.level <= LogLevel.INFO) console.log(...args.map(sanitizeArg)); + } - public warn(...args: unknown[]): void { - if (this.level <= LogLevel.WARN) console.warn(...args.map(sanitizeArg)) - } + public warn(...args: unknown[]): void { + if (this.level <= LogLevel.WARN) console.warn(...args.map(sanitizeArg)); + } - public error(...args: unknown[]): void { - if (this.level <= LogLevel.ERROR) console.error(...args.map(sanitizeArg)) - } + public error(...args: unknown[]): void { + if (this.level <= LogLevel.ERROR) console.error(...args.map(sanitizeArg)); + } } -let globalLogger: ILogger = new ConsoleLogger() +let globalLogger: ILogger = new ConsoleLogger(); export function setLogger(newLogger: ILogger): void { - globalLogger = newLogger + globalLogger = newLogger; } export function getLogger(): ILogger { - return globalLogger + return globalLogger; } export function resetLogger(level: LogLevel = LogLevel.INFO): ConsoleLogger { - const c = new ConsoleLogger(level) - globalLogger = c - return c + const c = new ConsoleLogger(level); + globalLogger = c; + return c; } export const logger: ILogger = { - debug: (...args) => globalLogger.debug(...args), - info: (...args) => globalLogger.info(...args), - warn: (...args) => globalLogger.warn(...args), - error: (...args) => globalLogger.error(...args), -} + debug: (...args) => globalLogger.debug(...args), + info: (...args) => globalLogger.info(...args), + warn: (...args) => globalLogger.warn(...args), + error: (...args) => globalLogger.error(...args), +}; -export { ConsoleLogger as Logger } +export { ConsoleLogger as Logger }; diff --git a/KeeperSdk/src/utils/constants.ts b/KeeperSdk/src/utils/constants.ts index f9062376..d62c8c38 100644 --- a/KeeperSdk/src/utils/constants.ts +++ b/KeeperSdk/src/utils/constants.ts @@ -1,250 +1,251 @@ -const DEFAULT_CLIENT_VERSION = 'c18.0.0' -const DEFAULT_DEVICE_NAME = 'JavaScript Keeper SDK' -const DEFAULT_CONFIG_DIR = '.keeper' -const DEFAULT_LOG_FORMAT = '!' +const DEFAULT_CLIENT_VERSION = "c18.0.0"; +const DEFAULT_DEVICE_NAME = "JavaScript Keeper SDK"; +const DEFAULT_CONFIG_DIR = ".keeper"; +const DEFAULT_LOG_FORMAT = "!"; export const SdkDefaults = { - CLIENT_VERSION: DEFAULT_CLIENT_VERSION, - DEVICE_NAME: DEFAULT_DEVICE_NAME, - CONFIG_DIR: DEFAULT_CONFIG_DIR, - LOG_FORMAT: DEFAULT_LOG_FORMAT, -} as const + CLIENT_VERSION: DEFAULT_CLIENT_VERSION, + DEVICE_NAME: DEFAULT_DEVICE_NAME, + CONFIG_DIR: DEFAULT_CONFIG_DIR, + LOG_FORMAT: DEFAULT_LOG_FORMAT, +} as const; export const AuthDefaults = { - MAX_LOGIN_ATTEMPTS: 5, - APPROVAL_TIMEOUT_MS: 60_000, - CODE_VALIDATION_DELAY_MS: 2_000, -} as const + MAX_LOGIN_ATTEMPTS: 5, + APPROVAL_TIMEOUT_MS: 60_000, + CODE_VALIDATION_DELAY_MS: 2_000, +} as const; export enum AuthErrorCode { - InvalidCredentials = 'invalid_credentials', - MissingUsername = 'missing_username', - MissingPassword = 'missing_password', - MaxAttemptsExceeded = 'max_attempts_exceeded', - UserCancelled = 'user_cancelled', - Unsupported2FAChannel = 'unsupported_2fa_channel', + InvalidCredentials = "invalid_credentials", + MissingUsername = "missing_username", + MissingPassword = "missing_password", + MaxAttemptsExceeded = "max_attempts_exceeded", + UserCancelled = "user_cancelled", + Unsupported2FAChannel = "unsupported_2fa_channel", } export enum SessionErrorCode { - NotLoggedIn = 'not_logged_in', - DeviceNotRegistered = 'device_not_registered', - NoPreviousLogin = 'no_previous_login', - NoCloneCode = 'no_clone_code', - PersistentLoginFailed = 'persistent_login_failed', - SessionTokenExpired = 'session_token_expired', + NotLoggedIn = "not_logged_in", + DeviceNotRegistered = "device_not_registered", + NoPreviousLogin = "no_previous_login", + NoCloneCode = "no_clone_code", + PersistentLoginFailed = "persistent_login_failed", + SessionTokenExpired = "session_token_expired", } export enum ValidationErrorCode { - InvalidPattern = 'invalid_pattern', + InvalidPattern = "invalid_pattern", } export enum RoleErrorCode { - RoleRequired = 'role_required', - RoleNotFound = 'role_not_found', - MultipleRoleMatches = 'multiple_role_matches', - NoRolesToAdd = 'no_roles_to_add', - NoRolesToUpdate = 'no_roles_to_update', - NoRolesToDelete = 'no_roles_to_delete', - RoleAddFailed = 'role_add_failed', - RoleUpdateFailed = 'role_update_failed', - RoleDeleteFailed = 'role_delete_failed', - RoleIdAllocationFailed = 'role_id_allocation_failed', - RoleRenameMultiNotAllowed = 'role_rename_multi_not_allowed', - RoleNameEmpty = 'role_name_empty', - RoleEnforcementFailed = 'role_enforcement_failed', + RoleRequired = "role_required", + RoleNotFound = "role_not_found", + MultipleRoleMatches = "multiple_role_matches", + NoRolesToAdd = "no_roles_to_add", + NoRolesToUpdate = "no_roles_to_update", + NoRolesToDelete = "no_roles_to_delete", + RoleAddFailed = "role_add_failed", + RoleUpdateFailed = "role_update_failed", + RoleDeleteFailed = "role_delete_failed", + RoleIdAllocationFailed = "role_id_allocation_failed", + RoleRenameMultiNotAllowed = "role_rename_multi_not_allowed", + RoleNameEmpty = "role_name_empty", + RoleEnforcementFailed = "role_enforcement_failed", } export enum NsfErrorCode { - NotFound = 'nsf_not_found', - MultipleMatches = 'nsf_multiple_matches', - LegacyRecord = 'nsf_legacy_record', - LegacyFolder = 'nsf_legacy_folder', - PermissionDenied = 'nsf_permission_denied', - LinkFailed = 'nsf_link_failed', - RemoveFailed = 'nsf_remove_failed', - FolderRequired = 'nsf_folder_required', - TooManyRecords = 'nsf_too_many_records', - TooManyFolders = 'nsf_too_many_folders', - MissingKey = 'nsf_missing_key', - MkdirFailed = 'nsf_mkdir_failed', - UpdateFailed = 'nsf_update_failed', - DetailsFailed = 'nsf_details_failed', - AddFailed = 'nsf_add_failed', - ShareFailed = 'nsf_share_failed', - ShortcutFailed = 'nsf_shortcut_failed', - TransferFailed = 'nsf_transfer_failed', - RecordPermissionFailed = 'nsf_record_permission_failed', + NotFound = "nsf_not_found", + MultipleMatches = "nsf_multiple_matches", + LegacyRecord = "nsf_legacy_record", + LegacyFolder = "nsf_legacy_folder", + PermissionDenied = "nsf_permission_denied", + LinkFailed = "nsf_link_failed", + RemoveFailed = "nsf_remove_failed", + FolderRequired = "nsf_folder_required", + TooManyRecords = "nsf_too_many_records", + TooManyFolders = "nsf_too_many_folders", + MissingKey = "nsf_missing_key", + MkdirFailed = "nsf_mkdir_failed", + UpdateFailed = "nsf_update_failed", + DetailsFailed = "nsf_details_failed", + AddFailed = "nsf_add_failed", + ShareFailed = "nsf_share_failed", + ShortcutFailed = "nsf_shortcut_failed", + TransferFailed = "nsf_transfer_failed", + RecordPermissionFailed = "nsf_record_permission_failed", } export enum TeamErrorCode { - TeamRequired = 'team_required', - TeamNotFound = 'team_not_found', - MultipleTeamMatches = 'multiple_team_matches', - NoTeamsToAdd = 'no_teams_to_add', - NoTeamsToUpdate = 'no_teams_to_update', - NoTeamsToDelete = 'no_teams_to_delete', - ParentNodeRequired = 'parent_node_required', - ParentNodeNotFound = 'parent_node_not_found', - MultipleParentNodeMatches = 'multiple_parent_node_matches', - EnterprisePublicKeyMissing = 'enterprise_public_key_missing', - EnterpriseTreeKeyUnavailable = 'enterprise_tree_key_unavailable', - DataKeyMissing = 'data_key_missing', - TeamAddFailed = 'team_add_failed', - TeamUpdateFailed = 'team_update_failed', - TeamDeleteFailed = 'team_delete_failed', - MultipleTeamRenameNotAllowed = 'multiple_team_rename_not_allowed', - QueuedTeamNotFound = 'queued_team_not_found', - TeamNameTooLong = 'team_name_too_long', + TeamRequired = "team_required", + TeamNotFound = "team_not_found", + MultipleTeamMatches = "multiple_team_matches", + NoTeamsToAdd = "no_teams_to_add", + NoTeamsToUpdate = "no_teams_to_update", + NoTeamsToDelete = "no_teams_to_delete", + ParentNodeRequired = "parent_node_required", + ParentNodeNotFound = "parent_node_not_found", + MultipleParentNodeMatches = "multiple_parent_node_matches", + EnterprisePublicKeyMissing = "enterprise_public_key_missing", + EnterpriseTreeKeyUnavailable = "enterprise_tree_key_unavailable", + DataKeyMissing = "data_key_missing", + TeamAddFailed = "team_add_failed", + TeamUpdateFailed = "team_update_failed", + TeamDeleteFailed = "team_delete_failed", + MultipleTeamRenameNotAllowed = "multiple_team_rename_not_allowed", + QueuedTeamNotFound = "queued_team_not_found", + TeamNameTooLong = "team_name_too_long", } export enum AuditReportErrorCode { - InvalidReportType = 'audit_invalid_report_type', - InvalidCreatedFilter = 'audit_invalid_created_filter', - InvalidFilter = 'audit_invalid_filter', - InvalidLimit = 'audit_invalid_limit', - ColumnsRequired = 'audit_columns_required', - DimensionColumnRequired = 'audit_dimension_column_required', - DimensionFailed = 'audit_dimension_failed', - ReportFailed = 'audit_report_failed', - ReportingNotEnabled = 'audit_reporting_not_enabled', - LicenseCheckFailed = 'audit_license_check_failed', + InvalidReportType = "audit_invalid_report_type", + InvalidCreatedFilter = "audit_invalid_created_filter", + InvalidFilter = "audit_invalid_filter", + InvalidLimit = "audit_invalid_limit", + ColumnsRequired = "audit_columns_required", + DimensionColumnRequired = "audit_dimension_column_required", + DimensionFailed = "audit_dimension_failed", + ReportFailed = "audit_report_failed", + ReportingNotEnabled = "audit_reporting_not_enabled", + LicenseCheckFailed = "audit_license_check_failed", } export enum ActionReportErrorCode { - ReportFailed = 'action_report_failed', - InvalidAction = 'action_report_invalid_action', - TargetUserRequired = 'action_report_target_user_required', - TransferNotSupported = 'action_report_transfer_not_supported', - NodeNotFound = 'action_report_node_not_found', - NodeNotUnique = 'action_report_node_not_unique', + ReportFailed = "action_report_failed", + InvalidAction = "action_report_invalid_action", + TargetUserRequired = "action_report_target_user_required", + TransferNotSupported = "action_report_transfer_not_supported", + NodeNotFound = "action_report_node_not_found", + NodeNotUnique = "action_report_node_not_unique", } export enum PasswordReportErrorCode { - PolicyRequired = 'password_report_policy_required', + PolicyRequired = "password_report_policy_required", } export enum UserErrorCode { - NoUsersToUpdate = 'no_users_to_update', - NoUsersToAdd = 'no_users_to_add', - NoUsersToDelete = 'no_users_to_delete', - UserNotFound = 'user_not_found', - MultipleUserMatches = 'multiple_user_matches', - UserAddFailed = 'user_add_failed', - UserUpdateFailed = 'user_update_failed', - UserDeleteFailed = 'user_delete_failed', - RoleNotFound = 'role_not_found', - NoUsersToAction = 'no_users_to_action', - UserActionFailed = 'user_action_failed', - UserActionAllNotSupported = 'user_action_all_not_supported', - UserAliasFailed = 'user_alias_failed', - NoTeamsForUserOp = 'no_teams_for_user_op', - TeamUserAddFailed = 'team_user_add_failed', - TeamUserRemoveFailed = 'team_user_remove_failed', + NoUsersToUpdate = "no_users_to_update", + NoUsersToAdd = "no_users_to_add", + NoUsersToDelete = "no_users_to_delete", + UserNotFound = "user_not_found", + MultipleUserMatches = "multiple_user_matches", + UserAddFailed = "user_add_failed", + UserUpdateFailed = "user_update_failed", + UserDeleteFailed = "user_delete_failed", + RoleNotFound = "role_not_found", + NoUsersToAction = "no_users_to_action", + UserActionFailed = "user_action_failed", + UserActionAllNotSupported = "user_action_all_not_supported", + UserAliasFailed = "user_alias_failed", + NoTeamsForUserOp = "no_teams_for_user_op", + TeamUserAddFailed = "team_user_add_failed", + TeamUserRemoveFailed = "team_user_remove_failed", } export const ResultCodes = { - INVALID_CREDENTIALS: AuthErrorCode.InvalidCredentials, - MISSING_USERNAME: AuthErrorCode.MissingUsername, - MISSING_PASSWORD: AuthErrorCode.MissingPassword, - MAX_ATTEMPTS_EXCEEDED: AuthErrorCode.MaxAttemptsExceeded, - USER_CANCELLED: AuthErrorCode.UserCancelled, - UNSUPPORTED_2FA_CHANNEL: AuthErrorCode.Unsupported2FAChannel, - NOT_LOGGED_IN: SessionErrorCode.NotLoggedIn, - DEVICE_NOT_REGISTERED: SessionErrorCode.DeviceNotRegistered, - NO_PREVIOUS_LOGIN: SessionErrorCode.NoPreviousLogin, - NO_CLONE_CODE: SessionErrorCode.NoCloneCode, - PERSISTENT_LOGIN_FAILED: SessionErrorCode.PersistentLoginFailed, - SESSION_TOKEN_EXPIRED: SessionErrorCode.SessionTokenExpired, - INVALID_PATTERN: ValidationErrorCode.InvalidPattern, - ROLE_REQUIRED: RoleErrorCode.RoleRequired, - ROLE_NOT_FOUND: RoleErrorCode.RoleNotFound, - MULTIPLE_ROLE_MATCHES: RoleErrorCode.MultipleRoleMatches, - NO_ROLES_TO_ADD: RoleErrorCode.NoRolesToAdd, - NO_ROLES_TO_UPDATE: RoleErrorCode.NoRolesToUpdate, - NO_ROLES_TO_DELETE: RoleErrorCode.NoRolesToDelete, - ROLE_ADD_FAILED: RoleErrorCode.RoleAddFailed, - ROLE_UPDATE_FAILED: RoleErrorCode.RoleUpdateFailed, - ROLE_DELETE_FAILED: RoleErrorCode.RoleDeleteFailed, - ROLE_ID_ALLOCATION_FAILED: RoleErrorCode.RoleIdAllocationFailed, - ROLE_RENAME_MULTI_NOT_ALLOWED: RoleErrorCode.RoleRenameMultiNotAllowed, - ROLE_NAME_EMPTY: RoleErrorCode.RoleNameEmpty, - ROLE_ENFORCEMENT_FAILED: RoleErrorCode.RoleEnforcementFailed, - NSF_NOT_FOUND: NsfErrorCode.NotFound, - MULTIPLE_NSF_MATCHES: NsfErrorCode.MultipleMatches, - NSF_LEGACY_RECORD: NsfErrorCode.LegacyRecord, - NSF_LEGACY_FOLDER: NsfErrorCode.LegacyFolder, - NSF_PERMISSION_DENIED: NsfErrorCode.PermissionDenied, - NSF_LINK_FAILED: NsfErrorCode.LinkFailed, - NSF_REMOVE_FAILED: NsfErrorCode.RemoveFailed, - NSF_FOLDER_REQUIRED: NsfErrorCode.FolderRequired, - NSF_TOO_MANY_RECORDS: NsfErrorCode.TooManyRecords, - NSF_TOO_MANY_FOLDERS: NsfErrorCode.TooManyFolders, - NSF_MISSING_KEY: NsfErrorCode.MissingKey, - NSF_MKDIR_FAILED: NsfErrorCode.MkdirFailed, - NSF_UPDATE_FAILED: NsfErrorCode.UpdateFailed, - NSF_DETAILS_FAILED: NsfErrorCode.DetailsFailed, - NSF_ADD_FAILED: NsfErrorCode.AddFailed, - NSF_SHARE_FAILED: NsfErrorCode.ShareFailed, - NSF_SHORTCUT_FAILED: NsfErrorCode.ShortcutFailed, - NSF_TRANSFER_FAILED: NsfErrorCode.TransferFailed, - NSF_RECORD_PERMISSION_FAILED: NsfErrorCode.RecordPermissionFailed, - TEAM_REQUIRED: TeamErrorCode.TeamRequired, - TEAM_NOT_FOUND: TeamErrorCode.TeamNotFound, - MULTIPLE_TEAM_MATCHES: TeamErrorCode.MultipleTeamMatches, - NO_TEAMS_TO_ADD: TeamErrorCode.NoTeamsToAdd, - NO_TEAMS_TO_UPDATE: TeamErrorCode.NoTeamsToUpdate, - NO_TEAMS_TO_DELETE: TeamErrorCode.NoTeamsToDelete, - PARENT_NODE_REQUIRED: TeamErrorCode.ParentNodeRequired, - PARENT_NODE_NOT_FOUND: TeamErrorCode.ParentNodeNotFound, - MULTIPLE_PARENT_NODE_MATCHES: TeamErrorCode.MultipleParentNodeMatches, - ENTERPRISE_PUBLIC_KEY_MISSING: TeamErrorCode.EnterprisePublicKeyMissing, - ENTERPRISE_TREE_KEY_UNAVAILABLE: TeamErrorCode.EnterpriseTreeKeyUnavailable, - DATA_KEY_MISSING: TeamErrorCode.DataKeyMissing, - TEAM_ADD_FAILED: TeamErrorCode.TeamAddFailed, - TEAM_UPDATE_FAILED: TeamErrorCode.TeamUpdateFailed, - TEAM_DELETE_FAILED: TeamErrorCode.TeamDeleteFailed, - MULTIPLE_TEAM_RENAME_NOT_ALLOWED: TeamErrorCode.MultipleTeamRenameNotAllowed, - QUEUED_TEAM_NOT_FOUND: TeamErrorCode.QueuedTeamNotFound, - TEAM_NAME_TOO_LONG: TeamErrorCode.TeamNameTooLong, - NO_USERS_TO_UPDATE: UserErrorCode.NoUsersToUpdate, - NO_USERS_TO_ADD: UserErrorCode.NoUsersToAdd, - NO_USERS_TO_DELETE: UserErrorCode.NoUsersToDelete, - USER_NOT_FOUND: UserErrorCode.UserNotFound, - MULTIPLE_USER_MATCHES: UserErrorCode.MultipleUserMatches, - USER_ADD_FAILED: UserErrorCode.UserAddFailed, - USER_UPDATE_FAILED: UserErrorCode.UserUpdateFailed, - USER_DELETE_FAILED: UserErrorCode.UserDeleteFailed, - NO_USERS_TO_ACTION: UserErrorCode.NoUsersToAction, - USER_ACTION_FAILED: UserErrorCode.UserActionFailed, - USER_ACTION_ALL_NOT_SUPPORTED: UserErrorCode.UserActionAllNotSupported, - USER_ALIAS_FAILED: UserErrorCode.UserAliasFailed, - NO_TEAMS_FOR_USER_OP: UserErrorCode.NoTeamsForUserOp, - TEAM_USER_ADD_FAILED: UserErrorCode.TeamUserAddFailed, - TEAM_USER_REMOVE_FAILED: UserErrorCode.TeamUserRemoveFailed, - AUDIT_INVALID_REPORT_TYPE: AuditReportErrorCode.InvalidReportType, - AUDIT_INVALID_CREATED_FILTER: AuditReportErrorCode.InvalidCreatedFilter, - AUDIT_INVALID_FILTER: AuditReportErrorCode.InvalidFilter, - AUDIT_INVALID_LIMIT: AuditReportErrorCode.InvalidLimit, - AUDIT_COLUMNS_REQUIRED: AuditReportErrorCode.ColumnsRequired, - AUDIT_DIMENSION_COLUMN_REQUIRED: AuditReportErrorCode.DimensionColumnRequired, - AUDIT_DIMENSION_FAILED: AuditReportErrorCode.DimensionFailed, - AUDIT_REPORT_FAILED: AuditReportErrorCode.ReportFailed, - AUDIT_REPORTING_NOT_ENABLED: AuditReportErrorCode.ReportingNotEnabled, - AUDIT_LICENSE_CHECK_FAILED: AuditReportErrorCode.LicenseCheckFailed, - ACTION_REPORT_FAILED: ActionReportErrorCode.ReportFailed, - ACTION_REPORT_INVALID_ACTION: ActionReportErrorCode.InvalidAction, - ACTION_REPORT_TARGET_USER_REQUIRED: ActionReportErrorCode.TargetUserRequired, - ACTION_REPORT_TRANSFER_NOT_SUPPORTED: ActionReportErrorCode.TransferNotSupported, - ACTION_REPORT_NODE_NOT_FOUND: ActionReportErrorCode.NodeNotFound, - ACTION_REPORT_NODE_NOT_UNIQUE: ActionReportErrorCode.NodeNotUnique, - PASSWORD_REPORT_POLICY_REQUIRED: PasswordReportErrorCode.PolicyRequired, -} as const + INVALID_CREDENTIALS: AuthErrorCode.InvalidCredentials, + MISSING_USERNAME: AuthErrorCode.MissingUsername, + MISSING_PASSWORD: AuthErrorCode.MissingPassword, + MAX_ATTEMPTS_EXCEEDED: AuthErrorCode.MaxAttemptsExceeded, + USER_CANCELLED: AuthErrorCode.UserCancelled, + UNSUPPORTED_2FA_CHANNEL: AuthErrorCode.Unsupported2FAChannel, + NOT_LOGGED_IN: SessionErrorCode.NotLoggedIn, + DEVICE_NOT_REGISTERED: SessionErrorCode.DeviceNotRegistered, + NO_PREVIOUS_LOGIN: SessionErrorCode.NoPreviousLogin, + NO_CLONE_CODE: SessionErrorCode.NoCloneCode, + PERSISTENT_LOGIN_FAILED: SessionErrorCode.PersistentLoginFailed, + SESSION_TOKEN_EXPIRED: SessionErrorCode.SessionTokenExpired, + INVALID_PATTERN: ValidationErrorCode.InvalidPattern, + ROLE_REQUIRED: RoleErrorCode.RoleRequired, + ROLE_NOT_FOUND: RoleErrorCode.RoleNotFound, + MULTIPLE_ROLE_MATCHES: RoleErrorCode.MultipleRoleMatches, + NO_ROLES_TO_ADD: RoleErrorCode.NoRolesToAdd, + NO_ROLES_TO_UPDATE: RoleErrorCode.NoRolesToUpdate, + NO_ROLES_TO_DELETE: RoleErrorCode.NoRolesToDelete, + ROLE_ADD_FAILED: RoleErrorCode.RoleAddFailed, + ROLE_UPDATE_FAILED: RoleErrorCode.RoleUpdateFailed, + ROLE_DELETE_FAILED: RoleErrorCode.RoleDeleteFailed, + ROLE_ID_ALLOCATION_FAILED: RoleErrorCode.RoleIdAllocationFailed, + ROLE_RENAME_MULTI_NOT_ALLOWED: RoleErrorCode.RoleRenameMultiNotAllowed, + ROLE_NAME_EMPTY: RoleErrorCode.RoleNameEmpty, + ROLE_ENFORCEMENT_FAILED: RoleErrorCode.RoleEnforcementFailed, + NSF_NOT_FOUND: NsfErrorCode.NotFound, + MULTIPLE_NSF_MATCHES: NsfErrorCode.MultipleMatches, + NSF_LEGACY_RECORD: NsfErrorCode.LegacyRecord, + NSF_LEGACY_FOLDER: NsfErrorCode.LegacyFolder, + NSF_PERMISSION_DENIED: NsfErrorCode.PermissionDenied, + NSF_LINK_FAILED: NsfErrorCode.LinkFailed, + NSF_REMOVE_FAILED: NsfErrorCode.RemoveFailed, + NSF_FOLDER_REQUIRED: NsfErrorCode.FolderRequired, + NSF_TOO_MANY_RECORDS: NsfErrorCode.TooManyRecords, + NSF_TOO_MANY_FOLDERS: NsfErrorCode.TooManyFolders, + NSF_MISSING_KEY: NsfErrorCode.MissingKey, + NSF_MKDIR_FAILED: NsfErrorCode.MkdirFailed, + NSF_UPDATE_FAILED: NsfErrorCode.UpdateFailed, + NSF_DETAILS_FAILED: NsfErrorCode.DetailsFailed, + NSF_ADD_FAILED: NsfErrorCode.AddFailed, + NSF_SHARE_FAILED: NsfErrorCode.ShareFailed, + NSF_SHORTCUT_FAILED: NsfErrorCode.ShortcutFailed, + NSF_TRANSFER_FAILED: NsfErrorCode.TransferFailed, + NSF_RECORD_PERMISSION_FAILED: NsfErrorCode.RecordPermissionFailed, + TEAM_REQUIRED: TeamErrorCode.TeamRequired, + TEAM_NOT_FOUND: TeamErrorCode.TeamNotFound, + MULTIPLE_TEAM_MATCHES: TeamErrorCode.MultipleTeamMatches, + NO_TEAMS_TO_ADD: TeamErrorCode.NoTeamsToAdd, + NO_TEAMS_TO_UPDATE: TeamErrorCode.NoTeamsToUpdate, + NO_TEAMS_TO_DELETE: TeamErrorCode.NoTeamsToDelete, + PARENT_NODE_REQUIRED: TeamErrorCode.ParentNodeRequired, + PARENT_NODE_NOT_FOUND: TeamErrorCode.ParentNodeNotFound, + MULTIPLE_PARENT_NODE_MATCHES: TeamErrorCode.MultipleParentNodeMatches, + ENTERPRISE_PUBLIC_KEY_MISSING: TeamErrorCode.EnterprisePublicKeyMissing, + ENTERPRISE_TREE_KEY_UNAVAILABLE: TeamErrorCode.EnterpriseTreeKeyUnavailable, + DATA_KEY_MISSING: TeamErrorCode.DataKeyMissing, + TEAM_ADD_FAILED: TeamErrorCode.TeamAddFailed, + TEAM_UPDATE_FAILED: TeamErrorCode.TeamUpdateFailed, + TEAM_DELETE_FAILED: TeamErrorCode.TeamDeleteFailed, + MULTIPLE_TEAM_RENAME_NOT_ALLOWED: TeamErrorCode.MultipleTeamRenameNotAllowed, + QUEUED_TEAM_NOT_FOUND: TeamErrorCode.QueuedTeamNotFound, + TEAM_NAME_TOO_LONG: TeamErrorCode.TeamNameTooLong, + NO_USERS_TO_UPDATE: UserErrorCode.NoUsersToUpdate, + NO_USERS_TO_ADD: UserErrorCode.NoUsersToAdd, + NO_USERS_TO_DELETE: UserErrorCode.NoUsersToDelete, + USER_NOT_FOUND: UserErrorCode.UserNotFound, + MULTIPLE_USER_MATCHES: UserErrorCode.MultipleUserMatches, + USER_ADD_FAILED: UserErrorCode.UserAddFailed, + USER_UPDATE_FAILED: UserErrorCode.UserUpdateFailed, + USER_DELETE_FAILED: UserErrorCode.UserDeleteFailed, + NO_USERS_TO_ACTION: UserErrorCode.NoUsersToAction, + USER_ACTION_FAILED: UserErrorCode.UserActionFailed, + USER_ACTION_ALL_NOT_SUPPORTED: UserErrorCode.UserActionAllNotSupported, + USER_ALIAS_FAILED: UserErrorCode.UserAliasFailed, + NO_TEAMS_FOR_USER_OP: UserErrorCode.NoTeamsForUserOp, + TEAM_USER_ADD_FAILED: UserErrorCode.TeamUserAddFailed, + TEAM_USER_REMOVE_FAILED: UserErrorCode.TeamUserRemoveFailed, + AUDIT_INVALID_REPORT_TYPE: AuditReportErrorCode.InvalidReportType, + AUDIT_INVALID_CREATED_FILTER: AuditReportErrorCode.InvalidCreatedFilter, + AUDIT_INVALID_FILTER: AuditReportErrorCode.InvalidFilter, + AUDIT_INVALID_LIMIT: AuditReportErrorCode.InvalidLimit, + AUDIT_COLUMNS_REQUIRED: AuditReportErrorCode.ColumnsRequired, + AUDIT_DIMENSION_COLUMN_REQUIRED: AuditReportErrorCode.DimensionColumnRequired, + AUDIT_DIMENSION_FAILED: AuditReportErrorCode.DimensionFailed, + AUDIT_REPORT_FAILED: AuditReportErrorCode.ReportFailed, + AUDIT_REPORTING_NOT_ENABLED: AuditReportErrorCode.ReportingNotEnabled, + AUDIT_LICENSE_CHECK_FAILED: AuditReportErrorCode.LicenseCheckFailed, + ACTION_REPORT_FAILED: ActionReportErrorCode.ReportFailed, + ACTION_REPORT_INVALID_ACTION: ActionReportErrorCode.InvalidAction, + ACTION_REPORT_TARGET_USER_REQUIRED: ActionReportErrorCode.TargetUserRequired, + ACTION_REPORT_TRANSFER_NOT_SUPPORTED: + ActionReportErrorCode.TransferNotSupported, + ACTION_REPORT_NODE_NOT_FOUND: ActionReportErrorCode.NodeNotFound, + ACTION_REPORT_NODE_NOT_UNIQUE: ActionReportErrorCode.NodeNotUnique, + PASSWORD_REPORT_POLICY_REQUIRED: PasswordReportErrorCode.PolicyRequired, +} as const; export const KEEPER_PUBLIC_HOSTS: Record = { - US: 'keepersecurity.com', - EU: 'keepersecurity.eu', - AU: 'keepersecurity.com.au', - CA: 'keepersecurity.ca', - JP: 'keepersecurity.jp', - GOV: 'govcloud.keepersecurity.us', -} \ No newline at end of file + US: "keepersecurity.com", + EU: "keepersecurity.eu", + AU: "keepersecurity.com.au", + CA: "keepersecurity.ca", + JP: "keepersecurity.jp", + GOV: "govcloud.keepersecurity.us", +}; diff --git a/KeeperSdk/src/utils/errors.ts b/KeeperSdk/src/utils/errors.ts index b8f6622c..addefad8 100644 --- a/KeeperSdk/src/utils/errors.ts +++ b/KeeperSdk/src/utils/errors.ts @@ -1,108 +1,114 @@ -import type { KeeperError } from '@keeper-security/keeperapi' +import type { KeeperError } from "@keeper-security/keeperapi"; function parseJsonObjectIfPresent(s: string): Record | null { - const t = s.trim() - if (t.length === 0 || (t[0] !== '{' && t[0] !== '[')) return null - try { - const parsed: unknown = JSON.parse(s) - if (typeof parsed === 'object' && parsed !== null && !Array.isArray(parsed)) { - return parsed as Record - } - } catch { - /* not JSON */ + const t = s.trim(); + if (t.length === 0 || (t[0] !== "{" && t[0] !== "[")) return null; + try { + const parsed: unknown = JSON.parse(s); + if ( + typeof parsed === "object" && + parsed !== null && + !Array.isArray(parsed) + ) { + return parsed as Record; } - return null + } catch { + /* not JSON */ + } + return null; } export function isKeeperError(err: unknown): err is KeeperError { - return ( - err != null && - typeof err === 'object' && - !(err instanceof Error) && - ('result_code' in err || 'error' in err || 'response_code' in err) - ) + return ( + err != null && + typeof err === "object" && + !(err instanceof Error) && + ("result_code" in err || "error" in err || "response_code" in err) + ); } export function extractResultCode(err: unknown): string | undefined { - if (isKeeperError(err)) { - return err.result_code || err.error - } - if (err instanceof Error) { - const msg = err.message - if (msg.length > 0 && (msg[0] === '{' || msg[0] === '[')) { - try { - const parsed = JSON.parse(msg) - return parsed.result_code || parsed.error - } catch {} - } + if (isKeeperError(err)) { + return err.result_code || err.error; + } + if (err instanceof Error) { + const msg = err.message; + if (msg.length > 0 && (msg[0] === "{" || msg[0] === "[")) { + try { + const parsed = JSON.parse(msg); + return parsed.result_code || parsed.error; + } catch {} } - if (typeof err === 'string') { - const parsed = parseJsonObjectIfPresent(err) - if (parsed) { - if (typeof parsed.result_code === 'string') return parsed.result_code - if (typeof parsed.error === 'string') return parsed.error - } - return err + } + if (typeof err === "string") { + const parsed = parseJsonObjectIfPresent(err); + if (parsed) { + if (typeof parsed.result_code === "string") return parsed.result_code; + if (typeof parsed.error === "string") return parsed.error; } - if (typeof err === 'object' && err !== null) { - const obj = err as Record - if (typeof obj.result_code === 'string') return obj.result_code - if (typeof obj.error === 'string') return obj.error - } - return undefined + return err; + } + if (typeof err === "object" && err !== null) { + const obj = err as Record; + if (typeof obj.result_code === "string") return obj.result_code; + if (typeof obj.error === "string") return obj.error; + } + return undefined; } export function extractErrorMessage(err: unknown): string { - if (isKeeperError(err)) { - return err.message || err.result_code || err.error || 'Unknown Keeper error' - } - if (err instanceof Error) { - const parsed = parseJsonObjectIfPresent(err.message) - if (parsed) { - if (typeof parsed.message === 'string') return parsed.message - if (typeof parsed.result_code === 'string') return parsed.result_code - if (typeof parsed.error === 'string') return parsed.error - } - return err.message - } - if (typeof err === 'string') { - const parsed = parseJsonObjectIfPresent(err) - if (parsed) { - if (typeof parsed.message === 'string') return parsed.message - if (typeof parsed.result_code === 'string') return parsed.result_code - if (typeof parsed.error === 'string') return parsed.error - } - return err + if (isKeeperError(err)) { + return ( + err.message || err.result_code || err.error || "Unknown Keeper error" + ); + } + if (err instanceof Error) { + const parsed = parseJsonObjectIfPresent(err.message); + if (parsed) { + if (typeof parsed.message === "string") return parsed.message; + if (typeof parsed.result_code === "string") return parsed.result_code; + if (typeof parsed.error === "string") return parsed.error; } - if (typeof err === 'object' && err !== null) { - const obj = err as Record - if (typeof obj.message === 'string') return obj.message - if (typeof obj.result_code === 'string') return obj.result_code + return err.message; + } + if (typeof err === "string") { + const parsed = parseJsonObjectIfPresent(err); + if (parsed) { + if (typeof parsed.message === "string") return parsed.message; + if (typeof parsed.result_code === "string") return parsed.result_code; + if (typeof parsed.error === "string") return parsed.error; } - return String(err) + return err; + } + if (typeof err === "object" && err !== null) { + const obj = err as Record; + if (typeof obj.message === "string") return obj.message; + if (typeof obj.result_code === "string") return obj.result_code; + } + return String(err); } export class KeeperSdkError extends Error { - readonly resultCode?: string - readonly keeperError?: KeeperError + readonly resultCode?: string; + readonly keeperError?: KeeperError; - constructor(message: string, resultCode?: string, keeperError?: KeeperError) { - super(message) - this.name = 'KeeperSdkError' - this.resultCode = resultCode - this.keeperError = keeperError - } + constructor(message: string, resultCode?: string, keeperError?: KeeperError) { + super(message); + this.name = "KeeperSdkError"; + this.resultCode = resultCode; + this.keeperError = keeperError; + } - static from(err: unknown): KeeperSdkError { - if (err instanceof KeeperSdkError) return err - if (isKeeperError(err)) { - return new KeeperSdkError( - err.message || err.result_code || err.error || 'Unknown Keeper error', - err.result_code || err.error, - err - ) - } - if (err instanceof Error) return new KeeperSdkError(err.message) - return new KeeperSdkError(extractErrorMessage(err)) + static from(err: unknown): KeeperSdkError { + if (err instanceof KeeperSdkError) return err; + if (isKeeperError(err)) { + return new KeeperSdkError( + err.message || err.result_code || err.error || "Unknown Keeper error", + err.result_code || err.error, + err, + ); } + if (err instanceof Error) return new KeeperSdkError(err.message); + return new KeeperSdkError(extractErrorMessage(err)); + } } diff --git a/KeeperSdk/src/utils/guards.ts b/KeeperSdk/src/utils/guards.ts index 972f7769..b2ba9499 100644 --- a/KeeperSdk/src/utils/guards.ts +++ b/KeeperSdk/src/utils/guards.ts @@ -1,24 +1,24 @@ export function isBoolean(value: unknown): value is boolean { - return typeof value === 'boolean' + return typeof value === "boolean"; } export function isString(value: unknown): value is string { - return typeof value === 'string' + return typeof value === "string"; } export function isNonEmptyString(value: unknown): value is string { - return typeof value === 'string' && value.trim().length > 0 + return typeof value === "string" && value.trim().length > 0; } export function isNumber(value: unknown): value is number { - return typeof value === 'number' && Number.isFinite(value) + return typeof value === "number" && Number.isFinite(value); } export function isObject(value: unknown): value is Record { - return typeof value === 'object' && value !== null && !Array.isArray(value) + return typeof value === "object" && value !== null && !Array.isArray(value); } /** True if at least one of the values is a boolean (true or false). */ export function anyIsBoolean(...values: unknown[]): boolean { - return values.some(isBoolean) + return values.some(isBoolean); } diff --git a/KeeperSdk/src/utils/index.ts b/KeeperSdk/src/utils/index.ts index 65ea9f2b..0dd50182 100644 --- a/KeeperSdk/src/utils/index.ts +++ b/KeeperSdk/src/utils/index.ts @@ -1,30 +1,51 @@ export { - SdkDefaults, - AuthDefaults, - ResultCodes, - AuthErrorCode, - SessionErrorCode, - ValidationErrorCode, - RoleErrorCode, - TeamErrorCode, - UserErrorCode, - AuditReportErrorCode, - ActionReportErrorCode, - PasswordReportErrorCode, - NsfErrorCode, - KEEPER_PUBLIC_HOSTS, -} from './constants' -export { Logger, ConsoleLogger, LogLevel, logger, setLogger, getLogger, resetLogger, writeOutput } from './Logger' -export type { ILogger } from './Logger' -export { KeeperSdkError, isKeeperError, extractErrorMessage, extractResultCode } from './errors' -export type { Nullable, Optional, DeepPartial, Immutable } from './types' -export { isBoolean, isString, isNonEmptyString, isNumber, isObject, anyIsBoolean } from './guards' + SdkDefaults, + AuthDefaults, + ResultCodes, + AuthErrorCode, + SessionErrorCode, + ValidationErrorCode, + RoleErrorCode, + TeamErrorCode, + UserErrorCode, + AuditReportErrorCode, + ActionReportErrorCode, + PasswordReportErrorCode, + NsfErrorCode, + KEEPER_PUBLIC_HOSTS, +} from "./constants"; export { - EMAIL_PATTERN, - EMAIL_LIST_SEPARATOR_PATTERN, - TOKEN_SEPARATOR_PATTERN, - REGEX_ESCAPE_PATTERN, - isValidEmail, - escapeRegExp, - resolveSearchPattern, -} from './patterns' + Logger, + ConsoleLogger, + LogLevel, + logger, + setLogger, + getLogger, + resetLogger, + writeOutput, +} from "./Logger"; +export type { ILogger } from "./Logger"; +export { + KeeperSdkError, + isKeeperError, + extractErrorMessage, + extractResultCode, +} from "./errors"; +export type { Nullable, Optional, DeepPartial, Immutable } from "./types"; +export { + isBoolean, + isString, + isNonEmptyString, + isNumber, + isObject, + anyIsBoolean, +} from "./guards"; +export { + EMAIL_PATTERN, + EMAIL_LIST_SEPARATOR_PATTERN, + TOKEN_SEPARATOR_PATTERN, + REGEX_ESCAPE_PATTERN, + isValidEmail, + escapeRegExp, + resolveSearchPattern, +} from "./patterns"; diff --git a/KeeperSdk/src/utils/patterns.ts b/KeeperSdk/src/utils/patterns.ts index d65cc00f..9a8fc774 100644 --- a/KeeperSdk/src/utils/patterns.ts +++ b/KeeperSdk/src/utils/patterns.ts @@ -1,32 +1,35 @@ -import { KeeperSdkError } from './errors' -import { ResultCodes } from './constants' +import { KeeperSdkError } from "./errors"; +import { ResultCodes } from "./constants"; -export const EMAIL_PATTERN = /^[^\s@]+@[^\s@.]+\.[^\s@]+$/ +export const EMAIL_PATTERN = /^[^\s@]+@[^\s@.]+\.[^\s@]+$/; /** Splits user-entered email lists on whitespace, commas, and semicolons. */ -export const EMAIL_LIST_SEPARATOR_PATTERN = /[\s,;]+/ +export const EMAIL_LIST_SEPARATOR_PATTERN = /[\s,;]+/; /** Splits free-form text into search tokens on whitespace and common punctuation. */ -export const TOKEN_SEPARATOR_PATTERN = /[\s\-_.,;:!?@#$%^&*()[\]{}|\\/<>]+/ +export const TOKEN_SEPARATOR_PATTERN = /[\s\-_.,;:!?@#$%^&*()[\]{}|\\/<>]+/; /** Characters that must be escaped when embedding user input into a RegExp. */ -export const REGEX_ESCAPE_PATTERN = /[.+^${}()|[\]\\]/g +export const REGEX_ESCAPE_PATTERN = /[.+^${}()|[\]\\]/g; -const MAX_EMAIL_LENGTH = 254 +const MAX_EMAIL_LENGTH = 254; export function isValidEmail(value: string): boolean { - return value.length <= MAX_EMAIL_LENGTH && EMAIL_PATTERN.test(value) + return value.length <= MAX_EMAIL_LENGTH && EMAIL_PATTERN.test(value); } export function escapeRegExp(value: string): string { - return value.replace(REGEX_ESCAPE_PATTERN, '\\$&') + return value.replace(REGEX_ESCAPE_PATTERN, "\\$&"); } export function resolveSearchPattern(pattern: unknown): string | null { - if (pattern == null) return null - if (typeof pattern !== 'string') { - throw new KeeperSdkError('Pattern must be a string.', ResultCodes.INVALID_PATTERN) - } - const trimmed = pattern.trim() - return trimmed.length > 0 ? trimmed : null + if (pattern == null) return null; + if (typeof pattern !== "string") { + throw new KeeperSdkError( + "Pattern must be a string.", + ResultCodes.INVALID_PATTERN, + ); + } + const trimmed = pattern.trim(); + return trimmed.length > 0 ? trimmed : null; } diff --git a/KeeperSdk/src/utils/types.ts b/KeeperSdk/src/utils/types.ts index 02113ea6..fde5ac3d 100644 --- a/KeeperSdk/src/utils/types.ts +++ b/KeeperSdk/src/utils/types.ts @@ -1,11 +1,13 @@ /** A value of type T or null. Use this for caches and computed-but-empty results. */ -export type Nullable = T | null +export type Nullable = T | null; /** A value of type T or undefined. Use this for "not provided" inputs. */ -export type Optional = T | undefined +export type Optional = T | undefined; /** Recursively makes every property optional. */ -export type DeepPartial = T extends object ? { [K in keyof T]?: DeepPartial } : T +export type DeepPartial = T extends object + ? { [K in keyof T]?: DeepPartial } + : T; /** Helper to mark properties as readonly. */ -export type Immutable = { readonly [K in keyof T]: T[K] } +export type Immutable = { readonly [K in keyof T]: T[K] }; diff --git a/KeeperSdk/src/vault/KeeperVault.ts b/KeeperSdk/src/vault/KeeperVault.ts index 23bfa386..dd0a1c1a 100644 --- a/KeeperSdk/src/vault/KeeperVault.ts +++ b/KeeperSdk/src/vault/KeeperVault.ts @@ -1,1057 +1,1267 @@ import { - Auth, - KeeperEnvironment, - syncDown, - DRecord, - DRecordMetadata, - DSharedFolder, - DTeam, - DUserFolder, - Authentication, -} from '@keeper-security/keeperapi' -import type { SyncResult, SyncLogFormat, VaultStorage, SessionStorage, AuthUI3 } from '@keeper-security/keeperapi' -import { InMemoryStorage } from '../storage/InMemoryStorage' -import { SessionManager } from '../auth/SessionManager' -import { ConsoleAuthUI } from '../auth/ConsoleAuthUI' -import { searchRecords, formatRecord, getRecordTitle, getRecordType } from '../records/RecordUtils' + Auth, + KeeperEnvironment, + syncDown, + DRecord, + DRecordMetadata, + DSharedFolder, + DTeam, + DUserFolder, + Authentication, +} from "@keeper-security/keeperapi"; +import type { + SyncResult, + SyncLogFormat, + VaultStorage, + SessionStorage, + AuthUI3, +} from "@keeper-security/keeperapi"; +import { InMemoryStorage } from "../storage/InMemoryStorage"; +import { SessionManager } from "../auth/SessionManager"; +import { ConsoleAuthUI } from "../auth/ConsoleAuthUI"; +import { + searchRecords, + formatRecord, + getRecordTitle, + getRecordType, +} from "../records/RecordUtils"; import { - addRecord as addRecordOp, - updateRecord as updateRecordOp, - deleteRecord as deleteRecordOp, - getRecordHistory as getRecordHistoryOp, - moveRecord as moveRecordOp, -} from '../records/RecordOperations' + addRecord as addRecordOp, + updateRecord as updateRecordOp, + deleteRecord as deleteRecordOp, + getRecordHistory as getRecordHistoryOp, + moveRecord as moveRecordOp, +} from "../records/RecordOperations"; import type { - NewRecordInput, - TypedRecordData, - AddRecordResult, - UpdateRecordResult, - DeleteRecordResult, - RecordHistoryResult, - MoveRecordInput, - MoveRecordResult, -} from '../records/RecordOperations' + NewRecordInput, + TypedRecordData, + AddRecordResult, + UpdateRecordResult, + DeleteRecordResult, + RecordHistoryResult, + MoveRecordInput, + MoveRecordResult, +} from "../records/RecordOperations"; import { - shareRecord as shareRecordOp, - removeRecordShare as removeRecordShareOp, - getRecordShareInfo as getRecordShareInfoOp, -} from '../sharing/Sharing' + shareRecord as shareRecordOp, + removeRecordShare as removeRecordShareOp, + getRecordShareInfo as getRecordShareInfoOp, +} from "../sharing/Sharing"; +import type { + ShareRecordInput, + ShareRecordResult, + RemoveShareInput, + RemoveShareResult, + RecordShareInfo, +} from "../sharing/Sharing"; +import type { + ListFolderOptions, + ListFolderResult, +} from "../folders/listFolder"; +import { FolderKind, VaultObjectKind } from "../folders/folderHelpers"; +import type { + ChangeDirectoryResult, + VaultFolderSession, +} from "../folders/changeDirectory"; import type { - ShareRecordInput, - ShareRecordResult, - RemoveShareInput, - RemoveShareResult, - RecordShareInfo, -} from '../sharing/Sharing' -import type { ListFolderOptions, ListFolderResult } from '../folders/listFolder' -import { FolderKind, VaultObjectKind } from '../folders/folderHelpers' -import type { ChangeDirectoryResult, VaultFolderSession } from '../folders/changeDirectory' -import type { AddFolderInput, AddFolderResult, MkdirOptions } from '../folders/addFolder' -import type { UpdateFolderInput, UpdateFolderResult, RenameFolderResult } from '../folders/updateFolder' -import type { DeleteFolderResult, RmdirOptions } from '../folders/deleteFolder' -import type { FolderTreeBuildOptions } from '../folders/folderTree' -import type { GetFolderOptions, GetFolderResult } from '../folders/getFolder' -import type { ListSharedFolderRow, ListSharedFoldersOptions } from '../sharedFolders/listSharedFolders' -import type { ShareFolderInput, ShareFolderResult } from '../sharedFolders/shareFolder' -import { FolderManager } from '../folders/FolderManager' -import type { SharedFolderPermissionsInput } from '../folders/FolderManager' -import { SharedFolderManager } from '../sharedFolders/SharedFolderManager' -import { TeamManager } from '../teams/TeamManager' -import type { ListTeamRow, ListTeamsOptions } from '../teams/listTeams' -import type { TeamView } from '../teams/viewTeam' -import type { AddTeamInput, AddTeamResult } from '../teams/addTeam' -import type { UpdateTeamInput, UpdateTeamResult } from '../teams/updateTeam' -import type { DeleteTeamInput, DeleteTeamResult } from '../teams/deleteTeam' + AddFolderInput, + AddFolderResult, + MkdirOptions, +} from "../folders/addFolder"; +import type { + UpdateFolderInput, + UpdateFolderResult, + RenameFolderResult, +} from "../folders/updateFolder"; +import type { DeleteFolderResult, RmdirOptions } from "../folders/deleteFolder"; +import type { FolderTreeBuildOptions } from "../folders/folderTree"; +import type { GetFolderOptions, GetFolderResult } from "../folders/getFolder"; +import type { + ListSharedFolderRow, + ListSharedFoldersOptions, +} from "../sharedFolders/listSharedFolders"; +import type { + ShareFolderInput, + ShareFolderResult, +} from "../sharedFolders/shareFolder"; +import { FolderManager } from "../folders/FolderManager"; +import type { SharedFolderPermissionsInput } from "../folders/FolderManager"; +import { SharedFolderManager } from "../sharedFolders/SharedFolderManager"; +import { TeamManager } from "../teams/TeamManager"; +import type { ListTeamRow, ListTeamsOptions } from "../teams/listTeams"; +import type { TeamView } from "../teams/viewTeam"; +import type { AddTeamInput, AddTeamResult } from "../teams/addTeam"; +import type { UpdateTeamInput, UpdateTeamResult } from "../teams/updateTeam"; +import type { DeleteTeamInput, DeleteTeamResult } from "../teams/deleteTeam"; +import { + RoleManager, + type AddRoleInput, + type AddRoleResult, + type DeleteRoleInput, + type DeleteRoleResult, + type ListRoleRow, + type ListRolesOptions, + type RoleView, + type UpdateRoleInput, + type UpdateRoleResult, +} from "../roles"; import { - RoleManager, - type AddRoleInput, - type AddRoleResult, - type DeleteRoleInput, - type DeleteRoleResult, - type ListRoleRow, - type ListRolesOptions, - type RoleView, - type UpdateRoleInput, - type UpdateRoleResult, -} from '../roles' + EnterpriseReportManager, + runPasswordReport, + type AuditReportOptions, + type AuditReportResult, + type ActionReportOptions, + type ActionReportResult, + type PasswordReportOptions, + type PasswordReportResult, +} from "../enterpriseReport"; +import { UserManager } from "../users/UserManager"; +import { NestedShareFolderManager } from "../nestedShareFolders/NestedShareFolderManager"; +import { isNestedShareFolder } from "../nestedShareFolders/nsfHelpers"; import { - EnterpriseReportManager, - runPasswordReport, - type AuditReportOptions, - type AuditReportResult, - type ActionReportOptions, - type ActionReportResult, - type PasswordReportOptions, - type PasswordReportResult, -} from '../enterpriseReport' -import { UserManager } from '../users/UserManager' -import { NestedShareFolderManager } from '../nestedShareFolders/NestedShareFolderManager' -import { isNestedShareFolder } from '../nestedShareFolders/nsfHelpers' + formatListNsfTable, + renderListNsfAsciiTable, + formatListNsfOutput, +} from "../nestedShareFolders/listNsf"; +import { formatNsfDetail } from "../nestedShareFolders/getNsf"; +import { formatRemoveNsfPreview } from "../nestedShareFolders/removeNsfRecord"; import { - formatListNsfTable, - renderListNsfAsciiTable, - formatListNsfOutput, -} from '../nestedShareFolders/listNsf' -import { formatNsfDetail } from '../nestedShareFolders/getNsf' -import { formatRemoveNsfPreview } from '../nestedShareFolders/removeNsfRecord' + formatNsfRecordSharePlan, + formatNsfRecordShareResults, + formatNsfFolderShareResults, +} from "../nestedShareFolders/nsfShare"; import { - formatNsfRecordSharePlan, - formatNsfRecordShareResults, - formatNsfFolderShareResults, -} from '../nestedShareFolders/nsfShare' + formatNsfRecordPermissionPlan, + formatNsfRecordPermissionRequestHeader, + formatNsfRecordPermissionFailures, +} from "../nestedShareFolders/nsfRecordPermission"; import { - formatNsfRecordPermissionPlan, - formatNsfRecordPermissionRequestHeader, - formatNsfRecordPermissionFailures, -} from '../nestedShareFolders/nsfRecordPermission' -import { formatNsfShortcutOutput, formatKeepNsfShortcutPlan } from '../nestedShareFolders/nsfShortcut' -import { formatTransferNestedShareRecordResults } from '../nestedShareFolders/nsfTransferRecord' + formatNsfShortcutOutput, + formatKeepNsfShortcutPlan, +} from "../nestedShareFolders/nsfShortcut"; +import { formatTransferNestedShareRecordResults } from "../nestedShareFolders/nsfTransferRecord"; import type { - AddNsfRecordInput, - AddNsfRecordResult, - AddNsfRecordsInput, - AddNsfRecordsResult, - GetNsfOptions, - GetNsfResult, - GetNsfRecordDetailsInput, - GetNsfRecordDetailsResult, - KeepNsfShortcutInput, - KeepNsfShortcutResult, - LinkNsfRecordResult, - ListNsfFormatInput, - ListNsfOptions, - ListNsfRow, - FormattedListNsfTable, - ListNsfShortcutsOptions, - MkdirNsfInput, - MkdirNsfResult, - NsfShortcutRow, - RemoveNsfFolderInput, - RemoveNsfFolderResult, - RemoveNsfRecordInput, - RemoveNsfRecordResult, - ShareNestedShareFolderInput, - ShareNestedShareFolderResult, - ShareNestedShareRecordInput, - ShareNestedShareRecordResult, - TransferNestedShareRecordInput, - TransferNestedShareRecordResult, - UpdateNsfFolderInput, - UpdateNsfFolderResult, - UpdateNsfRecordInput, - UpdateNsfRecordItemInput, - UpdateNsfRecordsInput, - UpdateNsfRecordPermissionInput, - UpdateNsfRecordPermissionResult, - UpdateNsfRecordResult, - UpdateNsfRecordResultItem, -} from '../nestedShareFolders/nsfTypes' + AddNsfRecordInput, + AddNsfRecordResult, + AddNsfRecordsInput, + AddNsfRecordsResult, + GetNsfOptions, + GetNsfResult, + GetNsfRecordDetailsInput, + GetNsfRecordDetailsResult, + KeepNsfShortcutInput, + KeepNsfShortcutResult, + LinkNsfRecordResult, + ListNsfFormatInput, + ListNsfOptions, + ListNsfRow, + FormattedListNsfTable, + ListNsfShortcutsOptions, + MkdirNsfInput, + MkdirNsfResult, + NsfShortcutRow, + RemoveNsfFolderInput, + RemoveNsfFolderResult, + RemoveNsfRecordInput, + RemoveNsfRecordResult, + ShareNestedShareFolderInput, + ShareNestedShareFolderResult, + ShareNestedShareRecordInput, + ShareNestedShareRecordResult, + TransferNestedShareRecordInput, + TransferNestedShareRecordResult, + UpdateNsfFolderInput, + UpdateNsfFolderResult, + UpdateNsfRecordInput, + UpdateNsfRecordItemInput, + UpdateNsfRecordsInput, + UpdateNsfRecordPermissionInput, + UpdateNsfRecordPermissionResult, + UpdateNsfRecordResult, + UpdateNsfRecordResultItem, +} from "../nestedShareFolders/nsfTypes"; import type { - ListUserRow, - ListUsersOptions, - UserView, - AddUserInput, - AddUserResult, - FormatAddUserResultOptions, - FormattedAddUserTable, - UpdateUserInput, - UpdateUserResult, - FormattedUpdateUserTable, - DeleteUserInput, - DeleteUserResult, - FormattedDeleteUserTable, - UserActionInput, - UserActionResult, - FormattedUserActionTable, - AliasUserInput, - AliasUserResult, - AddUsersToTeamsInput, - RemoveUsersFromTeamsInput, - TeamUserResult, - FormattedTeamUserTable, -} from '../users/userTypes' -import { ConsoleLogger, LogLevel, KeeperSdkError, extractErrorMessage, SdkDefaults, ResultCodes } from '../utils' -import type { ILogger } from '../utils' + ListUserRow, + ListUsersOptions, + UserView, + AddUserInput, + AddUserResult, + FormatAddUserResultOptions, + FormattedAddUserTable, + UpdateUserInput, + UpdateUserResult, + FormattedUpdateUserTable, + DeleteUserInput, + DeleteUserResult, + FormattedDeleteUserTable, + UserActionInput, + UserActionResult, + FormattedUserActionTable, + AliasUserInput, + AliasUserResult, + AddUsersToTeamsInput, + RemoveUsersFromTeamsInput, + TeamUserResult, + FormattedTeamUserTable, +} from "../users/userTypes"; +import { + ConsoleLogger, + LogLevel, + KeeperSdkError, + extractErrorMessage, + SdkDefaults, + ResultCodes, +} from "../utils"; +import type { ILogger } from "../utils"; enum VaultStatus { - RecordNotFound = 'RECORD_NOT_FOUND', - RecordKeyNotFound = 'RECORD_KEY_NOT_FOUND', + RecordNotFound = "RECORD_NOT_FOUND", + RecordKeyNotFound = "RECORD_KEY_NOT_FOUND", } export type KeeperVaultConfig = { - host?: string - clientVersion?: string - configDir?: string - useConsoleAuth?: boolean - logFormat?: SyncLogFormat - logLevel?: LogLevel - autoSync?: boolean - storage?: InMemoryStorage - sessionStorage?: SessionManager - authUI?: AuthUI3 -} + host?: string; + clientVersion?: string; + configDir?: string; + useConsoleAuth?: boolean; + logFormat?: SyncLogFormat; + logLevel?: LogLevel; + autoSync?: boolean; + storage?: InMemoryStorage; + sessionStorage?: SessionManager; + authUI?: AuthUI3; +}; export type VaultSummary = { - recordCount: number - sharedFolderCount: number - teamCount: number - folderCount: number -} + recordCount: number; + sharedFolderCount: number; + teamCount: number; + folderCount: number; +}; export class KeeperVault { - private auth: Auth | null = null - private readonly storage: InMemoryStorage - private readonly sessionManager: SessionManager - private readonly authUI: AuthUI3 - private readonly config: Required> - private readonly log: ILogger - private synced = false - private batchDepth = 0 - private readonly folderSession: VaultFolderSession = FolderManager.createSession() - private readonly folderManager: FolderManager - private readonly sharedFolderManager: SharedFolderManager - private readonly teamManager: TeamManager - private readonly roleManager: RoleManager - private readonly enterpriseReportManager: EnterpriseReportManager - private readonly userManager: UserManager - private readonly nestedShareFolderManager: NestedShareFolderManager - - constructor(config?: KeeperVaultConfig) { - this.config = { - host: config?.host || KeeperEnvironment.Prod, - clientVersion: config?.clientVersion || SdkDefaults.CLIENT_VERSION, - configDir: config?.configDir ?? '', - useConsoleAuth: config?.useConsoleAuth !== false, - logFormat: config?.logFormat || SdkDefaults.LOG_FORMAT, - logLevel: config?.logLevel ?? LogLevel.INFO, - autoSync: config?.autoSync !== false, - } - - this.log = new ConsoleLogger(this.config.logLevel) - this.storage = config?.storage || new InMemoryStorage() - this.sessionManager = config?.sessionStorage || new SessionManager(this.config.configDir || undefined) - this.authUI = config?.authUI || new ConsoleAuthUI() - - const authProvider = () => this.getAuthOrThrow() - this.folderManager = new FolderManager(this.storage, this.folderSession, authProvider) - this.sharedFolderManager = new SharedFolderManager(this.storage, authProvider) - this.teamManager = new TeamManager(authProvider) - this.roleManager = new RoleManager(authProvider) - this.enterpriseReportManager = new EnterpriseReportManager(authProvider) - this.userManager = new UserManager(authProvider) - this.nestedShareFolderManager = new NestedShareFolderManager(this.storage, authProvider) - } - - public getNestedShareFolderManager(): NestedShareFolderManager { - return this.nestedShareFolderManager - } - - public getFolderManager(): FolderManager { - return this.folderManager - } - - public getSharedFolderManager(): SharedFolderManager { - return this.sharedFolderManager - } - - public getTeamManager(): TeamManager { - return this.teamManager - } - - public getRoleManager(): RoleManager { - return this.roleManager - } - - public getEnterpriseReportManager(): EnterpriseReportManager { - return this.enterpriseReportManager - } - - /** @deprecated Use getEnterpriseReportManager() */ - public getAuditReportManager(): EnterpriseReportManager { - return this.enterpriseReportManager - } - - /** @deprecated Use getEnterpriseReportManager() */ - public getActionReportManager(): EnterpriseReportManager { - return this.enterpriseReportManager - } - - private async createAuth(options?: { useSessionResumption?: boolean }): Promise { - const host = this.config.host - const baseDeviceConfig = await this.sessionManager.getDeviceConfig(host) - const deviceConfig = { - ...baseDeviceConfig, - deviceName: baseDeviceConfig.deviceName || SdkDefaults.DEVICE_NAME, - } - - const sessionStorage: SessionStorage = - options?.useSessionResumption === false - ? { - getCloneCode: async () => null, - saveCloneCode: (h, u, c) => this.sessionManager.saveCloneCode(h, u, c), - getSessionParameters: () => this.sessionManager.getSessionParameters(), - saveSessionParameters: (p) => this.sessionManager.saveSessionParameters(p), - } - : this.sessionManager - - return new Auth({ - host, - clientVersion: this.config.clientVersion, - deviceConfig, - authUI3: this.config.useConsoleAuth ? this.authUI : undefined, - sessionStorage, - onDeviceConfig: this.sessionManager.createOnDeviceConfig(host), - useSessionResumption: options?.useSessionResumption, - }) - } - - private getAuthOrThrow(): Auth { - if (!this.auth || !this.auth.sessionToken) { - throw new KeeperSdkError('Not logged in. Call login() first.', ResultCodes.NOT_LOGGED_IN) - } - return this.auth - } - - public async login(username: string, password: string): Promise { - this.auth = await this.createAuth({ useSessionResumption: false }) - this.sessionManager.setLastUsername(username) - - await this.auth.loginV3({ - username, - password, - loginType: Authentication.LoginType.NORMAL, - loginMethod: Authentication.LoginMethod.EXISTING_ACCOUNT, - }) - - this.synced = false - this.log.info(`Logged in as ${username}`) - } - - public async loginWithSessionToken(username: string, sessionToken: string): Promise { - const deviceConfig = await this.sessionManager.getDeviceConfig(this.config.host) - - if (!deviceConfig.deviceToken || !deviceConfig.privateKey) { - throw new KeeperSdkError( - 'Device is not registered for this host. Perform a normal login first to register the device before using session token login.', - ResultCodes.DEVICE_NOT_REGISTERED - ) - } - - this.auth = await this.createAuth() - this.sessionManager.setLastUsername(username) - - await this.auth.loginV3({ - username, - givenSessionToken: sessionToken, - loginType: Authentication.LoginType.NORMAL, - loginMethod: Authentication.LoginMethod.EXISTING_ACCOUNT, - }) - - if (!this.auth.sessionToken) { - throw new KeeperSdkError( - 'Session token login failed — token may be expired or invalid.', - ResultCodes.SESSION_TOKEN_EXPIRED - ) - } - - this.synced = false - this.log.info(`Logged in as ${username} (via session token)`) - } - - public getSessionToken(): string | undefined { - return this.auth?.sessionToken || undefined - } - - public async resumeSession(): Promise { - const username = await this.sessionManager.getLastUsername() - if (!username) { - throw new KeeperSdkError( - 'No previous login found. Perform a normal login first.', - ResultCodes.NO_PREVIOUS_LOGIN - ) - } - - this.sessionManager.setLastUsername(username) - - const deviceConfig = await this.sessionManager.getDeviceConfig(this.config.host) - if (!deviceConfig.deviceToken || !deviceConfig.privateKey) { - throw new KeeperSdkError( - 'Device is not registered for this host. Perform a normal login first.', - ResultCodes.DEVICE_NOT_REGISTERED - ) - } - - const cloneCode = await this.sessionManager.getCloneCode(this.config.host, username) - if (!cloneCode) { - throw new KeeperSdkError( - 'No clone code found. Persistent login not enabled or clone code expired. Perform a normal login.', - ResultCodes.NO_CLONE_CODE - ) - } - - this.auth = await this.createAuth({ useSessionResumption: true }) - - await this.auth.loginV3({ - loginType: Authentication.LoginType.NORMAL, - resumeSessionOnly: true, - }) - - if (!this.auth.sessionToken) { - throw new KeeperSdkError( - 'Persistent login failed — clone code may be expired or persistent login not enabled. Perform a normal login.', - ResultCodes.PERSISTENT_LOGIN_FAILED - ) - } - - this.synced = false - this.log.info(`Session resumed for ${username} (persistent login)`) - } - - public async sync(): Promise { - const auth = this.getAuthOrThrow() - - const result = await syncDown({ - auth, - storage: this.storage, - logFormat: this.config.logFormat, - }) - - this.synced = true - return result - } - - public async batch(fn: () => Promise): Promise { - this.batchDepth++ - try { - await fn() - } finally { - this.batchDepth-- - if (this.batchDepth === 0 && this.config.autoSync) { - await this.sync() - } - } - } - - private async syncIfNeeded(): Promise { - if (this.batchDepth > 0) { - this.synced = false - return - } - if (this.config.autoSync) { - await this.sync() - } else { - this.synced = false - } - } - - public getRecords(): DRecord[] { - return this.storage.getRecords() - } - - public getRecordByUid(uid: string): DRecord | undefined { - return this.storage.getByUid(VaultObjectKind.Record, uid) - } - - public findRecord(uidOrTitle: string): DRecord | undefined { - const byUid = this.getRecordByUid(uidOrTitle) - if (byUid) return byUid - - const lowerUidOrTitle = uidOrTitle.toLowerCase() - return this.getRecords().find((record) => getRecordTitle(record).toLowerCase() === lowerUidOrTitle) - } - - public findRecords(criteria: string): DRecord[] { - return searchRecords(this.getRecords(), criteria) - } - - public getRecordsByVersion(version: number): DRecord[] { - return this.getRecords().filter((record) => record.version === version) - } - - public getRecordsByType(recordType: string): DRecord[] { - return this.getRecords().filter((record) => getRecordType(record) === recordType) - } - - public getRecordMetadata(): DRecordMetadata[] { - return this.storage.getAll(VaultObjectKind.Metadata) - } - - public getRecordMetadataByUid(uid: string): DRecordMetadata | undefined { - return this.storage.getByUid(VaultObjectKind.Metadata, uid) - } - - public getSharedFolders(): DSharedFolder[] { - return this.storage.getAll(FolderKind.SharedFolder) - } - - public getTeams(): DTeam[] { - return this.storage.getAll(VaultObjectKind.Team) - } - - public getUserFolders(): DUserFolder[] { - return this.storage.getAll(FolderKind.UserFolder) - } - - public async listFolder(options?: ListFolderOptions): Promise { - return this.folderManager.listFolder(options ?? {}) - } - - public listSharedFolders(options?: ListSharedFoldersOptions): ListSharedFolderRow[] { - return this.sharedFolderManager.listSharedFolders(options ?? {}) - } - - public async listTeams(options?: ListTeamsOptions): Promise { - return this.teamManager.listTeams(options ?? {}) - } - - public async listUsers(options?: ListUsersOptions): Promise { - return this.userManager.listUsers(options ?? {}) - } - - public async viewUser(identifier: string): Promise { - return this.userManager.viewUser(identifier) - } - - public async addUsers(input: AddUserInput): Promise { - return this.userManager.addUsers(input) - } - - public formatAddUserResult(result: AddUserResult, options: FormatAddUserResultOptions = {}): FormattedAddUserTable { - return this.userManager.formatAddUserResult(result, options) - } - - public async updateUsers(input: UpdateUserInput): Promise { - return this.userManager.updateUsers(input) - } - - public formatUpdateUserResult(result: UpdateUserResult): FormattedUpdateUserTable { - return this.userManager.formatUpdateUserResult(result) - } - - public async deleteUsers(input: DeleteUserInput): Promise { - return this.userManager.deleteUsers(input) - } - - public formatDeleteUserResult(result: DeleteUserResult): FormattedDeleteUserTable { - return this.userManager.formatDeleteUserResult(result) - } - - public async actionUsers(input: UserActionInput): Promise { - return this.userManager.actionUsers(input) - } - - public formatUserActionResult(result: UserActionResult): FormattedUserActionTable { - return this.userManager.formatUserActionResult(result) - } - - public async aliasUser(input: AliasUserInput): Promise { - return this.userManager.aliasUser(input) - } - - public async addUsersToTeams(input: AddUsersToTeamsInput): Promise { - return this.userManager.addUsersToTeams(input) - } - - public async removeUsersFromTeams(input: RemoveUsersFromTeamsInput): Promise { - return this.userManager.removeUsersFromTeams(input) - } - - public formatTeamUserResult(result: TeamUserResult): FormattedTeamUserTable { - return this.userManager.formatTeamUserResult(result) - } - - public async viewTeam(identifier: string): Promise { - return this.teamManager.viewTeam(identifier) - } - - public async addTeams(input: AddTeamInput): Promise { - const result = await this.teamManager.addTeams(input) - if (result.created > 0) await this.syncIfNeeded() - return result - } - - public async updateTeams(input: UpdateTeamInput): Promise { - const result = await this.teamManager.updateTeams(input) - if (result.updated > 0) await this.syncIfNeeded() - return result - } - - public async deleteTeams(input: DeleteTeamInput): Promise { - const result = await this.teamManager.deleteTeams(input) - if (result.deleted > 0) await this.syncIfNeeded() - return result - } - - public async listRoles(options?: ListRolesOptions): Promise { - return this.roleManager.listRoles(options ?? {}) - } - - public async viewRole(identifier: string): Promise { - return this.roleManager.viewRole(identifier) - } - - public async addRoles(input: AddRoleInput): Promise { - const result = await this.roleManager.addRoles(input) - if (result.created > 0) await this.syncIfNeeded() - return result - } - - public async updateRoles(input: UpdateRoleInput): Promise { - const result = await this.roleManager.updateRoles(input) - if (result.updated > 0) await this.syncIfNeeded() - return result - } - - public async deleteRoles(input: DeleteRoleInput): Promise { - const result = await this.roleManager.deleteRoles(input) - if (result.deleted > 0) await this.syncIfNeeded() - return result - } - - public async runAuditReport(options?: AuditReportOptions): Promise { - return this.enterpriseReportManager.runAuditReport(options ?? {}) - } - - public async runActionReport(options?: ActionReportOptions): Promise { - return this.enterpriseReportManager.runActionReport(options ?? {}) - } - - public async runPasswordReport(options?: PasswordReportOptions): Promise { - return runPasswordReport(this.storage, this.folderSession, options ?? {}) - } - - public async changeDirectory(path: string): Promise { - return this.folderManager.changeDirectory(path) - } - - public getCurrentFolderUid(): string | null { - return this.folderManager.getCurrentFolderUid() - } - - public getWorkingFolderDisplayName(): string { - return this.folderManager.getWorkingFolderDisplayName() - } - - public async getFolder(uidOrName: string, options?: GetFolderOptions): Promise { - return this.folderManager.getFolder(uidOrName, options ?? {}) - } - - public async addFolder(input: AddFolderInput): Promise { - const result = await this.folderManager.addFolder(input) - if (result.success) await this.syncIfNeeded() - return result - } - - public async mkdir( - path: string, - options?: MkdirOptions - ): Promise<{ folderUid: string; success: boolean; message?: string }> { - const result = await this.folderManager.mkdir(path, options ?? {}) - if (result.success) await this.syncIfNeeded() - return result - } - - public async updateFolder(input: UpdateFolderInput): Promise { - const result = await this.folderManager.updateFolder(input) - if (result.success) await this.syncIfNeeded() - return result - } - - public async renameFolder(folderPath: string, newName: string): Promise { - const result = await this.folderManager.renameFolder(folderPath, newName) - if (result.success) await this.syncIfNeeded() - return result - } - - public async updateSharedFolderPermissions( - sharedFolderUid: string, - permissions: SharedFolderPermissionsInput - ): Promise { - const result = await this.folderManager.updateSharedFolderPermissions(sharedFolderUid, permissions) - if (result.success) await this.syncIfNeeded() - return result - } - - public async deleteFolder( - folderRefs: string[], - confirm?: (summary: string) => boolean | Promise - ): Promise { - const result = await this.folderManager.deleteFolder(folderRefs, confirm) - if (result.success) await this.syncIfNeeded() - return result - } - - public async rmdir(patterns: string[], options?: RmdirOptions): Promise { - const result = await this.folderManager.rmdir(patterns, options ?? {}) - if (result.success) await this.syncIfNeeded() - return result - } - - public async tree(options?: FolderTreeBuildOptions): Promise { - this.getAuthOrThrow() - return this.folderManager.folderTreeAscii(options ?? {}) - } - - public getSummary(): VaultSummary { - return { - recordCount: this.storage.getCount(VaultObjectKind.Record), - sharedFolderCount: this.storage.getCount(FolderKind.SharedFolder), - teamCount: this.storage.getCount(VaultObjectKind.Team), - folderCount: this.storage.getCount(FolderKind.UserFolder), - } - } - - public printRecords(showDetails = false): void { - const records = this.getRecords() - if (records.length === 0) { - this.log.info('No records found in vault.') - return - } - this.log.info(`\n=== Vault Records (${records.length}) ===\n`) - for (const record of records) { - this.log.info(formatRecord(record, showDetails)) - } - } - - public async addRecord(input: NewRecordInput): Promise { - const auth = this.getAuthOrThrow() - const result = await addRecordOp(auth, input) - if (result.success) await this.syncIfNeeded() - return result - } - - public async updateRecord(recordUid: string, data: TypedRecordData): Promise { - const auth = this.getAuthOrThrow() - - const record = this.getRecordByUid(recordUid) - if (!record) { - return { recordUid, success: false, status: VaultStatus.RecordNotFound } - } - - const keyBytes = await this.storage.getKeyBytes(recordUid) - if (!keyBytes) { - return { - recordUid, - success: false, - status: VaultStatus.RecordKeyNotFound, - } - } - - const result = await updateRecordOp(auth, recordUid, data, record.revision, keyBytes) - if (result.success) await this.syncIfNeeded() - return result - } - - public async deleteRecord(recordUid: string): Promise { - const auth = this.getAuthOrThrow() - const result = await deleteRecordOp(auth, recordUid) - if (result.success) await this.syncIfNeeded() - return result - } - - public async moveRecord(input: MoveRecordInput): Promise { - const auth = this.getAuthOrThrow() - const result = await moveRecordOp(auth, this.storage, input) - if (result.success) await this.syncIfNeeded() - return result - } - - public async shareRecord(input: ShareRecordInput): Promise { - const auth = this.getAuthOrThrow() - - const record = this.getRecordByUid(input.recordUid) || this.findRecord(input.recordUid) - if (!record) { - return { - recordUid: input.recordUid, - email: input.email, - success: false, - status: VaultStatus.RecordNotFound, - message: `Record "${input.recordUid}" not found`, - } - } - - const keyBytes = await this.storage.getKeyBytes(record.uid) - if (!keyBytes) { - return { - recordUid: record.uid, - email: input.email, - success: false, - status: VaultStatus.RecordKeyNotFound, - message: 'Record key not available', - } - } - - const result = await shareRecordOp(auth, keyBytes, { - ...input, - recordUid: record.uid, - }) - if (result.success) await this.syncIfNeeded() - return result - } - - public async removeRecordShare(input: RemoveShareInput): Promise { - const auth = this.getAuthOrThrow() - const result = await removeRecordShareOp(auth, input) - if (result.success) await this.syncIfNeeded() - return result - } - - public async getRecordShareInfo(recordUid: string): Promise { - const auth = this.getAuthOrThrow() - return getRecordShareInfoOp(auth, recordUid) - } - - public listNestedShareFolders(options?: ListNsfOptions): ListNsfRow[] { - this.getAuthOrThrow() - return this.nestedShareFolderManager.listNestedShareFolders(options ?? {}) - } - - public formatListNsfTable(rows: ListNsfRow[], options?: { columnWidth?: number }): FormattedListNsfTable { - return formatListNsfTable(rows, options ?? {}) - } - - public renderListNsfAsciiTable(table: FormattedListNsfTable, options?: { minColWidth?: number }): string { - return renderListNsfAsciiTable(table, options ?? {}) - } - - public formatListNsfOutput(rows: ListNsfRow[], format?: ListNsfFormatInput): string { - return formatListNsfOutput(rows, format) - } - - public async getNestedShareFolder(identifier: string, options?: GetNsfOptions): Promise { - return this.nestedShareFolderManager.getNestedShareFolder(identifier, options ?? {}) - } - - public formatNsfDetail(result: GetNsfResult, verbose?: boolean): string { - return formatNsfDetail(result, verbose ?? false) - } - - public async linkNestedShareRecord( - recordIdentifier: string, - folderIdentifier: string - ): Promise { - const result = await this.nestedShareFolderManager.linkNestedShareRecord(recordIdentifier, folderIdentifier) - if (result.success) await this.syncIfNeeded() - return result - } - - public async removeNestedShareRecords(input: RemoveNsfRecordInput): Promise { - const result = await this.nestedShareFolderManager.removeNestedShareRecords(input) - if (result.confirmed) await this.syncIfNeeded() - return result - } - - public formatRemoveNsfPreview(preview: RemoveNsfRecordResult['preview']): string { - return formatRemoveNsfPreview(preview) - } - - public async mkdirNestedShareFolder(input: Omit): Promise { - const current = this.folderSession.currentFolderUid - const baseFolderUid = - current && isNestedShareFolder(this.storage, current) ? current : null - const result = await this.nestedShareFolderManager.mkdirNestedShareFolder({ - ...input, - baseFolderUid, - }) - if (result.created) await this.syncIfNeeded() - return result - } - - public async removeNestedShareFolders(input: RemoveNsfFolderInput): Promise { - const result = await this.nestedShareFolderManager.removeNestedShareFolders(input) - if (result.confirmed) await this.syncIfNeeded() - return result - } - - public async getNestedShareRecordDetails( - input: GetNsfRecordDetailsInput - ): Promise { - return this.nestedShareFolderManager.getNestedShareRecordDetails(input) - } - - public async updateNestedShareRecords( - input: UpdateNsfRecordInput | UpdateNsfRecordsInput - ): Promise { - const result = await this.nestedShareFolderManager.updateNestedShareRecords(input) - if (result.updated.some((item) => item.success)) await this.syncIfNeeded() - return result - } - - public async updateNestedShareRecord(input: UpdateNsfRecordItemInput): Promise { - const result = await this.nestedShareFolderManager.updateNestedShareRecord(input) - if (result.success) await this.syncIfNeeded() - return result - } - - public async addNestedShareRecords(input: AddNsfRecordsInput): Promise { - const result = await this.nestedShareFolderManager.addNestedShareRecords(input) - if (result.added.some((item) => item.success)) await this.syncIfNeeded() - return result - } - - public async addNestedShareRecord(input: AddNsfRecordInput): Promise { - const result = await this.nestedShareFolderManager.addNestedShareRecord(input) - if (result.success) await this.syncIfNeeded() - return result - } - - public async updateNestedShareFolder(input: UpdateNsfFolderInput): Promise { - const result = await this.nestedShareFolderManager.updateNestedShareFolder(input) - if (result.updated) await this.syncIfNeeded() - return result - } - - public async shareNestedShareFolder( - input: ShareNestedShareFolderInput - ): Promise { - const result = await this.nestedShareFolderManager.shareNestedShareFolder(input) - if (result.results.some((item) => item.success)) await this.syncIfNeeded() - return result - } - - public async shareNestedShareRecord( - input: ShareNestedShareRecordInput - ): Promise { - const result = await this.nestedShareFolderManager.shareNestedShareRecord(input) - if (!result.dryRun && result.results.some((item) => item.success)) await this.syncIfNeeded() - return result - } - - public formatNsfRecordSharePlan(result: ShareNestedShareRecordResult): string { - return formatNsfRecordSharePlan(result.plan, result.dryRun) - } - - public formatNsfRecordShareResults(results: ShareNestedShareRecordResult['results']): string { - return formatNsfRecordShareResults(results) - } - - public formatNsfFolderShareResults(results: ShareNestedShareFolderResult['results']): string { - return formatNsfFolderShareResults(results) - } - - public listNsfShortcuts(options?: ListNsfShortcutsOptions): NsfShortcutRow[] { - this.getAuthOrThrow() - return this.nestedShareFolderManager.listNsfShortcuts(options ?? {}) - } - - public formatNsfShortcutOutput(rows: NsfShortcutRow[], format?: ListNsfShortcutsOptions['format']): string { - return formatNsfShortcutOutput(rows, format) - } - - public async keepNsfShortcut(input: KeepNsfShortcutInput): Promise { - const current = this.folderSession.currentFolderUid - const defaultFolderUid = - current && isNestedShareFolder(this.storage, current) ? current : undefined - const result = await this.nestedShareFolderManager.keepNsfShortcut(input, defaultFolderUid) - if (!result.dryRun && result.results.some((item) => item.success)) await this.syncIfNeeded() - return result - } - - public formatKeepNsfShortcutPlan(result: KeepNsfShortcutResult): string { - return formatKeepNsfShortcutPlan(result.plan) - } - - public async transferNestedShareRecords( - input: TransferNestedShareRecordInput - ): Promise { - const result = await this.nestedShareFolderManager.transferNestedShareRecords(input) - if (result.results.some((item) => item.success)) await this.syncIfNeeded() - return result - } - - public formatTransferNestedShareRecordResults( - results: TransferNestedShareRecordResult['results'] - ): string { - return formatTransferNestedShareRecordResults(results) - } - - public async updateNestedShareRecordPermissions( - input: UpdateNsfRecordPermissionInput - ): Promise { - const result = await this.nestedShareFolderManager.updateNestedShareRecordPermissions(input) - if (result.confirmed) await this.syncIfNeeded() - return result - } - - public formatNsfRecordPermissionPlan(result: UpdateNsfRecordPermissionResult): string { - return formatNsfRecordPermissionPlan(result.plan) - } - - public formatNsfRecordPermissionRequestHeader( - action: UpdateNsfRecordPermissionInput['action'], - role: string | undefined, - folderDisplayName: string, - recursive: boolean - ): string { - return formatNsfRecordPermissionRequestHeader(action, role, folderDisplayName, recursive) - } - - public formatNsfRecordPermissionFailures( - failures: UpdateNsfRecordPermissionResult['grantFailures'], - kind: 'GRANT' | 'REVOKE' - ): string { - return formatNsfRecordPermissionFailures(failures, kind) - } - - public async shareFolder(input: ShareFolderInput): Promise { - const result = await this.sharedFolderManager.shareFolder(input) - if (result.success) await this.syncIfNeeded() - return result - } - - public async getRecordHistory(recordUid: string): Promise { - const auth = this.getAuthOrThrow() - - const keyBytes = await this.storage.getKeyBytes(recordUid) - if (!keyBytes) { - return { recordUid, history: [] } - } - - return getRecordHistoryOp(auth, recordUid, keyBytes) - } - - public getStorage(): VaultStorage { - return this.storage - } - - public getAuth(): Auth { - return this.getAuthOrThrow() - } - - public disconnect(): void { - if (this.auth) { - try { - this.auth.disconnect() - } catch (err) { - this.log.debug('disconnect error:', extractErrorMessage(err)) - } - this.auth = null - } - this.synced = false - this.folderSession.currentFolderUid = null - } - - public async logout(): Promise { - if (this.auth) { - try { - await this.auth.logout() - } catch (err) { - this.log.debug('logout error:', extractErrorMessage(err)) - } - } - this.disconnect() - this.log.info('Logged out.') - } - - public get host(): string { - return this.config.host - } - - public get isLoggedIn(): boolean { - return this.auth !== null && !!this.auth.sessionToken - } - - public get isSynced(): boolean { - return this.synced - } + private auth: Auth | null = null; + private readonly storage: InMemoryStorage; + private readonly sessionManager: SessionManager; + private readonly authUI: AuthUI3; + private readonly config: Required< + Omit + >; + private readonly log: ILogger; + private synced = false; + private batchDepth = 0; + private readonly folderSession: VaultFolderSession = + FolderManager.createSession(); + private readonly folderManager: FolderManager; + private readonly sharedFolderManager: SharedFolderManager; + private readonly teamManager: TeamManager; + private readonly roleManager: RoleManager; + private readonly enterpriseReportManager: EnterpriseReportManager; + private readonly userManager: UserManager; + private readonly nestedShareFolderManager: NestedShareFolderManager; + + constructor(config?: KeeperVaultConfig) { + this.config = { + host: config?.host || KeeperEnvironment.Prod, + clientVersion: config?.clientVersion || SdkDefaults.CLIENT_VERSION, + configDir: config?.configDir ?? "", + useConsoleAuth: config?.useConsoleAuth !== false, + logFormat: config?.logFormat || SdkDefaults.LOG_FORMAT, + logLevel: config?.logLevel ?? LogLevel.INFO, + autoSync: config?.autoSync !== false, + }; + + this.log = new ConsoleLogger(this.config.logLevel); + this.storage = config?.storage || new InMemoryStorage(); + this.sessionManager = + config?.sessionStorage || + new SessionManager(this.config.configDir || undefined); + this.authUI = config?.authUI || new ConsoleAuthUI(); + + const authProvider = () => this.getAuthOrThrow(); + this.folderManager = new FolderManager( + this.storage, + this.folderSession, + authProvider, + ); + this.sharedFolderManager = new SharedFolderManager( + this.storage, + authProvider, + ); + this.teamManager = new TeamManager(authProvider); + this.roleManager = new RoleManager(authProvider); + this.enterpriseReportManager = new EnterpriseReportManager(authProvider); + this.userManager = new UserManager(authProvider); + this.nestedShareFolderManager = new NestedShareFolderManager( + this.storage, + authProvider, + ); + } + + public getNestedShareFolderManager(): NestedShareFolderManager { + return this.nestedShareFolderManager; + } + + public getFolderManager(): FolderManager { + return this.folderManager; + } + + public getSharedFolderManager(): SharedFolderManager { + return this.sharedFolderManager; + } + + public getTeamManager(): TeamManager { + return this.teamManager; + } + + public getRoleManager(): RoleManager { + return this.roleManager; + } + + public getEnterpriseReportManager(): EnterpriseReportManager { + return this.enterpriseReportManager; + } + + /** @deprecated Use getEnterpriseReportManager() */ + public getAuditReportManager(): EnterpriseReportManager { + return this.enterpriseReportManager; + } + + /** @deprecated Use getEnterpriseReportManager() */ + public getActionReportManager(): EnterpriseReportManager { + return this.enterpriseReportManager; + } + + private async createAuth(options?: { + useSessionResumption?: boolean; + }): Promise { + const host = this.config.host; + const baseDeviceConfig = await this.sessionManager.getDeviceConfig(host); + const deviceConfig = { + ...baseDeviceConfig, + deviceName: baseDeviceConfig.deviceName || SdkDefaults.DEVICE_NAME, + }; + + const sessionStorage: SessionStorage = + options?.useSessionResumption === false + ? { + getCloneCode: async () => null, + saveCloneCode: (h, u, c) => + this.sessionManager.saveCloneCode(h, u, c), + getSessionParameters: () => + this.sessionManager.getSessionParameters(), + saveSessionParameters: (p) => + this.sessionManager.saveSessionParameters(p), + } + : this.sessionManager; + + return new Auth({ + host, + clientVersion: this.config.clientVersion, + deviceConfig, + authUI3: this.config.useConsoleAuth ? this.authUI : undefined, + sessionStorage, + onDeviceConfig: this.sessionManager.createOnDeviceConfig(host), + useSessionResumption: options?.useSessionResumption, + }); + } + + private getAuthOrThrow(): Auth { + if (!this.auth || !this.auth.sessionToken) { + throw new KeeperSdkError( + "Not logged in. Call login() first.", + ResultCodes.NOT_LOGGED_IN, + ); + } + return this.auth; + } + + public async login(username: string, password: string): Promise { + this.auth = await this.createAuth({ useSessionResumption: false }); + this.sessionManager.setLastUsername(username); + + await this.auth.loginV3({ + username, + password, + loginType: Authentication.LoginType.NORMAL, + loginMethod: Authentication.LoginMethod.EXISTING_ACCOUNT, + }); + + this.synced = false; + this.log.info(`Logged in as ${username}`); + } + + public async loginWithSessionToken( + username: string, + sessionToken: string, + ): Promise { + const deviceConfig = await this.sessionManager.getDeviceConfig( + this.config.host, + ); + + if (!deviceConfig.deviceToken || !deviceConfig.privateKey) { + throw new KeeperSdkError( + "Device is not registered for this host. Perform a normal login first to register the device before using session token login.", + ResultCodes.DEVICE_NOT_REGISTERED, + ); + } + + this.auth = await this.createAuth(); + this.sessionManager.setLastUsername(username); + + await this.auth.loginV3({ + username, + givenSessionToken: sessionToken, + loginType: Authentication.LoginType.NORMAL, + loginMethod: Authentication.LoginMethod.EXISTING_ACCOUNT, + }); + + if (!this.auth.sessionToken) { + throw new KeeperSdkError( + "Session token login failed — token may be expired or invalid.", + ResultCodes.SESSION_TOKEN_EXPIRED, + ); + } + + this.synced = false; + this.log.info(`Logged in as ${username} (via session token)`); + } + + public getSessionToken(): string | undefined { + return this.auth?.sessionToken || undefined; + } + + public async resumeSession(): Promise { + const username = await this.sessionManager.getLastUsername(); + if (!username) { + throw new KeeperSdkError( + "No previous login found. Perform a normal login first.", + ResultCodes.NO_PREVIOUS_LOGIN, + ); + } + + this.sessionManager.setLastUsername(username); + + const deviceConfig = await this.sessionManager.getDeviceConfig( + this.config.host, + ); + if (!deviceConfig.deviceToken || !deviceConfig.privateKey) { + throw new KeeperSdkError( + "Device is not registered for this host. Perform a normal login first.", + ResultCodes.DEVICE_NOT_REGISTERED, + ); + } + + const cloneCode = await this.sessionManager.getCloneCode( + this.config.host, + username, + ); + if (!cloneCode) { + throw new KeeperSdkError( + "No clone code found. Persistent login not enabled or clone code expired. Perform a normal login.", + ResultCodes.NO_CLONE_CODE, + ); + } + + this.auth = await this.createAuth({ useSessionResumption: true }); + + await this.auth.loginV3({ + loginType: Authentication.LoginType.NORMAL, + resumeSessionOnly: true, + }); + + if (!this.auth.sessionToken) { + throw new KeeperSdkError( + "Persistent login failed — clone code may be expired or persistent login not enabled. Perform a normal login.", + ResultCodes.PERSISTENT_LOGIN_FAILED, + ); + } + + this.synced = false; + this.log.info(`Session resumed for ${username} (persistent login)`); + } + + public async sync(): Promise { + const auth = this.getAuthOrThrow(); + + const result = await syncDown({ + auth, + storage: this.storage, + logFormat: this.config.logFormat, + }); + + this.synced = true; + return result; + } + + public async batch(fn: () => Promise): Promise { + this.batchDepth++; + try { + await fn(); + } finally { + this.batchDepth--; + if (this.batchDepth === 0 && this.config.autoSync) { + await this.sync(); + } + } + } + + private async syncIfNeeded(): Promise { + if (this.batchDepth > 0) { + this.synced = false; + return; + } + if (this.config.autoSync) { + await this.sync(); + } else { + this.synced = false; + } + } + + public getRecords(): DRecord[] { + return this.storage.getRecords(); + } + + public getRecordByUid(uid: string): DRecord | undefined { + return this.storage.getByUid(VaultObjectKind.Record, uid); + } + + public findRecord(uidOrTitle: string): DRecord | undefined { + const byUid = this.getRecordByUid(uidOrTitle); + if (byUid) return byUid; + + const lowerUidOrTitle = uidOrTitle.toLowerCase(); + return this.getRecords().find( + (record) => getRecordTitle(record).toLowerCase() === lowerUidOrTitle, + ); + } + + public findRecords(criteria: string): DRecord[] { + return searchRecords(this.getRecords(), criteria); + } + + public getRecordsByVersion(version: number): DRecord[] { + return this.getRecords().filter((record) => record.version === version); + } + + public getRecordsByType(recordType: string): DRecord[] { + return this.getRecords().filter( + (record) => getRecordType(record) === recordType, + ); + } + + public getRecordMetadata(): DRecordMetadata[] { + return this.storage.getAll(VaultObjectKind.Metadata); + } + + public getRecordMetadataByUid(uid: string): DRecordMetadata | undefined { + return this.storage.getByUid( + VaultObjectKind.Metadata, + uid, + ); + } + + public getSharedFolders(): DSharedFolder[] { + return this.storage.getAll(FolderKind.SharedFolder); + } + + public getTeams(): DTeam[] { + return this.storage.getAll(VaultObjectKind.Team); + } + + public getUserFolders(): DUserFolder[] { + return this.storage.getAll(FolderKind.UserFolder); + } + + public async listFolder( + options?: ListFolderOptions, + ): Promise { + return this.folderManager.listFolder(options ?? {}); + } + + public listSharedFolders( + options?: ListSharedFoldersOptions, + ): ListSharedFolderRow[] { + return this.sharedFolderManager.listSharedFolders(options ?? {}); + } + + public async listTeams(options?: ListTeamsOptions): Promise { + return this.teamManager.listTeams(options ?? {}); + } + + public async listUsers(options?: ListUsersOptions): Promise { + return this.userManager.listUsers(options ?? {}); + } + + public async viewUser(identifier: string): Promise { + return this.userManager.viewUser(identifier); + } + + public async addUsers(input: AddUserInput): Promise { + return this.userManager.addUsers(input); + } + + public formatAddUserResult( + result: AddUserResult, + options: FormatAddUserResultOptions = {}, + ): FormattedAddUserTable { + return this.userManager.formatAddUserResult(result, options); + } + + public async updateUsers(input: UpdateUserInput): Promise { + return this.userManager.updateUsers(input); + } + + public formatUpdateUserResult( + result: UpdateUserResult, + ): FormattedUpdateUserTable { + return this.userManager.formatUpdateUserResult(result); + } + + public async deleteUsers(input: DeleteUserInput): Promise { + return this.userManager.deleteUsers(input); + } + + public formatDeleteUserResult( + result: DeleteUserResult, + ): FormattedDeleteUserTable { + return this.userManager.formatDeleteUserResult(result); + } + + public async actionUsers(input: UserActionInput): Promise { + return this.userManager.actionUsers(input); + } + + public formatUserActionResult( + result: UserActionResult, + ): FormattedUserActionTable { + return this.userManager.formatUserActionResult(result); + } + + public async aliasUser(input: AliasUserInput): Promise { + return this.userManager.aliasUser(input); + } + + public async addUsersToTeams( + input: AddUsersToTeamsInput, + ): Promise { + return this.userManager.addUsersToTeams(input); + } + + public async removeUsersFromTeams( + input: RemoveUsersFromTeamsInput, + ): Promise { + return this.userManager.removeUsersFromTeams(input); + } + + public formatTeamUserResult(result: TeamUserResult): FormattedTeamUserTable { + return this.userManager.formatTeamUserResult(result); + } + + public async viewTeam(identifier: string): Promise { + return this.teamManager.viewTeam(identifier); + } + + public async addTeams(input: AddTeamInput): Promise { + const result = await this.teamManager.addTeams(input); + if (result.created > 0) await this.syncIfNeeded(); + return result; + } + + public async updateTeams(input: UpdateTeamInput): Promise { + const result = await this.teamManager.updateTeams(input); + if (result.updated > 0) await this.syncIfNeeded(); + return result; + } + + public async deleteTeams(input: DeleteTeamInput): Promise { + const result = await this.teamManager.deleteTeams(input); + if (result.deleted > 0) await this.syncIfNeeded(); + return result; + } + + public async listRoles(options?: ListRolesOptions): Promise { + return this.roleManager.listRoles(options ?? {}); + } + + public async viewRole(identifier: string): Promise { + return this.roleManager.viewRole(identifier); + } + + public async addRoles(input: AddRoleInput): Promise { + const result = await this.roleManager.addRoles(input); + if (result.created > 0) await this.syncIfNeeded(); + return result; + } + + public async updateRoles(input: UpdateRoleInput): Promise { + const result = await this.roleManager.updateRoles(input); + if (result.updated > 0) await this.syncIfNeeded(); + return result; + } + + public async deleteRoles(input: DeleteRoleInput): Promise { + const result = await this.roleManager.deleteRoles(input); + if (result.deleted > 0) await this.syncIfNeeded(); + return result; + } + + public async runAuditReport( + options?: AuditReportOptions, + ): Promise { + return this.enterpriseReportManager.runAuditReport(options ?? {}); + } + + public async runActionReport( + options?: ActionReportOptions, + ): Promise { + return this.enterpriseReportManager.runActionReport(options ?? {}); + } + + public async runPasswordReport( + options?: PasswordReportOptions, + ): Promise { + return runPasswordReport(this.storage, this.folderSession, options ?? {}); + } + + public async changeDirectory(path: string): Promise { + return this.folderManager.changeDirectory(path); + } + + public getCurrentFolderUid(): string | null { + return this.folderManager.getCurrentFolderUid(); + } + + public getWorkingFolderDisplayName(): string { + return this.folderManager.getWorkingFolderDisplayName(); + } + + public async getFolder( + uidOrName: string, + options?: GetFolderOptions, + ): Promise { + return this.folderManager.getFolder(uidOrName, options ?? {}); + } + + public async addFolder(input: AddFolderInput): Promise { + const result = await this.folderManager.addFolder(input); + if (result.success) await this.syncIfNeeded(); + return result; + } + + public async mkdir( + path: string, + options?: MkdirOptions, + ): Promise<{ folderUid: string; success: boolean; message?: string }> { + const result = await this.folderManager.mkdir(path, options ?? {}); + if (result.success) await this.syncIfNeeded(); + return result; + } + + public async updateFolder( + input: UpdateFolderInput, + ): Promise { + const result = await this.folderManager.updateFolder(input); + if (result.success) await this.syncIfNeeded(); + return result; + } + + public async renameFolder( + folderPath: string, + newName: string, + ): Promise { + const result = await this.folderManager.renameFolder(folderPath, newName); + if (result.success) await this.syncIfNeeded(); + return result; + } + + public async updateSharedFolderPermissions( + sharedFolderUid: string, + permissions: SharedFolderPermissionsInput, + ): Promise { + const result = await this.folderManager.updateSharedFolderPermissions( + sharedFolderUid, + permissions, + ); + if (result.success) await this.syncIfNeeded(); + return result; + } + + public async deleteFolder( + folderRefs: string[], + confirm?: (summary: string) => boolean | Promise, + ): Promise { + const result = await this.folderManager.deleteFolder(folderRefs, confirm); + if (result.success) await this.syncIfNeeded(); + return result; + } + + public async rmdir( + patterns: string[], + options?: RmdirOptions, + ): Promise { + const result = await this.folderManager.rmdir(patterns, options ?? {}); + if (result.success) await this.syncIfNeeded(); + return result; + } + + public async tree(options?: FolderTreeBuildOptions): Promise { + this.getAuthOrThrow(); + return this.folderManager.folderTreeAscii(options ?? {}); + } + + public getSummary(): VaultSummary { + return { + recordCount: this.storage.getCount(VaultObjectKind.Record), + sharedFolderCount: this.storage.getCount(FolderKind.SharedFolder), + teamCount: this.storage.getCount(VaultObjectKind.Team), + folderCount: this.storage.getCount(FolderKind.UserFolder), + }; + } + + public printRecords(showDetails = false): void { + const records = this.getRecords(); + if (records.length === 0) { + this.log.info("No records found in vault."); + return; + } + this.log.info(`\n=== Vault Records (${records.length}) ===\n`); + for (const record of records) { + this.log.info(formatRecord(record, showDetails)); + } + } + + public async addRecord(input: NewRecordInput): Promise { + const auth = this.getAuthOrThrow(); + const result = await addRecordOp(auth, input); + if (result.success) await this.syncIfNeeded(); + return result; + } + + public async updateRecord( + recordUid: string, + data: TypedRecordData, + ): Promise { + const auth = this.getAuthOrThrow(); + + const record = this.getRecordByUid(recordUid); + if (!record) { + return { recordUid, success: false, status: VaultStatus.RecordNotFound }; + } + + const keyBytes = await this.storage.getKeyBytes(recordUid); + if (!keyBytes) { + return { + recordUid, + success: false, + status: VaultStatus.RecordKeyNotFound, + }; + } + + const result = await updateRecordOp( + auth, + recordUid, + data, + record.revision, + keyBytes, + ); + if (result.success) await this.syncIfNeeded(); + return result; + } + + public async deleteRecord(recordUid: string): Promise { + const auth = this.getAuthOrThrow(); + const result = await deleteRecordOp(auth, recordUid); + if (result.success) await this.syncIfNeeded(); + return result; + } + + public async moveRecord(input: MoveRecordInput): Promise { + const auth = this.getAuthOrThrow(); + const result = await moveRecordOp(auth, this.storage, input); + if (result.success) await this.syncIfNeeded(); + return result; + } + + public async shareRecord( + input: ShareRecordInput, + ): Promise { + const auth = this.getAuthOrThrow(); + + const record = + this.getRecordByUid(input.recordUid) || this.findRecord(input.recordUid); + if (!record) { + return { + recordUid: input.recordUid, + email: input.email, + success: false, + status: VaultStatus.RecordNotFound, + message: `Record "${input.recordUid}" not found`, + }; + } + + const keyBytes = await this.storage.getKeyBytes(record.uid); + if (!keyBytes) { + return { + recordUid: record.uid, + email: input.email, + success: false, + status: VaultStatus.RecordKeyNotFound, + message: "Record key not available", + }; + } + + const result = await shareRecordOp(auth, keyBytes, { + ...input, + recordUid: record.uid, + }); + if (result.success) await this.syncIfNeeded(); + return result; + } + + public async removeRecordShare( + input: RemoveShareInput, + ): Promise { + const auth = this.getAuthOrThrow(); + const result = await removeRecordShareOp(auth, input); + if (result.success) await this.syncIfNeeded(); + return result; + } + + public async getRecordShareInfo( + recordUid: string, + ): Promise { + const auth = this.getAuthOrThrow(); + return getRecordShareInfoOp(auth, recordUid); + } + + public listNestedShareFolders(options?: ListNsfOptions): ListNsfRow[] { + this.getAuthOrThrow(); + return this.nestedShareFolderManager.listNestedShareFolders(options ?? {}); + } + + public formatListNsfTable( + rows: ListNsfRow[], + options?: { columnWidth?: number }, + ): FormattedListNsfTable { + return formatListNsfTable(rows, options ?? {}); + } + + public renderListNsfAsciiTable( + table: FormattedListNsfTable, + options?: { minColWidth?: number }, + ): string { + return renderListNsfAsciiTable(table, options ?? {}); + } + + public formatListNsfOutput( + rows: ListNsfRow[], + format?: ListNsfFormatInput, + ): string { + return formatListNsfOutput(rows, format); + } + + public async getNestedShareFolder( + identifier: string, + options?: GetNsfOptions, + ): Promise { + return this.nestedShareFolderManager.getNestedShareFolder( + identifier, + options ?? {}, + ); + } + + public formatNsfDetail(result: GetNsfResult, verbose?: boolean): string { + return formatNsfDetail(result, verbose ?? false); + } + + public async linkNestedShareRecord( + recordIdentifier: string, + folderIdentifier: string, + ): Promise { + const result = await this.nestedShareFolderManager.linkNestedShareRecord( + recordIdentifier, + folderIdentifier, + ); + if (result.success) await this.syncIfNeeded(); + return result; + } + + public async removeNestedShareRecords( + input: RemoveNsfRecordInput, + ): Promise { + const result = + await this.nestedShareFolderManager.removeNestedShareRecords(input); + if (result.confirmed) await this.syncIfNeeded(); + return result; + } + + public formatRemoveNsfPreview( + preview: RemoveNsfRecordResult["preview"], + ): string { + return formatRemoveNsfPreview(preview); + } + + public async mkdirNestedShareFolder( + input: Omit, + ): Promise { + const current = this.folderSession.currentFolderUid; + const baseFolderUid = + current && isNestedShareFolder(this.storage, current) ? current : null; + const result = await this.nestedShareFolderManager.mkdirNestedShareFolder({ + ...input, + baseFolderUid, + }); + if (result.created) await this.syncIfNeeded(); + return result; + } + + public async removeNestedShareFolders( + input: RemoveNsfFolderInput, + ): Promise { + const result = + await this.nestedShareFolderManager.removeNestedShareFolders(input); + if (result.confirmed) await this.syncIfNeeded(); + return result; + } + + public async getNestedShareRecordDetails( + input: GetNsfRecordDetailsInput, + ): Promise { + return this.nestedShareFolderManager.getNestedShareRecordDetails(input); + } + + public async updateNestedShareRecords( + input: UpdateNsfRecordInput | UpdateNsfRecordsInput, + ): Promise { + const result = + await this.nestedShareFolderManager.updateNestedShareRecords(input); + if (result.updated.some((item) => item.success)) await this.syncIfNeeded(); + return result; + } + + public async updateNestedShareRecord( + input: UpdateNsfRecordItemInput, + ): Promise { + const result = + await this.nestedShareFolderManager.updateNestedShareRecord(input); + if (result.success) await this.syncIfNeeded(); + return result; + } + + public async addNestedShareRecords( + input: AddNsfRecordsInput, + ): Promise { + const result = + await this.nestedShareFolderManager.addNestedShareRecords(input); + if (result.added.some((item) => item.success)) await this.syncIfNeeded(); + return result; + } + + public async addNestedShareRecord( + input: AddNsfRecordInput, + ): Promise { + const result = + await this.nestedShareFolderManager.addNestedShareRecord(input); + if (result.success) await this.syncIfNeeded(); + return result; + } + + public async updateNestedShareFolder( + input: UpdateNsfFolderInput, + ): Promise { + const result = + await this.nestedShareFolderManager.updateNestedShareFolder(input); + if (result.updated) await this.syncIfNeeded(); + return result; + } + + public async shareNestedShareFolder( + input: ShareNestedShareFolderInput, + ): Promise { + const result = + await this.nestedShareFolderManager.shareNestedShareFolder(input); + if (result.results.some((item) => item.success)) await this.syncIfNeeded(); + return result; + } + + public async shareNestedShareRecord( + input: ShareNestedShareRecordInput, + ): Promise { + const result = + await this.nestedShareFolderManager.shareNestedShareRecord(input); + if (!result.dryRun && result.results.some((item) => item.success)) + await this.syncIfNeeded(); + return result; + } + + public formatNsfRecordSharePlan( + result: ShareNestedShareRecordResult, + ): string { + return formatNsfRecordSharePlan(result.plan, result.dryRun); + } + + public formatNsfRecordShareResults( + results: ShareNestedShareRecordResult["results"], + ): string { + return formatNsfRecordShareResults(results); + } + + public formatNsfFolderShareResults( + results: ShareNestedShareFolderResult["results"], + ): string { + return formatNsfFolderShareResults(results); + } + + public listNsfShortcuts(options?: ListNsfShortcutsOptions): NsfShortcutRow[] { + this.getAuthOrThrow(); + return this.nestedShareFolderManager.listNsfShortcuts(options ?? {}); + } + + public formatNsfShortcutOutput( + rows: NsfShortcutRow[], + format?: ListNsfShortcutsOptions["format"], + ): string { + return formatNsfShortcutOutput(rows, format); + } + + public async keepNsfShortcut( + input: KeepNsfShortcutInput, + ): Promise { + const current = this.folderSession.currentFolderUid; + const defaultFolderUid = + current && isNestedShareFolder(this.storage, current) + ? current + : undefined; + const result = await this.nestedShareFolderManager.keepNsfShortcut( + input, + defaultFolderUid, + ); + if (!result.dryRun && result.results.some((item) => item.success)) + await this.syncIfNeeded(); + return result; + } + + public formatKeepNsfShortcutPlan(result: KeepNsfShortcutResult): string { + return formatKeepNsfShortcutPlan(result.plan); + } + + public async transferNestedShareRecords( + input: TransferNestedShareRecordInput, + ): Promise { + const result = + await this.nestedShareFolderManager.transferNestedShareRecords(input); + if (result.results.some((item) => item.success)) await this.syncIfNeeded(); + return result; + } + + public formatTransferNestedShareRecordResults( + results: TransferNestedShareRecordResult["results"], + ): string { + return formatTransferNestedShareRecordResults(results); + } + + public async updateNestedShareRecordPermissions( + input: UpdateNsfRecordPermissionInput, + ): Promise { + const result = + await this.nestedShareFolderManager.updateNestedShareRecordPermissions( + input, + ); + if (result.confirmed) await this.syncIfNeeded(); + return result; + } + + public formatNsfRecordPermissionPlan( + result: UpdateNsfRecordPermissionResult, + ): string { + return formatNsfRecordPermissionPlan(result.plan); + } + + public formatNsfRecordPermissionRequestHeader( + action: UpdateNsfRecordPermissionInput["action"], + role: string | undefined, + folderDisplayName: string, + recursive: boolean, + ): string { + return formatNsfRecordPermissionRequestHeader( + action, + role, + folderDisplayName, + recursive, + ); + } + + public formatNsfRecordPermissionFailures( + failures: UpdateNsfRecordPermissionResult["grantFailures"], + kind: "GRANT" | "REVOKE", + ): string { + return formatNsfRecordPermissionFailures(failures, kind); + } + + public async shareFolder( + input: ShareFolderInput, + ): Promise { + const result = await this.sharedFolderManager.shareFolder(input); + if (result.success) await this.syncIfNeeded(); + return result; + } + + public async getRecordHistory( + recordUid: string, + ): Promise { + const auth = this.getAuthOrThrow(); + + const keyBytes = await this.storage.getKeyBytes(recordUid); + if (!keyBytes) { + return { recordUid, history: [] }; + } + + return getRecordHistoryOp(auth, recordUid, keyBytes); + } + + public getStorage(): VaultStorage { + return this.storage; + } + + public getAuth(): Auth { + return this.getAuthOrThrow(); + } + + public disconnect(): void { + if (this.auth) { + try { + this.auth.disconnect(); + } catch (err) { + this.log.debug("disconnect error:", extractErrorMessage(err)); + } + this.auth = null; + } + this.synced = false; + this.folderSession.currentFolderUid = null; + } + + public async logout(): Promise { + if (this.auth) { + try { + await this.auth.logout(); + } catch (err) { + this.log.debug("logout error:", extractErrorMessage(err)); + } + } + this.disconnect(); + this.log.info("Logged out."); + } + + public get host(): string { + return this.config.host; + } + + public get isLoggedIn(): boolean { + return this.auth !== null && !!this.auth.sessionToken; + } + + public get isSynced(): boolean { + return this.synced; + } } diff --git a/KeeperSdk/tsconfig.json b/KeeperSdk/tsconfig.json index 74c99318..58f6c33d 100644 --- a/KeeperSdk/tsconfig.json +++ b/KeeperSdk/tsconfig.json @@ -1,16 +1,16 @@ { - "compilerOptions": { - "module": "commonjs", - "target": "es2018", - "sourceMap": true, - "strict": false, - "skipLibCheck": true, - "esModuleInterop": true, - "declaration": true, - "rootDir": ".", - "outDir": "dist", - "types": ["node"] - }, - "include": ["src"], - "exclude": ["node_modules", "dist"] + "compilerOptions": { + "module": "commonjs", + "target": "es2018", + "sourceMap": true, + "strict": false, + "skipLibCheck": true, + "esModuleInterop": true, + "declaration": true, + "rootDir": ".", + "outDir": "dist", + "types": ["node"] + }, + "include": ["src"], + "exclude": ["node_modules", "dist"] } From c8c2c604229485b429825a761ddff8701232e54b Mon Sep 17 00:00:00 2001 From: sgaddala-ks Date: Fri, 17 Jul 2026 12:00:38 +0530 Subject: [PATCH 2/2] added formatting tasks of KeeperSDK to main.yml --- .github/workflows/main.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7f914038..68382201 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -42,6 +42,16 @@ jobs: run: npm run test working-directory: ./keeperapi + - name: SDK - Install + run: npm ci + working-directory: ./KeeperSdk + env: + NPM_TOKEN: "" + + - name: SDK - Check Formatting + run: npm run format:check + working-directory: ./KeeperSdk + - name: Examples (node) - Installation run: npm run link-local working-directory: ./examples/print-vault-node