# Infomaker service-authorization-lib

## Develop the project

### Run the unit tests
```
docker-compose up
```

### Rebuild after updates to package.json
```
docker-compose down
docker-compose build
docker-compose up
```
***

# tokenUtils

## Usage
```js
  const tokenUtils = require('@infomaker/service-authorization-lib').tokenUtils

  const expressMiddlewareFunctionThing = (req, res, next) => {
    tokenUtils.extractServiceTokenFromRequest(req) // -> {...} serviceToken
    tokenUtils.extractImidTokenFromRequest(req) // -> 'eyJhbGciOiJSUzUxMiIsIn...' | null
    tokenUtils.getSubject(req) // -> '07b9d9e6-5be1-4eb2-9675-9ee702f955ce'
    tokenUtils.getOrganization(req) // -> 'infomaker'
    tokenUtils.getUnits(req) // -> ['unit-a', 'unit-b']
    tokenUtils.getSelectedUnit(req) // -> 'unit-a'
    tokenUtils.getOrgPermissions(req) // -> ['writer:access']
    tokenUtils.getUnitPermissions(req, 'infomaker-dev') // -> ['writer:access']
    tokenUtils.isServiceAdmin(req) // -> false
    tokenUtils.getUserinfo(req) // -> { given_name: ... }
  }
```

## extractServiceTokenFromRequest(request) ⇒ <code>Object</code>
Extracts and decodes a service token from request

**Returns**: <code>Object</code> - serviceToken - The service token

| Param | Type | Description |
| --- | --- | --- |
| request | <code>http.IncomingMessage</code> |  |


### extractImidTokenFromRequest(request) ⇒ <code>String</code> \| <code>null</code>
Extracts IMID token from a raw request if present

**Returns**: <code>String</code> \| <code>null</code> - imidToken - The IMID token if present

| Param | Type |
| --- | --- |
| request | <code>http.IncomingMessage</code> |


## getSubject(request) ⇒ <code>String</code>
Get the subject from the service token

**Returns**: <code>String</code> - organization - The subject identifier set on the service token

| Param | Type | Description |
| --- | --- | --- |
| request | <code>http.IncomingMessage</code> |  |


## getOrganization(request) ⇒ <code>String</code>
Get the subject's organization

**Returns**: <code>String</code> - organization - The organization the subject belongs to

| Param | Type | Description |
| --- | --- | --- |
| request | <code>http.IncomingMessage</code> |  |


## getUnits(request) ⇒ <code>Array.&lt;String&gt;</code>
Get the subject's mapped units

**Returns**: <code>Array.&lt;String&gt;</code> - units - An array of all units the subject belongs to

| Param | Type | Description |
| --- | --- | --- |
| request | <code>http.IncomingMessage</code> |  |


## getSelectedUnit(request) ⇒ <code>null</code> \| <code>String</code>
Get the subject's selected unit

**Returns**: <code>null</code> \| <code>String</code> - unit - The subject's selected unit, null if no unit selected

| Param | Type | Description |
| --- | --- | --- |
| request | <code>http.IncomingMessage</code> |  |


## getOrgPermissions(request) ⇒ <code>Array.&lt;String&gt;</code>
Get the subject's organization permissions

Organization permissions are located under permissions.org

**Returns**: <code>Array.&lt;String&gt;</code> - } permissions - The subject's org permissions

| Param | Type | Description |
| --- | --- | --- |
| request | <code>http.IncomingMessage</code> |  |


## getUnitPermissions(request, unit) ⇒ <code>Array.&lt;String&gt;</code>
Get the subject's permissions for the specified unit

Organization permissions are located under permissions.units[unit]

**Returns**: <code>Array.&lt;String&gt;</code> - } permissions - The subject's permissions for the specified unit

| Param | Type | Description |
| --- | --- | --- |
| request | <code>http.IncomingMessage</code> |  |
| unit | <code>String</code> | The unit permissions should be checked in |


## isServiceAdmin(request) ⇒ <code>Boolean</code>
Checks if a token belogs to an admin for the service

Organization permissions are located under permissions.units[unit]

**Returns**: <code>Boolean</code> - isServiceAdmin - True if the token belongs to an admin for the service

| Param | Type | Description |
| --- | --- | --- |
| request | <code>http.IncomingMessage</code> |  |


## getUserinfo(request) ⇒ <code>Object</code>
Get the subject's userinfo

Organization permissions are located under permissions.units[unit]

**Returns**: <code>Object</code> - userinfo - The userinfo object set on the subject

| Param | Type | Description |
| --- | --- | --- |
| request | <code>http.IncomingMessage</code> |  |

