Skip to content

feat(iam): user management #63

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
designcode merged 2 commits into from
Feb 20, 2026
Merged

feat(iam): user management #63

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
857531c
feat(iam): user management
designcode Feb 20, 2026
e9a50a0
chore(shared): update packages
designcode Feb 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 0 additions & 29 deletions .eslintrc.json
View file
Open in desktop

This file was deleted.

21 changes: 21 additions & 0 deletions eslint.config.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
import eslint from "@eslint/js";
import tseslint from "typescript-eslint";

export default tseslint.config(
eslint.configs.recommended,
...tseslint.configs.recommended,
{
rules: {
"@typescript-eslint/no-unused-vars": "error",
"@typescript-eslint/no-explicit-any": "warn",
"@typescript-eslint/explicit-function-return-type": "off",
"@typescript-eslint/explicit-module-boundary-types": "off",
"@typescript-eslint/no-inferrable-types": "off",
"prefer-const": "error",
"no-var": "error",
},
},
{
ignores: ["**/dist/", "**/node_modules/", "**/*.cjs"],
},
);
3,433 changes: 1,418 additions & 2,015 deletions package-lock.json
View file
Open in desktop

Large diffs are not rendered by default.

8 changes: 4 additions & 4 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,18 +61,18 @@
"devDependencies": {
"@commitlint/cli": "^18.0.0",
"@commitlint/config-conventional": "^18.0.0",
"@eslint/js": "^10.0.1",
"@semantic-release/changelog": "^6.0.3",
"@semantic-release/git": "^10.0.1",
"@types/node": "^20.0.0",
"@typescript-eslint/eslint-plugin": "^6.0.0",
"@typescript-eslint/parser": "^6.0.0",
"eslint": "^8.0.0",
"eslint": "^10.0.0",
"husky": "^8.0.0",
"prettier": "^3.0.0",
"publint": "^0.2.0",
"publint": "^0.3.17",
"semantic-release": "^25.0.3",
"tsup": "^8.0.0",
"typescript": "^5.0.0",
"typescript-eslint": "^8.56.0",
"vitest": "^4.0.15"
}
}
16 changes: 16 additions & 0 deletions packages/iam/src/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,3 +50,19 @@ export {
type PolicyDocument,
type PolicyStatement,
} from './lib/policy/types';
export { inviteUser, type InviteUserOptions } from './lib/users/invite';
export {
listUsers,
type ListUsersOptions,
type ListUsersResponse,
} from './lib/users/list';
export { removeUser, type RemoveUserOptions } from './lib/users/remove';
export {
revokeInvitation,
type RevokeInvitationOptions,
} from './lib/users/revoke-invitation';
export { type Invitation, type User } from './lib/users/types';
export {
updateUserRole,
type UpdateUserRoleOptions,
} from './lib/users/update-role';
23 changes: 8 additions & 15 deletions packages/iam/src/lib/config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,29 +1,22 @@
import {
isNode,
loadEnv,
missingConfigError as baseMissingConfigError,
} from '@shared/index';
import { isNode, loadEnv } from '@shared/index';
import type { TigrisIAMConfig } from './types';

const configMap: Record<keyof TigrisIAMConfig, string> = {
iamEndpoint: 'TIGRIS_IAM_ENDPOINT',
sessionToken: 'TIGRIS_SESSION_TOKEN',
organizationId: 'TIGRIS_ORGANIZATION_ID',
export const DEFAULT_ENDPOINTS = {
iam: 'https://iam.storageapi.dev',
mgmt: 'https://mgmt.storageapi.dev',
};

export const missingConfigError = (key: string) =>
baseMissingConfigError(key, configMap[key as keyof TigrisIAMConfig]);

function loadIAMConfig(): TigrisIAMConfig {
loadEnv();

const config: TigrisIAMConfig = {
iamEndpoint: 'https://iam.storageapi.dev',
iamEndpoint: DEFAULT_ENDPOINTS.iam,
mgmtEndpoint: DEFAULT_ENDPOINTS.mgmt,
};

if (isNode()) {
config.iamEndpoint =
process.env.TIGRIS_IAM_ENDPOINT ?? 'https://iam.storageapi.dev';
config.iamEndpoint = process.env.TIGRIS_IAM_ENDPOINT;
config.mgmtEndpoint = process.env.TIGRIS_MGMT_ENDPOINT;
config.sessionToken = process.env.TIGRIS_SESSION_TOKEN;
config.organizationId = process.env.TIGRIS_ORGANIZATION_ID;
}
Expand Down
23 changes: 17 additions & 6 deletions packages/iam/src/lib/http-client.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,14 @@
import { createTigrisHttpClient, type TigrisHttpClient } from '@shared/index';
import { config } from './config';
import { config, DEFAULT_ENDPOINTS } from './config';
import type { TigrisIAMConfig, TigrisIAMResponse } from './types';

export const IAM_ENDPOINTS = {
// Users
revokeInvitation: '/tigris-iam/invitations',
removeUser: '/tigris-iam/namespaces',
inviteUser: '/tigris-iam/invitations',
listUsers: '/users/get-org?SkipNativeOrgCache=true',
updateUserRole: '/tigris-iam/namespaces',
// Organizations
createOrganization: '/tigris-iam/namespaces',
listOrganizations: '/tigris-iam/namespaces',
Expand All @@ -22,13 +28,16 @@ export const IAM_ENDPOINTS = {
};

function getIAMEndpoint(options?: TigrisIAMConfig): string {
return (
options?.iamEndpoint ?? config.iamEndpoint ?? 'https://iam.storageapi.dev'
);
return options?.iamEndpoint ?? config.iamEndpoint ?? DEFAULT_ENDPOINTS.iam;
}

function getManagementEndpoint(options?: TigrisIAMConfig): string {
return options?.mgmtEndpoint ?? config.mgmtEndpoint ?? DEFAULT_ENDPOINTS.mgmt;
}

export function createIAMClient(
options?: TigrisIAMConfig
options?: TigrisIAMConfig,
isManagement?: boolean
): TigrisIAMResponse<TigrisHttpClient, Error> {
const sessionToken = options?.sessionToken ?? config.sessionToken;
const organizationId = options?.organizationId ?? config.organizationId;
Expand All @@ -42,7 +51,9 @@ export function createIAMClient(
}

return createTigrisHttpClient({
baseUrl: getIAMEndpoint(options),
baseUrl: isManagement
? getManagementEndpoint(options)
: getIAMEndpoint(options),
sessionToken,
organizationId,
});
Expand Down
1 change: 1 addition & 0 deletions packages/iam/src/lib/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ export type TigrisIAMConfig = {
sessionToken?: string;
organizationId?: string;
iamEndpoint?: string;
mgmtEndpoint?: string;
};

export type TigrisIAMResponse<T, E = Error> = TigrisResponse<T, E>;
56 changes: 56 additions & 0 deletions packages/iam/src/lib/users/invite.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
import { createIAMClient, IAM_ENDPOINTS } from '../http-client';
import type { TigrisIAMConfig, TigrisIAMResponse } from '../types';

export type InviteUserOptions = {
config?: TigrisIAMConfig;
};

type Invitation = {
email: string;
role: 'member' | 'admin';
};

type InviteUserBody = {
invitations: Invitation[];
};

type InviteUserApiResponse = {
status: 'success' | 'error';
message?: string;
result: Record<string, unknown>;
};

export async function inviteUser(
invitations: Invitation[],
options?: InviteUserOptions
): Promise<TigrisIAMResponse<void, Error>> {
const { data: client, error } = createIAMClient(options?.config);
if (error) {
return { error };
}

const response = await client.request<
InviteUserBody,
InviteUserApiResponse
>({
method: 'POST',
path: IAM_ENDPOINTS.inviteUser,
body: { invitations },
headers: {
'Content-Type': 'application/json',
Accept: 'application/json',
},
});

if (response.error) {
return { error: response.error };
}

if (response.data.status === 'error') {
return {
error: new Error(response.data.message ?? 'Failed to invite users'),
};
}

return { data: undefined };
}
92 changes: 92 additions & 0 deletions packages/iam/src/lib/users/list.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
import { createIAMClient, IAM_ENDPOINTS } from '../http-client';
import type { TigrisIAMConfig, TigrisIAMResponse } from '../types';
import type { Invitation, User } from './types';

export type ListUsersOptions = {
config?: TigrisIAMConfig;
};

export type ListUsersResponse = {
users: User[];
invitations: Invitation[];
};

type ListUsersApiResponse = {
id: string;
name: string;
description: string;
slug: string;
owner_user_id: string;
notification_emails: string[] | null;
users: Array<{
email: string;
agreed_to_tos: boolean;
userId: string;
user_name: string;
profile_picture_url: string;
role: string;
is_org_owner: boolean;
}>;
invitations: Array<{
id: string;
email: string;
role: string;
status: string;
namespace_id: string;
created_by_user_id: string;
valid_until: string;
}> | null;
billing: {
email: string;
};
mfa_settings: {
enabled: boolean;
};
quota: {
limit_bytes: number;
};
};

export async function listUsers(
options?: ListUsersOptions
): Promise<TigrisIAMResponse<ListUsersResponse, Error>> {
const { data: client, error } = createIAMClient(options?.config, true);

if (error || !client) {
return { error };
}

const response = await client.request<unknown, ListUsersApiResponse>({
method: 'GET',
path: IAM_ENDPOINTS.listUsers,
});

if (response.error) {
return { error: response.error };
}

return {
data: {
users:
response.data.users?.map((user) => ({
email: user.email,
userId: user.userId,
userName: user.user_name,
profilePictureUrl: user.profile_picture_url,
role: user.role,
isOrgOwner: user.is_org_owner,
agreedToTos: user.agreed_to_tos,
})) ?? [],
invitations:
response.data.invitations?.map((inv) => ({
id: inv.id,
email: inv.email,
role: inv.role,
status: inv.status,
namespaceId: inv.namespace_id,
createdByUserId: inv.created_by_user_id,
validUntil: new Date(inv.valid_until),
})) ?? [],
},
};
}
Loading