@blackcode_sa/metaestetics-api 1.15.17-staging.4 → 1.15.17-staging.5

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@blackcode_sa/metaestetics-api",
   "private": false,
-  "version": "1.15.17-staging.4",
+  "version": "1.15.17-staging.5",
   "description": "Firebase authentication service with anonymous upgrade support",
   "main": "dist/index.js",
   "module": "dist/index.mjs",

package/src/services/auth/auth.service.ts

@@ -341,57 +341,23 @@ export class AuthService extends BaseService {
           token: data.inviteToken,
         });
 
-        // Find the token in the database
-        console.log('[AUTH] Searching for token in clinic groups');
-        const groupsRef = collection(this.db, CLINIC_GROUPS_COLLECTION);
-        const q = query(groupsRef);
-        const querySnapshot = await getDocs(q);
-
-        let foundGroup: ClinicGroup | null = null;
-        let foundToken: AdminToken | null = null;
-
-        console.log('[AUTH] Found', querySnapshot.size, 'clinic groups to check');
-        for (const docSnapshot of querySnapshot.docs) {
-          const group = docSnapshot.data() as ClinicGroup;
-          console.log('[AUTH] Checking group', {
-            groupId: group.id,
-            groupName: group.name,
-          });
-
-          // Find the token in the group's tokens
-          const token = group.adminTokens.find(t => {
-            const isMatch =
-              t.token === data.inviteToken &&
-              t.status === AdminTokenStatus.ACTIVE &&
-              new Date(t.expiresAt.toDate()) > new Date();
-
-            console.log('[AUTH] Checking token', {
-              tokenId: t.id,
-              tokenMatch: t.token === data.inviteToken,
-              tokenStatus: t.status,
-              tokenActive: t.status === AdminTokenStatus.ACTIVE,
-              tokenExpiry: new Date(t.expiresAt.toDate()),
-              tokenExpired: new Date(t.expiresAt.toDate()) <= new Date(),
-              isMatch,
-            });
+        // Find the token using collection group query (O(1) instead of scanning all groups)
+        console.log('[AUTH] Searching for token via collection group query');
+        const tokenResult = await clinicGroupService.findAdminTokenByValue(data.inviteToken);
 
-            return isMatch;
-          });
-
-          if (token) {
-            foundGroup = group;
-            foundToken = token;
-            console.log('[AUTH] Found matching token in group', {
-              groupId: group.id,
-              tokenId: token.id,
-            });
-            break;
-          }
+        if (!tokenResult) {
+          console.error('[AUTH] No valid active token found');
+          throw new Error('Invalid or expired invite token');
         }
 
-        if (!foundGroup || !foundToken) {
-          console.error('[AUTH] No valid token found in any clinic group');
-          throw new Error('Invalid or expired invite token');
+        console.log('[AUTH] Found matching token', {
+          tokenId: tokenResult.token.id,
+          clinicGroupId: tokenResult.clinicGroupId,
+        });
+
+        const foundGroup = await clinicGroupService.getClinicGroup(tokenResult.clinicGroupId);
+        if (!foundGroup) {
+          throw new Error('Clinic group not found for token');
         }
 
         clinicGroup = foundGroup;

package/src/services/clinic/clinic-group.service.ts

@@ -198,13 +198,20 @@ export class ClinicGroupService extends BaseService {
     return ClinicGroupUtils.getActiveAdminTokens(this.db, groupId, adminId, this.app);
   }
 
-  // TODO: Add a method to get all admin tokens for a clinic group (not just active ones)
-
-  // TODO: Refactor admin token methods not to add tokens to the clinicGroup document,
-  // but to add them to a subcollection called adminTokens that belongs to a specific clinicGroup document
+  /**
+   * Gets ALL admin tokens for a clinic group (all statuses)
+   */
+  async getAllAdminTokens(groupId: string, adminId: string): Promise<AdminToken[]> {
+    return ClinicGroupUtils.getAllAdminTokens(this.db, groupId, adminId, this.app);
+  }
 
-  // TODO: Add granular control over admin permissions, e.g. only allow admins to manage certain clinics to tokens directly
-  // TODO: Generally refactor admin tokens and invites, also create cloud function to send invites and send updates when sombody uses the token
+  /**
+   * Finds an admin token by its value across all clinic groups.
+   * Uses a collection group query for O(1) lookup.
+   */
+  async findAdminTokenByValue(tokenValue: string): Promise<{ token: AdminToken; clinicGroupId: string } | null> {
+    return ClinicGroupUtils.findAdminTokenByValue(this.db, tokenValue);
+  }
 
   /**
    * Updates the onboarding status for a clinic group

package/src/services/clinic/utils/clinic-group.utils.ts

@@ -1,10 +1,13 @@
 import {
   collection,
+  collectionGroup,
   doc,
   getDoc,
   getDocs,
   query,
   where,
+  orderBy,
+  limit,
   updateDoc,
   setDoc,
   deleteDoc,
@@ -161,7 +164,7 @@ export async function createClinicGroup(
     clinicsInfo: [],
     admins: [ownerId],
     adminsInfo: [],
-    adminTokens: [],
+    adminTokens: [], // @deprecated — tokens now in subcollection, kept for backward compat
     ownerId,
     createdAt: now,
     updatedAt: now,
@@ -459,6 +462,18 @@ export async function deactivateClinicGroup(
  * @param data - Token data
  * @returns The created admin token
  */
+// --- Admin Token Subcollection ---
+// Tokens are stored in: clinic_groups/{groupId}/adminTokens/{tokenId}
+
+const ADMIN_TOKENS_SUBCOLLECTION = "adminTokens";
+
+function adminTokensRef(db: Firestore, groupId: string) {
+  return collection(db, CLINIC_GROUPS_COLLECTION, groupId, ADMIN_TOKENS_SUBCOLLECTION);
+}
+
+/**
+ * Creates an admin token in the subcollection.
+ */
 export async function createAdminToken(
   db: Firestore,
   groupId: string,
@@ -471,121 +486,105 @@ export async function createAdminToken(
     throw new Error("Clinic group not found");
   }
 
-  // Proveravamo da li admin pripada grupi
   if (!group.admins.includes(creatorAdminId)) {
     throw new Error("Admin does not belong to this clinic group");
   }
 
   const now = Timestamp.now();
-  const expiresInDays = data?.expiresInDays || 7; // Default 7 days
+  const expiresInDays = data?.expiresInDays || 7;
   const email = data?.email || null;
   const expiresAt = new Timestamp(
     now.seconds + expiresInDays * 24 * 60 * 60,
     now.nanoseconds
   );
 
+  const tokenRef = doc(adminTokensRef(db, groupId));
   const token: AdminToken = {
-    id: generateId(),
+    id: tokenRef.id,
     token: generateId(),
     status: AdminTokenStatus.ACTIVE,
     email,
+    clinicGroupId: groupId,
     createdAt: now,
     expiresAt,
   };
 
-  // Dodajemo token u grupu
-  // Ovo treba promeniti, staviti admin tokene u sub-kolekciju u klinickoj grupi
-  await updateClinicGroup(
-    db,
-    groupId,
-    {
-      adminTokens: [...group.adminTokens, token],
-    },
-    app
-  );
-
+  await setDoc(tokenRef, token);
   return token;
 }
 
 /**
- * Verifies and uses an admin token
- * @param db - Firestore database instance
- * @param groupId - ID of the clinic group
- * @param token - Token to verify
- * @param userRef - User reference
- * @param app - Firebase app instance
- * @returns Whether the token was successfully used
+ * Verifies and marks an admin token as used.
+ * Uses a collection group query to find the token across all groups.
  */
 export async function verifyAndUseAdminToken(
   db: Firestore,
   groupId: string,
-  token: string,
+  tokenValue: string,
   userRef: string,
   app: FirebaseApp
 ): Promise<boolean> {
-  const group = await getClinicGroup(db, groupId);
-  if (!group) {
-    throw new Error("Clinic group not found");
-  }
+  // Query the subcollection for the matching token
+  const tokensQuery = query(
+    adminTokensRef(db, groupId),
+    where("token", "==", tokenValue),
+    limit(1)
+  );
+  const snapshot = await getDocs(tokensQuery);
 
-  const adminToken = group.adminTokens.find((t) => t.token === token);
-  if (!adminToken) {
+  if (snapshot.empty) {
     throw new Error("Admin token not found");
   }
 
+  const tokenDoc = snapshot.docs[0];
+  const adminToken = tokenDoc.data() as AdminToken;
+
   if (adminToken.status !== AdminTokenStatus.ACTIVE) {
     throw new Error("Admin token is not active");
   }
 
   const now = Timestamp.now();
   if (adminToken.expiresAt.seconds < now.seconds) {
-    // Token je istekao, ažuriramo status
-    const updatedTokens = group.adminTokens.map((t) =>
-      t.id === adminToken.id ? { ...t, status: AdminTokenStatus.EXPIRED } : t
-    );
-
-    await updateClinicGroup(
-      db,
-      groupId,
-      {
-        adminTokens: updatedTokens,
-      },
-      app
-    );
-
+    await updateDoc(tokenDoc.ref, { status: AdminTokenStatus.EXPIRED });
     throw new Error("Admin token has expired");
   }
 
-  // Token je validan, ažuriramo status
-  const updatedTokens = group.adminTokens.map((t) =>
-    t.id === adminToken.id
-      ? {
-          ...t,
-          status: AdminTokenStatus.USED,
-          usedByUserRef: userRef,
-        }
-      : t
-  );
+  // Mark as used
+  await updateDoc(tokenDoc.ref, {
+    status: AdminTokenStatus.USED,
+    usedByUserRef: userRef,
+  });
 
-  await updateClinicGroup(
-    db,
-    groupId,
-    {
-      adminTokens: updatedTokens,
-    },
-    app
+  return true;
+}
+
+/**
+ * Finds an admin token by its token string across ALL clinic groups.
+ * Uses a collection group query — much more efficient than scanning all groups.
+ */
+export async function findAdminTokenByValue(
+  db: Firestore,
+  tokenValue: string
+): Promise<{ token: AdminToken; clinicGroupId: string } | null> {
+  const tokensQuery = query(
+    collectionGroup(db, ADMIN_TOKENS_SUBCOLLECTION),
+    where("token", "==", tokenValue),
+    where("status", "==", AdminTokenStatus.ACTIVE),
+    limit(1)
   );
+  const snapshot = await getDocs(tokensQuery);
 
-  return true;
+  if (snapshot.empty) return null;
+
+  const tokenData = snapshot.docs[0].data() as AdminToken;
+  return {
+    token: tokenData,
+    clinicGroupId: tokenData.clinicGroupId,
+  };
 }
 
 /**
- * Deletes an admin token
- * @param db - Firestore database instance
- * @param groupId - ID of the clinic group
- * @param tokenId - ID of the token to delete
- * @param adminId - ID of the admin making the deletion
- * @param app - Firebase app instance
+ * Deletes an admin token from the subcollection.
  */
 export async function deleteAdminToken(
   db: Firestore,
@@ -599,33 +598,43 @@ export async function deleteAdminToken(
     throw new Error("Clinic group not found");
   }
 
-  // Proveravamo da li admin pripada grupi
   if (!group.admins.includes(adminId)) {
     throw new Error("Admin does not belong to this clinic group");
   }
 
-  // Uklanjamo token
-  const updatedTokens = group.adminTokens.filter((t) => t.id !== tokenId);
+  await deleteDoc(doc(adminTokensRef(db, groupId), tokenId));
+}
 
-  await updateClinicGroup(
-    db,
-    groupId,
-    {
-      adminTokens: updatedTokens,
-    },
-    app
+/**
+ * Gets active admin tokens for a clinic group from the subcollection.
+ */
+export async function getActiveAdminTokens(
+  db: Firestore,
+  groupId: string,
+  adminId: string,
+  app: FirebaseApp
+): Promise<AdminToken[]> {
+  const group = await getClinicGroup(db, groupId);
+  if (!group) {
+    throw new Error("Clinic group not found");
+  }
+
+  if (!group.admins.includes(adminId)) {
+    throw new Error("Admin does not belong to this clinic group");
+  }
+
+  const tokensQuery = query(
+    adminTokensRef(db, groupId),
+    where("status", "==", AdminTokenStatus.ACTIVE)
   );
+  const snapshot = await getDocs(tokensQuery);
+  return snapshot.docs.map((d) => d.data() as AdminToken);
 }
 
 /**
- * Gets active admin tokens for a clinic group
- * @param db - Firestore database instance
- * @param groupId - ID of the clinic group
- * @param adminId - ID of the admin requesting the tokens
- * @param app - Firebase app instance (not used but included for consistency)
- * @returns Array of active admin tokens
+ * Gets ALL admin tokens for a clinic group (all statuses).
  */
-export async function getActiveAdminTokens(
+export async function getAllAdminTokens(
   db: Firestore,
   groupId: string,
   adminId: string,
@@ -636,11 +645,10 @@ export async function getActiveAdminTokens(
     throw new Error("Clinic group not found");
   }
 
-  // Proveravamo da li admin pripada grupi
   if (!group.admins.includes(adminId)) {
     throw new Error("Admin does not belong to this clinic group");
   }
 
-  // Vraćamo samo aktivne tokene
-  return group.adminTokens.filter((t) => t.status === AdminTokenStatus.ACTIVE);
+  const snapshot = await getDocs(adminTokensRef(db, groupId));
+  return snapshot.docs.map((d) => d.data() as AdminToken);
 }

package/src/types/clinic/index.ts

@@ -160,6 +160,7 @@ export interface AdminToken {
   email?: string | null;
   status: AdminTokenStatus;
   usedByUserRef?: string;
+  clinicGroupId: string;
   createdAt: Timestamp;
   expiresAt: Timestamp;
 }
@@ -308,7 +309,8 @@ export interface ClinicGroup {
   clinicsInfo: ClinicInfo[];
   admins: string[];
   adminsInfo: AdminInfo[];
-  adminTokens: AdminToken[];
+  /** @deprecated Tokens now stored in subcollection clinic_groups/{id}/adminTokens */
+  adminTokens?: AdminToken[];
   ownerId: string | null;
   createdAt: Timestamp;
   updatedAt: Timestamp;

package/src/validations/clinic.schema.ts

@@ -143,8 +143,9 @@ export const adminTokenSchema = z.object({
   email: z.string().email().optional().nullable(),
   status: z.nativeEnum(AdminTokenStatus),
   usedByUserRef: z.string().optional(),
-  createdAt: z.instanceof(Date).or(z.instanceof(Timestamp)), // Timestamp
-  expiresAt: z.instanceof(Date).or(z.instanceof(Timestamp)), // Timestamp
+  clinicGroupId: z.string(),
+  createdAt: z.instanceof(Date).or(z.instanceof(Timestamp)),
+  expiresAt: z.instanceof(Date).or(z.instanceof(Timestamp)),
 });
 
 /**
@@ -233,7 +234,7 @@ export const clinicGroupSchema = z.object({
   clinicsInfo: z.array(clinicInfoSchema),
   admins: z.array(z.string()),
   adminsInfo: z.array(adminInfoSchema),
-  adminTokens: z.array(adminTokenSchema),
+  adminTokens: z.array(adminTokenSchema).optional(),
   ownerId: z.string().nullable(),
   createdAt: z.instanceof(Date).or(z.instanceof(Timestamp)), // Timestamp
   updatedAt: z.instanceof(Date).or(z.instanceof(Timestamp)), // Timestamp