npm - @culturefy/shared - Versions diffs - 1.0.32 → 1.0.34 - Mend

@culturefy/shared 1.0.32 → 1.0.34

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (33) hide show

package/build/cjs/enums/secretKeys.enum.js +1 -0
package/build/cjs/enums/secretKeys.enum.js.map +1 -1
package/build/cjs/middlewares/token-validation.js +15 -462
package/build/cjs/middlewares/token-validation.js.map +1 -1
package/build/cjs/models/user.model.js +272 -366
package/build/cjs/models/user.model.js.map +1 -1
package/build/cjs/service/user.service.js +89 -84
package/build/cjs/service/user.service.js.map +1 -1
package/build/esm/enums/secretKeys.enum.js +1 -0
package/build/esm/enums/secretKeys.enum.js.map +1 -1
package/build/esm/middlewares/token-validation.js +16 -463
package/build/esm/middlewares/token-validation.js.map +1 -1
package/build/esm/models/user.model.js +272 -366
package/build/esm/models/user.model.js.map +1 -1
package/build/esm/service/user.service.js +89 -85
package/build/esm/service/user.service.js.map +1 -1
package/build/src/enums/secretKeys.enum.d.ts +2 -1
package/build/src/enums/secretKeys.enum.js +1 -0
package/build/src/enums/secretKeys.enum.js.map +1 -1
package/build/src/middlewares/token-validation.d.ts +1 -1
package/build/src/middlewares/token-validation.js +16 -314
package/build/src/middlewares/token-validation.js.map +1 -1
package/build/src/models/user.model.d.ts +0 -5
package/build/src/models/user.model.js +266 -263
package/build/src/models/user.model.js.map +1 -1
package/build/src/service/user.service.d.ts +0 -6
package/build/src/service/user.service.js +1 -107
package/build/src/service/user.service.js.map +1 -1
package/package.json +1 -1
package/src/enums/secretKeys.enum.ts +1 -0
package/src/middlewares/token-validation.ts +19 -432
package/src/models/user.model.ts +265 -265
package/src/service/user.service.ts +79 -77

package/build/src/service/user.service.js CHANGED Viewed

@@ -1,118 +1,12 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.UserService = void 0;
-const tslib_1 = require("tslib");
-const mongoose_1 = require("mongoose");
-const user_model_1 = require("../models/user.model");
 const shared_1 = require("@culturefy/shared");
 class UserService extends shared_1.Initializers {
+    // private readonly schema = UserModel.schema;
     constructor(context, dbUrl) {
         super(context, dbUrl);
-        this.schema = user_model_1.UserModel.schema;
-    }
-    getModel() {
-        const connection = this.getConnection();
-        if (!connection) {
-            throw new Error('Database connection not established');
-        }
-        return connection.model(user_model_1.UserModel.modelName, this.schema);
-    }
-    getUserById(userId) {
-        return tslib_1.__awaiter(this, void 0, void 0, function* () {
-            try {
-                let model = this.getModel();
-                this.context.log("UserId:", JSON.stringify(userId));
-                // Handle both string and SchemaObjectId inputs
-                let objectId;
-                if (typeof userId === 'string') {
-                    objectId = new mongoose_1.Types.ObjectId(userId);
-                }
-                else {
-                    // If it's already a SchemaObjectId, extract the string value
-                    const userIdString = userId.path || userId.toString();
-                    objectId = new mongoose_1.Types.ObjectId(userIdString);
-                }
-                this.context.log("ObjectId:", JSON.stringify(objectId));
-                const user = yield model.findById(objectId);
-                this.context.log("User:", JSON.stringify(user));
-                return user;
-            }
-            catch (error) {
-                this.context.error("Error in getUserById", error);
-                throw error;
-            }
-        });
-    }
-    getUserByBusinessId(businessId, email) {
-        return tslib_1.__awaiter(this, void 0, void 0, function* () {
-            try {
-                let model = this.getModel();
-                this.context.log("BusinessId:", JSON.stringify(businessId));
-                this.context.log("Email:", JSON.stringify(email));
-                if (!businessId)
-                    return null;
-                if (!email)
-                    return null;
-                businessId = businessId.toLowerCase();
-                businessId = businessId.trim();
-                email = email.toLowerCase();
-                email = email.trim();
-                // Handle both string and SchemaObjectId inputs
-                let objectId;
-                if (typeof businessId === 'string') {
-                    objectId = new mongoose_1.Types.ObjectId(businessId);
-                }
-                else {
-                    // If it's already a SchemaObjectId, extract the string value
-                    const businessIdString = businessId.path || businessId.toString();
-                    objectId = new mongoose_1.Types.ObjectId(businessIdString);
-                }
-                this.context.log("ObjectId:", JSON.stringify(objectId));
-                const user = yield model.findOne({ businessId: objectId, email: email });
-                this.context.log("User:", JSON.stringify(user));
-                return user;
-            }
-            catch (error) {
-                this.context.error("Error in getUserByBusinessId", error);
-                throw error;
-            }
-        });
-    }
-    getUserByEmail(email) {
-        return tslib_1.__awaiter(this, void 0, void 0, function* () {
-            try {
-                let model = this.getModel();
-                this.context.log("Email:", JSON.stringify(email));
-                email = email.toLowerCase();
-                email = email.trim();
-                const user = yield model.findOne({ email: email });
-                this.context.log("User:", JSON.stringify(user));
-                return user;
-            }
-            catch (error) {
-                this.context.error("Error in getUserByEmail", error);
-                throw error;
-            }
-        });
     }
 }
 exports.UserService = UserService;
-tslib_1.__decorate([
-    shared_1.WithDb,
-    tslib_1.__metadata("design:type", Function),
-    tslib_1.__metadata("design:paramtypes", [String]),
-    tslib_1.__metadata("design:returntype", Promise)
-], UserService.prototype, "getUserById", null);
-tslib_1.__decorate([
-    shared_1.WithDb,
-    tslib_1.__metadata("design:type", Function),
-    tslib_1.__metadata("design:paramtypes", [String, String]),
-    tslib_1.__metadata("design:returntype", Promise)
-], UserService.prototype, "getUserByBusinessId", null);
-tslib_1.__decorate([
-    shared_1.WithDb,
-    tslib_1.__metadata("design:type", Function),
-    tslib_1.__metadata("design:paramtypes", [String]),
-    tslib_1.__metadata("design:returntype", Promise)
-], UserService.prototype, "getUserByEmail", null);
 //# sourceMappingURL=user.service.js.map

package/build/src/service/user.service.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"user.service.js","sourceRoot":"","sources":["../../../src/service/user.service.ts"],"names":[],"mappings":"~~;;;;AAAA~~,~~uCAAiC;AAEjC,qDAAwD;AACxD,~~8CAAyD;AAEzD,MAAa,WAAY,SAAQ,qBAAY;~~IAGzC~~,YAAY,OAA0B,EAAE,KAAY;QAChD,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;~~QAFT~~,~~WAAM,GAAG,sBAAS,~~CAAC~~,MAAM,CAAC~~;~~IAG3C,CAAC~~;IAEO,QAAQ;QACd,MAAM,UAAU,GAAI,IAAY,CAAC,aAAa,EAAE,CAAC;QACjD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACzD,CAAC;QACD,OAAO,UAAU,CAAC,KAAK,CAAC,sBAAS,CAAC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5D,CAAC;IAGK,WAAW,CAAC,MAAc;;YAC5B,IAAI,CAAC;gBACD,IAAI,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC5B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;gBAEpD,+CAA+C;gBAC/C,IAAI,QAAwB,CAAC;gBAC7B,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;oBAC7B,QAAQ,GAAG,IAAI,gBAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBAC1C,CAAC;qBAAM,CAAC;oBACJ,6DAA6D;oBAC7D,MAAM,YAAY,GAAI,MAAc,CAAC,IAAI,IAAK,MAAc,CAAC,QAAQ,EAAE,CAAC;oBACxE,QAAQ,GAAG,IAAI,gBAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;gBAChD,CAAC;gBAED,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;gBACxD,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBAC5C,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;gBAChD,OAAO,IAAI,CAAC;YAChB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,sBAAsB,EAAE,KAAK,CAAC,CAAC;gBAClD,MAAM,KAAK,CAAC;YAChB,CAAC;QACL,CAAC;KAAA;IAGK,mBAAmB,CAAC,UAAkB,EAAE,KAAa;;YACvD,IAAI,CAAC;gBACD,IAAI,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC5B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC;gBAC5D,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;gBAElD,IAAG,CAAC,UAAU;oBAAE,OAAO,IAAI,CAAC;gBAC5B,IAAG,CAAC,KAAK;oBAAE,OAAO,IAAI,CAAC;gBAEvB,UAAU,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;gBACtC,UAAU,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;gBAE/B,KAAK,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;gBAC5B,KAAK,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;gBAErB,+CAA+C;gBAC/C,IAAI,QAAwB,CAAC;gBAC7B,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;oBACjC,QAAQ,GAAG,IAAI,gBAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;gBAC9C,CAAC;qBAAM,CAAC;oBACJ,6DAA6D;oBAC7D,MAAM,gBAAgB,GAAI,UAAkB,CAAC,IAAI,IAAK,UAAkB,CAAC,QAAQ,EAAE,CAAC;oBACpF,QAAQ,GAAG,IAAI,gBAAK,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;gBACpD,CAAC;gBAED,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;gBACxD,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;gBACzE,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;gBAChD,OAAO,IAAI,CAAC;YAChB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;gBAC1D,MAAM,KAAK,CAAC;YAChB,CAAC;QACL,CAAC;KAAA;IAGK,cAAc,CAAC,KAAa;;YAC9B,IAAI,CAAC;gBACD,IAAI,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC5B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;gBAElD,KAAK,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;gBAC5B,KAAK,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;gBACrB,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;gBACnD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;gBAChD,OAAO,IAAI,CAAC;YAChB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;gBACrD,MAAM,KAAK,CAAC;YAChB,CAAC;QACL,CAAC;KAAA;CACJ;AA7FD,kCA6FC~~;AA7ES;IADL,eAAM;;;;8CAwBN;AAGK;IADL,eAAM;;;;sDAkCN;AAGK;IADL,eAAM;;;;iDAeN~~"}
1	+ {"version":3,"file":"user.service.js","sourceRoot":"","sources":["../../../src/service/user.service.ts"],"names":[],"mappings":";;;AAKA,8CAAyD;AAEzD,MAAa,WAAY,SAAQ,qBAAY;IAEzC,8CAA8C;IAC9C,YAAY,OAA0B,EAAE,KAAY;QAChD,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC1B,CAAC;CAwFJ;AA7FD,kCA6FC"}

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@culturefy/shared",
   "description": "Shared utilities for culturefy serverless services",
-  "version": "1.0.32",
+  "version": "1.0.34",
   "main": "build/cjs/index.js",
   "module": "build/esm/index.js",
   "types": "build/src/index.d.ts",

package/src/enums/secretKeys.enum.ts CHANGED Viewed

@@ -26,4 +26,5 @@ export enum AzureSecretKeysEnum {
   HMS_ACCESS_KEY="MEETING-HMS-ACCESS-KEY-APP-SECRET",
   MEETING_ROOM_APP_SECRET="MEETING-ROOM-APP-SECRET",
   BASE_DB_CLUSTER_CONNECTING_STRING_CHAT = "BASE-DB-CLUSTER-CONNECTING-STRING-CHAT",
+  AUTH_SERVICE_AUTHENTICATION_URL = "AUTH-SERVICE-AUTHENTICATION-URL",
 }

package/src/middlewares/token-validation.ts CHANGED Viewed

@@ -1,10 +1,8 @@
 import IUser from "../models/user.model";
 import { AzureSecretKeysEnum } from "../enums";
-import { UserService } from "../service/user.service";
+import { getAzureVaultSecretByKey } from "../utils";
 import { HttpRequest, InvocationContext } from "@azure/functions";
-import { KeycloakAdminService } from "../service/keycloak.service";
-import { getAzureVaultSecretByKey, parseCookies, verifyJsonWebToken } from "../utils";
 interface TokenValidationResult {
     status: boolean;
@@ -20,437 +18,26 @@ interface TokenValidationResult {
     };
 }
-interface TokenClaims {
-    iat?: number;
-    exp?: number;
-    sub: string;
-    azp: string;
-    iss: string;
-    email: string;
-}
-export async function tokenValidation(request: HttpRequest, domain: string, context: InvocationContext): Promise<TokenValidationResult> {
-    try {
-        let cookies = parseCookies(request, context);
-        let accessToken = cookies["culturefy-auth-token"];
-        let refreshToken = cookies["culturefy-refresh-token"];
-        let expiresIn, refreshExpiresIn;
-        if (!accessToken) return { status: false, message: "Access token is required" };
-        const keycloakService = await initializeKeycloakService(context);
-        const tokenValidation = await validateToken(accessToken, context);
-        if (!tokenValidation.success) {
-            if (tokenValidation.expired) {
-                const { data } = tokenValidation;
-                if (!data) return { status: false, message: "Invalid access token." };
-                let { userId, clientId, realm, email } = data;
-                if (!clientId) return { status: false, message: "Invalid access token provided" };
-                if (!userId) return { status: false, message: "Invalid access token provided" };
-                if (!realm) return { status: false, message: "Invalid access token provided" };
-                context.log("Refreshing token for user:", JSON.stringify({ userId, clientId, realm, email }));
-                const refreshTokenResponse = await handleTokenRefresh(keycloakService, refreshToken, userId, clientId, realm, email, domain, context);
-                if (!refreshTokenResponse.success) return { status: false, message: refreshTokenResponse.message };
-                const { data: refreshTokenData } = refreshTokenResponse;
-                if (!refreshTokenData) return { status: false, message: "Invalid refresh token." };
-                context.log("Refreshed token for user:", JSON.stringify({ userId, clientId, realm, email }));
-                accessToken = refreshTokenData.access_token;
-                refreshToken = refreshTokenData.refresh_token;
-                expiresIn = refreshTokenData.expires_in;
-                refreshExpiresIn = refreshTokenData.refresh_expires_in;
-            } else {
-                return { status: false, message: tokenValidation.message };
-            }
-        }
-        const { data } = tokenValidation;
-        if (!data) return { status: false, message: "Invalid access token." };
-        let { userId, clientId, realm, email } = data;
-        if (!clientId) return { status: false, message: "Invalid access token provided" };
-        if (!userId) return { status: false, message: "Invalid access token provided" };
-        if (!realm) return { status: false, message: "Invalid access token provided" };
-        if (!email) return { status: false, message: "Invalid access token provided" };
-        context.log("Validating user:", JSON.stringify({ userId, clientId, realm, email }));
-        let verifyFromDb;
-        let userInfo;
-        if(domain === "accounts.culturefy.app") {
-            const introspectionValid = await validateTokenIntrospection(
-                keycloakService,
-                accessToken,
-                realm,
-                clientId,
-                domain,
-                context
-            );
-            if (!introspectionValid) return { status: false, message: "Token introspection failed" };
-            context.log("Token introspection successful");
-            realm = "superadmin";
-            clientId = "cfy-superadmin-web";
-            userInfo = await keycloakService.getUserByToken(realm, accessToken);
-            context.log("User info-1:", JSON.stringify(userInfo));
-            if(!userInfo.email) return { status: false, message: "User email not found" };
-            if(userInfo.email !== email) return { status: false, message: "User email does not match" };
-            email = userInfo.email;
-            verifyFromDb = await validateUserByEmail(email, context);
-            if (!verifyFromDb.success) return { status: false, message: verifyFromDb.message };
-        } else {
-            clientId = "cfy-web";
-            verifyFromDb = await validateUserByRealm(realm, email, context);
-        }
-        if (!verifyFromDb.success) return { status: false, message: verifyFromDb.message };
-        const user = verifyFromDb.user;
-        if (!user) return { status: false, message: "User not found." };
-        context.log("User:", JSON.stringify(user));
-        const introspectionValid = await validateTokenIntrospection(
-            keycloakService,
-            accessToken,
-            realm,
-            clientId,
-            domain,
-            context
-        );
-        if (!introspectionValid) return { status: false, message: "Token introspection failed" };
-        context.log("Token introspection successful");
-        if (domain === "accounts.culturefy.app") {
-            realm = "superadmin";
-            clientId = "cfy-superadmin-web";
-        } else {
-            if(!user.businessId) return { status: false, message: "User not found" };
-            realm = user.businessId.toString();
-            clientId = "cfy-web";
-        }
-        if(!userInfo) {
-            userInfo = await keycloakService.getUserByToken(realm, accessToken);
-            context.log("User info-2:", JSON.stringify(userInfo));
-        }
-        if(!userInfo) return { status: false, message: "User info not found" };
-        let updatedCookies: {
-            access_token: string;
-            refresh_token: string;
-            expires_in?: number;
-            refresh_expires_in?: number;
-        } = {
-            access_token: accessToken,
-            refresh_token: refreshToken,
-        };
-        if(expiresIn) updatedCookies.expires_in = expiresIn;
-        if(refreshExpiresIn) updatedCookies.refresh_expires_in = refreshExpiresIn;
-        return {
-            status: true,
-            message: "Token is valid",
-            data: {
-                cookies: updatedCookies,
-                user: user
-            }
-        };
-    } catch (error) {
-        context.error("Culturefy token validation error:", error);
-        return { status: false, message: "Internal server error during culturefy token validation" };
-    }
-}
-async function initializeKeycloakService(context: InvocationContext): Promise<KeycloakAdminService> {
-    const [keycloakBaseUrl, keycloakAdminClientId, keycloakAdminClientSecret] = await Promise.all([
-        getAzureVaultSecretByKey(
-            context,
-            process.env.AZURE_KEY_VAULT_NAME || "",
-            AzureSecretKeysEnum.KEYCLOAK_BASE_URL
-        ),
-        getAzureVaultSecretByKey(
-            context,
-            process.env.AZURE_KEY_VAULT_NAME || "",
-            AzureSecretKeysEnum.KEYCLOAK_ADMIN_CLIENT_ID
-        ),
-        getAzureVaultSecretByKey(
-            context,
-            process.env.AZURE_KEY_VAULT_NAME || "",
-            AzureSecretKeysEnum.KEYCLOAK_ADMIN_CLIENT_SECRET
-        )
-    ]);
-    return new KeycloakAdminService(context, {
-        baseUrl: keycloakBaseUrl as string,
-        adminClientId: keycloakAdminClientId as string,
-        adminClientSecret: keycloakAdminClientSecret as string
-    });
-}
-async function validateToken(
-    accessToken: string,
-    context: InvocationContext
-): Promise<{
-    success: boolean;
-    message: string;
-    expired?: boolean;
-    data?: {
-        userId: string;
-        clientId: string;
-        realm: string;
-        email: string;
-    };
-}> {
-    const currentTime = Math.floor(Date.now() / 1000);
-    const decoded = verifyJsonWebToken(accessToken);
-    if (!decoded) return { success: false, message: "Invalid access token format" };
-    let { iat, exp, sub: userId, azp: clientId, iss, email } = decoded as TokenClaims;
-    if (!userId || !clientId || !iss) return { success: false, message: "Access token missing required claims (sub or azp or iss)" };
-    context.log("Access token claims:", JSON.stringify(decoded));
-    let realm = iss.split("/")[iss.split("/").length - 1];
-    if(!realm) return { success: false, message: "Access token missing required claims (iss)" };
-    if (exp && exp < currentTime) return { success: false, message: "Access token expired and refresh token not provided", expired: true, data: { userId, clientId, realm, email } };
-    if (iat && iat > currentTime) return { success: false, message: "Invalid token issuance time" };
-    return {
-        success: true,
-        message: "Token is valid",
-        data: { userId, clientId, realm, email }
-    };
-}
-async function handleTokenRefresh(
-    keycloakService: KeycloakAdminService,
-    refreshToken: string,
-    userId: string,
-    clientId: string,
-    realm: string,
-    email: string,
-    domain: string,
-    context: InvocationContext
-): Promise<{
-    success: boolean;
-    message: string;
-    data?: {
-        access_token: string;
-        expires_in: number;
-        refresh_token: string;
-        refresh_expires_in: number;
-    };
-}> {
-    const currentTime = Math.floor(Date.now() / 1000);
-    if(!clientId) return { success: false, message: "Client ID is missing" };
-    if(!userId) return { success: false, message: "User ID is missing" };
-    if(!realm) return { success: false, message: "Realm is missing" };
-    if(!refreshToken) return { success: false, message: "Refresh token is missing" };
-    if(!email) return { success: false, message: "Email is missing" };
-    if(!domain) return { success: false, message: "Domain is missing" };
-    context.info("values:", {clientId, userId, realm, email, domain});
-    const refreshTokenDecoded = verifyJsonWebToken(refreshToken);
-    if (!refreshTokenDecoded) return { success: false, message: "Invalid refresh token format" };
-    let { iss: refreshIss } = refreshTokenDecoded as TokenClaims;
-    refreshIss = refreshIss.split("/")[refreshIss.split("/").length - 1];
-    const { iat: refreshIat, exp: refreshExp, sub: refreshUserId, azp: refreshClientId, email: refreshEmail } = refreshTokenDecoded as TokenClaims;
-    context.info("refreshTokenDecoded:", JSON.stringify({refreshUserId, refreshClientId, refreshIss, refreshEmail}));
-    if (!refreshUserId || !refreshClientId || !refreshIss) return { success: false, message: "Refresh token missing required claims (sub or azp or iss)" };
-    if (refreshExp && refreshExp < currentTime) return { success: false, message: "Refresh token has expired" };
-    if (refreshIat && refreshIat > currentTime) return { success: false, message: "Invalid refresh token issuance time" };
-    if (refreshUserId !== userId || refreshClientId !== clientId || refreshIss !== realm || refreshEmail !== email) return { success: false, message: "Refresh token does not match access token user" };
-    if(domain === "accounts.culturefy.app") {
-        realm = "superadmin";
-        clientId = "cfy-superadmin-web";
-    } else {
-        realm = realm;
-        clientId = "cfy-web";
-    }
-    const newToken = await keycloakService.refreshToken(realm, clientId, refreshToken);
-    if (!newToken) return { success: false, message: "Failed to refresh access token" };
-    const newTokenDecoded = verifyJsonWebToken(newToken.access_token);
-    if (!newTokenDecoded) return { success: false, message: "Invalid new token format" };
-    const { iat: newIat, exp: newExp, sub: newUserId, azp: newClientId, iss: newIss, email: newEmail } = newTokenDecoded as TokenClaims;
-    if (!newUserId || !newClientId || !newIss || !newEmail) return { success: false, message: "New token missing required claims (sub or azp or iss or email)" };
-    if (newExp && newExp < currentTime) return { success: false, message: "New token has expired" };
-    if (newIat && newIat > currentTime) return { success: false, message: "Invalid new token issuance time" };
-    context.info("Token refreshed successfully for user:", userId);
-    return {
-        success: true,
-        message: "Token refreshed successfully",
-        data: {
-            access_token: newToken.access_token, expires_in: newToken.expires_in,
-            refresh_token: newToken.refresh_token, refresh_expires_in: newToken.refresh_expires_in
-        }
-    };
-}
-async function validateUserByRealm(
-    realm: string,
-    email: string,
-    context: InvocationContext
-): Promise<{
-    success: boolean;
-    message: string;
-    user?: any;
-}> {
-    try {
-        const authDbUrl = await getAzureVaultSecretByKey(
-            context,
-            process.env.AZURE_KEY_VAULT_NAME || "",
-            AzureSecretKeysEnum.DB_CONNECTING_STRING_USER
-        );
-        const userService = new UserService(context, authDbUrl);
-        let user = null;
-        context.log("Getting user by realm:", realm);
-        try {
-            user = await userService.getUserByBusinessId(realm, email);
-        } catch (err: any) {
-            context.error(`Failed to get user by realm:`, err);
-            return { success: false, message: "User not found.." };
-        }
-        context.log("User:", JSON.stringify(user));
-        if (!user) return { success: false, message: "User not found..." };
-        await userService.disconnect();
-        return { success: true, message: "User validation successful", user };
-    } catch (error) {
-        context.error("User validation error:", error);
-        return { success: false, message: "Error validating user information" };
-    }
-}
-async function validateUserByEmail(
-    email: string,
-    context: InvocationContext
-): Promise<{
-    success: boolean;
-    message: string;
-    user?: any;
-}> {
+export async function tokenValidation(request: HttpRequest, context: InvocationContext): Promise<TokenValidationResult> {
     try {
-        const authDbUrl = await getAzureVaultSecretByKey(
-            context,
-            process.env.AZURE_KEY_VAULT_NAME || "",
-            AzureSecretKeysEnum.DB_CONNECTING_STRING_USER
-        );
-        const userService = new UserService(context, authDbUrl);
-        let user = null;
-        context.log("Getting user by email:", email);
-        try {
-            user = await userService.getUserByEmail(email);
-        } catch (err: any) {
-            context.error(`Failed to get user by email:`, err);
-            return { success: false, message: "User not found.." };
+        const url = await getAzureVaultSecretByKey(context, process.env.AZURE_KEY_VAULT_NAME || "", AzureSecretKeysEnum.AUTH_SERVICE_AUTHENTICATION_URL);
+        if(!url) {
+            return { status: false, message: "Auth service authenticaion API url not found" };
         }
-        context.log("User:", JSON.stringify(user));
-        if (!user) return { success: false, message: "User not found..." };
-        await userService.disconnect();
-        return { success: true, message: "User validation successful", user };
-    } catch (error) {
-        context.error("User validation error:", error);
-        return { success: false, message: "Error validating user information" };
-    }
-}
-async function validateTokenIntrospection(
-    keycloakService: KeycloakAdminService,
-    token: string,
-    realm: string,
-    clientId: string,
-    domain: string,
-    context: InvocationContext
-): Promise<boolean> {
-    try {
-        if(!realm) return false;
-        if(!clientId) return false;
-        if(!token) return false;
+        context.log(`Auth service authentication API url: ${url}`);
-        if (domain === "accounts.culturefy.app") {
-            realm = "superadmin";
-            clientId = "cfy-superadmin-web";
-        } else {
-            realm = realm;
-            clientId = "cfy-web";
-        }
-        context.info("Validating token with Keycloak introspection");
-        const introspection = await keycloakService.introspectToken(realm, clientId, token);
-        if (!introspection.active) {
-            context.warn("Token introspection returned inactive token");
-            return false;
-        }
-        context.info("Token introspection successful - token is active");
-        return true;
-    } catch (error: any) {
-        context.error("Token introspection error:", error);
-        if (error.message?.includes('Client not allowed')) {
-            context.warn("Admin-cli client does not have introspection permissions - this is expected");
-            return true;
-        }
-        if (error.message?.includes('Invalid token')) return false;
-        if (error.message?.includes('Token is not active')) return false;
-        return false;
+        const response = await fetch(url, {
+            method: "GET",
+            headers: request.headers
+        });
+        const data = await response.json();
+        return { status: true, message: "Token validation successful", data: {
+            cookies: data.cookies,
+            user: data.user
+        } };
+    } catch (error:any) {
+        context.error("Culturefy token validation error:", error);
+        return { status: false, message: error.message || "Internal server error during culturefy token validation" };
     }
 }