@equilateral_ai/mindmeld 3.5.3 → 4.0.1

package/src/handlers/collaborators/collaboratorRemove.js

@@ -1,128 +0,0 @@
-/**
- * Collaborator Remove Handler
- * Removes a collaborator from a project
- *
- * DELETE /api/collaborators?project_id=xxx&email=xxx
- * Auth: Cognito JWT required
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError } = require('./helpers');
-
-/**
- * Remove collaborator from project
- * Requires owner or admin role on project
- * Owners cannot be removed (must transfer ownership first)
- */
-async function removeCollaborator({ queryStringParameters: queryParams = {}, requestContext }) {
-    try {
-        const Request_ID = requestContext.requestId;
-        const removerEmail = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
-        const projectId = queryParams.project_id;
-        const collaboratorEmail = queryParams.email;
-
-        if (!removerEmail) {
-            return createErrorResponse(401, 'Authentication required');
-        }
-
-        if (!projectId) {
-            return createErrorResponse(400, 'projectId is required');
-        }
-
-        if (!collaboratorEmail) {
-            return createErrorResponse(400, 'email is required');
-        }
-
-        // Decode email from URL (may be URL encoded)
-        const targetEmail = decodeURIComponent(collaboratorEmail);
-
-        // Check remover has permission and get billing info
-        const accessQuery = `
-            SELECT
-                pc.role,
-                c.client_id,
-                c.billing_type
-            FROM rapport.project_collaborators pc
-            JOIN rapport.projects p ON pc.project_id = p.project_id
-            JOIN rapport.clients c ON p.company_id = c.client_id
-            WHERE pc.project_id = $1 AND pc.email_address = $2
-        `;
-        const accessCheck = await executeQuery(accessQuery, [projectId, removerEmail]);
-
-        if (accessCheck.rowCount === 0) {
-            return createErrorResponse(403, 'You do not have access to this project');
-        }
-
-        const { role: removerRole, client_id, billing_type } = accessCheck.rows[0];
-        const isSelfRemoval = removerEmail.toLowerCase() === targetEmail.toLowerCase();
-
-        // Allow self-removal for anyone except owner
-        // Only owner/admin can remove others
-        if (!isSelfRemoval && removerRole !== 'owner' && removerRole !== 'admin') {
-            return createErrorResponse(403, 'Only project owners and admins can remove collaborators');
-        }
-
-        // Check target collaborator exists and get their role
-        const targetQuery = `
-            SELECT role FROM rapport.project_collaborators
-            WHERE project_id = $1 AND email_address = $2
-        `;
-        const targetCheck = await executeQuery(targetQuery, [projectId, targetEmail]);
-
-        if (targetCheck.rowCount === 0) {
-            return createErrorResponse(404, 'Collaborator not found on this project');
-        }
-
-        const targetRole = targetCheck.rows[0].role;
-
-        // Prevent removing owner
-        if (targetRole === 'owner') {
-            return createErrorResponse(400, 'Cannot remove project owner. Transfer ownership first.');
-        }
-
-        // Prevent admin from removing another admin (only owner can)
-        if (targetRole === 'admin' && removerRole !== 'owner') {
-            return createErrorResponse(403, 'Only project owner can remove admins');
-        }
-
-        // Remove collaborator
-        const deleteQuery = `
-            DELETE FROM rapport.project_collaborators
-            WHERE project_id = $1 AND email_address = $2
-            RETURNING project_id, email_address, role
-        `;
-
-        const result = await executeQuery(deleteQuery, [projectId, targetEmail]);
-
-        // For enterprise invoice billing, decrement billable_users count
-        if (billing_type === 'invoice' && client_id) {
-            await executeQuery(`
-                UPDATE rapport.clients
-                SET billable_users = GREATEST(COALESCE(billable_users, 0) - 1, 0),
-                    last_updated = NOW()
-                WHERE client_id = $1
-            `, [client_id]);
-        }
-
-        return createSuccessResponse(
-            {
-                Records: [{
-                    ...result.rows[0],
-                    removed_by: removerEmail,
-                    removed_at: new Date().toISOString()
-                }]
-            },
-            isSelfRemoval ? 'You have left the project' : 'Collaborator removed',
-            {
-                Total_Records: 1,
-                Request_ID,
-                Timestamp: new Date().toISOString()
-            }
-        );
-
-    } catch (error) {
-        console.error('Handler Error:', error);
-        return handleError(error);
-    }
-}
-
-exports.handler = wrapHandler(removeCollaborator);

package/src/handlers/collaborators/inviteAccept.js

@@ -1,122 +0,0 @@
-/**
- * Invite Accept Handler
- * Accepts a collaboration invitation via token
- *
- * POST /api/invites/accept
- * Body: { token }
- * Auth: Cognito JWT required (user must be logged in)
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError } = require('./helpers');
-
-/**
- * Accept collaboration invitation
- * User must be authenticated and email must match invite
- */
-async function acceptInvite({ body: requestBody = {}, requestContext }) {
-    try {
-        const Request_ID = requestContext.requestId;
-        const userEmail = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
-        const { token } = requestBody;
-
-        if (!userEmail) {
-            return createErrorResponse(401, 'Authentication required. Please sign in first.');
-        }
-
-        if (!token) {
-            return createErrorResponse(400, 'Invite token is required');
-        }
-
-        // Find invite by token
-        const inviteQuery = `
-            SELECT
-                pc.project_id,
-                pc.email_address,
-                pc.role,
-                pc.invited_by,
-                pc.invited_at,
-                pc.accepted_at,
-                p.project_name,
-                p.description,
-                p.company_id
-            FROM rapport.project_collaborators pc
-            JOIN rapport.projects p ON p.project_id = pc.project_id
-            WHERE pc.invite_token = $1
-        `;
-        const inviteCheck = await executeQuery(inviteQuery, [token]);
-
-        if (inviteCheck.rowCount === 0) {
-            return createErrorResponse(404, 'Invalid or expired invite token');
-        }
-
-        const invite = inviteCheck.rows[0];
-
-        // Check if already accepted
-        if (invite.accepted_at) {
-            return createErrorResponse(400, 'This invitation has already been accepted');
-        }
-
-        // Verify email matches (case insensitive)
-        if (invite.email_address.toLowerCase() !== userEmail.toLowerCase()) {
-            return createErrorResponse(403,
-                'This invitation was sent to a different email address. ' +
-                'Please sign in with the email the invite was sent to.'
-            );
-        }
-
-        // Check if invite is expired (7 days)
-        const invitedAt = new Date(invite.invited_at);
-        const now = new Date();
-        const daysSinceInvite = (now - invitedAt) / (1000 * 60 * 60 * 24);
-
-        if (daysSinceInvite > 7) {
-            return createErrorResponse(410, 'This invitation has expired. Please ask for a new invite.');
-        }
-
-        // Accept the invite
-        const acceptQuery = `
-            UPDATE rapport.project_collaborators
-            SET
-                accepted_at = NOW(),
-                invite_token = NULL,
-                is_external = false
-            WHERE project_id = $1 AND email_address = $2
-            RETURNING project_id, email_address, role, accepted_at
-        `;
-        const acceptResult = await executeQuery(acceptQuery, [invite.project_id, invite.email_address]);
-
-        // Ensure user exists in users table
-        await executeQuery(`
-            INSERT INTO rapport.users (email_address, client_id, active, created_at)
-            VALUES ($1, $2, true, NOW())
-            ON CONFLICT (email_address) DO UPDATE SET
-                active = true,
-                updated_at = NOW()
-        `, [userEmail, invite.company_id]);
-
-        return createSuccessResponse(
-            {
-                Records: [{
-                    project_id: invite.project_id,
-                    project_name: invite.project_name,
-                    description: invite.description,
-                    role: invite.role,
-                    accepted_at: acceptResult.rows[0].accepted_at,
-                    invited_by: invite.invited_by
-                }]
-            },
-            `Welcome to ${invite.project_name}!`,
-            {
-                Total_Records: 1,
-                Request_ID,
-                Timestamp: new Date().toISOString()
-            }
-        );
-
-    } catch (error) {
-        console.error('Handler Error:', error);
-        return handleError(error);
-    }
-}
-
-exports.handler = wrapHandler(acceptInvite);

package/src/handlers/company/companyUsersDelete.js

@@ -1,141 +0,0 @@
-/**
- * Company Users Remove Handler
- * Removes a user's entitlement from a company
- * If the user was admin-paid, decrements license count and updates Stripe subscription quantity
- *
- * DELETE /api/company/users?company_id=xxx&email=xxx
- * Auth: Cognito JWT required
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError } = require('./helpers');
-const Stripe = require('stripe');
-
-const stripe = new Stripe(process.env.STRIPE_SECRET_KEY);
-
-/**
- * Remove user from company
- * Requires admin access to the company
- */
-async function removeCompanyUser({ queryStringParameters: queryParams = {}, requestContext }) {
-    try {
-        const Request_ID = requestContext.requestId;
-        const callerEmail = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
-        const companyId = queryParams.company_id;
-        const targetEmail = queryParams.email;
-
-        if (!callerEmail) {
-            return createErrorResponse(401, 'Authentication required');
-        }
-
-        if (!companyId || !targetEmail) {
-            return createErrorResponse(400, 'company_id and email query parameters are required');
-        }
-
-        // Prevent self-removal
-        if (targetEmail === callerEmail) {
-            return createErrorResponse(400, 'Cannot remove yourself from the company');
-        }
-
-        // Verify caller is admin of this company
-        const adminQuery = `
-            SELECT admin, client_id FROM rapport.user_entitlements
-            WHERE email_address = $1 AND company_id = $2
-        `;
-        const adminCheck = await executeQuery(adminQuery, [callerEmail, companyId]);
-
-        if (adminCheck.rowCount === 0 || !adminCheck.rows[0].admin) {
-            return createErrorResponse(403, 'Admin access required to remove users');
-        }
-
-        const clientId = adminCheck.rows[0].client_id;
-
-        // Check the target user's billing_type before deleting
-        const targetQuery = `
-            SELECT billing_type FROM rapport.user_entitlements
-            WHERE email_address = $1 AND company_id = $2
-        `;
-        const targetResult = await executeQuery(targetQuery, [targetEmail, companyId]);
-
-        if (targetResult.rowCount === 0) {
-            return createErrorResponse(404, `User ${targetEmail} not found in this company`);
-        }
-
-        const billingType = targetResult.rows[0].billing_type;
-
-        // If admin-paid, decrement license count and update Stripe
-        let stripeUpdated = false;
-        if (billingType === 'admin_paid') {
-            // Get client's Stripe subscription
-            const clientQuery = `
-                SELECT stripe_subscription_id, license_count
-                FROM rapport.clients WHERE client_id = $1
-            `;
-            const clientResult = await executeQuery(clientQuery, [clientId]);
-            const clientRecord = clientResult.rows[0];
-
-            if (clientRecord?.stripe_subscription_id) {
-                // Decrement license_count (minimum 1 — the admin's own license)
-                const updateResult = await executeQuery(`
-                    UPDATE rapport.clients
-                    SET license_count = GREATEST(COALESCE(license_count, 1) - 1, 1), last_updated = CURRENT_TIMESTAMP
-                    WHERE client_id = $1
-                    RETURNING license_count
-                `, [clientId]);
-                const newLicenseCount = updateResult.rows[0].license_count;
-
-                // Update Stripe subscription quantity
-                try {
-                    const subscription = await stripe.subscriptions.retrieve(clientRecord.stripe_subscription_id);
-                    const item = subscription.items.data[0];
-                    if (item) {
-                        await stripe.subscriptions.update(clientRecord.stripe_subscription_id, {
-                            items: [{ id: item.id, quantity: newLicenseCount }],
-                            proration_behavior: 'none'
-                        });
-                        stripeUpdated = true;
-                        console.log(`[License] Decreased Stripe quantity to ${newLicenseCount} for ${clientId}`);
-                    }
-                } catch (stripeError) {
-                    console.error('[License] Stripe update failed on removal:', stripeError.message);
-                    // Revert license_count since Stripe failed
-                    await executeQuery(`
-                        UPDATE rapport.clients
-                        SET license_count = COALESCE(license_count, 0) + 1, last_updated = CURRENT_TIMESTAMP
-                        WHERE client_id = $1
-                    `, [clientId]);
-                    return createErrorResponse(500, 'Failed to update subscription. Please try again or contact support.');
-                }
-            }
-        }
-
-        // Delete the entitlement
-        const deleteQuery = `
-            DELETE FROM rapport.user_entitlements
-            WHERE email_address = $1 AND company_id = $2
-            RETURNING email_address
-        `;
-        const result = await executeQuery(deleteQuery, [targetEmail, companyId]);
-
-        const message = billingType === 'admin_paid'
-            ? `User ${targetEmail} removed and license released${stripeUpdated ? '' : ' (Stripe update pending)'}`
-            : `User ${targetEmail} removed from company`;
-
-        return createSuccessResponse(
-            { Records: result.rows },
-            message,
-            {
-                Total_Records: result.rowCount,
-                Request_ID,
-                Timestamp: new Date().toISOString(),
-                license_released: billingType === 'admin_paid',
-                stripe_updated: stripeUpdated
-            }
-        );
-
-    } catch (error) {
-        console.error('Handler Error:', error);
-        return handleError(error);
-    }
-}
-
-exports.handler = wrapHandler(removeCompanyUser);

package/src/handlers/company/companyUsersGet.js

@@ -1,90 +0,0 @@
-/**
- * Company Users List Handler
- * Lists all users (entitlements) for a company
- *
- * GET /api/company/users?company_id=xxx
- * Auth: Cognito JWT required
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError } = require('./helpers');
-
-/**
- * List company users
- * Requires member access to the company
- */
-async function listCompanyUsers({ queryStringParameters: queryParams = {}, requestContext }) {
-    try {
-        const Request_ID = requestContext.requestId;
-        const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
-        const companyId = queryParams.company_id;
-
-        if (!email) {
-            return createErrorResponse(401, 'Authentication required');
-        }
-
-        if (!companyId) {
-            return createErrorResponse(400, 'company_id query parameter is required');
-        }
-
-        // Verify caller has access to this company
-        const accessQuery = `
-            SELECT admin, member
-            FROM rapport.user_entitlements
-            WHERE email_address = $1 AND company_id = $2
-        `;
-        const accessCheck = await executeQuery(accessQuery, [email, companyId]);
-
-        if (accessCheck.rowCount === 0) {
-            return createErrorResponse(403, 'You do not have access to this company');
-        }
-
-        // Get all users for the company
-        const query = `
-            SELECT
-                ue.email_address,
-                ue.admin,
-                ue.member,
-                ue.client_id,
-                ue.company_id,
-                ue.billing_type,
-                u.first_name,
-                u.last_name,
-                u.user_status,
-                u.create_date,
-                u.last_updated
-            FROM rapport.user_entitlements ue
-            LEFT JOIN rapport.users u ON u.email_address = ue.email_address
-            WHERE ue.company_id = $1
-            ORDER BY ue.admin DESC, u.create_date ASC
-        `;
-        const result = await executeQuery(query, [companyId]);
-
-        const users = result.rows.map(row => ({
-            email: row.email_address,
-            display_name: [row.first_name, row.last_name].filter(Boolean).join(' ') || null,
-            role: row.admin ? 'admin' : 'member',
-            status: row.user_status || 'active',
-            billing_type: row.billing_type || 'self_paid',
-            created_at: row.create_date,
-            last_active: row.last_updated,
-            client_id: row.client_id,
-            company_id: row.company_id,
-        }));
-
-        return createSuccessResponse(
-            { Records: users },
-            `Found ${users.length} user(s)`,
-            {
-                Total_Records: users.length,
-                Request_ID,
-                Timestamp: new Date().toISOString()
-            }
-        );
-
-    } catch (error) {
-        console.error('Handler Error:', error);
-        return handleError(error);
-    }
-}
-
-exports.handler = wrapHandler(listCompanyUsers);