@forklaunch/implementation-iam-base 0.1.0

package/schemas/zod/organization.schema.ts

@@ -0,0 +1,49 @@
+import { IdiomaticSchema, LiteralSchema } from '@forklaunch/validator';
+import {
+  array,
+  date,
+  enum_,
+  optional,
+  string,
+  unknown,
+  uuid,
+  ZodSchemaValidator
+} from '@forklaunch/validator/zod';
+
+export const CreateOrganizationSchema = {
+  name: string,
+  domain: string,
+  subscription: string,
+  logoUrl: optional(string),
+  extraFields: optional(unknown)
+};
+
+export const UpdateOrganizationSchema = (uuidId: boolean) => ({
+  id: uuidId ? uuid : string,
+  name: optional(string),
+  domain: optional(string),
+  subscription: optional(string),
+  logoUrl: optional(string),
+  extraFields: optional(unknown)
+});
+
+export const OrganizationSchema =
+  (uuidId: boolean) =>
+  <
+    UserDtoSchema extends IdiomaticSchema<ZodSchemaValidator>,
+    OrganizationStatus extends Record<string, LiteralSchema>
+  >(
+    UserDtoSchema: UserDtoSchema,
+    OrganizationStatus: OrganizationStatus
+  ) => ({
+    id: uuidId ? uuid : string,
+    name: string,
+    users: array(UserDtoSchema),
+    domain: string,
+    subscription: string,
+    status: enum_(OrganizationStatus),
+    logoUrl: optional(string),
+    extraFields: optional(unknown),
+    createdAt: optional(date),
+    updatedAt: optional(date)
+  });

package/schemas/zod/permission.schema.ts

@@ -0,0 +1,30 @@
+import {
+  array,
+  date,
+  optional,
+  string,
+  unknown,
+  uuid
+} from '@forklaunch/validator/zod';
+
+export const CreatePermissionSchema = {
+  slug: string,
+  addToRolesIds: optional(array(string)),
+  extraFields: optional(unknown)
+};
+
+export const UpdatePermissionSchema = (uuidId: boolean) => ({
+  id: uuidId ? uuid : string,
+  slug: optional(string),
+  extraFields: optional(unknown),
+  addToRolesIds: optional(array(string)),
+  removeFromRolesIds: optional(array(string))
+});
+
+export const PermissionSchema = (uuidId: boolean) => ({
+  id: uuidId ? uuid : string,
+  slug: string,
+  extraFields: optional(unknown),
+  createdAt: optional(date),
+  updatedAt: optional(date)
+});

package/schemas/zod/role.schema.ts

@@ -0,0 +1,36 @@
+import { IdiomaticSchema } from '@forklaunch/validator';
+import {
+  array,
+  date,
+  optional,
+  string,
+  unknown,
+  uuid,
+  ZodSchemaValidator
+} from '@forklaunch/validator/zod';
+
+export const CreateRoleSchema = {
+  name: string,
+  permissionIds: optional(array(string)),
+  extraFields: optional(unknown)
+};
+
+export const UpdateRoleSchema = (uuidId: boolean) => ({
+  id: uuidId ? uuid : string,
+  name: optional(string),
+  permissionIds: optional(array(string)),
+  extraFields: optional(unknown)
+});
+
+export const RoleSchema =
+  (uuidId: boolean) =>
+  <PermissionSchema extends IdiomaticSchema<ZodSchemaValidator>>(
+    PermissionSchema: PermissionSchema
+  ) => ({
+    id: uuidId ? uuid : string,
+    name: string,
+    permissions: array(PermissionSchema),
+    extraFields: optional(unknown),
+    createdAt: optional(date),
+    updatedAt: optional(date)
+  });

package/schemas/zod/user.schema.ts

@@ -0,0 +1,52 @@
+import { IdiomaticSchema } from '@forklaunch/validator';
+import {
+  array,
+  date,
+  email,
+  optional,
+  string,
+  unknown,
+  uuid,
+  ZodSchemaValidator
+} from '@forklaunch/validator/zod';
+
+export const CreateUserSchema = {
+  email: email,
+  password: string,
+  firstName: string,
+  lastName: string,
+  organizationId: string,
+  roleIds: array(string),
+  phoneNumber: optional(string),
+  subscription: optional(string),
+  extraFields: optional(unknown)
+};
+
+export const UpdateUserSchema = (uuidId: boolean) => ({
+  id: uuidId ? uuid : string,
+  email: optional(email),
+  password: optional(string),
+  firstName: optional(string),
+  lastName: optional(string),
+  roleIds: optional(array(string)),
+  phoneNumber: optional(string),
+  subscription: optional(string),
+  extraFields: optional(unknown)
+});
+
+export const UserSchema =
+  (uuidId: boolean) =>
+  <RoleDtoSchema extends IdiomaticSchema<ZodSchemaValidator>>(
+    RoleDtoSchema: RoleDtoSchema
+  ) => ({
+    id: uuidId ? uuid : string,
+    email: email,
+    firstName: string,
+    lastName: string,
+    roles: array(RoleDtoSchema),
+    phoneNumber: optional(string),
+    subscription: optional(string),
+    extraFields: optional(unknown),
+    createdAt: optional(date),
+    updatedAt: optional(date)
+  });

package/services/organization.service.ts

@@ -0,0 +1,146 @@
+import {
+  CreateOrganizationDto,
+  OrganizationDto,
+  OrganizationService,
+  UpdateOrganizationDto
+} from '@forklaunch/interfaces-iam';
+import { IdDto, InstanceTypeRecord } from '@forklaunch/common';
+import {
+  InternalDtoMapper,
+  RequestDtoMapperConstructor,
+  ResponseDtoMapperConstructor,
+  transformIntoInternalDtoMapper
+} from '@forklaunch/core/dtoMapper';
+import {
+  MetricsDefinition,
+  OpenTelemetryCollector
+} from '@forklaunch/core/http';
+import { MapNestedDtoArraysToCollections } from '@forklaunch/core/services';
+import { AnySchemaValidator } from '@forklaunch/validator';
+import { EntityManager } from '@mikro-orm/core';
+
+export class BaseOrganizationService<
+  SchemaValidator extends AnySchemaValidator,
+  OrganizationStatus,
+  Metrics extends MetricsDefinition = MetricsDefinition,
+  Dto extends {
+    OrganizationDtoMapper: OrganizationDto<OrganizationStatus>;
+    CreateOrganizationDtoMapper: CreateOrganizationDto;
+    UpdateOrganizationDtoMapper: UpdateOrganizationDto;
+  } = {
+    OrganizationDtoMapper: OrganizationDto<OrganizationStatus>;
+    CreateOrganizationDtoMapper: CreateOrganizationDto;
+    UpdateOrganizationDtoMapper: UpdateOrganizationDto;
+  },
+  Entities extends {
+    OrganizationDtoMapper: MapNestedDtoArraysToCollections<
+      OrganizationDto<OrganizationStatus>,
+      'users'
+    >;
+    CreateOrganizationDtoMapper: MapNestedDtoArraysToCollections<
+      OrganizationDto<OrganizationStatus>,
+      'users'
+    >;
+    UpdateOrganizationDtoMapper: MapNestedDtoArraysToCollections<
+      OrganizationDto<OrganizationStatus>,
+      'users'
+    >;
+  } = {
+    OrganizationDtoMapper: MapNestedDtoArraysToCollections<
+      OrganizationDto<OrganizationStatus>,
+      'users'
+    >;
+    CreateOrganizationDtoMapper: MapNestedDtoArraysToCollections<
+      OrganizationDto<OrganizationStatus>,
+      'users'
+    >;
+    UpdateOrganizationDtoMapper: MapNestedDtoArraysToCollections<
+      OrganizationDto<OrganizationStatus>,
+      'users'
+    >;
+  }
+> implements OrganizationService<OrganizationStatus>
+{
+  #dtoMappers: InternalDtoMapper<
+    InstanceTypeRecord<typeof this.dtoMappers>,
+    Entities,
+    Dto
+  >;
+
+  constructor(
+    public em: EntityManager,
+    protected openTelemetryCollector: OpenTelemetryCollector<Metrics>,
+    protected schemaValidator: SchemaValidator,
+    protected dtoMappers: {
+      OrganizationDtoMapper: ResponseDtoMapperConstructor<
+        SchemaValidator,
+        Dto['OrganizationDtoMapper'],
+        Entities['OrganizationDtoMapper']
+      >;
+      CreateOrganizationDtoMapper: RequestDtoMapperConstructor<
+        SchemaValidator,
+        Dto['CreateOrganizationDtoMapper'],
+        Entities['CreateOrganizationDtoMapper']
+      >;
+      UpdateOrganizationDtoMapper: RequestDtoMapperConstructor<
+        SchemaValidator,
+        Dto['UpdateOrganizationDtoMapper'],
+        Entities['UpdateOrganizationDtoMapper']
+      >;
+    }
+  ) {
+    this.#dtoMappers = transformIntoInternalDtoMapper(
+      dtoMappers,
+      schemaValidator
+    );
+  }
+
+  async createOrganization(
+    organizationDto: Dto['CreateOrganizationDtoMapper'],
+    em?: EntityManager
+  ): Promise<Dto['OrganizationDtoMapper']> {
+    this.openTelemetryCollector.log('info', 'Creating organization');
+    const organization =
+      this.#dtoMappers.CreateOrganizationDtoMapper.deserializeDtoToEntity(
+        organizationDto
+      );
+    await (em ?? this.em).transactional(async (innerEm) => {
+      await innerEm.persist(organization);
+    });
+
+    return this.#dtoMappers.OrganizationDtoMapper.serializeEntityToDto(
+      organization
+    );
+  }
+
+  async getOrganization(
+    idDto: IdDto,
+    em?: EntityManager
+  ): Promise<Dto['OrganizationDtoMapper']> {
+    const organization = await (em ?? this.em).findOneOrFail(
+      'Organization',
+      idDto
+    );
+    return this.#dtoMappers.OrganizationDtoMapper.serializeEntityToDto(
+      organization as Entities['OrganizationDtoMapper']
+    );
+  }
+
+  async updateOrganization(
+    organizationDto: Dto['UpdateOrganizationDtoMapper'],
+    em?: EntityManager
+  ): Promise<Dto['OrganizationDtoMapper']> {
+    const updatedOrganization =
+      this.#dtoMappers.UpdateOrganizationDtoMapper.deserializeDtoToEntity(
+        organizationDto
+      );
+    await (em ?? this.em).upsert(updatedOrganization);
+    return this.#dtoMappers.OrganizationDtoMapper.serializeEntityToDto(
+      updatedOrganization
+    );
+  }
+
+  async deleteOrganization(idDto: IdDto, em?: EntityManager): Promise<void> {
+    await (em ?? this.em).nativeDelete('Organization', idDto);
+  }
+}

package/services/permission.service.ts

@@ -0,0 +1,349 @@
+import {
+  CreatePermissionDto,
+  PermissionDto,
+  PermissionService,
+  RoleDto,
+  RoleService,
+  UpdatePermissionDto
+} from '@forklaunch/interfaces-iam';
+import { IdDto, IdsDto, InstanceTypeRecord } from '@forklaunch/common';
+import {
+  InternalDtoMapper,
+  RequestDtoMapperConstructor,
+  ResponseDtoMapperConstructor,
+  transformIntoInternalDtoMapper
+} from '@forklaunch/core/dtoMapper';
+import {
+  MetricsDefinition,
+  OpenTelemetryCollector
+} from '@forklaunch/core/http';
+import { MapNestedDtoArraysToCollections } from '@forklaunch/core/services';
+import { AnySchemaValidator } from '@forklaunch/validator';
+import { EntityManager } from '@mikro-orm/core';
+
+export class BasePermissionService<
+  SchemaValidator extends AnySchemaValidator,
+  Metrics extends MetricsDefinition = MetricsDefinition,
+  Dto extends {
+    PermissionDtoMapper: PermissionDto;
+    CreatePermissionDtoMapper: CreatePermissionDto;
+    UpdatePermissionDtoMapper: UpdatePermissionDto;
+    RoleDtoMapper: RoleDto;
+  } = {
+    PermissionDtoMapper: PermissionDto;
+    CreatePermissionDtoMapper: CreatePermissionDto;
+    UpdatePermissionDtoMapper: UpdatePermissionDto;
+    RoleDtoMapper: RoleDto;
+  },
+  Entities extends {
+    PermissionDtoMapper: PermissionDto;
+    CreatePermissionDtoMapper: PermissionDto;
+    UpdatePermissionDtoMapper: PermissionDto;
+    RoleDtoMapper: MapNestedDtoArraysToCollections<RoleDto, 'permissions'>;
+  } = {
+    PermissionDtoMapper: PermissionDto;
+    CreatePermissionDtoMapper: PermissionDto;
+    UpdatePermissionDtoMapper: PermissionDto;
+    RoleDtoMapper: MapNestedDtoArraysToCollections<RoleDto, 'permissions'>;
+  }
+> implements PermissionService
+{
+  #dtoMappers: InternalDtoMapper<
+    InstanceTypeRecord<typeof this.dtoMappers>,
+    Entities,
+    Dto
+  >;
+
+  constructor(
+    public em: EntityManager,
+    protected roleServiceFactory: () => RoleService,
+    protected openTelemetryCollector: OpenTelemetryCollector<Metrics>,
+    protected schemaValidator: SchemaValidator,
+    protected dtoMappers: {
+      PermissionDtoMapper: ResponseDtoMapperConstructor<
+        SchemaValidator,
+        Dto['PermissionDtoMapper'],
+        Entities['PermissionDtoMapper']
+      >;
+      CreatePermissionDtoMapper: RequestDtoMapperConstructor<
+        SchemaValidator,
+        Dto['CreatePermissionDtoMapper'],
+        Entities['CreatePermissionDtoMapper']
+      >;
+      UpdatePermissionDtoMapper: RequestDtoMapperConstructor<
+        SchemaValidator,
+        Dto['UpdatePermissionDtoMapper'],
+        Entities['UpdatePermissionDtoMapper']
+      >;
+      RoleDtoMapper: RequestDtoMapperConstructor<
+        SchemaValidator,
+        Dto['RoleDtoMapper'],
+        Entities['RoleDtoMapper']
+      >;
+    }
+  ) {
+    this.#dtoMappers = transformIntoInternalDtoMapper(
+      dtoMappers,
+      schemaValidator
+    );
+  }
+
+  // start: global helper functions
+  private async updateRolesWithPermissions(
+    roles: Entities['RoleDtoMapper'][],
+    permissions: Entities['PermissionDtoMapper'][]
+  ): Promise<Entities['RoleDtoMapper'][]> {
+    return await Promise.all(
+      roles.map(async (role) => {
+        permissions.forEach((permission) => role.permissions.add(permission));
+        return role;
+      })
+    );
+  }
+
+  private async removePermissionsFromRoles(
+    roles: Entities['RoleDtoMapper'][],
+    permissions: Entities['PermissionDtoMapper'][]
+  ): Promise<Entities['RoleDtoMapper'][]> {
+    return await Promise.all(
+      roles.map(async (role) => {
+        permissions.forEach((permission) =>
+          role.permissions.remove(permission)
+        );
+        return role;
+      })
+    );
+  }
+
+  private async getBatchRoles(
+    roleIds?: IdsDto,
+    em?: EntityManager
+  ): Promise<Entities['RoleDtoMapper'][]> {
+    return roleIds
+      ? (await this.roleServiceFactory().getBatchRoles(roleIds, em)).map(
+          (role) => {
+            return (em ?? this.em).merge(
+              this.#dtoMappers.RoleDtoMapper.deserializeDtoToEntity(role)
+            );
+          }
+        )
+      : [];
+  }
+  // end: global helper functions
+
+  // start: createPermission helper functions
+  private async createPermissionDto({
+    permission,
+    addToRoles
+  }: {
+    permission: Entities['PermissionDtoMapper'];
+    addToRoles: Entities['RoleDtoMapper'][];
+  }): Promise<{
+    permission: Entities['PermissionDtoMapper'];
+    roles: Entities['RoleDtoMapper'][];
+  }> {
+    let roles: Entities['RoleDtoMapper'][] = [];
+    if (addToRoles) {
+      roles = await this.updateRolesWithPermissions(addToRoles, [permission]);
+    }
+
+    return { permission, roles };
+  }
+
+  private async extractCreatePermissionDtoToEntityData(
+    permissionDto: Dto['CreatePermissionDtoMapper'],
+    em?: EntityManager
+  ): Promise<{
+    permission: Entities['PermissionDtoMapper'];
+    addToRoles: Entities['RoleDtoMapper'][];
+  }> {
+    return {
+      permission: (em ?? this.em).merge(
+        this.#dtoMappers.CreatePermissionDtoMapper.deserializeDtoToEntity(
+          permissionDto
+        )
+      ),
+      addToRoles: permissionDto.addToRolesIds
+        ? await this.getBatchRoles({ ids: permissionDto.addToRolesIds }, em)
+        : []
+    };
+  }
+  // end: createPermission helper functions
+
+  async createPermission(
+    createPermissionDto: Dto['CreatePermissionDtoMapper'],
+    em?: EntityManager
+  ): Promise<Dto['PermissionDtoMapper']> {
+    const { permission, roles } = await this.createPermissionDto(
+      await this.extractCreatePermissionDtoToEntityData(createPermissionDto, em)
+    );
+    await (em ?? this.em).transactional(async (innerEm) => {
+      await innerEm.persist([permission, ...roles]);
+    });
+    return this.#dtoMappers.PermissionDtoMapper.serializeEntityToDto(
+      permission
+    );
+  }
+
+  async createBatchPermissions(
+    permissionDtos: Dto['CreatePermissionDtoMapper'][],
+    em?: EntityManager
+  ): Promise<Dto['PermissionDtoMapper'][]> {
+    const rolesCache: Record<string, Entities['RoleDtoMapper']> = {};
+    const permissions: Entities['PermissionDtoMapper'][] = [];
+    await (em ?? this.em).transactional(async (em) => {
+      permissionDtos.map(async (createPermissionDto) => {
+        const { permission, roles } = await this.createPermissionDto(
+          await this.extractCreatePermissionDtoToEntityData(
+            createPermissionDto,
+            em
+          )
+        );
+        roles.forEach((role) => {
+          if (
+            rolesCache[role.id] &&
+            role.permissions !== rolesCache[role.id].permissions
+          ) {
+            role.permissions.getItems().forEach((permission) => {
+              if (!rolesCache[role.id].permissions.contains(permission)) {
+                rolesCache[role.id].permissions.add(permission);
+              }
+            });
+          } else {
+            rolesCache[role.id] = role;
+          }
+        });
+        permissions.push(permission);
+      });
+      await (em ?? this.em).persist([
+        ...permissions,
+        ...Object.values(rolesCache)
+      ]);
+    });
+
+    return permissions.map((permission) =>
+      this.#dtoMappers.PermissionDtoMapper.serializeEntityToDto(permission)
+    );
+  }
+
+  async getPermission(
+    idDto: IdDto,
+    em?: EntityManager
+  ): Promise<Dto['PermissionDtoMapper']> {
+    const permission = await (em ?? this.em).findOneOrFail('Permission', idDto);
+    return this.#dtoMappers.PermissionDtoMapper.serializeEntityToDto(
+      permission as Entities['PermissionDtoMapper']
+    );
+  }
+
+  async getBatchPermissions(
+    idsDto: IdsDto,
+    em?: EntityManager
+  ): Promise<Dto['PermissionDtoMapper'][]> {
+    return (await (em ?? this.em).find('Permission', idsDto)).map(
+      (permission) =>
+        this.#dtoMappers.PermissionDtoMapper.serializeEntityToDto(
+          permission as Entities['PermissionDtoMapper']
+        )
+    );
+  }
+
+  // start: updatePermission helper functions
+  private updatePermissionDto = async (
+    permissionDto: Dto['UpdatePermissionDtoMapper'],
+    em?: EntityManager
+  ): Promise<{
+    permission: Entities['PermissionDtoMapper'];
+    roles: Entities['RoleDtoMapper'][];
+  }> => {
+    const permission =
+      this.#dtoMappers.UpdatePermissionDtoMapper.deserializeDtoToEntity(
+        permissionDto
+      );
+    const addToRoles = permissionDto.addToRolesIds
+      ? await this.getBatchRoles({ ids: permissionDto.addToRolesIds }, em)
+      : [];
+    const removeFromRoles = permissionDto.removeFromRolesIds
+      ? await this.getBatchRoles({ ids: permissionDto.removeFromRolesIds }, em)
+      : [];
+
+    let roles: Entities['RoleDtoMapper'][] = [];
+
+    roles = roles.concat(
+      await this.updateRolesWithPermissions(addToRoles, [permission])
+    );
+    roles = roles.concat(
+      await this.removePermissionsFromRoles(removeFromRoles, [permission])
+    );
+
+    return {
+      permission,
+      roles
+    };
+  };
+  // end: updatePermission helper functions
+
+  async updatePermission(
+    permissionDto: Dto['UpdatePermissionDtoMapper'],
+    em?: EntityManager
+  ): Promise<Dto['PermissionDtoMapper']> {
+    const { permission, roles } = await this.updatePermissionDto(permissionDto);
+    await (em ?? this.em).upsertMany([permission, ...roles]);
+    if (!em) {
+      this.em.flush();
+    }
+    return this.#dtoMappers.PermissionDtoMapper.serializeEntityToDto(
+      permission
+    );
+  }
+
+  async updateBatchPermissions(
+    permissionDtos: Dto['UpdatePermissionDtoMapper'][],
+    em?: EntityManager
+  ): Promise<Dto['PermissionDtoMapper'][]> {
+    const rolesCache: Record<string, Entities['RoleDtoMapper']> = {};
+    const permissions: Entities['PermissionDtoMapper'][] = [];
+    await (em ?? this.em).transactional(async (em) => {
+      permissionDtos.map(async (updatePermissionDto) => {
+        const { permission, roles } =
+          await this.updatePermissionDto(updatePermissionDto);
+        roles.forEach((role) => {
+          if (
+            rolesCache[role.id] &&
+            role.permissions !== rolesCache[role.id].permissions
+          ) {
+            role.permissions.getItems().forEach((permission) => {
+              if (!rolesCache[role.id].permissions.contains(permission)) {
+                rolesCache[role.id].permissions.add(permission);
+              }
+            });
+          } else {
+            rolesCache[role.id] = role;
+          }
+        });
+        permissions.push(permission);
+      });
+      await (em ?? this.em).persist([
+        ...permissions,
+        ...Object.values(rolesCache)
+      ]);
+    });
+
+    return permissions.map((permission) =>
+      this.#dtoMappers.PermissionDtoMapper.serializeEntityToDto(permission)
+    );
+  }
+
+  async deletePermission(idDto: IdDto, em?: EntityManager): Promise<void> {
+    await (em ?? this.em).nativeDelete('Permission', idDto);
+  }
+
+  async deleteBatchPermissions(
+    idsDto: IdsDto,
+    em?: EntityManager
+  ): Promise<void> {
+    await (em ?? this.em).nativeDelete('Permission', {
+      id: { $in: idsDto.ids }
+    });
+  }
+}