@friggframework/core 2.0.0--canary.405.1f6792c.0 → 2.0.0--canary.396.6862738.0

package/user/use-cases/login-user.js

@@ -0,0 +1,122 @@
+const Boom = require('@hapi/boom');
+const {
+    RequiredPropertyError,
+} = require('../../errors');
+const { User } = require('../user');
+
+/**
+ * Use case for logging in a user.
+ * @class LoginUser
+ */
+class LoginUser {
+    /**
+     * Creates a new LoginUser instance.
+     * @param {Object} params - Configuration parameters.
+     * @param {import('../user-repository').UserRepository} params.userRepository - Repository for user data operations.
+     * @param {Object} params.userConfig - The user properties inside of the app definition.
+     */
+    constructor({ userRepository, userConfig }) {
+        this.userRepository = userRepository;
+        this.userConfig = userConfig;
+    }
+
+    /**
+     * Executes the use case.
+     * @async
+     * @param {Object} userCredentials - The user's credentials for authentication.
+     * @param {string} [userCredentials.username] - The username for authentication.
+     * @param {string} [userCredentials.password] - The password for authentication.
+     * @param {string} [userCredentials.appUserId] - The app user id for authentication if no username and password are provided.
+     * @param {string} [userCredentials.appOrgId] - The app organization id for authentication if no username and password are provided.
+     * @returns {Promise<import('../user').User>} The authenticated user object.
+     */
+    async execute(userCredentials) {
+        const { username, password, appUserId, appOrgId } = userCredentials;
+        if (this.userConfig.individualUserRequired) {
+            if (this.userConfig.usePassword) {
+                if (!username) {
+                    throw new RequiredPropertyError({
+                        parent: this,
+                        key: 'username',
+                    });
+                }
+                if (!password) {
+                    throw new RequiredPropertyError({
+                        parent: this,
+                        key: 'password',
+                    });
+                }
+
+                const individualUserData =
+                    await this.userRepository.findIndividualUserByUsername(
+                        username
+                    );
+
+                if (!individualUserData) {
+                    throw Boom.unauthorized('user not found');
+                }
+
+                const individualUser = new User(
+                    individualUserData,
+                    null,
+                    this.userConfig.usePassword,
+                    this.userConfig.primary,
+                    this.userConfig.individualUserRequired,
+                    this.userConfig.organizationUserRequired
+                );
+
+                if (!individualUser.isPasswordValid(password)) {
+                    throw Boom.unauthorized('Incorrect username or password');
+                }
+
+                return individualUser;
+            } else {
+                const individualUserData =
+                    await this.userRepository.findIndividualUserByAppUserId(
+                        appUserId
+                    );
+
+                if (!individualUserData) {
+                    throw Boom.unauthorized('user not found');
+                }
+
+                const individualUser = new User(
+                    individualUserData,
+                    null,
+                    this.userConfig.usePassword,
+                    this.userConfig.primary,
+                    this.userConfig.individualUserRequired,
+                    this.userConfig.organizationUserRequired
+                );
+
+                return individualUser;
+            }
+        }
+
+
+        if (this.userConfig.organizationUserRequired) {
+
+            const organizationUserData =
+                await this.userRepository.findOrganizationUserByAppOrgId(appOrgId);
+
+            if (!organizationUserData) {
+                throw Boom.unauthorized(`org user ${appOrgId} not found`);
+            }
+
+            const organizationUser = new User(
+                null,
+                organizationUserData,
+                this.userConfig.usePassword,
+                this.userConfig.primary,
+                this.userConfig.individualUserRequired,
+                this.userConfig.organizationUserRequired
+            );
+
+            return organizationUser;
+        }
+
+        return null;
+    }
+}
+
+module.exports = { LoginUser }; 

package/user/user-repository.js

@@ -0,0 +1,62 @@
+const { Token } = require('../database/models/Token');
+const { IndividualUser } = require('../database/models/IndividualUser');
+const { OrganizationUser } = require('../database/models/OrganizationUser');
+
+class UserRepository {
+    /**
+     * @param {Object} userConfig - The user config in the app definition.
+     */
+    constructor({ userConfig }) {
+        this.IndividualUser = IndividualUser;
+        this.OrganizationUser = OrganizationUser;
+        this.Token = Token;
+        this.userConfig = userConfig;
+    }
+
+    async getSessionToken(token) {
+        const jsonToken =
+            this.Token.getJSONTokenFromBase64BufferToken(token);
+        const sessionToken =
+            await this.Token.validateAndGetTokenFromJSONToken(jsonToken);
+        return sessionToken;
+    }
+
+    async findOrganizationUserById(userId) {
+        return this.OrganizationUser.findById(userId);
+    }
+
+    async findIndividualUserById(userId) {
+        return this.IndividualUser.findById(userId);
+    }
+
+    async createToken(userId, rawToken, minutes = 120) {
+        const createdToken = await this.Token.createTokenWithExpire(
+            userId,
+            rawToken,
+            minutes
+        );
+        return this.Token.createBase64BufferToken(createdToken, rawToken);
+    }
+
+    async createIndividualUser(params) {
+        return this.IndividualUser.create(params);
+    }
+
+    async createOrganizationUser(params) {
+        return this.OrganizationUser.create(params);
+    }
+
+    async findIndividualUserByUsername(username) {
+        return this.IndividualUser.findOne({ username });
+    }
+
+    async findIndividualUserByAppUserId(appUserId) {
+        return this.IndividualUser.getUserByAppUserId(appUserId);
+    }
+
+    async findOrganizationUserByAppOrgId(appOrgId) {
+        return this.OrganizationUser.getUserByAppOrgId(appOrgId);
+    }
+}
+
+module.exports = { UserRepository }; 

package/user/user.js

@@ -0,0 +1,77 @@
+const bcrypt = require('bcryptjs');
+
+/**
+ * Represents a user in the system. The User class is a domain entity,
+ * @class User
+ */
+class User {
+    /**
+     * Creates a new User instance.
+     * @param {import('../database/models/IndividualUser').IndividualUser} [individualUser=null] - The individual user for the user.
+     * @param {import('../database/models/OrganizationUser').OrganizationUser} [organizationUser=null] - The organization user for the user.
+     * @param {boolean} [usePassword=false] - Whether the user has a password.
+     * @param {string} [primary='individual'] - The primary user type.
+     * @param {boolean} [individualUserRequired=true] - Whether the user is required to have an individual user.
+     * @param {boolean} [organizationUserRequired=false] - Whether the user is required to have an organization user.
+     */
+    constructor(individualUser = null, organizationUser = null, usePassword = false, primary = 'individual', individualUserRequired = true, organizationUserRequired = false) {
+        this.individualUser = individualUser;
+        this.organizationUser = organizationUser;
+        this.usePassword = usePassword;
+
+        this.config = {
+            primary,
+            individualUserRequired,
+            organizationUserRequired,
+        };
+    }
+
+    getPrimaryUser() {
+        if (this.config.primary === 'organization') {
+            return this.organizationUser;
+        }
+        return this.individualUser;
+    }
+
+    getId() {
+        return this.getPrimaryUser()?.id;
+    }
+
+    isPasswordRequired() {
+        return this.usePassword;
+    }
+
+    isPasswordValid(password) {
+        if (!this.isPasswordRequired()) {
+            return true;
+        }
+
+        return bcrypt.compareSync(password, this.getPrimaryUser().hashword);
+    }
+
+    setIndividualUser(individualUser) {
+        this.individualUser = individualUser;
+    }
+
+    setOrganizationUser(organizationUser) {
+        this.organizationUser = organizationUser;
+    }
+
+    isOrganizationUserRequired() {
+        return this.config.organizationUserRequired;
+    }
+
+    isIndividualUserRequired() {
+        return this.config.individualUserRequired;
+    }
+
+    getIndividualUser() {
+        return this.individualUser;
+    }
+
+    getOrganizationUser() {
+        return this.organizationUser;
+    }
+}
+
+module.exports = { User }; 

package/handlers/routers/HEALTHCHECK.md

@@ -1,240 +0,0 @@
-# Frigg Healthcheck Endpoint Documentation
-
-## Overview
-
-The Frigg service includes comprehensive healthcheck endpoints to monitor service health, connectivity, and readiness. These endpoints follow industry best practices and are designed for use with monitoring systems, load balancers, and container orchestration platforms.
-
-## Endpoints
-
-### 1. Basic Health Check
-**GET** `/health`
-
-Simple health check endpoint that returns basic service information. No authentication required. This endpoint is rate-limited at the API Gateway level.
-
-**Response:**
-```json
-{
-  "status": "ok",
-  "timestamp": "2024-01-10T12:00:00.000Z",
-  "service": "frigg-core-api"
-}
-```
-
-**Status Codes:**
-- `200 OK` - Service is running
-
-### 2. Detailed Health Check
-**GET** `/health/detailed`
-
-Comprehensive health check that tests all service components and dependencies.
-
-**Authentication Required:**
-- Header: `x-api-key: YOUR_API_KEY`
-- The API key must match the `HEALTH_API_KEY` environment variable
-
-**Response:**
-```json
-{
-  "service": "frigg-core-api",
-  "status": "healthy",  // "healthy" or "unhealthy"
-  "timestamp": "2024-01-10T12:00:00.000Z",
-  "checks": {
-    "database": {
-      "status": "healthy",
-      "state": "connected",
-      "responseTime": 5  // milliseconds
-    },
-    "externalApis": {
-      "github": {
-        "status": "healthy",
-        "statusCode": 200,
-        "responseTime": 150,
-        "reachable": true
-      },
-      "npm": {
-        "status": "healthy",
-        "statusCode": 200,
-        "responseTime": 200,
-        "reachable": true
-      }
-    },
-    "integrations": {
-      "status": "healthy",
-      "modules": {
-        "count": 10,
-        "available": ["module1", "module2", "..."]
-      },
-      "integrations": {
-        "count": 5,
-        "available": ["integration1", "integration2", "..."]
-      }
-    }
-  },
-  "responseTime": 250  // total endpoint response time in milliseconds
-}
-```
-
-**Status Codes:**
-- `200 OK` - Service is healthy (all components operational)
-- `503 Service Unavailable` - Service is unhealthy (any component failure)
-- `401 Unauthorized` - Missing or invalid x-api-key header
-
-### 3. Liveness Probe
-**GET** `/health/live`
-
-Kubernetes-style liveness probe. Returns whether the service process is alive.
-
-**Authentication Required:**
-- Header: `x-api-key: YOUR_API_KEY`
-
-**Response:**
-```json
-{
-  "status": "alive",
-  "timestamp": "2024-01-10T12:00:00.000Z"
-}
-```
-
-**Status Codes:**
-- `200 OK` - Service process is alive
-
-### 4. Readiness Probe
-**GET** `/health/ready`
-
-Kubernetes-style readiness probe. Returns whether the service is ready to receive traffic.
-
-**Authentication Required:**
-- Header: `x-api-key: YOUR_API_KEY`
-
-**Response:**
-```json
-{
-  "ready": true,
-  "timestamp": "2024-01-10T12:00:00.000Z",
-  "checks": {
-    "database": true,
-    "modules": true
-  }
-}
-```
-
-**Status Codes:**
-- `200 OK` - Service is ready
-- `503 Service Unavailable` - Service is not ready
-
-## Health Status Definitions
-
-- **healthy**: All components are functioning normally
-- **unhealthy**: Any component is failing, service may not function properly
-
-## Component Checks
-
-### Database Connectivity
-- Checks database connection state
-- Performs ping test with 2-second timeout if connected
-- Reports connection state and response time
-- Database type is not exposed for security reasons
-
-### External API Connectivity
-- Tests connectivity to external services (GitHub, npm registry)
-- Configurable timeout (default: 5 seconds)
-- Reports reachability and response times
-- Uses Promise.all for parallel checking
-
-### Integration Status
-- Verifies available modules and integrations are loaded
-- Reports counts and lists of available components
-
-## Usage Examples
-
-### Monitoring Systems
-Configure your monitoring system to poll `/health/detailed` every 30-60 seconds:
-```bash
-curl -H "x-api-key: YOUR_API_KEY" https://your-frigg-instance.com/health/detailed
-```
-
-### Load Balancer Health Checks
-Configure load balancers to use the simple `/health` endpoint:
-```bash
-curl https://your-frigg-instance.com/health
-```
-
-### Kubernetes Configuration
-```yaml
-livenessProbe:
-  httpGet:
-    path: /health/live
-    port: 8080
-    httpHeaders:
-    - name: x-api-key
-      value: YOUR_API_KEY
-  periodSeconds: 10
-  timeoutSeconds: 5
-
-readinessProbe:
-  httpGet:
-    path: /health/ready
-    port: 8080
-    httpHeaders:
-    - name: x-api-key
-      value: YOUR_API_KEY
-  initialDelaySeconds: 30
-  periodSeconds: 10
-```
-
-## Customization
-
-### Adding External API Checks
-To add more external API checks, modify the `externalAPIs` array in the health router:
-```javascript
-const externalAPIs = [
-    { name: 'github', url: 'https://api.github.com/status' },
-    { name: 'npm', url: 'https://registry.npmjs.org' },
-    { name: 'your-api', url: 'https://your-api.com/health' }
-];
-```
-
-### Adjusting Timeouts
-The default timeout for external API checks is 5 seconds. Database ping timeout is set to 2 seconds:
-```javascript
-const checkExternalAPI = (url, timeout = 5000) => {
-    // ...
-};
-
-await mongoose.connection.db.admin().ping({ maxTimeMS: 2000 });
-```
-
-## Best Practices
-
-1. **Authentication**: Basic `/health` endpoint requires no authentication, but detailed endpoints require `x-api-key` header
-2. **Rate Limiting**: Configure rate limiting at the API Gateway level to prevent abuse
-3. **Fast Response**: Health checks should respond quickly (< 1 second)
-4. **Strict Status Codes**: Return 503 for any non-healthy state to ensure proper alerting
-5. **Detailed Logging**: Failed health checks are logged for debugging
-6. **Security**: No sensitive information (DB types, versions) exposed in responses
-7. **Lambda Considerations**: Uptime and memory metrics not included as they're not relevant in serverless
-
-## Troubleshooting
-
-### Database Connection Issues
-- Check `MONGO_URI` environment variable
-- Verify network connectivity to MongoDB
-- Check MongoDB server status
-
-### External API Failures
-- May indicate network issues or external service downtime
-- Service reports "unhealthy" status if any external API is unreachable
-
-## Security Considerations
-
-- Basic health endpoint requires no authentication for monitoring compatibility
-- Detailed endpoints require `x-api-key` header authentication
-- Health endpoints do not expose sensitive information
-- Database connection strings and credentials are never included in responses
-- External API checks use read-only endpoints
-- Rate limiting should be configured at the API Gateway level
-- Consider IP whitelisting for health endpoints in production
-
-## Environment Variables
-
-- `HEALTH_API_KEY`: Required API key for accessing detailed health endpoints