@friggframework/core 2.0.0--canary.461.d1a7bbb.0 → 2.0.0--canary.461.4066059.0

package/database/utils/prisma-runner.js

@@ -118,9 +118,16 @@ async function checkDatabaseState(dbType) {
         }
 
         const schemaPath = getPrismaSchemaPath(dbType);
+        const prismaBin = getPrismaBinaryPath();
+
+        // Use direct path instead of npx to avoid WASM file resolution issues
+        const isDirectBinary = prismaBin !== 'npx prisma';
+        const command = isDirectBinary
+            ? `${prismaBin} migrate status --schema=${schemaPath}`
+            : `npx prisma migrate status --schema=${schemaPath}`;
 
         const output = execSync(
-            `npx prisma migrate status --schema=${schemaPath}`,
+            command,
             {
                 encoding: 'utf8',
                 stdio: 'pipe',

package/integrations/integration-router.js

@@ -63,8 +63,8 @@ const {
     GetUserFromAdopterJwt,
 } = require('../user/use-cases/get-user-from-adopter-jwt');
 const {
-    GetUserFromSharedSecret,
-} = require('../user/use-cases/get-user-from-shared-secret');
+    AuthenticateWithSharedSecret,
+} = require('../user/use-cases/authenticate-with-shared-secret');
 const {
     AuthenticateUser,
 } = require('../user/use-cases/authenticate-user');
@@ -95,16 +95,13 @@ function createIntegrationRouter() {
         userConfig,
     });
 
-    const getUserFromSharedSecret = new GetUserFromSharedSecret({
-        userRepository,
-        userConfig,
-    });
+    const authenticateWithSharedSecret = new AuthenticateWithSharedSecret();
 
     const authenticateUser = new AuthenticateUser({
         getUserFromBearerToken,
         getUserFromXFriggHeaders,
         getUserFromAdopterJwt,
-        getUserFromSharedSecret,
+        authenticateWithSharedSecret,
         userConfig,
     });
 

package/package.json

@@ -1,7 +1,7 @@
 {
     "name": "@friggframework/core",
     "prettier": "@friggframework/prettier-config",
-    "version": "2.0.0--canary.461.d1a7bbb.0",
+    "version": "2.0.0--canary.461.4066059.0",
     "dependencies": {
         "@aws-sdk/client-apigatewaymanagementapi": "^3.588.0",
         "@aws-sdk/client-kms": "^3.588.0",
@@ -38,9 +38,9 @@
         }
     },
     "devDependencies": {
-        "@friggframework/eslint-config": "2.0.0--canary.461.d1a7bbb.0",
-        "@friggframework/prettier-config": "2.0.0--canary.461.d1a7bbb.0",
-        "@friggframework/test": "2.0.0--canary.461.d1a7bbb.0",
+        "@friggframework/eslint-config": "2.0.0--canary.461.4066059.0",
+        "@friggframework/prettier-config": "2.0.0--canary.461.4066059.0",
+        "@friggframework/test": "2.0.0--canary.461.4066059.0",
         "@prisma/client": "^6.17.0",
         "@types/lodash": "4.17.15",
         "@typescript-eslint/eslint-plugin": "^8.0.0",
@@ -80,5 +80,5 @@
     "publishConfig": {
         "access": "public"
     },
-    "gitHead": "d1a7bbb21e49abe96c803b1f3433e8d3bbeaa478"
+    "gitHead": "4066059afecf11231ca7ff94cc4483b47f5b6e74"
 }

package/user/use-cases/authenticate-user.js

@@ -21,20 +21,20 @@ class AuthenticateUser {
      * @param {import('./get-user-from-bearer-token').GetUserFromBearerToken} params.getUserFromBearerToken - Use case for bearer token auth.
      * @param {import('./get-user-from-x-frigg-headers').GetUserFromXFriggHeaders} params.getUserFromXFriggHeaders - Use case for x-frigg header auth.
      * @param {import('./get-user-from-adopter-jwt').GetUserFromAdopterJwt} params.getUserFromAdopterJwt - Use case for adopter JWT auth.
-     * @param {import('./get-user-from-shared-secret').GetUserFromSharedSecret} params.getUserFromSharedSecret - Use case for shared secret auth.
+     * @param {import('./authenticate-with-shared-secret').AuthenticateWithSharedSecret} params.authenticateWithSharedSecret - Use case for validating shared secret.
      * @param {Object} params.userConfig - The user config in the app definition.
      */
     constructor({
         getUserFromBearerToken,
         getUserFromXFriggHeaders,
         getUserFromAdopterJwt,
-        getUserFromSharedSecret,
+        authenticateWithSharedSecret,
         userConfig,
     }) {
         this.getUserFromBearerToken = getUserFromBearerToken;
         this.getUserFromXFriggHeaders = getUserFromXFriggHeaders;
         this.getUserFromAdopterJwt = getUserFromAdopterJwt;
-        this.getUserFromSharedSecret = getUserFromSharedSecret;
+        this.authenticateWithSharedSecret = authenticateWithSharedSecret;
         this.userConfig = userConfig;
     }
 
@@ -56,8 +56,10 @@ class AuthenticateUser {
         if (authModes.sharedSecret !== false) {
             const apiKey = req.headers['x-frigg-api-key'];
             if (apiKey) {
-                return await this.getUserFromSharedSecret.execute(
-                    apiKey,
+                // Validate the API key (authentication)
+                await this.authenticateWithSharedSecret.execute(apiKey);
+                // Get user from x-frigg headers (authorization)
+                return await this.getUserFromXFriggHeaders.execute(
                     appUserId,
                     appOrgId
                 );

package/user/use-cases/authenticate-with-shared-secret.js

@@ -0,0 +1,48 @@
+const Boom = require('@hapi/boom');
+
+/**
+ * Use case for authenticating requests with shared secret API key.
+ * This use case ONLY validates the authenticity of the request via API key.
+ * It does NOT retrieve user data - that's handled by GetUserFromXFriggHeaders.
+ *
+ * Used for backend-to-backend communication where the secret proves
+ * the request is legitimate, but user identification comes from x-frigg headers.
+ *
+ * @class AuthenticateWithSharedSecret
+ */
+class AuthenticateWithSharedSecret {
+    /**
+     * Creates a new AuthenticateWithSharedSecret instance.
+     * @param {Object} params - Configuration parameters (none needed currently, but kept for consistency).
+     */
+    constructor() {
+        // No dependencies needed - just validates against env var
+    }
+
+    /**
+     * Validates the provided shared secret against FRIGG_API_KEY.
+     * @async
+     * @param {string} providedSecret - Secret from x-frigg-api-key header
+     * @returns {Promise<boolean>} True if valid (or throws error if invalid)
+     * @throws {Boom} 500 if FRIGG_API_KEY not configured
+     * @throws {Boom} 401 if provided secret doesn't match
+     */
+    async execute(providedSecret) {
+        // Validate secret
+        const expectedSecret = process.env.FRIGG_API_KEY;
+        if (!expectedSecret) {
+            throw Boom.badImplementation(
+                'FRIGG_API_KEY environment variable is not configured. ' +
+                'Set FRIGG_API_KEY to enable shared secret authentication.'
+            );
+        }
+
+        if (!providedSecret || providedSecret !== expectedSecret) {
+            throw Boom.unauthorized('Invalid API key');
+        }
+
+        return true;
+    }
+}
+
+module.exports = { AuthenticateWithSharedSecret };

package/user/use-cases/get-user-from-shared-secret.js

@@ -1,124 +0,0 @@
-const Boom = require('@hapi/boom');
-const { User } = require('../user');
-
-/**
- * Use case for authenticating requests with shared secret API key.
- * Used for backend-to-backend communication where the secret proves
- * authenticity, and x-frigg headers identify the user/org.
- *
- * This separates authentication (proving legitimacy via API key) from
- * authorization (identifying user/org via x-frigg headers).
- *
- * @class GetUserFromSharedSecret
- */
-class GetUserFromSharedSecret {
-    /**
-     * Creates a new GetUserFromSharedSecret instance.
-     * @param {Object} params - Configuration parameters.
-     * @param {import('../repositories/user-repository-interface').UserRepositoryInterface} params.userRepository - Repository for user data operations.
-     * @param {Object} params.userConfig - The user config in the app definition.
-     */
-    constructor({ userRepository, userConfig }) {
-        this.userRepository = userRepository;
-        this.userConfig = userConfig;
-    }
-
-    /**
-     * Validates shared secret and extracts user from x-frigg headers.
-     * @async
-     * @param {string} providedSecret - Secret from x-frigg-api-key header
-     * @param {string} [appUserId] - From x-frigg-appuserid header
-     * @param {string} [appOrgId] - From x-frigg-apporgid header
-     * @returns {Promise<import('../user').User>} The authenticated user object.
-     * @throws {Boom} 500 if FRIGG_API_KEY not configured
-     * @throws {Boom} 401 if provided secret doesn't match
-     * @throws {Boom} 400 if no user identifiers provided or if they refer to different users
-     */
-    async execute(providedSecret, appUserId, appOrgId) {
-        // Validate secret
-        const expectedSecret = process.env.FRIGG_API_KEY;
-        if (!expectedSecret) {
-            throw Boom.badImplementation(
-                'FRIGG_API_KEY environment variable is not configured. ' +
-                    'Set FRIGG_API_KEY to enable shared secret authentication.'
-            );
-        }
-
-        if (!providedSecret || providedSecret !== expectedSecret) {
-            throw Boom.unauthorized('Invalid API key');
-        }
-
-        // Require at least one user identifier
-        if (!appUserId && !appOrgId) {
-            throw Boom.badRequest(
-                'At least one of x-frigg-appuserid or x-frigg-apporgid headers is required with shared secret authentication'
-            );
-        }
-
-        // Find or create users (reuse logic from GetUserFromXFriggHeaders)
-        let individualUserData = null;
-        let organizationUserData = null;
-
-        if (appUserId && this.userConfig.individualUserRequired !== false) {
-            individualUserData =
-                await this.userRepository.findIndividualUserByAppUserId(
-                    appUserId
-                );
-        }
-
-        if (appOrgId && this.userConfig.organizationUserRequired) {
-            organizationUserData =
-                await this.userRepository.findOrganizationUserByAppOrgId(
-                    appOrgId
-                );
-        }
-
-        // VALIDATION: If both IDs provided and both users exist, verify they match
-        if (
-            appUserId &&
-            appOrgId &&
-            individualUserData &&
-            organizationUserData
-        ) {
-            const individualOrgId =
-                individualUserData.organizationUser?.toString();
-            const expectedOrgId = organizationUserData.id?.toString();
-
-            if (individualOrgId !== expectedOrgId) {
-                throw Boom.badRequest(
-                    'User ID mismatch: x-frigg-appuserid and x-frigg-apporgid refer to different users. ' +
-                        'Provide only one identifier or ensure they belong to the same user.'
-                );
-            }
-        }
-
-        // Auto-create user if not found
-        if (!individualUserData && !organizationUserData) {
-            if (appUserId) {
-                individualUserData =
-                    await this.userRepository.createIndividualUser({
-                        appUserId,
-                        username: `api-user-${appUserId}`,
-                        email: `${appUserId}@api.local`,
-                    });
-            } else {
-                organizationUserData =
-                    await this.userRepository.createOrganizationUser({
-                        appOrgId,
-                    });
-            }
-        }
-
-        return new User(
-            individualUserData,
-            organizationUserData,
-            this.userConfig.usePassword,
-            this.userConfig.primary,
-            this.userConfig.individualUserRequired,
-            this.userConfig.organizationUserRequired
-        );
-    }
-}
-
-module.exports = { GetUserFromSharedSecret };
-