@friggframework/core 2.0.0-next.43 → 2.0.0-next.45

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@friggframework/core",
   "prettier": "@friggframework/prettier-config",
-  "version": "2.0.0-next.43",
+  "version": "2.0.0-next.45",
   "dependencies": {
     "@hapi/boom": "^10.0.1",
     "@prisma/client": "^6.16.3",
@@ -23,9 +23,9 @@
     "uuid": "^9.0.1"
   },
   "devDependencies": {
-    "@friggframework/eslint-config": "2.0.0-next.43",
-    "@friggframework/prettier-config": "2.0.0-next.43",
-    "@friggframework/test": "2.0.0-next.43",
+    "@friggframework/eslint-config": "2.0.0-next.45",
+    "@friggframework/prettier-config": "2.0.0-next.45",
+    "@friggframework/test": "2.0.0-next.45",
     "@types/lodash": "4.17.15",
     "@typescript-eslint/eslint-plugin": "^8.0.0",
     "chai": "^4.3.6",
@@ -64,5 +64,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "2619db8a4e885887ad9071fe166cf0e8dee12d91"
+  "gitHead": "996a15bcdfaa4252b9891a33f1b1c84548d66bbc"
 }

package/prisma-mongodb/schema.prisma

@@ -46,6 +46,7 @@ model User {
   credentials  Credential[]
   entities     Entity[]
   integrations Integration[]
+  processes    Process[]
 
   @@unique([email])
   @@unique([username])
@@ -172,6 +173,7 @@ model Integration {
   associations Association[]
   syncs        Sync[]
   mappings     IntegrationMapping[]
+  processes    Process[]
 
   @@index([userId])
   @@index([status])
@@ -206,6 +208,48 @@ model IntegrationMapping {
   @@map("IntegrationMapping")
 }
 
+// ============================================================================
+// PROCESS MODELS
+// ============================================================================
+
+/// Generic Process Model - tracks any long-running operation
+/// Used for: CRM syncs, data migrations, bulk operations, etc.
+model Process {
+  id String @id @default(auto()) @map("_id") @db.ObjectId
+
+  // Core references
+  userId        String      @db.ObjectId
+  user          User        @relation(fields: [userId], references: [id], onDelete: Cascade)
+  integrationId String      @db.ObjectId
+  integration   Integration @relation(fields: [integrationId], references: [id], onDelete: Cascade)
+
+  // Process identification
+  name String // e.g., "zoho-crm-contact-sync", "pipedrive-lead-sync"
+  type String // e.g., "CRM_SYNC", "DATA_MIGRATION", "BULK_OPERATION"
+
+  // State machine
+  state String // Current state (integration-defined states)
+
+  // Flexible storage
+  context Json @default("{}") // Process-specific data (pagination, metadata, etc.)
+  results Json @default("{}") // Process results and metrics
+
+  // Hierarchy support
+  childProcesses  String[] @db.ObjectId
+  parentProcessId String?  @db.ObjectId
+
+  // Timestamps
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  @@index([userId])
+  @@index([integrationId])
+  @@index([type])
+  @@index([state])
+  @@index([name])
+  @@map("Process")
+}
+
 // ============================================================================
 // SYNC MODELS
 // ============================================================================

package/prisma-postgresql/schema.prisma

@@ -46,6 +46,7 @@ model User {
   credentials  Credential[]
   entities     Entity[]
   integrations Integration[]
+  processes    Process[]
 
   @@unique([email])
   @@unique([username])
@@ -164,6 +165,7 @@ model Integration {
   associations Association[]
   syncs        Sync[]
   mappings     IntegrationMapping[]
+  processes    Process[]
 
   @@index([userId])
   @@index([status])
@@ -281,6 +283,49 @@ enum AssociationType {
   MANY_TO_ONE
 }
 
+// ============================================================================
+// PROCESS MODELS
+// ============================================================================
+
+/// Generic Process Model - tracks any long-running operation
+/// Used for: CRM syncs, data migrations, bulk operations, etc.
+model Process {
+  id Int @id @default(autoincrement())
+
+  // Core references
+  userId        Int
+  user          User        @relation(fields: [userId], references: [id], onDelete: Cascade)
+  integrationId Int
+  integration   Integration @relation(fields: [integrationId], references: [id], onDelete: Cascade)
+
+  // Process identification
+  name String // e.g., "zoho-crm-contact-sync", "pipedrive-lead-sync"
+  type String // e.g., "CRM_SYNC", "DATA_MIGRATION", "BULK_OPERATION"
+
+  // State machine
+  state String // Current state (integration-defined states)
+
+  // Flexible storage
+  context Json @default("{}") // Process-specific data (pagination, metadata, etc.)
+  results Json @default("{}") // Process results and metrics
+
+  // Hierarchy support - self-referential relation
+  parentProcessId Int?
+  parentProcess   Process?  @relation("ProcessHierarchy", fields: [parentProcessId], references: [id], onDelete: SetNull)
+  childProcesses  Process[] @relation("ProcessHierarchy")
+
+  // Timestamps
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  @@index([userId])
+  @@index([integrationId])
+  @@index([type])
+  @@index([state])
+  @@index([name])
+  @@index([parentProcessId])
+}
+
 // ============================================================================
 // UTILITY MODELS
 // ============================================================================

package/queues/queuer-util.js

@@ -14,6 +14,16 @@ AWS.config.update(awsConfigOptions());
 const sqs = new AWS.SQS();
 
 const QueuerUtil = {
+    send: async (message, queueUrl) => {
+        console.log(`Enqueuing message to SQS queue ${queueUrl}`);
+        return sqs
+            .sendMessage({
+                MessageBody: JSON.stringify(message),
+                QueueUrl: queueUrl,
+            })
+            .promise();
+    },
+
     batchSend: async (entries = [], queueUrl) => {
         console.log(
             `Enqueuing ${entries.length} entries on SQS to queue ${queueUrl}`

package/user/repositories/user-repository-mongo.js

@@ -1,4 +1,4 @@
-//todo: this repository is tightly coupled to the token repository.
+const bcrypt = require('bcryptjs');
 const { prisma } = require('../../database/prisma');
 const {
     createTokenRepository,
@@ -95,19 +95,38 @@ class UserRepositoryMongo extends UserRepositoryInterface {
      * Replaces: IndividualUser.create(params)
      *
      * @param {Object} params - User creation parameters
+     * @param {string} [params.hashword] - Plain text password (will be bcrypt hashed automatically)
      * @returns {Promise<Object>} Created user object with string IDs
      */
     async createIndividualUser(params) {
-        return await this.prisma.user.create({
-            data: {
-                type: 'INDIVIDUAL',
-                email: params.email,
-                username: params.username,
-                hashword: params.hashword,
-                appUserId: params.appUserId,
-                organizationId: params.organization || params.organizationId,
-            },
-        });
+        const data = {
+            type: 'INDIVIDUAL',
+            email: params.email,
+            username: params.username,
+            appUserId: params.appUserId,
+            organizationId: params.organization || params.organizationId,
+        };
+
+        if (
+            params.hashword !== undefined &&
+            params.hashword !== null &&
+            params.hashword !== ''
+        ) {
+            if (typeof params.hashword !== 'string') {
+                throw new Error('Password must be a string');
+            }
+
+            // Prevent double-hashing: bcrypt hashes start with $2a$ or $2b$
+            if (params.hashword.startsWith('$2')) {
+                throw new Error(
+                    'Password appears to be already hashed. Pass plain text password only.'
+                );
+            }
+
+            data.hashword = await bcrypt.hash(params.hashword, 10);
+        }
+
+        return await this.prisma.user.create({ data });
     }
 
     /**
@@ -204,12 +223,34 @@ class UserRepositoryMongo extends UserRepositoryInterface {
      * Update individual user
      * @param {string} userId - User ID
      * @param {Object} updates - Fields to update
+     * @param {string} [updates.hashword] - Plain text password (will be bcrypt hashed automatically)
      * @returns {Promise<Object>} Updated user object with string IDs
      */
     async updateIndividualUser(userId, updates) {
+        const data = { ...updates };
+
+        if (
+            data.hashword !== undefined &&
+            data.hashword !== null &&
+            data.hashword !== ''
+        ) {
+            if (typeof data.hashword !== 'string') {
+                throw new Error('Password must be a string');
+            }
+
+            // Prevent double-hashing: bcrypt hashes start with $2a$ or $2b$
+            if (data.hashword.startsWith('$2')) {
+                throw new Error(
+                    'Password appears to be already hashed. Pass plain text password only.'
+                );
+            }
+
+            data.hashword = await bcrypt.hash(data.hashword, 10);
+        }
+
         return await this.prisma.user.update({
             where: { id: userId },
-            data: updates,
+            data,
         });
     }
 

package/user/repositories/user-repository-postgres.js

@@ -1,4 +1,4 @@
-//todo: this repository is tightly coupled to the token repository.
+const bcrypt = require('bcryptjs');
 const { prisma } = require('../../database/prisma');
 const {
     createTokenRepository,
@@ -130,21 +130,40 @@ class UserRepositoryPostgres extends UserRepositoryInterface {
      * Replaces: IndividualUser.create(params)
      *
      * @param {Object} params - User creation parameters (with string IDs from application layer)
+     * @param {string} [params.hashword] - Plain text password (will be bcrypt hashed automatically)
      * @returns {Promise<Object>} Created user object with string IDs
      */
     async createIndividualUser(params) {
-        const user = await this.prisma.user.create({
-            data: {
-                type: 'INDIVIDUAL',
-                email: params.email,
-                username: params.username,
-                hashword: params.hashword,
-                appUserId: params.appUserId,
-                organizationId: this._convertId(
-                    params.organization || params.organizationId
-                ),
-            },
-        });
+        const data = {
+            type: 'INDIVIDUAL',
+            email: params.email,
+            username: params.username,
+            appUserId: params.appUserId,
+            organizationId: this._convertId(
+                params.organization || params.organizationId
+            ),
+        };
+
+        if (
+            params.hashword !== undefined &&
+            params.hashword !== null &&
+            params.hashword !== ''
+        ) {
+            if (typeof params.hashword !== 'string') {
+                throw new Error('Password must be a string');
+            }
+
+            // Prevent double-hashing: bcrypt hashes start with $2a$ or $2b$
+            if (params.hashword.startsWith('$2')) {
+                throw new Error(
+                    'Password appears to be already hashed. Pass plain text password only.'
+                );
+            }
+
+            data.hashword = await bcrypt.hash(params.hashword, 10);
+        }
+
+        const user = await this.prisma.user.create({ data });
         return this._convertUserIds(user);
     }
 
@@ -249,13 +268,14 @@ class UserRepositoryPostgres extends UserRepositoryInterface {
      * Update individual user
      * @param {string} userId - User ID (string from application layer)
      * @param {Object} updates - Fields to update (with string IDs from application layer)
+     * @param {string} [updates.hashword] - Plain text password (will be bcrypt hashed automatically)
      * @returns {Promise<Object>} Updated user object with string IDs
      */
     async updateIndividualUser(userId, updates) {
         const intId = this._convertId(userId);
 
-        // Convert organizationId if present in updates
         const data = { ...updates };
+
         if (data.organizationId !== undefined) {
             data.organizationId = this._convertId(data.organizationId);
         }
@@ -264,6 +284,25 @@ class UserRepositoryPostgres extends UserRepositoryInterface {
             delete data.organization;
         }
 
+        if (
+            data.hashword !== undefined &&
+            data.hashword !== null &&
+            data.hashword !== ''
+        ) {
+            if (typeof data.hashword !== 'string') {
+                throw new Error('Password must be a string');
+            }
+
+            // Prevent double-hashing: bcrypt hashes start with $2a$ or $2b$
+            if (data.hashword.startsWith('$2')) {
+                throw new Error(
+                    'Password appears to be already hashed. Pass plain text password only.'
+                );
+            }
+
+            data.hashword = await bcrypt.hash(data.hashword, 10);
+        }
+
         const user = await this.prisma.user.update({
             where: { id: intId },
             data,

package/user/tests/use-cases/login-user.test.js

@@ -3,7 +3,7 @@ const { LoginUser } = require('../../use-cases/login-user');
 const { TestUserRepository } = require('../doubles/test-user-repository');
 
 jest.mock('bcryptjs', () => ({
-    compareSync: jest.fn(),
+    compare: jest.fn(),
 }));
 
 describe('LoginUser Use Case', () => {
@@ -16,7 +16,7 @@ describe('LoginUser Use Case', () => {
         userRepository = new TestUserRepository({ userConfig });
         loginUser = new LoginUser({ userRepository, userConfig });
 
-        bcrypt.compareSync.mockClear();
+        bcrypt.compare.mockClear();
     });
 
     describe('With Password Authentication', () => {
@@ -28,11 +28,11 @@ describe('LoginUser Use Case', () => {
                 hashword: 'hashed-password',
             });
 
-            bcrypt.compareSync.mockReturnValue(true);
+            bcrypt.compare.mockResolvedValue(true);
 
             const user = await loginUser.execute({ username, password });
 
-            expect(bcrypt.compareSync).toHaveBeenCalledWith(
+            expect(bcrypt.compare).toHaveBeenCalledWith(
                 password,
                 'hashed-password'
             );
@@ -48,7 +48,7 @@ describe('LoginUser Use Case', () => {
                 hashword: 'hashed-password',
             });
 
-            bcrypt.compareSync.mockReturnValue(false);
+            bcrypt.compare.mockResolvedValue(false);
 
             await expect(
                 loginUser.execute({ username, password })
@@ -137,4 +137,84 @@ describe('LoginUser Use Case', () => {
             ).rejects.toThrow('user not found');
         });
     });
+
+    describe('Bcrypt Hash Verification', () => {
+        beforeEach(() => {
+            userConfig = { usePassword: true, individualUserRequired: true, organizationUserRequired: false };
+            userRepository = new TestUserRepository({ userConfig });
+            loginUser = new LoginUser({ userRepository, userConfig });
+        });
+
+        it('should verify bcrypt.compare is called with plain password and hash', async () => {
+            const username = 'bcrypt-test-user';
+            const plainPassword = 'MyPlainPassword123';
+            const bcryptHash = '$2b$10$abcdefghijklmnopqrstuv';
+
+            await userRepository.createIndividualUser({
+                username,
+                hashword: bcryptHash,
+            });
+
+            bcrypt.compare.mockResolvedValue(true);
+
+            await loginUser.execute({ username, password: plainPassword });
+
+            expect(bcrypt.compare).toHaveBeenCalledTimes(1);
+            expect(bcrypt.compare).toHaveBeenCalledWith(plainPassword, bcryptHash);
+
+            const [firstArg, secondArg] = bcrypt.compare.mock.calls[0];
+            expect(firstArg).toBe(plainPassword);
+            expect(secondArg).toBe(bcryptHash);
+        });
+
+        it('should verify stored password has bcrypt hash format', async () => {
+            const username = 'format-test-user';
+            const bcryptHash = '$2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy';
+
+            await userRepository.createIndividualUser({
+                username,
+                hashword: bcryptHash,
+            });
+
+            const user = await userRepository.findIndividualUserByUsername(username);
+
+            expect(user.hashword).toMatch(/^\$2[ab]\$/);
+            expect(user.hashword.length).toBeGreaterThan(50);
+            expect(user.hashword).not.toContain(':');
+        });
+
+        it('should reject passwords that look encrypted (have colon separators)', async () => {
+            const username = 'encrypted-format-user';
+            const encryptedLookingValue = 'kms:us-east-1:key:ciphertext';
+
+            await userRepository.createIndividualUser({
+                username,
+                hashword: encryptedLookingValue,
+            });
+
+            bcrypt.compare.mockResolvedValue(false);
+
+            await expect(
+                loginUser.execute({ username, password: 'any-password' })
+            ).rejects.toThrow('Incorrect username or password');
+        });
+
+        it('should verify bcrypt.compare returns false for mismatched passwords', async () => {
+            const username = 'mismatch-test-user';
+            const correctHash = '$2b$10$correcthash';
+
+            await userRepository.createIndividualUser({
+                username,
+                hashword: correctHash,
+            });
+
+            bcrypt.compare.mockResolvedValue(false);
+
+            await expect(
+                loginUser.execute({ username, password: 'wrong-password' })
+            ).rejects.toThrow('Incorrect username or password');
+
+            expect(bcrypt.compare).toHaveBeenCalledWith('wrong-password', correctHash);
+        });
+    });
 });