npm - @friggframework/core - Versions diffs - 2.0.0-next.52 → 2.0.0-next.54 - Mend

@friggframework/core 2.0.0-next.52 → 2.0.0-next.54

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (78) hide show

package/user/repositories/user-repository-documentdb.js ADDED Viewed

@@ -0,0 +1,292 @@
+const bcrypt = require('bcryptjs');
+const { prisma } = require('../../database/prisma');
+const {
+    toObjectId,
+    fromObjectId,
+    findOne,
+    insertOne,
+    updateOne,
+    deleteOne,
+} = require('../../database/documentdb-utils');
+const { createTokenRepository } = require('../../token/repositories/token-repository-factory');
+const { UserRepositoryInterface } = require('./user-repository-interface');
+const { DocumentDBEncryptionService } = require('../../database/documentdb-encryption-service');
+/**
+ * User repository for DocumentDB.
+ * Uses DocumentDBEncryptionService for field-level encryption.
+ *
+ * Encrypted fields: User.hashword
+ *
+ * @see DocumentDBEncryptionService
+ * @see encryption-schema-registry.js
+ */
+class UserRepositoryDocumentDB extends UserRepositoryInterface {
+    constructor() {
+        super();
+        this.prisma = prisma;
+        this.tokenRepository = createTokenRepository();
+        this.encryptionService = new DocumentDBEncryptionService();
+    }
+    async getSessionToken(token) {
+        const jsonToken = this.tokenRepository.getJSONTokenFromBase64BufferToken(token);
+        const sessionToken = await this.tokenRepository.validateAndGetToken(jsonToken);
+        return sessionToken;
+    }
+    async findOrganizationUserById(userId) {
+        const doc = await findOne(this.prisma, 'User', {
+            _id: toObjectId(userId),
+            type: 'ORGANIZATION',
+        });
+        const decrypted = await this.encryptionService.decryptFields('User', doc);
+        return this._mapUser(decrypted);
+    }
+    async findIndividualUserById(userId) {
+        const doc = await findOne(this.prisma, 'User', {
+            _id: toObjectId(userId),
+            type: 'INDIVIDUAL',
+        });
+        const decrypted = await this.encryptionService.decryptFields('User', doc);
+        return this._mapUser(decrypted);
+    }
+    async createToken(userId, rawToken, minutes = 120) {
+        const createdToken = await this.tokenRepository.createTokenWithExpire(
+            fromObjectId(toObjectId(userId)),
+            rawToken,
+            minutes
+        );
+        return this.tokenRepository.createBase64BufferToken(createdToken, rawToken);
+    }
+    async createIndividualUser(params) {
+        const now = new Date();
+        const document = {
+            type: 'INDIVIDUAL',
+            email: params.email ?? null,
+            username: params.username ?? null,
+            appUserId: params.appUserId ?? null,
+            organizationId: params.organization
+                ? toObjectId(params.organization)
+                : params.organizationId
+                ? toObjectId(params.organizationId)
+                : null,
+            createdAt: now,
+            updatedAt: now,
+        };
+        if (
+            params.hashword !== undefined &&
+            params.hashword !== null &&
+            params.hashword !== ''
+        ) {
+            if (typeof params.hashword !== 'string') {
+                throw new Error('Password must be a string');
+            }
+            if (params.hashword.startsWith('$2')) {
+                throw new Error(
+                    'Password appears to be already hashed. Pass plain text password only.'
+                );
+            }
+            // Bcrypt hash the password
+            document.hashword = await bcrypt.hash(params.hashword, 10);
+        }
+        // Encrypt sensitive fields before insert
+        const encryptedDocument = await this.encryptionService.encryptFields('User', document);
+        const insertedId = await insertOne(this.prisma, 'User', encryptedDocument);
+        const created = await findOne(this.prisma, 'User', { _id: insertedId });
+        // Defensive check: verify document was found after insert
+        if (!created) {
+            console.error('[UserRepositoryDocumentDB] User not found after insert', {
+                insertedId: fromObjectId(insertedId),
+                params: {
+                    username: params.username,
+                    appUserId: params.appUserId,
+                    email: params.email
+                }
+            });
+            throw new Error(
+                'Failed to create individual user: Document not found after insert. ' +
+                'This indicates a database consistency issue.'
+            );
+        }
+        // Decrypt sensitive fields after read
+        const decrypted = await this.encryptionService.decryptFields('User', created);
+        return this._mapUser(decrypted);
+    }
+    async createOrganizationUser(params) {
+        const now = new Date();
+        const document = {
+            type: 'ORGANIZATION',
+            appOrgId: params.appOrgId ?? null,
+            name: params.name ?? null,
+            createdAt: now,
+            updatedAt: now,
+        };
+        const insertedId = await insertOne(this.prisma, 'User', document);
+        const created = await findOne(this.prisma, 'User', { _id: insertedId });
+        return this._mapUser(created);
+    }
+    async findIndividualUserByUsername(username) {
+        const doc = await findOne(this.prisma, 'User', {
+            type: 'INDIVIDUAL',
+            username,
+        });
+        const decrypted = await this.encryptionService.decryptFields('User', doc);
+        return this._mapUser(decrypted);
+    }
+    async findIndividualUserByAppUserId(appUserId) {
+        const doc = await findOne(this.prisma, 'User', {
+            type: 'INDIVIDUAL',
+            appUserId,
+        });
+        const decrypted = await this.encryptionService.decryptFields('User', doc);
+        return this._mapUser(decrypted);
+    }
+    async findOrganizationUserByAppOrgId(appOrgId) {
+        const doc = await findOne(this.prisma, 'User', {
+            type: 'ORGANIZATION',
+            appOrgId,
+        });
+        const decrypted = await this.encryptionService.decryptFields('User', doc);
+        return this._mapUser(decrypted);
+    }
+    async findUserById(userId) {
+        const doc = await findOne(this.prisma, 'User', { _id: toObjectId(userId) });
+        const decrypted = await this.encryptionService.decryptFields('User', doc);
+        return this._mapUser(decrypted);
+    }
+    async findIndividualUserByEmail(email) {
+        const doc = await findOne(this.prisma, 'User', {
+            type: 'INDIVIDUAL',
+            email,
+        });
+        const decrypted = await this.encryptionService.decryptFields('User', doc);
+        return this._mapUser(decrypted);
+    }
+    async updateIndividualUser(userId, updates) {
+        const objectId = toObjectId(userId);
+        if (!objectId) return null;
+        const payload = await this._prepareUpdatePayload(updates);
+        payload.updatedAt = new Date();
+        // Encrypt sensitive fields before update
+        const encryptedPayload = await this.encryptionService.encryptFields('User', payload);
+        await updateOne(
+            this.prisma,
+            'User',
+            { _id: objectId, type: 'INDIVIDUAL' },
+            { $set: encryptedPayload }
+        );
+        const updated = await findOne(this.prisma, 'User', { _id: objectId });
+        const decrypted = await this.encryptionService.decryptFields('User', updated);
+        return this._mapUser(decrypted);
+    }
+    async updateOrganizationUser(userId, updates) {
+        const objectId = toObjectId(userId);
+        if (!objectId) return null;
+        const payload = { ...updates, updatedAt: new Date() };
+        await updateOne(
+            this.prisma,
+            'User',
+            { _id: objectId, type: 'ORGANIZATION' },
+            { $set: payload }
+        );
+        const updated = await findOne(this.prisma, 'User', { _id: objectId });
+        const decrypted = await this.encryptionService.decryptFields('User', updated);
+        return this._mapUser(decrypted);
+    }
+    async deleteUser(userId) {
+        const objectId = toObjectId(userId);
+        if (!objectId) return false;
+        const result = await deleteOne(this.prisma, 'User', { _id: objectId });
+        const deleted = result?.n ?? 0;
+        return deleted > 0;
+    }
+    _mapUser(doc) {
+        if (!doc) {
+            console.warn('[UserRepositoryDocumentDB] _mapUser received null/undefined document');
+            return null;
+        }
+        // Use optional chaining for robustness
+        return {
+            id: fromObjectId(doc?._id),
+            type: doc?.type ?? null,
+            email: doc?.email ?? null,
+            username: doc?.username ?? null,
+            hashword: doc?.hashword ?? null,
+            appUserId: doc?.appUserId ?? null,
+            organizationId: doc?.organizationId ? fromObjectId(doc.organizationId) : null,
+            appOrgId: doc?.appOrgId ?? null,
+            name: doc?.name ?? null,
+            createdAt: doc?.createdAt ? new Date(doc.createdAt) : undefined,
+            updatedAt: doc?.updatedAt ? new Date(doc.updatedAt) : undefined,
+        };
+    }
+    async _prepareUpdatePayload(updates = {}) {
+        const payload = { ...updates };
+        if (
+            payload.hashword !== undefined &&
+            payload.hashword !== null &&
+            payload.hashword !== ''
+        ) {
+            if (typeof payload.hashword !== 'string') {
+                throw new Error('Password must be a string');
+            }
+            if (payload.hashword.startsWith('$2')) {
+                throw new Error(
+                    'Password appears to be already hashed. Pass plain text password only.'
+                );
+            }
+            payload.hashword = await bcrypt.hash(payload.hashword, 10);
+        }
+        if (payload.organization !== undefined) {
+            payload.organizationId = toObjectId(payload.organization);
+            delete payload.organization;
+        }
+        if (payload.organizationId !== undefined) {
+            payload.organizationId = payload.organizationId
+                ? toObjectId(payload.organizationId)
+                : null;
+        }
+        return payload;
+    }
+}
+module.exports = { UserRepositoryDocumentDB };

package/user/repositories/user-repository-factory.js CHANGED Viewed

@@ -1,5 +1,6 @@
 const { UserRepositoryMongo } = require('./user-repository-mongo');
 const { UserRepositoryPostgres } = require('./user-repository-postgres');
+const { UserRepositoryDocumentDB } = require('./user-repository-documentdb');
 const databaseConfig = require('../../database/config');
 /**
@@ -31,9 +32,12 @@ function createUserRepository() {
         case 'postgresql':
             return new UserRepositoryPostgres();
+        case 'documentdb':
+            return new UserRepositoryDocumentDB();
         default:
             throw new Error(
-                `Unsupported DB_TYPE: ${dbType}. Supported values: 'mongodb', 'postgresql'`
+                `Unsupported DB_TYPE: ${dbType}. Supported values: 'mongodb', 'documentdb', 'postgresql'`
             );
     }
 }
@@ -43,4 +47,5 @@ module.exports = {
     // Export adapters for direct testing
     UserRepositoryMongo,
     UserRepositoryPostgres,
+    UserRepositoryDocumentDB,
 };

package/websocket/repositories/websocket-connection-repository-documentdb.js ADDED Viewed

@@ -0,0 +1,119 @@
+const { prisma } = require('../../database/prisma');
+const {
+    ApiGatewayManagementApiClient,
+    PostToConnectionCommand,
+} = require('@aws-sdk/client-apigatewaymanagementapi');
+const {
+    toObjectId,
+    fromObjectId,
+    findMany,
+    findOne,
+    insertOne,
+    deleteOne,
+    deleteMany,
+} = require('../../database/documentdb-utils');
+const {
+    WebsocketConnectionRepositoryInterface,
+} = require('./websocket-connection-repository-interface');
+class WebsocketConnectionRepositoryDocumentDB extends WebsocketConnectionRepositoryInterface {
+    constructor() {
+        super();
+        this.prisma = prisma;
+    }
+    async createConnection(connectionId) {
+        const now = new Date();
+        const document = {
+            connectionId,
+            createdAt: now,
+            updatedAt: now,
+        };
+        const insertedId = await insertOne(this.prisma, 'WebsocketConnection', document);
+        const created = await findOne(this.prisma, 'WebsocketConnection', { _id: insertedId });
+        return this._mapConnection(created);
+    }
+    async deleteConnection(connectionId) {
+        const result = await deleteOne(this.prisma, 'WebsocketConnection', { connectionId });
+        const deleted = result?.n ?? 0;
+        return { acknowledged: true, deletedCount: deleted };
+    }
+    async getActiveConnections() {
+        if (!process.env.WEBSOCKET_API_ENDPOINT) {
+            return [];
+        }
+        const connections = await findMany(
+            this.prisma,
+            'WebsocketConnection',
+            {},
+            { projection: { connectionId: 1 } }
+        );
+        return connections.map((conn) => ({
+            connectionId: conn.connectionId,
+            send: async (data) => {
+                const apigwManagementApi = new ApiGatewayManagementApiClient({
+                    endpoint: process.env.WEBSOCKET_API_ENDPOINT,
+                });
+                try {
+                    const command = new PostToConnectionCommand({
+                        ConnectionId: conn.connectionId,
+                        Data: JSON.stringify(data),
+                    });
+                    await apigwManagementApi.send(command);
+                } catch (error) {
+                    if (error.statusCode === 410 || error.$metadata?.httpStatusCode === 410) {
+                        console.log(`Stale connection ${conn.connectionId}`);
+                        await deleteMany(this.prisma, 'WebsocketConnection', {
+                            connectionId: conn.connectionId,
+                        });
+                    } else {
+                        throw error;
+                    }
+                }
+            },
+        }));
+    }
+    async findConnection(connectionId) {
+        const doc = await findOne(this.prisma, 'WebsocketConnection', { connectionId });
+        return doc ? this._mapConnection(doc) : null;
+    }
+    async findConnectionById(id) {
+        const objectId = toObjectId(id);
+        if (!objectId) return null;
+        const doc = await findOne(this.prisma, 'WebsocketConnection', { _id: objectId });
+        return doc ? this._mapConnection(doc) : null;
+    }
+    async getAllConnections() {
+        const docs = await findMany(this.prisma, 'WebsocketConnection');
+        return docs.map((doc) => this._mapConnection(doc));
+    }
+    async deleteAllConnections() {
+        const result = await deleteMany(this.prisma, 'WebsocketConnection', {});
+        const deleted = result?.n ?? 0;
+        return {
+            acknowledged: true,
+            deletedCount: deleted,
+        };
+    }
+    _mapConnection(doc) {
+        if (!doc) return null;
+        return {
+            id: fromObjectId(doc._id),
+            connectionId: doc.connectionId,
+        };
+    }
+}
+module.exports = { WebsocketConnectionRepositoryDocumentDB };

package/websocket/repositories/websocket-connection-repository-factory.js CHANGED Viewed

@@ -4,6 +4,9 @@ const {
 const {
     WebsocketConnectionRepositoryPostgres,
 } = require('./websocket-connection-repository-postgres');
+const {
+    WebsocketConnectionRepositoryDocumentDB,
+} = require('./websocket-connection-repository-documentdb');
 const config = require('../../database/config');
 /**
@@ -22,9 +25,12 @@ function createWebsocketConnectionRepository() {
         case 'postgresql':
             return new WebsocketConnectionRepositoryPostgres();
+        case 'documentdb':
+            return new WebsocketConnectionRepositoryDocumentDB();
         default:
             throw new Error(
-                `Unsupported database type: ${dbType}. Supported values: 'mongodb', 'postgresql'`
+                `Unsupported database type: ${dbType}. Supported values: 'mongodb', 'documentdb', 'postgresql'`
             );
     }
 }
@@ -34,4 +40,5 @@ module.exports = {
     // Export adapters for direct testing
     WebsocketConnectionRepositoryMongo,
     WebsocketConnectionRepositoryPostgres,
+    WebsocketConnectionRepositoryDocumentDB,
 };