@friggframework/core 2.0.0-next.53 → 2.0.0-next.54

package/syncs/repositories/sync-repository-factory.js

@@ -1,5 +1,6 @@
 const { SyncRepositoryMongo } = require('./sync-repository-mongo');
 const { SyncRepositoryPostgres } = require('./sync-repository-postgres');
+const { SyncRepositoryDocumentDB } = require('./sync-repository-documentdb');
 const config = require('../../database/config');
 
 /**
@@ -23,9 +24,12 @@ function createSyncRepository() {
         case 'postgresql':
             return new SyncRepositoryPostgres();
 
+        case 'documentdb':
+            return new SyncRepositoryDocumentDB();
+
         default:
             throw new Error(
-                `Unsupported database type: ${dbType}. Supported values: 'mongodb', 'postgresql'`
+                `Unsupported database type: ${dbType}. Supported values: 'mongodb', 'documentdb', 'postgresql'`
             );
     }
 }
@@ -35,4 +39,5 @@ module.exports = {
     // Export adapters for direct testing
     SyncRepositoryMongo,
     SyncRepositoryPostgres,
+    SyncRepositoryDocumentDB,
 };

package/token/repositories/token-repository-documentdb.js

@@ -0,0 +1,125 @@
+const { prisma } = require('../../database/prisma');
+const bcrypt = require('bcryptjs');
+const {
+    toObjectId,
+    fromObjectId,
+    findMany,
+    findOne,
+    insertOne,
+    deleteOne,
+    deleteMany,
+} = require('../../database/documentdb-utils');
+const { TokenRepositoryInterface } = require('./token-repository-interface');
+
+const BCRYPT_ROUNDS = 10;
+
+class TokenRepositoryDocumentDB extends TokenRepositoryInterface {
+    constructor() {
+        super();
+        this.prisma = prisma;
+    }
+
+    async createTokenWithExpire(userId, rawToken, minutes) {
+        const tokenHash = await bcrypt.hash(rawToken, BCRYPT_ROUNDS);
+        const expires = new Date(Date.now() + minutes * 60000);
+        const now = new Date();
+        const document = {
+            token: tokenHash,
+            expires,
+            userId: toObjectId(userId),
+            created: now,
+        };
+        const insertedId = await insertOne(this.prisma, 'Token', document);
+        const created = await findOne(this.prisma, 'Token', { _id: insertedId });
+        return this._mapToken(created);
+    }
+
+    async validateAndGetToken(tokenObj) {
+        const objectId = toObjectId(tokenObj.id);
+        if (!objectId) {
+            throw new Error('Invalid Token: Token does not exist');
+        }
+        const record = await findOne(this.prisma, 'Token', { _id: objectId });
+        if (!record) {
+            throw new Error('Invalid Token: Token does not exist');
+        }
+        const isValid = await bcrypt.compare(tokenObj.token, record.token);
+        if (!isValid) {
+            throw new Error('Invalid Token: Token does not match');
+        }
+        if (record.expires && new Date(record.expires) < new Date()) {
+            throw new Error('Invalid Token: Token is expired');
+        }
+        return this._mapToken(record);
+    }
+
+    async findTokenById(tokenId) {
+        const objectId = toObjectId(tokenId);
+        if (!objectId) return null;
+        const record = await findOne(this.prisma, 'Token', { _id: objectId });
+        return record ? this._mapToken(record) : null;
+    }
+
+    async findTokensByUserId(userId) {
+        const objectId = toObjectId(userId);
+        const filter = objectId ? { userId: objectId } : {};
+        const records = await findMany(this.prisma, 'Token', filter);
+        return records.map((record) => this._mapToken(record));
+    }
+
+    async deleteToken(tokenId) {
+        const objectId = toObjectId(tokenId);
+        if (!objectId) return { acknowledged: true, deletedCount: 0 };
+        const result = await deleteOne(this.prisma, 'Token', { _id: objectId });
+        const deleted = result?.n ?? 0;
+        return { acknowledged: true, deletedCount: deleted };
+    }
+
+    async deleteExpiredTokens() {
+        const result = await deleteMany(this.prisma, 'Token', {
+            expires: { $lt: new Date() },
+        });
+        const deleted = result?.n ?? 0;
+        return { acknowledged: true, deletedCount: deleted };
+    }
+
+    async deleteTokensByUserId(userId) {
+        const objectId = toObjectId(userId);
+        if (!objectId) return { acknowledged: true, deletedCount: 0 };
+        const result = await deleteMany(this.prisma, 'Token', { userId: objectId });
+        const deleted = result?.n ?? 0;
+        return { acknowledged: true, deletedCount: deleted };
+    }
+
+    createJSONToken(token, rawToken) {
+        return JSON.stringify({
+            id: token.id,
+            token: rawToken,
+        });
+    }
+
+    createBase64BufferToken(token, rawToken) {
+        const jsonVal = this.createJSONToken(token, rawToken);
+        return Buffer.from(jsonVal).toString('base64');
+    }
+
+    getJSONTokenFromBase64BufferToken(buffer) {
+        const tokenStr = Buffer.from(buffer.trim(), 'base64').toString('ascii');
+        return JSON.parse(tokenStr);
+    }
+
+    _mapToken(record) {
+        if (!record) return null;
+        return {
+            id: fromObjectId(record._id),
+            token: record.token,
+            expires: record.expires ? new Date(record.expires) : null,
+            userId: fromObjectId(record.userId),
+            created: record.created ? new Date(record.created) : null,
+        };
+    }
+}
+
+module.exports = { TokenRepositoryDocumentDB };
+
+

package/token/repositories/token-repository-factory.js

@@ -1,5 +1,8 @@
 const { TokenRepositoryMongo } = require('./token-repository-mongo');
 const { TokenRepositoryPostgres } = require('./token-repository-postgres');
+const {
+    TokenRepositoryDocumentDB,
+} = require('./token-repository-documentdb');
 const config = require('../../database/config');
 
 /**
@@ -18,9 +21,12 @@ function createTokenRepository() {
         case 'postgresql':
             return new TokenRepositoryPostgres();
 
+        case 'documentdb':
+            return new TokenRepositoryDocumentDB();
+
         default:
             throw new Error(
-                `Unsupported database type: ${dbType}. Supported values: 'mongodb', 'postgresql'`
+                `Unsupported database type: ${dbType}. Supported values: 'mongodb', 'documentdb', 'postgresql'`
             );
     }
 }
@@ -30,4 +36,5 @@ module.exports = {
     // Export adapters for direct testing
     TokenRepositoryMongo,
     TokenRepositoryPostgres,
+    TokenRepositoryDocumentDB,
 };

package/user/repositories/user-repository-documentdb.js

@@ -0,0 +1,292 @@
+const bcrypt = require('bcryptjs');
+const { prisma } = require('../../database/prisma');
+const {
+    toObjectId,
+    fromObjectId,
+    findOne,
+    insertOne,
+    updateOne,
+    deleteOne,
+} = require('../../database/documentdb-utils');
+const { createTokenRepository } = require('../../token/repositories/token-repository-factory');
+const { UserRepositoryInterface } = require('./user-repository-interface');
+const { DocumentDBEncryptionService } = require('../../database/documentdb-encryption-service');
+
+/**
+ * User repository for DocumentDB.
+ * Uses DocumentDBEncryptionService for field-level encryption.
+ *
+ * Encrypted fields: User.hashword
+ *
+ * @see DocumentDBEncryptionService
+ * @see encryption-schema-registry.js
+ */
+class UserRepositoryDocumentDB extends UserRepositoryInterface {
+    constructor() {
+        super();
+        this.prisma = prisma;
+        this.tokenRepository = createTokenRepository();
+        this.encryptionService = new DocumentDBEncryptionService();
+    }
+
+    async getSessionToken(token) {
+        const jsonToken = this.tokenRepository.getJSONTokenFromBase64BufferToken(token);
+        const sessionToken = await this.tokenRepository.validateAndGetToken(jsonToken);
+        return sessionToken;
+    }
+
+    async findOrganizationUserById(userId) {
+        const doc = await findOne(this.prisma, 'User', {
+            _id: toObjectId(userId),
+            type: 'ORGANIZATION',
+        });
+        const decrypted = await this.encryptionService.decryptFields('User', doc);
+        return this._mapUser(decrypted);
+    }
+
+    async findIndividualUserById(userId) {
+        const doc = await findOne(this.prisma, 'User', {
+            _id: toObjectId(userId),
+            type: 'INDIVIDUAL',
+        });
+        const decrypted = await this.encryptionService.decryptFields('User', doc);
+        return this._mapUser(decrypted);
+    }
+
+    async createToken(userId, rawToken, minutes = 120) {
+        const createdToken = await this.tokenRepository.createTokenWithExpire(
+            fromObjectId(toObjectId(userId)),
+            rawToken,
+            minutes
+        );
+        return this.tokenRepository.createBase64BufferToken(createdToken, rawToken);
+    }
+
+    async createIndividualUser(params) {
+        const now = new Date();
+        const document = {
+            type: 'INDIVIDUAL',
+            email: params.email ?? null,
+            username: params.username ?? null,
+            appUserId: params.appUserId ?? null,
+            organizationId: params.organization
+                ? toObjectId(params.organization)
+                : params.organizationId
+                ? toObjectId(params.organizationId)
+                : null,
+            createdAt: now,
+            updatedAt: now,
+        };
+
+        if (
+            params.hashword !== undefined &&
+            params.hashword !== null &&
+            params.hashword !== ''
+        ) {
+            if (typeof params.hashword !== 'string') {
+                throw new Error('Password must be a string');
+            }
+
+            if (params.hashword.startsWith('$2')) {
+                throw new Error(
+                    'Password appears to be already hashed. Pass plain text password only.'
+                );
+            }
+
+            // Bcrypt hash the password
+            document.hashword = await bcrypt.hash(params.hashword, 10);
+        }
+
+        // Encrypt sensitive fields before insert
+        const encryptedDocument = await this.encryptionService.encryptFields('User', document);
+        const insertedId = await insertOne(this.prisma, 'User', encryptedDocument);
+        const created = await findOne(this.prisma, 'User', { _id: insertedId });
+
+        // Defensive check: verify document was found after insert
+        if (!created) {
+            console.error('[UserRepositoryDocumentDB] User not found after insert', {
+                insertedId: fromObjectId(insertedId),
+                params: {
+                    username: params.username,
+                    appUserId: params.appUserId,
+                    email: params.email
+                }
+            });
+            throw new Error(
+                'Failed to create individual user: Document not found after insert. ' +
+                'This indicates a database consistency issue.'
+            );
+        }
+
+        // Decrypt sensitive fields after read
+        const decrypted = await this.encryptionService.decryptFields('User', created);
+
+        return this._mapUser(decrypted);
+    }
+
+    async createOrganizationUser(params) {
+        const now = new Date();
+        const document = {
+            type: 'ORGANIZATION',
+            appOrgId: params.appOrgId ?? null,
+            name: params.name ?? null,
+            createdAt: now,
+            updatedAt: now,
+        };
+
+        const insertedId = await insertOne(this.prisma, 'User', document);
+        const created = await findOne(this.prisma, 'User', { _id: insertedId });
+        return this._mapUser(created);
+    }
+
+    async findIndividualUserByUsername(username) {
+        const doc = await findOne(this.prisma, 'User', {
+            type: 'INDIVIDUAL',
+            username,
+        });
+        const decrypted = await this.encryptionService.decryptFields('User', doc);
+        return this._mapUser(decrypted);
+    }
+
+    async findIndividualUserByAppUserId(appUserId) {
+        const doc = await findOne(this.prisma, 'User', {
+            type: 'INDIVIDUAL',
+            appUserId,
+        });
+        const decrypted = await this.encryptionService.decryptFields('User', doc);
+        return this._mapUser(decrypted);
+    }
+
+    async findOrganizationUserByAppOrgId(appOrgId) {
+        const doc = await findOne(this.prisma, 'User', {
+            type: 'ORGANIZATION',
+            appOrgId,
+        });
+        const decrypted = await this.encryptionService.decryptFields('User', doc);
+        return this._mapUser(decrypted);
+    }
+
+    async findUserById(userId) {
+        const doc = await findOne(this.prisma, 'User', { _id: toObjectId(userId) });
+        const decrypted = await this.encryptionService.decryptFields('User', doc);
+        return this._mapUser(decrypted);
+    }
+
+    async findIndividualUserByEmail(email) {
+        const doc = await findOne(this.prisma, 'User', {
+            type: 'INDIVIDUAL',
+            email,
+        });
+        const decrypted = await this.encryptionService.decryptFields('User', doc);
+        return this._mapUser(decrypted);
+    }
+
+    async updateIndividualUser(userId, updates) {
+        const objectId = toObjectId(userId);
+        if (!objectId) return null;
+
+        const payload = await this._prepareUpdatePayload(updates);
+        payload.updatedAt = new Date();
+
+        // Encrypt sensitive fields before update
+        const encryptedPayload = await this.encryptionService.encryptFields('User', payload);
+
+        await updateOne(
+            this.prisma,
+            'User',
+            { _id: objectId, type: 'INDIVIDUAL' },
+            { $set: encryptedPayload }
+        );
+
+        const updated = await findOne(this.prisma, 'User', { _id: objectId });
+        const decrypted = await this.encryptionService.decryptFields('User', updated);
+        return this._mapUser(decrypted);
+    }
+
+    async updateOrganizationUser(userId, updates) {
+        const objectId = toObjectId(userId);
+        if (!objectId) return null;
+
+        const payload = { ...updates, updatedAt: new Date() };
+
+        await updateOne(
+            this.prisma,
+            'User',
+            { _id: objectId, type: 'ORGANIZATION' },
+            { $set: payload }
+        );
+
+        const updated = await findOne(this.prisma, 'User', { _id: objectId });
+        const decrypted = await this.encryptionService.decryptFields('User', updated);
+        return this._mapUser(decrypted);
+    }
+
+    async deleteUser(userId) {
+        const objectId = toObjectId(userId);
+        if (!objectId) return false;
+
+        const result = await deleteOne(this.prisma, 'User', { _id: objectId });
+        const deleted = result?.n ?? 0;
+        return deleted > 0;
+    }
+
+    _mapUser(doc) {
+        if (!doc) {
+            console.warn('[UserRepositoryDocumentDB] _mapUser received null/undefined document');
+            return null;
+        }
+
+        // Use optional chaining for robustness
+        return {
+            id: fromObjectId(doc?._id),
+            type: doc?.type ?? null,
+            email: doc?.email ?? null,
+            username: doc?.username ?? null,
+            hashword: doc?.hashword ?? null,
+            appUserId: doc?.appUserId ?? null,
+            organizationId: doc?.organizationId ? fromObjectId(doc.organizationId) : null,
+            appOrgId: doc?.appOrgId ?? null,
+            name: doc?.name ?? null,
+            createdAt: doc?.createdAt ? new Date(doc.createdAt) : undefined,
+            updatedAt: doc?.updatedAt ? new Date(doc.updatedAt) : undefined,
+        };
+    }
+
+    async _prepareUpdatePayload(updates = {}) {
+        const payload = { ...updates };
+
+        if (
+            payload.hashword !== undefined &&
+            payload.hashword !== null &&
+            payload.hashword !== ''
+        ) {
+            if (typeof payload.hashword !== 'string') {
+                throw new Error('Password must be a string');
+            }
+
+            if (payload.hashword.startsWith('$2')) {
+                throw new Error(
+                    'Password appears to be already hashed. Pass plain text password only.'
+                );
+            }
+
+            payload.hashword = await bcrypt.hash(payload.hashword, 10);
+        }
+
+        if (payload.organization !== undefined) {
+            payload.organizationId = toObjectId(payload.organization);
+            delete payload.organization;
+        }
+
+        if (payload.organizationId !== undefined) {
+            payload.organizationId = payload.organizationId
+                ? toObjectId(payload.organizationId)
+                : null;
+        }
+
+        return payload;
+    }
+}
+
+module.exports = { UserRepositoryDocumentDB };
+

package/user/repositories/user-repository-factory.js

@@ -1,5 +1,6 @@
 const { UserRepositoryMongo } = require('./user-repository-mongo');
 const { UserRepositoryPostgres } = require('./user-repository-postgres');
+const { UserRepositoryDocumentDB } = require('./user-repository-documentdb');
 const databaseConfig = require('../../database/config');
 
 /**
@@ -31,9 +32,12 @@ function createUserRepository() {
         case 'postgresql':
             return new UserRepositoryPostgres();
 
+        case 'documentdb':
+            return new UserRepositoryDocumentDB();
+
         default:
             throw new Error(
-                `Unsupported DB_TYPE: ${dbType}. Supported values: 'mongodb', 'postgresql'`
+                `Unsupported DB_TYPE: ${dbType}. Supported values: 'mongodb', 'documentdb', 'postgresql'`
             );
     }
 }
@@ -43,4 +47,5 @@ module.exports = {
     // Export adapters for direct testing
     UserRepositoryMongo,
     UserRepositoryPostgres,
+    UserRepositoryDocumentDB,
 };

package/websocket/repositories/websocket-connection-repository-documentdb.js

@@ -0,0 +1,119 @@
+const { prisma } = require('../../database/prisma');
+const {
+    ApiGatewayManagementApiClient,
+    PostToConnectionCommand,
+} = require('@aws-sdk/client-apigatewaymanagementapi');
+const {
+    toObjectId,
+    fromObjectId,
+    findMany,
+    findOne,
+    insertOne,
+    deleteOne,
+    deleteMany,
+} = require('../../database/documentdb-utils');
+const {
+    WebsocketConnectionRepositoryInterface,
+} = require('./websocket-connection-repository-interface');
+
+class WebsocketConnectionRepositoryDocumentDB extends WebsocketConnectionRepositoryInterface {
+    constructor() {
+        super();
+        this.prisma = prisma;
+    }
+
+    async createConnection(connectionId) {
+        const now = new Date();
+        const document = {
+            connectionId,
+            createdAt: now,
+            updatedAt: now,
+        };
+        const insertedId = await insertOne(this.prisma, 'WebsocketConnection', document);
+        const created = await findOne(this.prisma, 'WebsocketConnection', { _id: insertedId });
+        return this._mapConnection(created);
+    }
+
+    async deleteConnection(connectionId) {
+        const result = await deleteOne(this.prisma, 'WebsocketConnection', { connectionId });
+        const deleted = result?.n ?? 0;
+        return { acknowledged: true, deletedCount: deleted };
+    }
+
+    async getActiveConnections() {
+        if (!process.env.WEBSOCKET_API_ENDPOINT) {
+            return [];
+        }
+
+        const connections = await findMany(
+            this.prisma,
+            'WebsocketConnection',
+            {},
+            { projection: { connectionId: 1 } }
+        );
+
+        return connections.map((conn) => ({
+            connectionId: conn.connectionId,
+            send: async (data) => {
+                const apigwManagementApi = new ApiGatewayManagementApiClient({
+                    endpoint: process.env.WEBSOCKET_API_ENDPOINT,
+                });
+
+                try {
+                    const command = new PostToConnectionCommand({
+                        ConnectionId: conn.connectionId,
+                        Data: JSON.stringify(data),
+                    });
+                    await apigwManagementApi.send(command);
+                } catch (error) {
+                    if (error.statusCode === 410 || error.$metadata?.httpStatusCode === 410) {
+                        console.log(`Stale connection ${conn.connectionId}`);
+                        await deleteMany(this.prisma, 'WebsocketConnection', {
+                            connectionId: conn.connectionId,
+                        });
+                    } else {
+                        throw error;
+                    }
+                }
+            },
+        }));
+    }
+
+    async findConnection(connectionId) {
+        const doc = await findOne(this.prisma, 'WebsocketConnection', { connectionId });
+        return doc ? this._mapConnection(doc) : null;
+    }
+
+    async findConnectionById(id) {
+        const objectId = toObjectId(id);
+        if (!objectId) return null;
+        const doc = await findOne(this.prisma, 'WebsocketConnection', { _id: objectId });
+        return doc ? this._mapConnection(doc) : null;
+    }
+
+    async getAllConnections() {
+        const docs = await findMany(this.prisma, 'WebsocketConnection');
+        return docs.map((doc) => this._mapConnection(doc));
+    }
+
+    async deleteAllConnections() {
+        const result = await deleteMany(this.prisma, 'WebsocketConnection', {});
+        const deleted = result?.n ?? 0;
+        return {
+            acknowledged: true,
+            deletedCount: deleted,
+        };
+    }
+
+    _mapConnection(doc) {
+        if (!doc) return null;
+        return {
+            id: fromObjectId(doc._id),
+            connectionId: doc.connectionId,
+        };
+    }
+}
+
+module.exports = { WebsocketConnectionRepositoryDocumentDB };
+
+

package/websocket/repositories/websocket-connection-repository-factory.js

@@ -4,6 +4,9 @@ const {
 const {
     WebsocketConnectionRepositoryPostgres,
 } = require('./websocket-connection-repository-postgres');
+const {
+    WebsocketConnectionRepositoryDocumentDB,
+} = require('./websocket-connection-repository-documentdb');
 const config = require('../../database/config');
 
 /**
@@ -22,9 +25,12 @@ function createWebsocketConnectionRepository() {
         case 'postgresql':
             return new WebsocketConnectionRepositoryPostgres();
 
+        case 'documentdb':
+            return new WebsocketConnectionRepositoryDocumentDB();
+
         default:
             throw new Error(
-                `Unsupported database type: ${dbType}. Supported values: 'mongodb', 'postgresql'`
+                `Unsupported database type: ${dbType}. Supported values: 'mongodb', 'documentdb', 'postgresql'`
             );
     }
 }
@@ -34,4 +40,5 @@ module.exports = {
     // Export adapters for direct testing
     WebsocketConnectionRepositoryMongo,
     WebsocketConnectionRepositoryPostgres,
+    WebsocketConnectionRepositoryDocumentDB,
 };