npm - @friggframework/core - Versions diffs - 2.0.0-next.53 → 2.0.0-next.55 - Mend

@friggframework/core 2.0.0-next.53 → 2.0.0-next.55

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (70) hide show

package/user/repositories/user-repository-documentdb.js ADDED Viewed

@@ -0,0 +1,432 @@
+const bcrypt = require('bcryptjs');
+const { prisma } = require('../../database/prisma');
+const {
+    toObjectId,
+    fromObjectId,
+    findOne,
+    insertOne,
+    updateOne,
+    deleteOne,
+} = require('../../database/documentdb-utils');
+const {
+    createTokenRepository,
+} = require('../../token/repositories/token-repository-factory');
+const { UserRepositoryInterface } = require('./user-repository-interface');
+const { ClientSafeError } = require('../../errors');
+const {
+    DocumentDBEncryptionService,
+} = require('../../database/documentdb-encryption-service');
+/**
+ * User repository for DocumentDB.
+ * Uses DocumentDBEncryptionService for field-level encryption.
+ *
+ * Encrypted fields: User.hashword
+ *
+ * @see DocumentDBEncryptionService
+ * @see encryption-schema-registry.js
+ */
+class UserRepositoryDocumentDB extends UserRepositoryInterface {
+    constructor() {
+        super();
+        this.prisma = prisma;
+        this.tokenRepository = createTokenRepository();
+        this.encryptionService = new DocumentDBEncryptionService();
+    }
+    async getSessionToken(token) {
+        const jsonToken =
+            this.tokenRepository.getJSONTokenFromBase64BufferToken(token);
+        const sessionToken = await this.tokenRepository.validateAndGetToken(
+            jsonToken
+        );
+        return sessionToken;
+    }
+    async findOrganizationUserById(userId) {
+        const doc = await findOne(this.prisma, 'User', {
+            _id: toObjectId(userId),
+            type: 'ORGANIZATION',
+        });
+        const decrypted = await this.encryptionService.decryptFields(
+            'User',
+            doc
+        );
+        return this._mapUser(decrypted);
+    }
+    async findIndividualUserById(userId) {
+        const doc = await findOne(this.prisma, 'User', {
+            _id: toObjectId(userId),
+            type: 'INDIVIDUAL',
+        });
+        const decrypted = await this.encryptionService.decryptFields(
+            'User',
+            doc
+        );
+        return this._mapUser(decrypted);
+    }
+    async createToken(userId, rawToken, minutes = 120) {
+        const createdToken = await this.tokenRepository.createTokenWithExpire(
+            fromObjectId(toObjectId(userId)),
+            rawToken,
+            minutes
+        );
+        return this.tokenRepository.createBase64BufferToken(
+            createdToken,
+            rawToken
+        );
+    }
+    async createIndividualUser(params) {
+        const now = new Date();
+        const document = {
+            type: 'INDIVIDUAL',
+            email: params.email ?? null,
+            username: params.username ?? null,
+            appUserId: params.appUserId ?? null,
+            organizationId: params.organization
+                ? toObjectId(params.organization)
+                : params.organizationId
+                ? toObjectId(params.organizationId)
+                : null,
+            createdAt: now,
+            updatedAt: now,
+        };
+        if (
+            params.hashword !== undefined &&
+            params.hashword !== null &&
+            params.hashword !== ''
+        ) {
+            if (typeof params.hashword !== 'string') {
+                throw new ClientSafeError('Password must be a string', 400);
+            }
+            if (params.hashword.startsWith('$2')) {
+                throw new Error(
+                    'Password appears to be already hashed. Pass plain text password only.'
+                );
+            }
+            // Bcrypt hash the password
+            document.hashword = await bcrypt.hash(params.hashword, 10);
+        }
+        // Encrypt sensitive fields before insert
+        const encryptedDocument = await this.encryptionService.encryptFields(
+            'User',
+            document
+        );
+        const insertedId = await insertOne(
+            this.prisma,
+            'User',
+            encryptedDocument
+        );
+        const created = await findOne(this.prisma, 'User', { _id: insertedId });
+        // Defensive check: verify document was found after insert
+        if (!created) {
+            console.error(
+                '[UserRepositoryDocumentDB] User not found after insert',
+                {
+                    insertedId: fromObjectId(insertedId),
+                    params: {
+                        username: params.username,
+                        appUserId: params.appUserId,
+                        email: params.email,
+                    },
+                }
+            );
+            throw new Error(
+                'Failed to create individual user: Document not found after insert. ' +
+                    'This indicates a database consistency issue.'
+            );
+        }
+        // Decrypt sensitive fields after read
+        const decrypted = await this.encryptionService.decryptFields(
+            'User',
+            created
+        );
+        return this._mapUser(decrypted);
+    }
+    async createOrganizationUser(params) {
+        const now = new Date();
+        const document = {
+            type: 'ORGANIZATION',
+            appOrgId: params.appOrgId ?? null,
+            name: params.name ?? null,
+            createdAt: now,
+            updatedAt: now,
+        };
+        // Encrypt sensitive fields before insert (consistency with individual user)
+        const encryptedDocument = await this.encryptionService.encryptFields(
+            'User',
+            document
+        );
+        const insertedId = await insertOne(
+            this.prisma,
+            'User',
+            encryptedDocument
+        );
+        const created = await findOne(this.prisma, 'User', { _id: insertedId });
+        // Defensive check: verify document was found after insert
+        if (!created) {
+            console.error(
+                '[UserRepositoryDocumentDB] Organization user not found after insert',
+                {
+                    insertedId: fromObjectId(insertedId),
+                    params: {
+                        appOrgId: params.appOrgId,
+                        name: params.name,
+                    },
+                }
+            );
+            throw new Error(
+                'Failed to create organization user: Document not found after insert. ' +
+                    'This indicates a database consistency issue.'
+            );
+        }
+        // Decrypt sensitive fields after read
+        const decrypted = await this.encryptionService.decryptFields(
+            'User',
+            created
+        );
+        return this._mapUser(decrypted);
+    }
+    async findIndividualUserByUsername(username) {
+        const doc = await findOne(this.prisma, 'User', {
+            type: 'INDIVIDUAL',
+            username,
+        });
+        const decrypted = await this.encryptionService.decryptFields(
+            'User',
+            doc
+        );
+        return this._mapUser(decrypted);
+    }
+    async findIndividualUserByAppUserId(appUserId) {
+        const doc = await findOne(this.prisma, 'User', {
+            type: 'INDIVIDUAL',
+            appUserId,
+        });
+        const decrypted = await this.encryptionService.decryptFields(
+            'User',
+            doc
+        );
+        return this._mapUser(decrypted);
+    }
+    async findOrganizationUserByAppOrgId(appOrgId) {
+        const doc = await findOne(this.prisma, 'User', {
+            type: 'ORGANIZATION',
+            appOrgId,
+        });
+        const decrypted = await this.encryptionService.decryptFields(
+            'User',
+            doc
+        );
+        return this._mapUser(decrypted);
+    }
+    async findUserById(userId) {
+        const doc = await findOne(this.prisma, 'User', {
+            _id: toObjectId(userId),
+        });
+        const decrypted = await this.encryptionService.decryptFields(
+            'User',
+            doc
+        );
+        return this._mapUser(decrypted);
+    }
+    async findIndividualUserByEmail(email) {
+        const doc = await findOne(this.prisma, 'User', {
+            type: 'INDIVIDUAL',
+            email,
+        });
+        const decrypted = await this.encryptionService.decryptFields(
+            'User',
+            doc
+        );
+        return this._mapUser(decrypted);
+    }
+    async updateIndividualUser(userId, updates) {
+        const objectId = toObjectId(userId);
+        if (!objectId) return null;
+        const payload = await this._prepareUpdatePayload(updates);
+        payload.updatedAt = new Date();
+        // Encrypt sensitive fields before update
+        const encryptedPayload = await this.encryptionService.encryptFields(
+            'User',
+            payload
+        );
+        await updateOne(
+            this.prisma,
+            'User',
+            { _id: objectId, type: 'INDIVIDUAL' },
+            { $set: encryptedPayload }
+        );
+        const updated = await findOne(this.prisma, 'User', { _id: objectId });
+        // Defensive check: verify document was found after update
+        if (!updated) {
+            console.error(
+                '[UserRepositoryDocumentDB] Individual user not found after update',
+                {
+                    userId: fromObjectId(objectId),
+                    updates,
+                }
+            );
+            throw new Error(
+                'Failed to update individual user: Document not found after update. ' +
+                    'This indicates a database consistency issue.'
+            );
+        }
+        const decrypted = await this.encryptionService.decryptFields(
+            'User',
+            updated
+        );
+        return this._mapUser(decrypted);
+    }
+    async updateOrganizationUser(userId, updates) {
+        const objectId = toObjectId(userId);
+        if (!objectId) return null;
+        const payload = { ...updates, updatedAt: new Date() };
+        const encryptedPayload = await this.encryptionService.encryptFields(
+            'User',
+            payload
+        );
+        await updateOne(
+            this.prisma,
+            'User',
+            { _id: objectId, type: 'ORGANIZATION' },
+            { $set: encryptedPayload }
+        );
+        const updated = await findOne(this.prisma, 'User', { _id: objectId });
+        if (!updated) {
+            console.error(
+                '[UserRepositoryDocumentDB] Organization user not found after update',
+                {
+                    userId: fromObjectId(objectId),
+                    updates,
+                }
+            );
+            throw new Error(
+                'Failed to update organization user: Document not found after update. ' +
+                    'This indicates a database consistency issue.'
+            );
+        }
+        const decrypted = await this.encryptionService.decryptFields(
+            'User',
+            updated
+        );
+        return this._mapUser(decrypted);
+    }
+    async deleteUser(userId) {
+        const objectId = toObjectId(userId);
+        if (!objectId) return false;
+        const result = await deleteOne(this.prisma, 'User', { _id: objectId });
+        const deleted = result?.n ?? 0;
+        return deleted > 0;
+    }
+    _mapUser(doc) {
+        if (!doc) {
+            console.warn(
+                '[UserRepositoryDocumentDB] _mapUser received null/undefined document'
+            );
+            return null;
+        }
+        // Use optional chaining for robustness
+        return {
+            id: fromObjectId(doc?._id),
+            type: doc?.type ?? null,
+            email: doc?.email ?? null,
+            username: doc?.username ?? null,
+            hashword: doc?.hashword ?? null,
+            appUserId: doc?.appUserId ?? null,
+            organizationId: doc?.organizationId
+                ? fromObjectId(doc.organizationId)
+                : null,
+            appOrgId: doc?.appOrgId ?? null,
+            name: doc?.name ?? null,
+            createdAt: this._parseDate(doc?.createdAt),
+            updatedAt: this._parseDate(doc?.updatedAt),
+        };
+    }
+    async _prepareUpdatePayload(updates = {}) {
+        const payload = { ...updates };
+        if (
+            payload.hashword !== undefined &&
+            payload.hashword !== null &&
+            payload.hashword !== ''
+        ) {
+            if (typeof payload.hashword !== 'string') {
+                throw new ClientSafeError('Password must be a string', 400);
+            }
+            if (payload.hashword.startsWith('$2')) {
+                throw new Error(
+                    'Password appears to be already hashed. Pass plain text password only.'
+                );
+            }
+            payload.hashword = await bcrypt.hash(payload.hashword, 10);
+        }
+        if (payload.organization !== undefined) {
+            payload.organizationId = toObjectId(payload.organization);
+            delete payload.organization;
+        }
+        if (payload.organizationId !== undefined) {
+            payload.organizationId = payload.organizationId
+                ? toObjectId(payload.organizationId)
+                : null;
+        }
+        return payload;
+    }
+    /**
+     * Parse date value safely, returning undefined for invalid dates
+     * @private
+     * @param {*} value - Date value from database
+     * @returns {Date|undefined} Valid Date object or undefined
+     */
+    _parseDate(value) {
+        if (!value) return undefined;
+        const date = new Date(value);
+        return isNaN(date.getTime()) ? undefined : date;
+    }
+}
+module.exports = { UserRepositoryDocumentDB };

package/user/repositories/user-repository-factory.js CHANGED Viewed

@@ -1,5 +1,6 @@
 const { UserRepositoryMongo } = require('./user-repository-mongo');
 const { UserRepositoryPostgres } = require('./user-repository-postgres');
+const { UserRepositoryDocumentDB } = require('./user-repository-documentdb');
 const databaseConfig = require('../../database/config');
 /**
@@ -31,9 +32,12 @@ function createUserRepository() {
         case 'postgresql':
             return new UserRepositoryPostgres();
+        case 'documentdb':
+            return new UserRepositoryDocumentDB();
         default:
             throw new Error(
-                `Unsupported DB_TYPE: ${dbType}. Supported values: 'mongodb', 'postgresql'`
+                `Unsupported DB_TYPE: ${dbType}. Supported values: 'mongodb', 'documentdb', 'postgresql'`
             );
     }
 }
@@ -43,4 +47,5 @@ module.exports = {
     // Export adapters for direct testing
     UserRepositoryMongo,
     UserRepositoryPostgres,
+    UserRepositoryDocumentDB,
 };

package/user/repositories/user-repository-mongo.js CHANGED Viewed

@@ -4,6 +4,7 @@ const {
     createTokenRepository,
 } = require('../../token/repositories/token-repository-factory');
 const { UserRepositoryInterface } = require('./user-repository-interface');
+const { ClientSafeError } = require('../../errors');
 /**
  * MongoDB User Repository Adapter
@@ -113,7 +114,7 @@ class UserRepositoryMongo extends UserRepositoryInterface {
             params.hashword !== ''
         ) {
             if (typeof params.hashword !== 'string') {
-                throw new Error('Password must be a string');
+                throw new ClientSafeError('Password must be a string', 400);
             }
             // Prevent double-hashing: bcrypt hashes start with $2a$ or $2b$
@@ -235,7 +236,7 @@ class UserRepositoryMongo extends UserRepositoryInterface {
             data.hashword !== ''
         ) {
             if (typeof data.hashword !== 'string') {
-                throw new Error('Password must be a string');
+                throw new ClientSafeError('Password must be a string', 400);
             }
             // Prevent double-hashing: bcrypt hashes start with $2a$ or $2b$

package/user/repositories/user-repository-postgres.js CHANGED Viewed

@@ -4,6 +4,7 @@ const {
     createTokenRepository,
 } = require('../../token/repositories/token-repository-factory');
 const { UserRepositoryInterface } = require('./user-repository-interface');
+const { ClientSafeError } = require('../../errors');
 /**
  * PostgreSQL User Repository Adapter
@@ -150,7 +151,7 @@ class UserRepositoryPostgres extends UserRepositoryInterface {
             params.hashword !== ''
         ) {
             if (typeof params.hashword !== 'string') {
-                throw new Error('Password must be a string');
+                throw new ClientSafeError('Password must be a string', 400);
             }
             // Prevent double-hashing: bcrypt hashes start with $2a$ or $2b$
@@ -290,7 +291,7 @@ class UserRepositoryPostgres extends UserRepositoryInterface {
             data.hashword !== ''
         ) {
             if (typeof data.hashword !== 'string') {
-                throw new Error('Password must be a string');
+                throw new ClientSafeError('Password must be a string', 400);
             }
             // Prevent double-hashing: bcrypt hashes start with $2a$ or $2b$

package/user/use-cases/login-user.js CHANGED Viewed

@@ -115,7 +115,7 @@ class LoginUser {
             return organizationUser;
         }
-        return null;
+        throw new Error('User configuration must require either individualUserRequired or organizationUserRequired');
     }
 }

package/websocket/repositories/websocket-connection-repository-documentdb.js ADDED Viewed

@@ -0,0 +1,119 @@
+const { prisma } = require('../../database/prisma');
+const {
+    ApiGatewayManagementApiClient,
+    PostToConnectionCommand,
+} = require('@aws-sdk/client-apigatewaymanagementapi');
+const {
+    toObjectId,
+    fromObjectId,
+    findMany,
+    findOne,
+    insertOne,
+    deleteOne,
+    deleteMany,
+} = require('../../database/documentdb-utils');
+const {
+    WebsocketConnectionRepositoryInterface,
+} = require('./websocket-connection-repository-interface');
+class WebsocketConnectionRepositoryDocumentDB extends WebsocketConnectionRepositoryInterface {
+    constructor() {
+        super();
+        this.prisma = prisma;
+    }
+    async createConnection(connectionId) {
+        const now = new Date();
+        const document = {
+            connectionId,
+            createdAt: now,
+            updatedAt: now,
+        };
+        const insertedId = await insertOne(this.prisma, 'WebsocketConnection', document);
+        const created = await findOne(this.prisma, 'WebsocketConnection', { _id: insertedId });
+        return this._mapConnection(created);
+    }
+    async deleteConnection(connectionId) {
+        const result = await deleteOne(this.prisma, 'WebsocketConnection', { connectionId });
+        const deleted = result?.n ?? 0;
+        return { acknowledged: true, deletedCount: deleted };
+    }
+    async getActiveConnections() {
+        if (!process.env.WEBSOCKET_API_ENDPOINT) {
+            return [];
+        }
+        const connections = await findMany(
+            this.prisma,
+            'WebsocketConnection',
+            {},
+            { projection: { connectionId: 1 } }
+        );
+        return connections.map((conn) => ({
+            connectionId: conn.connectionId,
+            send: async (data) => {
+                const apigwManagementApi = new ApiGatewayManagementApiClient({
+                    endpoint: process.env.WEBSOCKET_API_ENDPOINT,
+                });
+                try {
+                    const command = new PostToConnectionCommand({
+                        ConnectionId: conn.connectionId,
+                        Data: JSON.stringify(data),
+                    });
+                    await apigwManagementApi.send(command);
+                } catch (error) {
+                    if (error.statusCode === 410 || error.$metadata?.httpStatusCode === 410) {
+                        console.log(`Stale connection ${conn.connectionId}`);
+                        await deleteMany(this.prisma, 'WebsocketConnection', {
+                            connectionId: conn.connectionId,
+                        });
+                    } else {
+                        throw error;
+                    }
+                }
+            },
+        }));
+    }
+    async findConnection(connectionId) {
+        const doc = await findOne(this.prisma, 'WebsocketConnection', { connectionId });
+        return doc ? this._mapConnection(doc) : null;
+    }
+    async findConnectionById(id) {
+        const objectId = toObjectId(id);
+        if (!objectId) return null;
+        const doc = await findOne(this.prisma, 'WebsocketConnection', { _id: objectId });
+        return doc ? this._mapConnection(doc) : null;
+    }
+    async getAllConnections() {
+        const docs = await findMany(this.prisma, 'WebsocketConnection');
+        return docs.map((doc) => this._mapConnection(doc));
+    }
+    async deleteAllConnections() {
+        const result = await deleteMany(this.prisma, 'WebsocketConnection', {});
+        const deleted = result?.n ?? 0;
+        return {
+            acknowledged: true,
+            deletedCount: deleted,
+        };
+    }
+    _mapConnection(doc) {
+        if (!doc) return null;
+        return {
+            id: fromObjectId(doc._id),
+            connectionId: doc.connectionId,
+        };
+    }
+}
+module.exports = { WebsocketConnectionRepositoryDocumentDB };

package/websocket/repositories/websocket-connection-repository-factory.js CHANGED Viewed

@@ -4,6 +4,9 @@ const {
 const {
     WebsocketConnectionRepositoryPostgres,
 } = require('./websocket-connection-repository-postgres');
+const {
+    WebsocketConnectionRepositoryDocumentDB,
+} = require('./websocket-connection-repository-documentdb');
 const config = require('../../database/config');
 /**
@@ -22,9 +25,12 @@ function createWebsocketConnectionRepository() {
         case 'postgresql':
             return new WebsocketConnectionRepositoryPostgres();
+        case 'documentdb':
+            return new WebsocketConnectionRepositoryDocumentDB();
         default:
             throw new Error(
-                `Unsupported database type: ${dbType}. Supported values: 'mongodb', 'postgresql'`
+                `Unsupported database type: ${dbType}. Supported values: 'mongodb', 'documentdb', 'postgresql'`
             );
     }
 }
@@ -34,4 +40,5 @@ module.exports = {
     // Export adapters for direct testing
     WebsocketConnectionRepositoryMongo,
     WebsocketConnectionRepositoryPostgres,
+    WebsocketConnectionRepositoryDocumentDB,
 };