@friggframework/core 2.0.0-next.54 → 2.0.0-next.55

package/credential/use-cases/get-credential-for-user.js

@@ -4,14 +4,18 @@ class GetCredentialForUser {
     }
 
     async execute(credentialId, userId) {
-        const credential = await this.credentialRepository.findCredentialById(credentialId);
+        const credential = await this.credentialRepository.findCredentialById(
+            credentialId
+        );
 
         if (!credential) {
             throw new Error(`Credential with id ${credentialId} not found`);
         }
 
-        if (credential.user.toString() !== userId.toString()) {
-            throw new Error(`Credential ${credentialId} does not belong to user ${userId}`);
+        if (credential.userId.toString() !== userId.toString()) {
+            throw new Error(
+                `Credential ${credentialId} does not belong to user ${userId}`
+            );
         }
 
         return credential;

package/database/encryption/README.md

@@ -130,7 +130,6 @@ const ENCRYPTION_SCHEMA = {
         fields: [
             'data.access_token', // OAuth access token
             'data.refresh_token', // OAuth refresh token
-            'data.domain', // Service domain
             'data.id_token', // OpenID Connect ID token
         ],
     },

package/errors/client-safe-error.js

@@ -0,0 +1,26 @@
+const { BaseError } = require('./base-error');
+
+/**
+ * ClientSafeError - An error that is safe to expose to end users
+ *
+ * Use this error class when the error message does not contain sensitive
+ * implementation details and can be safely shown to users.
+ *
+ * Examples:
+ * - "Invalid Token: Token is expired"
+ * - "User not found"
+ * - "Invalid credentials"
+ *
+ * @param {string} message - The user-safe error message
+ * @param {number} statusCode - HTTP status code (default: 400)
+ * @param {object} options - Additional error options (cause, etc.)
+ */
+class ClientSafeError extends BaseError {
+    constructor(message, statusCode = 400, options) {
+        super(message, options);
+        this.statusCode = statusCode;
+        this.isClientSafe = true;
+    }
+}
+
+module.exports = { ClientSafeError };

package/errors/fetch-error.js

@@ -61,8 +61,9 @@ class FetchError extends BaseError {
         ];
 
         super(messageParts.filter(Boolean).join('\n'));
-        
+
         this.response = response;
+        this.statusCode = response?.status;
     }
 
     static async create(options = {}) {

package/errors/index.js

@@ -5,6 +5,7 @@ const {
     RequiredPropertyError,
     ParameterTypeError,
 } = require('./validation-errors');
+const { ClientSafeError } = require('./client-safe-error');
 
 module.exports = {
     BaseError,
@@ -12,4 +13,5 @@ module.exports = {
     HaltError,
     RequiredPropertyError,
     ParameterTypeError,
+    ClientSafeError,
 };

package/integrations/integration-router.js

@@ -65,9 +65,7 @@ const {
 const {
     AuthenticateWithSharedSecret,
 } = require('../user/use-cases/authenticate-with-shared-secret');
-const {
-    AuthenticateUser,
-} = require('../user/use-cases/authenticate-user');
+const { AuthenticateUser } = require('../user/use-cases/authenticate-user');
 const {
     ProcessAuthorizationCallback,
 } = require('../modules/use-cases/process-authorization-callback');
@@ -234,8 +232,10 @@ function checkRequiredParams(params, requiredKeys) {
 
     if (missingKeys.length > 0) {
         throw Boom.badRequest(
-            `Missing Parameter${missingKeys.length === 1 ? '' : 's'
-            }: ${missingKeys.join(', ')} ${missingKeys.length === 1 ? 'is' : 'are'
+            `Missing Parameter${
+                missingKeys.length === 1 ? '' : 's'
+            }: ${missingKeys.join(', ')} ${
+                missingKeys.length === 1 ? 'is' : 'are'
             } required.`
         );
     }
@@ -584,7 +584,7 @@ function setEntityRoutes(router, authenticateUser, useCases) {
                 req.params.credentialId,
                 userId
             );
-            if (credential.user._id.toString() !== userId) {
+            if (credential.userId.toString() !== userId) {
                 throw Boom.forbidden('Credential does not belong to user');
             }
 

package/integrations/repositories/integration-mapping-repository-documentdb.js

@@ -12,74 +12,167 @@ const {
 const {
     IntegrationMappingRepositoryInterface,
 } = require('./integration-mapping-repository-interface');
-
+const {
+    DocumentDBEncryptionService,
+} = require('../../database/documentdb-encryption-service');
 class IntegrationMappingRepositoryDocumentDB extends IntegrationMappingRepositoryInterface {
     constructor() {
         super();
         this.prisma = prisma;
+        this.encryptionService = new DocumentDBEncryptionService();
     }
 
     async findMappingBy(integrationId, sourceId) {
         const filter = this._compositeFilter(integrationId, sourceId);
         const doc = await findOne(this.prisma, 'IntegrationMapping', filter);
-        return doc ? this._mapMapping(doc) : null;
+        if (!doc) return null;
+
+        const decryptedMapping = await this.encryptionService.decryptFields(
+            'IntegrationMapping',
+            doc
+        );
+        return this._mapMapping(decryptedMapping);
     }
 
     async upsertMapping(integrationId, sourceId, mapping) {
         const filter = this._compositeFilter(integrationId, sourceId);
-        const existing = await findOne(this.prisma, 'IntegrationMapping', filter);
+        const existing = await findOne(
+            this.prisma,
+            'IntegrationMapping',
+            filter
+        );
         const now = new Date();
 
         if (existing) {
+            const decryptedExisting =
+                await this.encryptionService.decryptFields(
+                    'IntegrationMapping',
+                    existing
+                );
+
+            const updateDocument = {
+                mapping,
+                updatedAt: now,
+            };
+
+            const encryptedUpdate = await this.encryptionService.encryptFields(
+                'IntegrationMapping',
+                { mapping: updateDocument.mapping }
+            );
+
             await updateOne(
                 this.prisma,
                 'IntegrationMapping',
                 { _id: existing._id },
                 {
                     $set: {
-                        mapping,
-                        updatedAt: now,
+                        mapping: encryptedUpdate.mapping,
+                        updatedAt: updateDocument.updatedAt,
                     },
                 }
             );
-            const updated = await findOne(this.prisma, 'IntegrationMapping', { _id: existing._id });
-            return this._mapMapping(updated);
+
+            const updated = await findOne(this.prisma, 'IntegrationMapping', {
+                _id: existing._id,
+            });
+            if (!updated) {
+                console.error(
+                    '[IntegrationMappingRepositoryDocumentDB] Mapping not found after update',
+                    {
+                        mappingId: fromObjectId(existing._id),
+                        integrationId,
+                        sourceId,
+                    }
+                );
+                throw new Error(
+                    'Failed to update mapping: Document not found after update. ' +
+                        'This indicates a database consistency issue.'
+                );
+            }
+            const decryptedMapping = await this.encryptionService.decryptFields(
+                'IntegrationMapping',
+                updated
+            );
+            return this._mapMapping(decryptedMapping);
         }
 
-        const document = {
-            integrationId: toObjectId(integrationId),
-            sourceId: sourceId === null || sourceId === undefined ? null : String(sourceId),
+        const plainDocument = {
+            integrationId: integrationId,
+            sourceId:
+                sourceId === null || sourceId === undefined
+                    ? null
+                    : String(sourceId),
             mapping,
             createdAt: now,
             updatedAt: now,
         };
-        const insertedId = await insertOne(this.prisma, 'IntegrationMapping', document);
-        const created = await findOne(this.prisma, 'IntegrationMapping', { _id: insertedId });
-        return this._mapMapping(created);
+
+        const encryptedDocument = await this.encryptionService.encryptFields(
+            'IntegrationMapping',
+            plainDocument
+        );
+
+        const insertedId = await insertOne(
+            this.prisma,
+            'IntegrationMapping',
+            encryptedDocument
+        );
+
+        const created = await findOne(this.prisma, 'IntegrationMapping', {
+            _id: insertedId,
+        });
+        if (!created) {
+            console.error(
+                '[IntegrationMappingRepositoryDocumentDB] Mapping not found after insert',
+                {
+                    insertedId: fromObjectId(insertedId),
+                    integrationId,
+                    sourceId,
+                }
+            );
+            throw new Error(
+                'Failed to create mapping: Document not found after insert. ' +
+                    'This indicates a database consistency issue.'
+            );
+        }
+        const decryptedMapping = await this.encryptionService.decryptFields(
+            'IntegrationMapping',
+            created
+        );
+        return this._mapMapping(decryptedMapping);
     }
 
     async findMappingsByIntegration(integrationId) {
         const filter = {};
-        const integrationObjectId = toObjectId(integrationId);
-        if (integrationObjectId) filter.integrationId = integrationObjectId;
+        if (integrationId) filter.integrationId = integrationId;
         const docs = await findMany(this.prisma, 'IntegrationMapping', filter);
-        return docs.map((doc) => this._mapMapping(doc));
+
+        const decryptedDocs = await Promise.all(
+            docs.map((doc) =>
+                this.encryptionService.decryptFields('IntegrationMapping', doc)
+            )
+        );
+
+        return decryptedDocs.map((doc) => this._mapMapping(doc));
     }
 
     async deleteMapping(integrationId, sourceId) {
         const filter = this._compositeFilter(integrationId, sourceId);
-        const result = await deleteOne(this.prisma, 'IntegrationMapping', filter);
+        const result = await deleteOne(
+            this.prisma,
+            'IntegrationMapping',
+            filter
+        );
         const deleted = result?.n ?? 0;
         return { acknowledged: true, deletedCount: deleted };
     }
 
     async deleteMappingsByIntegration(integrationId) {
-        const integrationObjectId = toObjectId(integrationId);
-        if (!integrationObjectId) {
+        if (!integrationId) {
             return { acknowledged: true, deletedCount: 0 };
         }
         const result = await deleteMany(this.prisma, 'IntegrationMapping', {
-            integrationId: integrationObjectId,
+            integrationId: integrationId,
         });
         const deleted = result?.n ?? 0;
         return { acknowledged: true, deletedCount: deleted };
@@ -88,32 +181,84 @@ class IntegrationMappingRepositoryDocumentDB extends IntegrationMappingRepositor
     async findMappingById(id) {
         const objectId = toObjectId(id);
         if (!objectId) return null;
-        const doc = await findOne(this.prisma, 'IntegrationMapping', { _id: objectId });
-        return doc ? this._mapMapping(doc) : null;
+        const doc = await findOne(this.prisma, 'IntegrationMapping', {
+            _id: objectId,
+        });
+        if (!doc) return null;
+
+        const decryptedMapping = await this.encryptionService.decryptFields(
+            'IntegrationMapping',
+            doc
+        );
+        return this._mapMapping(decryptedMapping);
     }
 
     async updateMapping(id, updates) {
         const objectId = toObjectId(id);
         if (!objectId) return null;
+
+        const existing = await findOne(this.prisma, 'IntegrationMapping', {
+            _id: objectId,
+        });
+        if (!existing) return null;
+
+        const decryptedExisting = await this.encryptionService.decryptFields(
+            'IntegrationMapping',
+            existing
+        );
+
+        const mergedMapping =
+            updates.mapping !== undefined
+                ? updates.mapping
+                : decryptedExisting.mapping;
+
+        const updateDocument = {
+            ...updates,
+            updatedAt: new Date(),
+        };
+
+        if (mergedMapping !== undefined) {
+            const encryptedUpdate = await this.encryptionService.encryptFields(
+                'IntegrationMapping',
+                { mapping: mergedMapping }
+            );
+            updateDocument.mapping = encryptedUpdate.mapping;
+        }
+
         await updateOne(
             this.prisma,
             'IntegrationMapping',
             { _id: objectId },
             {
-                $set: {
-                    ...updates,
-                    updatedAt: new Date(),
-                },
+                $set: updateDocument,
             }
         );
-        const updated = await findOne(this.prisma, 'IntegrationMapping', { _id: objectId });
-        return updated ? this._mapMapping(updated) : null;
+
+        const updated = await findOne(this.prisma, 'IntegrationMapping', {
+            _id: objectId,
+        });
+        if (!updated) {
+            console.error(
+                '[IntegrationMappingRepositoryDocumentDB] Mapping not found after update',
+                {
+                    mappingId: fromObjectId(objectId),
+                }
+            );
+            throw new Error(
+                'Failed to update mapping: Document not found after update. ' +
+                    'This indicates a database consistency issue.'
+            );
+        }
+        const decryptedMapping = await this.encryptionService.decryptFields(
+            'IntegrationMapping',
+            updated
+        );
+        return this._mapMapping(decryptedMapping);
     }
 
     _compositeFilter(integrationId, sourceId) {
         const filter = {};
-        const integrationObjectId = toObjectId(integrationId);
-        if (integrationObjectId) filter.integrationId = integrationObjectId;
+        if (integrationId) filter.integrationId = integrationId;
         if (sourceId !== undefined) {
             filter.sourceId = sourceId === null ? null : String(sourceId);
         }
@@ -123,13 +268,13 @@ class IntegrationMappingRepositoryDocumentDB extends IntegrationMappingRepositor
     _mapMapping(doc) {
         return {
             id: fromObjectId(doc?._id),
-            integrationId: fromObjectId(doc?.integrationId),
+            integrationId: doc?.integrationId ?? null,
             sourceId: doc?.sourceId ?? null,
             mapping: doc?.mapping ?? null,
+            createdAt: doc?.createdAt,
+            updatedAt: doc?.updatedAt,
         };
     }
 }
 
 module.exports = { IntegrationMappingRepositoryDocumentDB };
-
-

package/integrations/repositories/integration-repository-documentdb.js

@@ -127,6 +127,17 @@ class IntegrationRepositoryDocumentDB extends IntegrationRepositoryInterface {
         };
         const insertedId = await insertOne(this.prisma, 'Integration', document);
         const created = await findOne(this.prisma, 'Integration', { _id: insertedId });
+        if (!created) {
+            console.error('[IntegrationRepositoryDocumentDB] Integration not found after insert', {
+                insertedId: fromObjectId(insertedId),
+                userId,
+                config,
+            });
+            throw new Error(
+                'Failed to create integration: Document not found after insert. ' +
+                'This indicates a database consistency issue.'
+            );
+        }
         return this._mapIntegration(created);
     }
 
@@ -157,6 +168,16 @@ class IntegrationRepositoryDocumentDB extends IntegrationRepositoryInterface {
             }
         );
         const updated = await findOne(this.prisma, 'Integration', { _id: objectId });
+        if (!updated) {
+            console.error('[IntegrationRepositoryDocumentDB] Integration not found after update', {
+                integrationId: fromObjectId(objectId),
+                config,
+            });
+            throw new Error(
+                'Failed to update integration: Document not found after update. ' +
+                'This indicates a database consistency issue.'
+            );
+        }
         return this._mapIntegration(updated);
     }