npm - @friggframework/core - Versions diffs - 2.0.0-next.55 → 2.0.0-next.57 - Mend

@friggframework/core 2.0.0-next.55 → 2.0.0-next.57

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/credential/repositories/credential-repository-documentdb.js +3 -3
package/credential/repositories/credential-repository-mongo.js +1 -1
package/credential/repositories/credential-repository-postgres.js +8 -3
package/database/encryption/README.md +126 -20
package/database/encryption/encryption-schema-registry.js +83 -2
package/database/index.js +39 -12
package/database/utils/prisma-runner.js +71 -0
package/handlers/backend-utils.js +16 -10
package/handlers/routers/db-migration.js +72 -1
package/integrations/integration-base.js +32 -3
package/integrations/integration-router.js +5 -9
package/modules/requester/api-key.js +24 -8
package/modules/use-cases/get-entity-options-by-id.js +17 -5
package/modules/use-cases/get-module.js +21 -2
package/modules/use-cases/process-authorization-callback.js +12 -1
package/modules/use-cases/refresh-entity-options.js +18 -5
package/modules/use-cases/test-module-auth.js +19 -2
package/package.json +5 -5
package/prisma-postgresql/migrations/20251112195422_update_user_unique_constraints/migration.sql +0 -44
package/queues/queuer-util.js +0 -8
package/user/repositories/user-repository-documentdb.js +20 -0
package/user/repositories/user-repository-interface.js +14 -0
package/user/repositories/user-repository-mongo.js +18 -0
package/user/repositories/user-repository-postgres.js +22 -0
package/user/use-cases/get-user-from-x-frigg-headers.js +47 -21
package/user/user.js +32 -0

package/user/use-cases/get-user-from-x-frigg-headers.js CHANGED Viewed

@@ -53,7 +53,7 @@ class GetUserFromXFriggHeaders {
                 );
         }
-        // VALIDATION: If both IDs provided and both users exist, verify they match
+        // VALIDATION/AUTO-LINKING: If both IDs provided and both users exist, handle mismatch
         if (
             appUserId &&
             appOrgId &&
@@ -66,31 +66,57 @@ class GetUserFromXFriggHeaders {
             const expectedOrgId = organizationUserData.id?.toString();
             if (individualOrgId !== expectedOrgId) {
-                throw Boom.badRequest(
-                    'User ID mismatch: x-frigg-appUserId and x-frigg-appOrgId refer to different users. ' +
-                        'Provide only one identifier or ensure they belong to the same user.'
+                // Default behavior: Auto-link disconnected users
+                // Opt-in strict mode: Throw error on mismatch
+                if (this.userConfig.strictUserValidation) {
+                    throw Boom.badRequest(
+                        'User ID mismatch: x-frigg-appUserId and x-frigg-appOrgId refer to different users. ' +
+                            'Provide only one identifier or ensure they belong to the same user.'
+                    );
+                }
+                // Auto-link the users
+                individualUserData = await this.userRepository.linkIndividualToOrganization(
+                    individualUserData.id,
+                    organizationUserData.id
                 );
             }
         }
-        // Auto-create user if not found
-        if (!individualUserData && !organizationUserData) {
-            if (appUserId) {
-                individualUserData =
-                    await this.userRepository.createIndividualUser({
-                        appUserId,
-                        username: `app-user-${appUserId}`,
-                        email: `${appUserId}@app.local`,
-                    });
-            } else {
-                organizationUserData =
-                    await this.userRepository.createOrganizationUser({
-                        appOrgId,
-                    });
+        // Auto-create users independently if they don't exist and are required
+        if (
+            !individualUserData &&
+            appUserId &&
+            this.userConfig.individualUserRequired !== false
+        ) {
+            individualUserData =
+                await this.userRepository.createIndividualUser({
+                    appUserId,
+                    username: `app-user-${appUserId}`,
+                    email: `${appUserId}@app.local`,
+                });
+        }
+        if (
+            !organizationUserData &&
+            appOrgId &&
+            this.userConfig.organizationUserRequired
+        ) {
+            organizationUserData =
+                await this.userRepository.createOrganizationUser({
+                    appOrgId,
+                });
+            // Link individual user to newly created org user if individual exists
+            if (individualUserData && organizationUserData) {
+                individualUserData = await this.userRepository.linkIndividualToOrganization(
+                    individualUserData.id,
+                    organizationUserData.id
+                );
             }
         }
-        return new User(
+        const user = new User(
             individualUserData,
             organizationUserData,
             this.userConfig.usePassword,
@@ -98,9 +124,9 @@ class GetUserFromXFriggHeaders {
             this.userConfig.individualUserRequired,
             this.userConfig.organizationUserRequired
         );
+        return user;
     }
 }
 module.exports = { GetUserFromXFriggHeaders };

package/user/user.js CHANGED Viewed

@@ -88,6 +88,38 @@ class User {
     getAppOrgId() {
         return this.organizationUser?.appOrgId || null;
     }
+    /**
+     * Checks if a given userId belongs to this user (either primary or linked).
+     * When primary is 'organization', entities owned by the linked individual user
+     * should still be accessible to the organization.
+     *
+     * @param {string|number} userId - The userId to check
+     * @returns {boolean} True if the userId belongs to this user or their linked user
+     */
+    ownsUserId(userId) {
+        const userIdStr = userId?.toString();
+        const primaryId = this.getPrimaryUser()?.id?.toString();
+        const individualId = this.individualUser?.id?.toString();
+        const organizationId = this.organizationUser?.id?.toString();
+        // Check if userId matches primary user
+        if (userIdStr === primaryId) {
+            return true;
+        }
+        // When primary is 'organization', also check linked individual user
+        if (this.config.primary === 'organization' && userIdStr === individualId) {
+            return true;
+        }
+        // When primary is 'individual', also check linked organization user if required
+        if (this.config.primary === 'individual' && this.config.organizationUserRequired && userIdStr === organizationId) {
+            return true;
+        }
+        return false;
+    }
 }
 module.exports = { User };