@friggframework/core 2.0.0-next.8 → 2.0.0-next.80

package/user/use-cases/get-user-from-x-frigg-headers.js

@@ -0,0 +1,132 @@
+const Boom = require('@hapi/boom');
+const { User } = require('../user');
+
+/**
+ * Use case for retrieving or creating a user from x-frigg header identifiers.
+ * Supports backend-to-backend API communication using application user IDs.
+ *
+ * @class GetUserFromXFriggHeaders
+ */
+class GetUserFromXFriggHeaders {
+    /**
+     * Creates a new GetUserFromXFriggHeaders instance.
+     * @param {Object} params - Configuration parameters.
+     * @param {import('../repositories/user-repository-interface').UserRepositoryInterface} params.userRepository - Repository for user data operations.
+     * @param {Object} params.userConfig - The user config in the app definition.
+     */
+    constructor({ userRepository, userConfig }) {
+        this.userRepository = userRepository;
+        this.userConfig = userConfig;
+    }
+
+    /**
+     * Executes the use case.
+     * @async
+     * @param {string} [appUserId] - The app user ID from x-frigg-appUserId header.
+     * @param {string} [appOrgId] - The app organization ID from x-frigg-appOrgId header.
+     * @returns {Promise<import('../user').User>} The authenticated user object.
+     * @throws {Boom} 400 Bad Request if neither ID is provided or if both IDs are provided but belong to different users.
+     */
+    async execute(appUserId, appOrgId) {
+        // At least one header must be provided
+        if (!appUserId && !appOrgId) {
+            throw Boom.badRequest(
+                'At least one of x-frigg-appUserId or x-frigg-appOrgId headers is required for backend-to-backend authentication'
+            );
+        }
+
+        // Find users by both IDs if both are provided
+        let individualUserData = null;
+        let organizationUserData = null;
+
+        if (appUserId && this.userConfig.individualUserRequired !== false) {
+            individualUserData =
+                await this.userRepository.findIndividualUserByAppUserId(
+                    appUserId
+                );
+        }
+
+        if (appOrgId && this.userConfig.organizationUserRequired) {
+            organizationUserData =
+                await this.userRepository.findOrganizationUserByAppOrgId(
+                    appOrgId
+                );
+        }
+
+        // VALIDATION/AUTO-LINKING: If both IDs provided and both users exist, handle mismatch
+        if (
+            appUserId &&
+            appOrgId &&
+            individualUserData &&
+            organizationUserData
+        ) {
+            // Check if individual user is linked to the org user
+            const individualOrgId =
+                individualUserData.organizationUser?.toString();
+            const expectedOrgId = organizationUserData.id?.toString();
+
+            if (individualOrgId !== expectedOrgId) {
+                // Default behavior: Auto-link disconnected users
+                // Opt-in strict mode: Throw error on mismatch
+                if (this.userConfig.strictUserValidation) {
+                    throw Boom.badRequest(
+                        'User ID mismatch: x-frigg-appUserId and x-frigg-appOrgId refer to different users. ' +
+                            'Provide only one identifier or ensure they belong to the same user.'
+                    );
+                }
+
+                // Auto-link the users
+                individualUserData = await this.userRepository.linkIndividualToOrganization(
+                    individualUserData.id,
+                    organizationUserData.id
+                );
+            }
+        }
+
+        // Auto-create users independently if they don't exist and are required
+        if (
+            !individualUserData &&
+            appUserId &&
+            this.userConfig.individualUserRequired !== false
+        ) {
+            individualUserData =
+                await this.userRepository.createIndividualUser({
+                    appUserId,
+                    username: `app-user-${appUserId}`,
+                    email: `${appUserId}@app.local`,
+                });
+        }
+
+        if (
+            !organizationUserData &&
+            appOrgId &&
+            this.userConfig.organizationUserRequired
+        ) {
+            organizationUserData =
+                await this.userRepository.createOrganizationUser({
+                    appOrgId,
+                });
+
+            // Link individual user to newly created org user if individual exists
+            if (individualUserData && organizationUserData) {
+                individualUserData = await this.userRepository.linkIndividualToOrganization(
+                    individualUserData.id,
+                    organizationUserData.id
+                );
+            }
+        }
+
+        const user = new User(
+            individualUserData,
+            organizationUserData,
+            this.userConfig.usePassword,
+            this.userConfig.primary,
+            this.userConfig.individualUserRequired,
+            this.userConfig.organizationUserRequired
+        );
+
+        return user;
+    }
+}
+
+module.exports = { GetUserFromXFriggHeaders };

package/user/use-cases/login-user.js

@@ -0,0 +1,122 @@
+const Boom = require('@hapi/boom');
+const {
+    RequiredPropertyError,
+} = require('../../errors');
+const { User } = require('../user');
+
+/**
+ * Use case for logging in a user.
+ * @class LoginUser
+ */
+class LoginUser {
+    /**
+     * Creates a new LoginUser instance.
+     * @param {Object} params - Configuration parameters.
+     * @param {import('../user-repository-interface').UserRepositoryInterface} params.userRepository - Repository for user data operations.
+     * @param {Object} params.userConfig - The user properties inside of the app definition.
+     */
+    constructor({ userRepository, userConfig }) {
+        this.userRepository = userRepository;
+        this.userConfig = userConfig;
+    }
+
+    /**
+     * Executes the use case.
+     * @async
+     * @param {Object} userCredentials - The user's credentials for authentication.
+     * @param {string} [userCredentials.username] - The username for authentication.
+     * @param {string} [userCredentials.password] - The password for authentication.
+     * @param {string} [userCredentials.appUserId] - The app user id for authentication if no username and password are provided.
+     * @param {string} [userCredentials.appOrgId] - The app organization id for authentication if no username and password are provided.
+     * @returns {Promise<import('../user').User>} The authenticated user object.
+     */
+    async execute(userCredentials) {
+        const { username, password, appUserId, appOrgId } = userCredentials;
+        if (this.userConfig.individualUserRequired) {
+            if (this.userConfig.usePassword) {
+                if (!username) {
+                    throw new RequiredPropertyError({
+                        parent: this,
+                        key: 'username',
+                    });
+                }
+                if (!password) {
+                    throw new RequiredPropertyError({
+                        parent: this,
+                        key: 'password',
+                    });
+                }
+
+                const individualUserData =
+                    await this.userRepository.findIndividualUserByUsername(
+                        username
+                    );
+
+                if (!individualUserData) {
+                    throw Boom.unauthorized('user not found');
+                }
+
+                const individualUser = new User(
+                    individualUserData,
+                    null,
+                    this.userConfig.usePassword,
+                    this.userConfig.primary,
+                    this.userConfig.individualUserRequired,
+                    this.userConfig.organizationUserRequired
+                );
+
+                if (!(await individualUser.isPasswordValid(password))) {
+                    throw Boom.unauthorized('Incorrect username or password');
+                }
+
+                return individualUser;
+            } else {
+                const individualUserData =
+                    await this.userRepository.findIndividualUserByAppUserId(
+                        appUserId
+                    );
+
+                if (!individualUserData) {
+                    throw Boom.unauthorized('user not found');
+                }
+
+                const individualUser = new User(
+                    individualUserData,
+                    null,
+                    this.userConfig.usePassword,
+                    this.userConfig.primary,
+                    this.userConfig.individualUserRequired,
+                    this.userConfig.organizationUserRequired
+                );
+
+                return individualUser;
+            }
+        }
+
+
+        if (this.userConfig.organizationUserRequired) {
+
+            const organizationUserData =
+                await this.userRepository.findOrganizationUserByAppOrgId(appOrgId);
+
+            if (!organizationUserData) {
+                throw Boom.unauthorized(`org user ${appOrgId} not found`);
+            }
+
+            const organizationUser = new User(
+                null,
+                organizationUserData,
+                this.userConfig.usePassword,
+                this.userConfig.primary,
+                this.userConfig.individualUserRequired,
+                this.userConfig.organizationUserRequired
+            );
+
+            return organizationUser;
+        }
+
+        throw new Error('User configuration must require either individualUserRequired or organizationUserRequired');
+    }
+}
+
+module.exports = { LoginUser }; 

package/user/user.js

@@ -0,0 +1,125 @@
+const bcrypt = require('bcryptjs');
+
+/**
+ * Represents a user in the system. The User class is a domain entity,
+ * @class User
+ */
+class User {
+    /**
+     * Creates a new User instance.
+     * @param {import('../database/models/IndividualUser').IndividualUser} [individualUser=null] - The individual user for the user.
+     * @param {import('../database/models/OrganizationUser').OrganizationUser} [organizationUser=null] - The organization user for the user.
+     * @param {boolean} [usePassword=false] - Whether the user has a password.
+     * @param {string} [primary='individual'] - The primary user type.
+     * @param {boolean} [individualUserRequired=true] - Whether the user is required to have an individual user.
+     * @param {boolean} [organizationUserRequired=false] - Whether the user is required to have an organization user.
+     */
+    constructor(individualUser = null, organizationUser = null, usePassword = false, primary = 'individual', individualUserRequired = true, organizationUserRequired = false) {
+        this.individualUser = individualUser;
+        this.organizationUser = organizationUser;
+        this.usePassword = usePassword;
+
+        this.config = {
+            primary,
+            individualUserRequired,
+            organizationUserRequired,
+        };
+    }
+
+    getPrimaryUser() {
+        if (this.config.primary === 'organization') {
+            return this.organizationUser;
+        }
+        return this.individualUser;
+    }
+
+    getId() {
+        return this.getPrimaryUser()?.id;
+    }
+
+    isPasswordRequired() {
+        return this.usePassword;
+    }
+
+    async isPasswordValid(password) {
+        if (!this.isPasswordRequired()) {
+            return true;
+        }
+
+        return await bcrypt.compare(password, this.getPrimaryUser().hashword);
+    }
+
+    setIndividualUser(individualUser) {
+        this.individualUser = individualUser;
+    }
+
+    setOrganizationUser(organizationUser) {
+        this.organizationUser = organizationUser;
+    }
+
+    isOrganizationUserRequired() {
+        return this.config.organizationUserRequired;
+    }
+
+    isIndividualUserRequired() {
+        return this.config.individualUserRequired;
+    }
+
+    getIndividualUser() {
+        return this.individualUser;
+    }
+
+    getOrganizationUser() {
+        return this.organizationUser;
+    }
+
+    /**
+     * Gets the appUserId from the individual user if present.
+     * @returns {string|null} The app user ID or null
+     */
+    getAppUserId() {
+        return this.individualUser?.appUserId || null;
+    }
+
+    /**
+     * Gets the appOrgId from the organization user if present.
+     * @returns {string|null} The app organization ID or null
+     */
+    getAppOrgId() {
+        return this.organizationUser?.appOrgId || null;
+    }
+
+    /**
+     * Checks if a given userId belongs to this user (either primary or linked).
+     * When primary is 'organization', entities owned by the linked individual user
+     * should still be accessible to the organization.
+     *
+     * @param {string|number} userId - The userId to check
+     * @returns {boolean} True if the userId belongs to this user or their linked user
+     */
+    ownsUserId(userId) {
+        const userIdStr = userId?.toString();
+        const primaryId = this.getPrimaryUser()?.id?.toString();
+        const individualId = this.individualUser?.id?.toString();
+        const organizationId = this.organizationUser?.id?.toString();
+
+        // Check if userId matches primary user
+        if (userIdStr === primaryId) {
+            return true;
+        }
+
+        // When primary is 'organization', also check linked individual user
+        if (this.config.primary === 'organization' && userIdStr === individualId) {
+            return true;
+        }
+
+        // When primary is 'individual', also check linked organization user if required
+        if (this.config.primary === 'individual' && this.config.organizationUserRequired && userIdStr === organizationId) {
+            return true;
+        }
+
+        return false;
+    }
+}
+
+module.exports = { User }; 

package/utils/backend-path.js

@@ -0,0 +1,38 @@
+const fs = require('fs-extra');
+const path = require('node:path');
+const PACKAGE_JSON = 'package.json';
+
+function findNearestBackendPackageJson() {
+    let currentDir = process.cwd();
+    
+    // First check if we're in production by looking for package.json in the current directory
+    const rootPackageJson = path.join(currentDir, PACKAGE_JSON);
+    if (fs.existsSync(rootPackageJson)) {
+        // In production environment, check for index.js in the same directory
+        const indexJs = path.join(currentDir, 'index.js');
+        if (fs.existsSync(indexJs)) {
+            return rootPackageJson;
+        }
+    }
+
+    // If not found at root or not in production, look for it in the backend directory
+    while (currentDir !== path.parse(currentDir).root) {
+        const packageJsonPath = path.join(currentDir, 'backend', PACKAGE_JSON);
+        if (fs.existsSync(packageJsonPath)) {
+            return packageJsonPath;
+        }
+        currentDir = path.dirname(currentDir);
+    }
+    return null;
+}
+
+function validateBackendPath(backendPath) {
+    if (!backendPath) {
+        throw new Error('Could not find a backend package.json file.');
+    }
+}
+
+module.exports = {
+    findNearestBackendPackageJson,
+    validateBackendPath,
+}; 

package/utils/index.js

@@ -0,0 +1,6 @@
+const { findNearestBackendPackageJson, validateBackendPath } = require('./backend-path');
+
+module.exports = {
+    findNearestBackendPackageJson,
+    validateBackendPath,
+};

package/websocket/repositories/websocket-connection-repository-documentdb.js

@@ -0,0 +1,119 @@
+const { prisma } = require('../../database/prisma');
+const {
+    ApiGatewayManagementApiClient,
+    PostToConnectionCommand,
+} = require('@aws-sdk/client-apigatewaymanagementapi');
+const {
+    toObjectId,
+    fromObjectId,
+    findMany,
+    findOne,
+    insertOne,
+    deleteOne,
+    deleteMany,
+} = require('../../database/documentdb-utils');
+const {
+    WebsocketConnectionRepositoryInterface,
+} = require('./websocket-connection-repository-interface');
+
+class WebsocketConnectionRepositoryDocumentDB extends WebsocketConnectionRepositoryInterface {
+    constructor() {
+        super();
+        this.prisma = prisma;
+    }
+
+    async createConnection(connectionId) {
+        const now = new Date();
+        const document = {
+            connectionId,
+            createdAt: now,
+            updatedAt: now,
+        };
+        const insertedId = await insertOne(this.prisma, 'WebsocketConnection', document);
+        const created = await findOne(this.prisma, 'WebsocketConnection', { _id: insertedId });
+        return this._mapConnection(created);
+    }
+
+    async deleteConnection(connectionId) {
+        const result = await deleteOne(this.prisma, 'WebsocketConnection', { connectionId });
+        const deleted = result?.n ?? 0;
+        return { acknowledged: true, deletedCount: deleted };
+    }
+
+    async getActiveConnections() {
+        if (!process.env.WEBSOCKET_API_ENDPOINT) {
+            return [];
+        }
+
+        const connections = await findMany(
+            this.prisma,
+            'WebsocketConnection',
+            {},
+            { projection: { connectionId: 1 } }
+        );
+
+        return connections.map((conn) => ({
+            connectionId: conn.connectionId,
+            send: async (data) => {
+                const apigwManagementApi = new ApiGatewayManagementApiClient({
+                    endpoint: process.env.WEBSOCKET_API_ENDPOINT,
+                });
+
+                try {
+                    const command = new PostToConnectionCommand({
+                        ConnectionId: conn.connectionId,
+                        Data: JSON.stringify(data),
+                    });
+                    await apigwManagementApi.send(command);
+                } catch (error) {
+                    if (error.statusCode === 410 || error.$metadata?.httpStatusCode === 410) {
+                        console.log(`Stale connection ${conn.connectionId}`);
+                        await deleteMany(this.prisma, 'WebsocketConnection', {
+                            connectionId: conn.connectionId,
+                        });
+                    } else {
+                        throw error;
+                    }
+                }
+            },
+        }));
+    }
+
+    async findConnection(connectionId) {
+        const doc = await findOne(this.prisma, 'WebsocketConnection', { connectionId });
+        return doc ? this._mapConnection(doc) : null;
+    }
+
+    async findConnectionById(id) {
+        const objectId = toObjectId(id);
+        if (!objectId) return null;
+        const doc = await findOne(this.prisma, 'WebsocketConnection', { _id: objectId });
+        return doc ? this._mapConnection(doc) : null;
+    }
+
+    async getAllConnections() {
+        const docs = await findMany(this.prisma, 'WebsocketConnection');
+        return docs.map((doc) => this._mapConnection(doc));
+    }
+
+    async deleteAllConnections() {
+        const result = await deleteMany(this.prisma, 'WebsocketConnection', {});
+        const deleted = result?.n ?? 0;
+        return {
+            acknowledged: true,
+            deletedCount: deleted,
+        };
+    }
+
+    _mapConnection(doc) {
+        if (!doc) return null;
+        return {
+            id: fromObjectId(doc._id),
+            connectionId: doc.connectionId,
+        };
+    }
+}
+
+module.exports = { WebsocketConnectionRepositoryDocumentDB };
+
+

package/websocket/repositories/websocket-connection-repository-factory.js

@@ -0,0 +1,44 @@
+const {
+    WebsocketConnectionRepositoryMongo,
+} = require('./websocket-connection-repository-mongo');
+const {
+    WebsocketConnectionRepositoryPostgres,
+} = require('./websocket-connection-repository-postgres');
+const {
+    WebsocketConnectionRepositoryDocumentDB,
+} = require('./websocket-connection-repository-documentdb');
+const config = require('../../database/config');
+
+/**
+ * Websocket Connection Repository Factory
+ * Creates the appropriate repository adapter based on database type
+ *
+ * @returns {WebsocketConnectionRepositoryInterface} Configured repository adapter
+ */
+function createWebsocketConnectionRepository() {
+    const dbType = config.DB_TYPE;
+
+    switch (dbType) {
+        case 'mongodb':
+            return new WebsocketConnectionRepositoryMongo();
+
+        case 'postgresql':
+            return new WebsocketConnectionRepositoryPostgres();
+
+        case 'documentdb':
+            return new WebsocketConnectionRepositoryDocumentDB();
+
+        default:
+            throw new Error(
+                `Unsupported database type: ${dbType}. Supported values: 'mongodb', 'documentdb', 'postgresql'`
+            );
+    }
+}
+
+module.exports = {
+    createWebsocketConnectionRepository,
+    // Export adapters for direct testing
+    WebsocketConnectionRepositoryMongo,
+    WebsocketConnectionRepositoryPostgres,
+    WebsocketConnectionRepositoryDocumentDB,
+};

package/websocket/repositories/websocket-connection-repository-interface.js

@@ -0,0 +1,106 @@
+/**
+ * Websocket Connection Repository Interface
+ * Abstract base class defining the contract for websocket connection persistence adapters
+ *
+ * This follows the Port in Hexagonal Architecture:
+ * - Domain layer depends on this abstraction
+ * - Concrete adapters implement this interface
+ * - Use cases receive repositories via dependency injection
+ *
+ * Note: Currently, WebsocketConnection model has identical structure across MongoDB and PostgreSQL,
+ * so WebsocketConnectionRepository serves both. This interface exists for consistency and
+ * future-proofing if database-specific implementations become needed.
+ *
+ * @abstract
+ */
+class WebsocketConnectionRepositoryInterface {
+    /**
+     * Create a new websocket connection
+     *
+     * @param {string} connectionId - Connection ID
+     * @returns {Promise<Object>} Created connection object
+     * @abstract
+     */
+    async createConnection(connectionId) {
+        throw new Error(
+            'Method createConnection must be implemented by subclass'
+        );
+    }
+
+    /**
+     * Delete a websocket connection
+     *
+     * @param {string} connectionId - Connection ID
+     * @returns {Promise<Object>} Deletion result
+     * @abstract
+     */
+    async deleteConnection(connectionId) {
+        throw new Error(
+            'Method deleteConnection must be implemented by subclass'
+        );
+    }
+
+    /**
+     * Get active connections
+     *
+     * @returns {Promise<Array>} Array of active connection objects
+     * @abstract
+     */
+    async getActiveConnections() {
+        throw new Error(
+            'Method getActiveConnections must be implemented by subclass'
+        );
+    }
+
+    /**
+     * Find connection by connection ID
+     *
+     * @param {string} connectionId - Connection ID
+     * @returns {Promise<Object|null>} Connection object or null
+     * @abstract
+     */
+    async findConnection(connectionId) {
+        throw new Error(
+            'Method findConnection must be implemented by subclass'
+        );
+    }
+
+    /**
+     * Find connection by database ID
+     *
+     * @param {string|number} id - Database ID
+     * @returns {Promise<Object|null>} Connection object or null
+     * @abstract
+     */
+    async findConnectionById(id) {
+        throw new Error(
+            'Method findConnectionById must be implemented by subclass'
+        );
+    }
+
+    /**
+     * Get all connections
+     *
+     * @returns {Promise<Array>} Array of all connection objects
+     * @abstract
+     */
+    async getAllConnections() {
+        throw new Error(
+            'Method getAllConnections must be implemented by subclass'
+        );
+    }
+
+    /**
+     * Delete all connections
+     *
+     * @returns {Promise<Object>} Deletion result
+     * @abstract
+     */
+    async deleteAllConnections() {
+        throw new Error(
+            'Method deleteAllConnections must be implemented by subclass'
+        );
+    }
+}
+
+module.exports = { WebsocketConnectionRepositoryInterface };