npm - @friggframework/core - Versions diffs - 2.0.0-next.9 → 2.0.0-next.91 - Mend

@friggframework/core 2.0.0-next.9 → 2.0.0-next.91

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (309) hide show

package/CLAUDE.md +702 -0
package/README.md +959 -50
package/application/commands/README.md +451 -0
package/application/commands/credential-commands.js +245 -0
package/application/commands/entity-commands.js +336 -0
package/application/commands/integration-commands.js +271 -0
package/application/commands/scheduler-commands.js +263 -0
package/application/commands/user-commands.js +283 -0
package/application/index.js +73 -0
package/assertions/index.js +0 -3
package/core/CLAUDE.md +690 -0
package/core/Worker.js +60 -24
package/core/create-handler.js +84 -6
package/credential/repositories/credential-repository-documentdb.js +304 -0
package/credential/repositories/credential-repository-factory.js +54 -0
package/credential/repositories/credential-repository-interface.js +98 -0
package/credential/repositories/credential-repository-mongo.js +269 -0
package/credential/repositories/credential-repository-postgres.js +287 -0
package/credential/repositories/credential-repository.js +300 -0
package/credential/use-cases/get-credential-for-user.js +25 -0
package/credential/use-cases/update-authentication-status.js +15 -0
package/database/MONGODB_TRANSACTION_FIX.md +198 -0
package/database/adapters/lambda-invoker.js +97 -0
package/database/config.js +154 -0
package/database/documentdb-encryption-service.js +330 -0
package/database/documentdb-utils.js +136 -0
package/database/encryption/README.md +839 -0
package/database/encryption/documentdb-encryption-service.md +3575 -0
package/database/encryption/encryption-schema-registry.js +401 -0
package/database/encryption/field-encryption-service.js +254 -0
package/database/encryption/logger.js +79 -0
package/database/encryption/prisma-encryption-extension.js +230 -0
package/database/index.js +21 -21
package/database/prisma.js +182 -0
package/database/repositories/health-check-repository-documentdb.js +138 -0
package/database/repositories/health-check-repository-factory.js +48 -0
package/database/repositories/health-check-repository-interface.js +82 -0
package/database/repositories/health-check-repository-mongodb.js +89 -0
package/database/repositories/health-check-repository-postgres.js +82 -0
package/database/repositories/migration-status-repository-s3.js +137 -0
package/database/use-cases/check-database-health-use-case.js +29 -0
package/database/use-cases/check-database-state-use-case.js +81 -0
package/database/use-cases/check-encryption-health-use-case.js +83 -0
package/database/use-cases/get-database-state-via-worker-use-case.js +61 -0
package/database/use-cases/get-migration-status-use-case.js +93 -0
package/database/use-cases/run-database-migration-use-case.js +139 -0
package/database/use-cases/test-encryption-use-case.js +253 -0
package/database/use-cases/trigger-database-migration-use-case.js +157 -0
package/database/utils/mongodb-collection-utils.js +94 -0
package/database/utils/mongodb-schema-init.js +108 -0
package/database/utils/prisma-runner.js +477 -0
package/database/utils/prisma-schema-parser.js +182 -0
package/docs/PROCESS_MANAGEMENT_QUEUE_SPEC.md +517 -0
package/encrypt/Cryptor.js +34 -168
package/encrypt/index.js +1 -2
package/errors/client-safe-error.js +26 -0
package/errors/fetch-error.js +15 -7
package/errors/index.js +2 -0
package/generated/prisma-mongodb/client.d.ts +1 -0
package/generated/prisma-mongodb/client.js +4 -0
package/generated/prisma-mongodb/default.d.ts +1 -0
package/generated/prisma-mongodb/default.js +4 -0
package/generated/prisma-mongodb/edge.d.ts +1 -0
package/generated/prisma-mongodb/edge.js +335 -0
package/generated/prisma-mongodb/index-browser.js +317 -0
package/generated/prisma-mongodb/index.d.ts +22955 -0
package/generated/prisma-mongodb/index.js +360 -0
package/generated/prisma-mongodb/libquery_engine-debian-openssl-3.0.x.so.node +0 -0
package/generated/prisma-mongodb/libquery_engine-rhel-openssl-3.0.x.so.node +0 -0
package/generated/prisma-mongodb/package.json +183 -0
package/generated/prisma-mongodb/runtime/edge-esm.js +34 -0
package/generated/prisma-mongodb/runtime/edge.js +34 -0
package/generated/prisma-mongodb/runtime/index-browser.d.ts +370 -0
package/generated/prisma-mongodb/runtime/index-browser.js +16 -0
package/generated/prisma-mongodb/runtime/library.d.ts +3977 -0
package/generated/prisma-mongodb/runtime/library.js +146 -0
package/generated/prisma-mongodb/runtime/react-native.js +83 -0
package/generated/prisma-mongodb/runtime/wasm-compiler-edge.js +84 -0
package/generated/prisma-mongodb/runtime/wasm-engine-edge.js +36 -0
package/generated/prisma-mongodb/schema.prisma +368 -0
package/generated/prisma-mongodb/wasm-edge-light-loader.mjs +4 -0
package/generated/prisma-mongodb/wasm-worker-loader.mjs +4 -0
package/generated/prisma-mongodb/wasm.d.ts +1 -0
package/generated/prisma-mongodb/wasm.js +342 -0
package/generated/prisma-postgresql/client.d.ts +1 -0
package/generated/prisma-postgresql/client.js +4 -0
package/generated/prisma-postgresql/default.d.ts +1 -0
package/generated/prisma-postgresql/default.js +4 -0
package/generated/prisma-postgresql/edge.d.ts +1 -0
package/generated/prisma-postgresql/edge.js +357 -0
package/generated/prisma-postgresql/index-browser.js +339 -0
package/generated/prisma-postgresql/index.d.ts +25135 -0
package/generated/prisma-postgresql/index.js +382 -0
package/generated/prisma-postgresql/libquery_engine-debian-openssl-3.0.x.so.node +0 -0
package/generated/prisma-postgresql/libquery_engine-rhel-openssl-3.0.x.so.node +0 -0
package/generated/prisma-postgresql/package.json +183 -0
package/generated/prisma-postgresql/query_engine_bg.js +2 -0
package/generated/prisma-postgresql/query_engine_bg.wasm +0 -0
package/generated/prisma-postgresql/runtime/edge-esm.js +34 -0
package/generated/prisma-postgresql/runtime/edge.js +34 -0
package/generated/prisma-postgresql/runtime/index-browser.d.ts +370 -0
package/generated/prisma-postgresql/runtime/index-browser.js +16 -0
package/generated/prisma-postgresql/runtime/library.d.ts +3977 -0
package/generated/prisma-postgresql/runtime/library.js +146 -0
package/generated/prisma-postgresql/runtime/react-native.js +83 -0
package/generated/prisma-postgresql/runtime/wasm-compiler-edge.js +84 -0
package/generated/prisma-postgresql/runtime/wasm-engine-edge.js +36 -0
package/generated/prisma-postgresql/schema.prisma +351 -0
package/generated/prisma-postgresql/wasm-edge-light-loader.mjs +4 -0
package/generated/prisma-postgresql/wasm-worker-loader.mjs +4 -0
package/generated/prisma-postgresql/wasm.d.ts +1 -0
package/generated/prisma-postgresql/wasm.js +364 -0
package/handlers/WEBHOOKS.md +653 -0
package/handlers/app-definition-loader.js +38 -0
package/handlers/app-handler-helpers.js +57 -0
package/handlers/backend-utils.js +297 -0
package/handlers/database-migration-handler.js +227 -0
package/handlers/integration-event-dispatcher.js +54 -0
package/handlers/routers/HEALTHCHECK.md +342 -0
package/handlers/routers/auth.js +15 -0
package/handlers/routers/db-migration.handler.js +29 -0
package/handlers/routers/db-migration.js +326 -0
package/handlers/routers/health.js +518 -0
package/handlers/routers/integration-defined-routers.js +117 -0
package/handlers/routers/integration-webhook-routers.js +67 -0
package/handlers/routers/user.js +63 -0
package/handlers/routers/websocket.js +57 -0
package/handlers/use-cases/check-external-apis-health-use-case.js +81 -0
package/handlers/use-cases/check-integrations-health-use-case.js +44 -0
package/handlers/workers/db-migration.js +352 -0
package/handlers/workers/dlq-processor.js +63 -0
package/handlers/workers/integration-defined-workers.js +30 -0
package/index.js +82 -46
package/infrastructure/scheduler/eventbridge-scheduler-adapter.js +184 -0
package/infrastructure/scheduler/index.js +33 -0
package/infrastructure/scheduler/mock-scheduler-adapter.js +143 -0
package/infrastructure/scheduler/scheduler-service-factory.js +73 -0
package/infrastructure/scheduler/scheduler-service-interface.js +47 -0
package/integrations/EXTENSIONS.md +240 -0
package/integrations/WEBHOOK-QUICKSTART.md +151 -0
package/integrations/extension.js +254 -0
package/integrations/index.js +20 -10
package/integrations/integration-base.js +487 -55
package/integrations/integration-router.js +396 -179
package/integrations/options.js +1 -1
package/integrations/repositories/integration-mapping-repository-documentdb.js +280 -0
package/integrations/repositories/integration-mapping-repository-factory.js +57 -0
package/integrations/repositories/integration-mapping-repository-interface.js +106 -0
package/integrations/repositories/integration-mapping-repository-mongo.js +161 -0
package/integrations/repositories/integration-mapping-repository-postgres.js +227 -0
package/integrations/repositories/integration-mapping-repository.js +156 -0
package/integrations/repositories/integration-repository-documentdb.js +219 -0
package/integrations/repositories/integration-repository-factory.js +51 -0
package/integrations/repositories/integration-repository-interface.js +144 -0
package/integrations/repositories/integration-repository-mongo.js +330 -0
package/integrations/repositories/integration-repository-postgres.js +385 -0
package/integrations/repositories/process-repository-documentdb.js +311 -0
package/integrations/repositories/process-repository-factory.js +53 -0
package/integrations/repositories/process-repository-interface.js +136 -0
package/integrations/repositories/process-repository-mongo.js +262 -0
package/integrations/repositories/process-repository-postgres.js +380 -0
package/integrations/repositories/process-update-ops-shared.js +112 -0
package/integrations/tests/doubles/config-capturing-integration.js +81 -0
package/integrations/tests/doubles/dummy-integration-class.js +105 -0
package/integrations/tests/doubles/test-integration-repository.js +112 -0
package/integrations/use-cases/create-integration.js +83 -0
package/integrations/use-cases/create-process.js +128 -0
package/integrations/use-cases/delete-integration-for-user.js +101 -0
package/integrations/use-cases/find-integration-by-entity-external-id.js +74 -0
package/integrations/use-cases/find-integration-context-by-external-entity-id.js +76 -0
package/integrations/use-cases/get-integration-for-user.js +78 -0
package/integrations/use-cases/get-integration-instance-by-definition.js +67 -0
package/integrations/use-cases/get-integration-instance.js +83 -0
package/integrations/use-cases/get-integrations-for-user.js +88 -0
package/integrations/use-cases/get-possible-integrations.js +27 -0
package/integrations/use-cases/get-process.js +87 -0
package/integrations/use-cases/index.js +19 -0
package/integrations/use-cases/list-integrations-by-entity-external-id.js +46 -0
package/integrations/use-cases/load-integration-context.js +71 -0
package/integrations/use-cases/update-integration-messages.js +44 -0
package/integrations/use-cases/update-integration-status.js +32 -0
package/integrations/use-cases/update-integration.js +92 -0
package/integrations/use-cases/update-process-metrics.js +214 -0
package/integrations/use-cases/update-process-state.js +158 -0
package/integrations/utils/map-integration-dto.js +37 -0
package/jest-global-setup-noop.js +3 -0
package/jest-global-teardown-noop.js +3 -0
package/logs/logger.js +0 -4
package/{module-plugin → modules}/index.js +0 -10
package/modules/module-factory.js +56 -0
package/modules/module.js +274 -0
package/modules/repositories/module-repository-documentdb.js +350 -0
package/modules/repositories/module-repository-factory.js +40 -0
package/modules/repositories/module-repository-interface.js +145 -0
package/modules/repositories/module-repository-mongo.js +436 -0
package/modules/repositories/module-repository-postgres.js +481 -0
package/modules/repositories/module-repository.js +369 -0
package/modules/requester/api-key.js +52 -0
package/modules/requester/oauth-2.js +396 -0
package/modules/requester/requester.js +280 -0
package/{module-plugin → modules}/test/mock-api/api.js +8 -3
package/{module-plugin → modules}/test/mock-api/definition.js +14 -10
package/modules/tests/doubles/test-module-factory.js +16 -0
package/modules/tests/doubles/test-module-repository.js +39 -0
package/modules/use-cases/get-entities-for-user.js +32 -0
package/modules/use-cases/get-entity-options-by-id.js +71 -0
package/modules/use-cases/get-entity-options-by-type.js +34 -0
package/modules/use-cases/get-module-instance-from-type.js +34 -0
package/modules/use-cases/get-module.js +74 -0
package/modules/use-cases/process-authorization-callback.js +243 -0
package/modules/use-cases/refresh-entity-options.js +72 -0
package/modules/use-cases/test-module-auth.js +72 -0
package/modules/utils/map-module-dto.js +18 -0
package/package.json +82 -50
package/prisma-mongodb/schema.prisma +368 -0
package/prisma-postgresql/migrations/20250930193005_init/migration.sql +315 -0
package/prisma-postgresql/migrations/20251006135218_init/migration.sql +9 -0
package/prisma-postgresql/migrations/20251010000000_remove_unused_entity_reference_map/migration.sql +3 -0
package/prisma-postgresql/migrations/20251112195422_update_user_unique_constraints/migration.sql +25 -0
package/prisma-postgresql/migrations/20260422120000_add_entity_data_column/migration.sql +10 -0
package/prisma-postgresql/migrations/20260422120001_create_process_table/migration.sql +48 -0
package/prisma-postgresql/migrations/migration_lock.toml +3 -0
package/prisma-postgresql/schema.prisma +351 -0
package/queues/queuer-util.js +103 -21
package/syncs/manager.js +468 -443
package/syncs/repositories/sync-repository-documentdb.js +240 -0
package/syncs/repositories/sync-repository-factory.js +43 -0
package/syncs/repositories/sync-repository-interface.js +109 -0
package/syncs/repositories/sync-repository-mongo.js +239 -0
package/syncs/repositories/sync-repository-postgres.js +319 -0
package/syncs/sync.js +0 -1
package/token/repositories/token-repository-documentdb.js +137 -0
package/token/repositories/token-repository-factory.js +40 -0
package/token/repositories/token-repository-interface.js +131 -0
package/token/repositories/token-repository-mongo.js +219 -0
package/token/repositories/token-repository-postgres.js +264 -0
package/token/repositories/token-repository.js +219 -0
package/types/associations/index.d.ts +0 -17
package/types/core/index.d.ts +12 -4
package/types/database/index.d.ts +10 -2
package/types/encrypt/index.d.ts +5 -3
package/types/integrations/index.d.ts +3 -8
package/types/module-plugin/index.d.ts +17 -69
package/types/syncs/index.d.ts +0 -17
package/user/repositories/user-repository-documentdb.js +441 -0
package/user/repositories/user-repository-factory.js +52 -0
package/user/repositories/user-repository-interface.js +201 -0
package/user/repositories/user-repository-mongo.js +308 -0
package/user/repositories/user-repository-postgres.js +360 -0
package/user/tests/doubles/test-user-repository.js +72 -0
package/user/use-cases/authenticate-user.js +127 -0
package/user/use-cases/authenticate-with-shared-secret.js +48 -0
package/user/use-cases/create-individual-user.js +61 -0
package/user/use-cases/create-organization-user.js +47 -0
package/user/use-cases/create-token-for-user-id.js +30 -0
package/user/use-cases/get-user-from-adopter-jwt.js +149 -0
package/user/use-cases/get-user-from-bearer-token.js +77 -0
package/user/use-cases/get-user-from-x-frigg-headers.js +132 -0
package/user/use-cases/login-user.js +122 -0
package/user/user.js +125 -0
package/utils/backend-path.js +38 -0
package/utils/index.js +6 -0
package/websocket/repositories/websocket-connection-repository-documentdb.js +119 -0
package/websocket/repositories/websocket-connection-repository-factory.js +44 -0
package/websocket/repositories/websocket-connection-repository-interface.js +106 -0
package/websocket/repositories/websocket-connection-repository-mongo.js +156 -0
package/websocket/repositories/websocket-connection-repository-postgres.js +196 -0
package/websocket/repositories/websocket-connection-repository.js +161 -0
package/assertions/is-equal.js +0 -17
package/associations/model.js +0 -54
package/database/models/IndividualUser.js +0 -76
package/database/models/OrganizationUser.js +0 -29
package/database/models/State.js +0 -9
package/database/models/Token.js +0 -70
package/database/models/UserModel.js +0 -7
package/database/models/WebsocketConnection.js +0 -49
package/database/mongo.js +0 -45
package/database/mongoose.js +0 -5
package/encrypt/Cryptor.test.js +0 -32
package/encrypt/encrypt.js +0 -132
package/encrypt/encrypt.test.js +0 -1069
package/encrypt/test-encrypt.js +0 -107
package/errors/base-error.test.js +0 -32
package/errors/fetch-error.test.js +0 -79
package/errors/halt-error.test.js +0 -11
package/errors/validation-errors.test.js +0 -120
package/integrations/create-frigg-backend.js +0 -31
package/integrations/integration-factory.js +0 -251
package/integrations/integration-mapping.js +0 -43
package/integrations/integration-model.js +0 -46
package/integrations/integration-user.js +0 -144
package/integrations/test/integration-base.test.js +0 -144
package/lambda/TimeoutCatcher.test.js +0 -68
package/logs/logger.test.js +0 -76
package/module-plugin/auther.js +0 -393
package/module-plugin/credential.js +0 -22
package/module-plugin/entity-manager.js +0 -70
package/module-plugin/entity.js +0 -46
package/module-plugin/manager.js +0 -169
package/module-plugin/module-factory.js +0 -61
package/module-plugin/requester/api-key.js +0 -36
package/module-plugin/requester/oauth-2.js +0 -219
package/module-plugin/requester/requester.js +0 -165
package/module-plugin/requester/requester.test.js +0 -28
package/module-plugin/test/auther.test.js +0 -97
package/syncs/model.js +0 -62
/package/{module-plugin → modules}/ModuleConstants.js +0 -0
/package/{module-plugin → modules}/requester/basic.js +0 -0
/package/{module-plugin → modules}/test/mock-api/mocks/hubspot.js +0 -0

package/modules/module.js ADDED Viewed

@@ -0,0 +1,274 @@
+const { Delegate } = require('../core');
+const _ = require('lodash');
+const { flushDebugLog } = require('../logs');
+const { ModuleConstants } = require('./ModuleConstants');
+const {
+    createCredentialRepository,
+} = require('../credential/repositories/credential-repository-factory');
+const {
+    createModuleRepository,
+} = require('./repositories/module-repository-factory');
+// todo: this class should be a Domain class, and the Delegate function is preventing us from
+// doing that, we probably have to get rid of the Delegate class as well as the event based
+// calls since they go against the Domain Driven Design principles (eg. a domain class should not call repository methods or use cases)
+class Module extends Delegate {
+    //todo: entity should be replaced with actual entity properties
+    /**
+     *
+     * @param {Object} params
+     * @param {Object} params.definition The definition of the Api Module
+     * @param {string} params.userId The user id
+     * @param {Object} params.entity The entity record from the database
+     * @param {string} [params.state] Optional OAuth state value forwarded to the API client (round-trips through the OAuth provider).
+     */
+    constructor({ definition, userId = null, entity: entityObj = null, state = null }) {
+        super({ definition, userId, entity: entityObj });
+        this.validateDefinition(definition);
+        this.userId = userId;
+        this.entity = entityObj;
+        this.credential = entityObj?.credential;
+        this.definition = definition;
+        this.name = this.definition.moduleName;
+        this.modelName = this.definition.modelName;
+        this.apiClass = this.definition.API;
+        this.credentialRepository = createCredentialRepository();
+        this.moduleRepository = createModuleRepository();
+        // Module → parent delegate (typically IntegrationBase) events
+        this.DLGT_CREDENTIAL_INVALIDATED = 'CREDENTIAL_INVALIDATED';
+        this.delegateTypes.push(this.DLGT_CREDENTIAL_INVALIDATED);
+        this.DLGT_CREDENTIAL_VALIDATED = 'CREDENTIAL_VALIDATED';
+        this.delegateTypes.push(this.DLGT_CREDENTIAL_VALIDATED);
+        Object.assign(this, this.definition.requiredAuthMethods);
+        const apiParams = {
+            ...this.definition.env,
+            delegate: this,
+            ...(state ? { state } : {}),
+            ...(this.credential?.data
+                ? this.apiParamsFromCredential(this.credential.data)
+                : {}), // Handle case when credential is undefined
+            ...this.apiParamsFromEntity(this.entity),
+        };
+        this.api = new this.apiClass(apiParams);
+    }
+    getName() {
+        return this.name;
+    }
+    getEntityOptions() {
+        return this.definition.getEntityOptions();
+    }
+    async refreshEntityOptions(options) {
+        await this.definition.refreshEntityOptions(options);
+        return this.getEntityOptions();
+    }
+    apiParamsFromCredential(credential) {
+        return _.pick(credential, ...this.apiPropertiesToPersist?.credential);
+    }
+    apiParamsFromEntity(entity) {
+        return _.pick(entity, ...this.apiPropertiesToPersist?.entity);
+    }
+    validateAuthorizationRequirements() {
+        const requirements = this.getAuthorizationRequirements();
+        let valid = true;
+        if (
+            ['oauth1', 'oauth2'].includes(requirements.type) &&
+            !requirements.url
+        ) {
+            valid = false;
+        }
+        return valid;
+    }
+    getAuthorizationRequirements(params) {
+        return this.api.getAuthorizationRequirements();
+    }
+    async testAuth() {
+        let validAuth = false;
+        try {
+            if (await this.testAuthRequest(this.api)) validAuth = true;
+        } catch (e) {
+            flushDebugLog(e);
+        }
+        return validAuth;
+    }
+    async onTokenUpdate() {
+        const credentialDetails = await this.getCredentialDetails(
+            this.api,
+            this.userId
+        );
+        const apiParams = this.apiParamsFromCredential(this.api);
+        if (!apiParams.refresh_token && this.api.isRefreshable) {
+            console.warn(
+                `[Frigg] No refresh_token in apiParams for module ${this.name}.`
+            );
+        }
+        Object.assign(credentialDetails.details, apiParams);
+        credentialDetails.details.authIsValid = true;
+        const persisted = await this.credentialRepository.upsertCredential(
+            credentialDetails
+        );
+        this.credential = persisted;
+        if (this.credential?.id) {
+            try {
+                await this.notify(this.DLGT_CREDENTIAL_VALIDATED, {
+                    credentialId: this.credential.id,
+                    moduleName: this.name,
+                });
+            } catch (err) {
+                console.error(
+                    `[Frigg] Failed to propagate CREDENTIAL_VALIDATED for module ${this.name}:`,
+                    err?.message || err
+                );
+            }
+        }
+    }
+    async receiveNotification(notifier, delegateString, object = null) {
+        if (delegateString === this.api.DLGT_TOKEN_UPDATE) {
+            await this.onTokenUpdate();
+        } else if (delegateString === this.api.DLGT_TOKEN_DEAUTHORIZED) {
+            await this.deauthorize();
+        } else if (delegateString === this.api.DLGT_INVALID_AUTH) {
+            await this.markCredentialsInvalid();
+        }
+    }
+    async markCredentialsInvalid() {
+        if (!this.credential) return;
+        if (!this.credential.id) return;
+        await this.credentialRepository.updateAuthenticationStatus(
+            this.credential.id,
+            false
+        );
+        // Keep the in-memory snapshot consistent so that callers can read the
+        // updated state without another fetch.
+        this.credential.authIsValid = false;
+        // Propagate upward so a parent delegate (e.g. IntegrationBase) can
+        // react — for instance by flipping Integration.status to DISABLED.
+        // Delegate.notify is a silent no-op when this.delegate is null, so
+        // Module instances constructed outside of an Integration context
+        // (e.g. during ProcessAuthorizationCallback) remain unaffected.
+        //
+        // Best-effort: this method is invoked from the OAuth2Requester 401
+        // refresh catch block, which depends on us NOT throwing. A DB hiccup
+        // in the downstream status flip must not alter refreshAuth's
+        // documented `return false` contract. The credential has already
+        // been persisted as invalid; integrations left un-flipped can be
+        // recovered by the next retry or by operator intervention.
+        try {
+            await this.notify(this.DLGT_CREDENTIAL_INVALIDATED, {
+                credentialId: this.credential.id,
+                moduleName: this.name,
+            });
+        } catch (err) {
+            console.error(
+                `[Frigg] Failed to propagate CREDENTIAL_INVALIDATED for module ${this.name}:`,
+                err?.message || err
+            );
+        }
+    }
+    async deauthorize() {
+        //todo: Check if this is correct, we're instantiating a new api without params (credentials, tokens, etc...)
+        this.api = new this.apiClass();
+        // Remove persisted credential (if any)
+        if (this.entity?.credential) {
+            const credentialId =
+                this.entity.credential.id || this.entity.credential;
+            // Delete credential via repository
+            await this.credentialRepository.deleteCredentialById(credentialId);
+            // Unset credential reference on the Entity document
+            const entityId = this.entity.id;
+            if (entityId) {
+                await this.moduleRepository.unsetCredential(entityId);
+            }
+            // Keep in-memory snapshot consistent
+            this.entity.credential = undefined;
+        }
+    }
+    // todo: check if all these props are still up to date
+    validateDefinition(definition) {
+        if (!definition) {
+            throw new Error('Module definition is required');
+        }
+        if (!definition.moduleName) {
+            throw new Error('Module definition requires moduleName');
+        }
+        if (!definition.API) {
+            throw new Error('Module definition requires API class');
+        }
+        if (!definition.requiredAuthMethods) {
+            throw new Error('Module definition requires requiredAuthMethods');
+        } else {
+            if (
+                definition.API.requesterType ===
+                    ModuleConstants.authType.oauth2 &&
+                !definition.requiredAuthMethods.getToken
+            ) {
+                throw new Error(
+                    'Module definition requires requiredAuthMethods.getToken'
+                );
+            }
+            if (!definition.requiredAuthMethods.getEntityDetails) {
+                throw new Error(
+                    'Module definition requires requiredAuthMethods.getEntityDetails'
+                );
+            }
+            if (!definition.requiredAuthMethods.getCredentialDetails) {
+                throw new Error(
+                    'Module definition requires requiredAuthMethods.getCredentialDetails'
+                );
+            }
+            if (!definition.requiredAuthMethods.apiPropertiesToPersist) {
+                throw new Error(
+                    'Module definition requires requiredAuthMethods.apiPropertiesToPersist'
+                );
+            } else if (definition.Credential) {
+                for (const prop of definition.requiredAuthMethods
+                    .apiPropertiesToPersist?.credential) {
+                    if (
+                        !definition.Credential.schema.paths.hasOwnProperty(prop)
+                    ) {
+                        throw new Error(
+                            `Module definition requires Credential schema to have property ${prop}`
+                        );
+                    }
+                }
+            }
+            if (!definition.requiredAuthMethods.testAuthRequest) {
+                throw new Error(
+                    'Module definition requires requiredAuthMethods.testAuth'
+                );
+            }
+        }
+    }
+}
+module.exports = { Module };

package/modules/repositories/module-repository-documentdb.js ADDED Viewed

@@ -0,0 +1,350 @@
+const { prisma } = require('../../database/prisma');
+const {
+    toObjectId,
+    fromObjectId,
+    findMany,
+    findOne,
+    insertOne,
+    updateOne,
+    deleteOne,
+} = require('../../database/documentdb-utils');
+const { ModuleRepositoryInterface } = require('./module-repository-interface');
+const { DocumentDBEncryptionService } = require('../../database/documentdb-encryption-service');
+/**
+ * Module/Entity repository for DocumentDB.
+ * Uses DocumentDBEncryptionService for credential decryption.
+ *
+ * Encrypted fields: Credential.data.*
+ *
+ * Note: This repository only reads credentials. CredentialRepository
+ * handles credential creation/updates with encryption.
+ *
+ * @see DocumentDBEncryptionService
+ * @see CredentialRepositoryDocumentDB
+ */
+class ModuleRepositoryDocumentDB extends ModuleRepositoryInterface {
+    constructor() {
+        super();
+        this.prisma = prisma;
+        this.encryptionService = new DocumentDBEncryptionService();
+    }
+    async findEntityById(entityId) {
+        const objectId = toObjectId(entityId);
+        if (!objectId) {
+            throw new Error(`Entity ${entityId} not found`);
+        }
+        const doc = await findOne(this.prisma, 'Entity', { _id: objectId });
+        if (!doc) {
+            throw new Error(`Entity ${entityId} not found`);
+        }
+        const credential = await this._fetchCredential(doc.credentialId);
+        return this._mapEntity(doc, credential);
+    }
+    async findEntitiesByUserId(userId) {
+        const objectId = toObjectId(userId);
+        if (!objectId) {
+            throw new Error(`Invalid userId: ${userId}`);
+        }
+        const filter = { userId: objectId };
+        const docs = await findMany(this.prisma, 'Entity', filter);
+        const credentialMap = await this._fetchCredentialsBulk(docs.map((doc) => doc.credentialId));
+        return docs.map((doc) => this._mapEntity(doc, credentialMap.get(fromObjectId(doc.credentialId)) || null));
+    }
+    async findEntitiesByIds(entitiesIds) {
+        const ids = (entitiesIds || []).map((id) => toObjectId(id)).filter(Boolean);
+        if (ids.length === 0) return [];
+        const docs = await findMany(this.prisma, 'Entity', { _id: { $in: ids } });
+        const credentialMap = await this._fetchCredentialsBulk(docs.map((doc) => doc.credentialId));
+        return docs.map((doc) => this._mapEntity(doc, credentialMap.get(fromObjectId(doc.credentialId)) || null));
+    }
+    async findEntitiesByUserIdAndModuleName(userId, moduleName) {
+        const objectId = toObjectId(userId);
+        if (!objectId) {
+            throw new Error(`Invalid userId: ${userId}`);
+        }
+        const filter = {
+            userId: objectId,
+            moduleName,
+        };
+        const docs = await findMany(this.prisma, 'Entity', filter);
+        const credentialMap = await this._fetchCredentialsBulk(docs.map((doc) => doc.credentialId));
+        return docs.map((doc) => this._mapEntity(doc, credentialMap.get(fromObjectId(doc.credentialId)) || null));
+    }
+    async unsetCredential(entityId) {
+        const objectId = toObjectId(entityId);
+        if (!objectId) return false;
+        await updateOne(
+            this.prisma,
+            'Entity',
+            { _id: objectId },
+            {
+                $set: {
+                    credentialId: null,
+                },
+            }
+        );
+        return true;
+    }
+    async findEntity(filter) {
+        const query = this._buildFilter(filter);
+        const doc = await findOne(this.prisma, 'Entity', query);
+        if (!doc) return null;
+        const credential = await this._fetchCredential(doc.credentialId);
+        return this._mapEntity(doc, credential);
+    }
+    async findEntities(filter) {
+        const query = this._buildFilter(filter);
+        const docs = await findMany(this.prisma, 'Entity', query);
+        if (!docs || docs.length === 0) return [];
+        const credentialMap = await this._fetchCredentialsBulk(
+            docs.map((doc) => doc.credentialId)
+        );
+        return docs.map((doc) =>
+            this._mapEntity(
+                doc,
+                credentialMap.get(fromObjectId(doc.credentialId)) || null
+            )
+        );
+    }
+    async createEntity(entityData) {
+        const {
+            user,
+            userId,
+            credential,
+            credentialId,
+            name,
+            moduleName,
+            externalId,
+            ...dynamicData
+        } = entityData;
+        const document = {
+            userId: toObjectId(userId || user),
+            credentialId: toObjectId(credentialId || credential) || null,
+            name: name ?? null,
+            moduleName: moduleName ?? null,
+            externalId: externalId ?? null,
+            data: dynamicData,
+        };
+        const insertedId = await insertOne(this.prisma, 'Entity', document);
+        const created = await findOne(this.prisma, 'Entity', { _id: insertedId });
+        const credentialObj = await this._fetchCredential(created?.credentialId);
+        return this._mapEntity(created, credentialObj);
+    }
+    async updateEntity(entityId, updates) {
+        const objectId = toObjectId(entityId);
+        if (!objectId) return null;
+        const existing = await findOne(this.prisma, 'Entity', { _id: objectId });
+        if (!existing) return null;
+        const {
+            user,
+            userId,
+            credential,
+            credentialId,
+            name,
+            moduleName,
+            externalId,
+            ...dynamicData
+        } = updates;
+        const updatePayload = {};
+        if (user !== undefined || userId !== undefined) {
+            updatePayload.userId = toObjectId(userId || user) || null;
+        }
+        if (credential !== undefined || credentialId !== undefined) {
+            updatePayload.credentialId = toObjectId(credentialId || credential) || null;
+        }
+        if (name !== undefined) updatePayload.name = name;
+        if (moduleName !== undefined) updatePayload.moduleName = moduleName;
+        if (externalId !== undefined) updatePayload.externalId = externalId;
+        if (Object.keys(dynamicData).length > 0) {
+            updatePayload.data = { ...(existing.data || {}), ...dynamicData };
+        }
+        await updateOne(
+            this.prisma,
+            'Entity',
+            { _id: objectId },
+            { $set: updatePayload }
+        );
+        const updated = await findOne(this.prisma, 'Entity', { _id: objectId });
+        if (!updated) return null;
+        const credentialObj = await this._fetchCredential(updated?.credentialId);
+        return this._mapEntity(updated, credentialObj);
+    }
+    async deleteEntity(entityId) {
+        const objectId = toObjectId(entityId);
+        if (!objectId) return false;
+        const result = await deleteOne(this.prisma, 'Entity', { _id: objectId });
+        const deleted = result?.n ?? 0;
+        return deleted > 0;
+    }
+    async _fetchCredential(credentialId) {
+        const id = fromObjectId(credentialId);
+        if (!id) return null;
+        try {
+            // Convert to ObjectId for raw query
+            const objectId = toObjectId(id);
+            if (!objectId) return null;
+            // Use raw findOne to bypass Prisma encryption extension
+            const rawCredential = await findOne(this.prisma, 'Credential', {
+                _id: objectId
+            });
+            if (!rawCredential) return null;
+            // Decrypt sensitive fields using service
+            const decryptedCredential = await this.encryptionService.decryptFields('Credential', rawCredential);
+            // Return in same format
+            const credential = {
+                id: fromObjectId(decryptedCredential._id),
+                userId: fromObjectId(decryptedCredential.userId),
+                externalId: decryptedCredential.externalId ?? null,
+                authIsValid: decryptedCredential.authIsValid ?? null,
+                createdAt: decryptedCredential.createdAt,
+                updatedAt: decryptedCredential.updatedAt,
+                data: decryptedCredential.data
+            };
+            return this._convertCredentialIds(credential);
+        } catch (error) {
+            console.error(`Failed to fetch/decrypt credential ${id}:`, error.message);
+            // Return null instead of throwing to allow graceful degradation
+            // This repository is read-only (doesn't create/update credentials)
+            // Entities can still be loaded even if their credential is corrupted/unreadable
+            // The entity will have null credential, which calling code must handle
+            // This is intentional behavior: prefer partial data over complete failure
+            return null;
+        }
+    }
+    async _fetchCredentialsBulk(credentialIds) {
+        const ids = (credentialIds || [])
+            .map((value) => fromObjectId(value))
+            .filter((value) => value !== null && value !== undefined);
+        if (ids.length === 0) return new Map();
+        try {
+            // Convert string IDs to ObjectIds for bulk query
+            const objectIds = ids.map(id => toObjectId(id)).filter(Boolean);
+            if (objectIds.length === 0) return new Map();
+            // Use raw findMany to bypass Prisma encryption extension
+            const rawCredentials = await findMany(this.prisma, 'Credential', {
+                _id: { $in: objectIds }
+            });
+            // Decrypt all credentials in parallel
+            const decryptionPromises = rawCredentials.map(async (rawCredential) => {
+                try {
+                    // Decrypt sensitive fields using service
+                    const decryptedCredential = await this.encryptionService.decryptFields('Credential', rawCredential);
+                    // Build credential object in same format as Prisma would return
+                    const credential = {
+                        id: fromObjectId(decryptedCredential._id),
+                        userId: fromObjectId(decryptedCredential.userId),
+                        externalId: decryptedCredential.externalId ?? null,
+                        authIsValid: decryptedCredential.authIsValid ?? null,
+                        createdAt: decryptedCredential.createdAt,
+                        updatedAt: decryptedCredential.updatedAt,
+                        data: decryptedCredential.data
+                    };
+                    return this._convertCredentialIds(credential);
+                } catch (error) {
+                    const credId = fromObjectId(rawCredential._id);
+                    console.error(`Failed to decrypt credential ${credId}:`, error.message);
+                    return null;
+                }
+            });
+            // Wait for all decryptions to complete
+            const decryptedCredentials = await Promise.all(decryptionPromises);
+            // Build Map from results, filtering out nulls
+            const map = new Map();
+            decryptedCredentials.forEach(credential => {
+                if (credential) {
+                    map.set(credential.id, credential);
+                }
+            });
+            return map;
+        } catch (error) {
+            console.error('Failed to fetch credentials bulk:', error.message);
+            return new Map();
+        }
+    }
+    /**
+     * Convert credential object IDs to strings for application layer
+     * Ensures consistent credential format across database adapters
+     * @private
+     * @param {Object|null} credential - Credential object from database
+     * @returns {Object|null} Credential with properly formatted IDs
+     */
+    _convertCredentialIds(credential) {
+        if (!credential) return credential;
+        return {
+            ...credential,
+            id: credential.id ? String(credential.id) : null,
+            userId: credential.userId ? String(credential.userId) : null,
+        };
+    }
+    _buildFilter(filter) {
+        const query = {};
+        if (!filter) return query;
+        if (filter._id || filter.id) {
+            const idObj = toObjectId(filter._id || filter.id);
+            if (idObj) query._id = idObj;
+        }
+        if (filter.user || filter.userId) {
+            const userObj = toObjectId(filter.user || filter.userId);
+            if (userObj) query.userId = userObj;
+        }
+        if (filter.credential || filter.credentialId) {
+            const credObj = toObjectId(filter.credential || filter.credentialId);
+            if (credObj) query.credentialId = credObj;
+        }
+        if (filter.name) query.name = filter.name;
+        if (filter.moduleName) query.moduleName = filter.moduleName;
+        if (filter.externalId) query.externalId = filter.externalId;
+        return query;
+    }
+    _mapEntity(doc, credential) {
+        const dynamicData = doc?.data || {};
+        return {
+            id: fromObjectId(doc?._id),
+            credential,
+            userId: fromObjectId(doc?.userId),
+            name: doc?.name ?? null,
+            externalId: doc?.externalId ?? null,
+            moduleName: doc?.moduleName ?? null,
+            ...dynamicData,
+        };
+    }
+}
+module.exports = { ModuleRepositoryDocumentDB };

package/modules/repositories/module-repository-factory.js ADDED Viewed

@@ -0,0 +1,40 @@
+const { ModuleRepositoryMongo } = require('./module-repository-mongo');
+const { ModuleRepositoryPostgres } = require('./module-repository-postgres');
+const {
+    ModuleRepositoryDocumentDB,
+} = require('./module-repository-documentdb');
+const config = require('../../database/config');
+/**
+ * Module Repository Factory
+ * Creates the appropriate repository adapter based on database type
+ *
+ * @returns {ModuleRepositoryInterface} Configured repository adapter
+ */
+function createModuleRepository() {
+    const dbType = config.DB_TYPE;
+    switch (dbType) {
+        case 'mongodb':
+            return new ModuleRepositoryMongo();
+        case 'postgresql':
+            return new ModuleRepositoryPostgres();
+        case 'documentdb':
+            return new ModuleRepositoryDocumentDB();
+        default:
+            throw new Error(
+                `Unsupported database type: ${dbType}. Supported values: 'mongodb', 'documentdb', 'postgresql'`
+            );
+    }
+}
+module.exports = {
+    createModuleRepository,
+    // Export adapters for direct testing
+    ModuleRepositoryMongo,
+    ModuleRepositoryPostgres,
+    ModuleRepositoryDocumentDB,
+};