npm - @jmruthers/pace-core - Versions diffs - 0.5.108 → 0.5.109 - Mend

@jmruthers/pace-core 0.5.108 → 0.5.109

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (177) hide show

package/src/services/__tests__/AuthService.test.ts CHANGED Viewed

@@ -640,4 +640,188 @@ describe('AuthService', () => {
       expect(authService.isAuthenticated()).toBe(false);
     });
   });
+  describe('Automatic Session Tracking', () => {
+    beforeEach(() => {
+      // Mock rpc function for session tracking
+      (mockSupabase as any).rpc = vi.fn();
+      // Mock from().select() chain for app ID resolution
+      (mockSupabase as any).from = vi.fn().mockReturnValue({
+        select: vi.fn().mockReturnValue({
+          eq: vi.fn().mockReturnValue({
+            eq: vi.fn().mockReturnValue({
+              single: vi.fn().mockResolvedValue({
+                data: { id: 'app-id-123' },
+                error: null
+              })
+            })
+          })
+        })
+      });
+    });
+    it('should track login session automatically on SIGNED_IN event', async () => {
+      const mockUser = { id: 'user-123', email: 'test@example.com' };
+      const mockSession = { access_token: 'token', user: mockUser };
+      (mockSupabase as any).rpc.mockResolvedValue({ error: null });
+      let authStateCallback: any;
+      mockSupabase.auth.onAuthStateChange.mockImplementation((callback) => {
+        authStateCallback = callback;
+        return { data: { subscription: { unsubscribe: vi.fn() } } };
+      });
+      // Initialize with appName to test app ID resolution
+      const authServiceWithApp = new AuthService(mockSupabase as any, 'TEST_APP');
+      await authServiceWithApp.initialize();
+      // Simulate SIGNED_IN event
+      if (authStateCallback) {
+        authStateCallback('SIGNED_IN', mockSession);
+        // Wait a bit for async tracking to complete
+        await new Promise(resolve => setTimeout(resolve, 100));
+        // Verify rbac_session_track was called with correct parameters
+        expect((mockSupabase as any).rpc).toHaveBeenCalledWith('rbac_session_track', expect.objectContaining({
+          p_user_id: 'user-123',
+          p_session_type: 'login',
+          p_event_id: null,
+          p_app_id: 'app-id-123', // Should be resolved from appName
+          p_user_agent: expect.any(String), // navigator.userAgent
+        }));
+      }
+      authServiceWithApp.cleanup();
+    });
+    it('should track logout session automatically on SIGNED_OUT event', async () => {
+      const mockUser = { id: 'user-123', email: 'test@example.com' };
+      const mockSession = { access_token: 'token', user: mockUser };
+      (mockSupabase as any).rpc.mockResolvedValue({ error: null });
+      let authStateCallback: any;
+      mockSupabase.auth.onAuthStateChange.mockImplementation((callback) => {
+        authStateCallback = callback;
+        return { data: { subscription: { unsubscribe: vi.fn() } } };
+      });
+      const authServiceWithApp = new AuthService(mockSupabase as any, 'TEST_APP');
+      await authServiceWithApp.initialize();
+      // Simulate SIGNED_OUT event
+      if (authStateCallback) {
+        authStateCallback('SIGNED_OUT', mockSession);
+        // Wait a bit for async tracking to complete
+        await new Promise(resolve => setTimeout(resolve, 100));
+        // Verify rbac_session_track was called with logout type
+        expect((mockSupabase as any).rpc).toHaveBeenCalledWith('rbac_session_track', expect.objectContaining({
+          p_user_id: 'user-123',
+          p_session_type: 'logout',
+        }));
+      }
+      authServiceWithApp.cleanup();
+    });
+    it('should NOT track session on TOKEN_REFRESHED event (to avoid duplicate login records)', async () => {
+      const mockUser = { id: 'user-123', email: 'test@example.com' };
+      const mockSession = { access_token: 'new_token', user: mockUser };
+      (mockSupabase as any).rpc.mockResolvedValue({ error: null });
+      let authStateCallback: any;
+      mockSupabase.auth.onAuthStateChange.mockImplementation((callback) => {
+        authStateCallback = callback;
+        return { data: { subscription: { unsubscribe: vi.fn() } } };
+      });
+      const authServiceWithApp = new AuthService(mockSupabase as any, 'TEST_APP');
+      await authServiceWithApp.initialize();
+      // Simulate TOKEN_REFRESHED event
+      if (authStateCallback) {
+        authStateCallback('TOKEN_REFRESHED', mockSession);
+        // Wait a bit for any async operations
+        await new Promise(resolve => setTimeout(resolve, 100));
+        // Verify rbac_session_track was NOT called
+        expect((mockSupabase as any).rpc).not.toHaveBeenCalled();
+      }
+      authServiceWithApp.cleanup();
+    });
+    it('should handle tracking errors gracefully without breaking authentication', async () => {
+      const mockUser = { id: 'user-123', email: 'test@example.com' };
+      const mockSession = { access_token: 'token', user: mockUser };
+      const consoleWarnSpy = vi.spyOn(console, 'warn').mockImplementation(() => {});
+      (mockSupabase as any).rpc.mockRejectedValue(new Error('Tracking failed'));
+      let authStateCallback: any;
+      mockSupabase.auth.onAuthStateChange.mockImplementation((callback) => {
+        authStateCallback = callback;
+        return { data: { subscription: { unsubscribe: vi.fn() } } };
+      });
+      const authServiceWithApp = new AuthService(mockSupabase as any, 'TEST_APP');
+      await authServiceWithApp.initialize();
+      // Simulate SIGNED_IN event
+      if (authStateCallback) {
+        authStateCallback('SIGNED_IN', mockSession);
+        // Wait a bit for async tracking to complete
+        await new Promise(resolve => setTimeout(resolve, 100));
+        // Verify error was logged but authentication still succeeded
+        // When rpc throws an exception, it goes to catch block which logs "Error tracking"
+        expect(consoleWarnSpy).toHaveBeenCalledWith(
+          expect.stringContaining('Error tracking login session'),
+          expect.anything()
+        );
+        expect(authServiceWithApp.isAuthenticated()).toBe(true);
+      }
+      consoleWarnSpy.mockRestore();
+      authServiceWithApp.cleanup();
+    });
+    it('should work without appName (app_id will be null)', async () => {
+      const mockUser = { id: 'user-123', email: 'test@example.com' };
+      const mockSession = { access_token: 'token', user: mockUser };
+      (mockSupabase as any).rpc.mockResolvedValue({ error: null });
+      let authStateCallback: any;
+      mockSupabase.auth.onAuthStateChange.mockImplementation((callback) => {
+        authStateCallback = callback;
+        return { data: { subscription: { unsubscribe: vi.fn() } } };
+      });
+      // Initialize without appName
+      await authService.initialize();
+      // Simulate SIGNED_IN event
+      if (authStateCallback) {
+        authStateCallback('SIGNED_IN', mockSession);
+        // Wait a bit for async tracking to complete
+        await new Promise(resolve => setTimeout(resolve, 100));
+        // Verify rbac_session_track was called with null app_id
+        expect((mockSupabase as any).rpc).toHaveBeenCalledWith('rbac_session_track', expect.objectContaining({
+          p_user_id: 'user-123',
+          p_session_type: 'login',
+          p_app_id: undefined, // Should be undefined when appName not provided
+        }));
+      }
+    });
+  });
 });

package/src/types/database.ts CHANGED Viewed

@@ -387,26 +387,38 @@ export interface Database {
         Row: {
           id: string;
           user_id: string;
-          email: string | null;
-          app_id: string | null;
+          email: string;  // NOT NULL in schema
           event_id: string | null;
-          created_at: string;
+          login_timestamp: string;  // Changed from created_at to login_timestamp
+          session_id: string;  // NOT NULL in schema
+          user_agent: string | null;
+          ip_address: string | null;
+          organisation_id: string;  // NOT NULL in schema
+          app_id: string | null;  // Added in migration
         };
         Insert: {
           id?: string;
           user_id: string;
-          email?: string | null;
-          app_id?: string | null;
+          email: string;  // Required, NOT NULL
           event_id?: string | null;
-          created_at?: string;
+          login_timestamp?: string;
+          session_id: string;  // Required, NOT NULL
+          user_agent?: string | null;
+          ip_address?: string | null;
+          organisation_id: string;  // Required, NOT NULL
+          app_id?: string | null;
         };
         Update: {
           id?: string;
           user_id?: string;
-          email?: string | null;
-          app_id?: string | null;
+          email?: string;
           event_id?: string | null;
-          created_at?: string;
+          login_timestamp?: string;
+          session_id?: string;
+          user_agent?: string | null;
+          ip_address?: string | null;
+          organisation_id?: string;
+          app_id?: string | null;
         };
       };
       rbac_audit_events: {

package/src/types/rbac-functions.ts CHANGED Viewed

@@ -30,10 +30,11 @@ export interface RBACPermissionCheckResult {
 }
 export interface RBACPermissionsGetParams {
-  p_user_id?: UUID;
+  p_user_id: UUID; // REQUIRED - no default, must be explicitly provided
   p_organisation_id?: UUID;
   p_event_id?: string;
   p_app_id?: UUID;
+  p_page_id?: UUID;
 }
 export interface RBACPermissionsGetResult {

package/src/utils/__tests__/sessionTracking.unit.test.ts CHANGED Viewed

@@ -27,102 +27,6 @@ describe('sessionTracking', () => {
     } as unknown as SupabaseClient;
   });
-    describe('trackLogin', () => {
-    it('should track login successfully', async () => {
-      const mockUser = { id: 'user-123', email: 'test@example.com' };
-      const mockGetUser = vi.fn().mockResolvedValue({ data: { user: mockUser } });
-      const mockRpc = vi.fn().mockResolvedValue({ error: null });
-      mockSupabase.auth.getUser = mockGetUser;
-      mockSupabase.rpc = mockRpc;
-      // Import the module after setting up mocks
-      vi.resetModules();
-      const { useSessionTracking } = await import('../sessionTracking');
-      trackingFunctions = useSessionTracking(mockSupabase, 'test-app');
-      await trackingFunctions.trackLogin('event-123');
-      expect(mockGetUser).toHaveBeenCalled();
-      expect(mockRpc).toHaveBeenCalledWith('rbac_session_track', {
-        p_user_id: 'user-123',
-        p_session_type: 'login',
-        p_event_id: 'event-123',
-        p_app_id: undefined,
-        p_ip_address: undefined,
-        p_user_agent: undefined
-      });
-      expect(consoleSpy.log).toHaveBeenCalledWith('Login session tracked successfully');
-    });
-    it('should track login without event ID', async () => {
-      const mockUser = { id: 'user-123', email: 'test@example.com' };
-      const mockGetUser = vi.fn().mockResolvedValue({ data: { user: mockUser } });
-      const mockRpc = vi.fn().mockResolvedValue({ error: null });
-      mockSupabase.auth.getUser = mockGetUser;
-      mockSupabase.rpc = mockRpc;
-      vi.resetModules();
-      const { useSessionTracking } = await import('../sessionTracking');
-      trackingFunctions = useSessionTracking(mockSupabase, 'test-app');
-      await trackingFunctions.trackLogin();
-      expect(mockRpc).toHaveBeenCalledWith('rbac_session_track', {
-        p_user_id: 'user-123',
-        p_session_type: 'login',
-        p_event_id: undefined,
-        p_app_id: undefined,
-        p_ip_address: undefined,
-        p_user_agent: undefined
-      });
-    });
-    it('should handle no authenticated user', async () => {
-      const mockGetUser = vi.fn().mockResolvedValue({ data: { user: null } });
-      mockSupabase.auth.getUser = mockGetUser;
-      vi.resetModules();
-      const { useSessionTracking } = await import('../sessionTracking');
-      trackingFunctions = useSessionTracking(mockSupabase, 'test-app');
-      await trackingFunctions.trackLogin();
-      expect(consoleSpy.warn).toHaveBeenCalledWith('No authenticated user found for session tracking');
-    });
-    it('should handle tracking error', async () => {
-      const mockUser = { id: 'user-123', email: 'test@example.com' };
-      const mockGetUser = vi.fn().mockResolvedValue({ data: { user: mockUser } });
-      const mockRpc = vi.fn().mockResolvedValue({ error: { message: 'Database error' } });
-      mockSupabase.auth.getUser = mockGetUser;
-      mockSupabase.rpc = mockRpc;
-      vi.resetModules();
-      const { useSessionTracking } = await import('../sessionTracking');
-      trackingFunctions = useSessionTracking(mockSupabase, 'test-app');
-      await trackingFunctions.trackLogin();
-      expect(consoleSpy.error).toHaveBeenCalledWith('Failed to track login session:', { message: 'Database error' });
-    });
-    it('should handle unexpected errors', async () => {
-      const mockGetUser = vi.fn().mockRejectedValue(new Error('Auth error'));
-      mockSupabase.auth.getUser = mockGetUser;
-      vi.resetModules();
-      const { useSessionTracking } = await import('../sessionTracking');
-      trackingFunctions = useSessionTracking(mockSupabase, 'test-app');
-      await trackingFunctions.trackLogin();
-      expect(consoleSpy.error).toHaveBeenCalledWith('Failed to track login:', expect.any(Error));
-    });
-  });
   describe('trackEventSwitch', () => {
     it('should track event switch successfully', async () => {
       const mockUser = { id: 'user-123', email: 'test@example.com' };
@@ -193,76 +97,6 @@ describe('sessionTracking', () => {
     });
   });
-  describe('trackLogout', () => {
-    it('should track logout successfully', async () => {
-      const mockUser = { id: 'user-123', email: 'test@example.com' };
-      const mockGetUser = vi.fn().mockResolvedValue({ data: { user: mockUser } });
-      const mockRpc = vi.fn().mockResolvedValue({ error: null });
-      mockSupabase.auth.getUser = mockGetUser;
-      mockSupabase.rpc = mockRpc;
-      vi.resetModules();
-      const { useSessionTracking } = await import('../sessionTracking');
-      trackingFunctions = useSessionTracking(mockSupabase, 'test-app');
-      await trackingFunctions.trackLogout();
-      expect(mockRpc).toHaveBeenCalledWith('rbac_session_track', {
-        p_user_id: 'user-123',
-        p_session_type: 'logout',
-        p_event_id: undefined,
-        p_app_id: undefined,
-        p_ip_address: undefined,
-        p_user_agent: undefined
-      });
-      expect(consoleSpy.log).toHaveBeenCalledWith('Logout session tracked successfully');
-    });
-    it('should handle no authenticated user', async () => {
-      const mockGetUser = vi.fn().mockResolvedValue({ data: { user: null } });
-      mockSupabase.auth.getUser = mockGetUser;
-      vi.resetModules();
-      const { useSessionTracking } = await import('../sessionTracking');
-      trackingFunctions = useSessionTracking(mockSupabase, 'test-app');
-      await trackingFunctions.trackLogout();
-      expect(consoleSpy.warn).toHaveBeenCalledWith('No authenticated user found for session tracking');
-    });
-    it('should handle tracking error', async () => {
-      const mockUser = { id: 'user-123', email: 'test@example.com' };
-      const mockGetUser = vi.fn().mockResolvedValue({ data: { user: mockUser } });
-      const mockRpc = vi.fn().mockResolvedValue({ error: { message: 'Database error' } });
-      mockSupabase.auth.getUser = mockGetUser;
-      mockSupabase.rpc = mockRpc;
-      vi.resetModules();
-      const { useSessionTracking } = await import('../sessionTracking');
-      trackingFunctions = useSessionTracking(mockSupabase, 'test-app');
-      await trackingFunctions.trackLogout();
-      expect(consoleSpy.error).toHaveBeenCalledWith('Failed to track logout session:', { message: 'Database error' });
-    });
-    it('should handle unexpected errors', async () => {
-      const mockGetUser = vi.fn().mockRejectedValue(new Error('Auth error'));
-      mockSupabase.auth.getUser = mockGetUser;
-      vi.resetModules();
-      const { useSessionTracking } = await import('../sessionTracking');
-      trackingFunctions = useSessionTracking(mockSupabase, 'test-app');
-      await trackingFunctions.trackLogout();
-      expect(consoleSpy.error).toHaveBeenCalledWith('Failed to track logout:', expect.any(Error));
-    });
-  });
   describe('trackSessionExpired', () => {
     it('should track session expiration successfully', async () => {
       const mockUser = { id: 'user-123', email: 'test@example.com' };
@@ -339,10 +173,11 @@ describe('sessionTracking', () => {
       const { useSessionTracking } = await import('../sessionTracking');
       const trackingWithoutApp = useSessionTracking(mockSupabase);
-      expect(trackingWithoutApp).toHaveProperty('trackLogin');
       expect(trackingWithoutApp).toHaveProperty('trackEventSwitch');
-      expect(trackingWithoutApp).toHaveProperty('trackLogout');
       expect(trackingWithoutApp).toHaveProperty('trackSessionExpired');
+      // trackLogin and trackLogout are no longer available (auto-tracked by UnifiedAuthProvider)
+      expect(trackingWithoutApp).not.toHaveProperty('trackLogin');
+      expect(trackingWithoutApp).not.toHaveProperty('trackLogout');
     });
     it('should pass undefined app name to tracking calls', async () => {
@@ -357,12 +192,12 @@ describe('sessionTracking', () => {
       const { useSessionTracking } = await import('../sessionTracking');
       const trackingWithoutApp = useSessionTracking(mockSupabase);
-      await trackingWithoutApp.trackLogin();
+      await trackingWithoutApp.trackEventSwitch('event-123');
       expect(mockRpc).toHaveBeenCalledWith('rbac_session_track', {
         p_user_id: 'user-123',
-        p_session_type: 'login',
-        p_event_id: undefined,
+        p_session_type: 'event_switch',
+        p_event_id: 'event-123',
         p_app_id: undefined,
         p_ip_address: undefined,
         p_user_agent: undefined

package/src/utils/sessionTracking.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import type { SupabaseClient } from '@supabase/supabase-js';
 // Define the tracking parameters locally since old RBAC types are removed
 interface TrackUserSessionParams {
-  p_session_type: 'login' | 'logout' | 'event_switch' | 'session_expired';
+  p_session_type: 'event_switch' | 'session_expired';
   p_event_id?: string;
   p_app_id?: string;
   ip_address?: string;
@@ -10,10 +10,14 @@ interface TrackUserSessionParams {
 }
 /**
- * Hook for tracking user sessions and event interactions using the new RBAC system
+ * Hook for manual session tracking (event switches and session expiration).
+ *
+ * Note: Login and logout tracking is automatically handled by UnifiedAuthProvider.
+ * You should only use this hook for tracking event switches or session expirations.
+ *
  * @param supabaseClient - Supabase client instance
  * @param appName - Optional application name for tracking
- * @returns Object containing tracking functions
+ * @returns Object containing tracking functions for event switches and session expiration
  */
 export function useSessionTracking(supabaseClient: SupabaseClient, appName?: string) {
   // Resolve app name to app_id
@@ -39,45 +43,6 @@ export function useSessionTracking(supabaseClient: SupabaseClient, appName?: str
       return undefined;
     }
   };
-  /**
-   * Track a user login event
-   * @param eventId - Optional event ID to associate with the login
-   */
-  const trackLogin = async (eventId?: string) => {
-    try {
-      const { data: { user } } = await supabaseClient.auth.getUser();
-      if (!user) {
-        console.warn('No authenticated user found for session tracking');
-        return;
-      }
-      const appId = await resolveAppId();
-      const params: TrackUserSessionParams = {
-        p_session_type: 'login',
-        p_event_id: eventId,
-        p_app_id: appId
-      };
-      const { error } = await supabaseClient.rpc('rbac_session_track', {
-        p_user_id: user?.id,
-        p_session_type: params.p_session_type,
-        p_event_id: params.p_event_id,
-        p_app_id: params.p_app_id,
-        p_ip_address: params.ip_address,
-        p_user_agent: params.user_agent
-      });
-      if (error) {
-        console.error('Failed to track login session:', error);
-      } else {
-        console.log('Login session tracked successfully');
-      }
-    } catch (error) {
-      console.error('Failed to track login:', error);
-    }
-  };
   /**
    * Track an event switch
    * @param eventId - ID of the event being switched to
@@ -117,43 +82,6 @@ export function useSessionTracking(supabaseClient: SupabaseClient, appName?: str
     }
   };
-  /**
-   * Track a user logout event
-   */
-  const trackLogout = async () => {
-    try {
-      const { data: { user } } = await supabaseClient.auth.getUser();
-      if (!user) {
-        console.warn('No authenticated user found for session tracking');
-        return;
-      }
-      const appId = await resolveAppId();
-      const params: TrackUserSessionParams = {
-        p_session_type: 'logout',
-        p_app_id: appId
-      };
-      const { error } = await supabaseClient.rpc('rbac_session_track', {
-        p_user_id: user?.id,
-        p_session_type: params.p_session_type,
-        p_event_id: params.p_event_id,
-        p_app_id: params.p_app_id,
-        p_ip_address: params.ip_address,
-        p_user_agent: params.user_agent
-      });
-      if (error) {
-        console.error('Failed to track logout session:', error);
-      } else {
-        console.log('Logout session tracked successfully');
-      }
-    } catch (error) {
-      console.error('Failed to track logout:', error);
-    }
-  };
   /**
    * Track a session expiration
    */
@@ -192,9 +120,7 @@ export function useSessionTracking(supabaseClient: SupabaseClient, appName?: str
   };
   return {
-    trackLogin,
     trackEventSwitch,
-    trackLogout,
     trackSessionExpired
   };
 }