@jskit-ai/users-core 0.1.32 → 0.1.35

package/src/server/usersBootstrapContributor.js

@@ -0,0 +1,248 @@
+import { AppError } from "@jskit-ai/kernel/server/runtime";
+import { requireServiceMethod } from "@jskit-ai/kernel/shared/actions/actionContributorHelpers";
+import { normalizeLowerText, normalizeText } from "@jskit-ai/kernel/shared/actions/textNormalization";
+import {
+  TENANCY_MODE_NONE,
+  TENANCY_MODE_PERSONAL,
+  TENANCY_MODE_WORKSPACES,
+  WORKSPACE_SLUG_POLICY_NONE,
+  WORKSPACE_SLUG_POLICY_IMMUTABLE_USERNAME,
+  WORKSPACE_SLUG_POLICY_USER_SELECTED,
+  resolveTenancyProfile
+} from "../shared/tenancyProfile.js";
+import { accountAvatarFormatter } from "./common/formatters/accountAvatarFormatter.js";
+import { authenticatedUserValidator } from "./common/validators/authenticatedUserValidator.js";
+import { userSettingsFields } from "../shared/resources/userSettingsFields.js";
+
+function getOAuthProviderCatalogPayload(authService) {
+  if (!authService || typeof authService.getOAuthProviderCatalog !== "function") {
+    return {
+      oauthProviders: [],
+      oauthDefaultProvider: null
+    };
+  }
+
+  const catalog = authService.getOAuthProviderCatalog();
+  const providers = Array.isArray(catalog?.providers)
+    ? catalog.providers
+        .map((provider) => ({
+          id: normalizeLowerText(provider?.id),
+          label: normalizeText(provider?.label)
+        }))
+        .filter((provider) => provider.id && provider.label)
+    : [];
+  const defaultProvider = normalizeLowerText(catalog?.defaultProvider);
+
+  return {
+    oauthProviders: providers,
+    oauthDefaultProvider: providers.some((provider) => provider.id === defaultProvider) ? defaultProvider : null
+  };
+}
+
+function normalizeBoolean(value, fallback) {
+  if (typeof value === "boolean") {
+    return value;
+  }
+  if (typeof value === "string") {
+    const normalized = normalizeLowerText(value);
+    if (normalized === "true") {
+      return true;
+    }
+    if (normalized === "false") {
+      return false;
+    }
+  }
+  return fallback;
+}
+
+function resolveAppState(appConfig = {}, { workspaceInvitationsEnabled = false } = {}) {
+  const features = {
+    workspaceSwitching: normalizeBoolean(appConfig.workspaceSwitching, false),
+    workspaceInvites: workspaceInvitationsEnabled === true,
+    assistantEnabled: normalizeBoolean(appConfig.assistantEnabled, false),
+    assistantRequiredPermission: normalizeText(appConfig.assistantRequiredPermission),
+    socialEnabled: normalizeBoolean(appConfig.socialEnabled, false),
+    socialFederationEnabled: normalizeBoolean(appConfig.socialFederationEnabled, false)
+  };
+
+  return {
+    features
+  };
+}
+
+function normalizeSlugPolicy(value = "") {
+  const normalizedValue = normalizeLowerText(value);
+  if (
+    normalizedValue === WORKSPACE_SLUG_POLICY_IMMUTABLE_USERNAME ||
+    normalizedValue === WORKSPACE_SLUG_POLICY_USER_SELECTED
+  ) {
+    return normalizedValue;
+  }
+  return WORKSPACE_SLUG_POLICY_NONE;
+}
+
+function isSupportedTenancyMode(value = "") {
+  return value === TENANCY_MODE_NONE || value === TENANCY_MODE_PERSONAL || value === TENANCY_MODE_WORKSPACES;
+}
+
+function resolveBootstrapTenancyProfile(tenancyProfile = null, appConfig = {}) {
+  const fallback = resolveTenancyProfile(appConfig);
+  const source = tenancyProfile && typeof tenancyProfile === "object" ? tenancyProfile : fallback;
+  const mode = isSupportedTenancyMode(source?.mode) ? source.mode : fallback.mode;
+  const workspace = source?.workspace && typeof source.workspace === "object" ? source.workspace : fallback.workspace;
+
+  return Object.freeze({
+    mode,
+    workspace: Object.freeze({
+      enabled: workspace.enabled === true,
+      autoProvision: workspace.autoProvision === true,
+      allowSelfCreate: workspace.allowSelfCreate === true,
+      slugPolicy: normalizeSlugPolicy(workspace.slugPolicy)
+    })
+  });
+}
+
+function createAnonymousBootstrapPayload({ appState, tenancyProfile }) {
+  return {
+    session: {
+      authenticated: false
+    },
+    profile: null,
+    tenancy: tenancyProfile,
+    app: appState,
+    workspaces: [],
+    pendingInvites: [],
+    activeWorkspace: null,
+    membership: null,
+    requestedWorkspace: null,
+    permissions: [],
+    surfaceAccess: {
+      consoleowner: false
+    },
+    workspaceSettings: null,
+    userSettings: null,
+    requestMeta: {
+      hasRequest: false
+    }
+  };
+}
+
+function mapUserSettingsBootstrap(settings = {}) {
+  const source = settings && typeof settings === "object" ? settings : {};
+  const mapped = {};
+
+  for (const field of userSettingsFields) {
+    if (field.includeInBootstrap === false) {
+      continue;
+    }
+    const rawValue = Object.hasOwn(source, field.key)
+      ? source[field.key]
+      : field.resolveDefault({
+          settings: source
+        });
+    mapped[field.key] = field.normalizeOutput(rawValue, {
+      settings: source
+    });
+  }
+
+  return mapped;
+}
+
+function createUsersBootstrapContributor({
+  usersRepository,
+  userSettingsRepository,
+  appConfig = {},
+  tenancyProfile = null,
+  authService,
+  consoleService = null
+} = {}) {
+  const contributorId = "users.bootstrap";
+  const appState = resolveAppState(appConfig);
+  const resolvedTenancyProfile = resolveBootstrapTenancyProfile(tenancyProfile, appConfig);
+
+  requireServiceMethod(usersRepository, "findById", contributorId, {
+    serviceLabel: "usersRepository"
+  });
+  requireServiceMethod(userSettingsRepository, "ensureForUserId", contributorId, {
+    serviceLabel: "userSettingsRepository"
+  });
+
+  return Object.freeze({
+    contributorId,
+    async contribute({ request = null, reply = null } = {}) {
+      const authResult = await request.executeAction({
+        actionId: "auth.session.read"
+      });
+
+      if (authResult?.clearSession === true && typeof authService?.clearSessionCookies === "function") {
+        authService.clearSessionCookies(reply);
+      }
+      if (authResult?.session && typeof authService?.writeSessionCookies === "function") {
+        authService.writeSessionCookies(reply, authResult.session);
+      }
+      if (authResult?.transientFailure === true) {
+        throw new AppError(503, "Authentication service temporarily unavailable. Please retry.");
+      }
+
+      const normalizedUser = authenticatedUserValidator.normalize(authResult?.authenticated ? authResult?.profile : null);
+      let payload = createAnonymousBootstrapPayload({
+        appState,
+        tenancyProfile: resolvedTenancyProfile
+      });
+
+      if (normalizedUser) {
+        const latestProfile = (await usersRepository.findById(normalizedUser.id)) || normalizedUser;
+        const userSettings = await userSettingsRepository.ensureForUserId(latestProfile.id);
+
+        let seededConsoleOwnerUserId = 0;
+        if (
+          consoleService &&
+          typeof consoleService.ensureInitialConsoleMember === "function"
+        ) {
+          seededConsoleOwnerUserId = Number(await consoleService.ensureInitialConsoleMember(latestProfile.id));
+        }
+
+        payload = {
+          session: {
+            authenticated: true,
+            userId: latestProfile.id
+          },
+          profile: {
+            displayName: latestProfile.displayName,
+            email: latestProfile.email,
+            avatar: accountAvatarFormatter(latestProfile, userSettings)
+          },
+          tenancy: resolvedTenancyProfile,
+          app: appState,
+          workspaces: [],
+          pendingInvites: [],
+          activeWorkspace: null,
+          membership: null,
+          requestedWorkspace: null,
+          permissions: [],
+          surfaceAccess: {
+            consoleowner: seededConsoleOwnerUserId > 0 && seededConsoleOwnerUserId === Number(latestProfile.id)
+          },
+          workspaceSettings: null,
+          userSettings: mapUserSettingsBootstrap(userSettings),
+          requestMeta: {
+            hasRequest: Boolean(request)
+          }
+        };
+      }
+
+      const oauthCatalogPayload = getOAuthProviderCatalogPayload(authService);
+      const session = payload?.session && typeof payload.session === "object" ? payload.session : { authenticated: false };
+
+      return {
+        ...payload,
+        session: {
+          ...session,
+          ...oauthCatalogPayload
+        }
+      };
+    }
+  });
+}
+
+export { createUsersBootstrapContributor };

package/src/server/workspaceBootstrapContributor.js

@@ -1,13 +1,7 @@
-import { AppError } from "@jskit-ai/kernel/server/runtime";
 import { requireServiceMethod } from "@jskit-ai/kernel/shared/actions/actionContributorHelpers";
-import { normalizeLowerText, normalizeText } from "@jskit-ai/kernel/shared/actions/textNormalization";
+import { normalizeLowerText } from "@jskit-ai/kernel/shared/actions/textNormalization";
 import {
   TENANCY_MODE_NONE,
-  TENANCY_MODE_PERSONAL,
-  TENANCY_MODE_WORKSPACES,
-  WORKSPACE_SLUG_POLICY_NONE,
-  WORKSPACE_SLUG_POLICY_IMMUTABLE_USERNAME,
-  WORKSPACE_SLUG_POLICY_USER_SELECTED,
   resolveTenancyProfile
 } from "../shared/tenancyProfile.js";
 import { workspacePendingInvitationsResource } from "../shared/resources/workspacePendingInvitationsResource.js";
@@ -16,9 +10,6 @@ import {
   mapWorkspaceSettingsPublic,
   mapWorkspaceSummary
 } from "./common/formatters/workspaceFormatter.js";
-import { accountAvatarFormatter } from "./common/formatters/accountAvatarFormatter.js";
-import { authenticatedUserValidator } from "./common/validators/authenticatedUserValidator.js";
-import { userSettingsFields } from "../shared/resources/userSettingsFields.js";
 
 const REQUESTED_WORKSPACE_STATUS_RESOLVED = "resolved";
 const REQUESTED_WORKSPACE_STATUS_NOT_FOUND = "not_found";
@@ -31,47 +22,6 @@ function normalizePendingInvites(invites) {
   }).pendingInvites;
 }
 
-function getOAuthProviderCatalogPayload(authService) {
-  if (!authService || typeof authService.getOAuthProviderCatalog !== "function") {
-    return {
-      oauthProviders: [],
-      oauthDefaultProvider: null
-    };
-  }
-
-  const catalog = authService.getOAuthProviderCatalog();
-  const providers = Array.isArray(catalog?.providers)
-    ? catalog.providers
-        .map((provider) => ({
-          id: normalizeLowerText(provider?.id),
-          label: normalizeText(provider?.label)
-        }))
-        .filter((provider) => provider.id && provider.label)
-    : [];
-  const defaultProvider = normalizeLowerText(catalog?.defaultProvider);
-
-  return {
-    oauthProviders: providers,
-    oauthDefaultProvider: providers.some((provider) => provider.id === defaultProvider) ? defaultProvider : null
-  };
-}
-
-function normalizeBoolean(value, fallback) {
-  if (typeof value === "boolean") {
-    return value;
-  }
-  if (typeof value === "string") {
-    const normalized = normalizeLowerText(value);
-    if (normalized === "true") {
-      return true;
-    }
-    if (normalized === "false") {
-      return false;
-    }
-  }
-  return fallback;
-}
-
 function normalizeQueryPayload(value = {}) {
   if (!value || typeof value !== "object" || Array.isArray(value)) {
     return {};
@@ -137,111 +87,28 @@ function resolveRequestedWorkspaceStatusFromError(error) {
   return "";
 }
 
-function resolveAppState(appConfig = {}, { workspaceInvitationsEnabled = true } = {}) {
-  const features = {
-    workspaceSwitching: normalizeBoolean(appConfig.workspaceSwitching, true),
-    workspaceInvites: workspaceInvitationsEnabled === true,
-    assistantEnabled: normalizeBoolean(appConfig.assistantEnabled, false),
-    assistantRequiredPermission: normalizeText(appConfig.assistantRequiredPermission),
-    socialEnabled: normalizeBoolean(appConfig.socialEnabled, false),
-    socialFederationEnabled: normalizeBoolean(appConfig.socialFederationEnabled, false)
-  };
-
-  return {
-    features
-  };
-}
-
-function normalizeSlugPolicy(value = "") {
-  const normalizedValue = normalizeLowerText(value);
-  if (
-    normalizedValue === WORKSPACE_SLUG_POLICY_IMMUTABLE_USERNAME ||
-    normalizedValue === WORKSPACE_SLUG_POLICY_USER_SELECTED
-  ) {
-    return normalizedValue;
-  }
-  return WORKSPACE_SLUG_POLICY_NONE;
-}
-
-function isSupportedTenancyMode(value = "") {
-  return value === TENANCY_MODE_NONE || value === TENANCY_MODE_PERSONAL || value === TENANCY_MODE_WORKSPACES;
-}
-
 function resolveBootstrapTenancyProfile(tenancyProfile = null, appConfig = {}) {
   const fallback = resolveTenancyProfile(appConfig);
-  const source = tenancyProfile && typeof tenancyProfile === "object" ? tenancyProfile : fallback;
-  const mode = isSupportedTenancyMode(source?.mode) ? source.mode : fallback.mode;
-  const workspace = source?.workspace && typeof source.workspace === "object" ? source.workspace : fallback.workspace;
-
   return Object.freeze({
-    mode,
+    mode: fallback.mode,
     workspace: Object.freeze({
-      enabled: workspace.enabled === true,
-      autoProvision: workspace.autoProvision === true,
-      allowSelfCreate: workspace.allowSelfCreate === true,
-      slugPolicy: normalizeSlugPolicy(workspace.slugPolicy)
+      enabled: fallback.workspace.enabled === true,
+      autoProvision: fallback.workspace.autoProvision === true,
+      allowSelfCreate: fallback.workspace.allowSelfCreate === true,
+      slugPolicy: fallback.workspace.slugPolicy
     })
   });
 }
 
-function createAnonymousBootstrapPayload({ appState, tenancyProfile }) {
-  return {
-    session: {
-      authenticated: false
-    },
-    profile: null,
-    tenancy: tenancyProfile,
-    app: appState,
-    workspaces: [],
-    pendingInvites: [],
-    activeWorkspace: null,
-    membership: null,
-    requestedWorkspace: null,
-    permissions: [],
-    surfaceAccess: {
-      consoleowner: false
-    },
-    workspaceSettings: null,
-    userSettings: null
-  };
-}
-
-function mapUserSettingsBootstrap(settings = {}) {
-  const source = settings && typeof settings === "object" ? settings : {};
-  const mapped = {};
-
-  for (const field of userSettingsFields) {
-    if (field.includeInBootstrap === false) {
-      continue;
-    }
-    const rawValue = Object.hasOwn(source, field.key)
-      ? source[field.key]
-      : field.resolveDefault({
-          settings: source
-        });
-    mapped[field.key] = field.normalizeOutput(rawValue, {
-      settings: source
-    });
-  }
-
-  return mapped;
-}
-
 function createWorkspaceBootstrapContributor({
   workspaceService,
   workspacePendingInvitationsService,
-  userProfilesRepository,
-  userSettingsRepository,
+  usersRepository,
   workspaceInvitationsEnabled = false,
   appConfig = {},
-  tenancyProfile = null,
-  authService,
-  consoleService = null
+  tenancyProfile = null
 } = {}) {
-  const contributorId = "users.bootstrap";
-  const appState = resolveAppState(appConfig, {
-    workspaceInvitationsEnabled
-  });
+  const contributorId = "users.workspace.bootstrap";
   const resolvedTenancyProfile = resolveBootstrapTenancyProfile(tenancyProfile, appConfig);
 
   requireServiceMethod(workspaceService, "listWorkspacesForUser", contributorId, {
@@ -255,144 +122,83 @@ function createWorkspaceBootstrapContributor({
       serviceLabel: "workspacePendingInvitationsService"
     });
   }
-  requireServiceMethod(userProfilesRepository, "findByIdentity", contributorId, {
-    serviceLabel: "userProfilesRepository"
-  });
-  requireServiceMethod(userSettingsRepository, "ensureForUserId", contributorId, {
-    serviceLabel: "userSettingsRepository"
+  requireServiceMethod(usersRepository, "findById", contributorId, {
+    serviceLabel: "usersRepository"
   });
 
   return Object.freeze({
     contributorId,
-    async contribute({ request = null, reply = null, query = {} } = {}) {
-      const authResult = await request.executeAction({
-        actionId: "auth.session.read"
-      });
+    async contribute({ request = null, query = {}, payload = {} } = {}) {
+      const normalizedUserId = Number(payload?.session?.authenticated === true ? payload?.session?.userId : 0);
+      const normalizedWorkspaceSlug = resolveBootstrapWorkspaceSlug({ query, request });
+      if (!normalizedUserId) {
+        if (!normalizedWorkspaceSlug || resolvedTenancyProfile.mode === TENANCY_MODE_NONE) {
+          return {};
+        }
 
-      if (authResult?.clearSession === true && typeof authService?.clearSessionCookies === "function") {
-        authService.clearSessionCookies(reply);
-      }
-      if (authResult?.session && typeof authService?.writeSessionCookies === "function") {
-        authService.writeSessionCookies(reply, authResult.session);
-      }
-      if (authResult?.transientFailure === true) {
-        throw new AppError(503, "Authentication service temporarily unavailable. Please retry.");
+        return {
+          requestedWorkspace: createRequestedWorkspacePayload(
+            normalizedWorkspaceSlug,
+            REQUESTED_WORKSPACE_STATUS_UNAUTHENTICATED
+          )
+        };
       }
-      let seededConsoleOwnerUserId = 0;
-      if (
-        authResult?.authenticated &&
-        authResult?.profile?.id != null &&
-        consoleService &&
-        typeof consoleService.ensureInitialConsoleMember === "function"
-      ) {
-        seededConsoleOwnerUserId = Number(await consoleService.ensureInitialConsoleMember(authResult.profile.id));
+
+      const latestProfile = await usersRepository.findById(normalizedUserId);
+      if (!latestProfile) {
+        return {};
       }
 
-      const user = authResult?.authenticated ? authResult.profile : null;
-      const normalizedUser = authenticatedUserValidator.normalize(user);
       const pendingInvites =
-        workspaceInvitationsEnabled && normalizedUser
+        workspaceInvitationsEnabled
           ? normalizePendingInvites(
-              await workspacePendingInvitationsService.listPendingInvitesForUser(normalizedUser, {
+              await workspacePendingInvitationsService.listPendingInvitesForUser(latestProfile, {
                 context: {
-                  actor: normalizedUser
+                  actor: latestProfile
                 }
               })
             )
           : [];
-      const normalizedWorkspaceSlug = resolveBootstrapWorkspaceSlug({ query, request });
-      let payload = createAnonymousBootstrapPayload({
-        appState,
-        tenancyProfile: resolvedTenancyProfile
-      });
-      if (normalizedWorkspaceSlug && !normalizedUser) {
-        payload = {
-          ...payload,
-          requestedWorkspace: createRequestedWorkspacePayload(
+      const workspaces = await workspaceService.listWorkspacesForUser(latestProfile, { request });
+      let workspaceContext = null;
+      let requestedWorkspace = null;
+      if (normalizedWorkspaceSlug && resolvedTenancyProfile.mode !== TENANCY_MODE_NONE) {
+        try {
+          workspaceContext = await workspaceService.resolveWorkspaceContextForUserBySlug(
+            latestProfile,
             normalizedWorkspaceSlug,
-            REQUESTED_WORKSPACE_STATUS_UNAUTHENTICATED
-          )
-        };
-      }
-
-      if (normalizedUser) {
-        const latestProfile =
-          (await userProfilesRepository.findByIdentity({
-            provider: normalizedUser.authProvider,
-            providerUserId: normalizedUser.authProviderUserSid
-          })) || normalizedUser;
-
-        const workspaces = await workspaceService.listWorkspacesForUser(latestProfile, { request });
-        let workspaceContext = null;
-        let requestedWorkspace = null;
-        if (normalizedWorkspaceSlug && resolvedTenancyProfile.mode !== TENANCY_MODE_NONE) {
-          try {
-            workspaceContext = await workspaceService.resolveWorkspaceContextForUserBySlug(
-              latestProfile,
-              normalizedWorkspaceSlug,
-              { request }
-            );
-            requestedWorkspace = createRequestedWorkspacePayload(
-              normalizedWorkspaceSlug,
-              REQUESTED_WORKSPACE_STATUS_RESOLVED
-            );
-          } catch (error) {
-            const requestedWorkspaceStatus = resolveRequestedWorkspaceStatusFromError(error);
-            if (!requestedWorkspaceStatus) {
-              throw error;
-            }
-            requestedWorkspace = createRequestedWorkspacePayload(normalizedWorkspaceSlug, requestedWorkspaceStatus);
+            { request }
+          );
+          requestedWorkspace = createRequestedWorkspacePayload(
+            normalizedWorkspaceSlug,
+            REQUESTED_WORKSPACE_STATUS_RESOLVED
+          );
+        } catch (error) {
+          const requestedWorkspaceStatus = resolveRequestedWorkspaceStatusFromError(error);
+          if (!requestedWorkspaceStatus) {
+            throw error;
           }
+          requestedWorkspace = createRequestedWorkspacePayload(normalizedWorkspaceSlug, requestedWorkspaceStatus);
         }
-
-        const userSettings = await userSettingsRepository.ensureForUserId(latestProfile.id);
-        payload = {
-          session: {
-            authenticated: true,
-            userId: latestProfile.id
-          },
-          profile: {
-            displayName: latestProfile.displayName,
-            email: latestProfile.email,
-            avatar: accountAvatarFormatter(latestProfile, userSettings)
-          },
-          tenancy: resolvedTenancyProfile,
-          app: appState,
-          workspaces: [...workspaces],
-          pendingInvites,
-          activeWorkspace: workspaceContext
-            ? mapWorkspaceSummary(workspaceContext.workspace, {
-                roleSid: workspaceContext.membership?.roleSid,
-                status: workspaceContext.membership?.status
-              })
-            : null,
-          membership: mapMembershipSummary(workspaceContext?.membership, workspaceContext?.workspace),
-          requestedWorkspace,
-          permissions: workspaceContext ? [...workspaceContext.permissions] : [],
-          surfaceAccess: {
-            consoleowner: seededConsoleOwnerUserId > 0 && seededConsoleOwnerUserId === Number(latestProfile.id)
-          },
-          workspaceSettings: workspaceContext
-            ? mapWorkspaceSettingsPublic(workspaceContext.workspaceSettings, {
-                workspaceInvitationsEnabled
-              })
-            : null,
-          userSettings: mapUserSettingsBootstrap(userSettings),
-          requestMeta: {
-            hasRequest: Boolean(request)
-          }
-        };
       }
 
-      const oauthCatalogPayload = getOAuthProviderCatalogPayload(authService);
-      const session = payload?.session && typeof payload.session === "object" ? payload.session : { authenticated: false };
-
       return {
-        ...payload,
-        session: {
-          ...session,
-          ...oauthCatalogPayload
-        }
+        workspaces: [...workspaces],
+        pendingInvites,
+        activeWorkspace: workspaceContext
+          ? mapWorkspaceSummary(workspaceContext.workspace, {
+              roleSid: workspaceContext.membership?.roleSid,
+              status: workspaceContext.membership?.status
+            })
+          : null,
+        membership: mapMembershipSummary(workspaceContext?.membership, workspaceContext?.workspace),
+        requestedWorkspace,
+        permissions: workspaceContext ? [...workspaceContext.permissions] : [],
+        workspaceSettings: workspaceContext
+          ? mapWorkspaceSettingsPublic(workspaceContext.workspaceSettings, {
+              workspaceInvitationsEnabled
+            })
+          : null
       };
     }
   });