@jskit-ai/users-core 0.1.4

package/src/server/workspaceMembers/bootWorkspaceMembers.js

@@ -0,0 +1,238 @@
+import { withStandardErrorResponses } from "@jskit-ai/http-runtime/shared/validators/errorResponses";
+import { KERNEL_TOKENS } from "@jskit-ai/kernel/shared/support/tokens";
+import { workspaceMembersResource } from "../../shared/resources/workspaceMembersResource.js";
+import { resolveWorkspaceRoutePath } from "../common/support/workspaceRoutePaths.js";
+import { USERS_WORKSPACE_INVITATIONS_ENABLED_TOKEN } from "../common/diTokens.js";
+import {
+  routeParamsValidator,
+  workspaceSlugParamsValidator
+} from "../common/validators/routeParamsValidator.js";
+import { resolveDefaultWorkspaceRouteSurfaceIdFromAppConfig } from "../support/workspaceActionSurfaces.js";
+
+function bootWorkspaceMembers(app) {
+  if (!app || typeof app.make !== "function") {
+    throw new Error("bootWorkspaceMembers requires application make().");
+  }
+
+  const router = app.make(KERNEL_TOKENS.HttpRouter);
+  const appConfig = typeof app.has === "function" && app.has("appConfig") ? app.make("appConfig") : {};
+  const workspaceInvitationsEnabled =
+    typeof app.has === "function" && app.has(USERS_WORKSPACE_INVITATIONS_ENABLED_TOKEN)
+      ? app.make(USERS_WORKSPACE_INVITATIONS_ENABLED_TOKEN) === true
+      : false;
+  const workspaceRouteSurfaceId = resolveDefaultWorkspaceRouteSurfaceIdFromAppConfig(appConfig);
+
+  router.register(
+    "GET",
+    resolveWorkspaceRoutePath("/roles"),
+    {
+      auth: "required",
+      surface: workspaceRouteSurfaceId,
+      visibility: "workspace",
+      contextPolicy: "required",
+      meta: {
+        tags: ["workspace"],
+        summary: "Get workspace role catalog by workspace slug"
+      },
+      paramsValidator: workspaceSlugParamsValidator,
+      responseValidators: withStandardErrorResponses({
+        200: workspaceMembersResource.operations.rolesList.outputValidator
+      })
+    },
+    async function (request, reply) {
+      const response = await request.executeAction({
+        actionId: "workspace.roles.list",
+        input: {
+          workspaceSlug: request.input.params.workspaceSlug
+        }
+      });
+      reply.code(200).send(response);
+    }
+  );
+
+  router.register(
+    "GET",
+    resolveWorkspaceRoutePath("/members"),
+    {
+      auth: "required",
+      surface: workspaceRouteSurfaceId,
+      visibility: "workspace",
+      contextPolicy: "required",
+      meta: {
+        tags: ["workspace"],
+        summary: "List members by workspace slug"
+      },
+      paramsValidator: workspaceSlugParamsValidator,
+      responseValidators: withStandardErrorResponses({
+        200: workspaceMembersResource.operations.membersList.outputValidator
+      })
+    },
+    async function (request, reply) {
+      const response = await request.executeAction({
+        actionId: "workspace.members.list",
+        input: {
+          workspaceSlug: request.input.params.workspaceSlug
+        }
+      });
+      reply.code(200).send(response);
+    }
+  );
+
+  router.register(
+    "PATCH",
+    resolveWorkspaceRoutePath("/members/:memberUserId/role"),
+    {
+      auth: "required",
+      surface: workspaceRouteSurfaceId,
+      visibility: "workspace",
+      contextPolicy: "required",
+      meta: {
+        tags: ["workspace"],
+        summary: "Update workspace member role by workspace slug"
+      },
+      paramsValidator: routeParamsValidator,
+      bodyValidator: workspaceMembersResource.operations.updateMemberRole.bodyValidator,
+      responseValidators: withStandardErrorResponses(
+        {
+          200: workspaceMembersResource.operations.updateMemberRole.outputValidator
+        },
+        { includeValidation400: true }
+      )
+    },
+    async function (request, reply) {
+      const response = await request.executeAction({
+        actionId: "workspace.member.role.update",
+        input: {
+          workspaceSlug: request.input.params.workspaceSlug,
+          memberUserId: request.input.params.memberUserId,
+          roleId: request.input.body.roleId
+        }
+      });
+      reply.code(200).send(response);
+    }
+  );
+
+  router.register(
+    "DELETE",
+    resolveWorkspaceRoutePath("/members/:memberUserId"),
+    {
+      auth: "required",
+      surface: workspaceRouteSurfaceId,
+      visibility: "workspace",
+      contextPolicy: "required",
+      meta: {
+        tags: ["workspace"],
+        summary: "Remove workspace member by workspace slug"
+      },
+      paramsValidator: routeParamsValidator,
+      responseValidators: withStandardErrorResponses({
+        200: workspaceMembersResource.operations.removeMember.outputValidator
+      })
+    },
+    async function (request, reply) {
+      const response = await request.executeAction({
+        actionId: "workspace.member.remove",
+        input: {
+          workspaceSlug: request.input.params.workspaceSlug,
+          memberUserId: request.input.params.memberUserId
+        }
+      });
+      reply.code(200).send(response);
+    }
+  );
+
+  if (workspaceInvitationsEnabled) {
+    router.register(
+      "GET",
+      resolveWorkspaceRoutePath("/invites"),
+      {
+        auth: "required",
+        surface: workspaceRouteSurfaceId,
+        visibility: "workspace",
+        contextPolicy: "required",
+        meta: {
+          tags: ["workspace"],
+          summary: "List workspace invites by workspace slug"
+        },
+        paramsValidator: workspaceSlugParamsValidator,
+        responseValidators: withStandardErrorResponses({
+          200: workspaceMembersResource.operations.invitesList.outputValidator
+        })
+      },
+      async function (request, reply) {
+        const response = await request.executeAction({
+          actionId: "workspace.invites.list",
+          input: {
+            workspaceSlug: request.input.params.workspaceSlug
+          }
+        });
+        reply.code(200).send(response);
+      }
+    );
+
+    router.register(
+      "POST",
+      resolveWorkspaceRoutePath("/invites"),
+      {
+        auth: "required",
+        surface: workspaceRouteSurfaceId,
+        visibility: "workspace",
+        contextPolicy: "required",
+        meta: {
+          tags: ["workspace"],
+          summary: "Create workspace invite by workspace slug"
+        },
+        paramsValidator: workspaceSlugParamsValidator,
+        bodyValidator: workspaceMembersResource.operations.createInvite.bodyValidator,
+        responseValidators: withStandardErrorResponses(
+          {
+            200: workspaceMembersResource.operations.createInvite.outputValidator
+          },
+          { includeValidation400: true }
+        )
+      },
+      async function (request, reply) {
+        const response = await request.executeAction({
+          actionId: "workspace.invite.create",
+          input: {
+            workspaceSlug: request.input.params.workspaceSlug,
+            email: request.input.body.email,
+            roleId: request.input.body.roleId
+          }
+        });
+        reply.code(200).send(response);
+      }
+    );
+
+    router.register(
+      "DELETE",
+      resolveWorkspaceRoutePath("/invites/:inviteId"),
+      {
+        auth: "required",
+        surface: workspaceRouteSurfaceId,
+        visibility: "workspace",
+        contextPolicy: "required",
+        meta: {
+          tags: ["workspace"],
+          summary: "Revoke workspace invite by workspace slug"
+        },
+        paramsValidator: routeParamsValidator,
+        responseValidators: withStandardErrorResponses({
+          200: workspaceMembersResource.operations.revokeInvite.outputValidator
+        })
+      },
+      async function (request, reply) {
+        const response = await request.executeAction({
+          actionId: "workspace.invite.revoke",
+          input: {
+            workspaceSlug: request.input.params.workspaceSlug,
+            inviteId: request.input.params.inviteId
+          }
+        });
+        reply.code(200).send(response);
+      }
+    );
+  }
+}
+
+export { bootWorkspaceMembers };

package/src/server/workspaceMembers/registerWorkspaceMembers.js

@@ -0,0 +1,112 @@
+import { withActionDefaults } from "@jskit-ai/kernel/shared/actions";
+import { resolveAppConfig } from "@jskit-ai/kernel/server/support";
+import {
+  WORKSPACE_MEMBERS_CHANGED_EVENT,
+  WORKSPACE_INVITES_CHANGED_EVENT
+} from "../../shared/events/usersEvents.js";
+import { deepFreeze } from "../common/support/deepFreeze.js";
+import { createService as createWorkspaceMembersService } from "./workspaceMembersService.js";
+import { workspaceMembersActions } from "./workspaceMembersActions.js";
+import { createWorkspaceRoleCatalog } from "../../shared/roles.js";
+import { USERS_WORKSPACE_INVITATIONS_ENABLED_TOKEN } from "../common/diTokens.js";
+import { createWorkspaceEntityAndBootstrapEvents } from "../common/support/realtimeServiceEvents.js";
+
+const USERS_WORKSPACE_MEMBERS_SERVICE_TOKEN = "users.workspace.members.service";
+
+function resolveWorkspaceMembersInviteExpiresInMs(appConfig = {}) {
+  const inviteExpiresInMs = Number(appConfig?.workspaceMembers?.defaults?.inviteExpiresInMs);
+  if (!Number.isInteger(inviteExpiresInMs) || inviteExpiresInMs < 1) {
+    throw new TypeError("users.core requires appConfig.workspaceMembers.defaults.inviteExpiresInMs.");
+  }
+
+  return inviteExpiresInMs;
+}
+
+const INVITE_RECIPIENT_BOOTSTRAP_AUDIENCE = Object.freeze({
+  preset: "event_scope",
+  async userQuery({ knex, event } = {}) {
+    if (typeof knex !== "function") {
+      return [];
+    }
+
+    const inviteId = Number(event?.entityId);
+    if (!Number.isInteger(inviteId) || inviteId < 1) {
+      return [];
+    }
+
+    const row = await knex("workspace_invites as wi")
+      .join("user_profiles as up", "up.email", "wi.email")
+      .where("wi.id", inviteId)
+      .first("up.id as user_id");
+
+    const userId = Number(row?.user_id || 0);
+    if (!Number.isInteger(userId) || userId < 1) {
+      return [];
+    }
+
+    return [
+      {
+        userId
+      }
+    ];
+  }
+});
+
+function registerWorkspaceMembers(app) {
+  if (!app || typeof app.singleton !== "function" || typeof app.service !== "function" || typeof app.actions !== "function") {
+    throw new Error("registerWorkspaceMembers requires application singleton()/service()/actions().");
+  }
+
+  app.service(
+    USERS_WORKSPACE_MEMBERS_SERVICE_TOKEN,
+    (scope) => {
+      const appConfig = resolveAppConfig(scope);
+      return createWorkspaceMembersService({
+        workspaceMembershipsRepository: scope.make("workspaceMembershipsRepository"),
+        workspaceInvitesRepository: scope.make("workspaceInvitesRepository"),
+        inviteExpiresInMs: resolveWorkspaceMembersInviteExpiresInMs(appConfig),
+        roleCatalog: createWorkspaceRoleCatalog(appConfig),
+        workspaceInvitationsEnabled: scope.make(USERS_WORKSPACE_INVITATIONS_ENABLED_TOKEN) === true
+      });
+    },
+    {
+      events: deepFreeze({
+        updateMemberRole: createWorkspaceEntityAndBootstrapEvents({
+          workspaceEntity: "member",
+          workspaceOperation: "updated",
+          workspaceRealtimeEvent: WORKSPACE_MEMBERS_CHANGED_EVENT
+        }),
+        removeMember: createWorkspaceEntityAndBootstrapEvents({
+          workspaceEntity: "member",
+          workspaceOperation: "updated",
+          workspaceRealtimeEvent: WORKSPACE_MEMBERS_CHANGED_EVENT
+        }),
+        createInvite: createWorkspaceEntityAndBootstrapEvents({
+          workspaceEntity: "invite",
+          workspaceOperation: "created",
+          workspaceRealtimeEvent: WORKSPACE_INVITES_CHANGED_EVENT,
+          bootstrapEntityId: ({ result }) => result?.createdInviteId,
+          bootstrapAudience: INVITE_RECIPIENT_BOOTSTRAP_AUDIENCE
+        }),
+        revokeInvite: createWorkspaceEntityAndBootstrapEvents({
+          workspaceEntity: "invite",
+          workspaceOperation: "updated",
+          workspaceRealtimeEvent: WORKSPACE_INVITES_CHANGED_EVENT,
+          bootstrapEntityId: ({ result }) => result?.revokedInviteId,
+          bootstrapAudience: INVITE_RECIPIENT_BOOTSTRAP_AUDIENCE
+        })
+      })
+    }
+  );
+
+  app.actions(
+    withActionDefaults(workspaceMembersActions, {
+      domain: "workspace",
+      dependencies: {
+        workspaceMembersService: USERS_WORKSPACE_MEMBERS_SERVICE_TOKEN
+      }
+    })
+  );
+}
+
+export { registerWorkspaceMembers };

package/src/server/workspaceMembers/workspaceMembersActions.js

@@ -0,0 +1,186 @@
+import { resolveWorkspace } from "../support/resolveWorkspace.js";
+import { resolveActionUser } from "../common/support/resolveActionUser.js";
+import { workspaceMembersResource } from "../../shared/resources/workspaceMembersResource.js";
+import { workspaceSlugParamsValidator } from "../common/validators/routeParamsValidator.js";
+
+const workspaceMembersActions = Object.freeze([
+  {
+    id: "workspace.roles.list",
+    version: 1,
+    kind: "query",
+    channels: ["api", "automation", "internal"],
+    surfacesFrom: "workspace",
+    permission: {
+      require: "all",
+      permissions: ["workspace.roles.view"]
+    },
+    inputValidator: workspaceSlugParamsValidator,
+    outputValidator: workspaceMembersResource.operations.rolesList.outputValidator,
+    idempotency: "none",
+    audit: {
+      actionName: "workspace.roles.list"
+    },
+    observability: {},
+    async execute(_input, context, deps) {
+      return deps.workspaceMembersService.listRoles({ context });
+    }
+  },
+  {
+    id: "workspace.members.list",
+    version: 1,
+    kind: "query",
+    channels: ["api", "automation", "internal"],
+    surfacesFrom: "workspace",
+    permission: {
+      require: "all",
+      permissions: ["workspace.members.view"]
+    },
+    inputValidator: workspaceSlugParamsValidator,
+    outputValidator: workspaceMembersResource.operations.membersList.outputValidator,
+    idempotency: "none",
+    audit: {
+      actionName: "workspace.members.list"
+    },
+    observability: {},
+    async execute(input, context, deps) {
+      return deps.workspaceMembersService.listMembers(resolveWorkspace(context, input), {
+        context
+      });
+    }
+  },
+  {
+    id: "workspace.member.role.update",
+    version: 1,
+    kind: "command",
+    channels: ["api", "automation", "internal"],
+    surfacesFrom: "workspace",
+    permission: {
+      require: "all",
+      permissions: ["workspace.members.manage"]
+    },
+    inputValidator: [workspaceSlugParamsValidator, workspaceMembersResource.operations.updateMemberRole.inputValidator],
+    outputValidator: workspaceMembersResource.operations.updateMemberRole.outputValidator,
+    idempotency: "optional",
+    audit: {
+      actionName: "workspace.member.role.update"
+    },
+    observability: {},
+    async execute(input, context, deps) {
+      return deps.workspaceMembersService.updateMemberRole(resolveWorkspace(context, input), {
+        memberUserId: input.memberUserId,
+        roleId: input.roleId
+      }, {
+        context
+      });
+    }
+  },
+  {
+    id: "workspace.member.remove",
+    version: 1,
+    kind: "command",
+    channels: ["api", "automation", "internal"],
+    surfacesFrom: "workspace",
+    permission: {
+      require: "all",
+      permissions: ["workspace.members.manage"]
+    },
+    inputValidator: [workspaceSlugParamsValidator, workspaceMembersResource.operations.removeMember.inputValidator],
+    outputValidator: workspaceMembersResource.operations.removeMember.outputValidator,
+    idempotency: "optional",
+    audit: {
+      actionName: "workspace.member.remove"
+    },
+    observability: {},
+    async execute(input, context, deps) {
+      return deps.workspaceMembersService.removeMember(resolveWorkspace(context, input), {
+        memberUserId: input.memberUserId
+      }, {
+        context
+      });
+    }
+  },
+  {
+    id: "workspace.invites.list",
+    version: 1,
+    kind: "query",
+    channels: ["api", "automation", "internal"],
+    surfacesFrom: "workspace",
+    permission: {
+      require: "all",
+      permissions: ["workspace.members.view"]
+    },
+    inputValidator: workspaceSlugParamsValidator,
+    outputValidator: workspaceMembersResource.operations.invitesList.outputValidator,
+    idempotency: "none",
+    audit: {
+      actionName: "workspace.invites.list"
+    },
+    observability: {},
+    async execute(input, context, deps) {
+      return deps.workspaceMembersService.listInvites(resolveWorkspace(context, input), {
+        context
+      });
+    }
+  },
+  {
+    id: "workspace.invite.create",
+    version: 1,
+    kind: "command",
+    channels: ["api", "assistant_tool", "automation", "internal"],
+    surfacesFrom: "workspace",
+    permission: {
+      require: "all",
+      permissions: ["workspace.members.invite"]
+    },
+    inputValidator: [workspaceSlugParamsValidator, workspaceMembersResource.operations.createInvite.bodyValidator],
+    outputValidator: workspaceMembersResource.operations.createInvite.outputValidator,
+    idempotency: "optional",
+    audit: {
+      actionName: "workspace.invite.create"
+    },
+    observability: {},
+    extensions: {
+      assistant: {
+        description: "Invite a person to the workspace."
+      }
+    },
+    async execute(input, context, deps) {
+      return deps.workspaceMembersService.createInvite(
+        resolveWorkspace(context, input),
+        resolveActionUser(context, input),
+        {
+          email: input.email,
+          roleId: input.roleId
+        },
+        {
+          context
+        }
+      );
+    }
+  },
+  {
+    id: "workspace.invite.revoke",
+    version: 1,
+    kind: "command",
+    channels: ["api", "automation", "internal"],
+    surfacesFrom: "workspace",
+    permission: {
+      require: "all",
+      permissions: ["workspace.invites.revoke"]
+    },
+    inputValidator: [workspaceSlugParamsValidator, workspaceMembersResource.operations.revokeInvite.inputValidator],
+    outputValidator: workspaceMembersResource.operations.revokeInvite.outputValidator,
+    idempotency: "optional",
+    audit: {
+      actionName: "workspace.invite.revoke"
+    },
+    observability: {},
+    async execute(input, context, deps) {
+      return deps.workspaceMembersService.revokeInvite(resolveWorkspace(context, input), input.inviteId, {
+        context
+      });
+    }
+  }
+]);
+
+export { workspaceMembersActions };