@jskit-ai/users-core 0.1.4

package/test/workspaceMembersService.test.js

@@ -0,0 +1,400 @@
+import assert from "node:assert/strict";
+import test from "node:test";
+import { createService } from "../src/server/workspaceMembers/workspaceMembersService.js";
+import { createWorkspaceRoleCatalog } from "../src/shared/roles.js";
+
+function authorizedOptions(permissions = []) {
+  return {
+    context: {
+      actor: {
+        id: 1
+      },
+      permissions
+    }
+  };
+}
+
+function createRoleCatalog() {
+  return createWorkspaceRoleCatalog({
+    workspaceRoles: {
+      defaultInviteRole: "member",
+      roles: {
+        owner: {
+          assignable: false,
+          permissions: ["*"]
+        },
+        admin: {
+          assignable: true,
+          permissions: ["workspace.members.manage"]
+        },
+        member: {
+          assignable: true,
+          permissions: ["workspace.members.view", "workspace.members.invite"]
+        }
+      }
+    }
+  });
+}
+
+function createFixture() {
+  const workspace = {
+    id: 7,
+    slug: "tonymobily3",
+    name: "TonyMobily3",
+    ownerUserId: 9,
+    avatarUrl: "",
+    color: "#0F6B54"
+  };
+
+  const service = createService({
+    workspaceMembershipsRepository: {
+      async listActiveByWorkspaceId(workspaceId) {
+        assert.equal(Number(workspaceId), 7);
+        return [
+          {
+            userId: 11,
+            roleId: "member",
+            status: "active",
+            displayName: "Alice",
+            email: "alice@example.com"
+          }
+        ];
+      },
+      async findByWorkspaceIdAndUserId(workspaceId, userId) {
+        assert.equal(Number(workspaceId), 7);
+        assert.equal(Number(userId), 11);
+        return {
+          workspaceId: 7,
+          userId: 11,
+          roleId: "member",
+          status: "active"
+        };
+      },
+      async upsertMembership(workspaceId, userId, patch) {
+        assert.equal(Number(workspaceId), 7);
+        assert.equal(Number(userId), 11);
+        assert.deepEqual(patch, {
+          roleId: "admin",
+          status: "active"
+        });
+      }
+    },
+    workspaceInvitesRepository: {
+      async listPendingByWorkspaceIdWithWorkspace(workspaceId) {
+        assert.equal(Number(workspaceId), 7);
+        return [];
+      },
+      async expirePendingByWorkspaceIdAndEmail() {},
+      async insert() {},
+      async findPendingByIdForWorkspace() {
+        return null;
+      },
+      async revokeById() {}
+    },
+    inviteExpiresInMs: 7 * 24 * 60 * 60 * 1000,
+    roleCatalog: createRoleCatalog()
+  });
+
+  return { service, workspace };
+}
+
+test("workspaceMembersService.createInvite uses configured inviteExpiresInMs", async () => {
+  const expiresAtValues = [];
+  const service = createService({
+    workspaceMembershipsRepository: {
+      async listActiveByWorkspaceId() {
+        return [];
+      }
+    },
+    workspaceInvitesRepository: {
+      async expirePendingByWorkspaceIdAndEmail() {},
+      async insert(payload) {
+        expiresAtValues.push(payload.expiresAt);
+        return {
+          id: 31
+        };
+      },
+      async listPendingByWorkspaceIdWithWorkspace() {
+        return [];
+      },
+      async findPendingByIdForWorkspace() {
+        return null;
+      },
+      async revokeById() {}
+    },
+    inviteExpiresInMs: 30 * 60 * 1000,
+    roleCatalog: createRoleCatalog()
+  });
+
+  const before = Date.now();
+  const response = await service.createInvite(
+    {
+      id: 7,
+      ownerUserId: 9
+    },
+    { id: 11 },
+    {
+      email: "alice@example.com",
+      roleId: "member"
+    },
+    authorizedOptions(["workspace.members.invite"])
+  );
+  const after = Date.now();
+
+  assert.equal(expiresAtValues.length, 1);
+  const expiresAt = new Date(expiresAtValues[0]).getTime();
+  assert.ok(expiresAt >= before + 30 * 60 * 1000);
+  assert.ok(expiresAt <= after + 30 * 60 * 1000);
+  assert.equal(response.createdInviteId, 31);
+});
+
+test("workspaceMembersService.revokeInvite returns the revoked invite id", async () => {
+  let revokedInviteId = 0;
+  const service = createService({
+    workspaceMembershipsRepository: {
+      async listActiveByWorkspaceId() {
+        return [];
+      }
+    },
+    workspaceInvitesRepository: {
+      async listPendingByWorkspaceIdWithWorkspace() {
+        return [];
+      },
+      async expirePendingByWorkspaceIdAndEmail() {},
+      async insert() {
+        return {
+          id: 1
+        };
+      },
+      async findPendingByIdForWorkspace(inviteId, workspaceId) {
+        assert.equal(Number(inviteId), 47);
+        assert.equal(Number(workspaceId), 7);
+        return {
+          id: 47,
+          workspaceId: 7,
+          status: "pending"
+        };
+      },
+      async revokeById(inviteId) {
+        revokedInviteId = Number(inviteId);
+      }
+    },
+    inviteExpiresInMs: 30 * 60 * 1000,
+    roleCatalog: createRoleCatalog()
+  });
+
+  const response = await service.revokeInvite(
+    {
+      id: 7,
+      ownerUserId: 9
+    },
+    47,
+    authorizedOptions(["workspace.invites.revoke"])
+  );
+
+  assert.equal(revokedInviteId, 47);
+  assert.equal(response.revokedInviteId, 47);
+});
+
+test("workspaceMembersService rejects invite operations when invitations are disabled", async () => {
+  const service = createService({
+    workspaceMembershipsRepository: {
+      async listActiveByWorkspaceId() {
+        return [];
+      }
+    },
+    workspaceInvitesRepository: {
+      async listPendingByWorkspaceIdWithWorkspace() {
+        throw new Error("invite repository should not be called when invitations are disabled");
+      },
+      async expirePendingByWorkspaceIdAndEmail() {
+        throw new Error("invite repository should not be called when invitations are disabled");
+      },
+      async insert() {
+        throw new Error("invite repository should not be called when invitations are disabled");
+      },
+      async findPendingByIdForWorkspace() {
+        throw new Error("invite repository should not be called when invitations are disabled");
+      },
+      async revokeById() {
+        throw new Error("invite repository should not be called when invitations are disabled");
+      }
+    },
+    inviteExpiresInMs: 30 * 60 * 1000,
+    roleCatalog: createRoleCatalog(),
+    workspaceInvitationsEnabled: false
+  });
+
+  await assert.rejects(
+    () =>
+      service.listInvites(
+        {
+          id: 7,
+          ownerUserId: 9
+        },
+        authorizedOptions(["workspace.members.view"])
+      ),
+    /Workspace invitations are disabled/
+  );
+});
+
+test("workspaceMembersService.listMembers uses the resolved workspace directly", async () => {
+  const { service, workspace } = createFixture();
+
+  const response = await service.listMembers(workspace, authorizedOptions(["workspace.members.view"]));
+
+  assert.deepEqual(response.workspace, {
+    id: 7,
+    slug: "tonymobily3",
+    name: "TonyMobily3",
+    ownerUserId: 9,
+    avatarUrl: "",
+    color: "#0F6B54"
+  });
+  assert.equal(response.members.length, 1);
+  assert.equal(response.members[0].displayName, "Alice");
+});
+
+test("workspaceMembersService.updateMemberRole returns the refreshed member list without re-fetching the workspace", async () => {
+  const { service, workspace } = createFixture();
+
+  const response = await service.updateMemberRole(
+    workspace,
+    {
+      memberUserId: 11,
+      roleId: "admin"
+    },
+    authorizedOptions(["workspace.members.manage"])
+  );
+
+  assert.equal(response.members.length, 1);
+  assert.equal(response.members[0].roleId, "member");
+});
+
+test("workspaceMembersService.removeMember marks membership revoked and returns refreshed members", async () => {
+  let removed = false;
+  const workspace = {
+    id: 7,
+    slug: "tonymobily3",
+    name: "TonyMobily3",
+    ownerUserId: 9,
+    avatarUrl: "",
+    color: "#0F6B54"
+  };
+  const service = createService({
+    workspaceMembershipsRepository: {
+      async listActiveByWorkspaceId(workspaceId) {
+        assert.equal(Number(workspaceId), 7);
+        return removed
+          ? []
+          : [
+              {
+                userId: 11,
+                roleId: "member",
+                status: "active",
+                displayName: "Alice",
+                email: "alice@example.com"
+              }
+            ];
+      },
+      async findByWorkspaceIdAndUserId(workspaceId, userId) {
+        assert.equal(Number(workspaceId), 7);
+        assert.equal(Number(userId), 11);
+        return {
+          workspaceId: 7,
+          userId: 11,
+          roleId: "member",
+          status: "active"
+        };
+      },
+      async upsertMembership(workspaceId, userId, patch) {
+        assert.equal(Number(workspaceId), 7);
+        assert.equal(Number(userId), 11);
+        assert.deepEqual(patch, {
+          roleId: "member",
+          status: "revoked"
+        });
+        removed = true;
+      }
+    },
+    workspaceInvitesRepository: {
+      async listPendingByWorkspaceIdWithWorkspace() {
+        return [];
+      },
+      async expirePendingByWorkspaceIdAndEmail() {},
+      async insert() {},
+      async findPendingByIdForWorkspace() {
+        return null;
+      },
+      async revokeById() {}
+    },
+    inviteExpiresInMs: 7 * 24 * 60 * 60 * 1000,
+    roleCatalog: createRoleCatalog()
+  });
+
+  const response = await service.removeMember(
+    workspace,
+    {
+      memberUserId: 11
+    },
+    authorizedOptions(["workspace.members.manage"])
+  );
+
+  assert.equal(response.members.length, 0);
+});
+
+test("workspaceMembersService.removeMember rejects removing the owner", async () => {
+  const workspace = {
+    id: 7,
+    slug: "tonymobily3",
+    name: "TonyMobily3",
+    ownerUserId: 9,
+    avatarUrl: "",
+    color: "#0F6B54"
+  };
+  const service = createService({
+    workspaceMembershipsRepository: {
+      async listActiveByWorkspaceId() {
+        return [];
+      },
+      async findByWorkspaceIdAndUserId(workspaceId, userId) {
+        assert.equal(Number(workspaceId), 7);
+        assert.equal(Number(userId), 9);
+        return {
+          workspaceId: 7,
+          userId: 9,
+          roleId: "owner",
+          status: "active"
+        };
+      },
+      async upsertMembership() {
+        throw new Error("remove owner should not update membership");
+      }
+    },
+    workspaceInvitesRepository: {
+      async listPendingByWorkspaceIdWithWorkspace() {
+        return [];
+      },
+      async expirePendingByWorkspaceIdAndEmail() {},
+      async insert() {},
+      async findPendingByIdForWorkspace() {
+        return null;
+      },
+      async revokeById() {}
+    },
+    inviteExpiresInMs: 7 * 24 * 60 * 60 * 1000,
+    roleCatalog: createRoleCatalog()
+  });
+
+  await assert.rejects(
+    () =>
+      service.removeMember(
+        workspace,
+        {
+          memberUserId: 9
+        },
+        authorizedOptions(["workspace.members.manage"])
+      ),
+    /Cannot remove workspace owner/
+  );
+});

package/test/workspacePathModel.test.js

@@ -0,0 +1,93 @@
+import assert from "node:assert/strict";
+import test from "node:test";
+import { normalizePathname as normalizeKernelPathname } from "@jskit-ai/kernel/shared/surface/paths";
+
+import {
+  normalizePathname,
+  normalizeSurfaceSegmentFromRouteBase,
+  parseWorkspacePathname,
+  resolveDefaultWorkspaceSurfaceId,
+  resolveWorkspaceSurfaceIdFromSuffixSegments
+} from "../src/shared/support/workspacePathModel.js";
+
+test("normalizePathname reuses kernel surface path helper", () => {
+  assert.equal(normalizePathname, normalizeKernelPathname);
+});
+
+test("normalizePathname trims query/hash and trailing slashes", () => {
+  assert.equal(normalizePathname("w/acme/admin/?a=1#x"), "/w/acme/admin");
+  assert.equal(normalizePathname("///w//acme///"), "/w/acme");
+});
+
+test("normalizeSurfaceSegmentFromRouteBase resolves workspace-aware segment", () => {
+  assert.equal(normalizeSurfaceSegmentFromRouteBase("/w/:workspaceSlug/admin"), "admin");
+  assert.equal(normalizeSurfaceSegmentFromRouteBase("/w/:workspaceSlug"), "");
+  assert.equal(normalizeSurfaceSegmentFromRouteBase("/"), "");
+  assert.equal(normalizeSurfaceSegmentFromRouteBase(""), "");
+});
+
+test("parseWorkspacePathname reads workspace slug and suffix segments", () => {
+  assert.deepEqual(parseWorkspacePathname("/w/acme/admin/contacts"), {
+    workspaceSlug: "acme",
+    suffixSegments: ["admin", "contacts"]
+  });
+  assert.equal(parseWorkspacePathname("/admin/settings"), null);
+});
+
+test("resolveDefaultWorkspaceSurfaceId keeps workspace default or first workspace fallback", () => {
+  assert.equal(
+    resolveDefaultWorkspaceSurfaceId({
+      defaultSurfaceId: "app",
+      workspaceSurfaceIds: ["admin", "app"],
+      surfaceRequiresWorkspace: (surfaceId) => surfaceId === "app"
+    }),
+    "app"
+  );
+
+  assert.equal(
+    resolveDefaultWorkspaceSurfaceId({
+      defaultSurfaceId: "app",
+      workspaceSurfaceIds: ["admin", "app"],
+      surfaceRequiresWorkspace: (surfaceId) => surfaceId === "admin"
+    }),
+    "admin"
+  );
+});
+
+test("resolveWorkspaceSurfaceIdFromSuffixSegments resolves prefixed workspace surfaces", () => {
+  assert.equal(
+    resolveWorkspaceSurfaceIdFromSuffixSegments({
+      suffixSegments: [],
+      defaultWorkspaceSurfaceId: "app",
+      workspaceSurfaces: [
+        { id: "app", routeBase: "/w/:workspaceSlug" },
+        { id: "admin", routeBase: "/w/:workspaceSlug/admin" }
+      ]
+    }),
+    "app"
+  );
+
+  assert.equal(
+    resolveWorkspaceSurfaceIdFromSuffixSegments({
+      suffixSegments: ["admin", "contacts"],
+      defaultWorkspaceSurfaceId: "app",
+      workspaceSurfaces: [
+        { id: "app", routeBase: "/w/:workspaceSlug" },
+        { id: "admin", routeBase: "/w/:workspaceSlug/admin" }
+      ]
+    }),
+    "admin"
+  );
+
+  assert.equal(
+    resolveWorkspaceSurfaceIdFromSuffixSegments({
+      suffixSegments: ["projects", "123"],
+      defaultWorkspaceSurfaceId: "app",
+      workspaceSurfaces: [
+        { id: "app", routeBase: "/w/:workspaceSlug" },
+        { id: "admin", routeBase: "/w/:workspaceSlug/admin" }
+      ]
+    }),
+    "app"
+  );
+});

package/test/workspacePendingInvitationsResource.test.js

@@ -0,0 +1,38 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import { encodeInviteTokenHash } from "@jskit-ai/auth-core/shared/inviteTokens";
+import { workspacePendingInvitationsResource } from "../src/shared/resources/workspacePendingInvitationsResource.js";
+
+test("workspacePendingInvitationsResource output normalizer shapes raw invite rows", () => {
+  const tokenHash = "a".repeat(64);
+
+  const result = workspacePendingInvitationsResource.operations.list.outputValidator.normalize({
+    pendingInvites: [
+      {
+        id: 10,
+        workspaceId: 3,
+        workspaceSlug: "tonymobily3",
+        workspaceName: "",
+        workspaceAvatarUrl: "",
+        roleId: "Member",
+        status: "Pending",
+        expiresAt: "2030-01-01T00:00:00.000Z",
+        tokenHash
+      }
+    ]
+  }).pendingInvites;
+
+  assert.deepEqual(result, [
+    {
+      id: 10,
+      workspaceId: 3,
+      workspaceSlug: "tonymobily3",
+      workspaceName: "tonymobily3",
+      workspaceAvatarUrl: "",
+      roleId: "member",
+      status: "pending",
+      expiresAt: "2030-01-01T00:00:00.000Z",
+      token: encodeInviteTokenHash(tokenHash)
+    }
+  ]);
+});

package/test/workspacePendingInvitationsService.test.js

@@ -0,0 +1,151 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import { encodeInviteTokenHash } from "@jskit-ai/auth-core/shared/inviteTokens";
+import { createService } from "../src/server/workspacePendingInvitations/workspacePendingInvitationsService.js";
+
+function createFixture({
+  pendingInvitesByEmail = [],
+  inviteByTokenHash = null
+} = {}) {
+  const tokenHashCalls = [];
+  const upsertCalls = [];
+  const revokeCalls = [];
+  const acceptCalls = [];
+
+  const service = createService({
+    workspaceInvitesRepository: {
+      async listPendingByEmail() {
+        return Array.isArray(pendingInvitesByEmail) ? [...pendingInvitesByEmail] : [];
+      },
+      async findPendingByTokenHash(tokenHash) {
+        tokenHashCalls.push(String(tokenHash || ""));
+        if (!inviteByTokenHash || typeof inviteByTokenHash !== "object") {
+          return null;
+        }
+
+        return inviteByTokenHash[String(tokenHash || "")] || null;
+      },
+      async revokeById(inviteId) {
+        revokeCalls.push(Number(inviteId));
+      },
+      async markAcceptedById(inviteId) {
+        acceptCalls.push(Number(inviteId));
+      }
+    },
+    workspaceMembershipsRepository: {
+      async upsertMembership(workspaceId, userId, payload) {
+        upsertCalls.push({
+          workspaceId: Number(workspaceId),
+          userId: Number(userId),
+          payload: payload && typeof payload === "object" ? { ...payload } : payload
+        });
+      }
+    }
+  });
+
+  return {
+    service,
+    calls: {
+      tokenHashCalls,
+      upsertCalls,
+      revokeCalls,
+      acceptCalls
+    }
+  };
+}
+
+test("listPendingInvitesForUser returns raw pending invite rows for the action layer to shape", async () => {
+  const tokenHash = "a".repeat(64);
+  const { service } = createFixture({
+    pendingInvitesByEmail: [
+      {
+        id: 10,
+        workspaceId: 1,
+        workspaceSlug: "tonymobily3",
+        workspaceName: "TonyMobily3",
+        workspaceAvatarUrl: "",
+        roleId: "member",
+        status: "pending",
+        expiresAt: "2030-01-01T00:00:00.000Z",
+        tokenHash
+      }
+    ]
+  });
+
+  const pendingInvites = await service.listPendingInvitesForUser({
+    id: 7,
+    email: "chiaramobily@gmail.com"
+  });
+
+  assert.equal(pendingInvites.length, 1);
+  assert.equal(pendingInvites[0].tokenHash, tokenHash);
+  assert.equal(pendingInvites[0].workspaceName, "TonyMobily3");
+});
+
+test("acceptInviteByToken accepts opaque invite token and resolves invite by decoded hash", async () => {
+  const tokenHash = "b".repeat(64);
+  const encodedToken = encodeInviteTokenHash(tokenHash);
+  const { service, calls } = createFixture({
+    inviteByTokenHash: {
+      [tokenHash]: {
+        id: 44,
+        workspaceId: 1,
+        email: "chiaramobily@gmail.com",
+        roleId: "member",
+        status: "pending",
+        tokenHash,
+        expiresAt: "2030-01-01T00:00:00.000Z"
+      }
+    }
+  });
+
+  const response = await service.acceptInviteByToken({
+    user: {
+      id: 7,
+      email: "chiaramobily@gmail.com",
+      displayName: "Chiara"
+    },
+    token: encodedToken
+  });
+
+  assert.deepEqual(calls.tokenHashCalls, [tokenHash]);
+  assert.equal(calls.upsertCalls.length, 1);
+  assert.deepEqual(calls.acceptCalls, [44]);
+  assert.deepEqual(calls.revokeCalls, []);
+  assert.equal(response.decision, "accepted");
+  assert.equal(response.workspaceId, 1);
+});
+
+test("refuseInviteByToken revokes the invite and returns refused", async () => {
+  const tokenHash = "c".repeat(64);
+  const encodedToken = encodeInviteTokenHash(tokenHash);
+  const { service, calls } = createFixture({
+    inviteByTokenHash: {
+      [tokenHash]: {
+        id: 45,
+        workspaceId: 1,
+        email: "chiaramobily@gmail.com",
+        roleId: "member",
+        status: "pending",
+        tokenHash,
+        expiresAt: "2030-01-01T00:00:00.000Z"
+      }
+    }
+  });
+
+  const response = await service.refuseInviteByToken({
+    user: {
+      id: 7,
+      email: "chiaramobily@gmail.com",
+      displayName: "Chiara"
+    },
+    token: encodedToken
+  });
+
+  assert.deepEqual(calls.tokenHashCalls, [tokenHash]);
+  assert.deepEqual(calls.acceptCalls, []);
+  assert.deepEqual(calls.revokeCalls, [45]);
+  assert.equal(calls.upsertCalls.length, 0);
+  assert.equal(response.decision, "refused");
+  assert.equal(response.workspaceId, 1);
+});