npm - @jskit-ai/users-core - Versions diffs - 0.1.4 - Mend

@jskit-ai/users-core 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (148) hide show

package/src/server/accountProfile/avatarStorageService.js ADDED Viewed

@@ -0,0 +1,132 @@
+import { parsePositiveInteger } from "@jskit-ai/kernel/server/runtime";
+const AVATAR_STORAGE_PREFIX = "users/avatars";
+const AVATAR_MIME_TYPE_JPEG = "image/jpeg";
+const AVATAR_MIME_TYPE_PNG = "image/png";
+const AVATAR_MIME_TYPE_WEBP = "image/webp";
+const AVATAR_MIME_TYPE_FALLBACK = "application/octet-stream";
+function buildAvatarStorageKey(userId) {
+  const normalizedUserId = parsePositiveInteger(userId);
+  if (!normalizedUserId) {
+    throw new TypeError("Avatar storage requires a positive integer user id.");
+  }
+  return `${AVATAR_STORAGE_PREFIX}/${normalizedUserId}/avatar`;
+}
+function normalizeStorageKey(value) {
+  const normalized = String(value || "").trim();
+  if (!normalized) {
+    return "";
+  }
+  if (normalized.startsWith("/") || normalized.includes("..")) {
+    return "";
+  }
+  return normalized;
+}
+function detectAvatarMimeTypeFromBuffer(buffer) {
+  if (!Buffer.isBuffer(buffer) || buffer.length < 4) {
+    return AVATAR_MIME_TYPE_FALLBACK;
+  }
+  if (
+    buffer.length >= 3 &&
+    buffer[0] === 0xff &&
+    buffer[1] === 0xd8 &&
+    buffer[2] === 0xff
+  ) {
+    return AVATAR_MIME_TYPE_JPEG;
+  }
+  if (
+    buffer.length >= 8 &&
+    buffer[0] === 0x89 &&
+    buffer[1] === 0x50 &&
+    buffer[2] === 0x4e &&
+    buffer[3] === 0x47 &&
+    buffer[4] === 0x0d &&
+    buffer[5] === 0x0a &&
+    buffer[6] === 0x1a &&
+    buffer[7] === 0x0a
+  ) {
+    return AVATAR_MIME_TYPE_PNG;
+  }
+  if (
+    buffer.length >= 12 &&
+    buffer[0] === 0x52 &&
+    buffer[1] === 0x49 &&
+    buffer[2] === 0x46 &&
+    buffer[3] === 0x46 &&
+    buffer[8] === 0x57 &&
+    buffer[9] === 0x45 &&
+    buffer[10] === 0x42 &&
+    buffer[11] === 0x50
+  ) {
+    return AVATAR_MIME_TYPE_WEBP;
+  }
+  return AVATAR_MIME_TYPE_FALLBACK;
+}
+function createService({ storage } = {}) {
+  if (!storage || typeof storage.getItemRaw !== "function" || typeof storage.setItemRaw !== "function") {
+    throw new TypeError("avatarStorageService requires a storage binding with getItemRaw()/setItemRaw().");
+  }
+  async function saveAvatar({ userId, buffer }) {
+    if (!Buffer.isBuffer(buffer)) {
+      throw new TypeError("Avatar buffer must be a Buffer instance.");
+    }
+    const storageKey = buildAvatarStorageKey(userId);
+    await storage.setItemRaw(storageKey, buffer);
+    return Object.freeze({
+      storageKey
+    });
+  }
+  async function readAvatar(storageKey) {
+    const normalizedStorageKey = normalizeStorageKey(storageKey);
+    if (!normalizedStorageKey) {
+      return null;
+    }
+    const value = await storage.getItemRaw(normalizedStorageKey);
+    if (value == null) {
+      return null;
+    }
+    const buffer = Buffer.isBuffer(value) ? value : Buffer.from(value);
+    return Object.freeze({
+      storageKey: normalizedStorageKey,
+      buffer,
+      mimeType: detectAvatarMimeTypeFromBuffer(buffer)
+    });
+  }
+  async function deleteAvatar(storageKey) {
+    const normalizedStorageKey = normalizeStorageKey(storageKey);
+    if (!normalizedStorageKey || typeof storage.removeItem !== "function") {
+      return;
+    }
+    await storage.removeItem(normalizedStorageKey);
+  }
+  return Object.freeze({
+    saveAvatar,
+    readAvatar,
+    deleteAvatar
+  });
+}
+const __testables = Object.freeze({
+  buildAvatarStorageKey,
+  detectAvatarMimeTypeFromBuffer
+});
+export { createService, __testables };

package/src/server/accountProfile/bootAccountProfileRoutes.js ADDED Viewed

@@ -0,0 +1,166 @@
+import { AppError } from "@jskit-ai/kernel/server/runtime/errors";
+import { KERNEL_TOKENS } from "@jskit-ai/kernel/shared/support/tokens";
+import { withStandardErrorResponses } from "@jskit-ai/http-runtime/shared/validators/errorResponses";
+import { userSettingsResource } from "../../shared/resources/userSettingsResource.js";
+import { userProfileResource } from "../../shared/resources/userProfileResource.js";
+import { USERS_ACCOUNT_PROFILE_SERVICE_TOKEN } from "./registerAccountProfile.js";
+function bootAccountProfileRoutes(app) {
+  if (!app || typeof app.make !== "function") {
+    throw new Error("bootAccountProfileRoutes requires application make().");
+  }
+  const router = app.make(KERNEL_TOKENS.HttpRouter);
+  const authService = app.make("authService");
+  const accountProfileService = app.make(USERS_ACCOUNT_PROFILE_SERVICE_TOKEN);
+  router.register(
+    "GET",
+    "/api/settings",
+    {
+      auth: "required",
+      meta: {
+        tags: ["settings"],
+        summary: "Get authenticated user's settings"
+      },
+      responseValidators: withStandardErrorResponses({
+        200: userSettingsResource.operations.view.outputValidator
+      })
+    },
+    async function (request, reply) {
+      const response = await request.executeAction({
+        actionId: "settings.read"
+      });
+      reply.code(200).send(response);
+    }
+  );
+  router.register(
+    "PATCH",
+    "/api/settings/profile",
+    {
+      auth: "required",
+      meta: {
+        tags: ["settings"],
+        summary: "Update profile settings"
+      },
+      bodyValidator: userProfileResource.operations.patch.bodyValidator,
+      responseValidators: withStandardErrorResponses(
+        {
+          200: userSettingsResource.operations.view.outputValidator
+        },
+        { includeValidation400: true }
+      )
+    },
+    async function (request, reply) {
+      const result = await request.executeAction({
+        actionId: "settings.profile.update",
+        input: {
+          payload: request.input.body
+        }
+      });
+      if (result?.session && typeof authService.writeSessionCookies === "function") {
+        authService.writeSessionCookies(reply, result.session);
+      }
+      reply.code(200).send(result?.settings || result);
+    }
+  );
+  router.register(
+    "GET",
+    "/api/settings/profile/avatar",
+    {
+      auth: "required",
+      meta: {
+        tags: ["settings"],
+        summary: "Read authenticated user's uploaded avatar."
+      }
+    },
+    async function (request, reply) {
+      const avatar = await accountProfileService.readAvatar(request, request.user, {}, {
+        context: {
+          actor: request.user
+        }
+      });
+      reply
+        .header("Cache-Control", "private, max-age=31536000, immutable")
+        .header("Content-Type", avatar.mimeType)
+        .send(avatar.buffer);
+    }
+  );
+  router.register(
+    "POST",
+    "/api/settings/profile/avatar",
+    {
+      auth: "required",
+      meta: {
+        tags: ["settings"],
+        summary: "Upload profile avatar",
+        description: "Multipart upload (avatar file required, optional uploadDimension field)."
+      },
+      advanced: {
+        fastifySchema: {
+          consumes: ["multipart/form-data"]
+        }
+      },
+      responseValidators: withStandardErrorResponses(
+        {
+          200: userProfileResource.operations.avatarUpload.outputValidator
+        },
+        { includeValidation400: true }
+      )
+    },
+    async function (request, reply) {
+      const filePart = await request.file();
+      if (!filePart) {
+        throw new AppError(400, "Validation failed.", {
+          details: {
+            fieldErrors: {
+              avatar: "Avatar file is required."
+            }
+          }
+        });
+      }
+      const uploadDimension = filePart.fields?.uploadDimension?.value;
+      const response = await request.executeAction({
+        actionId: "settings.profile.avatar.upload",
+        input: {
+          stream: filePart.file,
+          mimeType: filePart.mimetype,
+          fileName: filePart.filename,
+          uploadDimension
+        }
+      });
+      reply.code(200).send(response);
+    }
+  );
+  router.register(
+    "DELETE",
+    "/api/settings/profile/avatar",
+    {
+      auth: "required",
+      meta: {
+        tags: ["settings"],
+        summary: "Delete profile avatar and fallback to gravatar"
+      },
+      responseValidators: withStandardErrorResponses({
+        200: userProfileResource.operations.avatarDelete.outputValidator
+      })
+    },
+    async function (request, reply) {
+      const response = await request.executeAction({
+        actionId: "settings.profile.avatar.delete"
+      });
+      reply.code(200).send(response);
+    }
+  );
+}
+export { bootAccountProfileRoutes };

package/src/server/accountProfile/registerAccountProfile.js ADDED Viewed

@@ -0,0 +1,62 @@
+import { KERNEL_TOKENS } from "@jskit-ai/kernel/shared/support/tokens";
+import { withActionDefaults } from "@jskit-ai/kernel/shared/actions";
+import { createService as createAccountProfileService } from "./accountProfileService.js";
+import { createService as createAvatarStorageService } from "./avatarStorageService.js";
+import { createService as createAvatarService } from "./avatarService.js";
+import { accountProfileActions } from "./accountProfileActions.js";
+import { deepFreeze } from "../common/support/deepFreeze.js";
+import {
+  USERS_AVATAR_STORAGE_SERVICE_TOKEN,
+  USERS_AVATAR_SERVICE_TOKEN
+} from "../common/diTokens.js";
+import { ACCOUNT_SETTINGS_AND_BOOTSTRAP_EVENTS } from "../common/support/realtimeServiceEvents.js";
+const USERS_ACCOUNT_PROFILE_SERVICE_TOKEN = "users.accountProfile.service";
+function registerAccountProfile(app) {
+  if (!app || typeof app.singleton !== "function" || typeof app.service !== "function" || typeof app.actions !== "function") {
+    throw new Error("registerAccountProfile requires application singleton()/service()/actions().");
+  }
+  app.singleton(USERS_AVATAR_STORAGE_SERVICE_TOKEN, (scope) =>
+    createAvatarStorageService({
+      storage: scope.make(KERNEL_TOKENS.Storage)
+    })
+  );
+  app.singleton(USERS_AVATAR_SERVICE_TOKEN, (scope) =>
+    createAvatarService({
+      userProfilesRepository: scope.make("userProfilesRepository"),
+      avatarStorageService: scope.make(USERS_AVATAR_STORAGE_SERVICE_TOKEN)
+    })
+  );
+  app.service(
+    USERS_ACCOUNT_PROFILE_SERVICE_TOKEN,
+    (scope) =>
+      createAccountProfileService({
+        userSettingsRepository: scope.make("userSettingsRepository"),
+        userProfilesRepository: scope.make("userProfilesRepository"),
+        authService: scope.make("authService"),
+        avatarService: scope.make(USERS_AVATAR_SERVICE_TOKEN)
+      }),
+    {
+      events: deepFreeze({
+        updateProfile: ACCOUNT_SETTINGS_AND_BOOTSTRAP_EVENTS,
+        uploadAvatar: ACCOUNT_SETTINGS_AND_BOOTSTRAP_EVENTS,
+        deleteAvatar: ACCOUNT_SETTINGS_AND_BOOTSTRAP_EVENTS
+      })
+    }
+  );
+  app.actions(
+    withActionDefaults(accountProfileActions, {
+      domain: "settings",
+      dependencies: {
+        accountProfileService: USERS_ACCOUNT_PROFILE_SERVICE_TOKEN
+      }
+    })
+  );
+}
+export { USERS_ACCOUNT_PROFILE_SERVICE_TOKEN, registerAccountProfile };

package/src/server/accountProfile/registerAvatarMultipartSupport.js ADDED Viewed

@@ -0,0 +1,43 @@
+import fastifyMultipart from "@fastify/multipart";
+import { KERNEL_TOKENS } from "@jskit-ai/kernel/shared/support/tokens";
+const AVATAR_MULTIPART_SUPPORT_FLAG = Symbol.for("jskit.users-core.avatar.multipart.support");
+async function registerAvatarMultipartSupport(app) {
+  if (!app || typeof app.has !== "function" || typeof app.make !== "function") {
+    throw new Error("registerAvatarMultipartSupport requires application has()/make().");
+  }
+  if (!app.has(KERNEL_TOKENS.Fastify)) {
+    return;
+  }
+  const fastify = app.make(KERNEL_TOKENS.Fastify);
+  if (!fastify || typeof fastify.register !== "function") {
+    throw new Error("registerAvatarMultipartSupport requires Fastify register().");
+  }
+  if (fastify[AVATAR_MULTIPART_SUPPORT_FLAG] === true) {
+    return;
+  }
+  if (typeof fastify.hasContentTypeParser === "function" && fastify.hasContentTypeParser("multipart")) {
+    Object.defineProperty(fastify, AVATAR_MULTIPART_SUPPORT_FLAG, {
+      value: true,
+      configurable: false,
+      enumerable: false,
+      writable: false
+    });
+    return;
+  }
+  await fastify.register(fastifyMultipart);
+  Object.defineProperty(fastify, AVATAR_MULTIPART_SUPPORT_FLAG, {
+    value: true,
+    configurable: false,
+    enumerable: false,
+    writable: false
+  });
+}
+export { registerAvatarMultipartSupport };

package/src/server/accountSecurity/accountSecurityActions.js ADDED Viewed

@@ -0,0 +1,144 @@
+import {
+  resolveRequest
+} from "@jskit-ai/kernel/shared/actions/actionContributorHelpers";
+import { userSettingsResource } from "../../shared/resources/userSettingsResource.js";
+import { resolveActionUser } from "../common/support/resolveActionUser.js";
+const accountSecurityActions = Object.freeze([
+  {
+    id: "settings.security.password.change",
+    version: 1,
+    kind: "command",
+    channels: ["api", "automation", "internal"],
+    surfacesFrom: "enabled",
+    permission: {
+      require: "authenticated"
+    },
+    inputValidator: {
+      payload: userSettingsResource.operations.passwordChange.bodyValidator
+    },
+    outputValidator: userSettingsResource.operations.passwordChange.outputValidator,
+    idempotency: "none",
+    audit: {
+      actionName: "settings.security.password.change"
+    },
+    observability: {},
+    async execute(input, context, deps) {
+      return deps.accountSecurityService.changePassword(
+        resolveRequest(context),
+        resolveActionUser(context, input),
+        input.payload,
+        {
+          context
+        }
+      );
+    }
+  },
+  {
+    id: "settings.security.password_method.toggle",
+    version: 1,
+    kind: "command",
+    channels: ["api", "automation", "internal"],
+    surfacesFrom: "enabled",
+    permission: {
+      require: "authenticated"
+    },
+    inputValidator: {
+      payload: userSettingsResource.operations.passwordMethodToggle.bodyValidator
+    },
+    outputValidator: userSettingsResource.operations.passwordMethodToggle.outputValidator,
+    idempotency: "none",
+    audit: {
+      actionName: "settings.security.password_method.toggle"
+    },
+    observability: {},
+    async execute(input, context, deps) {
+      return deps.accountSecurityService.setPasswordMethodEnabled(
+        resolveRequest(context),
+        resolveActionUser(context, input),
+        input.payload,
+        {
+          context
+        }
+      );
+    }
+  },
+  {
+    id: "settings.security.oauth.link.start",
+    version: 1,
+    kind: "query",
+    channels: ["api", "automation", "internal"],
+    surfacesFrom: "enabled",
+    permission: {
+      require: "authenticated"
+    },
+    inputValidator: [userSettingsResource.operations.oauthLinkStart.paramsValidator, userSettingsResource.operations.oauthLinkStart.queryValidator],
+    outputValidator: userSettingsResource.operations.oauthLinkStart.outputValidator,
+    idempotency: "none",
+    audit: {
+      actionName: "settings.security.oauth.link.start"
+    },
+    observability: {},
+    async execute(input, context, deps) {
+      return deps.accountSecurityService.startOAuthProviderLink(
+        resolveRequest(context),
+        resolveActionUser(context, input),
+        input,
+        {
+          context
+        }
+      );
+    }
+  },
+  {
+    id: "settings.security.oauth.unlink",
+    version: 1,
+    kind: "command",
+    channels: ["api", "automation", "internal"],
+    surfacesFrom: "enabled",
+    permission: {
+      require: "authenticated"
+    },
+    inputValidator: userSettingsResource.operations.oauthUnlink.paramsValidator,
+    outputValidator: userSettingsResource.operations.oauthUnlink.outputValidator,
+    idempotency: "none",
+    audit: {
+      actionName: "settings.security.oauth.unlink"
+    },
+    observability: {},
+    async execute(input, context, deps) {
+      return deps.accountSecurityService.unlinkOAuthProvider(
+        resolveRequest(context),
+        resolveActionUser(context, input),
+        input,
+        {
+          context
+        }
+      );
+    }
+  },
+  {
+    id: "settings.security.sessions.logout_others",
+    version: 1,
+    kind: "command",
+    channels: ["api", "automation", "internal"],
+    surfacesFrom: "enabled",
+    permission: {
+      require: "authenticated"
+    },
+    inputValidator: userSettingsResource.operations.logoutOtherSessions.bodyValidator,
+    outputValidator: userSettingsResource.operations.logoutOtherSessions.outputValidator,
+    idempotency: "none",
+    audit: {
+      actionName: "settings.security.sessions.logout_others"
+    },
+    observability: {},
+    async execute(input, context, deps) {
+      return deps.accountSecurityService.logoutOtherSessions(resolveRequest(context), resolveActionUser(context, input), {
+        context
+      });
+    }
+  }
+]);
+export { accountSecurityActions };

package/src/server/accountSecurity/accountSecurityService.js ADDED Viewed

@@ -0,0 +1,103 @@
+import { AppError } from "@jskit-ai/kernel/server/runtime/errors";
+import { createValidationError } from "@jskit-ai/kernel/server/runtime";
+import {
+  resolveUserProfile,
+  resolveSecurityStatus
+} from "../common/services/accountContextService.js";
+import {
+  accountSettingsResponseFormatter
+} from "../common/formatters/accountSettingsResponseFormatter.js";
+function createService({
+  userSettingsRepository,
+  userProfilesRepository,
+  authService
+} = {}) {
+  if (!userSettingsRepository || !userProfilesRepository) {
+    throw new Error("accountSecurityService requires repositories.");
+  }
+  async function changePassword(request, user, payload = {}, options = {}) {
+    if (!authService || typeof authService.changePassword !== "function") {
+      throw new AppError(501, "Password change is not available.");
+    }
+    if (payload.confirmPassword !== payload.newPassword) {
+      throw createValidationError({
+        confirmPassword: "Password confirmation does not match."
+      });
+    }
+    return authService.changePassword(request, {
+      currentPassword: payload.currentPassword,
+      newPassword: payload.newPassword,
+      confirmPassword: payload.confirmPassword
+    });
+  }
+  async function setPasswordMethodEnabled(request, user, payload = {}, options = {}) {
+    if (!authService || typeof authService.setPasswordSignInEnabled !== "function") {
+      throw new AppError(501, "Password method toggle is not available.");
+    }
+    const profile = await resolveUserProfile(userProfilesRepository, user);
+    if (!profile) {
+      throw new AppError(404, "User profile was not found.");
+    }
+    const enabled = payload.enabled === true;
+    const response = await authService.setPasswordSignInEnabled(request, { enabled });
+    await userSettingsRepository.updatePasswordSignInEnabled(profile.id, enabled);
+    const settings = await userSettingsRepository.ensureForUserId(profile.id);
+    const securityStatus = await resolveSecurityStatus(authService, request);
+    return {
+      ...(response && typeof response === "object" ? response : {}),
+      settings: accountSettingsResponseFormatter({
+        profile,
+        settings,
+        securityStatus,
+        authService
+      })
+    };
+  }
+  async function startOAuthProviderLink(request, user, payload = {}, options = {}) {
+    if (!authService || typeof authService.startProviderLink !== "function") {
+      throw new AppError(501, "OAuth linking is not available.");
+    }
+    return authService.startProviderLink(request, {
+      provider: payload.provider,
+      returnTo: payload.returnTo
+    });
+  }
+  async function unlinkOAuthProvider(request, user, payload = {}, options = {}) {
+    if (!authService || typeof authService.unlinkProvider !== "function") {
+      throw new AppError(501, "OAuth unlink is not available.");
+    }
+    return authService.unlinkProvider(request, {
+      provider: payload.provider
+    });
+  }
+  async function logoutOtherSessions(request, _user, options = {}) {
+    if (!authService || typeof authService.signOutOtherSessions !== "function") {
+      throw new AppError(501, "Logout other sessions is not available.");
+    }
+    return authService.signOutOtherSessions(request);
+  }
+  return Object.freeze({
+    changePassword,
+    setPasswordMethodEnabled,
+    startOAuthProviderLink,
+    unlinkOAuthProvider,
+    logoutOtherSessions
+  });
+}
+export { createService };