@jskit-ai/users-core 0.1.4

package/src/server/common/repositories/workspaceInvitesRepository.js

@@ -0,0 +1,172 @@
+import {
+  normalizeLowerText,
+  normalizeText,
+  toIsoString,
+  toNullableIso,
+  toNullableDateTime,
+  nowDb,
+  isDuplicateEntryError
+} from "./repositoryUtils.js";
+
+function mapRow(row) {
+  if (!row) {
+    return null;
+  }
+
+  return {
+    id: Number(row.id),
+    workspaceId: Number(row.workspace_id),
+    email: normalizeLowerText(row.email),
+    roleId: normalizeLowerText(row.role_id || "member") || "member",
+    status: normalizeLowerText(row.status || "pending") || "pending",
+    tokenHash: normalizeText(row.token_hash),
+    invitedByUserId: row.invited_by_user_id == null ? null : Number(row.invited_by_user_id),
+    expiresAt: toNullableIso(row.expires_at),
+    acceptedAt: toNullableIso(row.accepted_at),
+    revokedAt: toNullableIso(row.revoked_at),
+    createdAt: toIsoString(row.created_at),
+    updatedAt: toIsoString(row.updated_at),
+    workspaceSlug: row.workspace_slug ? normalizeText(row.workspace_slug) : undefined,
+    workspaceName: row.workspace_name ? normalizeText(row.workspace_name) : undefined,
+    workspaceAvatarUrl: row.workspace_avatar_url ? normalizeText(row.workspace_avatar_url) : undefined
+  };
+}
+
+const WORKSPACE_INVITE_WITH_WORKSPACE_SELECT = Object.freeze([
+  "wi.*",
+  "w.slug as workspace_slug",
+  "w.name as workspace_name",
+  "w.avatar_url as workspace_avatar_url"
+]);
+
+function createRepository(knex) {
+  if (typeof knex !== "function") {
+    throw new TypeError("workspaceInvitesRepository requires knex.");
+  }
+
+  async function findPendingByTokenHash(tokenHash, options = {}) {
+    const client = options?.trx || knex;
+    const row = await client("workspace_invites")
+      .where({ token_hash: normalizeText(tokenHash), status: "pending" })
+      .first();
+    return mapRow(row);
+  }
+
+  async function listPendingByEmail(email, options = {}) {
+    const client = options?.trx || knex;
+    const normalizedEmail = normalizeLowerText(email);
+    if (!normalizedEmail) {
+      return [];
+    }
+
+    const rows = await client("workspace_invites as wi")
+      .join("workspaces as w", "w.id", "wi.workspace_id")
+      .where({ "wi.email": normalizedEmail, "wi.status": "pending" })
+      .orderBy("wi.created_at", "desc")
+      .select(WORKSPACE_INVITE_WITH_WORKSPACE_SELECT);
+
+    return rows.map(mapRow).filter(Boolean);
+  }
+
+  async function listPendingByWorkspaceIdWithWorkspace(workspaceId, options = {}) {
+    const client = options?.trx || knex;
+    const rows = await client("workspace_invites as wi")
+      .join("workspaces as w", "w.id", "wi.workspace_id")
+      .where({ "wi.workspace_id": Number(workspaceId), "wi.status": "pending" })
+      .orderBy("wi.created_at", "desc")
+      .select(WORKSPACE_INVITE_WITH_WORKSPACE_SELECT);
+
+    return rows.map(mapRow).filter(Boolean);
+  }
+
+  async function insert(payload = {}, options = {}) {
+    const client = options?.trx || knex;
+    const source = payload && typeof payload === "object" ? payload : {};
+
+    const insertPayload = {
+      workspace_id: Number(source.workspaceId),
+      email: normalizeLowerText(source.email),
+      role_id: normalizeLowerText(source.roleId || "member") || "member",
+      status: normalizeLowerText(source.status || "pending") || "pending",
+      token_hash: normalizeText(source.tokenHash),
+      invited_by_user_id: source.invitedByUserId == null ? null : Number(source.invitedByUserId),
+      expires_at: toNullableDateTime(source.expiresAt),
+      accepted_at: null,
+      revoked_at: null,
+      created_at: nowDb(),
+      updated_at: nowDb()
+    };
+
+    try {
+      const result = await client("workspace_invites").insert(insertPayload);
+      const insertedId = Array.isArray(result) ? Number(result[0]) : Number(result);
+      if (Number.isInteger(insertedId) && insertedId > 0) {
+        const row = await client("workspace_invites").where({ id: insertedId }).first();
+        return mapRow(row);
+      }
+    } catch (error) {
+      if (!isDuplicateEntryError(error)) {
+        throw error;
+      }
+    }
+
+    const row = await client("workspace_invites")
+      .where({ workspace_id: insertPayload.workspace_id, email: insertPayload.email, status: "pending" })
+      .orderBy("id", "desc")
+      .first();
+    return mapRow(row);
+  }
+
+  async function expirePendingByWorkspaceIdAndEmail(workspaceId, email, options = {}) {
+    const client = options?.trx || knex;
+    await client("workspace_invites")
+      .where({ workspace_id: Number(workspaceId), email: normalizeLowerText(email), status: "pending" })
+      .update({
+        status: "expired",
+        updated_at: nowDb()
+      });
+  }
+
+  async function markAcceptedById(inviteId, options = {}) {
+    const client = options?.trx || knex;
+    await client("workspace_invites")
+      .where({ id: Number(inviteId) })
+      .update({
+        status: "accepted",
+        accepted_at: nowDb(),
+        updated_at: nowDb()
+      });
+  }
+
+  async function revokeById(inviteId, options = {}) {
+    const client = options?.trx || knex;
+    await client("workspace_invites")
+      .where({ id: Number(inviteId) })
+      .update({
+        status: "revoked",
+        revoked_at: nowDb(),
+        updated_at: nowDb()
+      });
+  }
+
+  async function findPendingByIdForWorkspace(inviteId, workspaceId, options = {}) {
+    const client = options?.trx || knex;
+    const row = await client("workspace_invites")
+      .where({ id: Number(inviteId), workspace_id: Number(workspaceId), status: "pending" })
+      .first();
+    return mapRow(row);
+  }
+
+  return Object.freeze({
+    findPendingByTokenHash,
+    listPendingByEmail,
+    listPendingByWorkspaceIdWithWorkspace,
+    insert,
+    expirePendingByWorkspaceIdAndEmail,
+    markAcceptedById,
+    revokeById,
+    findPendingByIdForWorkspace
+  });
+}
+
+export { createRepository, mapRow };

package/src/server/common/repositories/workspaceMembershipsRepository.js

@@ -0,0 +1,157 @@
+import {
+  normalizeLowerText,
+  normalizeText,
+  toIsoString,
+  nowDb,
+  isDuplicateEntryError
+} from "./repositoryUtils.js";
+import { OWNER_ROLE_ID } from "../../../shared/roles.js";
+
+function mapRow(row) {
+  if (!row) {
+    return null;
+  }
+
+  return {
+    id: Number(row.id),
+    workspaceId: Number(row.workspace_id),
+    userId: Number(row.user_id),
+    roleId: normalizeLowerText(row.role_id || "member") || "member",
+    status: normalizeLowerText(row.status || "active") || "active",
+    createdAt: toIsoString(row.created_at),
+    updatedAt: toIsoString(row.updated_at)
+  };
+}
+
+function mapMemberSummaryRow(row) {
+  if (!row) {
+    return null;
+  }
+
+  return {
+    userId: Number(row.user_id),
+    roleId: normalizeLowerText(row.role_id || "member") || "member",
+    status: normalizeLowerText(row.status || "active") || "active",
+    displayName: normalizeText(row.display_name),
+    email: normalizeLowerText(row.email)
+  };
+}
+
+function createRepository(knex) {
+  if (typeof knex !== "function") {
+    throw new TypeError("workspaceMembershipsRepository requires knex.");
+  }
+
+  async function findByWorkspaceIdAndUserId(workspaceId, userId, options = {}) {
+    const client = options?.trx || knex;
+    const row = await client("workspace_memberships")
+      .where({ workspace_id: Number(workspaceId), user_id: Number(userId) })
+      .first();
+    return mapRow(row);
+  }
+
+  async function ensureOwnerMembership(workspaceId, userId, options = {}) {
+    const client = options?.trx || knex;
+    const existing = await findByWorkspaceIdAndUserId(workspaceId, userId, { trx: client });
+    if (existing) {
+      if (existing.roleId !== OWNER_ROLE_ID || existing.status !== "active") {
+        await client("workspace_memberships")
+          .where({ workspace_id: Number(workspaceId), user_id: Number(userId) })
+          .update({
+            role_id: OWNER_ROLE_ID,
+            status: "active",
+            updated_at: nowDb()
+          });
+      }
+      return findByWorkspaceIdAndUserId(workspaceId, userId, { trx: client });
+    }
+
+    try {
+      await client("workspace_memberships").insert({
+        workspace_id: Number(workspaceId),
+        user_id: Number(userId),
+        role_id: OWNER_ROLE_ID,
+        status: "active",
+        created_at: nowDb(),
+        updated_at: nowDb()
+      });
+    } catch (error) {
+      if (!isDuplicateEntryError(error)) {
+        throw error;
+      }
+    }
+
+    return findByWorkspaceIdAndUserId(workspaceId, userId, { trx: client });
+  }
+
+  async function upsertMembership(workspaceId, userId, patch = {}, options = {}) {
+    const client = options?.trx || knex;
+    const existing = await findByWorkspaceIdAndUserId(workspaceId, userId, { trx: client });
+    const roleId = normalizeLowerText(patch.roleId || existing?.roleId || "member") || "member";
+    const status = normalizeLowerText(patch.status || existing?.status || "active") || "active";
+
+    if (!existing) {
+      await client("workspace_memberships").insert({
+        workspace_id: Number(workspaceId),
+        user_id: Number(userId),
+        role_id: roleId,
+        status,
+        created_at: nowDb(),
+        updated_at: nowDb()
+      });
+      return findByWorkspaceIdAndUserId(workspaceId, userId, { trx: client });
+    }
+
+    await client("workspace_memberships")
+      .where({ workspace_id: Number(workspaceId), user_id: Number(userId) })
+      .update({
+        role_id: roleId,
+        status,
+        updated_at: nowDb()
+      });
+
+    return findByWorkspaceIdAndUserId(workspaceId, userId, { trx: client });
+  }
+
+  async function listActiveByWorkspaceId(workspaceId, options = {}) {
+    const client = options?.trx || knex;
+    const rows = await client("workspace_memberships as wm")
+      .join("user_profiles as up", "up.id", "wm.user_id")
+      .where({ "wm.workspace_id": Number(workspaceId), "wm.status": "active" })
+      .orderBy("up.display_name", "asc")
+      .select([
+        "wm.user_id",
+        "wm.role_id",
+        "wm.status",
+        "up.display_name",
+        "up.email"
+      ]);
+
+    return rows.map(mapMemberSummaryRow).filter(Boolean);
+  }
+
+  async function listActiveWorkspaceIdsByUserId(userId, options = {}) {
+    const client = options?.trx || knex;
+    const rows = await client("workspace_memberships")
+      .where({
+        user_id: Number(userId),
+        status: "active"
+      })
+      .select("workspace_id")
+      .orderBy("workspace_id", "asc");
+
+    return rows
+      .map((row) => Number(row.workspace_id))
+      .filter((workspaceId) => Number.isInteger(workspaceId) && workspaceId > 0);
+  }
+
+  return Object.freeze({
+    findByWorkspaceIdAndUserId,
+    ensureOwnerMembership,
+    upsertMembership,
+    listActiveByWorkspaceId,
+    listActiveWorkspaceIdsByUserId
+  });
+}
+
+export { createRepository, mapRow, mapMemberSummaryRow };

package/src/server/common/repositories/workspacesRepository.js

@@ -0,0 +1,183 @@
+import {
+  normalizeText,
+  normalizeLowerText,
+  toIsoString,
+  toNullableIso,
+  nowDb,
+  isDuplicateEntryError
+} from "./repositoryUtils.js";
+import { coerceWorkspaceColor } from "../../../shared/settings.js";
+
+function mapRow(row) {
+  if (!row) {
+    return null;
+  }
+
+  return {
+    id: Number(row.id),
+    slug: normalizeText(row.slug),
+    name: normalizeText(row.name),
+    ownerUserId: Number(row.owner_user_id),
+    isPersonal: Boolean(row.is_personal),
+    avatarUrl: row.avatar_url ? normalizeText(row.avatar_url) : "",
+    color: coerceWorkspaceColor(row.color),
+    createdAt: toIsoString(row.created_at),
+    updatedAt: toIsoString(row.updated_at),
+    deletedAt: toNullableIso(row.deleted_at)
+  };
+}
+
+function mapMembershipWorkspaceRow(row) {
+  if (!row) {
+    return null;
+  }
+
+  return {
+    ...mapRow(row),
+    roleId: normalizeLowerText(row.role_id || "member"),
+    membershipStatus: normalizeLowerText(row.membership_status || "active") || "active"
+  };
+}
+
+function createRepository(knex) {
+  if (typeof knex !== "function") {
+    throw new TypeError("workspacesRepository requires knex.");
+  }
+
+  function workspaceSelectColumns(client, { includeMembership = false } = {}) {
+    const columns = [
+      "w.id",
+      "w.slug",
+      client.raw("COALESCE(ws.name, w.name) as name"),
+      "w.owner_user_id",
+      "w.is_personal",
+      client.raw("COALESCE(ws.avatar_url, w.avatar_url) as avatar_url"),
+      client.raw("COALESCE(ws.color, w.color) as color"),
+      "w.created_at",
+      "w.updated_at",
+      "w.deleted_at"
+    ];
+    if (includeMembership) {
+      columns.push("wm.role_id", "wm.status as membership_status");
+    }
+    return columns;
+  }
+
+  async function findById(workspaceId, options = {}) {
+    const client = options?.trx || knex;
+    const row = await client("workspaces as w")
+      .leftJoin("workspace_settings as ws", "ws.workspace_id", "w.id")
+      .where({ "w.id": Number(workspaceId) })
+      .select(workspaceSelectColumns(client))
+      .first();
+    return mapRow(row);
+  }
+
+  async function findBySlug(slug, options = {}) {
+    const client = options?.trx || knex;
+    const normalizedSlug = normalizeLowerText(slug);
+    if (!normalizedSlug) {
+      return null;
+    }
+
+    const row = await client("workspaces as w")
+      .leftJoin("workspace_settings as ws", "ws.workspace_id", "w.id")
+      .where({ "w.slug": normalizedSlug })
+      .select(workspaceSelectColumns(client))
+      .first();
+    return mapRow(row);
+  }
+
+  async function findPersonalByOwnerUserId(userId, options = {}) {
+    const client = options?.trx || knex;
+    const row = await client("workspaces as w")
+      .leftJoin("workspace_settings as ws", "ws.workspace_id", "w.id")
+      .where({ "w.owner_user_id": Number(userId), "w.is_personal": 1 })
+      .orderBy("w.id", "asc")
+      .select(workspaceSelectColumns(client))
+      .first();
+    return mapRow(row);
+  }
+
+  async function insert(payload = {}, options = {}) {
+    const client = options?.trx || knex;
+    const source = payload && typeof payload === "object" ? payload : {};
+
+    const insertPayload = {
+      slug: normalizeLowerText(source.slug),
+      name: normalizeText(source.name),
+      owner_user_id: Number(source.ownerUserId),
+      is_personal: source.isPersonal ? 1 : 0,
+      avatar_url: normalizeText(source.avatarUrl),
+      color: coerceWorkspaceColor(source.color),
+      created_at: nowDb(),
+      updated_at: nowDb(),
+      deleted_at: null
+    };
+
+    try {
+      const result = await client("workspaces").insert(insertPayload);
+      const insertedId = Array.isArray(result) ? Number(result[0]) : Number(result);
+      if (Number.isInteger(insertedId) && insertedId > 0) {
+        return findById(insertedId, { trx: client });
+      }
+      const bySlug = await findBySlug(insertPayload.slug, { trx: client });
+      return bySlug;
+    } catch (error) {
+      if (!isDuplicateEntryError(error)) {
+        throw error;
+      }
+      const bySlug = await findBySlug(insertPayload.slug, { trx: client });
+      if (bySlug) {
+        return bySlug;
+      }
+      throw error;
+    }
+  }
+
+  async function updateById(workspaceId, patch = {}, options = {}) {
+    const client = options?.trx || knex;
+    const source = patch && typeof patch === "object" ? patch : {};
+    const dbPatch = {
+      updated_at: nowDb()
+    };
+
+    if (Object.hasOwn(source, "name")) {
+      dbPatch.name = normalizeText(source.name);
+    }
+    if (Object.hasOwn(source, "avatarUrl")) {
+      dbPatch.avatar_url = normalizeText(source.avatarUrl);
+    }
+    if (Object.hasOwn(source, "color")) {
+      dbPatch.color = coerceWorkspaceColor(source.color);
+    }
+
+    await client("workspaces").where({ id: Number(workspaceId) }).update(dbPatch);
+    return findById(workspaceId, { trx: client });
+  }
+
+  async function listForUserId(userId, options = {}) {
+    const client = options?.trx || knex;
+    const rows = await client("workspace_memberships as wm")
+      .join("workspaces as w", "w.id", "wm.workspace_id")
+      .leftJoin("workspace_settings as ws", "ws.workspace_id", "w.id")
+      .where({ "wm.user_id": Number(userId) })
+      .whereNull("w.deleted_at")
+      .orderBy("w.is_personal", "desc")
+      .orderBy("w.id", "asc")
+      .select(workspaceSelectColumns(client, { includeMembership: true }));
+
+    return rows.map(mapMembershipWorkspaceRow).filter(Boolean);
+  }
+
+  return Object.freeze({
+    findById,
+    findBySlug,
+    findPersonalByOwnerUserId,
+    insert,
+    updateById,
+    listForUserId
+  });
+}
+
+export { createRepository, mapRow, mapMembershipWorkspaceRow };

package/src/server/common/routes/README.md

@@ -0,0 +1,11 @@
+# `routes/`
+
+Put shared route schema maps here when multiple route adapters consume them.
+
+Allowed:
+- shared route request/response schema groupings
+- references to shared resources/commands
+
+Not allowed:
+- route registration/handlers
+- business logic

package/src/server/common/services/README.md

@@ -0,0 +1,12 @@
+# `services/`
+
+Put shared server services here when they are used by more than one slice.
+
+Allowed:
+- cross-slice service logic with clear inputs/outputs
+- no HTTP route validator handling
+
+Not allowed:
+- feature-only services
+- route adapters/controllers
+- response schema declarations

package/src/server/common/services/accountContextService.js

@@ -0,0 +1,31 @@
+import { normalizeIdentity } from "../repositories/userProfilesRepository.js";
+
+async function resolveUserProfile(userProfilesRepository, user) {
+  const identity = normalizeIdentity(user);
+  if (identity) {
+    const profile = await userProfilesRepository.findByIdentity(identity);
+    if (profile) {
+      return profile;
+    }
+  }
+
+  const userId = Number(user?.id);
+  if (Number.isInteger(userId) && userId > 0) {
+    const profileById = await userProfilesRepository.findById(userId);
+    if (profileById) {
+      return profileById;
+    }
+  }
+
+  return null;
+}
+
+async function resolveSecurityStatus(authService, request) {
+  if (!authService || typeof authService.getSecurityStatus !== "function") {
+    return {};
+  }
+
+  return authService.getSecurityStatus(request);
+}
+
+export { resolveUserProfile, resolveSecurityStatus };

package/src/server/common/services/authProfileSyncService.js

@@ -0,0 +1,128 @@
+import { normalizeLowerText, normalizeText } from "@jskit-ai/kernel/shared/actions/textNormalization";
+import { normalizeIdentity } from "../repositories/userProfilesRepository.js";
+
+function buildNormalizedIdentityKey(identityLike) {
+  const identity = normalizeIdentity(identityLike);
+  if (!identity) {
+    throw new TypeError("Profile identity is missing required fields.");
+  }
+
+  return {
+    authProvider: identity.provider,
+    authProviderUserId: identity.providerUserId
+  };
+}
+
+function buildNormalizedIdentityProfile(profileLike) {
+  const source = profileLike && typeof profileLike === "object" ? profileLike : {};
+  const identity = buildNormalizedIdentityKey(source);
+  const email = normalizeLowerText(source.email);
+  const displayName = normalizeText(source.displayName);
+
+  if (!email || !displayName) {
+    throw new TypeError("Profile identity is missing required fields.");
+  }
+
+  return {
+    authProvider: identity.authProvider,
+    authProviderUserId: identity.authProviderUserId,
+    email,
+    displayName,
+    username: normalizeLowerText(source.username)
+  };
+}
+
+function profileNeedsUpdate(existing, nextProfile) {
+  if (!existing) {
+    return true;
+  }
+
+  return (
+    existing.email !== nextProfile.email ||
+    existing.displayName !== nextProfile.displayName ||
+    existing.authProvider !== nextProfile.authProvider ||
+    existing.authProviderUserId !== nextProfile.authProviderUserId
+  );
+}
+
+function requireSynchronizedProfile(profile) {
+  if (profile && Number.isFinite(Number(profile.id)) && String(profile.displayName || "").trim()) {
+    return profile;
+  }
+
+  throw new Error("Profile synchronization failed.");
+}
+
+function createService({ userProfilesRepository, workspaceProvisioningService = null } = {}) {
+  if (!userProfilesRepository || typeof userProfilesRepository.findByIdentity !== "function") {
+    throw new Error("authProfileSyncService requires userProfilesRepository.findByIdentity().");
+  }
+  if (typeof userProfilesRepository.upsert !== "function") {
+    throw new Error("authProfileSyncService requires userProfilesRepository.upsert().");
+  }
+
+  async function findByIdentity(identityLike, options = {}) {
+    const normalized = buildNormalizedIdentityKey(identityLike);
+    return userProfilesRepository.findByIdentity(
+      {
+        provider: normalized.authProvider,
+        providerUserId: normalized.authProviderUserId
+      },
+      options
+    );
+  }
+
+  async function upsertByIdentity(profileLike, options = {}) {
+    const normalized = buildNormalizedIdentityProfile(profileLike);
+    return userProfilesRepository.upsert(
+      {
+        authProvider: normalized.authProvider,
+        authProviderUserId: normalized.authProviderUserId,
+        email: normalized.email,
+        displayName: normalized.displayName,
+        username: normalized.username
+      },
+      options
+    );
+  }
+
+  async function syncIdentityProfile(profileLike, options = {}) {
+    const normalized = buildNormalizedIdentityProfile(profileLike);
+
+    const runSync = async (trx = null) => {
+      const operationOptions = trx ? { ...options, trx } : options;
+      const existing = await findByIdentity(normalized, operationOptions);
+      if (!profileNeedsUpdate(existing, normalized)) {
+        return requireSynchronizedProfile(existing);
+      }
+
+      const upserted = await upsertByIdentity(normalized, operationOptions);
+      const synchronizedProfile = requireSynchronizedProfile(upserted);
+      if (
+        !existing &&
+        workspaceProvisioningService &&
+        typeof workspaceProvisioningService.provisionWorkspaceForNewUser === "function"
+      ) {
+        await workspaceProvisioningService.provisionWorkspaceForNewUser(synchronizedProfile, operationOptions);
+      }
+
+      return synchronizedProfile;
+    };
+
+    if (options?.trx) {
+      return runSync(options.trx);
+    }
+    if (typeof userProfilesRepository.withTransaction === "function") {
+      return userProfilesRepository.withTransaction((trx) => runSync(trx));
+    }
+    return runSync();
+  }
+
+  return Object.freeze({
+    findByIdentity,
+    upsertByIdentity,
+    syncIdentityProfile
+  });
+}
+
+export { createService };