@jskit-ai/users-core 0.1.47 → 0.1.49

package/src/shared/support/workspacePathModel.js

@@ -1,145 +0,0 @@
-import {
-  deriveSurfaceRouteBaseFromPagesRoot,
-  normalizeSurfaceId
-} from "@jskit-ai/kernel/shared/surface/registry";
-import { normalizePathname } from "@jskit-ai/kernel/shared/surface/paths";
-
-function normalizeWorkspaceBasePath(workspaceBasePath = "/w") {
-  return normalizePathname(workspaceBasePath || "/w");
-}
-
-function normalizeSurfaceSegment(segmentLike = "") {
-  const normalizedPath = normalizePathname(segmentLike || "/");
-  if (normalizedPath === "/") {
-    return "";
-  }
-  return normalizedPath.replace(/^\/+/, "");
-}
-
-function normalizeSurfaceRouteBase(routeBaseLike = "") {
-  const rawRouteBase = String(routeBaseLike || "").trim();
-  if (!rawRouteBase || rawRouteBase === "/") {
-    return "/";
-  }
-  const withoutLeadingSlash = rawRouteBase.startsWith("/") ? rawRouteBase.slice(1) : rawRouteBase;
-  return deriveSurfaceRouteBaseFromPagesRoot(withoutLeadingSlash || "");
-}
-
-function normalizeSurfaceSegmentFromRouteBase(routeBase, { workspaceBasePath = "/w" } = {}) {
-  const normalizedRouteBase = normalizeSurfaceRouteBase(routeBase);
-  if (normalizedRouteBase === "/") {
-    return "";
-  }
-
-  const normalizedWorkspaceBasePath = normalizeWorkspaceBasePath(workspaceBasePath);
-  const workspacePlaceholderRoot = `${normalizedWorkspaceBasePath}/:workspaceSlug`;
-  if (normalizedRouteBase === workspacePlaceholderRoot) {
-    return "";
-  }
-  if (normalizedRouteBase.startsWith(`${workspacePlaceholderRoot}/`)) {
-    const remainder = normalizedRouteBase.slice(`${workspacePlaceholderRoot}/`.length);
-    const firstSegment = remainder.split("/").filter(Boolean)[0] || "";
-    return firstSegment.startsWith(":") ? "" : firstSegment;
-  }
-
-  const firstSegment = normalizedRouteBase.replace(/^\/+/, "").split("/").filter(Boolean)[0] || "";
-  if (!firstSegment || firstSegment.startsWith(":")) {
-    return "";
-  }
-  return firstSegment;
-}
-
-function parseWorkspacePathname(pathname = "", { workspaceBasePath = "/w" } = {}) {
-  const normalizedPathname = normalizePathname(pathname);
-  const normalizedWorkspaceBasePath = normalizeWorkspaceBasePath(workspaceBasePath);
-  if (!normalizedPathname.startsWith(`${normalizedWorkspaceBasePath}/`)) {
-    return null;
-  }
-
-  const trailingPath = normalizedPathname.slice(`${normalizedWorkspaceBasePath}/`.length);
-  const segments = trailingPath.split("/").filter(Boolean);
-  if (segments.length < 1) {
-    return null;
-  }
-
-  const [workspaceSlug, ...suffixSegments] = segments;
-  return {
-    workspaceSlug: String(workspaceSlug || "").trim(),
-    suffixSegments
-  };
-}
-
-function resolveDefaultWorkspaceSurfaceId({
-  defaultSurfaceId = "",
-  workspaceSurfaceIds = [],
-  surfaceRequiresWorkspace = null
-} = {}) {
-  const normalizedDefaultSurfaceId = normalizeSurfaceId(defaultSurfaceId);
-  if (
-    normalizedDefaultSurfaceId &&
-    typeof surfaceRequiresWorkspace === "function" &&
-    surfaceRequiresWorkspace(normalizedDefaultSurfaceId)
-  ) {
-    return normalizedDefaultSurfaceId;
-  }
-
-  for (const workspaceSurfaceId of Array.isArray(workspaceSurfaceIds) ? workspaceSurfaceIds : []) {
-    const normalizedWorkspaceSurfaceId = normalizeSurfaceId(workspaceSurfaceId);
-    if (normalizedWorkspaceSurfaceId) {
-      return normalizedWorkspaceSurfaceId;
-    }
-  }
-
-  return normalizedDefaultSurfaceId;
-}
-
-function resolveWorkspaceSurfaceIdFromSuffixSegments({
-  suffixSegments = [],
-  defaultWorkspaceSurfaceId = "",
-  workspaceSurfaces = []
-} = {}) {
-  const normalizedDefaultWorkspaceSurfaceId = normalizeSurfaceId(defaultWorkspaceSurfaceId);
-  if (!Array.isArray(suffixSegments) || suffixSegments.length < 1) {
-    return normalizedDefaultWorkspaceSurfaceId;
-  }
-
-  const suffixPath = suffixSegments.join("/");
-  const candidates = (Array.isArray(workspaceSurfaces) ? workspaceSurfaces : [])
-    .map((entry) => {
-      const surfaceId = normalizeSurfaceId(entry?.surfaceId || entry?.id);
-      if (!surfaceId || surfaceId === normalizedDefaultWorkspaceSurfaceId) {
-        return null;
-      }
-
-      const segment =
-        normalizeSurfaceSegment(entry?.segment) ||
-        normalizeSurfaceSegmentFromRouteBase(entry?.routeBase || entry?.pagesRoot) ||
-        surfaceId;
-      if (!segment) {
-        return null;
-      }
-
-      return {
-        surfaceId,
-        segment
-      };
-    })
-    .filter(Boolean)
-    .sort((left, right) => right.segment.length - left.segment.length);
-
-  for (const candidate of candidates) {
-    if (suffixPath === candidate.segment || suffixPath.startsWith(`${candidate.segment}/`)) {
-      return candidate.surfaceId;
-    }
-  }
-
-  return normalizedDefaultWorkspaceSurfaceId;
-}
-
-export {
-  normalizePathname,
-  normalizeSurfaceSegmentFromRouteBase,
-  parseWorkspacePathname,
-  resolveDefaultWorkspaceSurfaceId,
-  resolveWorkspaceSurfaceIdFromSuffixSegments
-};

package/src/shared/tenancyMode.js

@@ -1,35 +0,0 @@
-const TENANCY_MODE_NONE = "none";
-const TENANCY_MODE_PERSONAL = "personal";
-const TENANCY_MODE_WORKSPACES = "workspaces";
-
-const TENANCY_MODES = Object.freeze([
-  TENANCY_MODE_NONE,
-  TENANCY_MODE_PERSONAL,
-  TENANCY_MODE_WORKSPACES
-]);
-
-function normalizeTenancyMode(value = "") {
-  const normalized = String(value || "")
-    .trim()
-    .toLowerCase();
-  if (!TENANCY_MODES.includes(normalized)) {
-    return TENANCY_MODE_NONE;
-  }
-  return normalized;
-}
-
-function isTenancyMode(value = "") {
-  const normalized = String(value || "")
-    .trim()
-    .toLowerCase();
-  return TENANCY_MODES.includes(normalized);
-}
-
-export {
-  TENANCY_MODE_NONE,
-  TENANCY_MODE_PERSONAL,
-  TENANCY_MODE_WORKSPACES,
-  TENANCY_MODES,
-  normalizeTenancyMode,
-  isTenancyMode
-};

package/src/shared/tenancyProfile.js

@@ -1,73 +0,0 @@
-import {
-  TENANCY_MODE_NONE,
-  TENANCY_MODE_PERSONAL,
-  TENANCY_MODE_WORKSPACES,
-  normalizeTenancyMode
-} from "./tenancyMode.js";
-import { isRecord } from "@jskit-ai/kernel/shared/support/normalize";
-
-const WORKSPACE_SLUG_POLICY_NONE = "none";
-const WORKSPACE_SLUG_POLICY_IMMUTABLE_USERNAME = "immutable_username";
-const WORKSPACE_SLUG_POLICY_USER_SELECTED = "user_selected";
-
-function resolveWorkspacePolicyOverrides(appConfig = {}) {
-  const tenancyPolicy = isRecord(appConfig?.tenancyPolicy) ? appConfig.tenancyPolicy : {};
-  const workspacePolicy = isRecord(tenancyPolicy.workspace) ? tenancyPolicy.workspace : {};
-
-  return Object.freeze({
-    allowSelfCreate: typeof workspacePolicy.allowSelfCreate === "boolean" ? workspacePolicy.allowSelfCreate : null
-  });
-}
-
-function resolveWorkspacePolicy(mode, overrides = {}) {
-  if (mode === TENANCY_MODE_NONE) {
-    return Object.freeze({
-      enabled: false,
-      autoProvision: false,
-      allowSelfCreate: false,
-      slugPolicy: WORKSPACE_SLUG_POLICY_NONE
-    });
-  }
-
-  if (mode === TENANCY_MODE_PERSONAL) {
-    return Object.freeze({
-      enabled: true,
-      autoProvision: true,
-      allowSelfCreate: false,
-      slugPolicy: WORKSPACE_SLUG_POLICY_IMMUTABLE_USERNAME
-    });
-  }
-
-  return Object.freeze({
-    enabled: true,
-    autoProvision: false,
-    allowSelfCreate: overrides.allowSelfCreate === true,
-    slugPolicy: WORKSPACE_SLUG_POLICY_USER_SELECTED
-  });
-}
-
-function resolveTenancyProfile(appConfig = {}) {
-  const mode = normalizeTenancyMode(appConfig?.tenancyMode);
-  const workspacePolicyOverrides = resolveWorkspacePolicyOverrides(appConfig);
-
-  return Object.freeze({
-    mode,
-    workspace: resolveWorkspacePolicy(mode, workspacePolicyOverrides)
-  });
-}
-
-function isWorkspacesTenancyMode(value = "") {
-  return normalizeTenancyMode(value) === TENANCY_MODE_WORKSPACES;
-}
-
-export {
-  TENANCY_MODE_NONE,
-  TENANCY_MODE_PERSONAL,
-  TENANCY_MODE_WORKSPACES,
-  normalizeTenancyMode,
-  WORKSPACE_SLUG_POLICY_NONE,
-  WORKSPACE_SLUG_POLICY_IMMUTABLE_USERNAME,
-  WORKSPACE_SLUG_POLICY_USER_SELECTED,
-  resolveTenancyProfile,
-  isWorkspacesTenancyMode
-};

package/templates/migrations/users_core_console_owner.cjs

@@ -1,37 +0,0 @@
-/**
- * @param {import('knex').Knex} knex
- */
-exports.up = async function up(knex) {
-  const hasConsoleSettingsTable = await knex.schema.hasTable("console_settings");
-  if (!hasConsoleSettingsTable) {
-    return;
-  }
-
-  const hasOwnerUserId = await knex.schema.hasColumn("console_settings", "owner_user_id");
-  if (hasOwnerUserId) {
-    return;
-  }
-
-  await knex.schema.alterTable("console_settings", (table) => {
-    table.bigInteger("owner_user_id").unsigned().nullable();
-  });
-};
-
-/**
- * @param {import('knex').Knex} knex
- */
-exports.down = async function down(knex) {
-  const hasConsoleSettingsTable = await knex.schema.hasTable("console_settings");
-  if (!hasConsoleSettingsTable) {
-    return;
-  }
-
-  const hasOwnerUserId = await knex.schema.hasColumn("console_settings", "owner_user_id");
-  if (!hasOwnerUserId) {
-    return;
-  }
-
-  await knex.schema.alterTable("console_settings", (table) => {
-    table.dropColumn("owner_user_id");
-  });
-};

package/templates/packages/main/src/shared/resources/consoleSettingsFields.js

@@ -1,11 +0,0 @@
-// @jskit-contract users.settings-fields.console.v1
-// Append-only settings field registrations for console settings.
-
-import {
-  defineField,
-  resetConsoleSettingsFields
-} from "@jskit-ai/users-core/shared/resources/consoleSettingsFields";
-
-resetConsoleSettingsFields();
-
-void defineField;

package/test/consoleService.test.js

@@ -1,57 +0,0 @@
-import assert from "node:assert/strict";
-import test from "node:test";
-import { createService } from "../src/server/consoleSettings/consoleService.js";
-
-function createFixture(initialOwnerUserId = null) {
-  const state = {
-    ownerUserId: initialOwnerUserId
-  };
-
-  const service = createService({
-    consoleSettingsRepository: {
-      async ensureOwnerUserId(userId) {
-        const normalizedUserId = String(userId || "");
-        if (!state.ownerUserId) {
-          state.ownerUserId = normalizedUserId;
-        }
-        return state.ownerUserId;
-      }
-    }
-  });
-
-  return { service, state };
-}
-
-test("consoleService seeds the first authenticated user as console owner", async () => {
-  const { service, state } = createFixture();
-
-  const firstOwner = await service.ensureInitialConsoleMember("7");
-  const secondAttempt = await service.ensureInitialConsoleMember("9");
-
-  assert.equal(firstOwner, "7");
-  assert.equal(secondAttempt, "7");
-  assert.equal(state.ownerUserId, "7");
-});
-
-test("consoleService.requireConsoleOwner denies authenticated non-owners", async () => {
-  const { service } = createFixture("7");
-
-  await assert.rejects(
-    () =>
-      service.requireConsoleOwner({
-        actor: {
-          id: "9"
-        }
-      }),
-    (error) => error?.status === 403
-  );
-});
-
-test("consoleService.requireConsoleOwner requires authentication", async () => {
-  const { service } = createFixture("7");
-
-  await assert.rejects(
-    () => service.requireConsoleOwner({}),
-    (error) => error?.status === 401
-  );
-});

package/test/consoleSettingsService.test.js

@@ -1,86 +0,0 @@
-import assert from "node:assert/strict";
-import test from "node:test";
-import { createService } from "../src/server/consoleSettings/consoleSettingsService.js";
-
-function createFixture({ deny = false } = {}) {
-  const calls = {
-    requireConsoleOwner: [],
-    updateSingleton: []
-  };
-
-  const service = createService({
-    consoleService: {
-      async requireConsoleOwner(context) {
-        calls.requireConsoleOwner.push(context || null);
-        if (deny) {
-          const error = new Error("Forbidden.");
-          error.status = 403;
-          throw error;
-        }
-      }
-    },
-    consoleSettingsRepository: {
-      async getSingleton() {
-        return {};
-      },
-      async updateSingleton(patch = {}) {
-        calls.updateSingleton.push({ ...patch });
-        return {};
-      }
-    }
-  });
-
-  return { service, calls };
-}
-
-test("consoleSettingsService.getSettings requires owner access and returns normalized payload", async () => {
-  const { service, calls } = createFixture();
-  const context = {
-    actor: {
-      id: 7
-    }
-  };
-
-  const response = await service.getSettings({ context });
-
-  assert.deepEqual(calls.requireConsoleOwner, [context]);
-  assert.deepEqual(response, {
-    settings: {}
-  });
-});
-
-test("consoleSettingsService.updateSettings requires owner access before writing", async () => {
-  const { service, calls } = createFixture();
-  const context = {
-    actor: {
-      id: 7
-    }
-  };
-
-  const response = await service.updateSettings(
-    {},
-    { context }
-  );
-
-  assert.deepEqual(calls.requireConsoleOwner, [context]);
-  assert.deepEqual(calls.updateSingleton, [{}]);
-  assert.deepEqual(response, {
-    settings: {}
-  });
-});
-
-test("consoleSettingsService denies access when owner validation fails", async () => {
-  const { service } = createFixture({ deny: true });
-
-  await assert.rejects(
-    () =>
-      service.getSettings({
-        context: {
-          actor: {
-            id: 9
-          }
-        }
-      }),
-    (error) => error?.status === 403
-  );
-});

package/test/registerWorkspaceDirectory.test.js

@@ -1,31 +0,0 @@
-import assert from "node:assert/strict";
-import test from "node:test";
-import { registerWorkspaceDirectory } from "../src/server/workspaceDirectory/registerWorkspaceDirectory.js";
-
-function createAppDouble() {
-  const actionBatches = [];
-
-  return {
-    actionBatches,
-    singleton() {},
-    actions(entries) {
-      actionBatches.push(Array.isArray(entries) ? entries : [entries]);
-    }
-  };
-}
-
-function listActionIds(app) {
-  return app.actionBatches.flat().map((entry) => String(entry?.id || ""));
-}
-
-test("registerWorkspaceDirectory registers workspace directory actions without resolving runtime tenancy tokens", () => {
-  const app = createAppDouble();
-
-  registerWorkspaceDirectory(app);
-  assert.deepEqual(listActionIds(app), [
-    "workspace.workspaces.create",
-    "workspace.workspaces.list",
-    "workspace.workspaces.read",
-    "workspace.workspaces.update"
-  ]);
-});

package/test/registerWorkspaceSettings.test.js

@@ -1,40 +0,0 @@
-import assert from "node:assert/strict";
-import test from "node:test";
-import { registerWorkspaceSettings } from "../src/server/workspaceSettings/registerWorkspaceSettings.js";
-
-test("registerWorkspaceSettings registers workspace settings service realtime event metadata", () => {
-  const singletonBindings = new Map();
-  const actionCalls = [];
-  const serviceCalls = [];
-
-  const app = {
-    singleton(token, factory) {
-      singletonBindings.set(token, factory);
-      return this;
-    },
-    service(token, factory, metadata) {
-      serviceCalls.push({
-        token,
-        factory,
-        metadata
-      });
-      return this;
-    },
-    actions(definitions) {
-      actionCalls.push(definitions);
-      return this;
-    }
-  };
-
-  registerWorkspaceSettings(app);
-
-  assert.equal(singletonBindings.has("workspaceSettingsRepository"), true);
-  assert.equal(serviceCalls.length, 1);
-  assert.equal(serviceCalls[0].token, "users.workspace.settings.service");
-  assert.equal(typeof serviceCalls[0].factory, "function");
-  assert.equal(serviceCalls[0].metadata?.events?.updateWorkspaceSettings?.[0]?.realtime?.event, "workspace.settings.changed");
-  assert.equal(serviceCalls[0].metadata?.events?.updateWorkspaceSettings?.[0]?.realtime?.audience, "event_scope");
-  assert.equal(serviceCalls[0].metadata?.events?.updateWorkspaceSettings?.[1]?.realtime?.event, "users.bootstrap.changed");
-  assert.equal(serviceCalls[0].metadata?.events?.updateWorkspaceSettings?.[1]?.realtime?.audience, "event_scope");
-  assert.equal(actionCalls.length, 1);
-});

package/test/roles.test.js

@@ -1,159 +0,0 @@
-import assert from "node:assert/strict";
-import test from "node:test";
-import {
-  createWorkspaceRoleCatalog,
-  cloneWorkspaceRoleCatalog,
-  resolveRolePermissions,
-  hasPermission
-} from "../src/shared/roles.js";
-
-test("createWorkspaceRoleCatalog resolves role descriptors only from appConfig.roleCatalog", () => {
-  const emptyCatalog = createWorkspaceRoleCatalog();
-  assert.deepEqual(emptyCatalog.roles, []);
-  assert.deepEqual(emptyCatalog.assignableRoleIds, []);
-  assert.equal(emptyCatalog.defaultInviteRole, "");
-  assert.equal(emptyCatalog.collaborationEnabled, false);
-
-  const appConfig = {
-    roleCatalog: {
-      workspace: {
-        defaultInviteRole: "editor"
-      },
-      roles: {
-        owner: {
-          assignable: false,
-          permissions: ["workspace.settings.update"]
-        },
-        editor: {
-          assignable: true,
-          permissions: ["crud.contacts.*"]
-        }
-      }
-    }
-  };
-  const roleCatalog = createWorkspaceRoleCatalog(appConfig);
-  const editorRole = roleCatalog.roles.find((role) => role.id === "editor");
-
-  assert.equal(roleCatalog.defaultInviteRole, "editor");
-  assert.equal(roleCatalog.assignableRoleIds.includes("editor"), true);
-  assert.deepEqual(resolveRolePermissions("owner", appConfig), ["workspace.settings.update"]);
-  assert.equal(hasPermission(editorRole?.permissions, "crud.contacts.update"), true);
-});
-
-test("createWorkspaceRoleCatalog resolves inherited role permissions with parent permissions first", () => {
-  const appConfig = {
-    roleCatalog: {
-      workspace: {
-        defaultInviteRole: "member"
-      },
-      roles: {
-        member: {
-          assignable: true,
-          permissions: [
-            "workspace.settings.view",
-            "crud.contacts.list"
-          ]
-        },
-        admin: {
-          assignable: true,
-          inherits: "member",
-          permissions: [
-            "workspace.settings.update",
-            "workspace.members.manage",
-            "workspace.settings.view"
-          ]
-        }
-      }
-    }
-  };
-
-  const roleCatalog = createWorkspaceRoleCatalog(appConfig);
-  const adminRole = roleCatalog.roles.find((role) => role.id === "admin");
-
-  assert.deepEqual(adminRole, {
-    id: "admin",
-    assignable: true,
-    permissions: [
-      "workspace.settings.view",
-      "crud.contacts.list",
-      "workspace.settings.update",
-      "workspace.members.manage"
-    ]
-  });
-});
-
-test("createWorkspaceRoleCatalog rejects unknown inherited roles", () => {
-  assert.throws(
-    () =>
-      createWorkspaceRoleCatalog({
-        roleCatalog: {
-          roles: {
-            admin: {
-              assignable: true,
-              inherits: "member",
-              permissions: []
-            }
-          }
-        }
-      }),
-    /inherits unknown role "member"/
-  );
-});
-
-test("createWorkspaceRoleCatalog rejects circular inherited roles", () => {
-  assert.throws(
-    () =>
-      createWorkspaceRoleCatalog({
-        roleCatalog: {
-          roles: {
-            member: {
-              assignable: true,
-              inherits: "admin",
-              permissions: []
-            },
-            admin: {
-              assignable: true,
-              inherits: "member",
-              permissions: []
-            }
-          }
-        }
-      }),
-    /circular inheritance/
-  );
-});
-
-test("cloneWorkspaceRoleCatalog normalizes role ids and returns detached arrays", () => {
-  const source = {
-    collaborationEnabled: true,
-    defaultInviteRole: "member",
-    roles: [
-      {
-        id: " MEMBER ",
-        assignable: true,
-        permissions: ["workspace.members.view"]
-      }
-    ],
-    assignableRoleIds: ["member"]
-  };
-
-  const cloned = cloneWorkspaceRoleCatalog(source);
-  assert.deepEqual(cloned, {
-    collaborationEnabled: true,
-    defaultInviteRole: "member",
-    roles: [
-      {
-        id: "member",
-        assignable: true,
-        permissions: ["workspace.members.view"]
-      }
-    ],
-    assignableRoleIds: ["member"]
-  });
-
-  cloned.roles[0].permissions.push("workspace.members.manage");
-  cloned.assignableRoleIds.push("admin");
-
-  assert.deepEqual(source.roles[0].permissions, ["workspace.members.view"]);
-  assert.deepEqual(source.assignableRoleIds, ["member"]);
-});