@jskit-ai/users-core 0.1.47 → 0.1.49

package/src/server/common/services/workspaceContextService.js

@@ -1,281 +0,0 @@
-import { createHash } from "node:crypto";
-import { AppError } from "@jskit-ai/kernel/server/runtime/errors";
-import {
-  TENANCY_MODE_NONE,
-  resolveTenancyProfile
-} from "../../../shared/tenancyProfile.js";
-import {
-  resolveRolePermissions
-} from "../../../shared/roles.js";
-import {
-  mapWorkspaceSummary
-} from "../formatters/workspaceFormatter.js";
-import { normalizeLowerText, normalizeText } from "@jskit-ai/kernel/shared/actions/textNormalization";
-import { normalizeRecordId } from "@jskit-ai/kernel/shared/support/normalize";
-import { authenticatedUserValidator } from "../validators/authenticatedUserValidator.js";
-
-function toSlugPart(value) {
-  const normalized = normalizeLowerText(value)
-    .replace(/[^a-z0-9]+/g, "-")
-    .replace(/^-+|-+$/g, "")
-    .slice(0, 48);
-  return normalized || "workspace";
-}
-
-function buildWorkspaceBaseSlug(user = {}) {
-  const username = normalizeLowerText(user.username);
-  if (username) {
-    return toSlugPart(username);
-  }
-  const displayName = normalizeText(user.displayName);
-  if (displayName) {
-    return toSlugPart(displayName);
-  }
-  const email = normalizeLowerText(user.email);
-  if (email.includes("@")) {
-    return toSlugPart(email.split("@")[0]);
-  }
-  return "workspace";
-}
-
-function buildWorkspaceName(user = {}) {
-  const displayName = normalizeText(user.displayName);
-  if (displayName) {
-    return `${displayName}'s Workspace`;
-  }
-  const email = normalizeLowerText(user.email);
-  if (email) {
-    return `${email}'s Workspace`;
-  }
-  return "Workspace";
-}
-
-function buildPermissionsFromMembership(membership, appConfig = {}) {
-  const roleSid = normalizeLowerText(membership?.roleSid || "member");
-  return resolveRolePermissions(roleSid, appConfig);
-}
-
-function hashInviteToken(token) {
-  return createHash("sha256").update(normalizeText(token)).digest("hex");
-}
-
-function normalizeWorkspaceCreationInput(payload = {}) {
-  const source = payload && typeof payload === "object" && !Array.isArray(payload) ? payload : {};
-  return {
-    name: normalizeText(source.name),
-    requestedSlug: normalizeLowerText(source.slug)
-  };
-}
-
-function createService({
-  appConfig = {},
-  workspacesRepository,
-  workspaceMembershipsRepository,
-  workspaceSettingsRepository
-} = {}) {
-  if (
-    !workspacesRepository ||
-    !workspaceMembershipsRepository ||
-    !workspaceSettingsRepository
-  ) {
-    throw new Error("workspaceService requires repositories.");
-  }
-
-  const resolvedTenancyProfile = resolveTenancyProfile(appConfig);
-  const resolvedTenancyMode = resolvedTenancyProfile.mode;
-  const workspacePolicy = resolvedTenancyProfile.workspace;
-  async function ensureUniqueWorkspaceSlug(baseSlug, options = {}) {
-    let suffix = 0;
-    while (suffix < 1000) {
-      suffix += 1;
-      const candidate = suffix === 1 ? toSlugPart(baseSlug) : `${toSlugPart(baseSlug)}-${suffix}`;
-      const existing = await workspacesRepository.findBySlug(candidate, options);
-      if (!existing) {
-        return candidate;
-      }
-    }
-    throw new AppError(500, "Unable to generate unique workspace slug.");
-  }
-
-  async function ensureWorkspaceSettingsForWorkspace(workspace, options = {}) {
-    return workspaceSettingsRepository.ensureForWorkspaceId(workspace?.id, {
-      ...options,
-      workspace
-    });
-  }
-
-  async function ensurePersonalWorkspaceForUser(user, options = {}) {
-    const normalizedUser = authenticatedUserValidator.normalize(user);
-    if (!normalizedUser) {
-      throw new AppError(400, "Invalid authenticated user payload.");
-    }
-
-    const existing = await workspacesRepository.findPersonalByOwnerUserId(normalizedUser.id, options);
-    if (existing) {
-      await workspaceMembershipsRepository.ensureOwnerMembership(existing.id, normalizedUser.id, options);
-      await ensureWorkspaceSettingsForWorkspace(existing, options);
-      return existing;
-    }
-
-    const slug = await ensureUniqueWorkspaceSlug(buildWorkspaceBaseSlug(normalizedUser), options);
-    const inserted = await workspacesRepository.insert(
-      {
-        slug,
-        name: buildWorkspaceName(normalizedUser),
-        ownerUserId: normalizedUser.id,
-        isPersonal: true,
-        avatarUrl: ""
-      },
-      options
-    );
-
-    await workspaceMembershipsRepository.ensureOwnerMembership(inserted.id, normalizedUser.id, options);
-    await ensureWorkspaceSettingsForWorkspace(inserted, options);
-    return inserted;
-  }
-
-  async function listWorkspacesForUser(user, options = {}) {
-    const normalizedUser = authenticatedUserValidator.normalize(user);
-    if (!normalizedUser) {
-      return [];
-    }
-
-    if (resolvedTenancyMode === TENANCY_MODE_NONE) {
-      return [];
-    }
-
-    const list = await workspacesRepository.listForUserId(normalizedUser.id, options);
-    const accessible = list
-      .map((entry) => mapWorkspaceSummary(entry, { roleSid: entry.roleSid, status: entry.membershipStatus }))
-      .filter((entry) => entry.isAccessible);
-
-    return accessible;
-  }
-
-  async function listWorkspacesForAuthenticatedUser(user, options = {}) {
-    return listWorkspacesForUser(user, options);
-  }
-
-  async function provisionWorkspaceForNewUser(user, options = {}) {
-    const normalizedUser = authenticatedUserValidator.normalize(user);
-    if (!normalizedUser) {
-      throw new AppError(400, "Invalid authenticated user payload.");
-    }
-
-    if (workspacePolicy.autoProvision !== true) {
-      return null;
-    }
-
-    return ensurePersonalWorkspaceForUser(normalizedUser, options);
-  }
-
-  async function createWorkspaceForAuthenticatedUser(user, payload = {}, options = {}) {
-    const normalizedUser = authenticatedUserValidator.normalize(user);
-    if (!normalizedUser) {
-      throw new AppError(401, "Authentication required.");
-    }
-
-    if (workspacePolicy.allowSelfCreate !== true) {
-      throw new AppError(403, "Workspace creation is disabled for this tenancy mode.");
-    }
-
-    const createInput = normalizeWorkspaceCreationInput(payload);
-    if (!createInput.name) {
-      throw new AppError(400, "Workspace name is required.");
-    }
-
-    const slugBase = createInput.requestedSlug || toSlugPart(createInput.name);
-    const slug = await ensureUniqueWorkspaceSlug(slugBase, options);
-    const inserted = await workspacesRepository.insert(
-      {
-        slug,
-        name: createInput.name,
-        ownerUserId: normalizedUser.id,
-        isPersonal: false,
-        avatarUrl: ""
-      },
-      options
-    );
-
-    await workspaceMembershipsRepository.ensureOwnerMembership(inserted.id, normalizedUser.id, options);
-    await ensureWorkspaceSettingsForWorkspace(inserted, options);
-    return inserted;
-  }
-
-  async function getWorkspaceForAuthenticatedUser(user, workspaceSlug, options = {}) {
-    const workspaceContext = await resolveWorkspaceContextForUserBySlug(user, workspaceSlug, options);
-    return workspaceContext.workspace;
-  }
-
-  async function updateWorkspaceForAuthenticatedUser(user, workspaceSlug, patch = {}, options = {}) {
-    const workspaceContext = await resolveWorkspaceContextForUserBySlug(user, workspaceSlug, options);
-    return workspacesRepository.updateById(workspaceContext.workspace.id, patch, options);
-  }
-
-  async function resolveWorkspaceContextForUserBySlug(user, workspaceSlug, options = {}) {
-    const normalizedUser = authenticatedUserValidator.normalize(user);
-    if (!normalizedUser) {
-      throw new AppError(401, "Authentication required.");
-    }
-
-    if (resolvedTenancyMode === TENANCY_MODE_NONE) {
-      throw new AppError(403, "Workspace context is disabled.");
-    }
-
-    const normalizedWorkspaceSlug = normalizeLowerText(workspaceSlug);
-    if (!normalizedWorkspaceSlug) {
-      throw new AppError(400, "workspaceSlug is required.");
-    }
-
-    const workspace = await workspacesRepository.findBySlug(normalizedWorkspaceSlug, options);
-
-    if (!workspace) {
-      throw new AppError(404, "Workspace not found.");
-    }
-
-    let membership = await workspaceMembershipsRepository.findByWorkspaceIdAndUserId(
-      workspace.id,
-      normalizedUser.id,
-      options
-    );
-    const actorOwnsWorkspace =
-      normalizeRecordId(workspace.ownerUserId, { fallback: null }) ===
-      normalizeRecordId(normalizedUser.id, { fallback: null });
-    const membershipIsActive = normalizeLowerText(membership?.status) === "active";
-
-    if (!membershipIsActive && actorOwnsWorkspace) {
-      membership = await workspaceMembershipsRepository.ensureOwnerMembership(workspace.id, normalizedUser.id, options);
-    }
-
-    if (!membership || normalizeLowerText(membership.status) !== "active") {
-      throw new AppError(403, "You do not have access to this workspace.");
-    }
-
-    const workspaceSettings = await ensureWorkspaceSettingsForWorkspace(workspace, options);
-    const permissions = buildPermissionsFromMembership(membership, appConfig);
-
-    return {
-      workspace,
-      membership,
-      permissions,
-      workspaceSettings
-    };
-  }
-
-  return Object.freeze({
-    toSlugPart,
-    buildWorkspaceName,
-    buildWorkspaceBaseSlug,
-    hashInviteToken,
-    ensurePersonalWorkspaceForUser,
-    provisionWorkspaceForNewUser,
-    createWorkspaceForAuthenticatedUser,
-    getWorkspaceForAuthenticatedUser,
-    updateWorkspaceForAuthenticatedUser,
-    listWorkspacesForUser,
-    listWorkspacesForAuthenticatedUser,
-    resolveWorkspaceContextForUserBySlug
-  });
-}
-
-export { createService };

package/src/server/common/support/workspaceRoutePaths.js

@@ -1,17 +0,0 @@
-import {
-  USERS_WORKSPACE_API_BASE_PATH,
-  normalizeApiRelativePath
-} from "../../../shared/support/usersApiPaths.js";
-
-const USERS_WORKSPACE_ROUTE_BASE_PATH = USERS_WORKSPACE_API_BASE_PATH;
-
-function resolveWorkspaceRoutePath(relativePath = "/") {
-  const normalizedRelativePath = normalizeApiRelativePath(relativePath);
-  if (normalizedRelativePath === "/") {
-    return USERS_WORKSPACE_ROUTE_BASE_PATH;
-  }
-
-  return `${USERS_WORKSPACE_ROUTE_BASE_PATH}${normalizedRelativePath}`;
-}
-
-export { USERS_WORKSPACE_ROUTE_BASE_PATH, resolveWorkspaceRoutePath };

package/src/server/common/validators/routeParamsValidator.js

@@ -1,62 +0,0 @@
-import { Type } from "@fastify/type-provider-typebox";
-import { normalizeObjectInput } from "@jskit-ai/kernel/shared/validators/inputNormalization";
-import { normalizeText } from "@jskit-ai/kernel/shared/support/normalize";
-
-function normalizeRouteParams(input = {}) {
-  const source = normalizeObjectInput(input);
-  const normalized = {};
-
-  if (Object.hasOwn(source, "workspaceSlug")) {
-    normalized.workspaceSlug = normalizeText(source.workspaceSlug).toLowerCase();
-  }
-
-  if (Object.hasOwn(source, "memberUserId")) {
-    normalized.memberUserId = normalizeText(source.memberUserId);
-  }
-
-  if (Object.hasOwn(source, "inviteId")) {
-    normalized.inviteId = normalizeText(source.inviteId);
-  }
-
-  if (Object.hasOwn(source, "provider")) {
-    normalized.provider = normalizeText(source.provider);
-  }
-
-  return normalized;
-}
-
-function normalizeWorkspaceSlugParams(input = {}) {
-  const source = normalizeObjectInput(input);
-  const normalized = {};
-
-  if (Object.hasOwn(source, "workspaceSlug")) {
-    normalized.workspaceSlug = normalizeText(source.workspaceSlug).toLowerCase();
-  }
-
-  return normalized;
-}
-
-const routeParamsValidator = Object.freeze({
-  schema: Type.Object(
-    {
-      workspaceSlug: Type.Optional(Type.String({ minLength: 1 })),
-      memberUserId: Type.Optional(Type.String({ minLength: 1 })),
-      inviteId: Type.Optional(Type.String({ minLength: 1 })),
-      provider: Type.Optional(Type.String({ minLength: 1 }))
-    },
-    { additionalProperties: false }
-  ),
-  normalize: normalizeRouteParams
-});
-
-const workspaceSlugParamsValidator = Object.freeze({
-  schema: Type.Object(
-    {
-      workspaceSlug: Type.Optional(Type.String({ minLength: 1 }))
-    },
-    { additionalProperties: false }
-  ),
-  normalize: normalizeWorkspaceSlugParams
-});
-
-export { routeParamsValidator, workspaceSlugParamsValidator };

package/src/server/consoleSettings/bootConsoleSettingsRoutes.js

@@ -1,63 +0,0 @@
-import { withStandardErrorResponses } from "@jskit-ai/http-runtime/shared/validators/errorResponses";
-import { consoleSettingsResource } from "../../shared/resources/consoleSettingsResource.js";
-
-function bootConsoleSettingsRoutes(app) {
-  if (!app || typeof app.make !== "function") {
-    throw new Error("bootConsoleSettingsRoutes requires application make().");
-  }
-
-  const router = app.make("jskit.http.router");
-
-  router.register(
-    "GET",
-    "/api/console/settings",
-    {
-      auth: "required",
-      surface: "console",
-      meta: {
-        tags: ["console", "settings"],
-        summary: "Get console settings"
-      },
-      responseValidators: withStandardErrorResponses({
-        200: consoleSettingsResource.operations.view.outputValidator
-      })
-    },
-    async function (request, reply) {
-      const response = await request.executeAction({
-        actionId: "console.settings.read"
-      });
-      reply.code(200).send(response);
-    }
-  );
-
-  router.register(
-    "PATCH",
-    "/api/console/settings",
-    {
-      auth: "required",
-      surface: "console",
-      meta: {
-        tags: ["console", "settings"],
-        summary: "Update console settings"
-      },
-      bodyValidator: consoleSettingsResource.operations.replace.bodyValidator,
-      responseValidators: withStandardErrorResponses(
-        {
-          200: consoleSettingsResource.operations.view.outputValidator
-        },
-        { includeValidation400: true }
-      )
-    },
-    async function (request, reply) {
-      const response = await request.executeAction({
-        actionId: "console.settings.update",
-        input: {
-          payload: request.input.body
-        }
-      });
-      reply.code(200).send(response);
-    }
-  );
-}
-
-export { bootConsoleSettingsRoutes };

package/src/server/consoleSettings/consoleService.js

@@ -1,36 +0,0 @@
-import { AppError } from "@jskit-ai/kernel/server/runtime/errors";
-import { normalizeRecordId } from "@jskit-ai/kernel/shared/support/normalize";
-
-function createService({ consoleSettingsRepository } = {}) {
-  if (!consoleSettingsRepository || typeof consoleSettingsRepository.ensureOwnerUserId !== "function") {
-    throw new Error("consoleService requires consoleSettingsRepository.ensureOwnerUserId().");
-  }
-
-  async function ensureInitialConsoleMember(userId, options = {}) {
-    const normalizedUserId = normalizeRecordId(userId, { fallback: null });
-    if (!normalizedUserId) {
-      throw new AppError(400, "Invalid console user.");
-    }
-
-    return consoleSettingsRepository.ensureOwnerUserId(normalizedUserId, options);
-  }
-
-  async function requireConsoleOwner(context = {}, options = {}) {
-    const actorUserId = normalizeRecordId(context?.actor?.id, { fallback: null });
-    if (!actorUserId) {
-      throw new AppError(401, "Authentication required.");
-    }
-
-    const ownerUserId = await ensureInitialConsoleMember(actorUserId, options);
-    if (actorUserId !== ownerUserId) {
-      throw new AppError(403, "Forbidden.");
-    }
-  }
-
-  return Object.freeze({
-    ensureInitialConsoleMember,
-    requireConsoleOwner
-  });
-}
-
-export { createService };

package/src/server/consoleSettings/consoleSettingsActions.js

@@ -1,55 +0,0 @@
-import {
-  EMPTY_INPUT_VALIDATOR
-} from "@jskit-ai/kernel/shared/actions/actionContributorHelpers";
-import { consoleSettingsResource } from "../../shared/resources/consoleSettingsResource.js";
-
-const consoleSettingsActions = Object.freeze([
-  {
-    id: "console.settings.read",
-    version: 1,
-    kind: "query",
-    channels: ["api", "automation", "internal"],
-    surfacesFrom: "console",
-    permission: {
-      require: "authenticated"
-    },
-    inputValidator: EMPTY_INPUT_VALIDATOR,
-    outputValidator: consoleSettingsResource.operations.view.outputValidator,
-    idempotency: "none",
-    audit: {
-      actionName: "console.settings.read"
-    },
-    observability: {},
-    async execute(_input, context, deps) {
-      return deps.consoleSettingsService.getSettings({
-        context
-      });
-    }
-  },
-  {
-    id: "console.settings.update",
-    version: 1,
-    kind: "command",
-    channels: ["api", "automation", "internal"],
-    surfacesFrom: "console",
-    permission: {
-      require: "authenticated"
-    },
-    inputValidator: {
-      payload: consoleSettingsResource.operations.replace.bodyValidator
-    },
-    outputValidator: consoleSettingsResource.operations.replace.outputValidator,
-    idempotency: "optional",
-    audit: {
-      actionName: "console.settings.update"
-    },
-    observability: {},
-    async execute(input, context, deps) {
-      return deps.consoleSettingsService.updateSettings(input.payload, {
-        context
-      });
-    }
-  }
-]);
-
-export { consoleSettingsActions };

package/src/server/consoleSettings/consoleSettingsRepository.js

@@ -1,115 +0,0 @@
-import {
-  normalizeDbRecordId,
-  normalizeRecordId,
-  nowDb,
-  toIsoString,
-  createWithTransaction
-} from "../common/repositories/repositoryUtils.js";
-import { normalizeObjectInput } from "@jskit-ai/kernel/shared/validators/inputNormalization";
-import { consoleSettingsFields } from "../../shared/resources/consoleSettingsFields.js";
-
-function mapSettings(row = {}) {
-  const settings = {};
-  for (const field of consoleSettingsFields) {
-    const rawValue = Object.hasOwn(row, field.dbColumn)
-      ? row[field.dbColumn]
-      : field.resolveDefault({
-          settings: row
-        });
-    settings[field.key] = field.normalizeOutput(rawValue, {
-      settings: row
-    });
-  }
-  return settings;
-}
-
-function mapSingletonRow(row) {
-  if (!row) {
-    throw new Error("console_settings singleton row is missing.");
-  }
-
-  const ownerUserId = normalizeDbRecordId(row.owner_user_id, { fallback: null });
-  return {
-    id: normalizeDbRecordId(row.id, { fallback: "1" }),
-    ownerUserId,
-    settings: mapSettings(row),
-    createdAt: toIsoString(row.created_at),
-    updatedAt: toIsoString(row.updated_at)
-  };
-}
-
-function createRepository(knex) {
-  if (typeof knex !== "function") {
-    throw new TypeError("consoleSettingsRepository requires knex.");
-  }
-  const withTransaction = createWithTransaction(knex);
-
-  async function readSingleton(client) {
-    return client("console_settings").where({ id: 1 }).first();
-  }
-
-  async function getSingleton(options = {}) {
-    const client = options?.trx || knex;
-    return mapSingletonRow(await readSingleton(client));
-  }
-
-  async function ensureOwnerUserId(userId, options = {}) {
-    const client = options?.trx || knex;
-    const candidateOwnerUserId = normalizeRecordId(userId, { fallback: null });
-    if (!candidateOwnerUserId) {
-      throw new TypeError("consoleSettingsRepository.ensureOwnerUserId requires a positive user id.");
-    }
-
-    const current = mapSingletonRow(await readSingleton(client));
-    if (current.ownerUserId) {
-      return current.ownerUserId;
-    }
-
-    await client("console_settings")
-      .where({ id: 1 })
-      .whereNull("owner_user_id")
-      .update({
-        owner_user_id: candidateOwnerUserId,
-        updated_at: nowDb()
-      });
-
-    const reloaded = mapSingletonRow(await readSingleton(client));
-    if (!reloaded.ownerUserId) {
-      throw new Error("console_settings owner_user_id could not be resolved.");
-    }
-
-    return reloaded.ownerUserId;
-  }
-
-  async function updateSingleton(patch, options = {}) {
-    const client = options?.trx || knex;
-    const source = normalizeObjectInput(patch);
-    const dbPatch = {
-      updated_at: nowDb()
-    };
-
-    for (const field of consoleSettingsFields) {
-      if (!Object.hasOwn(source, field.key)) {
-        continue;
-      }
-      dbPatch[field.dbColumn] = field.normalizeInput(source[field.key], {
-        payload: source
-      });
-    }
-
-    await client("console_settings")
-      .where({ id: 1 })
-      .update(dbPatch);
-
-    return getSingleton({ trx: client });
-  }
-
-  return Object.freeze({
-    withTransaction,
-    getSingleton,
-    ensureOwnerUserId,
-    updateSingleton
-  });
-}
-
-export { createRepository };

package/src/server/consoleSettings/consoleSettingsService.js

@@ -1,40 +0,0 @@
-function buildSettingsResponse(record = {}) {
-  return {
-    settings: {
-      ...(record?.settings && typeof record.settings === "object" ? record.settings : {})
-    }
-  };
-}
-
-function createService({ consoleSettingsRepository, consoleService } = {}) {
-  if (!consoleSettingsRepository || typeof consoleSettingsRepository.getSingleton !== "function") {
-    throw new Error("consoleSettingsService requires consoleSettingsRepository.getSingleton().");
-  }
-  if (!consoleSettingsRepository || typeof consoleSettingsRepository.updateSingleton !== "function") {
-    throw new Error("consoleSettingsService requires consoleSettingsRepository.updateSingleton().");
-  }
-  if (!consoleService || typeof consoleService.requireConsoleOwner !== "function") {
-    throw new Error("consoleSettingsService requires consoleService.requireConsoleOwner().");
-  }
-
-  async function getSettings(options = {}) {
-    await consoleService.requireConsoleOwner(options?.context, options);
-    const settings = await consoleSettingsRepository.getSingleton();
-
-    return buildSettingsResponse(settings);
-  }
-
-  async function updateSettings(input = {}, options = {}) {
-    await consoleService.requireConsoleOwner(options?.context, options);
-    const settings = await consoleSettingsRepository.updateSingleton(input);
-
-    return buildSettingsResponse(settings);
-  }
-
-  return Object.freeze({
-    getSettings,
-    updateSettings
-  });
-}
-
-export { createService };