@jskit-ai/users-core 0.1.47 → 0.1.49

package/src/server/workspaceMembers/workspaceMembersActions.js

@@ -1,186 +0,0 @@
-import { resolveWorkspace } from "../support/resolveWorkspace.js";
-import { resolveActionUser } from "../common/support/resolveActionUser.js";
-import { workspaceMembersResource } from "../../shared/resources/workspaceMembersResource.js";
-import { workspaceSlugParamsValidator } from "../common/validators/routeParamsValidator.js";
-
-const workspaceMembersActions = Object.freeze([
-  {
-    id: "workspace.roles.list",
-    version: 1,
-    kind: "query",
-    channels: ["api", "automation", "internal"],
-    surfacesFrom: "workspace",
-    permission: {
-      require: "all",
-      permissions: ["workspace.roles.view"]
-    },
-    inputValidator: workspaceSlugParamsValidator,
-    outputValidator: workspaceMembersResource.operations.rolesList.outputValidator,
-    idempotency: "none",
-    audit: {
-      actionName: "workspace.roles.list"
-    },
-    observability: {},
-    async execute(_input, context, deps) {
-      return deps.workspaceMembersService.listRoles({ context });
-    }
-  },
-  {
-    id: "workspace.members.list",
-    version: 1,
-    kind: "query",
-    channels: ["api", "automation", "internal"],
-    surfacesFrom: "workspace",
-    permission: {
-      require: "all",
-      permissions: ["workspace.members.view"]
-    },
-    inputValidator: workspaceSlugParamsValidator,
-    outputValidator: workspaceMembersResource.operations.membersList.outputValidator,
-    idempotency: "none",
-    audit: {
-      actionName: "workspace.members.list"
-    },
-    observability: {},
-    async execute(input, context, deps) {
-      return deps.workspaceMembersService.listMembers(resolveWorkspace(context, input), {
-        context
-      });
-    }
-  },
-  {
-    id: "workspace.member.role.update",
-    version: 1,
-    kind: "command",
-    channels: ["api", "automation", "internal"],
-    surfacesFrom: "workspace",
-    permission: {
-      require: "all",
-      permissions: ["workspace.members.manage"]
-    },
-    inputValidator: [workspaceSlugParamsValidator, workspaceMembersResource.operations.updateMemberRole.inputValidator],
-    outputValidator: workspaceMembersResource.operations.updateMemberRole.outputValidator,
-    idempotency: "optional",
-    audit: {
-      actionName: "workspace.member.role.update"
-    },
-    observability: {},
-    async execute(input, context, deps) {
-      return deps.workspaceMembersService.updateMemberRole(resolveWorkspace(context, input), {
-        memberUserId: input.memberUserId,
-        roleSid: input.roleSid
-      }, {
-        context
-      });
-    }
-  },
-  {
-    id: "workspace.member.remove",
-    version: 1,
-    kind: "command",
-    channels: ["api", "automation", "internal"],
-    surfacesFrom: "workspace",
-    permission: {
-      require: "all",
-      permissions: ["workspace.members.manage"]
-    },
-    inputValidator: [workspaceSlugParamsValidator, workspaceMembersResource.operations.removeMember.inputValidator],
-    outputValidator: workspaceMembersResource.operations.removeMember.outputValidator,
-    idempotency: "optional",
-    audit: {
-      actionName: "workspace.member.remove"
-    },
-    observability: {},
-    async execute(input, context, deps) {
-      return deps.workspaceMembersService.removeMember(resolveWorkspace(context, input), {
-        memberUserId: input.memberUserId
-      }, {
-        context
-      });
-    }
-  },
-  {
-    id: "workspace.invites.list",
-    version: 1,
-    kind: "query",
-    channels: ["api", "automation", "internal"],
-    surfacesFrom: "workspace",
-    permission: {
-      require: "all",
-      permissions: ["workspace.members.view"]
-    },
-    inputValidator: workspaceSlugParamsValidator,
-    outputValidator: workspaceMembersResource.operations.invitesList.outputValidator,
-    idempotency: "none",
-    audit: {
-      actionName: "workspace.invites.list"
-    },
-    observability: {},
-    async execute(input, context, deps) {
-      return deps.workspaceMembersService.listInvites(resolveWorkspace(context, input), {
-        context
-      });
-    }
-  },
-  {
-    id: "workspace.invite.create",
-    version: 1,
-    kind: "command",
-    channels: ["api", "assistant_tool", "automation", "internal"],
-    surfacesFrom: "workspace",
-    permission: {
-      require: "all",
-      permissions: ["workspace.members.invite"]
-    },
-    inputValidator: [workspaceSlugParamsValidator, workspaceMembersResource.operations.createInvite.bodyValidator],
-    outputValidator: workspaceMembersResource.operations.createInvite.outputValidator,
-    idempotency: "optional",
-    audit: {
-      actionName: "workspace.invite.create"
-    },
-    observability: {},
-    extensions: {
-      assistant: {
-        description: "Invite a person to the workspace."
-      }
-    },
-    async execute(input, context, deps) {
-      return deps.workspaceMembersService.createInvite(
-        resolveWorkspace(context, input),
-        resolveActionUser(context, input),
-        {
-          email: input.email,
-          roleSid: input.roleSid
-        },
-        {
-          context
-        }
-      );
-    }
-  },
-  {
-    id: "workspace.invite.revoke",
-    version: 1,
-    kind: "command",
-    channels: ["api", "automation", "internal"],
-    surfacesFrom: "workspace",
-    permission: {
-      require: "all",
-      permissions: ["workspace.invites.revoke"]
-    },
-    inputValidator: [workspaceSlugParamsValidator, workspaceMembersResource.operations.revokeInvite.inputValidator],
-    outputValidator: workspaceMembersResource.operations.revokeInvite.outputValidator,
-    idempotency: "optional",
-    audit: {
-      actionName: "workspace.invite.revoke"
-    },
-    observability: {},
-    async execute(input, context, deps) {
-      return deps.workspaceMembersService.revokeInvite(resolveWorkspace(context, input), input.inviteId, {
-        context
-      });
-    }
-  }
-]);
-
-export { workspaceMembersActions };

package/src/server/workspaceMembers/workspaceMembersService.js

@@ -1,222 +0,0 @@
-import { normalizeRecordId } from "@jskit-ai/kernel/shared/support/normalize";
-import { buildInviteToken, hashInviteToken } from "@jskit-ai/auth-core/server/inviteTokens";
-import { AppError } from "@jskit-ai/kernel/server/runtime/errors";
-import { OWNER_ROLE_ID, createWorkspaceRoleCatalog, cloneWorkspaceRoleCatalog } from "../../shared/roles.js";
-
-function createService({
-  workspaceMembershipsRepository,
-  workspaceInvitesRepository,
-  inviteExpiresInMs,
-  roleCatalog = null,
-  workspaceInvitationsEnabled = true
-} = {}) {
-  if (!workspaceMembershipsRepository || !workspaceInvitesRepository) {
-    throw new Error("workspaceMembersService requires membership and invite repositories.");
-  }
-  const resolvedInviteExpiresInMs = Number(inviteExpiresInMs);
-  if (!Number.isInteger(resolvedInviteExpiresInMs) || resolvedInviteExpiresInMs < 1) {
-    throw new Error("workspaceMembersService requires inviteExpiresInMs.");
-  }
-
-  const resolvedRoleCatalog = roleCatalog && typeof roleCatalog === "object" ? roleCatalog : createWorkspaceRoleCatalog();
-  const assignableRoleIds = Array.isArray(resolvedRoleCatalog.assignableRoleIds)
-    ? [...resolvedRoleCatalog.assignableRoleIds]
-    : [];
-  const resolvedWorkspaceInvitationsEnabled = workspaceInvitationsEnabled === true;
-
-  function ensureWorkspaceInvitationsEnabled() {
-    if (resolvedWorkspaceInvitationsEnabled) {
-      return;
-    }
-    throw new AppError(403, "Workspace invitations are disabled.");
-  }
-
-  function withRoleCatalog(payload = {}) {
-    return {
-      ...payload,
-      roleCatalog: cloneWorkspaceRoleCatalog({
-        ...resolvedRoleCatalog,
-        assignableRoleIds
-      })
-    };
-  }
-
-  async function listRoles(options = {}) {
-    return cloneWorkspaceRoleCatalog({
-      ...resolvedRoleCatalog,
-      assignableRoleIds
-    });
-  }
-
-  async function listMembersPayload(workspace, options = {}) {
-    const members = await workspaceMembershipsRepository.listActiveByWorkspaceId(workspace.id, options);
-
-    return withRoleCatalog({
-      workspace,
-      members
-    });
-  }
-
-  async function listMembers(workspace, options = {}) {
-    return listMembersPayload(workspace, options);
-  }
-
-  async function updateMemberRole(workspace, payload = {}, options = {}) {
-    const memberUserId = normalizeRecordId(payload.memberUserId, { fallback: null });
-    const roleSid = payload.roleSid;
-    if (!memberUserId) {
-      throw new AppError(400, "Validation failed.");
-    }
-    if (!assignableRoleIds.includes(roleSid)) {
-      throw new AppError(400, "Validation failed.", {
-        details: {
-          fieldErrors: {
-            roleSid: "Role is not assignable."
-          }
-        }
-      });
-    }
-
-    const existingMembership = await workspaceMembershipsRepository.findByWorkspaceIdAndUserId(workspace.id, memberUserId, options);
-    if (!existingMembership || existingMembership.status !== "active") {
-      throw new AppError(404, "Member not found.");
-    }
-    if (memberUserId === normalizeRecordId(workspace.ownerUserId, { fallback: null }) || existingMembership.roleSid === OWNER_ROLE_ID) {
-      throw new AppError(409, "Cannot change workspace owner role.");
-    }
-
-    await workspaceMembershipsRepository.upsertMembership(
-      workspace.id,
-      memberUserId,
-      {
-        roleSid,
-        status: "active"
-      },
-      options
-    );
-
-    return listMembersPayload(workspace, options);
-  }
-
-  async function removeMember(workspace, payload = {}, options = {}) {
-    const memberUserId = normalizeRecordId(payload.memberUserId, { fallback: null });
-    if (!memberUserId) {
-      throw new AppError(400, "Validation failed.");
-    }
-
-    const existingMembership = await workspaceMembershipsRepository.findByWorkspaceIdAndUserId(workspace.id, memberUserId, options);
-    if (!existingMembership || existingMembership.status !== "active") {
-      throw new AppError(404, "Member not found.");
-    }
-    if (memberUserId === normalizeRecordId(workspace.ownerUserId, { fallback: null }) || existingMembership.roleSid === OWNER_ROLE_ID) {
-      throw new AppError(409, "Cannot remove workspace owner.");
-    }
-
-    await workspaceMembershipsRepository.upsertMembership(
-      workspace.id,
-      memberUserId,
-      {
-        roleSid: existingMembership.roleSid,
-        status: "revoked"
-      },
-      options
-    );
-
-    return listMembersPayload(workspace, options);
-  }
-
-  async function listInvitesPayload(workspace, options = {}) {
-    ensureWorkspaceInvitationsEnabled();
-    const invites = await workspaceInvitesRepository.listPendingByWorkspaceIdWithWorkspace(workspace.id, options);
-
-    return withRoleCatalog({
-      workspace,
-      invites
-    });
-  }
-
-  async function listInvites(workspace, options = {}) {
-    return listInvitesPayload(workspace, options);
-  }
-
-  async function createInvite(workspace, user, payload = {}, options = {}) {
-    const email = payload.email;
-    const roleSid = payload.roleSid;
-    if (!assignableRoleIds.includes(roleSid)) {
-      throw new AppError(400, "Validation failed.", {
-        details: {
-          fieldErrors: {
-            roleSid: "Role is not assignable."
-          }
-        }
-      });
-    }
-
-    const token = buildInviteToken();
-    const tokenHash = hashInviteToken(token);
-    await workspaceInvitesRepository.expirePendingByWorkspaceIdAndEmail(workspace.id, email, options);
-    const createdInvite = await workspaceInvitesRepository.insert(
-      {
-        workspaceId: workspace.id,
-        email,
-        roleSid,
-        status: "pending",
-        tokenHash,
-        invitedByUserId: normalizeRecordId(user?.id, { fallback: null }),
-        expiresAt: new Date(Date.now() + resolvedInviteExpiresInMs).toISOString()
-      },
-      options
-    );
-    const createdInviteId = normalizeRecordId(createdInvite?.id, { fallback: null });
-    if (!createdInviteId) {
-      throw new Error("workspaceMembersService.createInvite expected repository to return created invite id.");
-    }
-
-    const response = await listInvitesPayload(workspace, options);
-    return {
-      ...response,
-      inviteTokenPreview: token,
-      createdInviteId
-    };
-  }
-
-  async function revokeInvite(workspace, inviteId, options = {}) {
-    const normalizedInviteId = normalizeRecordId(inviteId, { fallback: null });
-    if (!normalizedInviteId) {
-      throw new AppError(400, "Validation failed.");
-    }
-
-    const invite = await workspaceInvitesRepository.findPendingByIdForWorkspace(
-      normalizedInviteId,
-      workspace.id,
-      options
-    );
-    if (!invite) {
-      throw new AppError(404, "Invite not found.");
-    }
-
-    await workspaceInvitesRepository.revokeById(normalizedInviteId, options);
-    const revokedInviteId = normalizeRecordId(invite?.id, { fallback: null });
-    if (!revokedInviteId) {
-      throw new Error("workspaceMembersService.revokeInvite expected repository to return pending invite id.");
-    }
-
-    const response = await listInvitesPayload(workspace, options);
-    return {
-      ...response,
-      revokedInviteId
-    };
-  }
-
-  return Object.freeze({
-    listRoles,
-    listMembers,
-    updateMemberRole,
-    removeMember,
-    listInvites,
-    createInvite,
-    revokeInvite
-  });
-}
-
-export { createService };

package/src/server/workspacePendingInvitations/bootWorkspacePendingInvitations.js

@@ -1,62 +0,0 @@
-import { withStandardErrorResponses } from "@jskit-ai/http-runtime/shared/validators/errorResponses";
-import { workspaceMembersResource } from "../../shared/resources/workspaceMembersResource.js";
-import { workspacePendingInvitationsResource } from "../../shared/resources/workspacePendingInvitationsResource.js";
-
-function bootWorkspacePendingInvitations(app) {
-  if (!app || typeof app.make !== "function") {
-    throw new Error("bootWorkspacePendingInvitations requires application make().");
-  }
-
-  const router = app.make("jskit.http.router");
-
-  router.register(
-    "GET",
-    "/api/workspace/invitations/pending",
-    {
-      auth: "required",
-      meta: {
-        tags: ["workspace"],
-        summary: "List pending workspace invitations for authenticated user"
-      },
-      responseValidators: withStandardErrorResponses({
-        200: workspacePendingInvitationsResource.operations.list.outputValidator
-      })
-    },
-    async function (request, reply) {
-      const response = await request.executeAction({
-        actionId: "workspace.invitations.pending.list"
-      });
-      reply.code(200).send(response);
-    }
-  );
-
-  router.register(
-    "POST",
-    "/api/workspace/invitations/redeem",
-    {
-      auth: "required",
-      meta: {
-        tags: ["workspace"],
-        summary: "Accept or refuse a workspace invitation using an invite token"
-      },
-      bodyValidator: workspaceMembersResource.operations.redeemInvite.bodyValidator,
-      responseValidators: withStandardErrorResponses(
-        {
-          200: workspaceMembersResource.operations.redeemInvite.outputValidator
-        },
-        { includeValidation400: true }
-      )
-    },
-    async function (request, reply) {
-      const response = await request.executeAction({
-        actionId: "workspace.invite.redeem",
-        input: {
-          payload: request.input.body
-        }
-      });
-      reply.code(200).send(response);
-    }
-  );
-}
-
-export { bootWorkspacePendingInvitations };

package/src/server/workspacePendingInvitations/registerWorkspacePendingInvitations.js

@@ -1,119 +0,0 @@
-import { withActionDefaults } from "@jskit-ai/kernel/shared/actions";
-import { normalizeRecordId } from "@jskit-ai/kernel/shared/support/normalize";
-import { createService } from "./workspacePendingInvitationsService.js";
-import { workspacePendingInvitationsActions } from "./workspacePendingInvitationsActions.js";
-import { deepFreeze } from "../common/support/deepFreeze.js";
-
-function workspaceAudienceFromEntityId({ event } = {}) {
-  const workspaceId = normalizeRecordId(event?.entityId, { fallback: null });
-  if (!workspaceId) {
-    return "none";
-  }
-  return {
-    workspaceId
-  };
-}
-
-function actorUserEntityId({ options } = {}) {
-  return normalizeRecordId(options?.context?.actor?.id, { fallback: "" });
-}
-
-function createActorUserEvent({ source, entity, realtimeEvent }) {
-  return {
-    type: "entity.changed",
-    source,
-    entity,
-    operation: "updated",
-    entityId: actorUserEntityId,
-    realtime: {
-      event: realtimeEvent,
-      audience: "actor_user"
-    }
-  };
-}
-
-function createWorkspaceAudienceEvent({ entity, realtimeEvent }) {
-  return {
-    type: "entity.changed",
-    source: "workspace",
-    entity,
-    operation: "updated",
-    entityId: ({ result }) => normalizeRecordId(result?.workspaceId, { fallback: "" }),
-    realtime: {
-      event: realtimeEvent,
-      audience: workspaceAudienceFromEntityId
-    }
-  };
-}
-
-function createInviteDecisionEvents({ includeDirectoryAndMembers = false } = {}) {
-  const events = [
-    createActorUserEvent({
-      source: "workspace",
-      entity: "invitation",
-      realtimeEvent: "workspace.invitations.pending.changed"
-    }),
-    createActorUserEvent({
-      source: "users",
-      entity: "bootstrap",
-      realtimeEvent: "users.bootstrap.changed"
-    })
-  ];
-
-  if (includeDirectoryAndMembers) {
-    events.push(
-      createActorUserEvent({
-        source: "workspace",
-        entity: "directory",
-        realtimeEvent: "workspaces.changed"
-      }),
-      createWorkspaceAudienceEvent({
-        entity: "member",
-        realtimeEvent: "workspace.members.changed"
-      })
-    );
-  }
-
-  events.push(
-    createWorkspaceAudienceEvent({
-      entity: "invite",
-      realtimeEvent: "workspace.invites.changed"
-    })
-  );
-
-  return events;
-}
-
-function registerWorkspacePendingInvitations(app) {
-  if (!app || typeof app.singleton !== "function" || typeof app.service !== "function" || typeof app.actions !== "function") {
-    throw new Error("registerWorkspacePendingInvitations requires application singleton()/service()/actions().");
-  }
-
-  app.service(
-    "users.workspace.pending-invitations.service",
-    (scope) =>
-      createService({
-        workspaceInvitesRepository: scope.make("workspaceInvitesRepository"),
-        workspaceMembershipsRepository: scope.make("workspaceMembershipsRepository")
-      }),
-    {
-      events: deepFreeze({
-        acceptInviteByToken: createInviteDecisionEvents({
-          includeDirectoryAndMembers: true
-        }),
-        refuseInviteByToken: createInviteDecisionEvents()
-      })
-    }
-  );
-
-  app.actions(
-    withActionDefaults(workspacePendingInvitationsActions, {
-      domain: "workspace",
-      dependencies: {
-        workspacePendingInvitationsService: "users.workspace.pending-invitations.service"
-      }
-    })
-  );
-}
-
-export { registerWorkspacePendingInvitations };

package/src/server/workspacePendingInvitations/workspacePendingInvitationsActions.js

@@ -1,74 +0,0 @@
-import {
-  EMPTY_INPUT_VALIDATOR
-} from "@jskit-ai/kernel/shared/actions/actionContributorHelpers";
-import { workspaceMembersResource } from "../../shared/resources/workspaceMembersResource.js";
-import { workspacePendingInvitationsResource } from "../../shared/resources/workspacePendingInvitationsResource.js";
-import { resolveActionUser } from "../common/support/resolveActionUser.js";
-
-const workspacePendingInvitationsActions = Object.freeze([
-  {
-    id: "workspace.invitations.pending.list",
-    version: 1,
-    kind: "query",
-    channels: ["api", "automation", "internal"],
-    surfacesFrom: "enabled",
-    permission: {
-      require: "authenticated"
-    },
-    inputValidator: EMPTY_INPUT_VALIDATOR,
-    outputValidator: workspacePendingInvitationsResource.operations.list.outputValidator,
-    idempotency: "none",
-    audit: {
-      actionName: "workspace.invitations.pending.list"
-    },
-    observability: {},
-    async execute(input, context, deps) {
-      return {
-        pendingInvites: await deps.workspacePendingInvitationsService.listPendingInvitesForUser(resolveActionUser(context, input), {
-          context
-        })
-      };
-    }
-  },
-  {
-    id: "workspace.invite.redeem",
-    version: 1,
-    kind: "command",
-    channels: ["api", "automation", "internal"],
-    surfacesFrom: "enabled",
-    permission: {
-      require: "authenticated"
-    },
-    inputValidator: {
-      payload: workspaceMembersResource.operations.redeemInvite.bodyValidator
-    },
-    outputValidator: workspaceMembersResource.operations.redeemInvite.outputValidator,
-    idempotency: "optional",
-    audit: {
-      actionName: "workspace.invite.redeem"
-    },
-    observability: {},
-    async execute(input, context, deps) {
-      const payload = input.payload || {};
-      const user = resolveActionUser(context, input);
-
-      if (payload.decision === "accept") {
-        return deps.workspacePendingInvitationsService.acceptInviteByToken({
-          user,
-          token: payload.token
-        }, {
-          context
-        });
-      }
-
-      return deps.workspacePendingInvitationsService.refuseInviteByToken({
-        user,
-        token: payload.token
-      }, {
-        context
-      });
-    }
-  }
-]);
-
-export { workspacePendingInvitationsActions };