@jskit-ai/workspaces-core 0.1.14 → 0.1.16

package/src/server/common/repositories/workspaceMembershipsRepository.js

@@ -0,0 +1,190 @@
+import {
+  normalizeLowerText,
+  normalizeRecordId,
+  normalizeDbRecordId,
+  normalizeText,
+  toIsoString,
+  nowDb,
+  isDuplicateEntryError,
+  createWithTransaction
+} from "./repositoryUtils.js";
+import { OWNER_ROLE_ID } from "../../../shared/roles.js";
+
+function mapRow(row) {
+  if (!row) {
+    return null;
+  }
+
+  return {
+    id: normalizeDbRecordId(row.id, { fallback: "" }),
+    workspaceId: normalizeDbRecordId(row.workspace_id, { fallback: "" }),
+    userId: normalizeDbRecordId(row.user_id, { fallback: "" }),
+    roleSid: normalizeLowerText(row.role_sid || "member") || "member",
+    status: normalizeLowerText(row.status || "active") || "active",
+    createdAt: toIsoString(row.created_at),
+    updatedAt: toIsoString(row.updated_at)
+  };
+}
+
+function mapMemberSummaryRow(row) {
+  if (!row) {
+    return null;
+  }
+
+  return {
+    userId: normalizeDbRecordId(row.user_id, { fallback: "" }),
+    roleSid: normalizeLowerText(row.role_sid || "member") || "member",
+    status: normalizeLowerText(row.status || "active") || "active",
+    displayName: normalizeText(row.display_name),
+    email: normalizeLowerText(row.email)
+  };
+}
+
+function createRepository(knex) {
+  if (typeof knex !== "function") {
+    throw new TypeError("workspaceMembershipsRepository requires knex.");
+  }
+  const withTransaction = createWithTransaction(knex);
+
+  async function findByWorkspaceIdAndUserId(workspaceId, userId, options = {}) {
+    const normalizedWorkspaceId = normalizeRecordId(workspaceId, { fallback: null });
+    const normalizedUserId = normalizeRecordId(userId, { fallback: null });
+    if (!normalizedWorkspaceId || !normalizedUserId) {
+      return null;
+    }
+
+    const client = options?.trx || knex;
+    const row = await client("workspace_memberships")
+      .where({ workspace_id: normalizedWorkspaceId, user_id: normalizedUserId })
+      .first();
+    return mapRow(row);
+  }
+
+  async function ensureOwnerMembership(workspaceId, userId, options = {}) {
+    const normalizedWorkspaceId = normalizeRecordId(workspaceId, { fallback: null });
+    const normalizedUserId = normalizeRecordId(userId, { fallback: null });
+    if (!normalizedWorkspaceId || !normalizedUserId) {
+      throw new TypeError("workspaceMembershipsRepository.ensureOwnerMembership requires workspaceId and userId.");
+    }
+
+    const client = options?.trx || knex;
+    const existing = await findByWorkspaceIdAndUserId(normalizedWorkspaceId, normalizedUserId, { trx: client });
+    if (existing) {
+      if (existing.roleSid !== OWNER_ROLE_ID || existing.status !== "active") {
+        await client("workspace_memberships")
+          .where({ workspace_id: normalizedWorkspaceId, user_id: normalizedUserId })
+          .update({
+            role_sid: OWNER_ROLE_ID,
+            status: "active",
+            updated_at: nowDb()
+          });
+      }
+      return findByWorkspaceIdAndUserId(normalizedWorkspaceId, normalizedUserId, { trx: client });
+    }
+
+    try {
+      await client("workspace_memberships").insert({
+        workspace_id: normalizedWorkspaceId,
+        user_id: normalizedUserId,
+        role_sid: OWNER_ROLE_ID,
+        status: "active",
+        created_at: nowDb(),
+        updated_at: nowDb()
+      });
+    } catch (error) {
+      if (!isDuplicateEntryError(error)) {
+        throw error;
+      }
+    }
+
+    return findByWorkspaceIdAndUserId(normalizedWorkspaceId, normalizedUserId, { trx: client });
+  }
+
+  async function upsertMembership(workspaceId, userId, patch = {}, options = {}) {
+    const normalizedWorkspaceId = normalizeRecordId(workspaceId, { fallback: null });
+    const normalizedUserId = normalizeRecordId(userId, { fallback: null });
+    if (!normalizedWorkspaceId || !normalizedUserId) {
+      throw new TypeError("workspaceMembershipsRepository.upsertMembership requires workspaceId and userId.");
+    }
+
+    const client = options?.trx || knex;
+    const existing = await findByWorkspaceIdAndUserId(normalizedWorkspaceId, normalizedUserId, { trx: client });
+    const roleSid = normalizeLowerText(patch.roleSid || existing?.roleSid || "member") || "member";
+    const status = normalizeLowerText(patch.status || existing?.status || "active") || "active";
+
+    if (!existing) {
+      await client("workspace_memberships").insert({
+        workspace_id: normalizedWorkspaceId,
+        user_id: normalizedUserId,
+        role_sid: roleSid,
+        status,
+        created_at: nowDb(),
+        updated_at: nowDb()
+      });
+      return findByWorkspaceIdAndUserId(normalizedWorkspaceId, normalizedUserId, { trx: client });
+    }
+
+    await client("workspace_memberships")
+      .where({ workspace_id: normalizedWorkspaceId, user_id: normalizedUserId })
+      .update({
+        role_sid: roleSid,
+        status,
+        updated_at: nowDb()
+      });
+
+    return findByWorkspaceIdAndUserId(normalizedWorkspaceId, normalizedUserId, { trx: client });
+  }
+
+  async function listActiveByWorkspaceId(workspaceId, options = {}) {
+    const normalizedWorkspaceId = normalizeRecordId(workspaceId, { fallback: null });
+    if (!normalizedWorkspaceId) {
+      return [];
+    }
+
+    const client = options?.trx || knex;
+    const rows = await client("workspace_memberships as wm")
+      .join("users as up", "up.id", "wm.user_id")
+      .where({ "wm.workspace_id": normalizedWorkspaceId, "wm.status": "active" })
+      .orderBy("up.display_name", "asc")
+      .select([
+        "wm.user_id",
+        "wm.role_sid",
+        "wm.status",
+        "up.display_name",
+        "up.email"
+      ]);
+
+    return rows.map(mapMemberSummaryRow).filter(Boolean);
+  }
+
+  async function listActiveWorkspaceIdsByUserId(userId, options = {}) {
+    const normalizedUserId = normalizeRecordId(userId, { fallback: null });
+    if (!normalizedUserId) {
+      return [];
+    }
+
+    const client = options?.trx || knex;
+    const rows = await client("workspace_memberships")
+      .where({
+        user_id: normalizedUserId,
+        status: "active"
+      })
+      .select("workspace_id")
+      .orderBy("workspace_id", "asc");
+
+    return rows
+      .map((row) => normalizeDbRecordId(row.workspace_id, { fallback: null }))
+      .filter(Boolean);
+  }
+
+  return Object.freeze({
+    withTransaction,
+    findByWorkspaceIdAndUserId,
+    ensureOwnerMembership,
+    upsertMembership,
+    listActiveByWorkspaceId,
+    listActiveWorkspaceIdsByUserId
+  });
+}
+
+export { createRepository, mapRow, mapMemberSummaryRow };

package/src/server/common/repositories/workspacesRepository.js

@@ -0,0 +1,202 @@
+import { resolveInsertedRecordId } from "@jskit-ai/database-runtime/shared";
+import {
+  normalizeDbRecordId,
+  normalizeRecordId,
+  normalizeText,
+  normalizeLowerText,
+  toIsoString,
+  toNullableIso,
+  nowDb,
+  isDuplicateEntryError,
+  createWithTransaction
+} from "./repositoryUtils.js";
+
+function mapRow(row) {
+  if (!row) {
+    return null;
+  }
+
+  return {
+    id: normalizeDbRecordId(row.id, { fallback: "" }),
+    slug: normalizeText(row.slug),
+    name: normalizeText(row.name),
+    ownerUserId: normalizeDbRecordId(row.owner_user_id, { fallback: "" }),
+    isPersonal: Boolean(row.is_personal),
+    avatarUrl: row.avatar_url ? normalizeText(row.avatar_url) : "",
+    createdAt: toIsoString(row.created_at),
+    updatedAt: toIsoString(row.updated_at),
+    deletedAt: toNullableIso(row.deleted_at)
+  };
+}
+
+function mapMembershipWorkspaceRow(row) {
+  if (!row) {
+    return null;
+  }
+
+  return {
+    ...mapRow(row),
+    roleSid: normalizeLowerText(row.role_sid || "member"),
+    membershipStatus: normalizeLowerText(row.membership_status || "active") || "active"
+  };
+}
+
+function createRepository(knex) {
+  if (typeof knex !== "function") {
+    throw new TypeError("workspacesRepository requires knex.");
+  }
+  const withTransaction = createWithTransaction(knex);
+
+  function workspaceSelectColumns({ includeMembership = false } = {}) {
+    const columns = [
+      "w.id",
+      "w.slug",
+      "w.name",
+      "w.owner_user_id",
+      "w.is_personal",
+      "w.avatar_url",
+      "w.created_at",
+      "w.updated_at",
+      "w.deleted_at"
+    ];
+    if (includeMembership) {
+      columns.push("wm.role_sid", "wm.status as membership_status");
+    }
+    return columns;
+  }
+
+  async function findById(workspaceId, options = {}) {
+    const normalizedWorkspaceId = normalizeRecordId(workspaceId, { fallback: null });
+    if (!normalizedWorkspaceId) {
+      return null;
+    }
+
+    const client = options?.trx || knex;
+    const row = await client("workspaces as w")
+      .where({ "w.id": normalizedWorkspaceId })
+      .select(workspaceSelectColumns())
+      .first();
+    return mapRow(row);
+  }
+
+  async function findBySlug(slug, options = {}) {
+    const client = options?.trx || knex;
+    const normalizedSlug = normalizeLowerText(slug);
+    if (!normalizedSlug) {
+      return null;
+    }
+
+    const row = await client("workspaces as w")
+      .where({ "w.slug": normalizedSlug })
+      .select(workspaceSelectColumns())
+      .first();
+    return mapRow(row);
+  }
+
+  async function findPersonalByOwnerUserId(userId, options = {}) {
+    const normalizedUserId = normalizeRecordId(userId, { fallback: null });
+    if (!normalizedUserId) {
+      return null;
+    }
+
+    const client = options?.trx || knex;
+    const row = await client("workspaces as w")
+      .where({ "w.owner_user_id": normalizedUserId, "w.is_personal": 1 })
+      .orderBy("w.id", "asc")
+      .select(workspaceSelectColumns())
+      .first();
+    return mapRow(row);
+  }
+
+  async function insert(payload = {}, options = {}) {
+    const client = options?.trx || knex;
+    const source = payload && typeof payload === "object" ? payload : {};
+    const ownerUserId = normalizeRecordId(source.ownerUserId, { fallback: null });
+    if (!ownerUserId) {
+      throw new TypeError("workspacesRepository.insert requires ownerUserId.");
+    }
+
+    const insertPayload = {
+      slug: normalizeLowerText(source.slug),
+      name: normalizeText(source.name),
+      owner_user_id: ownerUserId,
+      is_personal: source.isPersonal ? 1 : 0,
+      avatar_url: normalizeText(source.avatarUrl),
+      created_at: nowDb(),
+      updated_at: nowDb(),
+      deleted_at: null
+    };
+
+    try {
+      const result = await client("workspaces").insert(insertPayload);
+      const insertedId = resolveInsertedRecordId(result, { fallback: null });
+      if (insertedId) {
+        return findById(insertedId, { trx: client });
+      }
+      const bySlug = await findBySlug(insertPayload.slug, { trx: client });
+      return bySlug;
+    } catch (error) {
+      if (!isDuplicateEntryError(error)) {
+        throw error;
+      }
+      const bySlug = await findBySlug(insertPayload.slug, { trx: client });
+      if (bySlug) {
+        return bySlug;
+      }
+      throw error;
+    }
+  }
+
+  async function updateById(workspaceId, patch = {}, options = {}) {
+    const normalizedWorkspaceId = normalizeRecordId(workspaceId, { fallback: null });
+    if (!normalizedWorkspaceId) {
+      return null;
+    }
+
+    const client = options?.trx || knex;
+    const source = patch && typeof patch === "object" ? patch : {};
+    const dbPatch = {
+      updated_at: nowDb()
+    };
+
+    if (Object.hasOwn(source, "name")) {
+      dbPatch.name = normalizeText(source.name);
+    }
+    if (Object.hasOwn(source, "avatarUrl")) {
+      dbPatch.avatar_url = normalizeText(source.avatarUrl);
+    }
+
+    await client("workspaces").where({ id: normalizedWorkspaceId }).update(dbPatch);
+    return findById(normalizedWorkspaceId, { trx: client });
+  }
+
+  async function listForUserId(userId, options = {}) {
+    const normalizedUserId = normalizeRecordId(userId, { fallback: null });
+    if (!normalizedUserId) {
+      return [];
+    }
+
+    const client = options?.trx || knex;
+    const rows = await client("workspace_memberships as wm")
+      .join("workspaces as w", "w.id", "wm.workspace_id")
+      .where({ "wm.user_id": normalizedUserId })
+      .whereNull("w.deleted_at")
+      .orderBy("w.is_personal", "desc")
+      .orderBy("w.id", "asc")
+      .select(workspaceSelectColumns({ includeMembership: true }));
+
+    return rows.map(mapMembershipWorkspaceRow).filter(Boolean);
+  }
+
+  return Object.freeze({
+    withTransaction,
+    findById,
+    findBySlug,
+    findPersonalByOwnerUserId,
+    insert,
+    updateById,
+    listForUserId
+  });
+}
+
+export { createRepository, mapRow, mapMembershipWorkspaceRow };

package/src/server/common/services/workspaceContextService.js

@@ -0,0 +1,281 @@
+import { createHash } from "node:crypto";
+import { AppError } from "@jskit-ai/kernel/server/runtime/errors";
+import {
+  TENANCY_MODE_NONE,
+  resolveTenancyProfile
+} from "../../../shared/tenancyProfile.js";
+import {
+  resolveRolePermissions
+} from "../../../shared/roles.js";
+import {
+  mapWorkspaceSummary
+} from "../formatters/workspaceFormatter.js";
+import { normalizeLowerText, normalizeText } from "@jskit-ai/kernel/shared/actions/textNormalization";
+import { normalizeRecordId } from "@jskit-ai/kernel/shared/support/normalize";
+import { authenticatedUserValidator } from "../validators/authenticatedUserValidator.js";
+
+function toSlugPart(value) {
+  const normalized = normalizeLowerText(value)
+    .replace(/[^a-z0-9]+/g, "-")
+    .replace(/^-+|-+$/g, "")
+    .slice(0, 48);
+  return normalized || "workspace";
+}
+
+function buildWorkspaceBaseSlug(user = {}) {
+  const username = normalizeLowerText(user.username);
+  if (username) {
+    return toSlugPart(username);
+  }
+  const displayName = normalizeText(user.displayName);
+  if (displayName) {
+    return toSlugPart(displayName);
+  }
+  const email = normalizeLowerText(user.email);
+  if (email.includes("@")) {
+    return toSlugPart(email.split("@")[0]);
+  }
+  return "workspace";
+}
+
+function buildWorkspaceName(user = {}) {
+  const displayName = normalizeText(user.displayName);
+  if (displayName) {
+    return `${displayName}'s Workspace`;
+  }
+  const email = normalizeLowerText(user.email);
+  if (email) {
+    return `${email}'s Workspace`;
+  }
+  return "Workspace";
+}
+
+function buildPermissionsFromMembership(membership, appConfig = {}) {
+  const roleSid = normalizeLowerText(membership?.roleSid || "member");
+  return resolveRolePermissions(roleSid, appConfig);
+}
+
+function hashInviteToken(token) {
+  return createHash("sha256").update(normalizeText(token)).digest("hex");
+}
+
+function normalizeWorkspaceCreationInput(payload = {}) {
+  const source = payload && typeof payload === "object" && !Array.isArray(payload) ? payload : {};
+  return {
+    name: normalizeText(source.name),
+    requestedSlug: normalizeLowerText(source.slug)
+  };
+}
+
+function createService({
+  appConfig = {},
+  workspacesRepository,
+  workspaceMembershipsRepository,
+  workspaceSettingsRepository
+} = {}) {
+  if (
+    !workspacesRepository ||
+    !workspaceMembershipsRepository ||
+    !workspaceSettingsRepository
+  ) {
+    throw new Error("workspaceService requires repositories.");
+  }
+
+  const resolvedTenancyProfile = resolveTenancyProfile(appConfig);
+  const resolvedTenancyMode = resolvedTenancyProfile.mode;
+  const workspacePolicy = resolvedTenancyProfile.workspace;
+  async function ensureUniqueWorkspaceSlug(baseSlug, options = {}) {
+    let suffix = 0;
+    while (suffix < 1000) {
+      suffix += 1;
+      const candidate = suffix === 1 ? toSlugPart(baseSlug) : `${toSlugPart(baseSlug)}-${suffix}`;
+      const existing = await workspacesRepository.findBySlug(candidate, options);
+      if (!existing) {
+        return candidate;
+      }
+    }
+    throw new AppError(500, "Unable to generate unique workspace slug.");
+  }
+
+  async function ensureWorkspaceSettingsForWorkspace(workspace, options = {}) {
+    return workspaceSettingsRepository.ensureForWorkspaceId(workspace?.id, {
+      ...options,
+      workspace
+    });
+  }
+
+  async function ensurePersonalWorkspaceForUser(user, options = {}) {
+    const normalizedUser = authenticatedUserValidator.normalize(user);
+    if (!normalizedUser) {
+      throw new AppError(400, "Invalid authenticated user payload.");
+    }
+
+    const existing = await workspacesRepository.findPersonalByOwnerUserId(normalizedUser.id, options);
+    if (existing) {
+      await workspaceMembershipsRepository.ensureOwnerMembership(existing.id, normalizedUser.id, options);
+      await ensureWorkspaceSettingsForWorkspace(existing, options);
+      return existing;
+    }
+
+    const slug = await ensureUniqueWorkspaceSlug(buildWorkspaceBaseSlug(normalizedUser), options);
+    const inserted = await workspacesRepository.insert(
+      {
+        slug,
+        name: buildWorkspaceName(normalizedUser),
+        ownerUserId: normalizedUser.id,
+        isPersonal: true,
+        avatarUrl: ""
+      },
+      options
+    );
+
+    await workspaceMembershipsRepository.ensureOwnerMembership(inserted.id, normalizedUser.id, options);
+    await ensureWorkspaceSettingsForWorkspace(inserted, options);
+    return inserted;
+  }
+
+  async function listWorkspacesForUser(user, options = {}) {
+    const normalizedUser = authenticatedUserValidator.normalize(user);
+    if (!normalizedUser) {
+      return [];
+    }
+
+    if (resolvedTenancyMode === TENANCY_MODE_NONE) {
+      return [];
+    }
+
+    const list = await workspacesRepository.listForUserId(normalizedUser.id, options);
+    const accessible = list
+      .map((entry) => mapWorkspaceSummary(entry, { roleSid: entry.roleSid, status: entry.membershipStatus }))
+      .filter((entry) => entry.isAccessible);
+
+    return accessible;
+  }
+
+  async function listWorkspacesForAuthenticatedUser(user, options = {}) {
+    return listWorkspacesForUser(user, options);
+  }
+
+  async function provisionWorkspaceForNewUser(user, options = {}) {
+    const normalizedUser = authenticatedUserValidator.normalize(user);
+    if (!normalizedUser) {
+      throw new AppError(400, "Invalid authenticated user payload.");
+    }
+
+    if (workspacePolicy.autoProvision !== true) {
+      return null;
+    }
+
+    return ensurePersonalWorkspaceForUser(normalizedUser, options);
+  }
+
+  async function createWorkspaceForAuthenticatedUser(user, payload = {}, options = {}) {
+    const normalizedUser = authenticatedUserValidator.normalize(user);
+    if (!normalizedUser) {
+      throw new AppError(401, "Authentication required.");
+    }
+
+    if (workspacePolicy.allowSelfCreate !== true) {
+      throw new AppError(403, "Workspace creation is disabled for this tenancy mode.");
+    }
+
+    const createInput = normalizeWorkspaceCreationInput(payload);
+    if (!createInput.name) {
+      throw new AppError(400, "Workspace name is required.");
+    }
+
+    const slugBase = createInput.requestedSlug || toSlugPart(createInput.name);
+    const slug = await ensureUniqueWorkspaceSlug(slugBase, options);
+    const inserted = await workspacesRepository.insert(
+      {
+        slug,
+        name: createInput.name,
+        ownerUserId: normalizedUser.id,
+        isPersonal: false,
+        avatarUrl: ""
+      },
+      options
+    );
+
+    await workspaceMembershipsRepository.ensureOwnerMembership(inserted.id, normalizedUser.id, options);
+    await ensureWorkspaceSettingsForWorkspace(inserted, options);
+    return inserted;
+  }
+
+  async function getWorkspaceForAuthenticatedUser(user, workspaceSlug, options = {}) {
+    const workspaceContext = await resolveWorkspaceContextForUserBySlug(user, workspaceSlug, options);
+    return workspaceContext.workspace;
+  }
+
+  async function updateWorkspaceForAuthenticatedUser(user, workspaceSlug, patch = {}, options = {}) {
+    const workspaceContext = await resolveWorkspaceContextForUserBySlug(user, workspaceSlug, options);
+    return workspacesRepository.updateById(workspaceContext.workspace.id, patch, options);
+  }
+
+  async function resolveWorkspaceContextForUserBySlug(user, workspaceSlug, options = {}) {
+    const normalizedUser = authenticatedUserValidator.normalize(user);
+    if (!normalizedUser) {
+      throw new AppError(401, "Authentication required.");
+    }
+
+    if (resolvedTenancyMode === TENANCY_MODE_NONE) {
+      throw new AppError(403, "Workspace context is disabled.");
+    }
+
+    const normalizedWorkspaceSlug = normalizeLowerText(workspaceSlug);
+    if (!normalizedWorkspaceSlug) {
+      throw new AppError(400, "workspaceSlug is required.");
+    }
+
+    const workspace = await workspacesRepository.findBySlug(normalizedWorkspaceSlug, options);
+
+    if (!workspace) {
+      throw new AppError(404, "Workspace not found.");
+    }
+
+    let membership = await workspaceMembershipsRepository.findByWorkspaceIdAndUserId(
+      workspace.id,
+      normalizedUser.id,
+      options
+    );
+    const actorOwnsWorkspace =
+      normalizeRecordId(workspace.ownerUserId, { fallback: null }) ===
+      normalizeRecordId(normalizedUser.id, { fallback: null });
+    const membershipIsActive = normalizeLowerText(membership?.status) === "active";
+
+    if (!membershipIsActive && actorOwnsWorkspace) {
+      membership = await workspaceMembershipsRepository.ensureOwnerMembership(workspace.id, normalizedUser.id, options);
+    }
+
+    if (!membership || normalizeLowerText(membership.status) !== "active") {
+      throw new AppError(403, "You do not have access to this workspace.");
+    }
+
+    const workspaceSettings = await ensureWorkspaceSettingsForWorkspace(workspace, options);
+    const permissions = buildPermissionsFromMembership(membership, appConfig);
+
+    return {
+      workspace,
+      membership,
+      permissions,
+      workspaceSettings
+    };
+  }
+
+  return Object.freeze({
+    toSlugPart,
+    buildWorkspaceName,
+    buildWorkspaceBaseSlug,
+    hashInviteToken,
+    ensurePersonalWorkspaceForUser,
+    provisionWorkspaceForNewUser,
+    createWorkspaceForAuthenticatedUser,
+    getWorkspaceForAuthenticatedUser,
+    updateWorkspaceForAuthenticatedUser,
+    listWorkspacesForUser,
+    listWorkspacesForAuthenticatedUser,
+    resolveWorkspaceContextForUserBySlug
+  });
+}
+
+export { createService };

package/src/server/common/support/deepFreeze.js

@@ -0,0 +1 @@
+export { deepFreeze } from "@jskit-ai/kernel/shared/support/deepFreeze";