@loomcore/api 0.1.12 → 0.1.14

package/dist/__tests__/common-test.utils.js

@@ -10,7 +10,7 @@ import { OrganizationService } from '../services/organization.service.js';
 import { IdNotFoundError } from '../errors/index.js';
 import { AuthService, GenericApiService } from '../services/index.js';
 import { ObjectId } from 'mongodb';
-import { testMetaOrg, testOrg, getTestUser, testUserContext } from './test-objects.js';
+import { testMetaOrg, testOrg, getTestMetaOrgUser, testMetaOrgUserContext } from './test-objects.js';
 import { CategorySpec } from './models/category.model.js';
 import { ProductSpec } from './models/product.model.js';
 let deviceIdCookie;
@@ -33,9 +33,9 @@ async function createMetaOrg() {
         throw new Error('OrganizationService not initialized. Call initialize() first.');
     }
     try {
-        const existingMetaOrg = await organizationService.findOne(testUserContext, { filters: { isMetaOrg: { eq: true } } });
+        const existingMetaOrg = await organizationService.findOne(testMetaOrgUserContext, { filters: { isMetaOrg: { eq: true } } });
         if (!existingMetaOrg) {
-            const metaOrgInsertResult = await organizationService.create(testUserContext, testMetaOrg);
+            const metaOrgInsertResult = await organizationService.create(testMetaOrgUserContext, testMetaOrg);
         }
     }
     catch (error) {
@@ -48,7 +48,7 @@ async function deleteMetaOrg() {
         return Promise.resolve();
     }
     try {
-        await organizationService.deleteMany(testUserContext, { filters: { isMetaOrg: { eq: true } } });
+        await organizationService.deleteMany(testMetaOrgUserContext, { filters: { isMetaOrg: { eq: true } } });
     }
     catch (error) {
         console.log('Error deleting meta org:', error);
@@ -69,23 +69,23 @@ async function createTestUser() {
         throw new Error('Database not initialized. Call initialize() first.');
     }
     try {
-        let existingOrg;
+        let existingMetaOrg;
         try {
-            existingOrg = await organizationService.getById(testUserContext, testOrg._id);
+            existingMetaOrg = await organizationService.getMetaOrg(testMetaOrgUserContext);
         }
         catch (error) {
             if (error instanceof IdNotFoundError) {
-                existingOrg = null;
+                existingMetaOrg = null;
             }
             else {
                 throw error;
             }
         }
-        if (!existingOrg) {
-            await organizationService.create(testUserContext, testOrg);
+        if (!existingMetaOrg) {
+            await organizationService.create(testMetaOrgUserContext, testMetaOrg);
         }
         const systemUserContext = getSystemUserContext();
-        const createdUser = await authService.createUser(systemUserContext, getTestUser());
+        const createdUser = await authService.createUser(systemUserContext, getTestMetaOrgUser());
         if (!createdUser) {
             throw new Error('Failed to create test user');
         }
@@ -97,10 +97,10 @@ async function createTestUser() {
     }
 }
 async function deleteTestUser() {
-    await authService.deleteById(testUserContext, getTestUser()._id).catch((error) => {
+    await authService.deleteById(testMetaOrgUserContext, getTestMetaOrgUser()._id).catch((error) => {
         return null;
     });
-    await organizationService.deleteById(testUserContext, testOrg._id).catch((error) => {
+    await organizationService.deleteById(testMetaOrgUserContext, testOrg._id).catch((error) => {
         return null;
     });
 }
@@ -119,19 +119,20 @@ async function simulateloginWithTestUser() {
             return res;
         }
     };
-    const loginResponse = await authService.attemptLogin(req, res, getTestUser().email, getTestUser().password);
+    const loginResponse = await authService.attemptLogin(req, res, getTestMetaOrgUser().email, getTestMetaOrgUser().password);
     if (!loginResponse?.tokens?.accessToken) {
         throw new Error('Failed to login with test user');
     }
     return `Bearer ${loginResponse.tokens.accessToken}`;
 }
 function getAuthToken() {
+    const metaOrgUser = getTestMetaOrgUser();
     const payload = {
         user: {
-            _id: getTestUser()._id,
-            email: getTestUser().email
+            _id: metaOrgUser._id,
+            email: metaOrgUser.email
         },
-        _orgId: testOrg._id
+        _orgId: metaOrgUser._orgId
     };
     const token = JwtService.sign(payload, JWT_SECRET, { expiresIn: 3600 });
     return `Bearer ${token}`;
@@ -226,7 +227,7 @@ function configureJwtSecret() {
 }
 async function loginWithTestUser(agent) {
     agent.set('Cookie', [`deviceId=${deviceIdCookie}`]);
-    const testUser = getTestUser();
+    const testUser = getTestMetaOrgUser();
     const response = await agent
         .post('/api/auth/login')
         .send({

package/dist/__tests__/mongo-db.test-database.d.ts

@@ -6,7 +6,7 @@ export declare class TestMongoDatabase implements ITestDatabase {
     private mongoDb;
     private database;
     private initPromise;
-    init(databaseName: string): Promise<IDatabase>;
+    init(): Promise<IDatabase>;
     getRandomId(): string;
     private _performInit;
     private createIndexes;

package/dist/__tests__/mongo-db.test-database.js

@@ -9,17 +9,17 @@ export class TestMongoDatabase {
     mongoDb = null;
     database = null;
     initPromise = null;
-    async init(databaseName) {
+    async init() {
         if (this.initPromise) {
             return this.initPromise;
         }
-        this.initPromise = this._performInit(databaseName);
+        this.initPromise = this._performInit();
         return this.initPromise;
     }
     getRandomId() {
         return new ObjectId().toString();
     }
-    async _performInit(databaseName) {
+    async _performInit() {
         if (!this.database) {
             this.mongoServer = await MongoMemoryServer.create({
                 instance: {

package/dist/__tests__/postgres.test-database.d.ts

@@ -4,7 +4,7 @@ export declare class TestPostgresDatabase implements ITestDatabase {
     private database;
     private postgresClient;
     private initPromise;
-    init(databaseName: string): Promise<IDatabase>;
+    init(adminUsername?: string, adminPassword?: string): Promise<IDatabase>;
     getRandomId(): string;
     private _performInit;
     private createIndexes;

package/dist/__tests__/postgres.test-database.js

@@ -11,17 +11,17 @@ export class TestPostgresDatabase {
     database = null;
     postgresClient = null;
     initPromise = null;
-    async init(databaseName) {
+    async init(adminUsername, adminPassword) {
         if (this.initPromise) {
             return this.initPromise;
         }
-        this.initPromise = this._performInit(databaseName);
+        this.initPromise = this._performInit(adminUsername, adminPassword);
         return this.initPromise;
     }
     getRandomId() {
         return randomUUID();
     }
-    async _performInit(databaseName) {
+    async _performInit(adminUsername, adminPassword) {
         if (!this.database) {
             const { Client } = newDb().adapters.createPg();
             const postgresClient = new Client();
@@ -33,7 +33,7 @@ export class TestPostgresDatabase {
             if (!success) {
                 throw new Error('Failed to setup for multitenant');
             }
-            success = (await setupDatabaseForAuth(postgresClient, testOrg._id)).success;
+            success = (await setupDatabaseForAuth(postgresClient, adminUsername || 'admin', adminPassword || 'password', testOrg._id)).success;
             if (!success) {
                 throw new Error('Failed to setup for auth');
             }

package/dist/__tests__/test-database.interface.d.ts

@@ -1,6 +1,6 @@
 import { IDatabase } from "../databases/models/index.js";
 export type ITestDatabase = {
-    init(databaseName: string): Promise<IDatabase>;
+    init(adminUsername?: string, adminPassword?: string): Promise<IDatabase>;
     getRandomId(): string;
     clearCollections(): Promise<void>;
     cleanup(): Promise<void>;

package/dist/__tests__/test-express-app.js

@@ -61,12 +61,12 @@ export class TestExpressApp {
             if (useMongoDb) {
                 const testMongoDb = new TestMongoDatabase();
                 this.testDatabase = testMongoDb;
-                this.database = await testMongoDb.init(this.databaseName);
+                this.database = await testMongoDb.init();
             }
             else {
                 const testPostgresDb = new TestPostgresDatabase();
                 this.testDatabase = testPostgresDb;
-                this.database = await testPostgresDb.init(this.databaseName);
+                this.database = await testPostgresDb.init('admin', 'password');
             }
         }
         if (!this.app) {

package/dist/__tests__/test-objects.d.ts

@@ -1,6 +1,6 @@
-import { IOrganization, IUser, IUserContext } from "@loomcore/common/models";
-export declare const testUser: IUser;
-export declare function getTestUser(): {
+import { IOrganization, IUserContext } from "@loomcore/common/models";
+export declare const testMetaOrg: IOrganization;
+export declare function getTestMetaOrgUser(): {
     email: string;
     firstName?: string;
     lastName?: string;
@@ -18,6 +18,24 @@ export declare function getTestUser(): {
     _id: string;
     _orgId?: string;
 };
-export declare const testUserContext: IUserContext;
-export declare const testMetaOrg: IOrganization;
+export declare const testMetaOrgUserContext: IUserContext;
 export declare const testOrg: IOrganization;
+export declare function getTestOrgUser(): {
+    email: string;
+    firstName?: string;
+    lastName?: string;
+    displayName?: string;
+    password: string;
+    roles?: string[];
+    _lastLoggedIn?: Date;
+    _lastPasswordChange?: Date;
+    _created: Date;
+    _createdBy: string;
+    _updated: Date;
+    _updatedBy: string;
+    _deleted?: Date;
+    _deletedBy?: string;
+    _id: string;
+    _orgId?: string;
+};
+export declare const testOrgUserContext: IUserContext;

package/dist/__tests__/test-objects.js

@@ -1,4 +1,15 @@
-export const testUser = {
+export const testMetaOrg = {
+    _id: '69261691f936c45f85da24d0',
+    name: 'Test Meta Organization',
+    code: 'test-meta-org',
+    status: 1,
+    isMetaOrg: true,
+    _created: new Date(),
+    _createdBy: 'system',
+    _updated: new Date(),
+    _updatedBy: 'system',
+};
+const testMetaOrgUser = {
     _id: '69261672f48fb7bf76e54dfb',
     email: 'test@example.com',
     password: 'testpassword',
@@ -6,7 +17,7 @@ export const testUser = {
     lastName: 'User',
     displayName: 'Test User',
     roles: ['user'],
-    _orgId: '6926167d06c0073a778a124f',
+    _orgId: testMetaOrg._id,
     _created: new Date(),
     _createdBy: 'system',
     _lastLoggedIn: new Date(),
@@ -14,23 +25,12 @@ export const testUser = {
     _updated: new Date(),
     _updatedBy: 'system',
 };
-export function getTestUser() {
-    return { ...testUser };
+export function getTestMetaOrgUser() {
+    return { ...testMetaOrgUser };
 }
-export const testUserContext = {
-    user: getTestUser(),
-    _orgId: '6926167d06c0073a778a124f'
-};
-export const testMetaOrg = {
-    _id: '69261691f936c45f85da24d0',
-    name: 'Test Meta Organization',
-    code: 'test-meta-org',
-    status: 1,
-    isMetaOrg: true,
-    _created: new Date(),
-    _createdBy: 'system',
-    _updated: new Date(),
-    _updatedBy: 'system',
+export const testMetaOrgUserContext = {
+    user: getTestMetaOrgUser(),
+    _orgId: testMetaOrg._id,
 };
 export const testOrg = {
     _id: '6926167d06c0073a778a124f',
@@ -43,3 +43,25 @@ export const testOrg = {
     _updated: new Date(),
     _updatedBy: 'system',
 };
+const testOrgUser = {
+    _id: '6926167d06c0073a778a1250',
+    email: 'test-org-user@example.com',
+    password: 'testpassword',
+    firstName: 'Test',
+    lastName: 'User',
+    displayName: 'Test User',
+    roles: ['user'],
+    _orgId: testOrg._id,
+    _created: new Date(),
+    _createdBy: 'system',
+    _lastLoggedIn: new Date(),
+    _updated: new Date(),
+    _updatedBy: 'system',
+};
+export function getTestOrgUser() {
+    return { ...testOrgUser };
+}
+export const testOrgUserContext = {
+    user: getTestOrgUser(),
+    _orgId: testOrg._id,
+};

package/dist/controllers/auth.controller.js

@@ -13,7 +13,7 @@ export class AuthController {
     }
     mapRoutes(app) {
         app.post(`/api/auth/login`, this.login.bind(this), this.afterAuth.bind(this));
-        app.post(`/api/auth/register`, this.registerUser.bind(this));
+        app.post(`/api/auth/register`, isAuthenticated, this.registerUser.bind(this));
         app.get(`/api/auth/refresh`, this.requestTokenUsingRefreshToken.bind(this));
         app.get(`/api/auth/get-user-context`, isAuthenticated, this.getUserContext.bind(this));
         app.patch(`/api/auth/change-password`, isAuthenticated, this.changePassword.bind(this));

package/dist/databases/postgres/migrations/001-create-migrations-table.migration.js

@@ -19,10 +19,7 @@ export class CreateMigrationTableMigration {
             `);
         }
         catch (error) {
-            if (error.code === '42P07' || error.data?.error?.includes('already exists')) {
-                console.log(`Migrations table already exists`);
-            }
-            else {
+            if (error.code !== '42P07' && !error.data?.error?.includes('already exists')) {
                 return { success: false, error: new Error(`Error creating migrations table: ${error.message}`) };
             }
         }

package/dist/databases/postgres/migrations/006-create-admin-user.migration.d.ts

@@ -0,0 +1,20 @@
+import { Client } from "pg";
+import { IMigration } from "../index.js";
+export declare class CreateAdminUserMigration implements IMigration {
+    private readonly client;
+    private readonly adminUsername;
+    private readonly adminPassword;
+    constructor(client: Client, adminUsername: string, adminPassword: string);
+    index: number;
+    execute(_orgId?: string): Promise<{
+        success: boolean;
+        error: Error;
+    } | {
+        success: boolean;
+        error: null;
+    }>;
+    revert(_orgId?: string): Promise<{
+        success: boolean;
+        error: Error | null;
+    }>;
+}

package/dist/databases/postgres/migrations/006-create-admin-user.migration.js

@@ -0,0 +1,52 @@
+import { PostgresDatabase } from "../index.js";
+import { randomUUID } from "crypto";
+import { UserService } from "../../../services/user.service.js";
+import { getSystemUserContext } from "@loomcore/common/models";
+export class CreateAdminUserMigration {
+    client;
+    adminUsername;
+    adminPassword;
+    constructor(client, adminUsername, adminPassword) {
+        this.client = client;
+        this.adminUsername = adminUsername;
+        this.adminPassword = adminPassword;
+    }
+    index = 6;
+    async execute(_orgId) {
+        const _id = randomUUID().toString();
+        try {
+            const database = new PostgresDatabase(this.client);
+            const userService = new UserService(database);
+            const systemUserContext = getSystemUserContext();
+            const adminUser = await userService.create(systemUserContext, {
+                _id: _id,
+                _orgId: _orgId,
+                email: this.adminUsername,
+                password: this.adminPassword,
+                firstName: 'Admin',
+                lastName: 'User',
+                displayName: 'Admin User',
+                roles: ['admin'],
+            });
+        }
+        catch (error) {
+            return { success: false, error: new Error(`Error creating admin user: ${error.message}`) };
+        }
+        try {
+            const result = await this.client.query(`
+                INSERT INTO "migrations" ("_id", "_orgId", "index", "hasRun", "reverted")
+                VALUES ('${_id}', '${_orgId}', ${this.index}, TRUE, FALSE);
+            `);
+            if (result.rowCount === 0) {
+                return { success: false, error: new Error(`Error inserting migration ${this.index} to migrations table: No row returned`) };
+            }
+        }
+        catch (error) {
+            return { success: false, error: new Error(`Error inserting migration ${this.index} to migrations table: ${error.message}`) };
+        }
+        return { success: true, error: null };
+    }
+    async revert(_orgId) {
+        throw new Error('Not implemented');
+    }
+}

package/dist/databases/postgres/migrations/setup-for-auth.migration.d.ts

@@ -1,5 +1,5 @@
 import { Client } from "pg";
-export declare function setupDatabaseForAuth(client: Client, _orgId?: string): Promise<{
+export declare function setupDatabaseForAuth(client: Client, adminUsername: string, adminPassword: string, _orgId?: string): Promise<{
     success: boolean;
     error: Error | null;
 }>;

package/dist/databases/postgres/migrations/setup-for-auth.migration.js

@@ -2,7 +2,8 @@ import { CreateRefreshTokenTableMigration } from "./004-create-refresh-tokens-ta
 import { CreateMigrationTableMigration } from "./001-create-migrations-table.migration.js";
 import { CreateUsersTableMigration } from "./003-create-users-table.migration.js";
 import { doesTableExist } from "../utils/does-table-exist.util.js";
-export async function setupDatabaseForAuth(client, _orgId) {
+import { CreateAdminUserMigration } from "./006-create-admin-user.migration.js";
+export async function setupDatabaseForAuth(client, adminUsername, adminPassword, _orgId) {
     let runMigrations = [];
     if (await doesTableExist(client, 'migrations')) {
         const migrations = await client.query(`
@@ -21,6 +22,8 @@ export async function setupDatabaseForAuth(client, _orgId) {
         migrationsToRun.push(new CreateUsersTableMigration(client));
     if (!runMigrations.includes(4))
         migrationsToRun.push(new CreateRefreshTokenTableMigration(client));
+    if (!runMigrations.includes(6))
+        migrationsToRun.push(new CreateAdminUserMigration(client, adminUsername, adminPassword));
     for (const migration of migrationsToRun) {
         await migration.execute(_orgId);
     }

package/dist/services/organization.service.d.ts

@@ -3,6 +3,7 @@ import { IOrganization, IUserContext } from '@loomcore/common/models';
 import { IDatabase } from '../databases/models/database.interface.js';
 export declare class OrganizationService extends GenericApiService<IOrganization> {
     constructor(database: IDatabase);
+    preprocessEntity(userContext: IUserContext, entity: Partial<IOrganization>, isCreate: boolean, allowId?: boolean): Promise<Partial<IOrganization>>;
     getAuthTokenByRepoCode(userContext: IUserContext, orgId: string): Promise<string | null>;
     validateRepoAuthToken(userContext: IUserContext, orgCode: string, authToken: string): Promise<string | null>;
     getMetaOrg(userContext: IUserContext): Promise<IOrganization | null>;

package/dist/services/organization.service.js

@@ -1,9 +1,23 @@
 import { GenericApiService } from './generic-api-service/generic-api.service.js';
 import { OrganizationSpec } from '@loomcore/common/models';
+import { BadRequestError } from '../errors/index.js';
 export class OrganizationService extends GenericApiService {
     constructor(database) {
         super(database, 'organizations', 'organization', OrganizationSpec);
     }
+    async preprocessEntity(userContext, entity, isCreate, allowId = true) {
+        if (isCreate) {
+            const metaOrg = await this.getMetaOrg(userContext);
+            if (metaOrg && entity.isMetaOrg) {
+                throw new BadRequestError('Meta organization already exists');
+            }
+            if (metaOrg && userContext._orgId !== metaOrg._id) {
+                throw new BadRequestError('User is not authorized to create an organization');
+            }
+        }
+        const result = await super.preprocessEntity(userContext, entity, isCreate, allowId);
+        return result;
+    }
     async getAuthTokenByRepoCode(userContext, orgId) {
         const org = await this.getById(userContext, orgId);
         return org?.authToken ?? null;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@loomcore/api",
-  "version": "0.1.12",
+  "version": "0.1.14",
   "private": false,
   "description": "Loom Core Api - An opinionated Node.js api using Typescript, Express, and MongoDb or PostgreSQL",
   "scripts": {