@loomcore/api 0.1.20 → 0.1.22

package/dist/controllers/auth.controller.js

@@ -31,11 +31,19 @@ export class AuthController {
         const body = req.body;
         const validationErrors = this.authService.validate(body);
         entityUtils.handleValidationResult(validationErrors, 'AuthController.registerUser');
+        if (!userContext) {
+            throw new BadRequestError('Missing required fields: userContext is required.');
+        }
         const user = await this.authService.createUser(userContext, body);
         apiUtils.apiResponse(res, 201, { data: user || undefined }, UserSpec, PublicUserSchema);
     }
     async requestTokenUsingRefreshToken(req, res, next) {
-        let tokens = await this.authService.requestTokenUsingRefreshToken(req);
+        const refreshToken = req.query.refreshToken;
+        if (!refreshToken || typeof refreshToken !== 'string') {
+            throw new BadRequestError('Missing required fields: refreshToken is required.');
+        }
+        const deviceId = this.authService.getDeviceIdFromCookie(req);
+        const tokens = await this.authService.requestTokenUsingRefreshToken(refreshToken, deviceId);
         if (tokens) {
             apiUtils.apiResponse(res, 200, { data: tokens }, TokenResponseSpec);
         }

package/dist/services/auth.service.d.ts

@@ -1,13 +1,14 @@
 import { Request, Response } from 'express';
 import { IUserContext, IUser, ITokenResponse, ILoginResponse } from '@loomcore/common/models';
-import { GenericApiService } from './generic-api-service/generic-api.service.js';
+import { MultiTenantApiService } from './multi-tenant-api.service.js';
 import { UpdateResult } from '../databases/models/update-result.js';
 import { IRefreshToken } from '../models/refresh-token.model.js';
 import { IDatabase } from '../databases/models/index.js';
-export declare class AuthService extends GenericApiService<IUser> {
+export declare class AuthService extends MultiTenantApiService<IUser> {
     private refreshTokenService;
     private passwordResetTokenService;
     private emailService;
+    private organizationService;
     constructor(database: IDatabase);
     attemptLogin(req: Request, res: Response, email: string, password: string): Promise<ILoginResponse | null>;
     logUserIn(userContext: IUserContext, deviceId: string): Promise<{
@@ -18,23 +19,22 @@ export declare class AuthService extends GenericApiService<IUser> {
         };
         userContext: IUserContext;
     } | null>;
-    getUserById(id: string): Promise<IUser | null>;
     getUserByEmail(email: string): Promise<IUser | null>;
     createUser(userContext: IUserContext, user: Partial<IUser>): Promise<IUser | null>;
-    requestTokenUsingRefreshToken(req: Request): Promise<ITokenResponse | null>;
+    requestTokenUsingRefreshToken(refreshToken: string, deviceId: string): Promise<ITokenResponse | null>;
     changeLoggedInUsersPassword(userContext: IUserContext, body: any): Promise<UpdateResult>;
     changePassword(userContext: IUserContext, queryObject: any, password: string): Promise<UpdateResult>;
-    createNewTokens(userId: string, deviceId: string, refreshTokenExpiresOn: number): Promise<{
+    createNewTokens(userContext: IUserContext, activeRefreshToken: IRefreshToken): Promise<{
         accessToken: string;
-        refreshToken: any;
+        refreshToken: string;
         expiresOn: number;
-    } | null>;
-    getActiveRefreshToken(userContext: IUserContext, refreshToken: string, deviceId: string): Promise<IRefreshToken | null>;
-    createNewRefreshToken(userId: string, deviceId: string, existingExpiresOn?: number | null, orgId?: string): Promise<IRefreshToken | null>;
+    }>;
+    getActiveRefreshToken(refreshToken: string, deviceId: string): Promise<IRefreshToken | null>;
+    createNewRefreshToken(userId: string, deviceId: string, orgId?: string): Promise<IRefreshToken | null>;
     sendResetPasswordEmail(emailAddress: string): Promise<void>;
     resetPassword(email: string, passwordResetToken: string, password: string): Promise<UpdateResult>;
     deleteRefreshTokensForDevice(deviceId: string): Promise<import("../databases/models/delete-result.js").DeleteResult>;
-    generateJwt(payload: any): string;
+    generateJwt(userContext: IUserContext): string;
     generateRefreshToken(): string;
     generateDeviceId(): string;
     getAndSetDeviceIdCookie(req: Request, res: Response): string;

package/dist/services/auth.service.js

@@ -5,19 +5,23 @@ import { entityUtils } from '@loomcore/common/utils';
 import { BadRequestError, ServerError } from '../errors/index.js';
 import { JwtService, EmailService } from './index.js';
 import { GenericApiService } from './generic-api-service/generic-api.service.js';
+import { MultiTenantApiService } from './multi-tenant-api.service.js';
 import { PasswordResetTokenService } from './password-reset-token.service.js';
+import { OrganizationService } from './organization.service.js';
 import { passwordUtils } from '../utils/index.js';
 import { config } from '../config/index.js';
 import { refreshTokenModelSpec } from '../models/refresh-token.model.js';
-export class AuthService extends GenericApiService {
+export class AuthService extends MultiTenantApiService {
     refreshTokenService;
     passwordResetTokenService;
     emailService;
+    organizationService;
     constructor(database) {
         super(database, 'users', 'user', UserSpec);
         this.refreshTokenService = new GenericApiService(database, 'refreshTokens', 'refreshToken', refreshTokenModelSpec);
         this.passwordResetTokenService = new PasswordResetTokenService(database);
         this.emailService = new EmailService();
+        this.organizationService = new OrganizationService(database);
     }
     async attemptLogin(req, res, email, password) {
         const lowerCaseEmail = email.toLowerCase();
@@ -40,7 +44,7 @@ export class AuthService extends GenericApiService {
     async logUserIn(userContext, deviceId) {
         const payload = userContext;
         const accessToken = this.generateJwt(payload);
-        const refreshTokenObject = await this.createNewRefreshToken(userContext.user._id, deviceId, null, userContext._orgId);
+        const refreshTokenObject = await this.createNewRefreshToken(userContext.user._id, deviceId, userContext._orgId);
         const accessTokenExpiresOn = this.getExpiresOnFromSeconds(config.auth.jwtExpirationInSeconds);
         let loginResponse = null;
         if (refreshTokenObject) {
@@ -56,31 +60,45 @@ export class AuthService extends GenericApiService {
         }
         return loginResponse;
     }
-    async getUserById(id) {
-        const user = await this.findOne(EmptyUserContext, { filters: { _id: { eq: id } } });
-        return user;
-    }
     async getUserByEmail(email) {
-        const user = await this.findOne(EmptyUserContext, { filters: { email: { eq: email.toLowerCase() } } });
-        return user;
+        const queryOptions = { filters: { email: { eq: email.toLowerCase() } } };
+        const rawUser = await this.database.findOne(queryOptions, 'users');
+        if (!rawUser) {
+            return null;
+        }
+        const userContext = {
+            _orgId: rawUser._orgId,
+            user: rawUser
+        };
+        return this.postprocessEntity(userContext, rawUser);
     }
     async createUser(userContext, user) {
+        if (user.email) {
+            const existingUser = await this.getUserByEmail(user.email);
+            if (existingUser) {
+                throw new BadRequestError('A user with this email address already exists');
+            }
+        }
+        if (user._orgId && userContext._orgId && userContext._orgId !== user._orgId && userContext.user?._id !== 'system') {
+            const org = await this.organizationService.findOne(userContext, { filters: { _id: { eq: user._orgId } } });
+            if (!org) {
+                throw new BadRequestError('The specified organization does not exist');
+            }
+        }
         const createdUser = await this.create(userContext, user);
         return createdUser;
     }
-    async requestTokenUsingRefreshToken(req) {
-        const refreshToken = req.query.refreshToken;
-        const deviceId = this.getDeviceIdFromCookie(req);
+    async requestTokenUsingRefreshToken(refreshToken, deviceId) {
         let tokens = null;
-        if (refreshToken && typeof refreshToken === 'string' && deviceId && typeof deviceId === 'string') {
-            let userId = null;
-            const activeRefreshToken = await this.getActiveRefreshToken(EmptyUserContext, refreshToken, deviceId);
-            if (activeRefreshToken) {
-                userId = activeRefreshToken.userId;
-                if (userId) {
-                    tokens = await this.createNewTokens(userId, deviceId, activeRefreshToken.expiresOn);
-                }
-            }
+        const activeRefreshToken = await this.getActiveRefreshToken(refreshToken, deviceId);
+        if (activeRefreshToken) {
+            const systemUserContext = getSystemUserContext();
+            const user = await this.getById(systemUserContext, activeRefreshToken.userId);
+            const userContext = {
+                _orgId: user._orgId,
+                user: user
+            };
+            tokens = await this.createNewTokens(userContext, activeRefreshToken);
         }
         return tokens;
     }
@@ -98,31 +116,19 @@ export class AuthService extends GenericApiService {
         };
         return result;
     }
-    async createNewTokens(userId, deviceId, refreshTokenExpiresOn) {
-        let createdRefreshTokenObject = null;
-        const user = await this.getUserById(userId);
-        const newRefreshToken = await this.createNewRefreshToken(userId, deviceId, refreshTokenExpiresOn, user?._orgId);
-        if (newRefreshToken) {
-            createdRefreshTokenObject = newRefreshToken;
-        }
-        let tokenResponse = null;
-        if (user && createdRefreshTokenObject) {
-            const payload = {
-                user: user,
-                _orgId: user._orgId
-            };
-            const accessToken = this.generateJwt(payload);
-            const accessTokenExpiresOn = this.getExpiresOnFromSeconds(config.auth.jwtExpirationInSeconds);
-            tokenResponse = {
-                accessToken,
-                refreshToken: createdRefreshTokenObject.token,
-                expiresOn: accessTokenExpiresOn
-            };
-        }
+    async createNewTokens(userContext, activeRefreshToken) {
+        const payload = userContext;
+        const accessToken = this.generateJwt(payload);
+        const accessTokenExpiresOn = this.getExpiresOnFromSeconds(config.auth.jwtExpirationInSeconds);
+        const tokenResponse = {
+            accessToken,
+            refreshToken: activeRefreshToken.token,
+            expiresOn: accessTokenExpiresOn
+        };
         return tokenResponse;
     }
-    async getActiveRefreshToken(userContext, refreshToken, deviceId) {
-        const refreshTokenResult = await this.refreshTokenService.findOne(userContext, { filters: { token: { eq: refreshToken }, deviceId: { eq: deviceId } } });
+    async getActiveRefreshToken(refreshToken, deviceId) {
+        const refreshTokenResult = await this.refreshTokenService.findOne(EmptyUserContext, { filters: { token: { eq: refreshToken }, deviceId: { eq: deviceId } } });
         let activeRefreshToken = null;
         if (refreshTokenResult) {
             const now = Date.now();
@@ -133,8 +139,8 @@ export class AuthService extends GenericApiService {
         }
         return activeRefreshToken;
     }
-    async createNewRefreshToken(userId, deviceId, existingExpiresOn = null, orgId) {
-        const expiresOn = existingExpiresOn ? existingExpiresOn : this.getExpiresOnFromDays(config.auth.refreshTokenExpirationInDays);
+    async createNewRefreshToken(userId, deviceId, orgId) {
+        const expiresOn = this.getExpiresOnFromDays(config.auth.refreshTokenExpirationInDays);
         const newRefreshToken = {
             _orgId: orgId,
             token: this.generateRefreshToken(),
@@ -181,13 +187,10 @@ export class AuthService extends GenericApiService {
     deleteRefreshTokensForDevice(deviceId) {
         return this.refreshTokenService.deleteMany(EmptyUserContext, { filters: { deviceId: { eq: deviceId } } });
     }
-    generateJwt(payload) {
-        if (payload._orgId !== undefined) {
-            payload._orgId = String(payload._orgId);
-        }
+    generateJwt(userContext) {
         const jwtExpiryConfig = config.auth.jwtExpirationInSeconds;
         const jwtExpirationInSeconds = (typeof jwtExpiryConfig === 'string') ? parseInt(jwtExpiryConfig) : jwtExpiryConfig;
-        const accessToken = JwtService.sign(payload, config.clientSecret, {
+        const accessToken = JwtService.sign(userContext, config.clientSecret, {
             expiresIn: jwtExpirationInSeconds
         });
         return accessToken;

package/dist/services/multi-tenant-api.service.js

@@ -11,7 +11,7 @@ export class MultiTenantApiService extends GenericApiService {
         }
     }
     prepareQuery(userContext, queryOptions, operations) {
-        if (!config?.app?.isMultiTenant) {
+        if (!config?.app?.isMultiTenant || userContext?.user?._id === 'system') {
             return super.prepareQuery(userContext, queryOptions, operations);
         }
         if (!userContext || !userContext._orgId) {
@@ -28,8 +28,9 @@ export class MultiTenantApiService extends GenericApiService {
             throw new BadRequestError('A valid userContext was not provided to MultiTenantApiService.prepareEntity');
         }
         const preparedEntity = await super.preprocessEntity(userContext, entity, isCreate, allowId);
-        const orgIdField = this.tenantDecorator.getOrgIdField();
-        preparedEntity[orgIdField] = userContext._orgId;
+        if (isCreate && userContext.user._id !== 'system') {
+            preparedEntity._orgId = userContext._orgId;
+        }
         return preparedEntity;
     }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@loomcore/api",
-  "version": "0.1.20",
+  "version": "0.1.22",
   "private": false,
   "description": "Loom Core Api - An opinionated Node.js api using Typescript, Express, and MongoDb or PostgreSQL",
   "scripts": {