@nu-art/user-account-backend 0.401.8 → 0.401.9

package/_entity/account/ModuleBE_AccountDB.d.ts

@@ -2,7 +2,7 @@ import { DB_BaseObject, Dispatcher } from '@nu-art/ts-common';
 import { firestore } from 'firebase-admin';
 import { ModuleBE_BaseDB } from '@nu-art/thunderstorm-backend';
 import { FirestoreQuery } from '@nu-art/firebase-shared';
-import { _SessionKey_Account, Account_ChangePassword, Account_ChangeThumbnail, Account_CreateAccount, Account_Login, Account_RegisterAccount, Account_SetPassword, AccountEmail, AccountEmailWithDevice, AccountToAssertPassword, AccountToSpice, AccountType, DB_Account, DBProto_Account, PasswordAssertionConfig, SafeDB_Account, UI_Account } from '@nu-art/user-account-shared';
+import { _SessionKey_Account, Account_ChangePassword, Account_ChangeThumbnail, Account_CreateAccount, Account_Delete, Account_Login, Account_RegisterAccount, Account_SetPassword, AccountEmail, AccountEmailWithDevice, AccountToAssertPassword, AccountToSpice, AccountType, DB_Account, DBProto_Account, PasswordAssertionConfig, SafeDB_Account, UI_Account } from '@nu-art/user-account-shared';
 import { BaseSessionClaims, CollectSessionData } from '../session/index.js';
 import Transaction = firestore.Transaction;
 type BaseAccount = {
@@ -25,6 +25,9 @@ export interface OnPreLogout {
 }
 export declare const dispatch_onAccountLogin: Dispatcher<OnUserLogin, "__onUserLogin", [account: SafeDB_Account, transaction: firestore.Transaction], void>;
 export declare const dispatch_onPreLogout: Dispatcher<OnPreLogout, "__onPreLogout", [], void>;
+export interface OnAccountDeleted {
+    __onAccountDeleted: (account: SafeDB_Account, transaction: Transaction) => Promise<void>;
+}
 type Config = {
     canRegister: boolean;
     passwordAssertion?: PasswordAssertionConfig;
@@ -35,7 +38,6 @@ export declare class ModuleBE_AccountDB_Class extends ModuleBE_BaseDB<DBProto_Ac
     constructor();
     init(): void;
     manipulateQuery(query: FirestoreQuery<DB_Account>): FirestoreQuery<DB_Account>;
-    canDeleteItems(dbItems: DB_Account[], transaction?: FirebaseFirestore.Transaction): Promise<void>;
     __collectSessionData(data: BaseSessionClaims): Promise<{
         key: "account";
         value: {
@@ -84,6 +86,7 @@ export declare class ModuleBE_AccountDB_Class extends ModuleBE_BaseDB<DBProto_Ac
             sessions: import("@nu-art/user-account-shared").DB_Session[];
         }>;
         changeThumbnail: (request: Account_ChangeThumbnail["request"]) => Promise<Account_ChangeThumbnail["response"]>;
+        delete: (request: Account_Delete["request"]) => Promise<Account_Delete["response"]>;
     };
     password: {
         assertPasswordExistence: (email: string, password?: string, passwordCheck?: string) => void;

package/_entity/account/ModuleBE_AccountDB.js

@@ -8,6 +8,7 @@ import { ModuleBE_FailedLoginAttemptDB } from '../failed-login-attempt/index.js'
 export const dispatch_onAccountLogin = new Dispatcher('__onUserLogin');
 const dispatch_onAccountRegistered = new Dispatcher('__onNewUserRegistered');
 export const dispatch_onPreLogout = new Dispatcher('__onPreLogout');
+const dispatch_OnAccountDeleted = new Dispatcher('__onAccountDeleted');
 export class ModuleBE_AccountDB_Class extends ModuleBE_BaseDB {
     Middleware = async () => {
         const account = SessionKey_Account_BE.get();
@@ -33,11 +34,12 @@ export class ModuleBE_AccountDB_Class extends ModuleBE_BaseDB {
             createBodyServerApi(ApiDef_Account._v1.setPassword, this.account.setPassword),
             createQueryServerApi(ApiDef_Account._v1.getSessions, this.account.getSessions),
             createBodyServerApi(ApiDef_Account._v1.changeThumbnail, this.account.changeThumbnail),
+            createQueryServerApi(ApiDef_Account._v1.deleteAccount, this.account.delete),
             createQueryServerApi(ApiDef_Account._v1.getPasswordAssertionConfig, async () => ({
                 config: this.config.ignorePasswordAssertion
                     ? undefined
                     : this.config.passwordAssertion
-            }))
+            })),
         ]);
     }
     manipulateQuery(query) {
@@ -46,9 +48,9 @@ export class ModuleBE_AccountDB_Class extends ModuleBE_BaseDB {
             select: ['__created', '_v', '__updated', 'email', '_newPasswordRequired', 'type', '_id', 'thumbnail', 'displayName', '_auditorId', 'description']
         };
     }
-    canDeleteItems(dbItems, transaction) {
-        throw HttpCodes._5XX.NOT_IMPLEMENTED('Account Deletion is not implemented yet');
-    }
+    // canDeleteItems(dbItems: DB_Account[], transaction?: FirebaseFirestore.Transaction): Promise<void> {
+    // 	throw HttpCodes._5XX.NOT_IMPLEMENTED('Account Deletion is not implemented yet');
+    // }
     async __collectSessionData(data) {
         const account = await this.query.uniqueAssert(data.accountId);
         return {
@@ -279,6 +281,26 @@ export class ModuleBE_AccountDB_Class extends ModuleBE_BaseDB {
             return {
                 account: (await account.get()),
             };
+        },
+        delete: async (request) => {
+            return await this.runTransaction(async (t) => {
+                const account = await this.query.unique(request.accountId);
+                if (!account)
+                    throw HttpCodes._4XX.NOT_FOUND(`Account with id ${request.accountId} Not Found!`);
+                try {
+                    const safeAccount = makeAccountSafe(account);
+                    await dispatch_OnAccountDeleted.dispatchModuleAsyncSerial(safeAccount, t);
+                    await this.delete.item(account, t);
+                    return { account };
+                }
+                catch (err) {
+                    const error = err;
+                    if (error.responseCode === 422)
+                        throw error;
+                    this.logError('Failed deleting account', err);
+                    throw HttpCodes._5XX.INTERNAL_SERVER_ERROR('Failed to delete account', error.message, error);
+                }
+            });
         }
     };
     password = {

package/_entity/session/ModuleBE_SessionDB.d.ts

@@ -1,7 +1,8 @@
 import { AnyPrimitive, Dispatcher, RecursiveObjectOfPrimitives, TypedKeyValue, UniqueId } from '@nu-art/ts-common';
 import { firestore } from 'firebase-admin';
 import { DBApiConfigV3, ModuleBE_BaseDB } from '@nu-art/thunderstorm-backend';
-import { DB_Session, DBProto_Session } from '@nu-art/user-account-shared';
+import { DB_Session, DBProto_Session, SafeDB_Account } from '@nu-art/user-account-shared';
+import { OnAccountDeleted } from '../account/ModuleBE_AccountDB.js';
 import Transaction = firestore.Transaction;
 export type BaseSessionClaims = {
     accountId: string;
@@ -29,8 +30,9 @@ type Config = DBApiConfigV3<DBProto_Session> & {
 };
 export declare class ModuleBE_SessionDB_Class extends ModuleBE_BaseDB<DBProto_Session, Config> implements CollectSessionData<TypedKeyValue<'session', {
     deviceId: string;
-}>> {
+}>>, OnAccountDeleted {
     private jwtHandler;
+    __onAccountDeleted: (account: SafeDB_Account, transaction: Transaction) => Promise<void>;
     constructor();
     init(): void;
     private collectSessionData;

package/_entity/session/ModuleBE_SessionDB.js

@@ -1,16 +1,20 @@
-import { ApiException, currentTimeMillis, Day, Dispatcher, filterInstances, filterKeys, isErrorOfType, JwtTools, md5, MUSTNeverHappenException } from '@nu-art/ts-common';
+import { ApiException, currentTimeMillis, Day, dbObjectToId, Dispatcher, filterKeys, isErrorOfType, JwtTools, md5, MUSTNeverHappenException } from '@nu-art/ts-common';
 import { ModuleBE_BaseDB } from '@nu-art/thunderstorm-backend';
-import { DBDef_Session } from '@nu-art/user-account-shared';
+import { AccountType_Service, DBDef_Session } from '@nu-art/user-account-shared';
 import { Header_Authorization, MemKey_DB_Session, MemKey_Jwt, MemKey_SessionData, SessionKey_Account_BE } from './consts.js';
 import { MemKey_HttpResponse } from '@nu-art/thunderstorm-backend/modules/server/consts';
 import { ResponseHeaderKey_JWTToken } from '@nu-art/thunderstorm-shared';
 import { ModuleBE_JWT } from './ModuleBE_JWT.js';
 import { HttpCodes } from '@nu-art/ts-common/core/exceptions/http-codes';
 import { _EmptyQuery } from '@nu-art/firebase-shared';
+import { ModuleBE_AccountDB } from '../account/ModuleBE_AccountDB.js';
 export const dispatch_CollectSessionData = new Dispatcher('__collectSessionData');
 export const Const_Default_SessionJWT_SecretKey = 'jwt-signer--account-session';
 export class ModuleBE_SessionDB_Class extends ModuleBE_BaseDB {
     jwtHandler;
+    __onAccountDeleted = async (account, transaction) => {
+        await this.delete.where({ accountId: account._id }, transaction);
+    };
     constructor() {
         super(DBDef_Session);
         this.setDefaultConfig({
@@ -144,6 +148,9 @@ export class ModuleBE_SessionDB_Class extends ModuleBE_BaseDB {
                 label: content.initialClaims.label,
                 sessionIdJwt: jwt,
             }, ['linkedSessionId', 'label']);
+            const idsToDelete = dbSession.validSessionJwtMd5s.slice(1);
+            if (idsToDelete.length)
+                await this.delete.all(idsToDelete, transaction);
             return await this.set.item(dbSession, transaction);
         },
         create: Object.assign(async (content, ttlInMs, transaction) => {
@@ -210,7 +217,15 @@ export class ModuleBE_SessionDB_Class extends ModuleBE_BaseDB {
     async locateSession(jwt) {
         try {
             const { dbSession, claims } = await this.runTransaction(async (t) => {
-                let dbSession = await this._session.query.byJwt(jwt);
+                let dbSession;
+                try {
+                    dbSession = await this._session.query.byJwt(jwt);
+                }
+                catch (err) {
+                    if (isErrorOfType(err, ApiException)?.responseCode === HttpCodes._4XX.NOT_FOUND.code)
+                        throw HttpCodes._4XX.UNAUTHORIZED('JWT received in request was not found', err);
+                    throw err;
+                }
                 const latestJwtValidationResult = await this.jwtHandler.verifySignature(dbSession.sessionIdJwt);
                 if (!latestJwtValidationResult.validated)
                     throw new MUSTNeverHappenException(`JWT received from DB is invalid Session id = ${dbSession._id}`);
@@ -239,15 +254,46 @@ export class ModuleBE_SessionDB_Class extends ModuleBE_BaseDB {
     }
     cleanOldOrExpiredSessions = async () => {
         const sessions = await this.query.custom(_EmptyQuery);
-        const toDelete = filterInstances(await Promise.all(sessions.map(async (session) => {
+        const accounts = await ModuleBE_AccountDB.query.where({ type: { $neq: AccountType_Service } });
+        const validAccountIds = new Set(accounts.map(dbObjectToId));
+        const sessionIdsToDelete = new Set();
+        const accountSessionMap = {};
+        this.logWarning(`#### Cleaning ${sessions.length} sessions for ${validAccountIds.size} accounts ####`);
+        //First pass - Collect all sessions that are referenced by newer sessions
+        sessions.forEach(session => {
+            if (validAccountIds.has(session.accountId)) {
+                const currentSession = accountSessionMap[session.accountId];
+                if (!currentSession || currentSession.__created < session.__created) {
+                    accountSessionMap[session.accountId] = session;
+                    if (currentSession)
+                        sessionIdsToDelete.add(currentSession._id);
+                }
+                else {
+                    sessionIdsToDelete.add(session._id);
+                }
+            }
+            if (!session.validSessionJwtMd5s?.length)
+                sessionIdsToDelete.add(session._id);
+            else
+                session.validSessionJwtMd5s.forEach(id => {
+                    if (id !== session._id)
+                        sessionIdsToDelete.add(id);
+                });
+        });
+        //Second pass - collect all sessions that are expired or has the old "sessionData" property in their decoded data
+        await Promise.all(sessions.map(async (session) => {
+            if (sessionIdsToDelete.has(session._id))
+                return;
             const isExpired = await JwtTools.isJwtExpired(session.sessionIdJwt);
             if (isExpired)
-                return session;
+                return sessionIdsToDelete.add(session._id);
             const decoded = await JwtTools.decode(session.sessionIdJwt);
             if ('sessionData' in decoded)
-                return session;
-        })));
-        await this.delete.allItems(toDelete);
+                return sessionIdsToDelete.add(session._id);
+        }));
+        //Delete sessions
+        await this.delete.all(Array.from(sessionIdsToDelete));
+        this.logWarning(`### Deleted ${sessionIdsToDelete.size} Sessions! ###`);
     };
 }
 export const ModuleBE_SessionDB = new ModuleBE_SessionDB_Class();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nu-art/user-account-backend",
-  "version": "0.401.8",
+  "version": "0.401.9",
   "description": "User Account Backend",
   "keywords": [
     "TacB0sS",
@@ -34,14 +34,14 @@
     "test": "ts-mocha -w -p src/test/tsconfig.json --timeout 0 --inspect=8107 --watch-files 'src/test/**/*.test.ts' src/test/**/*.test.ts"
   },
   "dependencies": {
-    "@nu-art/user-account-shared": "0.401.8",
-    "@nu-art/firebase-backend": "0.401.8",
-    "@nu-art/firebase-shared": "0.401.8",
-    "@nu-art/slack-backend": "0.401.8",
-    "@nu-art/slack-shared": "0.401.8",
-    "@nu-art/thunderstorm-backend": "0.401.8",
-    "@nu-art/thunderstorm-shared": "0.401.8",
-    "@nu-art/ts-common": "0.401.8",
+    "@nu-art/user-account-shared": "0.401.9",
+    "@nu-art/firebase-backend": "0.401.9",
+    "@nu-art/firebase-shared": "0.401.9",
+    "@nu-art/slack-backend": "0.401.9",
+    "@nu-art/slack-shared": "0.401.9",
+    "@nu-art/thunderstorm-backend": "0.401.9",
+    "@nu-art/thunderstorm-shared": "0.401.9",
+    "@nu-art/ts-common": "0.401.9",
     "express": "^4.18.2",
     "firebase": "^11.9.0",
     "firebase-admin": "13.4.0",
@@ -53,12 +53,11 @@
     "xmlbuilder": "^15.1.1"
   },
   "devDependencies": {
-    "@nu-art/testalot": "0.401.8",
-    "@nu-art/google-services-backend": "0.401.8",
+    "@nu-art/testalot": "0.401.9",
+    "@nu-art/google-services-backend": "0.401.9",
     "@types/react": "^18.0.0",
     "@types/express": "^4.17.17",
     "@types/history": "^4.7.2",
-    "@types/request": "^2.48.1",
     "@types/saml2-js": "^1.6.8",
     "@types/pako": "^2.0.0",
     "@types/jsonwebtoken": "^9.0.6"