@plusscommunities/pluss-core-aws 2.0.25-auth.0 → 2.0.25-beta.0

package/helper/getUserPreview.js

@@ -3,66 +3,66 @@ const getUser = require("../db/users/getUser");
 const { getConfig } = require("../config");
 
 module.exports = async (id, includeType, includeSite, options) => {
-  return new Promise((resolve, reject) => {
-    const logId = log("getUserPreview", "Input", {
-      id,
-      includeType,
-      includeSite,
-      options,
-    });
+	return new Promise((resolve, reject) => {
+		const logId = log("getUserPreview", "Input", {
+			id,
+			includeType,
+			includeSite,
+			options,
+		});
 
-    if (!id) {
-      log("getUserPreview", "NoId", "id is missing", logId);
-      return resolve({
-        id: null,
-        userId: null,
-        displayName: "Pluss",
-        profilePic: null,
-        type: null,
-        site: getConfig().anySignUpSite,
-      });
-    }
+		if (!id) {
+			log("getUserPreview", "NoId", "id is missing", logId);
+			return resolve({
+				id: null,
+				userId: null,
+				displayName: "Pluss",
+				profilePic: null,
+				type: null,
+				site: getConfig().anySignUpSite,
+			});
+		}
 
-    getUser(id)
-      .then((user) => {
-        const returnObj = {
-          id,
-          userId: id,
-          displayName: user.displayName,
-          profilePic: user.profilePic || null,
-        };
+		getUser(id)
+			.then((user) => {
+				const returnObj = {
+					id,
+					userId: id,
+					displayName: user.displayName,
+					profilePic: user.profilePic || null,
+				};
 
-        if (includeType || includeSite) {
-          returnObj.Roles = user.Roles;
-          if (!user.Roles) {
-            returnObj.Roles = [
-              {
-                type: user.type,
-                site: user.site,
-              },
-            ];
-          }
-        }
+				if (includeType || includeSite) {
+					returnObj.Roles = user.Roles;
+					if (!user.Roles) {
+						returnObj.Roles = [
+							{
+								type: user.type,
+								site: user.site,
+							},
+						];
+					}
+				}
 
-        if (includeType) {
-          returnObj.type = user.type || null;
-        }
-        if (includeSite) {
-          returnObj.site = user.site || null;
-        }
-        if (options) {
-          if (options.includeEmail) {
-            returnObj.email = user.email !== "empty" ? user.email : null;
-          }
-        }
-        log("getUserPreview", "Result", returnObj, logId);
+				if (includeType) {
+					returnObj.type = user.type || null;
+				}
+				if (includeSite) {
+					returnObj.site = user.site || null;
+				}
+				if (options) {
+					if (options.includeEmail) {
+						returnObj.email = user.email !== "empty" ? user.email : null;
+					}
+				}
+				log("getUserPreview", "Result", returnObj, logId);
 
-        resolve(returnObj);
-      })
-      .catch((error) => {
-        log("getUserPreview", "Error", error, logId);
-        console.log("failed to get user preview", id);
-        reject(error);
-      });
-  });
+				resolve(returnObj);
+			})
+			.catch((error) => {
+				log("getUserPreview", "Error", error, logId);
+				console.log("failed to get user preview", id);
+				reject(error);
+			});
+	});
 };

package/helper/getUserPreviewFromHeader.js

@@ -3,21 +3,21 @@ const getSessionUser = require("./auth/getSessionUser");
 const getUserPreview = require("./getUserPreview");
 
 module.exports = async (authkey, includeType, inlcudeSite, options) => {
-  return new Promise((resolve, reject) => {
-    getSessionUser(authkey)
-      .then((uid) => {
-        getUserPreview(uid, includeType, inlcudeSite, options)
-          .then((user) => {
-            resolve(user);
-          })
-          .catch((error) => {
-            log("getUserPreviewFromHeader", "Error:getUserPreview", error);
-            reject(error);
-          });
-      })
-      .catch((error) => {
-        log("getUserPreviewFromHeader", "Error:getSessionUser", error);
-        reject(error);
-      });
-  });
+	return new Promise((resolve, reject) => {
+		getSessionUser(authkey)
+			.then((uid) => {
+				getUserPreview(uid, includeType, inlcudeSite, options)
+					.then((user) => {
+						resolve(user);
+					})
+					.catch((error) => {
+						log("getUserPreviewFromHeader", "Error:getUserPreview", error);
+						reject(error);
+					});
+			})
+			.catch((error) => {
+				log("getUserPreviewFromHeader", "Error:getSessionUser", error);
+				reject(error);
+			});
+	});
 };

package/helper/getUserPreviewFromReq.js

@@ -2,21 +2,21 @@ const getSessionUserFromReqAuthKey = require("./auth/getSessionUserFromReqAuthKe
 const getUserPreview = require("./getUserPreview");
 
 module.exports = async (req, includeType, inlcudeSite, options) => {
-  return new Promise((resolve, reject) => {
-    getSessionUserFromReqAuthKey(req)
-      .then((uid) => {
-        getUserPreview(uid, includeType, inlcudeSite, options)
-          .then((user) => {
-            resolve(user);
-          })
-          .catch((error) => {
-            console.log("failed to get user preview", uid);
-            reject(error);
-          });
-      })
-      .catch((error) => {
-        console.log("failed to get session user", authkey);
-        reject(error);
-      });
-  });
+	return new Promise((resolve, reject) => {
+		getSessionUserFromReqAuthKey(req)
+			.then((uid) => {
+				getUserPreview(uid, includeType, inlcudeSite, options)
+					.then((user) => {
+						resolve(user);
+					})
+					.catch((error) => {
+						console.log("failed to get user preview", uid);
+						reject(error);
+					});
+			})
+			.catch((error) => {
+				console.log("failed to get session user", req);
+				reject(error);
+			});
+	});
 };

package/helper/hqPublishing.js

@@ -0,0 +1,45 @@
+/**
+ * PC-1441 Epic 1 — Cross-site Publishing Framework primitives (§13).
+ *
+ * Entity-agnostic helpers for HQ-published content lifecycle. Newsletter is the
+ * first entity to adopt this in July 2026 (Stories A–F under PC-1441); Q4+
+ * entities (Surveys, Information, Facilities, Services) plug in by depending on
+ * the same primitives — `HqSourceId` / `PublishedToSites` / `TemplateId` are
+ * universal field conventions, the helpers below don't reference any newsletter-
+ * specific table or shape.
+ *
+ * Story coverage:
+ * - **Story A (PC-1443)** — `isHqLocked` (lock guard for community-copy mutations).
+ * - **Story B (PC-1444)** — adds `findCopiesByHqSourceId`, `fanOutHqSource`,
+ *   `propagateHqEdit`, `cascadeHqRetract`, and `incrementTemplateUseCount`
+ *   (these will appear as additional exports here).
+ *
+ * If this file grows beyond ~200 lines or develops sub-themes, refactor to a
+ * `hqPublishing/` subdirectory with `index.js` re-exports.
+ */
+
+/**
+ * Returns `true` when the entry is a community copy of an HQ-published post —
+ * i.e. its `HqSourceId` is **truthy**.
+ *
+ * **Falsy test (`Boolean(HqSourceId)`) — NOT `!== null`.** Legacy entries and
+ * locally-created entries have `HqSourceId` `undefined`; `undefined !== null`
+ * evaluates to `true`, which would wrongly lock every pre-feature post. The
+ * falsy check accepts `undefined`, `null`, and `""` as "not locked." See PC-1441
+ * scoping doc §3.2 AC2.3 + §6.1 + commit `1123c79` on `docs/enterprise-roadmap-scoping`.
+ *
+ * Universal — no role-based exception, including masters. HQ users edit the
+ * HQ-source row (where `!HqSourceId`, so the lock does not apply); the stream
+ * cascades to community copies. This is the API-side gate that pairs with the
+ * admin UI lock indicator (PC-1448) — defense-in-depth.
+ *
+ * @param {object|null|undefined} entry - Any object with an `HqSourceId` field
+ *   (typically a row fetched from the entity's DB table).
+ * @returns {boolean} `true` if the entry is a locked community copy; `false`
+ *   for legacy / locally-authored / HQ-source rows.
+ */
+const isHqLocked = (entry) => Boolean(entry?.HqSourceId);
+
+module.exports = {
+	isHqLocked,
+};

package/helper/index.js

@@ -3,28 +3,28 @@ const uuid = require("uuid");
 const { encode, decode } = require("html-entities");
 
 exports.thisOrDefault = (val, def) => {
-  if (val) {
-    return val;
-  }
-  return def;
+	if (val) {
+		return val;
+	}
+	return def;
 };
 
 exports.getRowId = (site, id) => {
-  if (_.isEmpty(site)) {
-    return id;
-  }
-  return `${site}_${id}`;
+	if (_.isEmpty(site)) {
+		return id;
+	}
+	return `${site}_${id}`;
 };
 
 exports.getMultiRowId = (cols) => {
-  let result = "";
-  cols.forEach((col) => {
-    if (!_.isEmpty(result)) {
-      result += "_";
-    }
-    result += col;
-  });
-  return result;
+	let result = "";
+	cols.forEach((col) => {
+		if (!_.isEmpty(result)) {
+			result += "_";
+		}
+		result += col;
+	});
+	return result;
 };
 
 // exports.getExtension = (filename) => {
@@ -36,7 +36,7 @@ exports.getMultiRowId = (cols) => {
 // };
 
 exports.getBody = (event) => {
-  return typeof event.body === "string" ? JSON.parse(event.body) : event.body;
+	return typeof event.body === "string" ? JSON.parse(event.body) : event.body;
 };
 
 // exports.generatePassword = () => {
@@ -47,20 +47,20 @@ exports.getBody = (event) => {
 // };
 
 exports.log = (action, logKey, data, logId) => {
-  if (!logId) {
-    logId = this.generateLogId();
-  }
-  console.log(
-    `[${action}]:[${logId}]:[${logKey}]`,
-    typeof data === "string" || typeof data === "number"
-      ? data
-      : JSON.stringify(data)
-  );
-  return logId;
+	if (!logId) {
+		logId = this.generateLogId();
+	}
+	console.log(
+		`[${action}]:[${logId}]:[${logKey}]`,
+		typeof data === "string" || typeof data === "number"
+			? data
+			: JSON.stringify(data),
+	);
+	return logId;
 };
 
 exports.generateLogId = () => {
-  return uuid.v4().substring(30);
+	return uuid.v4().substring(30);
 };
 
 exports.encodeHtml = (html) => encode(html);

package/helper/notifySiteConfigs.js

@@ -0,0 +1,132 @@
+/**
+ * Notify SiteConfigs Service of Operational Data Changes
+ *
+ * This helper provides a pre-filtering mechanism for auto-propagation.
+ * When operational data changes (sites, usertypes, interfaces, strings, jobTypes),
+ * this function:
+ *
+ * 1. Queries SourceSiteIdIndex to check if any templates use this site as source
+ * 2. If none found → early return (no Lambda invoke, 99% of cases)
+ * 3. If templates found → invokes siteConfigs Lambda to handle republishing
+ *
+ * This hybrid approach ensures:
+ * - No Lambda latency for most sites (pre-filter catches non-source sites)
+ * - Publishing logic stays encapsulated in siteConfigs service
+ * - Minimal cross-service coupling
+ *
+ * Usage:
+ *   const notifySiteConfigs = require("@plusscommunities/pluss-core-aws/helper/notifySiteConfigs");
+ *   await notifySiteConfigs(siteId, logId);
+ */
+
+const AWS = require("aws-sdk");
+const indexQuery = require("../db/common/indexQuery");
+const { log } = require("./index");
+
+const lambda = new AWS.Lambda();
+
+const TABLE_NAME = "siteconfigs";
+
+/**
+ * Check if a site has any templates using it as a source
+ * @param {string} siteId - The site ID to check
+ * @returns {Promise<Array>} Array of template IDs (empty if none)
+ */
+const getTemplatesForSourceSite = async (siteId) => {
+	try {
+		const result = await indexQuery(TABLE_NAME, {
+			IndexName: "SourceSiteIdIndex",
+			KeyConditionExpression: "SourceSiteId = :sourceSiteId",
+			ExpressionAttributeValues: {
+				":sourceSiteId": siteId,
+			},
+			ProjectionExpression: "Id", // Only need IDs for pre-filter
+		});
+		return (result.Items || []).map((item) => item.Id);
+	} catch (err) {
+		// Table or index might not exist in all deployments
+		log("notifySiteConfigs", "QueryError", { siteId, error: err.message });
+		return [];
+	}
+};
+
+/**
+ * Invoke the siteConfigs operationalDataChanged Lambda
+ * @param {string} siteId - The source site that changed
+ * @param {Array<string>} templateIds - List of template IDs to republish
+ * @param {string} logId - Log ID for tracing
+ */
+const invokeSiteConfigsLambda = async (siteId, templateIds, logId) => {
+	// Build function name from environment
+	// Format: {client}-siteConfigs-{stage}-operationalDataChanged
+	const client = process.env.client || "dev";
+	const stage = process.env.stage || "dev";
+	const functionName = `${client}-siteConfigs-${stage}-operationalDataChanged`;
+
+	const payload = {
+		siteId,
+		templateIds,
+		logId,
+		source: "notifySiteConfigs",
+	};
+
+	log(
+		"notifySiteConfigs",
+		"InvokingLambda",
+		{ functionName, siteId, templateCount: templateIds.length },
+		logId,
+	);
+
+	try {
+		await lambda
+			.invoke({
+				FunctionName: functionName,
+				InvocationType: "Event", // Async invocation
+				Payload: JSON.stringify(payload),
+			})
+			.promise();
+
+		log("notifySiteConfigs", "LambdaInvoked", { functionName, siteId }, logId);
+	} catch (err) {
+		log(
+			"notifySiteConfigs",
+			"LambdaError",
+			{ functionName, siteId, error: err.message },
+			logId,
+		);
+		// Don't throw - this is a non-critical operation
+	}
+};
+
+/**
+ * Notify siteConfigs service that operational data has changed for a site.
+ * Performs pre-filtering to avoid unnecessary Lambda invocations.
+ *
+ * @param {string} siteId - The site ID where operational data changed
+ * @param {string} logId - Optional log ID for tracing
+ */
+const notifySiteConfigs = async (siteId, logId) => {
+	if (!siteId) {
+		return;
+	}
+
+	// Pre-filter: Check if this site is a source for any templates
+	const templateIds = await getTemplatesForSourceSite(siteId);
+
+	if (templateIds.length === 0) {
+		// No Lambda invocation needed
+		return;
+	}
+
+	log(
+		"notifySiteConfigs",
+		"TemplatesFound",
+		{ siteId, count: templateIds.length },
+		logId,
+	);
+
+	// Invoke siteConfigs Lambda to handle republishing
+	await invokeSiteConfigsLambda(siteId, templateIds, logId);
+};
+
+module.exports = notifySiteConfigs;

package/helper/opengraph/getOpenGraph.js

@@ -2,17 +2,17 @@ const axios = require("axios");
 const { getConfig } = require("../../config");
 
 module.exports = async (url) => {
-  return new Promise(async (resolve, reject) => {
-    const request = {
-      method: "GET",
-      url: `https://opengraph.io/api/1.1/site/${encodeURIComponent(url)}?app_id=${getConfig().thirdPartyAPIKeys.openGraph}`,
-    };
+	return new Promise(async (resolve, reject) => {
+		const request = {
+			method: "GET",
+			url: `https://opengraph.io/api/1.1/site/${encodeURIComponent(url)}?app_id=${getConfig().thirdPartyAPIKeys.openGraph}`,
+		};
 
-    try {
-      const response = await axios(request);
-      return resolve(response.data);
-    } catch (e) {
-      return reject(e);
-    }
-  });
+		try {
+			const response = await axios(request);
+			return resolve(response.data);
+		} catch (e) {
+			return reject(e);
+		}
+	});
 };

package/helper/rates/checkRateLimit.js

@@ -12,45 +12,45 @@ const updateRef = require("../../db/common/updateRef");
  * @returns {Boolean} true if this call is fine. false if the call should be restricted due to rate limits.
  */
 module.exports = async (rateLimitId, timeframe, limit, noSave) => {
-  const logId = log("checkRateLimit", "Input", {
-    rateLimitId,
-    timeframe,
-    limit,
-  });
+	const logId = log("checkRateLimit", "Input", {
+		rateLimitId,
+		timeframe,
+		limit,
+	});
 
-  // get rate limit item
-  const item = await getRef("ratelimit", "Id", rateLimitId);
-  const now = moment().valueOf();
-  const minTime = now - timeframe;
+	// get rate limit item
+	const item = await getRef("ratelimit", "Id", rateLimitId);
+	const now = moment().valueOf();
+	const minTime = now - timeframe;
 
-  const history = item && item.History ? item.History : [];
+	const history = item && item.History ? item.History : [];
 
-  if (history) {
-    // check history for entries to determine whether limit is surpassed
-    const entriesInTimeLimit = history.filter((e) => e > minTime);
-    log(
-      "checkRateLimit",
-      "entriesInTimeLimit",
-      entriesInTimeLimit.length,
-      logId
-    );
-    if (entriesInTimeLimit.length >= limit) {
-      // Limit surpassed
-      log("checkRateLimit", "Return", false, logId);
-      return false;
-    }
-  }
+	if (history) {
+		// check history for entries to determine whether limit is surpassed
+		const entriesInTimeLimit = history.filter((e) => e > minTime);
+		log(
+			"checkRateLimit",
+			"entriesInTimeLimit",
+			entriesInTimeLimit.length,
+			logId,
+		);
+		if (entriesInTimeLimit.length >= limit) {
+			// Limit surpassed
+			log("checkRateLimit", "Return", false, logId);
+			return false;
+		}
+	}
 
-  // check whether to save the current entry - used for when checking multiple timeframes such as X calls in a minute and X calls in a day
-  if (!noSave) {
-    history.push(now);
-    updateRef("ratelimit", {
-      Id: rateLimitId,
-      LastSent: now,
-      History: history,
-    });
-  }
-  // Limit is fine
-  log("checkRateLimit", "Return", true, logId);
-  return true;
-};
+	// check whether to save the current entry - used for when checking multiple timeframes such as X calls in a minute and X calls in a day
+	if (!noSave) {
+		history.push(now);
+		updateRef("ratelimit", {
+			Id: rateLimitId,
+			LastSent: now,
+			History: history,
+		});
+	}
+	// Limit is fine
+	log("checkRateLimit", "Return", true, logId);
+	return true;
+};

package/helper/requestToSource.js

@@ -3,14 +3,14 @@ const _ = require("lodash");
 
 // sends a request to the Pluss Source API
 module.exports = (method, service, endpoint, query, data) => {
-  return axios({
-    method,
-    url: `https://pluss60.pluss60-api.com/${service}-demo/${endpoint}${
-      !_.isEmpty(query) ? query : ""
-    }`,
-    data,
-    headers: {
-      Authorization: "SmartCommunities",
-    },
-  });
+	return axios({
+		method,
+		url: `https://pluss60.pluss60-api.com/${service}-demo/${endpoint}${
+			!_.isEmpty(query) ? query : ""
+		}`,
+		data,
+		headers: {
+			Authorization: "SmartCommunities",
+		},
+	});
 };