@reactionary/commercetools 0.6.6 → 0.6.7

package/capabilities/employee-invitation.capability.js

@@ -0,0 +1,398 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __decorateClass = (decorators, target, key, kind) => {
+  var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc(target, key) : target;
+  for (var i = decorators.length - 1, decorator; i >= 0; i--)
+    if (decorator = decorators[i])
+      result = (kind ? decorator(target, key, result) : decorator(result)) || result;
+  if (kind && result)
+    __defProp(target, key, result);
+  return result;
+};
+import * as crypto from "crypto";
+import {
+  error,
+  EmployeeInvitationSchema,
+  EmployeeInvitationPaginatedListSchema,
+  EmployeeInvitationQueryListSchema,
+  EmployeeIssuedInvitationSchema,
+  EmployeeInvitationMutationAcceptInvitationSchema,
+  EmployeeInvitationMutationInviteEmployeeSchema,
+  EmployeeInvitationMutationRevokeInvitationSchema,
+  EmployeeInvitationCapability,
+  Reactionary,
+  success
+} from "@reactionary/core";
+import {
+  COMMERCERTOOLS_CUSTOM_OBJECT_CONTAINER_EMPLOYEE_INVITATIONS,
+  COMMERCERTOOLS_CUSTOM_OBJECT_CONTAINER_EMPLOYEE_INVITATIONS_INDEX
+} from "../factories/employee-invitation/employee-invitation.factory.js";
+class CommercetoolsEmployeeInvitationCapability extends EmployeeInvitationCapability {
+  config;
+  commercetools;
+  factory;
+  constructor(config, cache, context, commercetools, factory) {
+    super(cache, context);
+    this.config = config;
+    this.commercetools = commercetools;
+    this.factory = factory;
+  }
+  async getClient() {
+    const client = await this.commercetools.getAdminClient();
+    if (this.context.session.identityContext.identity.type !== "Registered") {
+      throw new Error("Only registered users can access employees capabilities");
+    }
+    return client.withProjectKey({ projectKey: this.config.projectKey }).asAssociate().withAssociateIdValue({
+      associateId: this.context.session.identityContext.identity.id.userId
+    });
+  }
+  async getBusinessUnit(key, extraExpands = []) {
+    const client = await this.getClient();
+    const response = await client.businessUnits().withKey({ key }).get({
+      queryArgs: {
+        expand: ["associates[*].customer", ...extraExpands]
+      }
+    }).execute().catch((err) => {
+      if (err.statusCode === 404) {
+        return null;
+      }
+      throw err;
+    });
+    return response ? response.body : null;
+  }
+  findAssociateByEmail(businessUnit, email) {
+    return businessUnit.associates.find(
+      (associate) => associate.customer.obj?.email === email
+    );
+  }
+  async getAdminClient() {
+    const client = await this.commercetools.getAdminClient();
+    return client.withProjectKey({ projectKey: this.config.projectKey });
+  }
+  makeKeyFromCompanyIdentifier(companyIdentifier) {
+    return "org-" + Buffer.from(companyIdentifier.taxIdentifier).toString("base64");
+  }
+  makeKeyFromEmail(email) {
+    return `email-` + Buffer.from(email).toString("base64");
+  }
+  async fetchInvitationIdsByKey(adminClient, key) {
+    const response = await adminClient.customObjects().withContainerAndKey({
+      container: COMMERCERTOOLS_CUSTOM_OBJECT_CONTAINER_EMPLOYEE_INVITATIONS_INDEX,
+      key
+    }).get().execute().catch((error2) => {
+      if (error2?.statusCode === 404) {
+        return null;
+      }
+      throw error2;
+    });
+    if (!response) {
+      return [];
+    }
+    return response.body.value.invitationIds;
+  }
+  async addInvitationToEntityIndex(adminClient, indexKey, invitationId) {
+    const existingIds = await this.fetchInvitationIdsByKey(adminClient, indexKey);
+    const newIds = Array.from(/* @__PURE__ */ new Set([...existingIds, invitationId]));
+    return adminClient.customObjects().post({
+      body: {
+        container: COMMERCERTOOLS_CUSTOM_OBJECT_CONTAINER_EMPLOYEE_INVITATIONS_INDEX,
+        key: indexKey,
+        value: {
+          invitationIds: newIds
+        }
+      }
+    }).execute().then(() => void 0);
+  }
+  async addInvitationToEmailIndex(adminClient, email, invitationId) {
+    return this.addInvitationToEntityIndex(adminClient, this.makeKeyFromEmail(email), invitationId);
+  }
+  async addInvitationToCompanyIndex(adminClient, companyIdentifier, invitationId) {
+    return this.addInvitationToEntityIndex(adminClient, this.makeKeyFromCompanyIdentifier(companyIdentifier), invitationId);
+  }
+  async updateInvitationStatus(adminClient, invitationKey, invitation, newStatus) {
+    if (!invitation) {
+      throw new Error(`Invitation with key ${invitationKey} not found`);
+    }
+    if (this.context.session.identityContext.identity.type !== "Registered") {
+      throw new Error("Only registered users can accept invitations");
+    }
+    await adminClient.customObjects().post({
+      body: {
+        container: COMMERCERTOOLS_CUSTOM_OBJECT_CONTAINER_EMPLOYEE_INVITATIONS,
+        key: invitationKey,
+        value: {
+          ...invitation.value,
+          status: newStatus,
+          ...newStatus === "accepted" ? {
+            acceptedBy: this.context.session.identityContext.identity.id.userId,
+            acceptedDate: (/* @__PURE__ */ new Date()).toISOString()
+          } : {},
+          lastUpdatedBy: this.context.session.identityContext.identity.id.userId,
+          lastUpdatedDate: (/* @__PURE__ */ new Date()).toISOString()
+        }
+      }
+    }).execute();
+  }
+  async fetchInvitations(adminClient, indexKey, onlyActive, paginationOptions) {
+    const result = [];
+    let allInviteIds = await this.fetchInvitationIdsByKey(adminClient, indexKey);
+    if (paginationOptions) {
+      const start = (paginationOptions.pageNumber - 1) * paginationOptions.pageSize;
+      const end = start + paginationOptions.pageSize;
+      allInviteIds = allInviteIds.slice(start, end);
+    }
+    for (const invitationId of allInviteIds) {
+      const invitationResponse = await adminClient.customObjects().withContainerAndKey({ container: COMMERCERTOOLS_CUSTOM_OBJECT_CONTAINER_EMPLOYEE_INVITATIONS, key: invitationId }).get().execute().catch((error2) => {
+        if (error2?.statusCode === 404) {
+          return null;
+        }
+        throw error2;
+      });
+      const invitation = invitationResponse?.body;
+      if (!invitation) {
+        continue;
+      }
+      if (onlyActive && invitation.value.status !== "invited") {
+        continue;
+      }
+      if (onlyActive && new Date(invitation.value.validUntil) < /* @__PURE__ */ new Date()) {
+        continue;
+      }
+      result.push(invitation);
+    }
+    return result;
+  }
+  async fetchAllInvitationsForCompany(adminClient, companyIdentifier, onlyActive, paginationOptions) {
+    return this.fetchInvitations(adminClient, this.makeKeyFromCompanyIdentifier(companyIdentifier), onlyActive, paginationOptions);
+  }
+  async fetchAllInvitationsForUser(adminClient, userEmail, onlyActive, paginationOptions) {
+    return this.fetchInvitations(adminClient, this.makeKeyFromEmail(userEmail), onlyActive, paginationOptions);
+  }
+  async fetchInvitationByKey(adminClient, invitationKey) {
+    const inviteResponse = await adminClient.customObjects().withContainerAndKey({ container: COMMERCERTOOLS_CUSTOM_OBJECT_CONTAINER_EMPLOYEE_INVITATIONS, key: invitationKey }).get().execute().catch((error2) => {
+      if (error2?.statusCode === 404) {
+        return null;
+      }
+      throw error2;
+    });
+    if (!inviteResponse) {
+      return null;
+    }
+    return inviteResponse.body;
+  }
+  inviteEmployeePayload(payload, tokenHash) {
+    const key = payload.company.taxIdentifier;
+    if (this.context.session.identityContext.identity.type !== "Registered") {
+      throw new Error("Only registered users can invite employees");
+    }
+    const currentUser = this.context.session.identityContext.identity.id.userId;
+    const inviteKey = crypto.randomUUID() + "-" + (/* @__PURE__ */ new Date()).getTime();
+    return {
+      container: COMMERCERTOOLS_CUSTOM_OBJECT_CONTAINER_EMPLOYEE_INVITATIONS,
+      key: inviteKey,
+      value: {
+        tokenHash,
+        businessUnitKey: key,
+        status: "invited",
+        email: payload.email,
+        role: payload.role,
+        company: payload.company,
+        validUntil: new Date(Date.now() + 30 * 24 * 60 * 60 * 1e3).toISOString(),
+        invitedBy: "" + currentUser,
+        invitedDate: (/* @__PURE__ */ new Date()).toISOString(),
+        lastUpdatedBy: "" + currentUser,
+        lastUpdatedDate: (/* @__PURE__ */ new Date()).toISOString()
+      }
+    };
+  }
+  async createTokenHash(rawToken) {
+    const tokenHashBuffer = await crypto.subtle.digest("SHA-256", new TextEncoder().encode(rawToken));
+    const tokenHash = Array.from(new Uint8Array(tokenHashBuffer)).map((b) => b.toString(16).padStart(2, "0")).join("");
+    return tokenHash;
+  }
+  async inviteEmployee(payload) {
+    const key = payload.company.taxIdentifier;
+    const businessUnit = await this.getBusinessUnit(key);
+    if (!businessUnit) {
+      return error({
+        type: "NotFound",
+        identifier: payload.company
+      });
+    }
+    const customer = this.findAssociateByEmail(businessUnit, payload.email);
+    if (customer) {
+      return error({
+        type: "InvalidInput",
+        error: `Customer with email ${payload.email} is already an associate of this company.`
+      });
+    }
+    const rawToken = crypto.randomUUID() + (/* @__PURE__ */ new Date()).getTime() + payload.email + crypto.randomUUID();
+    const tokenHash = await this.createTokenHash(rawToken);
+    const adminClient = await this.getAdminClient();
+    const addInviteResponse = await adminClient.customObjects().post({
+      body: this.inviteEmployeePayload(payload, tokenHash)
+    }).execute();
+    await this.addInvitationToEmailIndex(adminClient, payload.email, addInviteResponse.body.key);
+    await this.addInvitationToCompanyIndex(adminClient, payload.company, addInviteResponse.body.key);
+    const invite = addInviteResponse.body;
+    return success(this.factory.parseEmployeeIssuedInvitation(this.context, { invite, securityToken: rawToken }, payload));
+  }
+  async acceptInvitation(payload) {
+    if (this.context.session.identityContext.identity.type !== "Registered") {
+      return error({
+        type: "Generic",
+        message: "Only registered users can accept invitations"
+      });
+    }
+    const adminClient = await this.getAdminClient();
+    const invitation = await this.fetchInvitationByKey(adminClient, payload.invitationIdentifier.key);
+    if (!invitation) {
+      return error({
+        type: "NotFound",
+        identifier: payload.invitationIdentifier
+      });
+    }
+    if (invitation.value.status !== "invited") {
+      return error({
+        type: "InvalidInput",
+        error: `Invitation with key ${payload.invitationIdentifier.key} is not in an invited status and cannot be accepted.`
+      });
+    }
+    if (new Date(invitation.value.validUntil) < /* @__PURE__ */ new Date()) {
+      return error({
+        type: "InvalidInput",
+        error: `Invitation with key ${payload.invitationIdentifier.key} has expired and cannot be accepted.`
+      });
+    }
+    if (invitation.value.email !== payload.currentUserEmail) {
+      return error({
+        type: "InvalidInput",
+        error: `Invitation with key ${payload.invitationIdentifier.key} was sent to ${invitation.value.email} but the current user email is ${payload.currentUserEmail}. Only the invited email can accept the invitation.`
+      });
+    }
+    const expectedHash = await this.createTokenHash(payload.securityToken);
+    if (invitation.value.tokenHash !== expectedHash) {
+      return error({
+        type: "InvalidInput",
+        error: `Invitation token is invalid.`
+      });
+    }
+    const businessUnit = await adminClient.businessUnits().withKey({ key: invitation.value.company.taxIdentifier }).get().execute().catch((error2) => {
+      if (error2?.statusCode === 404) {
+        return null;
+      }
+      throw error2;
+    });
+    if (!businessUnit) {
+      return error({
+        type: "NotFound",
+        identifier: invitation.value.company
+      });
+    }
+    const associateId = this.context.session.identityContext.identity.id.userId;
+    await adminClient.businessUnits().withKey({ key: invitation.value.company.taxIdentifier }).post({
+      body: {
+        version: businessUnit.body.version,
+        actions: [
+          {
+            action: "addAssociate",
+            associate: {
+              customer: {
+                typeId: "customer",
+                id: associateId
+              },
+              associateRoleAssignments: [
+                {
+                  associateRole: {
+                    typeId: "associate-role",
+                    key: this.factory.mapRole(invitation.value.role)
+                  }
+                }
+              ]
+            }
+          }
+        ]
+      }
+    }).execute();
+    await this.updateInvitationStatus(adminClient, payload.invitationIdentifier.key, invitation, "accepted");
+    const updatedInvitation = await this.fetchInvitationByKey(
+      adminClient,
+      payload.invitationIdentifier.key
+    );
+    if (!updatedInvitation) {
+      return error({
+        type: "NotFound",
+        identifier: payload.invitationIdentifier
+      });
+    }
+    return success(this.factory.parseEmployeeInvitation(this.context, updatedInvitation));
+  }
+  async revokeInvitation(payload) {
+    if (this.context.session.identityContext.identity.type !== "Registered") {
+      return error({
+        type: "Generic",
+        message: "Only registered users can accept invitations"
+      });
+    }
+    const adminClient = await this.getAdminClient();
+    const invitation = await this.fetchInvitationByKey(adminClient, payload.invitationIdentifier.key);
+    if (!invitation) {
+      return error({
+        type: "NotFound",
+        identifier: payload.invitationIdentifier
+      });
+    }
+    if (invitation.value.status !== "invited") {
+      return error({
+        type: "InvalidInput",
+        error: `Invitation with key ${payload.invitationIdentifier.key} is not in an invited status and cannot be rejected.`
+      });
+    }
+    await this.updateInvitationStatus(adminClient, payload.invitationIdentifier.key, invitation, "revoked");
+    return success(void 0);
+  }
+  async listInvitations(payload) {
+    if (this.context.session.identityContext.identity.type !== "Registered") {
+      return error({
+        type: "Generic",
+        message: "Only registered users can accept invitations"
+      });
+    }
+    const adminClient = await this.getAdminClient();
+    if (payload.search.email) {
+      const invitations = await this.fetchAllInvitationsForUser(adminClient, payload.search.email, false, payload.search.paginationOptions);
+      return success(this.factory.parseEmployeeInvitationPaginatedList(this.context, invitations, payload));
+    }
+    if (payload.search.company) {
+      const invitations = await this.fetchAllInvitationsForCompany(adminClient, payload.search.company, false, payload.search.paginationOptions);
+      return success(this.factory.parseEmployeeInvitationPaginatedList(this.context, invitations, payload));
+    }
+    return success(this.factory.parseEmployeeInvitationPaginatedList(this.context, [], payload));
+  }
+}
+__decorateClass([
+  Reactionary({
+    inputSchema: EmployeeInvitationMutationInviteEmployeeSchema,
+    outputSchema: EmployeeIssuedInvitationSchema
+  })
+], CommercetoolsEmployeeInvitationCapability.prototype, "inviteEmployee", 1);
+__decorateClass([
+  Reactionary({
+    inputSchema: EmployeeInvitationMutationAcceptInvitationSchema,
+    outputSchema: EmployeeInvitationSchema
+  })
+], CommercetoolsEmployeeInvitationCapability.prototype, "acceptInvitation", 1);
+__decorateClass([
+  Reactionary({
+    inputSchema: EmployeeInvitationMutationRevokeInvitationSchema
+  })
+], CommercetoolsEmployeeInvitationCapability.prototype, "revokeInvitation", 1);
+__decorateClass([
+  Reactionary({
+    inputSchema: EmployeeInvitationQueryListSchema,
+    outputSchema: EmployeeInvitationPaginatedListSchema
+  })
+], CommercetoolsEmployeeInvitationCapability.prototype, "listInvitations", 1);
+export {
+  CommercetoolsEmployeeInvitationCapability
+};