npm - @thebookingkit/server - Versions diffs - 0.1.1 - Mend

@thebookingkit/server 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (126) hide show

package/.turbo/turbo-build.log +6 -0
package/.turbo/turbo-test.log +20 -0
package/CHANGELOG.md +9 -0
package/dist/__tests__/api.test.d.ts +2 -0
package/dist/__tests__/api.test.d.ts.map +1 -0
package/dist/__tests__/api.test.js +280 -0
package/dist/__tests__/api.test.js.map +1 -0
package/dist/__tests__/auth.test.d.ts +2 -0
package/dist/__tests__/auth.test.d.ts.map +1 -0
package/dist/__tests__/auth.test.js +78 -0
package/dist/__tests__/auth.test.js.map +1 -0
package/dist/__tests__/concurrent-booking.test.d.ts +2 -0
package/dist/__tests__/concurrent-booking.test.d.ts.map +1 -0
package/dist/__tests__/concurrent-booking.test.js +111 -0
package/dist/__tests__/concurrent-booking.test.js.map +1 -0
package/dist/__tests__/multi-tenancy.test.d.ts +2 -0
package/dist/__tests__/multi-tenancy.test.d.ts.map +1 -0
package/dist/__tests__/multi-tenancy.test.js +196 -0
package/dist/__tests__/multi-tenancy.test.js.map +1 -0
package/dist/__tests__/serialization-retry.test.d.ts +2 -0
package/dist/__tests__/serialization-retry.test.d.ts.map +1 -0
package/dist/__tests__/serialization-retry.test.js +53 -0
package/dist/__tests__/serialization-retry.test.js.map +1 -0
package/dist/__tests__/webhooks.test.d.ts +2 -0
package/dist/__tests__/webhooks.test.d.ts.map +1 -0
package/dist/__tests__/webhooks.test.js +286 -0
package/dist/__tests__/webhooks.test.js.map +1 -0
package/dist/__tests__/workflows.test.d.ts +2 -0
package/dist/__tests__/workflows.test.d.ts.map +1 -0
package/dist/__tests__/workflows.test.js +299 -0
package/dist/__tests__/workflows.test.js.map +1 -0
package/dist/adapters/calendar-adapter.d.ts +47 -0
package/dist/adapters/calendar-adapter.d.ts.map +1 -0
package/dist/adapters/calendar-adapter.js +2 -0
package/dist/adapters/calendar-adapter.js.map +1 -0
package/dist/adapters/email-adapter.d.ts +65 -0
package/dist/adapters/email-adapter.d.ts.map +1 -0
package/dist/adapters/email-adapter.js +40 -0
package/dist/adapters/email-adapter.js.map +1 -0
package/dist/adapters/index.d.ts +9 -0
package/dist/adapters/index.d.ts.map +1 -0
package/dist/adapters/index.js +3 -0
package/dist/adapters/index.js.map +1 -0
package/dist/adapters/job-adapter.d.ts +26 -0
package/dist/adapters/job-adapter.d.ts.map +1 -0
package/dist/adapters/job-adapter.js +13 -0
package/dist/adapters/job-adapter.js.map +1 -0
package/dist/adapters/payment-adapter.d.ts +106 -0
package/dist/adapters/payment-adapter.d.ts.map +1 -0
package/dist/adapters/payment-adapter.js +8 -0
package/dist/adapters/payment-adapter.js.map +1 -0
package/dist/adapters/sms-adapter.d.ts +33 -0
package/dist/adapters/sms-adapter.d.ts.map +1 -0
package/dist/adapters/sms-adapter.js +8 -0
package/dist/adapters/sms-adapter.js.map +1 -0
package/dist/adapters/storage-adapter.d.ts +12 -0
package/dist/adapters/storage-adapter.d.ts.map +1 -0
package/dist/adapters/storage-adapter.js +2 -0
package/dist/adapters/storage-adapter.js.map +1 -0
package/dist/api.d.ts +223 -0
package/dist/api.d.ts.map +1 -0
package/dist/api.js +271 -0
package/dist/api.js.map +1 -0
package/dist/auth.d.ts +71 -0
package/dist/auth.d.ts.map +1 -0
package/dist/auth.js +81 -0
package/dist/auth.js.map +1 -0
package/dist/booking-tokens.d.ts +23 -0
package/dist/booking-tokens.d.ts.map +1 -0
package/dist/booking-tokens.js +52 -0
package/dist/booking-tokens.js.map +1 -0
package/dist/email-templates.d.ts +36 -0
package/dist/email-templates.d.ts.map +1 -0
package/dist/email-templates.js +112 -0
package/dist/email-templates.js.map +1 -0
package/dist/index.d.ts +13 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +22 -0
package/dist/index.js.map +1 -0
package/dist/multi-tenancy.d.ts +132 -0
package/dist/multi-tenancy.d.ts.map +1 -0
package/dist/multi-tenancy.js +188 -0
package/dist/multi-tenancy.js.map +1 -0
package/dist/notification-jobs.d.ts +143 -0
package/dist/notification-jobs.d.ts.map +1 -0
package/dist/notification-jobs.js +278 -0
package/dist/notification-jobs.js.map +1 -0
package/dist/serialization-retry.d.ts +28 -0
package/dist/serialization-retry.d.ts.map +1 -0
package/dist/serialization-retry.js +71 -0
package/dist/serialization-retry.js.map +1 -0
package/dist/webhooks.d.ts +164 -0
package/dist/webhooks.d.ts.map +1 -0
package/dist/webhooks.js +228 -0
package/dist/webhooks.js.map +1 -0
package/dist/workflows.d.ts +169 -0
package/dist/workflows.d.ts.map +1 -0
package/dist/workflows.js +251 -0
package/dist/workflows.js.map +1 -0
package/package.json +32 -0
package/src/__tests__/api.test.ts +354 -0
package/src/__tests__/auth.test.ts +111 -0
package/src/__tests__/concurrent-booking.test.ts +170 -0
package/src/__tests__/multi-tenancy.test.ts +267 -0
package/src/__tests__/serialization-retry.test.ts +76 -0
package/src/__tests__/webhooks.test.ts +412 -0
package/src/__tests__/workflows.test.ts +422 -0
package/src/adapters/calendar-adapter.ts +49 -0
package/src/adapters/email-adapter.ts +108 -0
package/src/adapters/index.ts +36 -0
package/src/adapters/job-adapter.ts +26 -0
package/src/adapters/payment-adapter.ts +118 -0
package/src/adapters/sms-adapter.ts +35 -0
package/src/adapters/storage-adapter.ts +11 -0
package/src/api.ts +446 -0
package/src/auth.ts +146 -0
package/src/booking-tokens.ts +61 -0
package/src/email-templates.ts +140 -0
package/src/index.ts +192 -0
package/src/multi-tenancy.ts +301 -0
package/src/notification-jobs.ts +428 -0
package/src/serialization-retry.ts +94 -0
package/src/webhooks.ts +378 -0
package/src/workflows.ts +441 -0
package/tsconfig.json +9 -0
package/vitest.config.ts +7 -0

package/src/multi-tenancy.ts ADDED Viewed

@@ -0,0 +1,301 @@
+/**
+ * Multi-tenancy utilities for organization-scoped deployments.
+ *
+ * Provides organization settings resolution, cascading defaults,
+ * role-based access control, and tenant authorization helpers.
+ */
+// ---------------------------------------------------------------------------
+// Types
+// ---------------------------------------------------------------------------
+/** Organization member role */
+export type OrgRole = "owner" | "admin" | "member";
+/** Organization member */
+export interface OrgMember {
+  userId: string;
+  organizationId: string;
+  role: OrgRole;
+}
+/** Organization branding */
+export interface OrgBranding {
+  logoUrl?: string;
+  primaryColor?: string;
+  accentColor?: string;
+  fontFamily?: string;
+}
+/** Organization-level settings */
+export interface OrgSettings {
+  defaultTimezone?: string;
+  defaultCurrency?: string;
+  branding?: OrgBranding;
+  defaultBufferMinutes?: number;
+  defaultBookingLimits?: Record<string, unknown>;
+}
+/** Provider-level settings that can override org defaults */
+export interface ProviderSettings {
+  timezone?: string;
+  currency?: string;
+  branding?: Partial<OrgBranding>;
+  bufferMinutes?: number;
+  bookingLimits?: Record<string, unknown>;
+}
+/** Event type settings that can override provider defaults */
+export interface EventTypeSettings {
+  timezone?: string;
+  currency?: string;
+  bufferBefore?: number;
+  bufferAfter?: number;
+  bookingLimits?: Record<string, unknown>;
+}
+/** Global SlotKit defaults */
+export interface GlobalDefaults {
+  timezone: string;
+  currency: string;
+  bufferMinutes: number;
+}
+/** Resolved effective settings after cascading resolution */
+export interface ResolvedSettings {
+  timezone: string;
+  currency: string;
+  bufferMinutes: number;
+  branding: OrgBranding;
+  bookingLimits: Record<string, unknown>;
+}
+/** Permissions available in the system */
+export type OrgPermission =
+  | "manage:members"
+  | "manage:teams"
+  | "manage:event-types"
+  | "view:all-bookings"
+  | "view:own-bookings"
+  | "manage:own-availability"
+  | "view:analytics"
+  | "manage:organization";
+// ---------------------------------------------------------------------------
+// Errors
+// ---------------------------------------------------------------------------
+/** Error thrown for multi-tenancy authorization violations */
+export class TenantAuthorizationError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = "TenantAuthorizationError";
+  }
+}
+// ---------------------------------------------------------------------------
+// Global Defaults
+// ---------------------------------------------------------------------------
+/** System-wide defaults used as the base for cascading resolution */
+export const GLOBAL_DEFAULTS: GlobalDefaults = {
+  timezone: "UTC",
+  currency: "USD",
+  bufferMinutes: 0,
+};
+// ---------------------------------------------------------------------------
+// Settings Resolution
+// ---------------------------------------------------------------------------
+/**
+ * Resolve effective settings via the cascade:
+ * `event_type > provider > organization > global defaults`
+ *
+ * @param orgSettings - Organization-level settings
+ * @param providerSettings - Provider-level settings (overrides org)
+ * @param eventTypeSettings - Event type settings (overrides provider)
+ * @returns Fully resolved effective settings
+ */
+export function resolveEffectiveSettings(
+  orgSettings?: OrgSettings | null,
+  providerSettings?: ProviderSettings | null,
+  eventTypeSettings?: EventTypeSettings | null,
+): ResolvedSettings {
+  // Start with global defaults
+  let timezone = GLOBAL_DEFAULTS.timezone;
+  let currency = GLOBAL_DEFAULTS.currency;
+  let bufferMinutes = GLOBAL_DEFAULTS.bufferMinutes;
+  let branding: OrgBranding = {};
+  let bookingLimits: Record<string, unknown> = {};
+  // Apply org settings
+  if (orgSettings) {
+    if (orgSettings.defaultTimezone) timezone = orgSettings.defaultTimezone;
+    if (orgSettings.defaultCurrency) currency = orgSettings.defaultCurrency;
+    if (orgSettings.defaultBufferMinutes !== undefined)
+      bufferMinutes = orgSettings.defaultBufferMinutes;
+    if (orgSettings.branding) branding = { ...branding, ...orgSettings.branding };
+    if (orgSettings.defaultBookingLimits)
+      bookingLimits = { ...orgSettings.defaultBookingLimits };
+  }
+  // Apply provider settings (override org)
+  if (providerSettings) {
+    if (providerSettings.timezone) timezone = providerSettings.timezone;
+    if (providerSettings.currency) currency = providerSettings.currency;
+    if (providerSettings.bufferMinutes !== undefined)
+      bufferMinutes = providerSettings.bufferMinutes;
+    if (providerSettings.branding)
+      branding = { ...branding, ...providerSettings.branding };
+    if (providerSettings.bookingLimits)
+      bookingLimits = { ...bookingLimits, ...providerSettings.bookingLimits };
+  }
+  // Apply event type settings (override provider)
+  if (eventTypeSettings) {
+    if (eventTypeSettings.timezone) timezone = eventTypeSettings.timezone;
+    if (eventTypeSettings.currency) currency = eventTypeSettings.currency;
+    if (eventTypeSettings.bufferBefore !== undefined)
+      bufferMinutes = eventTypeSettings.bufferBefore;
+    if (eventTypeSettings.bookingLimits)
+      bookingLimits = { ...bookingLimits, ...eventTypeSettings.bookingLimits };
+  }
+  return { timezone, currency, bufferMinutes, branding, bookingLimits };
+}
+// ---------------------------------------------------------------------------
+// Role-Based Access Control
+// ---------------------------------------------------------------------------
+/** Permissions granted to each role */
+const ROLE_PERMISSIONS: Record<OrgRole, OrgPermission[]> = {
+  owner: [
+    "manage:members",
+    "manage:teams",
+    "manage:event-types",
+    "view:all-bookings",
+    "view:own-bookings",
+    "manage:own-availability",
+    "view:analytics",
+    "manage:organization",
+  ],
+  admin: [
+    "manage:teams",
+    "manage:event-types",
+    "view:all-bookings",
+    "view:own-bookings",
+    "manage:own-availability",
+    "view:analytics",
+  ],
+  member: [
+    "view:own-bookings",
+    "manage:own-availability",
+  ],
+};
+/**
+ * Get all permissions granted to a role.
+ *
+ * @param role - The organization role
+ * @returns Array of permissions
+ */
+export function getRolePermissions(role: OrgRole): OrgPermission[] {
+  return ROLE_PERMISSIONS[role] ?? [];
+}
+/**
+ * Check if a role has a specific permission.
+ *
+ * @param role - The organization role
+ * @param permission - The permission to check
+ * @returns Whether the role has the permission
+ */
+export function roleHasPermission(
+  role: OrgRole,
+  permission: OrgPermission,
+): boolean {
+  return getRolePermissions(role).includes(permission);
+}
+/**
+ * Assert that an org member has a required permission.
+ *
+ * @param member - The org member
+ * @param permission - The required permission
+ * @throws {TenantAuthorizationError} If the member lacks the permission
+ */
+export function assertOrgPermission(
+  member: OrgMember,
+  permission: OrgPermission,
+): void {
+  if (!roleHasPermission(member.role, permission)) {
+    throw new TenantAuthorizationError(
+      `Role "${member.role}" does not have permission: "${permission}"`,
+    );
+  }
+}
+// ---------------------------------------------------------------------------
+// Tenant Scoping
+// ---------------------------------------------------------------------------
+/**
+ * Validate that a resource belongs to the expected organization.
+ *
+ * @param resourceOrgId - Organization ID on the resource
+ * @param expectedOrgId - The org ID from the authenticated context
+ * @throws {TenantAuthorizationError} If there is a tenant mismatch
+ */
+export function assertTenantScope(
+  resourceOrgId: string | null | undefined,
+  expectedOrgId: string,
+): void {
+  if (resourceOrgId && resourceOrgId !== expectedOrgId) {
+    throw new TenantAuthorizationError(
+      "Resource does not belong to the current organization",
+    );
+  }
+}
+/**
+ * Generate the public booking URL for an organization's provider/event type.
+ *
+ * @param orgSlug - Organization slug
+ * @param providerSlug - Provider slug or ID
+ * @param eventTypeSlug - Event type slug
+ * @param baseUrl - Base URL of the application
+ * @returns Full booking URL
+ */
+export function buildOrgBookingUrl(
+  orgSlug: string,
+  providerSlug: string,
+  eventTypeSlug: string,
+  baseUrl: string,
+): string {
+  return `${baseUrl}/${orgSlug}/${providerSlug}/${eventTypeSlug}`;
+}
+/**
+ * Parse an organization slug from a booking URL path.
+ *
+ * Expected format: `/{orgSlug}/{providerSlug}/{eventTypeSlug}`
+ *
+ * @param pathname - URL pathname
+ * @returns Parsed segments, or null if format is invalid
+ */
+export function parseOrgBookingPath(pathname: string): {
+  orgSlug: string;
+  providerSlug: string;
+  eventTypeSlug: string;
+} | null {
+  const match = pathname.match(/^\/([^/]+)\/([^/]+)\/([^/]+)$/);
+  if (!match) return null;
+  return {
+    orgSlug: match[1],
+    providerSlug: match[2],
+    eventTypeSlug: match[3],
+  };
+}