alepha 0.20.1 → 0.20.2

package/src/api/invitations/__tests__/InvitationService.spec.ts

@@ -1,439 +0,0 @@
-import { Alepha } from "alepha";
-import { users } from "alepha/api/users";
-import { $repository } from "alepha/orm";
-import { AlephaOrmPostgres } from "alepha/orm/postgres";
-import { BadRequestError, ForbiddenError } from "alepha/server";
-import { describe, it } from "vitest";
-import type { InvitationEntity } from "../entities/invitations.ts";
-import { AlephaApiInvitations } from "../index.ts";
-import { InvitationProvider } from "../providers/InvitationProvider.ts";
-import { InvitationService } from "../services/InvitationService.ts";
-
-class TestInvitationProvider extends InvitationProvider {
-  protected members = new Map<string, Set<string>>();
-
-  async validateResource(
-    _resourceType: string,
-    _resourceId: string,
-    _inviter: { id: string; email?: string },
-  ): Promise<void> {
-    // Always succeeds
-  }
-
-  async isMember(
-    resourceType: string,
-    resourceId: string,
-    _email: string,
-    userId?: string,
-  ): Promise<boolean> {
-    if (!userId) {
-      return false;
-    }
-
-    const key = `${resourceType}:${resourceId}`;
-    return this.members.get(key)?.has(userId) ?? false;
-  }
-
-  async onAccept(
-    invitation: InvitationEntity,
-    acceptedBy: { id: string; email?: string },
-  ): Promise<void> {
-    const key = `${invitation.resourceType}:${invitation.resourceId}`;
-
-    if (!this.members.has(key)) {
-      this.members.set(key, new Set());
-    }
-
-    this.members.get(key)!.add(acceptedBy.id);
-  }
-
-  async getResourceInfo(
-    _resourceType: string,
-    _resourceId: string,
-  ): Promise<{ name: string; description?: string; url?: string }> {
-    return { name: "Test Project" };
-  }
-
-  addMember(resourceType: string, resourceId: string, userId: string): void {
-    const key = `${resourceType}:${resourceId}`;
-
-    if (!this.members.has(key)) {
-      this.members.set(key, new Set());
-    }
-
-    this.members.get(key)!.add(userId);
-  }
-}
-
-class TestRepositories {
-  users = $repository(users);
-}
-
-const setup = async () => {
-  const alepha = Alepha.create()
-    .with(AlephaOrmPostgres)
-    .with({ provide: InvitationProvider, use: TestInvitationProvider })
-    .with(AlephaApiInvitations);
-
-  const service = alepha.inject(InvitationService);
-  const provider = alepha.inject(
-    TestInvitationProvider,
-  ) as TestInvitationProvider;
-  const repos = alepha.inject(TestRepositories);
-  await alepha.start();
-
-  const createUser = async (email: string) => {
-    return repos.users.create({ email, roles: [] });
-  };
-
-  return { alepha, service, provider, createUser };
-};
-
-describe("InvitationService", () => {
-  // -----------------------------------------------------------------------------------------------------------------
-
-  describe("create", () => {
-    it("should create a pending invitation", async ({ expect }) => {
-      const { service, createUser } = await setup();
-
-      const inviter = await createUser("inviter@example.com");
-
-      const invitation = await service.create(
-        {
-          email: "invitee@example.com",
-          resourceType: "project",
-          resourceId: "proj-1",
-        },
-        { id: inviter.id, email: inviter.email },
-      );
-
-      expect(invitation.status).toBe("pending");
-      expect(invitation.email).toBe("invitee@example.com");
-      expect(invitation.resourceType).toBe("project");
-      expect(invitation.resourceId).toBe("proj-1");
-      expect(invitation.invitedBy).toBe(inviter.id);
-      expect(invitation.token).toBeDefined();
-      expect(invitation.expiresAt).toBeDefined();
-    });
-
-    it("should reject self-invite", async ({ expect }) => {
-      const { service, createUser } = await setup();
-
-      const inviter = await createUser("self@example.com");
-
-      await expect(
-        service.create(
-          {
-            email: "self@example.com",
-            resourceType: "project",
-            resourceId: "proj-1",
-          },
-          { id: inviter.id, email: inviter.email },
-        ),
-      ).rejects.toThrow(BadRequestError);
-    });
-
-    it("should reject duplicate pending invitation", async ({ expect }) => {
-      const { service, createUser } = await setup();
-
-      const inviter = await createUser("inviter@example.com");
-
-      await service.create(
-        {
-          email: "dup@example.com",
-          resourceType: "project",
-          resourceId: "proj-1",
-        },
-        { id: inviter.id, email: inviter.email },
-      );
-
-      await expect(
-        service.create(
-          {
-            email: "dup@example.com",
-            resourceType: "project",
-            resourceId: "proj-1",
-          },
-          { id: inviter.id, email: inviter.email },
-        ),
-      ).rejects.toThrow(BadRequestError);
-    });
-
-    it("should reject when already a member", async ({ expect }) => {
-      const { service, provider, createUser } = await setup();
-
-      const inviter = await createUser("inviter@example.com");
-      const existingMember = await createUser("member@example.com");
-
-      provider.addMember("project", "proj-1", existingMember.id);
-
-      await expect(
-        service.create(
-          {
-            email: "member@example.com",
-            resourceType: "project",
-            resourceId: "proj-1",
-          },
-          { id: inviter.id, email: inviter.email },
-        ),
-      ).rejects.toThrow(BadRequestError);
-    });
-  });
-
-  // -----------------------------------------------------------------------------------------------------------------
-
-  describe("accept", () => {
-    it("should accept invitation and call onAccept", async ({ expect }) => {
-      const { service, provider, createUser } = await setup();
-
-      const inviter = await createUser("inviter@example.com");
-      const invitee = await createUser("invitee@example.com");
-
-      const invitation = await service.create(
-        {
-          email: "invitee@example.com",
-          resourceType: "project",
-          resourceId: "proj-1",
-        },
-        { id: inviter.id, email: inviter.email },
-      );
-
-      await service.accept(invitation.id, {
-        id: invitee.id,
-        email: invitee.email,
-      });
-
-      const updated = await service.getById(invitation.id);
-      expect(updated.status).toBe("accepted");
-      expect(updated.resolvedBy).toBe(invitee.id);
-      expect(updated.resolvedAt).toBeDefined();
-
-      const isMember = await provider.isMember(
-        "project",
-        "proj-1",
-        "invitee@example.com",
-        invitee.id,
-      );
-      expect(isMember).toBe(true);
-    });
-
-    it("should reject accept for wrong email", async ({ expect }) => {
-      const { service, createUser } = await setup();
-
-      const inviter = await createUser("inviter@example.com");
-      const wrongUser = await createUser("wrong@example.com");
-
-      const invitation = await service.create(
-        {
-          email: "invitee@example.com",
-          resourceType: "project",
-          resourceId: "proj-1",
-        },
-        { id: inviter.id, email: inviter.email },
-      );
-
-      await expect(
-        service.accept(invitation.id, {
-          id: wrongUser.id,
-          email: wrongUser.email,
-        }),
-      ).rejects.toThrow(ForbiddenError);
-    });
-
-    it("should reject accept for non-pending invitation", async ({
-      expect,
-    }) => {
-      const { service, createUser } = await setup();
-
-      const inviter = await createUser("inviter@example.com");
-      const invitee = await createUser("invitee@example.com");
-
-      const invitation = await service.create(
-        {
-          email: "invitee@example.com",
-          resourceType: "project",
-          resourceId: "proj-1",
-        },
-        { id: inviter.id, email: inviter.email },
-      );
-
-      await service.accept(invitation.id, {
-        id: invitee.id,
-        email: invitee.email,
-      });
-
-      await expect(
-        service.accept(invitation.id, {
-          id: invitee.id,
-          email: invitee.email,
-        }),
-      ).rejects.toThrow(BadRequestError);
-    });
-  });
-
-  // -----------------------------------------------------------------------------------------------------------------
-
-  describe("decline", () => {
-    it("should decline invitation", async ({ expect }) => {
-      const { service, createUser } = await setup();
-
-      const inviter = await createUser("inviter@example.com");
-      const invitee = await createUser("invitee@example.com");
-
-      const invitation = await service.create(
-        {
-          email: "invitee@example.com",
-          resourceType: "project",
-          resourceId: "proj-1",
-        },
-        { id: inviter.id, email: inviter.email },
-      );
-
-      await service.decline(invitation.id, {
-        id: invitee.id,
-        email: invitee.email,
-      });
-
-      const updated = await service.getById(invitation.id);
-      expect(updated.status).toBe("declined");
-      expect(updated.resolvedBy).toBe(invitee.id);
-      expect(updated.resolvedAt).toBeDefined();
-    });
-
-    it("should reject decline for wrong email", async ({ expect }) => {
-      const { service, createUser } = await setup();
-
-      const inviter = await createUser("inviter@example.com");
-      const wrongUser = await createUser("wrong@example.com");
-
-      const invitation = await service.create(
-        {
-          email: "invitee@example.com",
-          resourceType: "project",
-          resourceId: "proj-1",
-        },
-        { id: inviter.id, email: inviter.email },
-      );
-
-      await expect(
-        service.decline(invitation.id, {
-          id: wrongUser.id,
-          email: wrongUser.email,
-        }),
-      ).rejects.toThrow(ForbiddenError);
-    });
-  });
-
-  // -----------------------------------------------------------------------------------------------------------------
-
-  describe("revoke", () => {
-    it("should revoke pending invitation", async ({ expect }) => {
-      const { service, createUser } = await setup();
-
-      const inviter = await createUser("inviter@example.com");
-
-      const invitation = await service.create(
-        {
-          email: "invitee@example.com",
-          resourceType: "project",
-          resourceId: "proj-1",
-        },
-        { id: inviter.id, email: inviter.email },
-      );
-
-      await service.revoke(invitation.id, { id: inviter.id });
-
-      const updated = await service.getById(invitation.id);
-      expect(updated.status).toBe("revoked");
-      expect(updated.resolvedBy).toBe(inviter.id);
-      expect(updated.resolvedAt).toBeDefined();
-    });
-
-    it("should reject revoke for non-pending", async ({ expect }) => {
-      const { service, createUser } = await setup();
-
-      const inviter = await createUser("inviter@example.com");
-      const invitee = await createUser("invitee@example.com");
-
-      const invitation = await service.create(
-        {
-          email: "invitee@example.com",
-          resourceType: "project",
-          resourceId: "proj-1",
-        },
-        { id: inviter.id, email: inviter.email },
-      );
-
-      await service.accept(invitation.id, {
-        id: invitee.id,
-        email: invitee.email,
-      });
-
-      await expect(
-        service.revoke(invitation.id, { id: inviter.id }),
-      ).rejects.toThrow(BadRequestError);
-    });
-  });
-
-  // -----------------------------------------------------------------------------------------------------------------
-
-  describe("findByEmail", () => {
-    it("should return enriched invitations with resource info", async ({
-      expect,
-    }) => {
-      const { service, createUser } = await setup();
-
-      const inviter = await createUser("inviter@example.com");
-
-      await service.create(
-        {
-          email: "lookup@example.com",
-          resourceType: "project",
-          resourceId: "proj-1",
-        },
-        { id: inviter.id, email: inviter.email },
-      );
-
-      const results = await service.findByEmail("lookup@example.com");
-
-      expect(results).toHaveLength(1);
-      expect(results[0].email).toBe("lookup@example.com");
-      expect(results[0].resourceName).toBe("Test Project");
-      expect(results[0].invitedBy).toBe(inviter.id);
-      expect(results[0].inviterEmail).toBe("inviter@example.com");
-    });
-  });
-
-  // -----------------------------------------------------------------------------------------------------------------
-
-  describe("findInvitations", () => {
-    it("should return paginated results", async ({ expect }) => {
-      const { service, createUser } = await setup();
-
-      const inviter = await createUser("inviter@example.com");
-
-      await service.create(
-        {
-          email: "page1@example.com",
-          resourceType: "project",
-          resourceId: "proj-1",
-        },
-        { id: inviter.id, email: inviter.email },
-      );
-
-      await service.create(
-        {
-          email: "page2@example.com",
-          resourceType: "project",
-          resourceId: "proj-1",
-        },
-        { id: inviter.id, email: inviter.email },
-      );
-
-      const page = await service.findInvitations({ size: 10 });
-
-      expect(page.content.length).toBeGreaterThanOrEqual(2);
-      expect(page.page.totalElements).toBeGreaterThanOrEqual(2);
-    });
-  });
-});

package/src/api/invitations/controllers/AdminInvitationController.ts

@@ -1,86 +0,0 @@
-import { $inject, t } from "alepha";
-import { $secure } from "alepha/security";
-import { $action, okSchema } from "alepha/server";
-import { invitationQuerySchema } from "../schemas/invitationQuerySchema.ts";
-import { invitationResourceSchema } from "../schemas/invitationResourceSchema.ts";
-import { InvitationService } from "../services/InvitationService.ts";
-
-export class AdminInvitationController {
-  protected readonly url = "/invitations";
-  protected readonly group = "admin:invitations";
-  protected readonly invitationService = $inject(InvitationService);
-
-  /**
-   * Find invitations with pagination and filtering.
-   */
-  public readonly findInvitations = $action({
-    path: this.url,
-    group: this.group,
-    use: [$secure({ permissions: ["admin:invitation:read"] })],
-    description: "Find invitations with pagination and filtering",
-    schema: {
-      query: invitationQuerySchema,
-      response: t.page(invitationResourceSchema),
-    },
-    handler: ({ query }) => this.invitationService.findInvitations(query),
-  });
-
-  /**
-   * Get an invitation by ID.
-   */
-  public readonly getInvitation = $action({
-    path: `${this.url}/:id`,
-    group: this.group,
-    use: [$secure({ permissions: ["admin:invitation:read"] })],
-    description: "Get an invitation by ID",
-    schema: {
-      params: t.object({
-        id: t.uuid(),
-      }),
-      response: invitationResourceSchema,
-    },
-    handler: ({ params }) => this.invitationService.getById(params.id),
-  });
-
-  /**
-   * Revoke a pending invitation.
-   */
-  public readonly revokeInvitation = $action({
-    method: "POST",
-    path: `${this.url}/:id/revoke`,
-    group: this.group,
-    use: [$secure({ permissions: ["admin:invitation:delete"] })],
-    description: "Revoke a pending invitation",
-    schema: {
-      params: t.object({
-        id: t.uuid(),
-      }),
-      response: okSchema,
-    },
-    handler: async ({ params, user }) => {
-      await this.invitationService.revoke(params.id, { id: user.id });
-      return { ok: true };
-    },
-  });
-
-  /**
-   * Delete an invitation.
-   */
-  public readonly deleteInvitation = $action({
-    method: "DELETE",
-    path: `${this.url}/:id`,
-    group: this.group,
-    use: [$secure({ permissions: ["admin:invitation:delete"] })],
-    description: "Delete an invitation",
-    schema: {
-      params: t.object({
-        id: t.uuid(),
-      }),
-      response: okSchema,
-    },
-    handler: async ({ params }) => {
-      await this.invitationService.deleteInvitation(params.id);
-      return { ok: true, id: params.id };
-    },
-  });
-}

package/src/api/invitations/controllers/InvitationController.ts

@@ -1,84 +0,0 @@
-import { $inject, t } from "alepha";
-import { $secure } from "alepha/security";
-import { $action, okSchema } from "alepha/server";
-import { createInvitationSchema } from "../schemas/createInvitationSchema.ts";
-import { invitationResourceSchema } from "../schemas/invitationResourceSchema.ts";
-import { invitationWithResourceInfoSchema } from "../schemas/invitationWithResourceInfoSchema.ts";
-import { myInvitationsQuerySchema } from "../schemas/myInvitationsQuerySchema.ts";
-import { InvitationService } from "../services/InvitationService.ts";
-
-export class InvitationController {
-  protected readonly url = "/invitations";
-  protected readonly group = "invitations";
-  protected readonly invitationService = $inject(InvitationService);
-
-  /**
-   * Create a new invitation.
-   */
-  public readonly createInvitation = $action({
-    method: "POST",
-    path: this.url,
-    group: this.group,
-    use: [$secure({ permissions: ["invitation:create"] })],
-    description: "Create a new invitation",
-    schema: {
-      body: createInvitationSchema,
-      response: invitationResourceSchema,
-    },
-    handler: ({ body, user }) => this.invitationService.create(body, user),
-  });
-
-  /**
-   * List invitations for the current user.
-   */
-  public readonly getMyInvitations = $action({
-    path: `${this.url}/mine`,
-    group: this.group,
-    use: [$secure()],
-    description: "List invitations for the current user",
-    schema: {
-      query: myInvitationsQuerySchema,
-      response: t.array(invitationWithResourceInfoSchema),
-    },
-    handler: ({ query, user }) =>
-      this.invitationService.findByEmail(user.email!, query),
-  });
-
-  /**
-   * Accept an invitation.
-   */
-  public readonly acceptInvitation = $action({
-    method: "POST",
-    path: `${this.url}/:id/accept`,
-    group: this.group,
-    use: [$secure()],
-    description: "Accept an invitation",
-    schema: {
-      params: t.object({ id: t.uuid() }),
-      response: okSchema,
-    },
-    handler: async ({ params, user }) => {
-      await this.invitationService.accept(params.id, user);
-      return { ok: true };
-    },
-  });
-
-  /**
-   * Decline an invitation.
-   */
-  public readonly declineInvitation = $action({
-    method: "POST",
-    path: `${this.url}/:id/decline`,
-    group: this.group,
-    use: [$secure()],
-    description: "Decline an invitation",
-    schema: {
-      params: t.object({ id: t.uuid() }),
-      response: okSchema,
-    },
-    handler: async ({ params, user }) => {
-      await this.invitationService.decline(params.id, user);
-      return { ok: true };
-    },
-  });
-}

package/src/api/invitations/entities/invitations.ts

@@ -1,33 +0,0 @@
-import { type Static, t } from "alepha";
-import { users } from "alepha/api/users";
-import { $entity, db } from "alepha/orm";
-
-export const invitations = $entity({
-  name: "invitations",
-  schema: t.object({
-    id: db.primaryKey(t.uuid()),
-    version: db.version(),
-    createdAt: db.createdAt(),
-    updatedAt: db.updatedAt(),
-    invitedBy: db.ref(t.uuid(), () => users.cols.id, { onDelete: "cascade" }),
-    email: t.string({ format: "email" }),
-    resourceType: t.text({ minLength: 1, maxLength: 100 }),
-    resourceId: t.text({ minLength: 1, maxLength: 255 }),
-    status: t.enum(["pending", "accepted", "declined", "expired", "revoked"]),
-    roles: t.optional(t.array(t.text())),
-    metadata: t.optional(t.record(t.text(), t.any())),
-    token: t.text(),
-    expiresAt: t.datetime(),
-    resolvedAt: t.optional(t.datetime()),
-    resolvedBy: t.optional(db.ref(t.uuid(), () => users.cols.id)),
-  }),
-  indexes: [
-    { columns: ["email", "status"] },
-    { columns: ["resourceType", "resourceId", "email", "status"] },
-    { columns: ["invitedBy"] },
-    { columns: ["expiresAt"] },
-    { columns: ["token"], unique: true },
-  ],
-});
-
-export type InvitationEntity = Static<typeof invitations.schema>;

package/src/api/invitations/index.ts

@@ -1,58 +0,0 @@
-import { $module } from "alepha";
-import { AdminInvitationController } from "./controllers/AdminInvitationController.ts";
-import { InvitationController } from "./controllers/InvitationController.ts";
-import { InvitationJobs } from "./jobs/InvitationJobs.ts";
-import { InvitationService } from "./services/InvitationService.ts";
-
-export * from "./controllers/AdminInvitationController.ts";
-export * from "./controllers/InvitationController.ts";
-export * from "./entities/invitations.ts";
-export * from "./jobs/InvitationJobs.ts";
-export * from "./providers/InvitationProvider.ts";
-export * from "./schemas/createInvitationSchema.ts";
-export * from "./schemas/invitationConfigAtom.ts";
-export * from "./schemas/invitationQuerySchema.ts";
-export * from "./schemas/invitationResourceSchema.ts";
-export * from "./schemas/invitationWithResourceInfoSchema.ts";
-export * from "./schemas/myInvitationsQuerySchema.ts";
-export * from "./services/InvitationService.ts";
-
-declare module "alepha" {
-  interface Hooks {
-    "invitation:created": {
-      invitation: import("./entities/invitations.ts").InvitationEntity;
-      token: string;
-      inviter: { id: string; email?: string };
-    };
-    "invitation:accepted": {
-      invitation: import("./entities/invitations.ts").InvitationEntity;
-      acceptedBy: { id: string; email?: string };
-    };
-    "invitation:declined": {
-      invitation: import("./entities/invitations.ts").InvitationEntity;
-      declinedBy: { id: string; email?: string };
-    };
-    "invitation:expired": {
-      invitation: import("./entities/invitations.ts").InvitationEntity;
-    };
-    "invitation:revoked": {
-      invitation: import("./entities/invitations.ts").InvitationEntity;
-      revokedBy: { id: string };
-    };
-  }
-}
-
-/**
- * Invitation management module — create, accept, decline, revoke, and expire invitations.
- *
- * @module alepha.api.invitations
- */
-export const AlephaApiInvitations = $module({
-  name: "alepha.api.invitations",
-  services: [
-    InvitationService,
-    InvitationJobs,
-    InvitationController,
-    AdminInvitationController,
-  ],
-});