refactor(core): extract helpers and provision methods

extract helpers and provision methods
logto-io · Jul 22, 2024 · 09161a2 · 09161a2
1 parent 39e834b
commit 09161a2
Show file tree

Hide file tree

Showing 4 changed files with 214 additions and 179 deletions.
diff --git a/packages/core/src/routes/experience/classes/experience-interaction.ts b/packages/core/src/routes/experience/classes/experience-interaction.ts
@@ -1,6 +1,5 @@
 import { type ToZodObject } from '@logto/connector-kit';
 import { InteractionEvent, type User, type VerificationType } from '@logto/schemas';
-import { generateStandardId } from '@logto/shared';
 import { conditional } from '@silverhand/essentials';
 import { z } from 'zod';
 
@@ -11,14 +10,14 @@ import assertThat from '#src/utils/assert-that.js';
 
 import { interactionProfileGuard, type Interaction, type InteractionProfile } from '../types.js';
 
-import { ProvisionLibrary } from './provision-library.js';
 import {
   getNewUserProfileFromVerificationRecord,
   identifyUserByVerificationRecord,
-  toUserSocialIdentityData,
-} from './utils.js';
+} from './helpers.js';
+import { toUserSocialIdentityData } from './utils.js';
 import { MfaValidator } from './validators/mfa-validator.js';
 import { ProfileValidator } from './validators/profile-validator.js';
+import { ProvisionLibrary } from './validators/provision-library.js';
 import { SignInExperienceValidator } from './validators/sign-in-experience-validator.js';
 import {
   buildVerificationRecord,
@@ -274,14 +273,7 @@ export default class ExperienceInteraction {
     // TODO: missing profile fields validation
 
     if (enterpriseSsoIdentity) {
-      await userSsoIdentitiesQueries.insert({
-        id: generateStandardId(),
-        userId: user.id,
-        ...enterpriseSsoIdentity,
-      });
-      await this.provisionLibrary.newUserJtiOrganizationProvision(user.id, {
-        enterpriseSsoIdentity,
-      });
+      await this.provisionLibrary.provisionNewSsoIdentity(user.id, enterpriseSsoIdentity);
     }
 
     const { provider } = this.tenant;
@@ -356,47 +348,10 @@ export default class ExperienceInteraction {
    * @throws {RequestError} with 400 if the verification record is invalid for creating a new user or not verified
    */
   private async createNewUser(verificationRecord: VerificationRecord) {
-    const {
-      libraries: {
-        users: { generateUserId, insertUser },
-      },
-      queries: { userSsoIdentities: userSsoIdentitiesQueries },
-    } = this.tenant;
-
     const newProfile = await getNewUserProfileFromVerificationRecord(verificationRecord);
-
     await this.profileValidator.guardProfileUniquenessAcrossUsers(newProfile);
 
-    const { socialIdentity, enterpriseSsoIdentity, ...rest } = newProfile;
-
-    const { isCreatingFirstAdminUser, initialUserRoles, customData } =
-      await this.provisionLibrary.getUserProvisionContext(newProfile);
-
-    const [user] = await insertUser(
-      {
-        id: await generateUserId(),
-        ...rest,
-        ...conditional(socialIdentity && { identities: toUserSocialIdentityData(socialIdentity) }),
-        ...conditional(customData && { customData }),
-      },
-      initialUserRoles
-    );
-
-    if (isCreatingFirstAdminUser) {
-      await this.provisionLibrary.adminUserProvision(user);
-    }
-
-    if (enterpriseSsoIdentity) {
-      await userSsoIdentitiesQueries.insert({
-        id: generateStandardId(),
-        userId: user.id,
-        ...enterpriseSsoIdentity,
-      });
-    }
-
-    await this.provisionLibrary.newUserJtiOrganizationProvision(user.id, newProfile);
-
-    // TODO: new user hooks
+    const user = await this.provisionLibrary.provisionNewUser(newProfile);
 
     this.userId = user.id;
   }

diff --git a/packages/core/src/routes/experience/classes/helpers.ts b/packages/core/src/routes/experience/classes/helpers.ts
@@ -0,0 +1,108 @@
+/**
+ * @overview This file contains helper functions for the main interaction class.
+ *
+ * To help reduce the complexity and code amount of the main interaction class,
+ * we have moved some of the standalone functions into this file.
+ */
+
+import { VerificationType, type User } from '@logto/schemas';
+import { conditional } from '@silverhand/essentials';
+
+import RequestError from '#src/errors/RequestError/index.js';
+import assertThat from '#src/utils/assert-that.js';
+
+import type { InteractionProfile } from '../types.js';
+
+import { type VerificationRecord } from './verifications/index.js';
+
+/**
+ * @throws {RequestError} -400 if the verification record type is not supported for user creation.
+ * @throws {RequestError} -400 if the verification record is not verified.
+ */
+export const getNewUserProfileFromVerificationRecord = async (
+  verificationRecord: VerificationRecord
+): Promise<InteractionProfile> => {
+  switch (verificationRecord.type) {
+    case VerificationType.NewPasswordIdentity:
+    case VerificationType.EmailVerificationCode:
+    case VerificationType.PhoneVerificationCode: {
+      return verificationRecord.toUserProfile();
+    }
+    case VerificationType.EnterpriseSso:
+    case VerificationType.Social: {
+      const identityProfile = await verificationRecord.toUserProfile();
+      const syncedProfile = await verificationRecord.toSyncedProfile(true);
+      return { ...identityProfile, ...syncedProfile };
+    }
+    default: {
+      // Unsupported verification type for user creation, such as MFA verification.
+      throw new RequestError({ code: 'session.verification_failed', status: 400 });
+    }
+  }
+};
+
+/**
+ * @throws {RequestError} -400 if the verification record type is not supported for user identification.
+ * @throws {RequestError} -400 if the verification record is not verified.
+ * @throws {RequestError} -404 if the user is not found.
+ */
+export const identifyUserByVerificationRecord = async (
+  verificationRecord: VerificationRecord,
+  linkSocialIdentity?: boolean
+): Promise<{
+  user: User;
+  /**
+   * Returns the social/enterprise SSO synced profiled if the verification record is a social/enterprise SSO verification.
+   * - For new linked identity, the synced profile will includes the new social or enterprise SSO identity.
+   * - For existing social or enterprise SSO identity, the synced profile will return the synced user profile based on connector settings.
+   */
+  syncedProfile?: Pick<
+    InteractionProfile,
+    'enterpriseSsoIdentity' | 'socialIdentity' | 'avatar' | 'name'
+  >;
+}> => {
+  // Check verification record can be used to identify a user using the `identifyUser` method.
+  // E.g. MFA verification record does not have the `identifyUser` method, cannot be used to identify a user.
+  assertThat(
+    'identifyUser' in verificationRecord,
+    new RequestError({ code: 'session.verification_failed', status: 400 })
+  );
+
+  switch (verificationRecord.type) {
+    case VerificationType.Password:
+    case VerificationType.EmailVerificationCode:
+    case VerificationType.PhoneVerificationCode: {
+      return { user: await verificationRecord.identifyUser() };
+    }
+    case VerificationType.Social: {
+      const user = linkSocialIdentity
+        ? await verificationRecord.identifyRelatedUser()
+        : await verificationRecord.identifyUser();
+
+      const syncedProfile = {
+        ...(await verificationRecord.toSyncedProfile()),
+        ...conditional(linkSocialIdentity && (await verificationRecord.toUserProfile())),
+      };
+
+      return { user, syncedProfile };
+    }
+    case VerificationType.EnterpriseSso: {
+      try {
+        const user = await verificationRecord.identifyUser();
+        const syncedProfile = await verificationRecord.toSyncedProfile();
+        return { user, syncedProfile };
+      } catch (error: unknown) {
+        // Auto fallback to identify the related user if the user does not exist for enterprise SSO.
+        if (error instanceof RequestError && error.code === 'user.identity_not_exist') {
+          const user = await verificationRecord.identifyRelatedUser();
+          const syncedProfile = {
+            ...(await verificationRecord.toUserProfile()),
+            ...(await verificationRecord.toSyncedProfile()),
+          };
+          return { user, syncedProfile };
+        }
+        throw error;
+      }
+    }
+  }
+};
diff --git a/packages/core/src/routes/experience/classes/utils.ts b/packages/core/src/routes/experience/classes/utils.ts
@@ -5,16 +5,11 @@ import {
   type User,
   type VerificationCodeSignInIdentifier,
 } from '@logto/schemas';
-import { conditional } from '@silverhand/essentials';
 
-import RequestError from '#src/errors/RequestError/index.js';
 import type Queries from '#src/tenants/Queries.js';
-import assertThat from '#src/utils/assert-that.js';
 
 import type { InteractionProfile } from '../types.js';
 
-import { type VerificationRecord } from './verifications/index.js';
-
 export const findUserByIdentifier = async (
   userQuery: Queries['users'],
   { type, value }: InteractionIdentifier
@@ -32,98 +27,6 @@ export const findUserByIdentifier = async (
   }
 };
 
-/**
- * @throws {RequestError} -400 if the verification record type is not supported for user creation.
- * @throws {RequestError} -400 if the verification record is not verified.
- */
-export const getNewUserProfileFromVerificationRecord = async (
-  verificationRecord: VerificationRecord
-): Promise<InteractionProfile> => {
-  switch (verificationRecord.type) {
-    case VerificationType.NewPasswordIdentity:
-    case VerificationType.EmailVerificationCode:
-    case VerificationType.PhoneVerificationCode: {
-      return verificationRecord.toUserProfile();
-    }
-    case VerificationType.EnterpriseSso:
-    case VerificationType.Social: {
-      const identityProfile = await verificationRecord.toUserProfile();
-      const syncedProfile = await verificationRecord.toSyncedProfile(true);
-      return { ...identityProfile, ...syncedProfile };
-    }
-    default: {
-      // Unsupported verification type for user creation, such as MFA verification.
-      throw new RequestError({ code: 'session.verification_failed', status: 400 });
-    }
-  }
-};
-
-/**
- * @throws {RequestError} -400 if the verification record type is not supported for user identification.
- * @throws {RequestError} -400 if the verification record is not verified.
- * @throws {RequestError} -404 if the user is not found.
- */
-export const identifyUserByVerificationRecord = async (
-  verificationRecord: VerificationRecord,
-  linkSocialIdentity?: boolean
-): Promise<{
-  user: User;
-  /**
-   * Returns the social/enterprise SSO synced profiled if the verification record is a social/enterprise SSO verification.
-   * - For new linked identity, the synced profile will includes the new social or enterprise SSO identity.
-   * - For existing social or enterprise SSO identity, the synced profile will return the synced user profile based on connector settings.
-   */
-  syncedProfile?: Pick<
-    InteractionProfile,
-    'enterpriseSsoIdentity' | 'socialIdentity' | 'avatar' | 'name'
-  >;
-}> => {
-  // Check verification record can be used to identify a user using the `identifyUser` method.
-  // E.g. MFA verification record does not have the `identifyUser` method, cannot be used to identify a user.
-  assertThat(
-    'identifyUser' in verificationRecord,
-    new RequestError({ code: 'session.verification_failed', status: 400 })
-  );
-
-  switch (verificationRecord.type) {
-    case VerificationType.Password:
-    case VerificationType.EmailVerificationCode:
-    case VerificationType.PhoneVerificationCode: {
-      return { user: await verificationRecord.identifyUser() };
-    }
-    case VerificationType.Social: {
-      const user = linkSocialIdentity
-        ? await verificationRecord.identifyRelatedUser()
-        : await verificationRecord.identifyUser();
-
-      const syncedProfile = {
-        ...(await verificationRecord.toSyncedProfile()),
-        ...conditional(linkSocialIdentity && (await verificationRecord.toUserProfile())),
-      };
-
-      return { user, syncedProfile };
-    }
-    case VerificationType.EnterpriseSso: {
-      try {
-        const user = await verificationRecord.identifyUser();
-        const syncedProfile = await verificationRecord.toSyncedProfile();
-        return { user, syncedProfile };
-      } catch (error: unknown) {
-        // Auto fallback to identify the related user if the user does not exist for enterprise SSO.
-        if (error instanceof RequestError && error.code === 'user.identity_not_exist') {
-          const user = await verificationRecord.identifyRelatedUser();
-          const syncedProfile = {
-            ...(await verificationRecord.toUserProfile()),
-            ...(await verificationRecord.toSyncedProfile()),
-          };
-          return { user, syncedProfile };
-        }
-        throw error;
-      }
-    }
-  }
-};
-
 /**
  * Convert the interaction profile `socialIdentity` to `User['identities']` data format
  */
@@ -140,9 +43,9 @@ export const toUserSocialIdentityData = (
   };
 };
 
-export function interactionIdentifierToUserProfile(
+export const interactionIdentifierToUserProfile = (
   identifier: InteractionIdentifier
-): { username: string } | { primaryEmail: string } | { primaryPhone: string } {
+): { username: string } | { primaryEmail: string } | { primaryPhone: string } => {
   const { type, value } = identifier;
   switch (type) {
     case SignInIdentifier.Username: {
@@ -155,7 +58,7 @@ export function interactionIdentifierToUserProfile(
       return { primaryPhone: value };
     }
   }
-}
+};
 
 export const codeVerificationIdentifierRecordTypeMap = Object.freeze({
   [SignInIdentifier.Email]: VerificationType.EmailVerificationCode,