add workspace invites

Author: vkarpov15

config.js

@@ -0,0 +1,17 @@
+'use strict';
+
+if (!process.env.NODE_ENV) {
+  process.env.NODE_ENV = 'local';
+}
+const env = process.env.NODE_ENV;
+
+const dotenv = require('dotenv');
+const path = require('path');
+
+console.log('NODE_ENV =', env);
+
+if (!['development', 'production'].includes(process.env.NODE_ENV)) {
+  dotenv.config({
+    path: path.resolve(__dirname, `.env.${env.toLocaleLowerCase()}`)
+  });
+}

netlify/functions/getWorkspace.js

@@ -1,22 +1,3 @@
 'use strict';
 
-const Archetype = require('archetype');
-const connect = require('../../src/db');
-const extrovert = require('extrovert');
-
-const GetWorkspaceParams = new Archetype({
-  apiKey: {
-    $type: 'string',
-    $required: true
-  }
-}).compile('GetWorkspaceParams');
-
-module.exports = extrovert.toNetlifyFunction(async function getWorkspace(params) {
-  const { apiKey } = new GetWorkspaceParams(params);
-
-  const db = await connect();
-  const { Workspace } = db.models;
-
-  const workspace = await Workspace.findOne({ apiKey }).orFail();
-  return { workspace };
-});
+module.exports = extrovert.toNetlifyFunction(require('../../src/actions/getWorkspace'));

package.json

@@ -11,7 +11,8 @@
     "cheerio": "1.0.0",
     "extrovert": "0.0.26",
     "mongoose": "8.x",
-    "ramda": "0.28.0"
+    "ramda": "0.28.0",
+    "time-commando": "1.0.1"
   },
   "devDependencies": {
     "@masteringjs/eslint-config": "0.1.1",
@@ -27,7 +28,7 @@
   "scripts": {
     "seed": "env NODE_ENV=development node ./seed",
     "start": "node .",
-    "test": "env NODE_ENV=test mocha test/*.test.js",
+    "test": "env NODE_ENV=test mocha -r ./config test/*.test.js",
     "lint": "eslint ."
   }
 }

src/actions/getWorkspace.js

@@ -0,0 +1,22 @@
+'use strict';
+
+const Archetype = require('archetype');
+const connect = require('../../src/db');
+const extrovert = require('extrovert');
+
+const GetWorkspaceParams = new Archetype({
+  apiKey: {
+    $type: 'string',
+    $required: true
+  }
+}).compile('GetWorkspaceParams');
+
+module.exports = async function getWorkspace(params) {
+  const { apiKey } = new GetWorkspaceParams(params);
+
+  const db = await connect();
+  const { Workspace } = db.models;
+
+  const workspace = await Workspace.findOne({ apiKey }).orFail();
+  return { workspace };
+};

src/actions/inviteToWorkspace.js

@@ -0,0 +1,65 @@
+'use strict';
+
+const Archetype = require('archetype');
+const connect = require('../../src/db');
+const extrovert = require('extrovert');
+const mongoose = require('mongoose');
+
+const InviteToWorkspaceParams = new Archetype({
+  authorization: {
+    $type: 'string',
+    $required: true
+  },
+  workspaceId: {
+    $type: mongoose.Types.ObjectId,
+    $required: true
+  },
+  githubUsername: {
+    $type: 'string',
+    $required: true
+  },
+  roles: {
+    $type: ['string'],
+    $required: true,
+    $enum: ['admin', 'member', 'readonly', 'dashboards']
+  }
+}).compile('InviteToWorkspaceParams');
+
+module.exports = async function inviteToWorkspace(params) {
+  const { authorization, githubUsername, roles, workspaceId } = new InviteToWorkspaceParams(params);
+
+  const db = await connect();
+  const { AccessToken, User, Workspace, Invitation } = db.models;
+
+  // Verify access token
+  const accessToken = await AccessToken.findById(authorization).orFail(new Error('Invalid or expired access token'));
+  if (accessToken.expiresAt < new Date()) {
+    throw new Error('Access token has expired');
+  }
+
+  const invitedByUserId = accessToken.userId;
+
+  // Find a workspace where the user is an owner or admin
+  const workspace = await Workspace.findById(workspaceId).orFail();
+  const inviterRoles = workspace.members.find(member => member.userId.toString() === invitedByUserId.toString())?.roles;
+  if (inviterRoles == null || (!inviterRoles.includes('admin') && !inviterRoles.includes('owner'))) {
+    throw new Error('Forbidden');
+  }
+
+  const isAlreadyMember = await User.exists(
+    { _id: { $in: workspace.members.map(member => member.userId) },
+    githubUsername
+  });
+  if (isAlreadyMember) {
+    throw new Error(`${githubUsername} is already a member of this workspace`);
+  }
+
+  // Create or update an invitation
+  const invitation = await Invitation.findOneAndUpdate(
+    { workspaceId: workspace._id, githubUsername },
+    { invitedBy: invitedByUserId, roles, status: 'pending' },
+    { upsert: true, new: true }
+  );
+
+  return { invitation };
+};

src/db/index.js

@@ -5,6 +5,7 @@ const mongoose = require('mongoose');
 let conn = null;
 
 const accessTokenSchema = require('./AccessToken');
+const invitationSchema = require('./invitation');
 const jobSchema = require('./Job');
 const subscriberSchema = require('./subscriber');
 const taskSchema = require('./task');
@@ -19,6 +20,7 @@ module.exports = async function connect() {
     await conn.asPromise();
   }
   conn.model('AccessToken', accessTokenSchema, 'AccessToken');
+  conn.model('Invitation', invitationSchema, 'Invitation');
   conn.model('Job', jobSchema, 'Job');
   conn.model('Subscriber', subscriberSchema, 'Subscriber');
   conn.model('Task', taskSchema, 'Task');

src/db/invitation.js

@@ -0,0 +1,37 @@
+'use strict';
+
+const mongoose = require('mongoose');
+const time = require('time-commando');
+
+const invitationSchema = new mongoose.Schema({
+  workspaceId: {
+    type: mongoose.Schema.Types.ObjectId,
+    ref: 'Workspace',
+    required: true
+  },
+  githubUsername: {
+    type: String,
+    required: true
+  },
+  invitedBy: {
+    type: mongoose.Schema.Types.ObjectId,
+    ref: 'User',
+    required: true
+  },
+  roles: [{
+    type: String,
+    required: true,
+    enum: ['admin', 'member', 'readonly', 'dashboards']
+  }],
+  status: {
+    type: String,
+    enum: ['pending', 'accepted', 'declined', 'expired'],
+    default: 'pending'
+  },
+  expiresAt: {
+    type: Date,
+    default: () => time.now() + 7 * time.oneDayMS
+  }
+}, { timestamps: true, id: false });
+
+module.exports = invitationSchema;

src/db/workspace.js

@@ -33,6 +33,21 @@ const workspaceSchema = new mongoose.Schema({
   baseUrl: {
     type: String,
     required: true
+  },
+  stripeCustomerId: {
+    type: String,
+    unique: true,
+    sparse: true
+  },
+  stripeSubscriptionId: {
+    type: String,
+    unique: true,
+    sparse: true
+  },
+  subscriptionTier: {
+    type: String,
+    enum: ['pro'],
+    required: true
   }
 }, { timestamps: true, id: false });
 

test/inviteToWorkspace.test.js

@@ -0,0 +1,94 @@
+'use strict';
+
+const assert = require('assert');
+const mongoose = require('mongoose');
+const inviteToWorkspace = require('../src/actions/inviteToWorkspace');
+const connect = require('../src/db');
+
+describe('inviteToWorkspace', function () {
+  let db, AccessToken, User, Workspace, Invitation;
+  let user, workspace, accessToken;
+
+  beforeEach(async function () {
+    // Connect to the real database
+    db = await connect();
+    ({ AccessToken, User, Workspace, Invitation } = db.models);
+
+    await AccessToken.deleteMany({});
+    await User.deleteMany({});
+    await Workspace.deleteMany({});
+    await Invitation.deleteMany({});
+
+    user = await User.create({
+      name: 'John Doe',
+      email: '[email protected]',
+      githubUsername: 'johndoe',
+      githubUserId: '1234'
+    });
+
+    accessToken = await AccessToken.create({
+      userId: user._id,
+      expiresAt: new Date(Date.now() + 1000 * 60 * 60 * 24 * 30) // 30 days valid
+    });
+
+    workspace = await Workspace.create({
+      name: 'Test Workspace',
+      ownerId: user._id,
+      apiKey: 'test-api-key',
+      baseUrl: 'https://example.com',
+      members: [{ userId: user._id, roles: ['owner'] }],
+      subscriptionTier: 'pro'
+    });
+  });
+
+  afterEach(async function () {
+    // Cleanup after tests
+    await AccessToken.deleteMany({});
+    await User.deleteMany({});
+    await Workspace.deleteMany({});
+    await Invitation.deleteMany({});
+  });
+
+  it('should invite a user successfully', async function () {
+    const result = await inviteToWorkspace({
+      authorization: accessToken._id.toString(),
+      workspaceId: workspace._id,
+      githubUsername: 'janesmith',
+      roles: ['member']
+    });
+
+    assert.strictEqual(result.invitation.githubUsername, 'janesmith');
+    assert.strictEqual(result.invitation.status, 'pending');
+    assert.deepStrictEqual(result.invitation.roles, ['member']);
+
+    const invitationInDb = await Invitation.findOne({ githubUsername: 'janesmith' });
+    assert.ok(invitationInDb, 'Invitation should be saved in the database');
+    assert.strictEqual(invitationInDb.invitedBy.toString(), user._id.toString());
+    assert.strictEqual(invitationInDb.workspaceId.toString(), workspace._id.toString());
+  });
+
+  
+  it('should fail if user is already a member of the workspace', async function () {
+    const invitedUser = await User.create({
+      name: 'Jane Smith',
+      email: '[email protected]',
+      githubUsername: 'janesmith'
+    });
+
+    // Add the user directly as a member of the workspace
+    await Workspace.findByIdAndUpdate(workspace._id, {
+      $push: { members: { userId: invitedUser._id, roles: ['member'] } }
+    });
+
+    await assert.rejects(
+      inviteToWorkspace({
+        authorization: accessToken._id.toString(),
+        workspaceId: workspace._id,
+        githubUsername: 'janesmith',
+        roles: ['member']
+      }),
+      /janesmith is already a member of this workspace/
+    );
+  });
+});
+

test/setup.test.js

@@ -1,7 +1,5 @@
 'use strict';
 
-require('dotenv').config({ path: './.env.test' });
-
 const { after, before } = require('mocha');
 const connect = require('../src/db');