redo the auth so that only one user acc is created

trangdoan982 · trangdoan982 · commit d53a70efe9d7 · 2026-01-03T15:13:22.000-05:00
diff --git a/apps/obsidian/src/utils/supabaseContext.ts b/apps/obsidian/src/utils/supabaseContext.ts
@@ -19,11 +19,12 @@ export type SupabaseContext = {
 let contextCache: SupabaseContext | null = null;
 
 const generateAccountLocalId = (vaultName: string): string => {
-  const randomSuffix = Math.random()
-    .toString(36)
-    .substring(2, 8)
-    .toUpperCase();
-  return `${vaultName}-${randomSuffix}`;
+  const randomSuffix = Math.random().toString(36).substring(2, 8).toUpperCase();
+  const sanitizedVaultName = vaultName
+    .replace(/\s+/g, "")
+    .replace(/[^a-zA-Z0-9]/g, "")
+    .replace(/-+/g, "-");
+  return `${sanitizedVaultName}${randomSuffix}@database.discoursegraphs.com`;
 };
 
 const getOrCreateSpacePassword = async (
@@ -71,6 +72,8 @@ export const getSupabaseContext = async (
         url,
         name: vaultName,
         platform,
+        accountLocalId,
+        accountName: vaultName,
       });
 
       if (!spaceResult.data) {
@@ -107,19 +110,55 @@ let loggedInClient: DGSupabaseClient | null = null;
 export const getLoggedInClient = async (
   plugin: DiscourseGraphPlugin,
 ): Promise<DGSupabaseClient | null> => {
+  const accountLocalId = plugin.settings.accountLocalId;
+  if (!accountLocalId) {
+    throw new Error("accountLocalId not found in plugin settings");
+  }
   if (loggedInClient === null) {
     const context = await getSupabaseContext(plugin);
-    if (context === null) throw new Error("Could not create context");
-    loggedInClient = await createLoggedInClient(
-      context.platform,
-      context.spaceId,
-      context.spacePassword,
-    );
+    if (context === null) {
+      throw new Error("Could not create Supabase context");
+    }
+    try {
+      loggedInClient = await createLoggedInClient({
+        platform: context.platform,
+        spaceId: context.spaceId,
+        password: context.spacePassword,
+        accountLocalId,
+      });
+      if (!loggedInClient) {
+        throw new Error(
+          "Failed to create Supabase client - check environment variables",
+        );
+      }
+    } catch (error) {
+      const errorMessage =
+        error instanceof Error ? error.message : String(error);
+      console.error("Failed to create logged-in client:", errorMessage);
+      throw new Error(`Supabase authentication failed: ${errorMessage}`);
+    }
   } else {
     // renew session
     const { error } = await loggedInClient.auth.getSession();
     if (error) {
+      console.warn("Session renewal failed, re-authenticating:", error);
       loggedInClient = null;
+      const context = await getSupabaseContext(plugin);
+      if (context === null) {
+        throw new Error(
+          "Could not create Supabase context for re-authentication",
+        );
+      }
+
+      loggedInClient = await createLoggedInClient({
+        platform: context.platform,
+        spaceId: context.spaceId,
+        password: context.spacePassword,
+        accountLocalId,
+      });
+      if (!loggedInClient) {
+        throw new Error("Failed to re-authenticate Supabase client");
+      }
     }
   }
   return loggedInClient;
diff --git a/apps/roam/src/utils/supabaseContext.ts b/apps/roam/src/utils/supabaseContext.ts
@@ -96,11 +96,11 @@ export const getLoggedInClient = async (): Promise<DGSupabaseClient | null> => {
   if (_loggedInClient === null) {
     const context = await getSupabaseContext();
     if (context === null) throw new Error("Could not create context");
-    _loggedInClient = await createLoggedInClient(
-      context.platform,
-      context.spaceId,
-      context.spacePassword,
-    );
+    _loggedInClient = await createLoggedInClient({
+      platform: context.platform,
+      spaceId: context.spaceId,
+      password: context.spacePassword,
+    });
   } else {
     // renew session
     const { error } = await _loggedInClient.auth.getSession();
diff --git a/packages/database/src/lib/contextFunctions.ts b/packages/database/src/lib/contextFunctions.ts
@@ -14,7 +14,11 @@ const baseUrl = nextApiRoot() + "/supabase";
 type SpaceDataInput = TablesInsert<"Space">;
 export type SpaceRecord = Tables<"Space">;
 
-export type SpaceCreationInput = SpaceDataInput & { password: string };
+export type SpaceCreationInput = SpaceDataInput & {
+  password: string;
+  accountLocalId?: string;
+  accountName?: string;
+};
 
 export const asPostgrestFailure = (
   message: string,
@@ -123,15 +127,25 @@ export const fetchOrCreateSpaceDirect = async (
   };
 };
 
-export const createLoggedInClient = async (
-  platform: Platform,
-  spaceId: number,
-  password: string,
-): Promise<DGSupabaseClient | null> => {
+export const createLoggedInClient = async ({
+  platform,
+  spaceId,
+  password,
+  accountLocalId,
+}: {
+  platform: Platform;
+  spaceId: number;
+  password: string;
+  accountLocalId?: string;
+}): Promise<DGSupabaseClient | null> => {
   const loggedInClient: DGSupabaseClient | null = createClient();
   if (!loggedInClient) return null;
+  const email =
+    platform === "Obsidian" && accountLocalId
+      ? accountLocalId
+      : spaceAnonUserEmail(platform, spaceId);
   const { error } = await loggedInClient.auth.signInWithPassword({
-    email: spaceAnonUserEmail(platform, spaceId),
+    email,
     password: password,
   });
   if (error) {
@@ -155,9 +169,28 @@ export const fetchOrCreatePlatformAccount = async ({
   spaceId: number;
   password: string;
 }): Promise<number> => {
-  const supabase = await createLoggedInClient(platform, spaceId, password);
+  const supabase = await createLoggedInClient({
+    platform,
+    spaceId,
+    password,
+    accountLocalId,
+  });
   if (!supabase) throw Error("Missing database connection");
 
+  // For Obsidian, user account is already created in create-space, so just fetch it
+  if (platform === "Obsidian") {
+    const result = await supabase
+      .from("PlatformAccount")
+      .select("id")
+      .eq("account_local_id", accountLocalId)
+      .eq("platform", platform)
+      .single();
+    if (result.error) throw Error(result.error.message);
+    if (!result.data) throw Error("Account not found");
+    return result.data.id;
+  }
+
+  // For Roam, use the existing flow
   const result = await supabase.rpc("create_account_in_space", {
     space_id_: spaceId,
     account_local_id_: accountLocalId,
diff --git a/packages/database/supabase/functions/create-space/index.ts b/packages/database/supabase/functions/create-space/index.ts
@@ -51,7 +51,7 @@ const asPostgrestFailure = <T>(
 const spaceValidator = (space: SpaceCreationInput): string | null => {
   if (!space || typeof space !== "object")
     return "Invalid request body: expected a JSON object.";
-  const { name, url, platform, password } = space;
+  const { name, url, platform, password, accountLocalId, accountName } = space;
 
   if (!name || typeof name !== "string" || name.trim() === "")
     return "Missing or invalid name.";
@@ -61,6 +61,12 @@ const spaceValidator = (space: SpaceCreationInput): string | null => {
     return "Missing or invalid platform.";
   if (!password || typeof password !== "string" || password.length < 8)
     return "password must be at least 8 characters";
+  if (platform === "Obsidian") {
+    if (!accountLocalId || typeof accountLocalId !== "string")
+      return "Missing or invalid accountLocalId for Obsidian platform.";
+    if (!accountName || typeof accountName !== "string")
+      return "Missing or invalid accountName for Obsidian platform.";
+  }
   return null;
 };
 
@@ -95,62 +101,90 @@ const processAndGetOrCreateSpace = async (
   const space_id = result.data.id;
 
   // this is related but each step is idempotent, so con retry w/o transaction
-  const email = spaceAnonUserEmail(platform, result.data.id);
-  let anonymousUser: User | null = null;
+  // For Obsidian: create real user account (not anonymous)
+  // For Roam: create anonymous account
+  let email: string;
+  let accountLocalIdForStorage: string;
+  let accountName: string;
+  let agentType: "person" | "anonymous";
+
+  if (platform === "Obsidian") {
+    if (!data.accountLocalId || !data.accountName) {
+      return asPostgrestFailure<SpaceRecord>(
+        "accountLocalId and accountName are required for Obsidian platform",
+        "invalid space",
+      );
+    }
+    email = data.accountLocalId;
+    accountLocalIdForStorage = data.accountLocalId;
+    accountName = data.accountName;
+    agentType = "person";
+  } else {
+    email = spaceAnonUserEmail(platform, result.data.id);
+    accountLocalIdForStorage = email;
+    accountName = `Anonymous of space ${space_id}`;
+    agentType = "anonymous";
+  }
+
+  let authUser: User | null = null;
   {
-    const { error, data } = await supabase.auth.signInWithPassword({
-      email,
-      password,
-    });
+    const { error: signInError, data: signInData } =
+      await supabase.auth.signInWithPassword({
+        email,
+        password,
+      });
 
     if (
-      error &&
+      signInError &&
       !(
-        error.code === "invalid_credentials" ||
-        error.message === "Invalid login credentials"
+        signInError.code === "invalid_credentials" ||
+        signInError.message === "Invalid login credentials"
       )
     ) {
       // Handle unexpected errors
-      return asPostgrestFailure(error.message, "authentication_error");
+      return asPostgrestFailure(signInError.message, "authentication_error");
     }
-    anonymousUser = data.user;
+    authUser = signInData?.user ?? null;
     await supabase.auth.signOut({ scope: "local" });
   }
-  if (anonymousUser === null) {
-    const resultCreateAnonymousUser = await supabase.auth.admin.createUser({
+
+  if (authUser === null) {
+    const resultCreateUser = await supabase.auth.admin.createUser({
       email,
       password,
       email_confirm: true,
     });
-    if (resultCreateAnonymousUser.error) {
+    if (resultCreateUser.error) {
       return {
         count: null,
-        status: resultCreateAnonymousUser.error.status || -1,
-        statusText: resultCreateAnonymousUser.error.message,
+        status: resultCreateUser.error.status || -1,
+        statusText: resultCreateUser.error.message,
         data: null,
         error: new PostgrestError({
-          message: resultCreateAnonymousUser.error.message,
+          message: resultCreateUser.error.message,
           details:
-            typeof resultCreateAnonymousUser.error.cause === "string"
-              ? resultCreateAnonymousUser.error.cause
+            typeof resultCreateUser.error.cause === "string"
+              ? resultCreateUser.error.cause
               : "",
           hint: "",
-          code: resultCreateAnonymousUser.error.code || "unknown",
+          code: resultCreateUser.error.code || "unknown",
         }),
-      }; // space created but not its user, try again
+      };
     }
-    anonymousUser = resultCreateAnonymousUser.data.user as User;
+    authUser = resultCreateUser.data.user as User;
   }
-  // NOTE: The next few steps could be done as the new user, except the SpaceAccess
-  const anonPlatformUserResult = await supabase
+
+  // For Obsidian: real user with name=vaultName, agent_type=person
+  // For Roam: anonymous account
+  const platformAccountResult = await supabase
     .from("PlatformAccount")
     .upsert(
       {
         platform,
-        account_local_id: email,
-        name: `Anonymous of space ${space_id}`,
-        agent_type: "anonymous",
-        dg_account: anonymousUser.id,
+        account_local_id: accountLocalIdForStorage,
+        name: accountName,
+        agent_type: agentType,
+        dg_account: authUser.id,
       },
       {
         onConflict: "account_local_id,platform",
@@ -160,14 +194,14 @@ const processAndGetOrCreateSpace = async (
     )
     .select()
     .single();
-  if (anonPlatformUserResult.error) return anonPlatformUserResult;
+  if (platformAccountResult.error) return platformAccountResult;
 
-  const resultAnonUserSpaceAccess = await supabase
+  const resultUserSpaceAccess = await supabase
     .from("SpaceAccess")
     .upsert(
       {
         space_id,
-        account_id: anonPlatformUserResult.data.id,
+        account_id: platformAccountResult.data.id,
         editor: true,
       },
       {
@@ -178,7 +212,7 @@ const processAndGetOrCreateSpace = async (
     )
     .select()
     .single();
-  if (resultAnonUserSpaceAccess.error) return resultAnonUserSpaceAccess; // space created but not connected, try again
+  if (resultUserSpaceAccess.error) return resultUserSpaceAccess; // space created but not connected, try again
   return result;
 };
 
