WIP:create account and session workflow modification

Signed-off-by: shitrerohit <[email protected]>

Author: shitrerohit

.env.demo

@@ -158,6 +158,12 @@ OTEL_LOGGER_NAME='credebl-platform-logger'
 HOSTNAME='localhost'
 SESSIONS_LIMIT=10
 # SSO
+APP_PROTOCOL=http
+#To add more clients, simply copy the variable below and change the word 'CREDEBL' to your client's name.
+CREDEBL_CLIENT_ALIAS=CREDEBL
+CREDEBL_DOMAIN=http://localhost:3000
+CREDEBL_KEYCLOAK_MANAGEMENT_CLIENT_ID= #Provide the value in its encrypted form using CRYPTO_PRIVATE_KEY.
+CREDEBL_KEYCLOAK_MANAGEMENT_CLIENT_SECRET= #Provide the value in its encrypted form using CRYPTO_PRIVATE_KEY.
 # To add more clients, simply add comma separated values of client names
 SUPPORTED_SSO_CLIENTS=CREDEBL
 

.env.sample

@@ -178,9 +178,14 @@ OTEL_LOGGER_NAME='credebl-platform-logger'       # Name of the logger used for O
 HOSTNAME='localhost'                             # Hostname or unique identifier for the service instance
 
 # SSO
+#To add more clients, simply copy the variable below and change the word 'CREDEBL' to your client's name.
+CREDEBL_CLIENT_ALIAS=CREDEBL
+CREDEBL_DOMAIN=http://localhost:3000
+CREDEBL_KEYCLOAK_MANAGEMENT_CLIENT_ID= #Provide the value in its encrypted form using CRYPTO_PRIVATE_KEY.
+CREDEBL_KEYCLOAK_MANAGEMENT_CLIENT_SECRET= #Provide the value in its encrypted form using CRYPTO_PRIVATE_KEY.
 # To add more clients, simply add comma separated values of client names
 SUPPORTED_SSO_CLIENTS=CREDEBL
-NEXTAUTH_PROTOCOL=
+APP_PROTOCOL=
 
 # Key for agent base wallet
 AGENT_API_KEY='supersecret-that-too-16chars'

apps/api-gateway/src/organization/organization.controller.ts

@@ -559,7 +559,7 @@ export class OrganizationController {
     res.cookie('session_id', orgCredentials.sessionId, {
       httpOnly: true,
       sameSite: 'none',
-      secure: 'http' !== process.env.NEXTAUTH_PROTOCOL
+      secure: 'http' !== process.env.APP_PROTOCOL
     });
 
     return res.status(HttpStatus.OK).json(finalResponse);

apps/organization/src/organization.service.ts

@@ -726,24 +726,14 @@ export class OrganizationService {
     // Otherwise, create a new account and also create the new session
     const fetchAccountDetails = await this.userRepository.checkAccountDetails(orgRoleDetails['user'].id);
     if (fetchAccountDetails) {
-      const accountData = {
-        sessionToken: authenticationResult?.access_token,
-        userId: orgRoleDetails['user'].id,
-        expires: authenticationResult?.expires_in
-      };
-
-      await this.userRepository.updateAccountDetails(accountData).then(async (response) => {
-        const finalSessionData = { ...sessionData, accountId: response.id };
-        addSessionDetails = await this.userRepository.createSession(finalSessionData);
-      });
+      const finalSessionData = { ...sessionData, accountId: fetchAccountDetails.id };
+      addSessionDetails = await this.userRepository.createSession(finalSessionData);
     } else {
       // Note:
       // This else block is mostly used for already registered users on the platform to create their account & session in the database.
       // Once all users are migrated or created their accounts and sessions in the DB, this code can be removed.
       const accountData = {
-        sessionToken: authenticationResult?.access_token,
         userId: orgRoleDetails['user'].id,
-        expires: authenticationResult?.expires_in,
         keycloakUserId: orgRoleDetails['user'].keycloakUserId,
         type: TokenType.BEARER_TOKEN
       };

apps/user/repositories/user.repository.ts

@@ -1,11 +1,11 @@
+/* eslint-disable camelcase */
 /* eslint-disable prefer-destructuring */
 
 import {
   IOrgUsers,
   ISendVerificationEmail,
   ISession,
   IShareUserCertificate,
-  IUpdateAccountDetails,
   IUserDeletedActivity,
   IUserInformation,
   IUsersProfile,
@@ -17,7 +17,6 @@ import {
   UserRoleMapping
 } from '../interfaces/user.interface';
 import { Injectable, InternalServerErrorException, Logger, NotFoundException } from '@nestjs/common';
-// eslint-disable-next-line camelcase
 import {
   Prisma,
   RecordType,
@@ -725,67 +724,13 @@ export class UserRepository {
     }
   }
 
-  async fetchAccountByRefreshToken(userId: string, refreshToken: string): Promise<account> {
-    try {
-      return await this.prisma.account.findUnique({
-        where: {
-          userId,
-          refreshToken
-        }
-      });
-    } catch (error) {
-      this.logger.error(`Error in getting account details: ${error.message} `);
-      throw error;
-    }
-  }
-
-  async updateAccountDetailsById(accountDetails: IUpdateAccountDetails): Promise<account> {
-    try {
-      return await this.prisma.account.update({
-        where: {
-          id: accountDetails.accountId
-        },
-        data: {
-          accessToken: accountDetails.accessToken,
-          refreshToken: accountDetails.refreshToken,
-          expiresAt: accountDetails.expiresAt
-        }
-      });
-    } catch (error) {
-      this.logger.error(`Error in getting account details: ${error.message} `);
-      throw error;
-    }
-  }
-
-  async updateAccountDetails(accountDetails: ISession): Promise<account> {
-    try {
-      const userAccountDetails = await this.prisma.account.update({
-        where: {
-          userId: accountDetails.userId
-        },
-        data: {
-          accessToken: accountDetails.sessionToken,
-          refreshToken: accountDetails.refreshToken,
-          expiresAt: accountDetails.expires
-        }
-      });
-      return userAccountDetails;
-    } catch (error) {
-      this.logger.error(`Error in updateAccountDetails: ${error.message}`);
-      throw error;
-    }
-  }
-
   async addAccountDetails(accountDetails: ISession): Promise<account> {
     try {
       const userAccountDetails = await this.prisma.account.create({
         data: {
           userId: accountDetails.userId,
           provider: ProviderType.KEYCLOAK,
           providerAccountId: accountDetails.keycloakUserId,
-          accessToken: accountDetails.sessionToken,
-          refreshToken: accountDetails.refreshToken,
-          expiresAt: accountDetails.expires,
           tokenType: accountDetails.type
         }
       });
@@ -1014,11 +959,11 @@ export class UserRepository {
     }
   }
 
-  async deleteSessionRecordByRefreshToken(refreshToken: string): Promise<session> {
+  async deleteSessionRecordByRefreshToken(sessionId: string): Promise<session> {
     try {
       const userSession = await this.prisma.session.delete({
         where: {
-          refreshToken
+          id: sessionId
         }
       });
       return userSession;
@@ -1027,4 +972,18 @@ export class UserRepository {
       throw error;
     }
   }
+
+  async fetchSessionByRefreshToken(refreshToken: string): Promise<session> {
+    try {
+      const sessionDetails = await this.prisma.session.findFirst({
+        where: {
+          refreshToken
+        }
+      });
+      return sessionDetails;
+    } catch (error) {
+      this.logger.error(`Error in fetching session details::${error.message}`);
+      throw error;
+    }
+  }
 }

apps/user/src/user.service.ts

@@ -489,10 +489,7 @@ export class UserService {
         let accountData;
         if (null === fetchAccountDetails) {
           accountData = {
-            sessionToken: tokenDetails?.access_token,
             userId: userData?.id,
-            expires: tokenDetails?.expires_in,
-            refreshToken: tokenDetails?.refresh_token,
             keycloakUserId: userData?.keycloakUserId,
             type: TokenType.BEARER_TOKEN
           };
@@ -502,17 +499,8 @@ export class UserService {
             addSessionDetails = await this.userRepository.createSession(finalSessionData);
           });
         } else {
-          accountData = {
-            sessionToken: tokenDetails?.access_token,
-            userId: userData?.id,
-            expires: tokenDetails?.expires_in,
-            refreshToken: tokenDetails?.refresh_token
-          };
-
-          await this.userRepository.updateAccountDetails(accountData).then(async (response) => {
-            const finalSessionData = { ...sessionData, accountId: response.id };
-            addSessionDetails = await this.userRepository.createSession(finalSessionData);
-          });
+          const finalSessionData = { ...sessionData, accountId: fetchAccountDetails.id };
+          addSessionDetails = await this.userRepository.createSession(finalSessionData);
         }
 
         const finalResponse = {
@@ -554,26 +542,18 @@ export class UserService {
         );
         this.logger.debug(`tokenResponse::::${JSON.stringify(tokenResponse)}`);
         // Fetch the details from account table based on userid and refresh token
-        const userAccountDetails = await this.userRepository.fetchAccountByRefreshToken(
-          userByKeycloakId?.['id'],
-          refreshToken
-        );
+        const userAccountDetails = await this.userRepository.checkAccountDetails(userByKeycloakId?.['id']);
         // Update the account details with latest access token, refresh token and exp date
         if (!userAccountDetails) {
           throw new NotFoundException(ResponseMessages.user.error.userAccountNotFound);
         }
-        const updateAccountDetails: IUpdateAccountDetails = {
-          accessToken: tokenResponse.access_token,
-          refreshToken: tokenResponse.refresh_token,
-          expiresAt: tokenResponse.expires_in,
-          accountId: userAccountDetails.id
-        };
-        const updateAccountDetailsResponse = await this.userRepository.updateAccountDetailsById(updateAccountDetails);
-        // Delete the preveious session record and create new one
-        if (!updateAccountDetailsResponse) {
-          throw new InternalServerErrorException(ResponseMessages.user.error.errorInUpdateAccountDetails);
+        // Fetch session details
+        const sessionDetails = await this.userRepository.fetchSessionByRefreshToken(refreshToken);
+        if (!sessionDetails) {
+          throw new NotFoundException(ResponseMessages.user.error.userSeesionNotFound);
         }
-        const deletePreviousSession = await this.userRepository.deleteSessionRecordByRefreshToken(refreshToken);
+        // Delete previous session
+        const deletePreviousSession = await this.userRepository.deleteSessionRecordByRefreshToken(sessionDetails.id);
         if (!deletePreviousSession) {
           throw new InternalServerErrorException(ResponseMessages.user.error.errorInDeleteSession);
         }
@@ -583,7 +563,7 @@ export class UserService {
           expires: tokenResponse.expires_in,
           refreshToken: tokenResponse.refresh_token,
           sessionType: SessionType.USER_SESSION,
-          accountId: updateAccountDetailsResponse.id
+          accountId: userAccountDetails.id
         };
         const addSessionDetails = await this.userRepository.createSession(sessionData);
         if (!addSessionDetails) {

libs/common/src/response-messages/index.ts

@@ -70,7 +70,8 @@ export const ResponseMessages = {
       errorInUpdateAccountDetails: 'Error in updating the account details',
       errorInDeleteSession: 'Error in deleting the session',
       errorInSessionCreation: 'Error in create session',
-      userAccountNotFound: 'User account not found'
+      userAccountNotFound: 'User account not found',
+      userSeesionNotFound: 'User session not found'
     }
   },
   organisation: {

libs/prisma-service/prisma/migrations/20250822115351_account_session_table_modification/migration.sql

@@ -0,0 +1,24 @@
+/*
+  Warnings:
+
+  - You are about to drop the column `accessToken` on the `account` table. All the data in the column will be lost.
+  - You are about to drop the column `expiresAt` on the `account` table. All the data in the column will be lost.
+  - You are about to drop the column `refreshToken` on the `account` table. All the data in the column will be lost.
+
+*/
+-- DropIndex
+DROP INDEX "account_accessToken_key";
+
+-- DropIndex
+DROP INDEX "account_refreshToken_key";
+
+-- DropIndex
+DROP INDEX "session_refreshToken_key";
+
+-- DropIndex
+DROP INDEX "session_sessionToken_key";
+
+-- AlterTable
+ALTER TABLE "account" DROP COLUMN "accessToken",
+DROP COLUMN "expiresAt",
+DROP COLUMN "refreshToken";

libs/prisma-service/prisma/schema.prisma

@@ -44,9 +44,6 @@ model account {
   type              String?
   provider          String
   providerAccountId String      
-  refreshToken      String?     @unique
-  accessToken       String?     @unique
-  expiresAt         Int?
   tokenType         String?
   scope             String?
   idToken           String?
@@ -59,10 +56,10 @@ model account {
 
 model session {
   id               String      @id @default(uuid()) @db.Uuid
-  sessionToken     String      @unique
+  sessionToken     String      
   userId           String      @db.Uuid
   expires          Int
-  refreshToken     String?     @unique
+  refreshToken     String?     
   user             user        @relation(fields: [userId], references: [id])
   createdAt        DateTime    @default(now())
   updatedAt        DateTime    @updatedAt