Move tables admin auth to the api (#1670)

Part of OPS-3123.

Author: MarceloRGonc

packages/server/api/src/app/ai/mcp/tables-tools.ts

@@ -1,14 +1,12 @@
-import {
-  authenticateDefaultUserInOpenOpsTables,
-  createAxiosHeaders,
-} from '@openops/common';
+import { createAxiosHeaders } from '@openops/common';
 import { AppSystemProp, system } from '@openops/server-shared';
 import { experimental_createMCPClient as createMCPClient, ToolSet } from 'ai';
 import { openopsTables } from '../../openops-tables';
+import { authenticateAdminUserInOpenOpsTables } from '../../openops-tables/auth-admin-tables';
 import { MCPTool } from './types';
 
 export async function getTablesTools(): Promise<MCPTool> {
-  const { token } = await authenticateDefaultUserInOpenOpsTables();
+  const { token } = await authenticateAdminUserInOpenOpsTables();
   const mcpEndpoint = await openopsTables.getMcpEndpointList(token);
   if (!mcpEndpoint) {
     return {

packages/server/api/src/app/authentication/new-user/organization-assignment.ts

@@ -1,4 +1,3 @@
-import { authenticateDefaultUserInOpenOpsTables } from '@openops/common';
 import { AppSystemProp, system } from '@openops/server-shared';
 import { ApplicationError, ErrorCode, isNil, User } from '@openops/shared';
 import { openopsTables } from '../../openops-tables';
@@ -54,7 +53,7 @@ async function addUserToDefaultWorkspace(values: {
   workspaceId: number;
 }): Promise<void> {
   const { token: defaultToken } =
-    await authenticateDefaultUserInOpenOpsTables();
+    await openopsTables.authenticateAdminUserInOpenOpsTables();
 
   await openopsTables.addUserToWorkspace(defaultToken, {
     ...values,

packages/server/api/src/app/database/migrations/1763394159990-AddTablesTokenToProject.ts

@@ -1,5 +1,5 @@
-import { authenticateDefaultUserInOpenOpsTables } from '@openops/common';
-import { encryptUtils } from '@openops/server-shared';
+import { authenticateUserInOpenOpsTables } from '@openops/common';
+import { AppSystemProp, encryptUtils, system } from '@openops/server-shared';
 import { MigrationInterface, QueryRunner } from 'typeorm';
 import { openopsTables } from '../../openops-tables';
 
@@ -43,7 +43,9 @@ async function createTokensForExistingProjects(
     return;
   }
 
-  const { token } = await authenticateDefaultUserInOpenOpsTables();
+  const adminEmail = system.getOrThrow(AppSystemProp.OPENOPS_ADMIN_EMAIL);
+  const password = system.getOrThrow(AppSystemProp.OPENOPS_ADMIN_PASSWORD);
+  const { token } = await authenticateUserInOpenOpsTables(adminEmail, password);
   for (const record of projects) {
     const newToken = await openopsTables.createDatabaseToken(
       record.tablesWorkspaceId,

packages/server/api/src/app/database/seeds/create-open-ops-tables-mcp-endpoint.ts

@@ -1,10 +1,9 @@
-import { authenticateDefaultUserInOpenOpsTables } from '@openops/common';
 import { logger } from '@openops/server-shared';
 import { openopsTables } from '../../openops-tables';
 import { OPENOPS_DEFAULT_WORKSPACE_NAME } from '../../openops-tables/default-workspace-database';
 
 export const createOpenOpsTablesMcpEndpoint = async () => {
-  const { token } = await authenticateDefaultUserInOpenOpsTables();
+  const { token } = await openopsTables.authenticateAdminUserInOpenOpsTables();
   const mcpEndpoints = await openopsTables.getMcpEndpointList(token);
   const workspace = await openopsTables.getWorkspaceByName(
     token,

packages/server/api/src/app/database/seeds/openops-delete-old-opportunities-table.ts

@@ -1,13 +1,13 @@
 /* TODO: remove this when all environments are migrated */
 
 import {
-  authenticateDefaultUserInOpenOpsTables,
   createAxiosHeaders,
   getTableByName,
   makeOpenOpsTablesDelete,
 } from '@openops/common';
 import { logger } from '@openops/server-shared';
 import { FlagEntity } from '../../flags/flag.entity';
+import { openopsTables } from '../../openops-tables';
 import { SEED_OPENOPS_TABLE_NAME } from '../../openops-tables/template-tables/create-opportunities-table';
 import { databaseConnection } from '../database-connection';
 import { getDefaultProjectTablesDatabaseToken } from '../get-default-user-db-token';
@@ -53,7 +53,8 @@ export const deleteOldOpportunitiesTable = async (): Promise<void> => {
   }
 
   try {
-    const { token } = await authenticateDefaultUserInOpenOpsTables();
+    const { token } =
+      await openopsTables.authenticateAdminUserInOpenOpsTables();
 
     const table = await getTableByName(
       SEED_OPENOPS_TABLE_NAME,

packages/server/api/src/app/database/seeds/openops-tables-rename-database.ts

@@ -1,15 +1,13 @@
 /* TODO: remove this when all environments are migrated */
 
-import { logger } from '@openops/server-shared';
-import { FlagEntity } from '../../flags/flag.entity';
-import { openopsTables } from '../../openops-tables';
-import { databaseConnection } from '../database-connection';
-
 import {
-  authenticateDefaultUserInOpenOpsTables,
   getDefaultDatabaseId,
   OPENOPS_DEFAULT_DATABASE_NAME,
 } from '@openops/common';
+import { logger } from '@openops/server-shared';
+import { FlagEntity } from '../../flags/flag.entity';
+import { openopsTables } from '../../openops-tables';
+import { databaseConnection } from '../database-connection';
 
 const OPENOPS_TABLES_DATABASE_RENAMED_FLAG = 'TABLES_DB_RENAMED';
 const isOpenopsTablesDatabaseAlreadyRenamed = async (): Promise<boolean> => {
@@ -39,7 +37,7 @@ export const updateOpenopsTablesDatabase = async (): Promise<void> => {
     return;
   }
 
-  const { token } = await authenticateDefaultUserInOpenOpsTables();
+  const { token } = await openopsTables.authenticateAdminUserInOpenOpsTables();
 
   try {
     const tablesDatabaseId = await getDefaultDatabaseId(

packages/server/api/src/app/database/seeds/seed-admin.ts

@@ -1,4 +1,3 @@
-import { authenticateDefaultUserInOpenOpsTables } from '@openops/common';
 import { AppSystemProp, logger, system } from '@openops/server-shared';
 import { OrganizationRole, Provider, User } from '@openops/shared';
 import { authenticationService } from '../../authentication/basic/authentication-service';
@@ -81,7 +80,7 @@ async function ensureOpenOpsTablesWorkspaceAndDatabaseExist(): Promise<{
   workspaceId: number;
   databaseId: number;
 }> {
-  const { token } = await authenticateDefaultUserInOpenOpsTables();
+  const { token } = await openopsTables.authenticateAdminUserInOpenOpsTables();
 
   const { workspaceId, databaseId, databaseToken } =
     await openopsTables.createDefaultWorkspaceAndDatabase(token);

packages/server/api/src/app/openops-tables/auth-admin-tables.ts

@@ -0,0 +1,40 @@
+import { authenticateUserInOpenOpsTables } from '@openops/common';
+import { AppSystemProp, cacheWrapper, system } from '@openops/server-shared';
+import { IAxiosRetryConfig } from 'axios-retry';
+
+export type AuthTokens = {
+  token: string;
+  refresh_token: string;
+};
+
+export async function authenticateAdminUserInOpenOpsTables(
+  axiosRetryConfig?: IAxiosRetryConfig,
+): Promise<AuthTokens> {
+  const cacheKey = 'openops-tables-token';
+  const tokenLifetimeMinutes = system.getNumber(
+    AppSystemProp.TABLES_TOKEN_LIFETIME_MINUTES,
+  );
+  const tokenLifetimeSeconds = tokenLifetimeMinutes
+    ? (tokenLifetimeMinutes - 10) * 60
+    : undefined;
+
+  let tokens = await cacheWrapper.getSerializedObject<AuthTokens>(cacheKey);
+
+  if (!tokens) {
+    const email = system.getOrThrow(AppSystemProp.OPENOPS_ADMIN_EMAIL);
+    const password = system.getOrThrow(AppSystemProp.OPENOPS_ADMIN_PASSWORD);
+
+    tokens = await authenticateUserInOpenOpsTables(
+      email,
+      password,
+      axiosRetryConfig,
+    );
+    await cacheWrapper.setSerializedObject(
+      cacheKey,
+      tokens,
+      tokenLifetimeSeconds,
+    );
+  }
+
+  return tokens;
+}

packages/server/api/src/app/openops-tables/index.ts

@@ -1,4 +1,5 @@
 import { addUserToWorkspace } from './add-user-workspace';
+import { authenticateAdminUserInOpenOpsTables } from './auth-admin-tables';
 import { createDatabase } from './create-database';
 import { createDatabaseToken } from './create-database-token';
 import { createMcpEndpoint } from './create-mcp-endpoint';
@@ -28,4 +29,5 @@ export const openopsTables = {
   getMcpEndpointList,
   createMcpEndpoint,
   getWorkspaceByName,
+  authenticateAdminUserInOpenOpsTables,
 };

packages/server/api/src/app/openops-tables/template-tables/seed-tables-for-templates.ts

@@ -1,7 +1,7 @@
-import { authenticateDefaultUserInOpenOpsTables } from '@openops/common';
 import { AppSystemProp, logger, system } from '@openops/server-shared';
 import { projectService } from '../../project/project-service';
 import { userService } from '../../user/user-service';
+import { openopsTables } from '../index';
 import { createAggregatedCostsTable } from './create-aggregated-costs-table';
 import { createAutoInstancesShutdownTable } from './create-auto-instances-shutdown-table';
 import { createBusinessUnitsTable } from './create-business-units-table';
@@ -32,8 +32,9 @@ const getProjectTablesDatabaseId = async (): Promise<number> => {
 };
 
 export const seedTemplateTablesService = {
-  async createBaseTemplateTables(): Promise<void> {
-    const { token } = await authenticateDefaultUserInOpenOpsTables();
+  async createBaseTemplateTables() {
+    const { token } =
+      await openopsTables.authenticateAdminUserInOpenOpsTables();
     const databaseId = await getProjectTablesDatabaseId();
 
     const buTable = await createBusinessUnitsTable(databaseId, token);
@@ -48,24 +49,27 @@ export const seedTemplateTablesService = {
     logger.info('[Seeding template tables] Done');
   },
 
-  async createOpportunityTemplateTable(): Promise<void> {
-    const { token } = await authenticateDefaultUserInOpenOpsTables();
+  async createOpportunityTemplateTable() {
+    const { token } =
+      await openopsTables.authenticateAdminUserInOpenOpsTables();
     const databaseId = await getProjectTablesDatabaseId();
 
     await createOpportunitiesTable(token, databaseId);
 
     logger.info('[Seeding opportunity template table] Done');
   },
 
-  async createAggregatedCostsTable(): Promise<void> {
-    const { token } = await authenticateDefaultUserInOpenOpsTables();
+  async createAggregatedCostsTable() {
+    const { token } =
+      await openopsTables.authenticateAdminUserInOpenOpsTables();
     const databaseId = await getProjectTablesDatabaseId();
 
     await createAggregatedCostsTable(databaseId, token);
   },
 
-  async createKnownCostTypesByApplicationTable(): Promise<void> {
-    const { token } = await authenticateDefaultUserInOpenOpsTables();
+  async createKnownCostTypesByApplicationTable() {
+    const { token } =
+      await openopsTables.authenticateAdminUserInOpenOpsTables();
     const databaseId = await getProjectTablesDatabaseId();
 
     await createKnownCostTypesByApplicationTable(token, databaseId);
@@ -74,7 +78,8 @@ export const seedTemplateTablesService = {
   },
 
   async createAutoInstancesShutdownTable(): Promise<void> {
-    const { token } = await authenticateDefaultUserInOpenOpsTables();
+    const { token } =
+      await openopsTables.authenticateAdminUserInOpenOpsTables();
     const databaseId = await getProjectTablesDatabaseId();
 
     await createAutoInstancesShutdownTable(token, databaseId);