Merge pull request #494 from NaucMeIT/customer-magic-auth

Author: BleedingDev

libs/api/auth/src/api-auth.ts

@@ -1,11 +1,11 @@
 import { formatApiErrorResponse } from '@nmit-coursition/api/utils'
 import {
+  AUTH_BRJ_COOKIES_NAME,
   AUTH_COOKIES_NAME,
-  getUserProfile,
+  createBrjMagicAuth,
+  getBrjIdentity,
   invalidateSession,
-  storeUserSession,
-  updateUser,
-  validateSessionToken,
+  logoutBrj,
 } from '@nmit-coursition/auth'
 import { secretsEnv } from '@nmit-coursition/env'
 import { WorkOS } from '@workos-inc/node'
@@ -32,7 +32,6 @@ export const apiAuth = new Elysia({ prefix: '/auth', tags: ['auth'] })
     return redirect(authorizationUrl)
   })
   .get('/callback', async ({ request, query, error, redirect, cookie }) => {
-    const organisationId = 1 // TODO
     const code = String(query['code'] || '')
 
     if (!code) throw error(400, formatApiErrorResponse(request, 'No code provided.'))
@@ -48,7 +47,7 @@ export const apiAuth = new Elysia({ prefix: '/auth', tags: ['auth'] })
       })
 
       const { user, sealedSession } = authenticateResponse
-      const internalUser = await updateUser(user, organisationId)
+      const brjIdentity = await createBrjMagicAuth(user)
 
       cookie[AUTH_COOKIES_NAME]?.set({
         value: sealedSession || '',
@@ -58,7 +57,15 @@ export const apiAuth = new Elysia({ prefix: '/auth', tags: ['auth'] })
         sameSite: 'lax',
       })
 
-      await storeUserSession(internalUser.id, sealedSession || '')
+      if (brjIdentity) {
+        cookie[AUTH_BRJ_COOKIES_NAME]?.set({
+          value: brjIdentity,
+          path: '/',
+          httpOnly: true,
+          secure: true,
+          sameSite: 'lax',
+        })
+      }
 
       return redirect('/')
     } catch (error) {
@@ -69,7 +76,8 @@ export const apiAuth = new Elysia({ prefix: '/auth', tags: ['auth'] })
   })
   .get('/logout', async ({ redirect, cookie }) => {
     const sessionData = cookie[AUTH_COOKIES_NAME]?.toString()
-    if (!sessionData) return redirect('/login')
+    const brjSessionData = cookie[AUTH_BRJ_COOKIES_NAME]?.toString()
+    if (!sessionData || !brjSessionData) return redirect('/auth/login')
 
     try {
       const session = workos.userManagement.loadSealedSession({
@@ -78,20 +86,20 @@ export const apiAuth = new Elysia({ prefix: '/auth', tags: ['auth'] })
       })
 
       const url = await session.getLogoutUrl()
-      cookie[AUTH_COOKIES_NAME]?.remove()
       await invalidateSession(sessionData)
+      await logoutBrj(brjSessionData)
+      cookie[AUTH_COOKIES_NAME]?.remove()
+      cookie[AUTH_BRJ_COOKIES_NAME]?.remove()
 
       return redirect(url)
     } catch (error) {
       // eslint-disable-next-line no-console debug info
       console.error(error)
-      return redirect('/login')
+      return redirect('/auth/login')
     }
   })
-  .get('/profile', async ({ headers, cookie }) => {
-    const session = cookie[AUTH_COOKIES_NAME]?.toString() || ''
-    const apiKeyRaw = headers['authorization'] || ''
-    const apiKey = apiKeyRaw || (await validateSessionToken(session))
+  .get('/profile', async ({ cookie }) => {
+    const brjSessionData = cookie[AUTH_BRJ_COOKIES_NAME]?.toString() || ''
 
-    return getUserProfile(apiKey)
+    return getBrjIdentity(brjSessionData)
   })

libs/api/utils/src/lib/api-utils.ts

@@ -70,9 +70,21 @@ function initSentry(request: ExtendedRequest) {
   Sentry.setTag('url', request.url || 'CLI')
 }
 
-export function reportUsage(apiKey: string, duration: number, type: 'video' | 'document' | 'web') {
-  // eslint-disable-next-line no-console -- will be replaced with real usage reporting
-  console.log(`API Key ${apiKey} used ${duration} on ${type}.`)
+export async function reportUsage(identityId: string, duration: number, type: 'video' | 'document' | 'web') {
+  const apiKey = process.env['BRJ_API_KEY']
+  const amount = Math.ceil(duration)
+  await fetch(`https://brj.app/api/v1/customer/credit-spend?apiKey=${apiKey}`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify({
+      apiKey,
+      identityId,
+      amount,
+      description: type,
+    }),
+  })
 }
 
 export async function getLoggedUserOrThrow(request: Request): Promise<cas__user> {

libs/api/v1/src/lib/api-v1.ts

@@ -2,6 +2,7 @@ import { unlink } from 'node:fs/promises'
 import FirecrawlApp from '@mendable/firecrawl-js'
 import { generateQuiz, getResult, getTranscript, uploadFile, waitUntilJobIsDone } from '@nmit-coursition/ai'
 import { apiCommonGuard, downloadPublicMedia, formatApiErrorResponse, reportUsage } from '@nmit-coursition/api/utils'
+import { AUTH_BRJ_COOKIES_NAME } from '@nmit-coursition/auth'
 import { secretsEnv } from '@nmit-coursition/env'
 import {
   allowedDeepgramLanguagesAsType,
@@ -53,10 +54,11 @@ export const apiV1 = new Elysia({ prefix: '/v1', tags: ['v1'] })
               duration: t.Optional(t.Number()),
             }),
           },
-          afterResponse({ response, headers }) {
+          afterResponse({ response, cookie }) {
             if (!response || !('duration' in response) || !response.duration) return
             const { duration } = response
-            duration >= 0 && reportUsage(headers['authorization'] || '', duration, 'video')
+            const brjSessionData = cookie[AUTH_BRJ_COOKIES_NAME]?.toString() || ''
+            duration >= 0 && reportUsage(brjSessionData, duration, 'video')
           },
         },
       )
@@ -107,10 +109,11 @@ export const apiV1 = new Elysia({ prefix: '/v1', tags: ['v1'] })
               duration: t.Optional(t.Number()),
             }),
           },
-          afterResponse({ response, headers }) {
+          afterResponse({ response, cookie }) {
             if (!response || !('duration' in response) || !response.duration) return
             const { duration } = response
-            duration >= 0 && reportUsage(headers['authorization'] || '', duration, 'video')
+            const brjSessionData = cookie[AUTH_BRJ_COOKIES_NAME]?.toString() || ''
+            duration >= 0 && reportUsage(brjSessionData, duration, 'video')
           },
         },
       )
@@ -147,10 +150,11 @@ export const apiV1 = new Elysia({ prefix: '/v1', tags: ['v1'] })
               credits: t.Number(),
             }),
           },
-          afterResponse({ response, headers }) {
+          afterResponse({ response, cookie }) {
             if (!response || !('credits' in response) || !response.credits) return
             const { credits } = response
-            credits >= 0 && reportUsage(headers['authorization'] || '', credits, 'document')
+            const brjSessionData = cookie[AUTH_BRJ_COOKIES_NAME]?.toString() || ''
+            credits >= 0 && reportUsage(brjSessionData, credits, 'document')
           },
         },
       )
@@ -189,10 +193,11 @@ export const apiV1 = new Elysia({ prefix: '/v1', tags: ['v1'] })
               credits: t.Number(),
             }),
           },
-          afterResponse({ response, headers }) {
+          afterResponse({ response, cookie }) {
             if (!response || !('credits' in response) || !response.credits) return
             const { credits } = response
-            credits >= 0 && reportUsage(headers['authorization'] || '', credits, 'web')
+            const brjSessionData = cookie[AUTH_BRJ_COOKIES_NAME]?.toString() || ''
+            credits >= 0 && reportUsage(brjSessionData, credits, 'web')
           },
         },
       ),

libs/auth/src/constants.ts

@@ -1 +1,3 @@
 export const AUTH_COOKIES_NAME = 'wos-session'
+
+export const AUTH_BRJ_COOKIES_NAME = 'brj-identity'

libs/auth/src/user.ts

@@ -1,6 +1,5 @@
 import { prisma } from '@nmit-coursition/db'
 import { randomStringGenerator } from '@nmit-coursition/utils'
-import type { cas__user } from '@prisma/client'
 import type { User, UserProfileRawRecord, UserProfileResponse } from './typescript'
 
 export async function getUserProfile(apiKey: string): Promise<UserProfileResponse> {
@@ -81,56 +80,41 @@ export async function createApiKey(userId: bigint): Promise<string> {
   return apiKey.api_key
 }
 
-export async function updateUser(userData: User, organisationId: number): Promise<cas__user> {
-  const user =
-    (await prisma.cas__user.findFirst({
-      where: {
-        AND: [{ OR: [{ workos_id: userData.id }, { email: userData.email }] }, { organisation_id: organisationId }],
-      },
-    })) ||
-    (await prisma.cas__user.create({
-      data: {
-        organisation_id: organisationId,
-        email: userData.email,
-        inserted_date: new Date(userData.createdAt),
-        updated_date: new Date(userData.updatedAt),
-        synced_date: new Date(),
-        workos_id: userData.id,
-        credit: 0,
-        lifetime_subscribe: false,
-      },
-    }))
-
-  return prisma.cas__user.update({
-    where: { id: user.id },
-    data: {
-      workos_id: userData.id,
-      email: userData.email,
-      inserted_date: new Date(userData.createdAt),
-      updated_date: new Date(userData.updatedAt),
-      synced_date: new Date(),
-      first_name: userData.firstName || null,
-      last_name: userData.lastName || null,
-      avatar_url: userData.profilePictureUrl || null,
+export async function createBrjMagicAuth(userData: User): Promise<string> {
+  const request = await fetch(`https://brj.app/api/v1/customer/magic-auth?apiKey=${process.env['BRJ_API_KEY']}`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
     },
+    body: JSON.stringify({
+      apiKey: process.env['BRJ_API_KEY'],
+      email: userData.email,
+      firstName: userData.firstName,
+      lastName: userData.lastName,
+    }),
   })
+
+  const response = (await request.json()) as { identityId?: string }
+  if ('identityId' in response && response.identityId) return String(response.identityId)
+  throw new Error(`User registration failed.`)
 }
 
-export async function storeUserSession(internalUserId: bigint, session: string) {
-  if (!session) return
-  await prisma.cas__user_identity.create({
-    data: {
-      user_id: internalUserId,
-      session: session,
-      expired: false,
-      inserted_date: new Date(),
-      expiration_date: (() => {
-        const date = new Date()
-        date.setHours(date.getHours() + 2)
-        return date
-      })(),
+export async function logoutBrj(session: string) {
+  const res = await fetch(`https://brj.app/api/v1/customer/logout?apiKey=${process.env['BRJ_API_KEY']}`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
     },
+    body: JSON.stringify({ apiKey: process.env['BRJ_API_KEY'], identityId: session }),
   })
+  console.log(res)
+}
+
+export async function getBrjIdentity(session: string) {
+  const res = await fetch(
+    `https://brj.app/api/v1/customer/get-account-info?apiKey=${process.env['BRJ_API_KEY']}&identityId=${session}`,
+  )
+  return res.json()
 }
 
 export async function invalidateSession(session: string) {