feat: shared ledger access for invited users

dashboard/backend/api.ts

@@ -154,7 +154,16 @@ export class FPApiSQL implements FPApiInterface {
   getCertFromCsr(req: ReqCertFromCsr): Promise<Result<ResCertFromCsr>> {
     return this.#checkAuth(req, (req) => getCertFromCsr(this.ctx, req));
   }
-  ensureCloudToken(req: ReqEnsureCloudToken, ictx: Partial<FPTokenContext> = {}): Promise<Result<ResEnsureCloudToken>> {
+  async ensureCloudToken(req: ReqEnsureCloudToken, ictx: Partial<FPTokenContext> = {}): Promise<Result<ResEnsureCloudToken>> {
+    // p0.46 - For new users, ensureUser must be called first to create them
+    // This allows invited users to access shared ledgers on first visit
+    console.log("[ensureCloudToken p0.46] starting for appId:", req.appId);
+    const rUser = await ensureUser(this.ctx, { type: "reqEnsureUser", auth: req.auth });
+    if (rUser.isErr()) {
+      console.log("[ensureCloudToken p0.46] ensureUser failed:", rUser.Err());
+      return Result.Err(rUser.Err());
+    }
+    console.log("[ensureCloudToken p0.46] ensureUser succeeded, userId:", rUser.Ok().user.userId);
     return this.#checkAuth(req, (req) => ensureCloudToken(this.ctx, req, ictx));
   }
 

dashboard/backend/internal/add-user-to-ledger.ts

@@ -63,23 +63,46 @@ export async function addUserToLedger(ctx: FPApiSQLCtx, req: AddUserToLedger): P
       .where(and(eq(sqlLedgerUsers.userId, req.userId), ne(sqlLedgerUsers.default, 0)))
       .run();
   }
-  const ret = (
-    await ctx.db
-      .insert(sqlLedgerUsers)
-      .values({
-        ledgerId: ledger.Ledgers.ledgerId,
-        userId: req.userId,
-        name: req.userName,
-        role: req.role,
-        right: req.right,
-        default: req.default ? 1 : 0,
-        createdAt: now,
-        updatedAt: now,
-      })
-      .returning()
-  )[0];
+  const inserted = await ctx.db
+    .insert(sqlLedgerUsers)
+    .values({
+      ledgerId: ledger.Ledgers.ledgerId,
+      userId: req.userId,
+      name: req.userName,
+      role: req.role,
+      right: req.right,
+      default: req.default ? 1 : 0,
+      createdAt: now,
+      updatedAt: now,
+    })
+    .onConflictDoNothing()
+    .returning();
+  if (inserted.length === 0) {
+    // User already exists in ledger, fetch existing record
+    const existing = await ctx.db
+      .select()
+      .from(sqlLedgerUsers)
+      .where(and(eq(sqlLedgerUsers.ledgerId, ledger.Ledgers.ledgerId), eq(sqlLedgerUsers.userId, req.userId)))
+      .get();
+    if (!existing) {
+      return Result.Err("failed to insert or find ledger user");
+    }
+    return Result.Ok({
+      ledgerName: toUndef(ledger.Ledgers.name),
+      userName: toUndef(existing.name),
+      ledgerId: ledger.Ledgers.ledgerId,
+      tenantId: ledger.Ledgers.tenantId,
+      status: existing.status as UserStatus,
+      statusReason: existing.statusReason,
+      userId: req.userId,
+      default: !!existing.default,
+      role: toRole(existing.role),
+      right: toReadWrite(existing.right),
+    });
+  }
+  const ret = inserted[0];
   return Result.Ok({
-    ledgerName: ledger.Ledgers.name,
+    ledgerName: toUndef(ledger.Ledgers.name),
     userName: req.userName,
     ledgerId: ledger.Ledgers.ledgerId,
     tenantId: ledger.Ledgers.tenantId,

dashboard/backend/public/ensure-cloud-token.ts

@@ -88,39 +88,86 @@ export async function ensureCloudToken(
       return Result.Err(`no tenant found for binding of appId:${req.appId} userId:${req.auth.user.userId}`);
     }
     if (!ledgerId) {
-      // create ledger
-      const rCreateLedger = await createLedger(ctx, {
-        type: "reqCreateLedger",
-        auth: req.auth,
-        ledger: {
-          tenantId,
-          name: `${req.appId}-${req.auth.user.userId}`,
-        },
-      });
-      if (rCreateLedger.isErr()) {
-        return Result.Err(rCreateLedger.Err());
-      }
-      ledgerId = rCreateLedger.Ok().ledger.ledgerId;
-      const maxBindings = await ctx.db
-        .select({
-          total: count(sqlAppIdBinding.appId),
-        })
+      // Check if there's already an AppIdBinding for this appId (without user join)
+      // This handles the case where an invited user visits before being added to the ledger
+      const existingBinding = await ctx.db
+        .select()
         .from(sqlAppIdBinding)
-        .where(eq(sqlAppIdBinding.appId, req.appId))
+        .innerJoin(sqlLedgers, eq(sqlLedgers.ledgerId, sqlAppIdBinding.ledgerId))
+        .where(and(eq(sqlAppIdBinding.appId, req.appId), eq(sqlAppIdBinding.env, req.env ?? "prod")))
         .get();
-      if (maxBindings && maxBindings.total >= ctx.params.maxAppIdBindings) {
-        return Result.Err(`max appId bindings reached for appId:${req.appId}`);
+      if (existingBinding) {
+        console.log(
+          "[ensureCloudToken p0.49] existingBinding found for appId:",
+          req.appId,
+          "ledgerId:",
+          existingBinding.Ledgers.ledgerId,
+        );
+        // Auto-redeem any pending invites for this user (ensureUser calls redeemInvite)
+        await ensureUser(ctx, {
+          type: "reqEnsureUser",
+          auth: req.auth.verifiedAuth,
+        });
+        // Verify the user is actually in LedgerUsers before granting access (strict policy)
+        const userInLedger = await ctx.db
+          .select()
+          .from(sqlLedgerUsers)
+          .where(
+            and(
+              eq(sqlLedgerUsers.ledgerId, existingBinding.Ledgers.ledgerId),
+              eq(sqlLedgerUsers.userId, req.auth.user.userId),
+              eq(sqlLedgerUsers.status, "active"),
+            ),
+          )
+          .get();
+        console.log(
+          "[ensureCloudToken p0.49] userInLedger check for ledgerId:",
+          existingBinding.Ledgers.ledgerId,
+          "userId:",
+          req.auth.user.userId,
+          "found:",
+          !!userInLedger,
+        );
+        if (!userInLedger) {
+          return Result.Err(`user not authorized for ledger - please accept the invite first`);
+        }
+        ledgerId = existingBinding.Ledgers.ledgerId;
+        tenantId = existingBinding.Ledgers.tenantId;
+      } else {
+        // create ledger
+        const rCreateLedger = await createLedger(ctx, {
+          type: "reqCreateLedger",
+          auth: req.auth,
+          ledger: {
+            tenantId,
+            name: req.appId,
+          },
+        });
+        if (rCreateLedger.isErr()) {
+          return Result.Err(rCreateLedger.Err());
+        }
+        ledgerId = rCreateLedger.Ok().ledger.ledgerId;
+        const maxBindings = await ctx.db
+          .select({
+            total: count(sqlAppIdBinding.appId),
+          })
+          .from(sqlAppIdBinding)
+          .where(eq(sqlAppIdBinding.appId, req.appId))
+          .get();
+        if (maxBindings && maxBindings.total >= ctx.params.maxAppIdBindings) {
+          return Result.Err(`max appId bindings reached for appId:${req.appId}`);
+        }
+        await ctx.db
+          .insert(sqlAppIdBinding)
+          .values({
+            appId: req.appId,
+            env: req.env ?? "prod",
+            ledgerId,
+            tenantId,
+            createdAt: new Date().toISOString(),
+          })
+          .run();
       }
-      await ctx.db
-        .insert(sqlAppIdBinding)
-        .values({
-          appId: req.appId,
-          env: req.env ?? "prod",
-          ledgerId,
-          tenantId,
-          createdAt: new Date().toISOString(),
-        })
-        .run();
     }
   } else {
     ledgerId = binding.Ledgers.ledgerId;

dashboard/backend/public/ensure-user.ts

@@ -121,10 +121,12 @@ export async function ensureUser(ctx: FPApiSQLCtx, req: ReqEnsureUser): Promise<
     }
   }
   // Auto-redeem any pending invites for this user
-  await redeemInvite(ctx, {
+  console.log("[ensureUser p0.47] calling redeemInvite for email:", auth.verifiedAuth.params.email);
+  const redeemResult = await redeemInvite(ctx, {
     type: "reqRedeemInvite",
     auth,
   });
+  console.log("[ensureUser p0.47] redeemInvite result:", JSON.stringify(redeemResult));
   return Result.Ok({
     type: "resEnsureUser",
     user: user,

dashboard/backend/public/invite-user.ts

@@ -9,17 +9,30 @@ import { createInviteTicket } from "../internal/create-invite-ticket.js";
 import { updateInviteTicket } from "../internal/update-invite.ticket.js";
 
 export async function inviteUser(ctx: FPApiSQLCtx, req: ReqWithVerifiedAuthUser<ReqInviteUser>): Promise<Result<ResInviteUser>> {
+  console.log(
+    "[inviteUser p0.48] starting with request:",
+    JSON.stringify({
+      query: req.ticket.query,
+      invitedParams: req.ticket.invitedParams,
+      inviteId: req.ticket.inviteId,
+    }),
+  );
   if (!isVerifiedUserActive(req.auth)) {
+    console.log("[inviteUser p0.48] user not active");
     return Result.Err(new UserNotFoundError());
   }
   const findUser = await queryUser(ctx.db, req.ticket.query);
   if (findUser.isErr()) {
+    console.log("[inviteUser p0.48] queryUser failed:", findUser.Err());
     return Result.Err(findUser.Err());
   }
+  console.log("[inviteUser p0.48] queryUser found:", findUser.Ok().length, "users");
   if (req.ticket.query.existingUserId && findUser.Ok().length !== 1) {
+    console.log("[inviteUser p0.48] existingUserId not found");
     return Result.Err("existingUserId not found");
   }
   if (req.ticket.query.existingUserId === req.auth.user.userId) {
+    console.log("[inviteUser p0.48] cannot invite self");
     return Result.Err("cannot invite self");
   }
 
@@ -34,38 +47,60 @@ export async function inviteUser(ctx: FPApiSQLCtx, req: ReqWithVerifiedAuthUser<
   let tenantId: string | undefined;
   let ledgerId: string | undefined;
   if (req.ticket.invitedParams?.ledger) {
+    console.log("[inviteUser p0.48] looking for ledger:", req.ticket.invitedParams.ledger.id);
     const ledger = await ctx.db.select().from(sqlLedgers).where(eq(sqlLedgers.ledgerId, req.ticket.invitedParams.ledger.id)).get();
     if (!ledger) {
+      console.log("[inviteUser p0.48] ledger not found");
       return Result.Err("ledger not found");
     }
     ledgerId = ledger.ledgerId;
     tenantId = ledger.tenantId;
+    console.log("[inviteUser p0.48] found ledger:", ledgerId, "tenantId:", tenantId);
   }
   if (req.ticket.invitedParams?.tenant) {
+    console.log("[inviteUser p0.48] looking for tenant:", req.ticket.invitedParams.tenant.id);
     const tenant = await ctx.db.select().from(sqlTenants).where(eq(sqlTenants.tenantId, req.ticket.invitedParams.tenant.id)).get();
     if (!tenant) {
+      console.log("[inviteUser p0.48] tenant not found");
       return Result.Err("tenant not found");
     }
     tenantId = tenant.tenantId;
+    console.log("[inviteUser p0.48] found tenant:", tenantId);
   }
   if (!tenantId) {
+    console.log("[inviteUser p0.48] no tenant found");
     return Result.Err("tenant not found");
   }
 
   let inviteTicket: InviteTicket;
   if (!req.ticket.inviteId) {
+    console.log("[inviteUser p0.48] creating new invite for tenantId:", tenantId, "ledgerId:", ledgerId);
     const rInviteTicket = await createInviteTicket(ctx, req.auth.user.userId, tenantId, ledgerId, req);
     if (rInviteTicket.isErr()) {
+      console.log("[inviteUser p0.48] createInviteTicket failed:", rInviteTicket.Err());
       return Result.Err(rInviteTicket.Err());
     }
     inviteTicket = rInviteTicket.Ok();
+    console.log(
+      "[inviteUser p0.48] created invite:",
+      JSON.stringify({
+        inviteId: inviteTicket.inviteId,
+        ledgerId: inviteTicket.invitedParams.ledger?.id,
+        tenantId: inviteTicket.invitedParams.tenant?.id,
+        queryEmail: inviteTicket.query.byEmail,
+      }),
+    );
   } else {
+    console.log("[inviteUser p0.48] updating invite:", req.ticket.inviteId);
     const rInviteTicket = await updateInviteTicket(ctx, req.auth.user.userId, tenantId, ledgerId, req);
     if (rInviteTicket.isErr()) {
+      console.log("[inviteUser p0.48] updateInviteTicket failed:", rInviteTicket.Err());
       return Result.Err(rInviteTicket.Err());
     }
     inviteTicket = rInviteTicket.Ok();
+    console.log("[inviteUser p0.48] updated invite:", inviteTicket.inviteId);
   }
+  console.log("[inviteUser p0.48] success, returning invite:", inviteTicket.inviteId);
   return Result.Ok({
     type: "resInviteUser",
     invite: inviteTicket,

dashboard/backend/public/redeem-invite.ts

@@ -13,21 +13,37 @@ export async function redeemInvite(
   ctx: FPApiSQLCtx,
   req: ReqWithVerifiedAuthUser<ReqRedeemInvite>,
 ): Promise<Result<ResRedeemInvite>> {
+  const query = {
+    byString: req.auth.verifiedAuth.params.email,
+    byNick: req.auth.verifiedAuth.params.nick,
+    existingUserId: req.auth.user.userId,
+  };
+  console.log("[redeemInvite p0.47] searching with query:", JSON.stringify(query));
+  const foundInvites = await findInvite(ctx, { query });
+  console.log(
+    "[redeemInvite p0.47] found invites:",
+    foundInvites.length,
+    "pending:",
+    foundInvites.filter((i) => i.status === "pending").length,
+  );
+  if (foundInvites.length > 0) {
+    console.log(
+      "[redeemInvite p0.47] invite details:",
+      JSON.stringify(
+        foundInvites.map((i) => ({
+          id: i.inviteId,
+          status: i.status,
+          queryEmail: i.query.byEmail,
+          ledger: i.invitedParams.ledger?.id,
+        })),
+      ),
+    );
+  }
   return Result.Ok({
     type: "resRedeemInvite",
     invites: sqlToInviteTickets(
       await Promise.all(
-        (
-          await findInvite(ctx, {
-            query: {
-              byString: req.auth.verifiedAuth.params.email,
-              byNick: req.auth.verifiedAuth.params.nick,
-              existingUserId: req.auth.user.userId,
-              // TODO
-              // andProvider: req.auth.verifiedAuth.provider,
-            },
-          })
-        )
+        foundInvites
           .filter((i) => i.status === "pending")
           .map(async (invite) => {
             if (invite.invitedParams.tenant) {