feat: Adds interface for multi tenancy

CHANGELOG.md

@@ -7,6 +7,10 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+## [3.0.0] - 2023-06-02
+
+- Adds support for multi-tenancy
+
 ## [2.23.0] - 2023-04-05
 
 - Added `useStaticKey ` into session info classes
@@ -109,4 +113,4 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 - Added RowMapper interface for db queries
 - Email verification related changes
-- User pagination related queries
+- User pagination related queries

build.gradle

@@ -2,7 +2,7 @@ plugins {
     id 'java-library'
 }
 
-version = "2.23.0"
+version = "3.0.0"
 
 repositories {
     mavenCentral()

src/main/java/io/supertokens/pluginInterface/ActiveUsersStorage.java

@@ -1,17 +1,21 @@
 package io.supertokens.pluginInterface;
 
 import io.supertokens.pluginInterface.exceptions.StorageQueryException;
+import io.supertokens.pluginInterface.multitenancy.AppIdentifier;
+import io.supertokens.pluginInterface.nonAuthRecipe.NonAuthRecipeStorage;
 
-public interface ActiveUsersStorage extends Storage {
+public interface ActiveUsersStorage extends NonAuthRecipeStorage {
     /* Update the last active time of a user to now */
-    void updateLastActive(String userId) throws StorageQueryException;
+    void updateLastActive(AppIdentifier appIdentifier, String userId) throws StorageQueryException;
 
     /* Count the number of users who did some activity after given timestamp */
-    int countUsersActiveSince(long time) throws StorageQueryException;
+    int countUsersActiveSince(AppIdentifier appIdentifier, long time) throws StorageQueryException;
 
     /* Count the number of users who have enabled TOTP */
-    int countUsersEnabledTotp() throws StorageQueryException;
-    
+    int countUsersEnabledTotp(AppIdentifier appIdentifier) throws StorageQueryException;
+
     /* Count the number of users who have enabled TOTP and are active */
-    int countUsersEnabledTotpAndActiveSince(long time) throws StorageQueryException;
+    int countUsersEnabledTotpAndActiveSince(AppIdentifier appIdentifier, long time) throws StorageQueryException;
+
+    void deleteUserActive(AppIdentifier appIdentifier, String userId) throws StorageQueryException;
 }

src/main/java/io/supertokens/pluginInterface/RECIPE_ID.java

@@ -21,7 +21,8 @@ public enum RECIPE_ID {
 
     EMAIL_PASSWORD("emailpassword"), THIRD_PARTY("thirdparty"), SESSION("session"),
     EMAIL_VERIFICATION("emailverification"), JWT("jwt"), PASSWORDLESS("passwordless"), USER_METADATA("usermetadata"),
-    USER_ROLES("userroles"), USER_ID_MAPPING("useridmapping"), DASHBOARD("dashboard"), TOTP("totp");
+    USER_ROLES("userroles"), USER_ID_MAPPING("useridmapping"), DASHBOARD("dashboard"), TOTP("totp"),
+    MULTITENANCY("multitenancy");
 
     private final String name;
 

src/main/java/io/supertokens/pluginInterface/Storage.java

@@ -17,7 +17,13 @@
 
 package io.supertokens.pluginInterface;
 
+import com.google.gson.JsonObject;
+import io.supertokens.pluginInterface.exceptions.DbInitException;
+import io.supertokens.pluginInterface.exceptions.InvalidConfigException;
 import io.supertokens.pluginInterface.exceptions.StorageQueryException;
+import io.supertokens.pluginInterface.multitenancy.AppIdentifier;
+import io.supertokens.pluginInterface.multitenancy.TenantIdentifier;
+import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException;
 
 import java.util.Set;
 
@@ -26,14 +32,27 @@ public interface Storage {
     // if silent is true, do not log anything out on the console
     void constructor(String processId, boolean silent);
 
-    void loadConfig(String configFilePath, Set<LOG_LEVEL> logLevels);
+    void loadConfig(JsonObject jsonConfig, Set<LOG_LEVEL> logLevels, TenantIdentifier tenantIdentifier) throws InvalidConfigException;
+
+    // this returns a unique ID based on the db's connection URI and table prefix such that
+    // two different user pool IDs imply that the data for those two user pools are completely isolated.
+    String getUserPoolId();
+
+    // this returns a unique ID based on the db's connection pool config. This can be different
+    // even if the getUserPoolId returns the same ID - based on the config provided by the user.
+    // So two different db connection pools may point to the same end user pool.
+    String getConnectionPoolId();
+
+    // if the input otherConfig has different values set for the same properties as this user pool's config,
+    // then this function should throw an error since this is a misconfig from ther user's side.
+    void assertThatConfigFromSameUserPoolIsNotConflicting(JsonObject otherConfig) throws InvalidConfigException;
 
     void initFileLogging(String infoLogPath, String errorLogPath);
 
     void stopLogging();
 
     // load tables and create connection pools
-    void initStorage();
+    void initStorage(boolean shouldWait) throws DbInitException;
 
     // used by the core to do transactions the right way.
     STORAGE_TYPE getType();
@@ -43,19 +62,32 @@ public interface Storage {
 
     void close();
 
-    KeyValueInfo getKeyValue(String key) throws StorageQueryException;
+    KeyValueInfo getKeyValue(TenantIdentifier tenantIdentifier, String key) throws StorageQueryException;
 
-    void setKeyValue(String key, KeyValueInfo info) throws StorageQueryException;
+    void setKeyValue(TenantIdentifier tenantIdentifier, String key, KeyValueInfo info) throws StorageQueryException,
+            TenantOrAppNotFoundException;
 
     void setStorageLayerEnabled(boolean enabled);
 
-    boolean canBeUsed(String configFilePath);
+    boolean canBeUsed(JsonObject configJson);
 
     // this function will be used in the createUserIdMapping and deleteUserIdMapping functions to check if the userId is
     // being used in NonAuth recipes.
-    boolean isUserIdBeingUsedInNonAuthRecipe(String className, String userId) throws StorageQueryException;
+    boolean isUserIdBeingUsedInNonAuthRecipe(AppIdentifier appIdentifier, String className, String userId)
+            throws StorageQueryException;
 
     // to be used for testing purposes only. This function will add dummy data to non-auth tables.
-    void addInfoToNonAuthRecipesBasedOnUserId(String className, String userId) throws StorageQueryException;
+    void addInfoToNonAuthRecipesBasedOnUserId(TenantIdentifier tenantIdentifier, String className, String userId) throws StorageQueryException;
+
+    // this function is used during testing in the core so that the core can
+    // create multiple user pools across any plugin being used.
+    void modifyConfigToAddANewUserPoolForTesting(JsonObject config, int poolNumber);
+
+    // this function returns a list of protected configs which users of supertokens saas can't read or modify
+    // when they are operating on tenantsm unless the supertokens_saas_secret key is used in the API request.
+    String[] getProtectedConfigsFromSuperTokensSaaSUsers();
+
+    Set<String> getValidFieldsInConfig();
 
+    void setLogLevels(Set<LOG_LEVEL> logLevels);
 }

src/main/java/io/supertokens/pluginInterface/authRecipe/AuthRecipeStorage.java

@@ -21,17 +21,27 @@
 import io.supertokens.pluginInterface.Storage;
 import io.supertokens.pluginInterface.dashboard.DashboardSearchTags;
 import io.supertokens.pluginInterface.exceptions.StorageQueryException;
+import io.supertokens.pluginInterface.multitenancy.AppIdentifier;
+import io.supertokens.pluginInterface.multitenancy.TenantIdentifier;
 
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 
 public interface AuthRecipeStorage extends Storage {
 
-    long getUsersCount(@Nullable RECIPE_ID[] includeRecipeIds) throws StorageQueryException;
+    long getUsersCount(TenantIdentifier tenantIdentifier, @Nullable RECIPE_ID[] includeRecipeIds)
+            throws StorageQueryException;
+
+    long getUsersCount(AppIdentifier appIdentifier, @Nullable RECIPE_ID[] includeRecipeIds)
+            throws StorageQueryException;
 
-    AuthRecipeUserInfo[] getUsers(@Nonnull Integer limit, @Nonnull String timeJoinedOrder,
-            @Nullable RECIPE_ID[] includeRecipeIds, @Nullable String userId, @Nullable Long timeJoined, @Nullable DashboardSearchTags dashboardSearchTags)
+    AuthRecipeUserInfo[] getUsers(TenantIdentifier tenantIdentifier, @Nonnull Integer limit,
+                                  @Nonnull String timeJoinedOrder,
+                                  @Nullable RECIPE_ID[] includeRecipeIds, @Nullable String userId,
+                                  @Nullable Long timeJoined, @Nullable DashboardSearchTags dashboardSearchTags)
             throws StorageQueryException;
 
-    boolean doesUserIdExist(String userId) throws StorageQueryException;
+    boolean doesUserIdExist(AppIdentifier appIdentifier, String userId) throws StorageQueryException;
+
+    boolean doesUserIdExist(TenantIdentifier tenantIdentifierIdentifier, String userId) throws StorageQueryException;
 }

src/main/java/io/supertokens/pluginInterface/authRecipe/AuthRecipeUserInfo.java

@@ -24,9 +24,12 @@ public abstract class AuthRecipeUserInfo {
 
     public long timeJoined;
 
-    public AuthRecipeUserInfo(String id, long timeJoined) {
+    public final String[] tenantIds;
+
+    public AuthRecipeUserInfo(String id, long timeJoined, String[] tenantIds) {
         this.id = id;
         this.timeJoined = timeJoined;
+        this.tenantIds = tenantIds;
     }
 
     public abstract RECIPE_ID getRecipeId();

src/main/java/io/supertokens/pluginInterface/dashboard/DashboardStorage.java

@@ -1,30 +1,38 @@
 package io.supertokens.pluginInterface.dashboard;
 
 import io.supertokens.pluginInterface.Storage;
-import io.supertokens.pluginInterface.exceptions.StorageQueryException;
 import io.supertokens.pluginInterface.dashboard.exceptions.DuplicateEmailException;
 import io.supertokens.pluginInterface.dashboard.exceptions.DuplicateUserIdException;
 import io.supertokens.pluginInterface.dashboard.exceptions.UserIdNotFoundException;
+import io.supertokens.pluginInterface.exceptions.StorageQueryException;
+import io.supertokens.pluginInterface.multitenancy.AppIdentifier;
+import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException;
 
 public interface DashboardStorage extends Storage {
 
-    void createNewDashboardUser(DashboardUser userInfo) throws StorageQueryException, DuplicateUserIdException, DuplicateEmailException;
+    void createNewDashboardUser(AppIdentifier appIdentifier, DashboardUser userInfo)
+            throws StorageQueryException, DuplicateUserIdException, DuplicateEmailException,
+            TenantOrAppNotFoundException;
+
+    DashboardUser getDashboardUserByEmail(AppIdentifier appIdentifier, String email) throws StorageQueryException;
 
-    DashboardUser getDashboardUserByEmail(String email) throws StorageQueryException;
+    DashboardUser getDashboardUserByUserId(AppIdentifier appIdentifier, String userId) throws StorageQueryException;
 
-    DashboardUser getDashboardUserByUserId(String userId) throws StorageQueryException;
+    DashboardUser[] getAllDashboardUsers(AppIdentifier appIdentifier) throws StorageQueryException;
 
-    DashboardUser[] getAllDashboardUsers() throws StorageQueryException;
+    boolean deleteDashboardUserWithUserId(AppIdentifier appIdentifier, String userId) throws StorageQueryException;
 
-    boolean deleteDashboardUserWithUserId(String userId) throws StorageQueryException;
-
-    void createNewDashboardUserSession(String userId, String sessionId, long timeCreated, long expiry) throws StorageQueryException, UserIdNotFoundException;
+    void createNewDashboardUserSession(AppIdentifier appIdentifier, String userId, String sessionId, long timeCreated,
+                                       long expiry) throws StorageQueryException, UserIdNotFoundException;
 
-    DashboardSessionInfo[] getAllSessionsForUserId(String userId) throws StorageQueryException;
+    DashboardSessionInfo[] getAllSessionsForUserId(AppIdentifier appIdentifier, String userId)
+            throws StorageQueryException;
 
-    DashboardSessionInfo getSessionInfoWithSessionId(String sessionId) throws StorageQueryException;
+    DashboardSessionInfo getSessionInfoWithSessionId(AppIdentifier appIdentifier, String sessionId)
+            throws StorageQueryException;
 
-    boolean revokeSessionWithSessionId(String sessionId) throws StorageQueryException;
+    boolean revokeSessionWithSessionId(AppIdentifier appIdentifier, String sessionId) throws StorageQueryException;
 
+    // this function removes based on expired time, so we can use this to globally remove from a particular db.
     void revokeExpiredSessions() throws StorageQueryException;
 }

src/main/java/io/supertokens/pluginInterface/dashboard/sqlStorage/DashboardSQLStorage.java

@@ -4,13 +4,18 @@
 import io.supertokens.pluginInterface.dashboard.exceptions.DuplicateEmailException;
 import io.supertokens.pluginInterface.dashboard.exceptions.UserIdNotFoundException;
 import io.supertokens.pluginInterface.exceptions.StorageQueryException;
+import io.supertokens.pluginInterface.multitenancy.AppIdentifier;
 import io.supertokens.pluginInterface.sqlStorage.SQLStorage;
 import io.supertokens.pluginInterface.sqlStorage.TransactionConnection;
 
 public interface DashboardSQLStorage extends DashboardStorage, SQLStorage {
 
-    void updateDashboardUsersEmailWithUserId_Transaction(TransactionConnection con, String userId, String newEmail) throws StorageQueryException, DuplicateEmailException, UserIdNotFoundException;
+    void updateDashboardUsersEmailWithUserId_Transaction(AppIdentifier appIdentifier, TransactionConnection con,
+                                                         String userId, String newEmail)
+            throws StorageQueryException, DuplicateEmailException, UserIdNotFoundException;
+
+    void updateDashboardUsersPasswordWithUserId_Transaction(AppIdentifier appIdentifier, TransactionConnection con,
+                                                            String userId, String newPassword)
+            throws StorageQueryException, UserIdNotFoundException;
 
-    void updateDashboardUsersPasswordWithUserId_Transaction(TransactionConnection con, String userId, String newPassword) throws StorageQueryException, UserIdNotFoundException;
-
 }

src/main/java/io/supertokens/pluginInterface/emailpassword/EmailPasswordStorage.java

@@ -22,36 +22,39 @@
 import io.supertokens.pluginInterface.emailpassword.exceptions.DuplicateUserIdException;
 import io.supertokens.pluginInterface.emailpassword.exceptions.UnknownUserIdException;
 import io.supertokens.pluginInterface.exceptions.StorageQueryException;
-
-import javax.annotation.Nonnull;
+import io.supertokens.pluginInterface.multitenancy.AppIdentifier;
+import io.supertokens.pluginInterface.multitenancy.TenantIdentifier;
+import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException;
 
 public interface EmailPasswordStorage extends AuthRecipeStorage {
 
-    void signUp(UserInfo userInfo) throws StorageQueryException, DuplicateUserIdException, DuplicateEmailException;
-
-    void deleteEmailPasswordUser(String userId) throws StorageQueryException;
+    // we pass tenantIdentifier here cause this also adds to the userId <-> tenantId mapping
+    UserInfo signUp(TenantIdentifier tenantIdentifier, String id, String email, String passwordHash, long timeJoined)
+            throws StorageQueryException, DuplicateUserIdException, DuplicateEmailException,
+            TenantOrAppNotFoundException;
 
-    UserInfo getUserInfoUsingId(String id) throws StorageQueryException;
+    // this deletion of a user is app wide since the same user ID can be shared across tenants
+    void deleteEmailPasswordUser(AppIdentifier appIdentifier, String userId) throws StorageQueryException;
+
+    UserInfo getUserInfoUsingId(AppIdentifier appIdentifier, String id) throws StorageQueryException;
 
-    UserInfo getUserInfoUsingEmail(String email) throws StorageQueryException;
+    // Here we pass in TenantIdentifier cause the same email can be shared across tenants, but yield different
+    // user IDs
+    UserInfo getUserInfoUsingEmail(TenantIdentifier tenantIdentifier, String email) throws StorageQueryException;
 
-    void addPasswordResetToken(PasswordResetTokenInfo passwordResetTokenInfo)
+    // password reset stuff is app wide cause changing the password for a user affects all the tenants
+    // across which it's shared.
+    void addPasswordResetToken(AppIdentifier appIdentifier, PasswordResetTokenInfo passwordResetTokenInfo)
             throws StorageQueryException, UnknownUserIdException, DuplicatePasswordResetTokenException;
 
-    PasswordResetTokenInfo getPasswordResetTokenInfo(String token) throws StorageQueryException;
+    PasswordResetTokenInfo getPasswordResetTokenInfo(AppIdentifier appIdentifier, String token)
+            throws StorageQueryException;
 
+    // we purposely do not add TenantIdentifier to this query cause
+    // this is called from a cronjob that runs per user pool ID
     void deleteExpiredPasswordResetTokens() throws StorageQueryException;
 
-    PasswordResetTokenInfo[] getAllPasswordResetTokenInfoForUser(String userId) throws StorageQueryException;
-
-    @Deprecated
-    UserInfo[] getUsers(@Nonnull String userId, @Nonnull Long timeJoined, @Nonnull Integer limit,
-            @Nonnull String timeJoinedOrder) throws StorageQueryException;
-
-    @Deprecated
-    UserInfo[] getUsers(@Nonnull Integer limit, @Nonnull String timeJoinedOrder) throws StorageQueryException;
-
-    @Deprecated
-    long getUsersCount() throws StorageQueryException;
+    PasswordResetTokenInfo[] getAllPasswordResetTokenInfoForUser(AppIdentifier appIdentifier, String userId)
+            throws StorageQueryException;
 
 }

src/main/java/io/supertokens/pluginInterface/emailpassword/UserInfo.java

@@ -26,8 +26,8 @@ public class UserInfo extends AuthRecipeUserInfo {
     // using transient, we tell Gson not to include this when creating a JSON
     public transient final String passwordHash;
 
-    public UserInfo(String id, String email, String passwordHash, long timeJoined) {
-        super(id, timeJoined);
+    public UserInfo(String id, String email, String passwordHash, long timeJoined, String[] tenantIds) {
+        super(id, timeJoined, tenantIds);
         this.email = email;
         this.passwordHash = passwordHash;
     }

src/main/java/io/supertokens/pluginInterface/emailpassword/sqlStorage/EmailPasswordSQLStorage.java

@@ -21,22 +21,31 @@
 import io.supertokens.pluginInterface.emailpassword.UserInfo;
 import io.supertokens.pluginInterface.emailpassword.exceptions.DuplicateEmailException;
 import io.supertokens.pluginInterface.exceptions.StorageQueryException;
+import io.supertokens.pluginInterface.multitenancy.AppIdentifier;
 import io.supertokens.pluginInterface.sqlStorage.SQLStorage;
 import io.supertokens.pluginInterface.sqlStorage.TransactionConnection;
 
 public interface EmailPasswordSQLStorage extends EmailPasswordStorage, SQLStorage {
 
-    PasswordResetTokenInfo[] getAllPasswordResetTokenInfoForUser_Transaction(TransactionConnection con, String userId)
+    // all password reset related stuff is app wide cause the same user ID can be shared across tenants,
+    // and updating / resetting a user's password should apply to all those tenants.
+
+    PasswordResetTokenInfo[] getAllPasswordResetTokenInfoForUser_Transaction(AppIdentifier appIdentifier,
+                                                                             TransactionConnection con, String userId)
             throws StorageQueryException;
 
-    void deleteAllPasswordResetTokensForUser_Transaction(TransactionConnection con, String userId)
+    void deleteAllPasswordResetTokensForUser_Transaction(AppIdentifier appIdentifier, TransactionConnection con,
+                                                         String userId)
             throws StorageQueryException;
 
-    void updateUsersPassword_Transaction(TransactionConnection con, String userId, String newPassword)
+    void updateUsersPassword_Transaction(AppIdentifier appIdentifier, TransactionConnection con, String userId,
+                                         String newPassword)
             throws StorageQueryException;
 
-    void updateUsersEmail_Transaction(TransactionConnection conn, String userId, String email)
+    void updateUsersEmail_Transaction(AppIdentifier appIdentifier, TransactionConnection conn, String userId,
+                                      String email)
             throws StorageQueryException, DuplicateEmailException;
 
-    UserInfo getUserInfoUsingId_Transaction(TransactionConnection con, String userId) throws StorageQueryException;
+    UserInfo getUserInfoUsingId_Transaction(AppIdentifier appIdentifier, TransactionConnection con, String userId)
+            throws StorageQueryException;
 }