feat(core): migrate register flow affiliate report logic (#6334)

Migrate the new user affiliate flow from interaction API. 

- `postAffiliateLogs` is forked from  `routes/interaction/actions/helpers.ts`

packages/core/src/routes/experience/classes/experience-interaction.ts

@@ -91,7 +91,7 @@ export default class ExperienceInteraction {
     this.provisionLibrary = new ProvisionLibrary(tenant, ctx);
 
     const interactionContext: InteractionContext = {
-      getIdentifierUser: async () => this.getIdentifiedUser(),
+      getIdentifiedUser: async () => this.getIdentifiedUser(),
       getVerificationRecordByTypeAndId: (type, verificationId) =>
         this.getVerificationRecordByTypeAndId(type, verificationId),
     };

packages/core/src/routes/experience/classes/helpers.ts

@@ -5,11 +5,16 @@
  * we have moved some of the standalone functions into this file.
  */
 
-import { MfaFactor, VerificationType, type User } from '@logto/schemas';
-import { conditional } from '@silverhand/essentials';
+import { defaults, parseAffiliateData } from '@logto/affiliate';
+import { adminTenantId, MfaFactor, VerificationType, type User } from '@logto/schemas';
+import { conditional, trySafe } from '@silverhand/essentials';
+import { type IRouterContext } from 'koa-router';
 
+import { EnvSet } from '#src/env-set/index.js';
 import RequestError from '#src/errors/RequestError/index.js';
+import { type CloudConnectionLibrary } from '#src/libraries/cloud-connection.js';
 import assertThat from '#src/utils/assert-that.js';
+import { getConsoleLogFromContext } from '#src/utils/console.js';
 
 import type { InteractionProfile } from '../types.js';
 
@@ -129,3 +134,29 @@ export const mergeUserMfaVerifications = (
 
   return [...userMfaVerifications, ...newMfaVerifications];
 };
+
+/**
+ * Post affiliate data to the cloud service.
+ */
+export const postAffiliateLogs = async (
+  ctx: IRouterContext,
+  cloudConnection: CloudConnectionLibrary,
+  userId: string,
+  tenantId: string
+) => {
+  if (!EnvSet.values.isCloud || tenantId !== adminTenantId) {
+    return;
+  }
+
+  const affiliateData = trySafe(() =>
+    parseAffiliateData(JSON.parse(decodeURIComponent(ctx.cookies.get(defaults.cookieName) ?? '')))
+  );
+
+  if (affiliateData) {
+    const client = await cloudConnection.getClient();
+    await client.post('/api/affiliate-logs', {
+      body: { userId, ...affiliateData },
+    });
+    getConsoleLogFromContext(ctx).info('Affiliate logs posted', userId);
+  }
+};

packages/core/src/routes/experience/classes/libraries/provision-library.ts

@@ -1,3 +1,5 @@
+import { Component, CoreEvent, getEventName } from '@logto/app-insights/custom-event';
+import { appInsights } from '@logto/app-insights/node';
 import {
   adminConsoleApplicationId,
   adminTenantId,
@@ -14,14 +16,17 @@ import {
   type UserOnboardingData,
 } from '@logto/schemas';
 import { generateStandardId } from '@logto/shared';
-import { conditional, conditionalArray } from '@silverhand/essentials';
+import { conditional, conditionalArray, trySafe } from '@silverhand/essentials';
 
 import { EnvSet } from '#src/env-set/index.js';
 import { type WithLogContext } from '#src/middleware/koa-audit-log.js';
 import type TenantContext from '#src/tenants/TenantContext.js';
+import { getConsoleLogFromContext } from '#src/utils/console.js';
+import { buildAppInsightsTelemetry } from '#src/utils/request.js';
 import { getTenantId } from '#src/utils/tenant.js';
 
 import { type InteractionProfile } from '../../types.js';
+import { postAffiliateLogs } from '../helpers.js';
 import { toUserSocialIdentityData } from '../utils.js';
 
 type OrganizationProvisionPayload =
@@ -86,6 +91,8 @@ export class ProvisionLibrary {
     // TODO: New user created hooks
     // TODO: log
 
+    this.triggerAnalyticReports(user);
+
     return user;
   }
 
@@ -262,4 +269,17 @@ export class ProvisionLibrary {
       isInAdminTenant && AdminTenantRole.User,
       isCreatingFirstAdminUser && !isCloud && defaultManagementApiAdminName // OSS uses the legacy Management API user role
     );
+
+  private readonly triggerAnalyticReports = ({ id }: User) => {
+    appInsights.client?.trackEvent({
+      name: getEventName(Component.Core, CoreEvent.Register),
+    });
+
+    const { cloudConnection, id: tenantId } = this.tenantContext;
+
+    void trySafe(postAffiliateLogs(this.ctx, cloudConnection, id, tenantId), (error) => {
+      getConsoleLogFromContext(this.ctx).warn('Failed to post affiliate logs', error);
+      void appInsights.trackException(error, buildAppInsightsTelemetry(this.ctx));
+    });
+  };
 }

packages/core/src/routes/experience/classes/mfa.ts

@@ -178,7 +178,7 @@ export class Mfa {
     const bindTotp = verificationRecord.toBindMfa();
 
     await this.checkMfaFactorsEnabledInSignInExperience([MfaFactor.TOTP]);
-    const { mfaVerifications } = await this.interactionContext.getIdentifierUser();
+    const { mfaVerifications } = await this.interactionContext.getIdentifiedUser();
 
     // A user can only bind one TOTP factor
     assertThat(
@@ -226,7 +226,7 @@ export class Mfa {
 
     await this.checkMfaFactorsEnabledInSignInExperience([MfaFactor.BackupCode]);
 
-    const { mfaVerifications } = await this.interactionContext.getIdentifierUser();
+    const { mfaVerifications } = await this.interactionContext.getIdentifiedUser();
     const userHasOtherMfa = mfaVerifications.some((mfa) => mfa.type !== MfaFactor.BackupCode);
     const hasOtherNewMfa = Boolean(this.#totp ?? this.#webAuthn?.length);
     assertThat(
@@ -261,7 +261,7 @@ export class Mfa {
       return;
     }
 
-    const { mfaVerifications, logtoConfig } = await this.interactionContext.getIdentifierUser();
+    const { mfaVerifications, logtoConfig } = await this.interactionContext.getIdentifiedUser();
 
     // If the policy is user controlled and the user has skipped MFA, then there is nothing to check
     // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing

packages/core/src/routes/experience/classes/profile.ts

@@ -55,7 +55,7 @@ export class Profile {
    * @throws {RequestError} 422 if the unique identifier data already exists in another user account.
    */
   async setProfileWithValidation(profile: InteractionProfile) {
-    const user = await this.interactionContext.getIdentifierUser();
+    const user = await this.interactionContext.getIdentifiedUser();
     this.profileValidator.guardProfileNotExistInCurrentUserAccount(user, profile);
     await this.profileValidator.guardProfileUniquenessAcrossUsers(profile);
     this.unsafeSet(profile);
@@ -69,7 +69,7 @@ export class Profile {
    * @throws {RequestError} 422 if the password is the same as the current user's password.
    */
   async setPasswordDigestWithValidation(password: string, reset = false) {
-    const user = await this.interactionContext.getIdentifierUser();
+    const user = await this.interactionContext.getIdentifiedUser();
     const passwordPolicy = await this.signInExperienceValidator.getPasswordPolicy();
     const passwordValidator = new PasswordValidator(passwordPolicy, user);
     await passwordValidator.validatePassword(password, this.#data);
@@ -89,7 +89,7 @@ export class Profile {
    * @throws {RequestError} 422 if the unique identifier data already exists in another user account.
    */
   async validateAvailability() {
-    const user = await this.interactionContext.getIdentifierUser();
+    const user = await this.interactionContext.getIdentifiedUser();
     this.profileValidator.guardProfileNotExistInCurrentUserAccount(user, this.#data);
     await this.profileValidator.guardProfileUniquenessAcrossUsers(this.#data);
   }
@@ -98,7 +98,7 @@ export class Profile {
    * Checks if the user has fulfilled the mandatory profile fields.
    */
   async assertUserMandatoryProfileFulfilled() {
-    const user = await this.interactionContext.getIdentifierUser();
+    const user = await this.interactionContext.getIdentifiedUser();
     const mandatoryProfileFields =
       await this.signInExperienceValidator.getMandatoryUserProfileBySignUpMethods();
 

packages/core/src/routes/experience/types.ts

@@ -64,7 +64,7 @@ export const interactionProfileGuard = Users.createGuard
  * The interaction context provides the callback functions to get the user and verification record from the interaction
  */
 export type InteractionContext = {
-  getIdentifierUser: () => Promise<User>;
+  getIdentifiedUser: () => Promise<User>;
   getVerificationRecordByTypeAndId: <K extends keyof VerificationRecordMap>(
     type: K,
     verificationId: string

packages/core/src/routes/experience/verification-routes/backup-code-verification.ts

@@ -52,41 +52,6 @@ export default function backupCodeVerificationRoutes<T extends WithLogContext>(
     }
   );
 
-  router.post(
-    `${experienceRoutes.verification}/backup-code/generate`,
-    koaGuard({
-      status: [200, 400],
-      response: z.object({
-        verificationId: z.string(),
-        codes: z.array(z.string()),
-      }),
-    }),
-    async (ctx, next) => {
-      const { experienceInteraction } = ctx;
-
-      assertThat(experienceInteraction.identifiedUserId, 'session.identifier_not_found');
-
-      const backupCodeVerificationRecord = BackupCodeVerification.create(
-        libraries,
-        queries,
-        experienceInteraction.identifiedUserId
-      );
-
-      const codes = backupCodeVerificationRecord.generate();
-
-      ctx.experienceInteraction.setVerificationRecord(backupCodeVerificationRecord);
-
-      await ctx.experienceInteraction.save();
-
-      ctx.body = {
-        verificationId: backupCodeVerificationRecord.id,
-        codes,
-      };
-
-      return next();
-    }
-  );
-
   router.post(
     `${experienceRoutes.verification}/backup-code/verify`,
     koaGuard({