Feature/ff ephemeral user options (#2556)

* ephemeral ff user groups and remove exposure id FK constraint

* ephemeral ff user groups and remove exposure id FK constraint

* remove comment from ff-exposure model

* use same language in usercheck middleware docs as swagger

Author: danoswaltCL

backend/packages/Upgrade/src/api/controllers/ExperimentClientController.v6.ts

@@ -12,6 +12,7 @@ import {
 import { ExperimentService } from '../services/ExperimentService';
 import { ExperimentAssignmentService } from '../services/ExperimentAssignmentService';
 import { ExperimentAssignmentValidatorv6 } from './validators/ExperimentAssignmentValidator';
+import { FeatureFlagRequestValidator } from './validators/FeatureFlagRequestValidator';
 import { ExperimentUser } from '../models/ExperimentUser';
 import { ExperimentUserService } from '../services/ExperimentUserService';
 import { UpdateWorkingGroupValidatorv6 } from './validators/UpdateWorkingGroupValidator';
@@ -681,27 +682,100 @@ export class ExperimentClientController {
    * @swagger
    * /v6/featureflag:
    *    post:
-   *       description: Get all feature flags using SDK
+   *       description: |
+   *         Get feature flags that have been assigned to the user.
+   *
+   *         This endpoint supports three different modes of operation based on the optional parameters:
+   *
+   *         **Stored-user Mode** (Standard stored user lookup):
+   *         - Omit both `groupsForSession` and `includeStoredUserGroups` parameters
+   *         - Uses only stored user groups from the database
+   *         - User must already have been initialized, will 404 if user does not exist
+   *
+   *         **Ephemeral Mode** (Session-only groups):
+   *         - Set `includeStoredUserGroups` to `false` and provide `groupsForSession`
+   *         - Uses only the groups provided in the session, ignoring any stored user groups.
+   *         - Does not require the user to be initialized (it will bypass stored user lookup)
+   *         - Useful when complete group information is always provided at runtime.
+   *
+   *         **Merged Mode** (Stored + Session groups):
+   *         - Set `includeStoredUserGroups` to `true` and provide `groupsForSession`
+   *         - User must already have been initialized, will 404 if user does not exist.
+   *         - Session groups are merged with stored groups if they don't already exist for stored user.
+   *         - Session groups are never persisted.
+   *         - Useful for adding context-specific ephemeral groups to an existing user.
+   *
    *       consumes:
    *         - application/json
    *       parameters:
+   *         - in: header
+   *           name: User-Id
+   *           required: true
+   *           schema:
+   *             type: string
+   *           example: user123
+   *           description: The unique identifier for the user
    *         - in: body
    *           name: user
    *           required: true
    *           schema:
    *             type: object
+   *             required:
+   *               - context
    *             properties:
    *               context:
    *                 type: string
-   *                 example: add
-   *             description: User Document
+   *                 example: "test-context"
+   *                 description: The context for feature flag evaluation
+   *               groupsForSession:
+   *                 type: object
+   *                 additionalProperties:
+   *                   type: array
+   *                   items:
+   *                     type: string
+   *                 example:
+   *                   schoolId: ["temporary-school-id"]
+   *                 description: Optional groups to provide for the session (not persisted)
+   *               includeStoredUserGroups:
+   *                 type: boolean
+   *                 description: Whether to include stored user groups in evaluation
+   *                 example: false
+   *             description: Feature flag request parameters
+   *             examples:
+   *               normal_mode:
+   *                 summary: Normal Mode - Standard stored user lookup
+   *                 description: Uses only stored user groups from the database
+   *                 value:
+   *                   context: "test-context"
+   *               ephemeral_mode:
+   *                 summary: Ephemeral Mode - Session-only groups
+   *                 description: Uses only session groups, ignoring stored user groups
+   *                 value:
+   *                   context: "test-context"
+   *                   groupsForSession:
+   *                     schoolId: ["demo-school"]
+   *                     classId: ["demo-class-advanced"]
+   *                   includeStoredUserGroups: false
+   *               merged_mode:
+   *                 summary: Merged Mode - Stored + Session groups
+   *                 description: Combines stored user groups (if exists) with session groups
+   *                 value:
+   *                   context: "test-context"
+   *                   groupsForSession:
+   *                     classId: ["temp-class-123", "special-session"]
+   *                   includeStoredUserGroups: true
    *       produces:
    *         - application/json
    *       tags:
    *         - Client Side SDK
    *       responses:
    *          '200':
    *            description: Feature flags list
+   *            schema:
+   *              type: array
+   *              items:
+   *                type: string
+   *              example: ["NEW_FEATURE", "TEST_FLAG"]
    *          '400':
    *            description: BadRequestError - InvalidParameterValue
    *          '401':
@@ -715,10 +789,10 @@ export class ExperimentClientController {
   public async getAllFlags(
     @Req() request: AppRequest,
     @Body({ validate: true })
-    experiment: ExperimentAssignmentValidatorv6
+    featureFlagRequest: FeatureFlagRequestValidator
   ): Promise<string[]> {
     const experimentUserDoc = request.userDoc;
-    return this.featureFlagService.getKeys(experimentUserDoc, experiment.context, request.logger);
+    return this.featureFlagService.getKeys(experimentUserDoc, featureFlagRequest.context, request.logger);
   }
 
   /**

backend/packages/Upgrade/src/api/controllers/validators/FeatureFlagRequestValidator.ts

@@ -0,0 +1,63 @@
+import {
+  IsNotEmpty,
+  IsOptional,
+  IsString,
+  IsBoolean,
+  IsObject,
+  registerDecorator,
+  ValidationOptions,
+  ValidationArguments,
+} from 'class-validator';
+
+export type IGetAllFeatureFlagsRequestBody =
+  | {
+      context: string;
+    }
+  | {
+      context: string;
+      groupsForSession: Record<string, string[]>;
+      includeStoredUserGroups: boolean;
+    };
+
+// Custom validation decorator to ensure both session properties are provided together
+const BothSessionPropertiesRequired = (validationOptions?: ValidationOptions) => {
+  const registerBothSessionPropertiesRequired = (object: object, propertyName: string) => {
+    registerDecorator({
+      name: 'bothSessionPropertiesRequired',
+      target: object.constructor,
+      propertyName: propertyName,
+      options: validationOptions,
+      validator: {
+        validate(value: any, args: ValidationArguments) {
+          const obj = args.object as any;
+          const hasProvideGroups = obj.groupsForSession !== undefined;
+          const hasIncludeStored = obj.includeStoredUserGroups !== undefined;
+
+          // Both must be provided together, or neither
+          return (hasProvideGroups && hasIncludeStored) || (!hasProvideGroups && !hasIncludeStored);
+        },
+        defaultMessage() {
+          return 'Both groupsForSession and includeStoredUserGroups must be provided together, or neither should be provided';
+        },
+      },
+    });
+  };
+
+  return registerBothSessionPropertiesRequired;
+};
+
+export class FeatureFlagRequestValidator {
+  @IsNotEmpty()
+  @IsString()
+  public context: string;
+
+  @IsOptional()
+  @IsObject()
+  @BothSessionPropertiesRequired()
+  public groupsForSession?: Record<string, string[]>;
+
+  @IsOptional()
+  @IsBoolean()
+  @BothSessionPropertiesRequired()
+  public includeStoredUserGroups?: boolean;
+}

backend/packages/Upgrade/src/api/middlewares/UserCheckMiddleware.ts

@@ -4,6 +4,7 @@ import { SERVER_ERROR } from 'upgrade_types';
 import { AppRequest } from '../../types';
 import { Service } from 'typedi';
 import { ExperimentUserService } from '../services/ExperimentUserService';
+import { RequestedExperimentUser } from '../controllers/validators/ExperimentUserValidator';
 
 @Service()
 export class UserCheckMiddleware {
@@ -22,14 +23,23 @@ export class UserCheckMiddleware {
         req.logger.child({ user_id });
         req.logger.debug({ message: 'User Id is:', user_id });
       }
-      const experimentUserDoc = await this.experimentUserService.getUserDoc(user_id, req.logger);
+
+      let experimentUserDoc: RequestedExperimentUser;
+
+      if (req.url.endsWith('/v6/featureflag')) {
+        experimentUserDoc = await this.handleProvidedGroupsForSession(req, user_id);
+      } else {
+        experimentUserDoc = await this.experimentUserService.getUserDoc(user_id, req.logger);
+      }
+
       if (!req.url.endsWith('/init') && !experimentUserDoc) {
         const error = new Error(`User not found: ${user_id}`);
         (error as any).type = SERVER_ERROR.EXPERIMENT_USER_NOT_DEFINED;
         (error as any).httpCode = 404;
         req.logger.error(error);
         return next(error);
       }
+
       req.userDoc = experimentUserDoc;
       // Continue to the next middleware/controller
       return next();
@@ -38,4 +48,154 @@ export class UserCheckMiddleware {
       return next(error);
     }
   }
+
+  /**
+   * Handles potential ephemeral session groups provided in the request.
+   *
+   * This method processes different scenarios based on the combination of
+   * `groupsForSession` and `includeStoredUserGroups` parameters:
+   *
+   * Note: provided session groups are never persisted
+   *
+   * **Stored-user Mode** (Standard stored user lookup):
+   * - Omit both `groupsForSession` and `includeStoredUserGroups` parameters
+   * - Uses only stored user groups from the database
+   * - User must already have been initialized, will 404 if user does not exist
+   *
+   * **Ephemeral Mode** (Session-only groups):
+   * - Set `includeStoredUserGroups` to `false` and provide `groupsForSession`
+   * - Uses only the groups provided in the session, ignoring any stored user groups.
+   * - Does not require the user to be initialized (it will bypass stored user lookup)
+   * - Useful when complete group information is always provided at runtime.
+   *
+   * **Merged Mode** (Stored + Session groups):
+   * - Set `includeStoredUserGroups` to `true` and provide `groupsForSession`
+   * - User must already have been initialized, will 404 if user does not exist.
+   * - Session groups are merged with stored groups if they don't already exist for stored user.
+   * - Session groups are never persisted.
+   * - Useful for adding context-specific ephemeral groups to an existing user.
+   *
+   * @param req - The application request containing session group parameters
+   * @param user_id - The user identifier for group lookup
+   * @returns Promise resolving to RequestedExperimentUser with appropriate group configuration
+   *
+   * @example
+   * ```typescript
+   * // Scenario 1: Standard lookup (no session params)
+   * {
+   *   context: "storedUserDependentContext",
+   * }
+   *
+   * // Scenario 2: Ignore stored user and use session groups only
+   * {
+   *   context: "independentContext",
+   *   groupsForSession: { "classId": ["testClass"], "schoolId": ["instructor"] },
+   *   includeStoredUserGroups: false
+   * }
+   *
+   * // Scenario 3: Merge session and stored groups
+   * {
+   *   context: "storedUserMergedContext",
+   *   groupsForSession: { "classId": ["testClass"], "schoolId": ["demoSchool"] },
+   *   includeStoredUserGroups: true
+   * }
+   *
+   * ```
+   */
+  private async handleProvidedGroupsForSession(req: AppRequest, user_id: string): Promise<RequestedExperimentUser> {
+    // Note: validation of request will have occurred before this middleware
+
+    // Scenario 1: Session-only groups (ephemeral user mode)
+    // explicitly check if includeStoredUserGroups is exactly false and not just undefined
+    if (req.body.groupsForSession && req.body.includeStoredUserGroups === false) {
+      const experimentUserDoc = this.createSessionUser(user_id, req.body.groupsForSession);
+
+      req.logger.debug({
+        message: 'Created ephemeral user with session groups',
+        experimentUserDoc,
+      });
+
+      return experimentUserDoc;
+    }
+
+    // Load stored user document, required for scenarios 2 and 3
+    const experimentUserDoc = await this.experimentUserService.getUserDoc(user_id, req.logger);
+
+    if (!experimentUserDoc) {
+      return null; // User not found, will be handled in the main middleware
+    }
+
+    if (req.body.groupsForSession && req.body.includeStoredUserGroups) {
+      // Scenario 2: Merged groups (Merged stored/ephemeral groups mode)
+      experimentUserDoc.group = this.mergeGroupsWithUniqueValues(experimentUserDoc.group, req.body.groupsForSession);
+
+      req.logger.debug({
+        message: 'Merged session groups with stored user groups',
+        experimentUserDoc,
+      });
+    } else {
+      // Scenario 3: Standard behavior (user-lookup from user-id)
+      req.logger.debug({
+        message: 'Using standard user lookup without session group modifications',
+        experimentUserDoc,
+      });
+    }
+
+    return experimentUserDoc;
+  }
+
+  /**
+   * Creates a RequestedExperimentUser object for ephemeral user scenarios.
+   *
+   * @param user_id - The user ID for the experiment user
+   * @param groupsForSession - The groups provided in the session
+   * @returns RequestedExperimentUser object with session groups
+   */
+  private createSessionUser(user_id: string, groupsForSession: Record<string, string[]>): RequestedExperimentUser {
+    const sessionUser = new RequestedExperimentUser();
+    sessionUser.id = user_id;
+    sessionUser.requestedUserId = user_id;
+    sessionUser.group = groupsForSession;
+    sessionUser.workingGroup = undefined;
+    return sessionUser;
+  }
+
+  /**
+   * Merges two group objects with unique values per key.
+   *
+   * This utility method combines existing user groups with incoming session groups,
+   * ensuring no duplicate values exist within each group key's array.
+   *
+   * @param existing - The existing user groups (may be undefined)
+   * @param incoming - The incoming session groups to merge
+   * @returns A new object with merged groups containing unique values
+   *
+   * @example
+   * ```typescript
+   * const existing = { "classId": ["123", "xyz"], "schoolId": ["qwerty"] };
+   * const incoming = { "classId": ["abc", "123"], "instructorId": ["dale123"] };
+   * const merged = mergeGroupsWithUniqueValues(existing, incoming);
+   * // Result: {
+   * //   "classId": ["123", "xyz", "abc"],
+   * //   "schoolId": ["qwerty"],
+   * //   "instructorId": ["dale123"]
+   * // }
+   * ```
+   */
+  private mergeGroupsWithUniqueValues(
+    existing: Record<string, string[]> | undefined,
+    incoming: Record<string, string[]>
+  ): Record<string, string[]> {
+    const result: Record<string, string[]> = { ...existing };
+
+    for (const [key, values] of Object.entries(incoming)) {
+      if (result[key]) {
+        result[key] = [...new Set([...result[key], ...values])];
+      } else {
+        result[key] = [...values];
+      }
+    }
+
+    return result;
+  }
 }

backend/packages/Upgrade/src/api/models/FeatureFlagExposure.ts

@@ -1,22 +1,17 @@
 import { Entity, Index, ManyToOne, PrimaryColumn } from 'typeorm';
 import { BaseModel } from './base/BaseModel';
 import { FeatureFlag } from './FeatureFlag';
-import { ExperimentUser } from './ExperimentUser';
 
 @Entity()
 export class FeatureFlagExposure extends BaseModel {
   // Define primary column for the foreign key
   @PrimaryColumn()
   featureFlagId: string;
 
-  // Define primary column for the foreign key
   @PrimaryColumn()
   experimentUserId: string;
 
   @Index()
   @ManyToOne(() => FeatureFlag, { onDelete: 'CASCADE' })
   public featureFlag: FeatureFlag;
-  @Index()
-  @ManyToOne(() => ExperimentUser, { onDelete: 'CASCADE' })
-  public experimentUser: ExperimentUser;
 }