pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-02-23 13:26:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

setup server admin

Browse Source
This commit is contained in:
Milo Schwartz
2024-12-25 15:54:32 -05:00
parent e0b1aa98e0
commit 4a1e869e58
29 changed files with 409 additions and 251 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
server/routers/auth/signup.ts
View File

@@ -16,16 +16,19 @@ import {
createSession,
generateId,
generateSessionToken,
serializeSessionCookie,
serializeSessionCookie
} from "@server/auth";
import { ActionsEnum } from "@server/auth/actions";
import config from "@server/config";
import logger from "@server/logger";
import { hashPassword } from "@server/auth/password";
import { checkValidInvite } from "@server/auth/checkValidInvite";
export const signupBodySchema = z.object({
email: z.string().email(),
password: passwordSchema,
inviteToken: z.string().optional(),
inviteId: z.string().optional()
});
export type SignUpBody = z.infer<typeof signupBodySchema>;
@@ -50,11 +53,39 @@ export async function signup(
);
}
const { email, password } = parsedBody.data;
const { email, password, inviteToken, inviteId } = parsedBody.data;
logger.debug("signup", { email, password, inviteToken, inviteId });
const passwordHash = await hashPassword(password);
const userId = generateId(15);
if (config.flags?.disable_signup_without_invite) {
if (!inviteToken || !inviteId) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Signups are disabled without an invite code"
)
);
}
const { error, existingInvite } = await checkValidInvite({
token: inviteToken,
inviteId
});
if (error) {
return next(createHttpError(HttpCode.BAD_REQUEST, error));
}
if (!existingInvite) {
return next(
createHttpError(HttpCode.BAD_REQUEST, "Invite does not exist")
);
}
}
try {
const existing = await db
.select()
@@ -89,12 +120,15 @@ export async function signup(
if (diff < 2) {
// If the user was created less than 2 hours ago, we don't want to create a new user
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"A verification email was already sent to this email address. Please check your email for the verification code."
)
);
return response<SignUpResponse>(res, {
data: {
emailVerificationRequired: true
},
success: true,
error: false,
message: `A user with that email address already exists. We sent an email to ${email} with a verification code.`,
status: HttpCode.OK
});
} else {
// If the user was created more than 2 hours ago, we want to delete the old user and create a new one
await db.delete(users).where(eq(users.userId, user.userId));
@@ -105,7 +139,7 @@ export async function signup(
userId: userId,
email: email,
passwordHash,
dateCreated: moment().toISOString(),
dateCreated: moment().toISOString()
});
// give the user their default permissions:
@@ -125,12 +159,12 @@ export async function signup(
return response<SignUpResponse>(res, {
data: {
emailVerificationRequired: true,
emailVerificationRequired: true
},
success: true,
error: false,
message: `User created successfully. We sent an email to ${email} with a verification code.`,
status: HttpCode.OK,
status: HttpCode.OK
});
}
@@ -139,7 +173,7 @@ export async function signup(
success: true,
error: false,
message: "User created successfully",
status: HttpCode.OK,
status: HttpCode.OK
});
} catch (e) {
if (e instanceof SqliteError && e.code === "SQLITE_CONSTRAINT_UNIQUE") {

12
server/routers/org/createOrg.ts
View File

@@ -28,6 +28,18 @@ export async function createOrg(
next: NextFunction
): Promise<any> {
try {
// should this be in a middleware?
if (config.flags?.disable_user_create_org) {
if (!req.user?.serverAdmin) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
"Only server admins can create organizations"
)
);
}
}
const parsedBody = createOrgSchema.safeParse(req.body);
if (!parsedBody.success) {
return next(

52
server/routers/user/acceptInvite.ts
View File

@@ -11,6 +11,7 @@ import logger from "@server/logger";
import { fromError } from "zod-validation-error";
import { isWithinExpirationDate } from "oslo";
import { verifyPassword } from "@server/auth/password";
import { checkValidInvite } from "@server/auth/checkValidInvite";
const acceptInviteBodySchema = z
.object({
@@ -42,44 +43,25 @@ export async function acceptInvite(
const { token, inviteId } = parsedBody.data;
const existingInvite = await db
.select()
.from(userInvites)
.where(eq(userInvites.inviteId, inviteId))
.limit(1);
if (!existingInvite.length) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Invite ID or token is invalid"
)
);
}
if (!isWithinExpirationDate(new Date(existingInvite[0].expiresAt))) {
return next(
createHttpError(HttpCode.BAD_REQUEST, "Invite has expired")
);
}
const validToken = await verifyPassword(
const { error, existingInvite } = await checkValidInvite({
token,
existingInvite[0].tokenHash
);
if (!validToken) {
inviteId
});
if (error) {
return next(createHttpError(HttpCode.BAD_REQUEST, error));
}
if (!existingInvite) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Invite ID or token is invalid"
)
createHttpError(HttpCode.BAD_REQUEST, "Invite does not exist")
);
}
const existingUser = await db
.select()
.from(users)
.where(eq(users.email, existingInvite[0].email))
.where(eq(users.email, existingInvite.email))
.limit(1);
if (!existingUser.length) {
return next(
@@ -90,7 +72,7 @@ export async function acceptInvite(
);
}
if (req.user && req.user.email !== existingInvite[0].email) {
if (req.user && req.user.email !== existingInvite.email) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
@@ -104,7 +86,7 @@ export async function acceptInvite(
const existingRole = await db
.select()
.from(roles)
.where(eq(roles.roleId, existingInvite[0].roleId))
.where(eq(roles.roleId, existingInvite.roleId))
.limit(1);
if (existingRole.length) {
roleId = existingRole[0].roleId;
@@ -121,15 +103,15 @@ export async function acceptInvite(
// add the user to the org
await db.insert(userOrgs).values({
userId: existingUser[0].userId,
orgId: existingInvite[0].orgId,
roleId: existingInvite[0].roleId
orgId: existingInvite.orgId,
roleId: existingInvite.roleId
});
// delete the invite
await db.delete(userInvites).where(eq(userInvites.inviteId, inviteId));
return response<AcceptInviteResponse>(res, {
data: { accepted: true, orgId: existingInvite[0].orgId },
data: { accepted: true, orgId: existingInvite.orgId },
success: true,
error: false,
message: "Invite accepted",

3
server/routers/user/getUser.ts
View File

@@ -15,6 +15,7 @@ async function queryUser(userId: string) {
email: users.email,
twoFactorEnabled: users.twoFactorEnabled,
emailVerified: users.emailVerified,
serverAdmin: users.serverAdmin
})
.from(users)
.where(eq(users.userId, userId))
@@ -56,7 +57,7 @@ export async function getUser(
success: true,
error: false,
message: "User retrieved successfully",
status: HttpCode.OK,
status: HttpCode.OK
});
} catch (error) {
logger.error(error);