Allow enable user, disable user, send verify email through s2s api (#32)

ValueMelody · Jul 19, 2024 · fe6fa61 · fe6fa61
1 parent e755faf
commit fe6fa61
Show file tree

Hide file tree

Showing 8 changed files with 150 additions and 27 deletions.
diff --git a/server/src/configs/error.ts b/server/src/configs/error.ts
@@ -20,6 +20,15 @@ export class Forbidden {
   }
 }
 
+export class NotFound {
+  constructor (message?: string) {
+    return new HTTPException(
+      400,
+      getOption(message),
+    )
+  }
+}
+
 export class UnAuthorized {
   constructor (message?: string) {
     return new HTTPException(

diff --git a/server/src/configs/locale.ts b/server/src/configs/locale.ts
@@ -5,6 +5,8 @@ export enum Error {
   EmailTaken = 'The email address is already in use.',
   WrongRedirectUri = 'Invalid redirect_uri',
   NoUser = 'No user found',
+  UserDisabled = 'This account has been disabled',
+  EmailAlreadyVerified = 'Email already verified',
   NoConsent = 'User consent required',
   CanNotCreateUser = 'Failed to create user',
   CanNotCreateConsent = 'Failed to create consent',

diff --git a/server/src/configs/type.ts b/server/src/configs/type.ts
@@ -83,6 +83,7 @@ export enum Scope {
   Profile = 'profile',
   OfflineAccess = 'offline_access',
   READ_USER = 'read_user',
+  WRITE_USER = 'write_user',
 }
 
 export enum ClientType {

diff --git a/server/src/handlers/postTokenReq.ts b/server/src/handlers/postTokenReq.ts
@@ -33,7 +33,7 @@ export const parseClientCredentials = async (c: Context<typeConfig.Context>) =>
 
   const bodyDto = new oauthDto.PostTokenClientCredentialsReqBodyDto({
     grantType: String(reqBody.grant_type),
-    scopes: reqBody.scope ? String(reqBody.scope).split(',') : [],
+    scopes: reqBody.scope ? String(reqBody.scope).split(' ') : [],
   })
   await validateUtil.dto(bodyDto)
 

diff --git a/server/src/middlewares/auth.ts b/server/src/middlewares/auth.ts
@@ -88,6 +88,29 @@ export const s2sReadUser = bearerAuth({
   },
 })
 
+export const s2sWriteUser = bearerAuth({
+  verifyToken: async (
+    token, c: Context<typeConfig.Context>,
+  ) => {
+    const accessTokenBody = await parseToken(
+      c,
+      token,
+      typeConfig.ClientType.S2S,
+    )
+    if (!accessTokenBody) return false
+
+    const scopes = accessTokenBody.scope?.split(' ') ?? []
+    if (!scopes.includes(typeConfig.Scope.WRITE_USER)) return false
+
+    c.set(
+      'access_token_body',
+      accessTokenBody,
+    )
+
+    return true
+  },
+})
+
 export const s2sBasicAuth = async (
   c: Context<typeConfig.Context>, next: Next,
 ) => {

diff --git a/server/src/models/user.ts b/server/src/models/user.ts
@@ -41,8 +41,12 @@ export interface Update {
 
 const TableName = dbConfig.TableName.User
 
-export const getAll = async (db: D1Database) => {
-  const stmt = db.prepare(`SELECT * FROM ${TableName} WHERE deletedAt IS NULL`)
+export const getAll = async (
+  db: D1Database, includeDeleted: boolean = false,
+) => {
+  let query = `SELECT * FROM ${TableName}`
+  if (!includeDeleted) query = `${query} WHERE deletedAt IS NULL`
+  const stmt = db.prepare(query)
   const { results: users }: { results: Record[] } = await stmt.all()
   return users
 }
@@ -60,8 +64,11 @@ export const getById = async (
 export const getByAuthId = async (
   db: D1Database,
   authId: string,
+  includeDeleted: boolean = false,
 ) => {
-  const stmt = db.prepare(`SELECT * FROM ${TableName} WHERE authId = $1 AND deletedAt IS NULL`)
+  let query = `SELECT * FROM ${TableName} WHERE authId = $1`
+  if (!includeDeleted) query = `${query} AND deletedAt IS NULL`
+  const stmt = db.prepare(query)
     .bind(authId)
   const user = await stmt.first() as Record | null
   return user

diff --git a/server/src/routes/user.tsx b/server/src/routes/user.tsx
@@ -1,8 +1,14 @@
 import {
+  errorConfig,
+  localeConfig,
   routeConfig, typeConfig,
 } from 'configs'
-import { authMiddleware } from 'middlewares'
+import {
+  authMiddleware, configMiddleware,
+} from 'middlewares'
 import { userModel } from 'models'
+import { userService } from 'services'
+import { timeUtil } from 'utils'
 
 const BaseRoute = routeConfig.InternalRoute.ApiUsers
 
@@ -11,7 +17,11 @@ export const load = (app: typeConfig.App) => {
     `${BaseRoute}`,
     authMiddleware.s2sReadUser,
     async (c) => {
-      const users = await userModel.getAll(c.env.DB)
+      const includeDeleted = c.req.query('includeDisabled') === 'true'
+      const users = await userModel.getAll(
+        c.env.DB,
+        includeDeleted,
+      )
       return c.json({ users })
     },
   )
@@ -21,11 +31,75 @@ export const load = (app: typeConfig.App) => {
     authMiddleware.s2sReadUser,
     async (c) => {
       const authId = c.req.param('authId')
-      const user = await userModel.getByAuthId(
-        c.env.DB,
+      const user = await userService.getUserByAuthId(
+        c,
         authId,
       )
       return c.json({ user })
     },
   )
+
+  app.post(
+    `${BaseRoute}/:authId/verify-email`,
+    authMiddleware.s2sWriteUser,
+    configMiddleware.enableEmailVerification,
+    async (c) => {
+      const authId = c.req.param('authId')
+      const user = await userService.getUserByAuthId(
+        c,
+        authId,
+      )
+
+      if (user.emailVerified) throw new errorConfig.Forbidden(localeConfig.Error.EmailAlreadyVerified)
+
+      await userService.sendEmailVerification(
+        c,
+        user,
+      )
+      return c.json({ success: true })
+    },
+  )
+
+  app.put(
+    `${BaseRoute}/:authId/enable`,
+    authMiddleware.s2sWriteUser,
+    async (c) => {
+      const authId = c.req.param('authId')
+      const includeDeleted = true
+      const user = await userService.getUserByAuthId(
+        c,
+        authId,
+        includeDeleted,
+      )
+
+      if (!user.deletedAt) throw new errorConfig.NotFound(localeConfig.Error.NoUser)
+
+      await userModel.update(
+        c.env.DB,
+        user.id,
+        { deletedAt: null },
+      )
+
+      return c.json({ success: true })
+    },
+  )
+
+  app.put(
+    `${BaseRoute}/:authId/disable`,
+    authMiddleware.s2sWriteUser,
+    async (c) => {
+      const authId = c.req.param('authId')
+      const user = await userService.getUserByAuthId(
+        c,
+        authId,
+      )
+
+      await userModel.update(
+        c.env.DB,
+        user.id,
+        { deletedAt: timeUtil.getDbCurrentTime() },
+      )
+      return c.json({ success: true })
+    },
+  )
 }
diff --git a/server/src/services/user.ts b/server/src/services/user.ts
@@ -44,6 +44,20 @@ export const getUserInfo = async (
   return result
 }
 
+export const getUserByAuthId = async (
+  c: Context<typeConfig.Context>,
+  authId: string,
+  includeDeleted: boolean = false,
+) => {
+  const user = await userModel.getByAuthId(
+    c.env.DB,
+    authId,
+    includeDeleted,
+  )
+  if (!user) throw new errorConfig.NotFound(localeConfig.Error.NoUser)
+  return user
+}
+
 export const verifyPasswordSignIn = async (
   c: Context<typeConfig.Context>, bodyDto: PostAuthorizeReqBodyWithPasswordDto,
 ) => {
@@ -70,26 +84,19 @@ export const createAccountWithPassword = async (
     bodyDto.email,
     includeDeleted,
   )
-  if (user && !user.deletedAt) throw new Forbidden(localeConfig.Error.EmailTaken)
 
-  const newUser = user
-    ? await userModel.update(
-      c.env.DB,
-      user.id,
-      {
-        password, firstName: bodyDto.firstName, lastName: bodyDto.lastName, deletedAt: null,
-      },
-    )
-    : await userModel.create(
-      c.env.DB,
-      {
-        authId: crypto.randomUUID(),
-        email: bodyDto.email,
-        password,
-        firstName: bodyDto.firstName,
-        lastName: bodyDto.lastName,
-      },
-    )
+  if (user) throw new Forbidden(user.deletedAt ? localeConfig.Error.UserDisabled : localeConfig.Error.EmailTaken)
+
+  const newUser = await userModel.create(
+    c.env.DB,
+    {
+      authId: crypto.randomUUID(),
+      email: bodyDto.email,
+      password,
+      firstName: bodyDto.firstName,
+      lastName: bodyDto.lastName,
+    },
+  )
 
   if (!newUser) {
     throw new errorConfig.InternalServerError(localeConfig.Error.CanNotCreateUser)