mirror of
https://github.com/Unleash/unleash.git
synced 2025-01-31 00:16:47 +01:00
d63b3c69fe
https://linear.app/unleash/issue/2-579/improve-user-like-behaviour-for-service-accounts-accounts-concept <img width="803" alt="image" src="https://user-images.githubusercontent.com/14320932/213011584-75870595-988d-49bc-a7bf-cd1ffd146bca.png"> Makes SAs behave more like users. Even though they share the same `users` database table, the `is_service` column distinguishes them. This PR makes the distinction a bit less obvious by not filtering out SAs for some methods in the user store, returning both account types and their respective account type information so we can handle them properly on the UI. We felt like this was a good enough approach for now, and a decent compromise to move SAs forward. In the future, we may want to make a full refactor with the `accounts` concept in mind, which we've experimented with in the [accounts-refactoring](https://github.com/Unleash/unleash/tree/accounts-refactoring) branches (both OSS and Enterprise). https://github.com/Unleash/unleash/pull/2918 - Moves this a bit further, by introducing the account service and store.
253 lines
6.8 KiB
TypeScript
253 lines
6.8 KiB
TypeScript
/* eslint camelcase: "off" */
|
|
|
|
import { Knex } from 'knex';
|
|
import { Logger, LogProvider } from '../logger';
|
|
import User from '../types/user';
|
|
|
|
import NotFoundError from '../error/notfound-error';
|
|
import {
|
|
ICreateUser,
|
|
IUserLookup,
|
|
IUserStore,
|
|
IUserUpdateFields,
|
|
} from '../types/stores/user-store';
|
|
|
|
const TABLE = 'users';
|
|
|
|
const USER_COLUMNS_PUBLIC = [
|
|
'id',
|
|
'name',
|
|
'username',
|
|
'email',
|
|
'image_url',
|
|
'seen_at',
|
|
'is_service',
|
|
];
|
|
|
|
const USER_COLUMNS = [...USER_COLUMNS_PUBLIC, 'login_attempts', 'created_at'];
|
|
|
|
const emptify = (value) => {
|
|
if (!value) {
|
|
return undefined;
|
|
}
|
|
return value;
|
|
};
|
|
|
|
const safeToLower = (s?: string) => (s ? s.toLowerCase() : s);
|
|
|
|
const mapUserToColumns = (user: ICreateUser) => ({
|
|
name: user.name,
|
|
username: user.username,
|
|
email: safeToLower(user.email),
|
|
image_url: user.imageUrl,
|
|
});
|
|
|
|
const rowToUser = (row) => {
|
|
if (!row) {
|
|
throw new NotFoundError('No user found');
|
|
}
|
|
return new User({
|
|
id: row.id,
|
|
name: emptify(row.name),
|
|
username: emptify(row.username),
|
|
email: emptify(row.email),
|
|
imageUrl: emptify(row.image_url),
|
|
loginAttempts: row.login_attempts,
|
|
seenAt: row.seen_at,
|
|
createdAt: row.created_at,
|
|
isService: row.is_service,
|
|
});
|
|
};
|
|
|
|
class UserStore implements IUserStore {
|
|
private db: Knex;
|
|
|
|
private logger: Logger;
|
|
|
|
constructor(db: Knex, getLogger: LogProvider) {
|
|
this.db = db;
|
|
this.logger = getLogger('user-store.ts');
|
|
}
|
|
|
|
async update(id: number, fields: IUserUpdateFields): Promise<User> {
|
|
await this.activeUsers()
|
|
.where('id', id)
|
|
.update(mapUserToColumns(fields));
|
|
return this.get(id);
|
|
}
|
|
|
|
async insert(user: ICreateUser): Promise<User> {
|
|
const rows = await this.db(TABLE)
|
|
.insert(mapUserToColumns(user))
|
|
.returning(USER_COLUMNS);
|
|
return rowToUser(rows[0]);
|
|
}
|
|
|
|
async upsert(user: ICreateUser): Promise<User> {
|
|
const id = await this.hasUser(user);
|
|
|
|
if (id) {
|
|
return this.update(id, user);
|
|
}
|
|
return this.insert(user);
|
|
}
|
|
|
|
buildSelectUser(q: IUserLookup): any {
|
|
const query = this.activeAll();
|
|
if (q.id) {
|
|
return query.where('id', q.id);
|
|
}
|
|
if (q.email) {
|
|
return query.where('email', safeToLower(q.email));
|
|
}
|
|
if (q.username) {
|
|
return query.where('username', q.username);
|
|
}
|
|
throw new Error('Can only find users with id, username or email.');
|
|
}
|
|
|
|
activeAll(): any {
|
|
return this.db(TABLE).where({
|
|
deleted_at: null,
|
|
});
|
|
}
|
|
|
|
activeUsers(): any {
|
|
return this.db(TABLE).where({
|
|
deleted_at: null,
|
|
is_service: false,
|
|
});
|
|
}
|
|
|
|
async hasUser(idQuery: IUserLookup): Promise<number | undefined> {
|
|
const query = this.buildSelectUser(idQuery);
|
|
const item = await query.first('id');
|
|
return item ? item.id : undefined;
|
|
}
|
|
|
|
async getAll(): Promise<User[]> {
|
|
const users = await this.activeAll().select(USER_COLUMNS);
|
|
return users.map(rowToUser);
|
|
}
|
|
|
|
async getAllUsers(): Promise<User[]> {
|
|
const users = await this.activeUsers().select(USER_COLUMNS);
|
|
return users.map(rowToUser);
|
|
}
|
|
|
|
async search(query: string): Promise<User[]> {
|
|
const users = await this.activeUsers()
|
|
.select(USER_COLUMNS_PUBLIC)
|
|
.where('name', 'ILIKE', `%${query}%`)
|
|
.orWhere('username', 'ILIKE', `${query}%`)
|
|
.orWhere('email', 'ILIKE', `${query}%`);
|
|
return users.map(rowToUser);
|
|
}
|
|
|
|
async getAllWithId(userIdList: number[]): Promise<User[]> {
|
|
const users = await this.activeAll()
|
|
.select(USER_COLUMNS_PUBLIC)
|
|
.whereIn('id', userIdList);
|
|
return users.map(rowToUser);
|
|
}
|
|
|
|
async getByQuery(idQuery: IUserLookup): Promise<User> {
|
|
const row = await this.buildSelectUser(idQuery).first(USER_COLUMNS);
|
|
return rowToUser(row);
|
|
}
|
|
|
|
async delete(id: number): Promise<void> {
|
|
return this.activeUsers()
|
|
.where({ id })
|
|
.update({
|
|
deleted_at: new Date(),
|
|
email: null,
|
|
username: null,
|
|
name: this.db.raw('name || ?', '(Deleted)'),
|
|
});
|
|
}
|
|
|
|
async getPasswordHash(userId: number): Promise<string> {
|
|
const item = await this.activeUsers()
|
|
.where('id', userId)
|
|
.first('password_hash');
|
|
|
|
if (!item) {
|
|
throw new NotFoundError('User not found');
|
|
}
|
|
|
|
return item.password_hash;
|
|
}
|
|
|
|
async setPasswordHash(userId: number, passwordHash: string): Promise<void> {
|
|
return this.activeUsers().where('id', userId).update({
|
|
password_hash: passwordHash,
|
|
});
|
|
}
|
|
|
|
async incLoginAttempts(user: User): Promise<void> {
|
|
return this.buildSelectUser(user).increment('login_attempts', 1);
|
|
}
|
|
|
|
async successfullyLogin(user: User): Promise<void> {
|
|
return this.buildSelectUser(user).update({
|
|
login_attempts: 0,
|
|
seen_at: new Date(),
|
|
});
|
|
}
|
|
|
|
async deleteAll(): Promise<void> {
|
|
await this.activeUsers().del();
|
|
}
|
|
|
|
async count(): Promise<number> {
|
|
return this.activeUsers()
|
|
.count('*')
|
|
.then((res) => Number(res[0].count));
|
|
}
|
|
|
|
destroy(): void {}
|
|
|
|
async exists(id: number): Promise<boolean> {
|
|
const result = await this.db.raw(
|
|
`SELECT EXISTS (SELECT 1 FROM ${TABLE} WHERE id = ? and deleted_at = null) AS present`,
|
|
[id],
|
|
);
|
|
const { present } = result.rows[0];
|
|
return present;
|
|
}
|
|
|
|
async get(id: number): Promise<User> {
|
|
const row = await this.activeUsers().where({ id }).first();
|
|
return rowToUser(row);
|
|
}
|
|
|
|
async getUserByPersonalAccessToken(secret: string): Promise<User> {
|
|
const row = await this.activeAll()
|
|
.select(USER_COLUMNS.map((column) => `${TABLE}.${column}`))
|
|
.leftJoin(
|
|
'personal_access_tokens',
|
|
'personal_access_tokens.user_id',
|
|
`${TABLE}.id`,
|
|
)
|
|
.where('secret', secret)
|
|
.andWhere('expires_at', '>', 'now()')
|
|
.first();
|
|
return rowToUser(row);
|
|
}
|
|
|
|
async markSeenAt(secrets: string[]): Promise<void> {
|
|
const now = new Date();
|
|
try {
|
|
await this.db('personal_access_tokens')
|
|
.whereIn('secret', secrets)
|
|
.update({ seen_at: now });
|
|
} catch (err) {
|
|
this.logger.error('Could not update lastSeen, error: ', err);
|
|
}
|
|
}
|
|
}
|
|
|
|
module.exports = UserStore;
|
|
export default UserStore;
|