mirror of
https://github.com/nicotsx/zerobyte.git
synced 2026-04-18 05:47:31 -04:00
194 lines
5.3 KiB
TypeScript
194 lines
5.3 KiB
TypeScript
import { db } from "../../db/db";
|
|
import {
|
|
usersTable,
|
|
member,
|
|
organization,
|
|
volumesTable,
|
|
repositoriesTable,
|
|
backupSchedulesTable,
|
|
ssoProvider,
|
|
account,
|
|
invitation,
|
|
} from "../../db/schema";
|
|
import { eq, ne, and, count, inArray } from "drizzle-orm";
|
|
import type { PublicSsoProvidersDto, UserDeletionImpactDto } from "./auth.dto";
|
|
|
|
export class AuthService {
|
|
/**
|
|
* Check if any users exist in the system
|
|
*/
|
|
async hasUsers(): Promise<boolean> {
|
|
const [user] = await db.select({ id: usersTable.id }).from(usersTable).limit(1);
|
|
return !!user;
|
|
}
|
|
|
|
/**
|
|
* Get public SSO providers for the instance
|
|
*/
|
|
async getPublicSsoProviders(): Promise<PublicSsoProvidersDto> {
|
|
const providers = await db
|
|
.select({
|
|
providerId: ssoProvider.providerId,
|
|
organizationSlug: organization.slug,
|
|
})
|
|
.from(ssoProvider)
|
|
.innerJoin(organization, eq(ssoProvider.organizationId, organization.id));
|
|
|
|
return { providers };
|
|
}
|
|
|
|
/**
|
|
* Get the impact of deleting a user
|
|
*/
|
|
async getUserDeletionImpact(userId: string): Promise<UserDeletionImpactDto> {
|
|
const userMemberships = await db.query.member.findMany({
|
|
where: {
|
|
AND: [{ userId: userId }, { role: "owner" }],
|
|
},
|
|
});
|
|
|
|
const impacts: UserDeletionImpactDto["organizations"] = [];
|
|
|
|
for (const membership of userMemberships) {
|
|
const otherOwners = await db
|
|
.select({ count: count() })
|
|
.from(member)
|
|
.where(
|
|
and(
|
|
eq(member.organizationId, membership.organizationId),
|
|
eq(member.role, "owner"),
|
|
ne(member.userId, userId),
|
|
),
|
|
);
|
|
|
|
if (otherOwners[0].count === 0) {
|
|
const org = await db.query.organization.findFirst({
|
|
where: { id: membership.organizationId },
|
|
});
|
|
|
|
if (org) {
|
|
const [volumes, repos, schedules] = await Promise.all([
|
|
db.select({ count: count() }).from(volumesTable).where(eq(volumesTable.organizationId, org.id)),
|
|
db.select({ count: count() }).from(repositoriesTable).where(eq(repositoriesTable.organizationId, org.id)),
|
|
db
|
|
.select({ count: count() })
|
|
.from(backupSchedulesTable)
|
|
.where(eq(backupSchedulesTable.organizationId, org.id)),
|
|
]);
|
|
|
|
impacts.push({
|
|
id: org.id,
|
|
name: org.name,
|
|
resources: {
|
|
volumesCount: volumes[0].count,
|
|
repositoriesCount: repos[0].count,
|
|
backupSchedulesCount: schedules[0].count,
|
|
},
|
|
});
|
|
}
|
|
}
|
|
}
|
|
|
|
return { organizations: impacts };
|
|
}
|
|
|
|
/**
|
|
* Cleanup organizations where the user was the sole owner
|
|
*/
|
|
async cleanupUserOrganizations(userId: string): Promise<void> {
|
|
const impact = await this.getUserDeletionImpact(userId);
|
|
const orgIds = impact.organizations.map((o) => o.id);
|
|
|
|
if (orgIds.length > 0) {
|
|
await db.delete(organization).where(inArray(organization.id, orgIds));
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Delete an SSO provider and its associated accounts
|
|
*/
|
|
async deleteSsoProvider(providerId: string): Promise<void> {
|
|
await db.transaction(async (tx) => {
|
|
await tx.delete(account).where(eq(account.providerId, providerId));
|
|
await tx.delete(ssoProvider).where(eq(ssoProvider.providerId, providerId));
|
|
});
|
|
}
|
|
|
|
/**
|
|
* Get per-provider auto-linking setting for an organization
|
|
*/
|
|
async getSsoProviderAutoLinkingSettings(organizationId: string): Promise<Record<string, boolean>> {
|
|
const providers = await db.query.ssoProvider.findMany({
|
|
columns: { providerId: true, autoLinkMatchingEmails: true },
|
|
where: { organizationId },
|
|
});
|
|
|
|
return Object.fromEntries(providers.map((provider) => [provider.providerId, provider.autoLinkMatchingEmails]));
|
|
}
|
|
|
|
/**
|
|
* Update per-provider auto-linking setting
|
|
*/
|
|
async updateSsoProviderAutoLinking(providerId: string, enabled: boolean): Promise<boolean> {
|
|
const existingProvider = await db.query.ssoProvider.findFirst({
|
|
where: { providerId },
|
|
columns: { id: true },
|
|
});
|
|
|
|
if (!existingProvider) {
|
|
return false;
|
|
}
|
|
|
|
await db.update(ssoProvider).set({ autoLinkMatchingEmails: enabled }).where(eq(ssoProvider.providerId, providerId));
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Delete an invitation
|
|
*/
|
|
async deleteSsoInvitation(invitationId: string): Promise<void> {
|
|
await db.delete(invitation).where(eq(invitation.id, invitationId));
|
|
}
|
|
|
|
/**
|
|
* Fetch accounts for a list of users, keyed by userId
|
|
*/
|
|
async getUserAccounts(userIds: string[]): Promise<Record<string, { id: string; providerId: string }[]>> {
|
|
if (userIds.length === 0) return {};
|
|
|
|
const accounts = await db.query.account.findMany({
|
|
where: { userId: { in: userIds } },
|
|
columns: { id: true, providerId: true, userId: true },
|
|
});
|
|
|
|
const grouped: Record<string, { id: string; providerId: string }[]> = {};
|
|
for (const row of accounts) {
|
|
if (!grouped[row.userId]) {
|
|
grouped[row.userId] = [];
|
|
}
|
|
grouped[row.userId].push({ id: row.id, providerId: row.providerId });
|
|
}
|
|
return grouped;
|
|
}
|
|
|
|
/**
|
|
* Delete a single account for a user, refusing if it is the last one
|
|
*/
|
|
async deleteUserAccount(userId: string, accountId: string): Promise<{ lastAccount: boolean }> {
|
|
const userAccounts = await db.query.account.findMany({
|
|
where: { userId },
|
|
columns: { id: true },
|
|
});
|
|
|
|
if (userAccounts.length <= 1) {
|
|
return { lastAccount: true };
|
|
}
|
|
|
|
await db.delete(account).where(and(eq(account.id, accountId), eq(account.userId, userId)));
|
|
return { lastAccount: false };
|
|
}
|
|
}
|
|
|
|
export const authService = new AuthService();
|