logto/packages/core/src/routes/admin-user.ts

import { arbitraryObjectGuard, userInfoSelectFields } from '@logto/schemas';
import { has } from '@silverhand/essentials';
import pick from 'lodash.pick';
import { InvalidInputError } from 'slonik';
import { object, string } from 'zod';

import RequestError from '@/errors/RequestError';
import { encryptUserPassword, generateUserId } from '@/lib/user';
import koaGuard from '@/middleware/koa-guard';
import koaPagination from '@/middleware/koa-pagination';
import { findRolesByRoleNames } from '@/queries/roles';
import {
  clearUserCustomDataById,
  deleteUserById,
  deleteUserIdentity,
  findUsers,
  countUsers,
  findUserById,
  hasUser,
  insertUser,
  updateUserById,
} from '@/queries/user';
import assertThat from '@/utils/assert-that';
import { nameRegEx, passwordRegEx, usernameRegEx } from '@/utils/regex';

import { AuthedRouter } from './types';

export default function adminUserRoutes<T extends AuthedRouter>(router: T) {
  router.get(
    '/users',
    koaPagination(),
    koaGuard({ query: object({ search: string().optional() }) }),
    async (ctx, next) => {
      const { limit, offset } = ctx.pagination;
      const {
        query: { search },
      } = ctx.guard;

      const [{ count }, users] = await Promise.all([
        countUsers(search),
        findUsers(limit, offset, search),
      ]);

      ctx.pagination.totalCount = count;
      ctx.body = users.map((user) => pick(user, ...userInfoSelectFields));

      return next();
    }
  );

  router.get(
    '/users/:userId',
    // TODO: No need to guard
    koaGuard({
      params: object({ userId: string() }),
    }),
    async (ctx, next) => {
      const {
        params: { userId },
      } = ctx.guard;

      const user = await findUserById(userId);

      ctx.body = pick(user, ...userInfoSelectFields);

      return next();
    }
  );

  router.post(
    '/users',
    koaGuard({
      body: object({
        username: string().regex(usernameRegEx),
        password: string().regex(passwordRegEx),
        name: string().regex(nameRegEx),
      }),
    }),
    async (ctx, next) => {
      const { username, password, name } = ctx.guard.body;
      assertThat(
        !(await hasUser(username)),
        new RequestError({
          code: 'user.username_exists_register',
          status: 422,
        })
      );

      const id = await generateUserId();

      const { passwordEncryptionSalt, passwordEncrypted, passwordEncryptionMethod } =
        encryptUserPassword(id, password);

      const user = await insertUser({
        id,
        username,
        passwordEncrypted,
        passwordEncryptionMethod,
        passwordEncryptionSalt,
        name,
      });

      ctx.body = pick(user, ...userInfoSelectFields);

      return next();
    }
  );

  router.patch(
    '/users/:userId',
    koaGuard({
      params: object({ userId: string() }),
      body: object({
        name: string().regex(nameRegEx).optional(),
        avatar: string().url().nullable().optional(),
        customData: arbitraryObjectGuard.optional(),
        roleNames: string().array().optional(),
      }),
    }),
    async (ctx, next) => {
      const {
        params: { userId },
        body,
      } = ctx.guard;

      await findUserById(userId);

      // Clear customData to achieve full replacement,
      // to partial update, call patch /users/:userId/customData
      if (body.customData) {
        await clearUserCustomDataById(userId);
      }

      // Temp solution to validate the existence of input roleNames
      if (body.roleNames) {
        const { roleNames } = body;
        const roles = await findRolesByRoleNames(roleNames);

        if (roles.length !== roleNames.length) {
          const resourcesNotFound = roleNames.filter(
            (roleName) => !roles.some(({ name }) => roleName === name)
          );
          // TODO: Should be cached by the error handler and return request error
          throw new InvalidInputError(`role names (${resourcesNotFound.join(',')}) are not valid`);
        }
      }

      const user = await updateUserById(userId, {
        ...body,
      });

      ctx.body = pick(user, ...userInfoSelectFields);

      return next();
    }
  );

  router.patch(
    '/users/:userId/password',
    koaGuard({
      params: object({ userId: string() }),
      body: object({ password: string().regex(passwordRegEx) }),
    }),
    async (ctx, next) => {
      const {
        params: { userId },
        body: { password },
      } = ctx.guard;

      await findUserById(userId);

      const { passwordEncryptionSalt, passwordEncrypted, passwordEncryptionMethod } =
        encryptUserPassword(userId, password);

      const user = await updateUserById(userId, {
        passwordEncrypted,
        passwordEncryptionMethod,
        passwordEncryptionSalt,
      });

      ctx.body = pick(user, ...userInfoSelectFields);

      return next();
    }
  );

  router.delete(
    '/users/:userId',
    koaGuard({
      params: object({ userId: string() }),
    }),
    async (ctx, next) => {
      const {
        params: { userId },
      } = ctx.guard;

      await findUserById(userId);

      await deleteUserById(userId);

      ctx.status = 204;

      return next();
    }
  );

  router.patch(
    '/users/:userId/custom-data',
    koaGuard({
      params: object({ userId: string() }),
      body: object({ customData: arbitraryObjectGuard }),
    }),
    async (ctx, next) => {
      const {
        params: { userId },
        body: { customData },
      } = ctx.guard;

      await findUserById(userId);

      const user = await updateUserById(userId, {
        customData,
      });

      ctx.body = pick(user, ...userInfoSelectFields);

      return next();
    }
  );

  router.delete(
    '/users/:userId/custom-data',
    koaGuard({
      params: object({ userId: string() }),
    }),
    async (ctx, next) => {
      const {
        params: { userId },
      } = ctx.guard;

      await findUserById(userId);

      await clearUserCustomDataById(userId);

      ctx.status = 200;

      return next();
    }
  );

  router.delete(
    '/users/:userId/identities/:connectorId',
    koaGuard({ params: object({ userId: string(), connectorId: string() }) }),
    async (ctx, next) => {
      const {
        params: { userId, connectorId },
      } = ctx.guard;

      const { identities } = await findUserById(userId);

      if (!has(identities, connectorId)) {
        throw new RequestError({ code: 'user.identity_not_exists', status: 404 });
      }

      const updatedUser = await deleteUserIdentity(userId, connectorId);
      ctx.body = pick(updatedUser, ...userInfoSelectFields);

      return next();
    }
  );
}
refactor(core): replace arbitrary data guard type with arbitrary object guard (#290) 2022-02-27 22:22:48 -05:00			`import { arbitraryObjectGuard, userInfoSelectFields } from '@logto/schemas';`
feat(core): add DELETE /users/:userId/identities/:connectorId (#437) * feat(core): add DELETE /users/:userId/identities/:connectorId * feat(core): add user query methods UT cases for better testing coverage * feat(core): rewrite deletion of connector info from user identities using postgresql operator 2022-03-25 02:48:53 -05:00			`import { has } from '@silverhand/essentials';`
feat(core): add user roles related api (#204) * feat(core): add user role related api add user roles related api * fix: insert array to db fix insert array to db fix * feat(core): add role related routes config add role related routes config * fix(core): update user role patch error type update user role patch error type * fix(core): cr fix cr fix * fix(core): cr fix cr fix * fix(core): cr fix cr fix 2022-01-28 00:33:57 -05:00			`import pick from 'lodash.pick';`
			`import { InvalidInputError } from 'slonik';`
			`import { object, string } from 'zod';`

feat(core): post `/users` (#238) 2022-02-16 03:34:32 -05:00			`import RequestError from '@/errors/RequestError';`
			`import { encryptUserPassword, generateUserId } from '@/lib/user';`
feat(core): add user roles related api (#204) * feat(core): add user role related api add user roles related api * fix: insert array to db fix insert array to db fix * feat(core): add role related routes config add role related routes config * fix(core): update user role patch error type update user role patch error type * fix(core): cr fix cr fix * fix(core): cr fix cr fix * fix(core): cr fix cr fix 2022-01-28 00:33:57 -05:00			`import koaGuard from '@/middleware/koa-guard';`
feat(core): get `/users` (#237) 2022-02-16 02:55:08 -05:00			`import koaPagination from '@/middleware/koa-pagination';`
feat(core): add user roles related api (#204) * feat(core): add user role related api add user roles related api * fix: insert array to db fix insert array to db fix * feat(core): add role related routes config add role related routes config * fix(core): update user role patch error type update user role patch error type * fix(core): cr fix cr fix * fix(core): cr fix cr fix * fix(core): cr fix cr fix 2022-01-28 00:33:57 -05:00			`import { findRolesByRoleNames } from '@/queries/roles';`
feat(core): post `/users` (#238) 2022-02-16 03:34:32 -05:00			`import {`
feat(core): delete `users/:userid/custom-data` (#233) 2022-02-17 01:10:26 -05:00			`clearUserCustomDataById,`
feat(core): delete user and update user password api (#248) 2022-02-18 04:02:08 -05:00			`deleteUserById,`
feat(core): add DELETE /users/:userId/identities/:connectorId (#437) * feat(core): add DELETE /users/:userId/identities/:connectorId * feat(core): add user query methods UT cases for better testing coverage * feat(core): rewrite deletion of connector info from user identities using postgresql operator 2022-03-25 02:48:53 -05:00			`deleteUserIdentity,`
feat(core): get `/users` with search (#270) 2022-02-23 23:29:34 -05:00			`findUsers,`
			`countUsers,`
feat(core): post `/users` (#238) 2022-02-16 03:34:32 -05:00			`findUserById,`
			`hasUser,`
			`insertUser,`
			`updateUserById,`
			`} from '@/queries/user';`
			`import assertThat from '@/utils/assert-that';`
refactor(core): add regex for commonly used fields (#288) 2022-02-28 00:16:02 -05:00			`import { nameRegEx, passwordRegEx, usernameRegEx } from '@/utils/regex';`
feat(core): add user roles related api (#204) * feat(core): add user role related api add user roles related api * fix: insert array to db fix insert array to db fix * feat(core): add role related routes config add role related routes config * fix(core): update user role patch error type update user role patch error type * fix(core): cr fix cr fix * fix(core): cr fix cr fix * fix(core): cr fix cr fix 2022-01-28 00:33:57 -05:00
			`import { AuthedRouter } from './types';`

			`export default function adminUserRoutes<T extends AuthedRouter>(router: T) {`
feat(core): get `/users` with search (#270) 2022-02-23 23:29:34 -05:00			`router.get(`
			`'/users',`
			`koaPagination(),`
			`koaGuard({ query: object({ search: string().optional() }) }),`
			`async (ctx, next) => {`
			`const { limit, offset } = ctx.pagination;`
			`const {`
			`query: { search },`
			`} = ctx.guard;`
feat(core): get `/users` (#237) 2022-02-16 02:55:08 -05:00
feat(core): get `/users` with search (#270) 2022-02-23 23:29:34 -05:00			`const [{ count }, users] = await Promise.all([`
			`countUsers(search),`
			`findUsers(limit, offset, search),`
			`]);`
feat(core): get `/users` (#237) 2022-02-16 02:55:08 -05:00
feat(core): get `/users` with search (#270) 2022-02-23 23:29:34 -05:00			`ctx.pagination.totalCount = count;`
			`ctx.body = users.map((user) => pick(user, ...userInfoSelectFields));`
feat(core): add user roles related api (#204) * feat(core): add user role related api add user roles related api * fix: insert array to db fix insert array to db fix * feat(core): add role related routes config add role related routes config * fix(core): update user role patch error type update user role patch error type * fix(core): cr fix cr fix * fix(core): cr fix cr fix * fix(core): cr fix cr fix 2022-01-28 00:33:57 -05:00
feat(core): get `/users` with search (#270) 2022-02-23 23:29:34 -05:00			`return next();`
			`}`
			`);`
feat(core): add user roles related api (#204) * feat(core): add user role related api add user roles related api * fix: insert array to db fix insert array to db fix * feat(core): add role related routes config add role related routes config * fix(core): update user role patch error type update user role patch error type * fix(core): cr fix cr fix * fix(core): cr fix cr fix * fix(core): cr fix cr fix 2022-01-28 00:33:57 -05:00
feat(core): get (#236) 2022-02-16 02:56:51 -05:00			`router.get(`
			`'/users/:userId',`
test(core): add admin-user route UT (#252) * test(core): add admin-user route ut add admin-user route ut * fix(ut): remove redundent code remove mockKoaAuthMiddleware * feat(core): update pnpm.lock update pnpm.lock 2022-02-20 21:45:31 -05:00			`// TODO: No need to guard`
feat(core): get (#236) 2022-02-16 02:56:51 -05:00			`koaGuard({`
feat(core): delete user and update user password api (#248) 2022-02-18 04:02:08 -05:00			`params: object({ userId: string() }),`
feat(core): get (#236) 2022-02-16 02:56:51 -05:00			`}),`
			`async (ctx, next) => {`
			`const {`
			`params: { userId },`
			`} = ctx.guard;`

			`const user = await findUserById(userId);`

			`ctx.body = pick(user, ...userInfoSelectFields);`

			`return next();`
			`}`
			`);`

feat(core): post `/users` (#238) 2022-02-16 03:34:32 -05:00			`router.post(`
			`'/users',`
			`koaGuard({`
			`body: object({`
refactor(core): add regex for commonly used fields (#288) 2022-02-28 00:16:02 -05:00			`username: string().regex(usernameRegEx),`
			`password: string().regex(passwordRegEx),`
			`name: string().regex(nameRegEx),`
feat(core): post `/users` (#238) 2022-02-16 03:34:32 -05:00			`}),`
			`}),`
			`async (ctx, next) => {`
			`const { username, password, name } = ctx.guard.body;`
			`assertThat(`
			`!(await hasUser(username)),`
			`new RequestError({`
			`code: 'user.username_exists_register',`
			`status: 422,`
			`})`
			`);`

			`const id = await generateUserId();`

			`const { passwordEncryptionSalt, passwordEncrypted, passwordEncryptionMethod } =`
			`encryptUserPassword(id, password);`

			`const user = await insertUser({`
			`id,`
			`username,`
			`passwordEncrypted,`
			`passwordEncryptionMethod,`
			`passwordEncryptionSalt,`
			`name,`
			`});`

			`ctx.body = pick(user, ...userInfoSelectFields);`

			`return next();`
			`}`
			`);`

feat(core): patch `/users/:userId` (#246) 2022-02-18 01:34:22 -05:00			`router.patch(`
			`'/users/:userId',`
			`koaGuard({`
feat(core): delete user and update user password api (#248) 2022-02-18 04:02:08 -05:00			`params: object({ userId: string() }),`
feat(core): patch `/users/:userId` (#246) 2022-02-18 01:34:22 -05:00			`body: object({`
refactor(core): add regex for commonly used fields (#288) 2022-02-28 00:16:02 -05:00			`name: string().regex(nameRegEx).optional(),`
feat(console): user role select (#589) 2022-04-20 23:38:54 -05:00			`avatar: string().url().nullable().optional(),`
feat(console): user details settings (#403) 2022-03-20 22:48:27 -05:00			`customData: arbitraryObjectGuard.optional(),`
feat(console): user role select (#589) 2022-04-20 23:38:54 -05:00			`roleNames: string().array().optional(),`
feat(core): patch `/users/:userId` (#246) 2022-02-18 01:34:22 -05:00			`}),`
			`}),`
			`async (ctx, next) => {`
			`const {`
			`params: { userId },`
fix(core): patch `/users/:userId` should not fail if only `name` or `avatar` is provided 2022-02-28 00:18:17 -05:00			`body,`
feat(core): patch `/users/:userId` (#246) 2022-02-18 01:34:22 -05:00			`} = ctx.guard;`

			`await findUserById(userId);`

feat(console): user details settings (#403) 2022-03-20 22:48:27 -05:00			`// Clear customData to achieve full replacement,`
			`// to partial update, call patch /users/:userId/customData`
			`if (body.customData) {`
			`await clearUserCustomDataById(userId);`
			`}`

feat(console): user role select (#589) 2022-04-20 23:38:54 -05:00			`// Temp solution to validate the existence of input roleNames`
			`if (body.roleNames) {`
			`const { roleNames } = body;`
			`const roles = await findRolesByRoleNames(roleNames);`

			`if (roles.length !== roleNames.length) {`
			`const resourcesNotFound = roleNames.filter(`
			`(roleName) => !roles.some(({ name }) => roleName === name)`
			`);`
			`// TODO: Should be cached by the error handler and return request error`
			throw new InvalidInputError(`role names (${resourcesNotFound.join(',')}) are not valid`);
			`}`
			`}`

feat(core): patch `/users/:userId` (#246) 2022-02-18 01:34:22 -05:00			`const user = await updateUserById(userId, {`
fix(core): patch `/users/:userId` should not fail if only `name` or `avatar` is provided 2022-02-28 00:18:17 -05:00			`...body,`
feat(core): patch `/users/:userId` (#246) 2022-02-18 01:34:22 -05:00			`});`

			`ctx.body = pick(user, ...userInfoSelectFields);`

			`return next();`
			`}`
			`);`

feat(core): delete user and update user password api (#248) 2022-02-18 04:02:08 -05:00			`router.patch(`
			`'/users/:userId/password',`
			`koaGuard({`
			`params: object({ userId: string() }),`
refactor(core): add regex for commonly used fields (#288) 2022-02-28 00:16:02 -05:00			`body: object({ password: string().regex(passwordRegEx) }),`
feat(core): delete user and update user password api (#248) 2022-02-18 04:02:08 -05:00			`}),`
			`async (ctx, next) => {`
			`const {`
			`params: { userId },`
			`body: { password },`
			`} = ctx.guard;`

			`await findUserById(userId);`

			`const { passwordEncryptionSalt, passwordEncrypted, passwordEncryptionMethod } =`
			`encryptUserPassword(userId, password);`

			`const user = await updateUserById(userId, {`
			`passwordEncrypted,`
			`passwordEncryptionMethod,`
			`passwordEncryptionSalt,`
			`});`

			`ctx.body = pick(user, ...userInfoSelectFields);`

			`return next();`
			`}`
			`);`

			`router.delete(`
			`'/users/:userId',`
			`koaGuard({`
			`params: object({ userId: string() }),`
			`}),`
			`async (ctx, next) => {`
			`const {`
			`params: { userId },`
			`} = ctx.guard;`

			`await findUserById(userId);`

			`await deleteUserById(userId);`

			`ctx.status = 204;`

			`return next();`
			`}`
			`);`

feat(core): patch `/user/:userId/custom-data` (#232) 2022-02-16 05:06:08 -05:00			`router.patch(`
			`'/users/:userId/custom-data',`
			`koaGuard({`
feat(core): delete user and update user password api (#248) 2022-02-18 04:02:08 -05:00			`params: object({ userId: string() }),`
refactor(core): replace arbitrary data guard type with arbitrary object guard (#290) 2022-02-27 22:22:48 -05:00			`body: object({ customData: arbitraryObjectGuard }),`
feat(core): patch `/user/:userId/custom-data` (#232) 2022-02-16 05:06:08 -05:00			`}),`
			`async (ctx, next) => {`
			`const {`
			`params: { userId },`
			`body: { customData },`
			`} = ctx.guard;`

			`await findUserById(userId);`

			`const user = await updateUserById(userId, {`
			`customData,`
			`});`

			`ctx.body = pick(user, ...userInfoSelectFields);`

			`return next();`
			`}`
			`);`
feat(core): delete `users/:userid/custom-data` (#233) 2022-02-17 01:10:26 -05:00
			`router.delete(`
			`'/users/:userId/custom-data',`
			`koaGuard({`
feat(core): delete user and update user password api (#248) 2022-02-18 04:02:08 -05:00			`params: object({ userId: string() }),`
feat(core): delete `users/:userid/custom-data` (#233) 2022-02-17 01:10:26 -05:00			`}),`
			`async (ctx, next) => {`
			`const {`
			`params: { userId },`
			`} = ctx.guard;`

			`await findUserById(userId);`

			`await clearUserCustomDataById(userId);`

			`ctx.status = 200;`

			`return next();`
			`}`
			`);`
feat(core): add DELETE /users/:userId/identities/:connectorId (#437) * feat(core): add DELETE /users/:userId/identities/:connectorId * feat(core): add user query methods UT cases for better testing coverage * feat(core): rewrite deletion of connector info from user identities using postgresql operator 2022-03-25 02:48:53 -05:00
			`router.delete(`
			`'/users/:userId/identities/:connectorId',`
			`koaGuard({ params: object({ userId: string(), connectorId: string() }) }),`
			`async (ctx, next) => {`
			`const {`
			`params: { userId, connectorId },`
			`} = ctx.guard;`

			`const { identities } = await findUserById(userId);`

			`if (!has(identities, connectorId)) {`
			`throw new RequestError({ code: 'user.identity_not_exists', status: 404 });`
			`}`

			`const updatedUser = await deleteUserIdentity(userId, connectorId);`
			`ctx.body = pick(updatedUser, ...userInfoSelectFields);`

			`return next();`
			`}`
			`);`
feat(core): add user roles related api (#204) * feat(core): add user role related api add user roles related api * fix: insert array to db fix insert array to db fix * feat(core): add role related routes config add role related routes config * fix(core): update user role patch error type update user role patch error type * fix(core): cr fix cr fix * fix(core): cr fix cr fix * fix(core): cr fix cr fix 2022-01-28 00:33:57 -05:00			`}`