feat(core): add user roles related api (#204)

* feat(core): add user role related api add user roles related api * fix: insert array to db fix insert array to db fix * feat(core): add role related routes config add role related routes config * fix(core): update user role patch error type update user role patch error type * fix(core): cr fix cr fix * fix(core): cr fix cr fix * fix(core): cr fix cr fix
2025-03-31 22:51:25 -05:00 · 2022-01-28 13:33:57 +08:00 · 2022-01-28 13:33:57 +08:00 · 0105d19d99
commit 0105d19d99
parent ea2bfd6d45
11 changed files with 101 additions and 29 deletions
--- a/packages/core/src/database/update-where.test.ts
+++ b/packages/core/src/database/update-where.test.ts
@ -41,17 +41,12 @@ describe('buildUpdateWhere()', () => {
    );
    const updateWhere = buildUpdateWhere(pool, Users);

-    const errorMessage: Partial<Record<NodeJS.Platform, string>> = {
-      darwin: "Cannot read properties of undefined (reading 'toString')",
-      linux: "Cannot read property 'toString' of undefined",
-    };
-
    await expect(
      updateWhere({
        set: { username: '123', id: undefined },
        where: { id: 'foo', username: '456' },
      })
-    ).rejects.toMatchError(new TypeError(errorMessage[process.platform]));
+    ).rejects.toMatchError(new Error(`Cannot convert id to primitive`));
  });

  it('throws `entity.not_exists_with_id` error with `undefined` when `returning` is true', async () => {
--- a/packages/core/src/database/utils.test.ts
+++ b/packages/core/src/database/utils.test.ts
@ -50,6 +50,7 @@ describe('convertToPrimitiveOrSql()', () => {
    expect(convertToPrimitiveOrSql(normalKey, 123)).toEqual(123);
    expect(convertToPrimitiveOrSql(normalKey, true)).toEqual(true);
    expect(convertToPrimitiveOrSql(normalKey, { foo: 'bar' })).toEqual('{"foo":"bar"}');
+    expect(convertToPrimitiveOrSql(normalKey, ['bar'])).toEqual('["bar"]');
  });

  it('converts value to sql when key ends with special set and value is number', () => {
@ -67,12 +68,6 @@ describe('convertToPrimitiveOrSql()', () => {
      expect(convertToPrimitiveOrSql(`${normalKey}${value}`, '123')).toEqual('123');
    }
  });
-
-  it('throws an error when value is not primitive', () => {
-    expect(() => convertToPrimitiveOrSql(normalKey, [123, 456])).toThrow(
-      'Cannot convert foo with 123,456 to primitive'
-    );
-  });
 });

 describe('convertToIdentifiers()', () => {
--- a/packages/core/src/database/utils.ts
+++ b/packages/core/src/database/utils.ts
@ -40,7 +40,7 @@ export const convertToPrimitiveOrSql = (
    return null;
  }

-  if (typeof value === 'object' && !Array.isArray(value)) {
+  if (typeof value === 'object') {
    return JSON.stringify(value);
  }

@ -52,7 +52,7 @@ export const convertToPrimitiveOrSql = (
    return value;
  }

-  throw new Error(`Cannot convert ${key} with ${value.toString()} to primitive`);
+  throw new Error(`Cannot convert ${key} to primitive`);
 };

 export const convertToIdentifiers = <T extends Table>(
--- a/packages/core/src/queries/roles.ts
+++ b/packages/core/src/queries/roles.ts
@ -0,0 +1,20 @@
+import { Roles, Role } from '@logto/schemas';
+import { sql } from 'slonik';
+
+import pool from '@/database/pool';
+import { convertToIdentifiers } from '@/database/utils';
+
+const { table, fields } = convertToIdentifiers(Roles);
+
+export const findAllRoles = async () =>
+  pool.any<Role>(sql`
+    select ${sql.join(Object.values(fields), sql`, `)}
+    from ${table}
+  `);
+
+export const findRolesByRoleNames = async (roleNames: string[]) =>
+  pool.any<Role>(sql`
+    select ${sql.join(Object.values(fields), sql`,`)}
+    from ${table}
+    where ${fields.name} in (${sql.join(roleNames, sql`,`)})
+  `);
--- a/packages/core/src/routes/admin-user.ts
+++ b/packages/core/src/routes/admin-user.ts
@ -0,0 +1,53 @@
+import { userInfoSelectFields } from '@logto/schemas';
+import pick from 'lodash.pick';
+import { InvalidInputError } from 'slonik';
+import { object, string } from 'zod';
+
+import koaGuard from '@/middleware/koa-guard';
+import { findRolesByRoleNames } from '@/queries/roles';
+import { findAllUsers, findUserById, updateUserById } from '@/queries/user';
+
+import { AuthedRouter } from './types';
+
+export default function adminUserRoutes<T extends AuthedRouter>(router: T) {
+  router.get('/users', async (ctx, next) => {
+    const users = await findAllUsers();
+    ctx.body = users.map((user) => pick(user, ...userInfoSelectFields));
+
+    return next();
+  });
+
+  router.patch(
+    '/users/:userId/roleNames',
+    koaGuard({
+      params: object({ userId: string().min(1) }),
+      body: object({ roleNames: string().array() }),
+    }),
+    async (ctx, next) => {
+      const {
+        params: { userId },
+        body: { roleNames },
+      } = ctx.guard;
+
+      await findUserById(userId);
+
+      // Temp solution to validate the existence of input roleNames
+      if (roleNames.length > 0) {
+        const roles = await findRolesByRoleNames(roleNames);
+
+        if (roles.length !== roleNames.length) {
+          const resourcesNotFound = roleNames.filter(
+            (roleName) => !roles.some(({ name }) => roleName === name)
+          );
+          // TODO: Should be cached by the error handler and return request error
+          throw new InvalidInputError(`role names (${resourcesNotFound.join(',')}) are not valid`);
+        }
+      }
+
+      const user = await updateUserById(userId, { roleNames });
+      ctx.body = pick(user, ...userInfoSelectFields);
+
+      return next();
+    }
+  );
+}
--- a/packages/core/src/routes/init.ts
+++ b/packages/core/src/routes/init.ts
@ -14,6 +14,8 @@ import statusRoutes from '@/routes/status';
 import swaggerRoutes from '@/routes/swagger';
 import userRoutes from '@/routes/user';

+import adminUserRoutes from './admin-user';
+import roleRoutes from './role';
 import { AnonymousRouter, AuthedRouter } from './types';

 const createRouters = (provider: Provider) => {
@ -31,6 +33,8 @@ const createRouters = (provider: Provider) => {
  connectorRoutes(router);
  resourceRoutes(router);
  signInExperiencesRoutes(router);
+  adminUserRoutes(router);
+  roleRoutes(router);

  return [anonymousRouter, router];
 };
--- a/packages/core/src/routes/role.ts
+++ b/packages/core/src/routes/role.ts
@ -0,0 +1,11 @@
+import { findAllRoles } from '@/queries/roles';
+
+import { AuthedRouter } from './types';
+
+export default function roleRoutes<T extends AuthedRouter>(router: T) {
+  router.get('/roles', async (ctx, next) => {
+    ctx.body = await findAllRoles();
+
+    return next();
+  });
+}
--- a/packages/core/src/routes/user.ts
+++ b/packages/core/src/routes/user.ts
@ -4,20 +4,13 @@ import { object, string } from 'zod';

 import { encryptUserPassword } from '@/lib/user';
 import koaGuard from '@/middleware/koa-guard';
-import { deleteUserById, findAllUsers, findUserById, updateUserById } from '@/queries/user';
+import { deleteUserById, findUserById, updateUserById } from '@/queries/user';

 import { AnonymousRouter } from './types';

 export default function userRoutes<T extends AnonymousRouter>(router: T) {
-  router.get('/users', async (ctx, next) => {
-    const users = await findAllUsers();
-    ctx.body = users.map((user) => pick(user, ...userInfoSelectFields));
-
-    return next();
-  });
-
  router.get(
-    '/users/:userId',
+    '/user/:userId',
    koaGuard({
      params: object({ userId: string().min(1) }),
    }),
@ -33,7 +26,7 @@ export default function userRoutes<T extends AnonymousRouter>(router: T) {
  );

  router.patch(
-    '/users/:userId/password',
+    '/user/:userId/password',
    koaGuard({
      params: object({ userId: string().min(1) }),
      body: object({ password: string().min(6) }),
@ -59,7 +52,7 @@ export default function userRoutes<T extends AnonymousRouter>(router: T) {
  );

  router.delete(
-    '/users/:userId',
+    '/user/:userId',
    koaGuard({
      params: object({ userId: string().min(1) }),
    }),
--- a/packages/schemas/src/db-entries/user.ts
+++ b/packages/schemas/src/db-entries/user.ts
@ -13,7 +13,7 @@ export type CreateUser = {
  passwordEncrypted?: string | null;
  passwordEncryptionMethod?: PasswordEncryptionMethod | null;
  passwordEncryptionSalt?: string | null;
-  roleNames?: RoleNames | null;
+  roleNames?: RoleNames;
 };

 export type User = {
@ -24,7 +24,7 @@ export type User = {
  passwordEncrypted: string | null;
  passwordEncryptionMethod: PasswordEncryptionMethod | null;
  passwordEncryptionSalt: string | null;
-  roleNames: RoleNames | null;
+  roleNames: RoleNames;
 };

 const createGuard: Guard<CreateUser> = z.object({
@ -35,7 +35,7 @@ const createGuard: Guard<CreateUser> = z.object({
  passwordEncrypted: z.string().nullable().optional(),
  passwordEncryptionMethod: z.nativeEnum(PasswordEncryptionMethod).nullable().optional(),
  passwordEncryptionSalt: z.string().nullable().optional(),
-  roleNames: roleNamesGuard.nullable().optional(),
+  roleNames: roleNamesGuard.optional(),
 });

 export const Users: GeneratedSchema<CreateUser> = Object.freeze({
--- a/packages/schemas/src/types/user.ts
+++ b/packages/schemas/src/types/user.ts
@ -5,6 +5,7 @@ export const userInfoSelectFields = Object.freeze([
  'username',
  'primaryEmail',
  'primaryPhone',
+  'roleNames',
 ] as const);

 export type UserInfo<Keys extends keyof CreateUser = typeof userInfoSelectFields[number]> = Pick<
--- a/packages/schemas/tables/users.sql
+++ b/packages/schemas/tables/users.sql
@ -8,6 +8,6 @@ create table users (
  password_encrypted varchar(128),
  password_encryption_method password_encryption_method,
  password_encryption_salt varchar(128),
-  role_names jsonb /* @use RoleNames */,
+  role_names jsonb /* @use RoleNames */ not null default '[]'::jsonb,
  primary key (id)
 );