121 lines
3.9 KiB
TypeScript
121 lines
3.9 KiB
TypeScript
import argon2 from "argon2";
|
|
import {first} from "lodash";
|
|
import {sql} from "bun";
|
|
|
|
export class Claims {
|
|
userId: string | undefined;
|
|
claims: string[] = [];
|
|
|
|
public static test(userClaims: Claims, guardClaim: string): Boolean {
|
|
return userClaims.claims.some(x => x === guardClaim);
|
|
}
|
|
}
|
|
|
|
class ClaimsOrm {
|
|
async getByUserId(userId: string): Promise<Claims> {
|
|
const dbResults: any[] = await sql`SELECT c.name
|
|
from user_claims as uc
|
|
JOIN claims as c on uc.claimid = c.id
|
|
where uc.userid = ${userId};`;
|
|
const claims = new Claims();
|
|
claims.userId = userId;
|
|
claims.claims = dbResults.map(x => x.name);
|
|
return claims;
|
|
}
|
|
|
|
async getDefaultClaims(): Promise<number[]> {
|
|
const dbResults: any[] = await sql`SELECT id
|
|
FROM claims
|
|
WHERE is_default = true;`;
|
|
return dbResults.map(x => x.id);
|
|
}
|
|
}
|
|
|
|
class User {
|
|
id: string;
|
|
name: string;
|
|
isAdmin: boolean;
|
|
isActive: boolean;
|
|
|
|
constructor(id: string, name: string, isAdmin: boolean = false, isActive: boolean = true) {
|
|
this.id = id;
|
|
this.name = name;
|
|
this.isAdmin = isAdmin;
|
|
this.isActive = isActive;
|
|
}
|
|
}
|
|
|
|
class UsersOrm {
|
|
#claims: ClaimsOrm;
|
|
|
|
constructor(claims: ClaimsOrm) {
|
|
this.#claims = claims;
|
|
}
|
|
|
|
async get(id: string, claims: Claims): Promise<User> {
|
|
if (!(
|
|
Claims.test(claims, 'ADMIN') ||
|
|
Claims.test(claims, 'USERS_OTHER_READ') ||
|
|
(Claims.test(claims, 'USERS_SELF_READ') && id === claims.userId)
|
|
)) {
|
|
throw new Error('Unauthorized');
|
|
}
|
|
|
|
const dbResult: any = first(await sql`select *
|
|
from users
|
|
where id = ${id}
|
|
and is_active = true limit 1`);
|
|
return new User(dbResult.id, dbResult.username, dbResult.is_admin);
|
|
}
|
|
|
|
async verify(username: string, password: string): Promise<Claims | null> {
|
|
try {
|
|
const dbResult: any = first(await sql`select *
|
|
from users
|
|
where username = ${username} limit 1`);
|
|
if (!await argon2.verify(dbResult.pass_hash, password)) {
|
|
return null;
|
|
}
|
|
|
|
return this.#claims.getByUserId(dbResult.id);
|
|
} catch (error) {
|
|
console.log(error);
|
|
throw error;
|
|
}
|
|
}
|
|
|
|
async create(username: string, password: string, claims: Claims): Promise<User> {
|
|
const existingUser: any = first(await sql`SELECT id
|
|
FROM users
|
|
WHERE username = ${username} LIMIT 1`);
|
|
if (existingUser) {
|
|
throw new Error(`User with id ${existingUser.id} already exists`);
|
|
}
|
|
|
|
const defaultClaims: number[] = await this.#claims.getDefaultClaims();
|
|
const passwordHash = await argon2.hash(password);
|
|
await sql`INSERT INTO users (username, pass_hash)
|
|
VALUES (${username}, ${passwordHash})`;
|
|
const newUserId: string = (first(await sql`SELECT lastval();`) as any)?.lastval as string;
|
|
await sql.transaction(async (tx) => {
|
|
for (let i in defaultClaims) {
|
|
await tx`INSERT INTO user_claims (userid, claimid)
|
|
VALUES (${newUserId}, ${defaultClaims[i]})`;
|
|
}
|
|
})
|
|
return await this.get(newUserId, claims);
|
|
}
|
|
}
|
|
|
|
class Orm {
|
|
claims: ClaimsOrm;
|
|
users: UsersOrm;
|
|
|
|
constructor() {
|
|
this.claims = new ClaimsOrm();
|
|
this.users = new UsersOrm(this.claims);
|
|
}
|
|
|
|
}
|
|
|
|
export const orm = new Orm(); |