2022-04-11 18:15:19 -07:00
|
|
|
/* eslint-disable @typescript-eslint/no-unsafe-assignment */
|
|
|
|
|
/* eslint-disable @typescript-eslint/no-unsafe-call */
|
|
|
|
|
/* eslint-disable @typescript-eslint/no-unsafe-member-access */
|
2022-04-06 17:35:48 -07:00
|
|
|
/* eslint-disable import/no-cycle */
|
|
|
|
|
/* eslint-disable @typescript-eslint/no-unused-vars */
|
2022-04-04 18:57:18 -07:00
|
|
|
/* eslint-disable consistent-return */
|
|
|
|
|
/* eslint-disable @typescript-eslint/no-explicit-any */
|
|
|
|
|
import express = require('express');
|
|
|
|
|
import config = require('../../config');
|
|
|
|
|
import type { UserRequest } from '../requests';
|
2022-04-06 17:35:48 -07:00
|
|
|
import { decodeCursor } from './helpers';
|
2022-03-30 20:11:26 -07:00
|
|
|
|
2022-04-04 18:57:18 -07:00
|
|
|
type Role = 'owner' | 'member';
|
|
|
|
|
|
|
|
|
|
const instanceOwnerSetup = (
|
|
|
|
|
req: express.Request,
|
|
|
|
|
res: express.Response,
|
|
|
|
|
next: express.NextFunction,
|
|
|
|
|
): any => {
|
2022-04-11 18:15:19 -07:00
|
|
|
if (!config.getEnv('userManagement.isInstanceOwnerSetUp')) {
|
2022-04-12 07:25:56 -07:00
|
|
|
return res.status(500).json({ message: 'Instance owner is not set up' });
|
2022-04-04 18:57:18 -07:00
|
|
|
}
|
2022-04-11 18:15:19 -07:00
|
|
|
next();
|
2022-04-04 18:57:18 -07:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const emailSetup = (
|
|
|
|
|
req: express.Request,
|
|
|
|
|
res: express.Response,
|
|
|
|
|
next: express.NextFunction,
|
|
|
|
|
): any => {
|
2022-04-11 18:15:19 -07:00
|
|
|
if (!config.getEnv('userManagement.emails.mode')) {
|
2022-04-12 07:25:56 -07:00
|
|
|
return res.status(500).json({ message: 'Email is not set up' });
|
2022-04-04 18:57:18 -07:00
|
|
|
}
|
2022-04-11 18:15:19 -07:00
|
|
|
next();
|
2022-04-04 18:57:18 -07:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const authorize =
|
|
|
|
|
(role: [Role]) =>
|
|
|
|
|
(req: express.Request, res: express.Response, next: express.NextFunction): any => {
|
|
|
|
|
const {
|
|
|
|
|
globalRole: { name: userRole },
|
|
|
|
|
} = req.user as { globalRole: { name: Role } };
|
|
|
|
|
if (role.includes(userRole)) {
|
|
|
|
|
return next();
|
|
|
|
|
}
|
2022-04-11 18:15:19 -07:00
|
|
|
return res.status(403).json({
|
2022-04-12 07:25:56 -07:00
|
|
|
message: 'Unauthorized',
|
2022-04-04 18:57:18 -07:00
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
2022-04-11 18:15:19 -07:00
|
|
|
// move this to open api validator
|
|
|
|
|
// const validEmail = (
|
|
|
|
|
// req: UserRequest.Invite,
|
|
|
|
|
// res: express.Response,
|
|
|
|
|
// next: express.NextFunction,
|
|
|
|
|
// ): any => {
|
|
|
|
|
// // eslint-disable-next-line no-restricted-syntax
|
|
|
|
|
// for (const { email } of req.body) {
|
|
|
|
|
// if (!validator.isEmail(email)) {
|
|
|
|
|
// return res.status(400).json({
|
|
|
|
|
// message: `Request to send email invite(s) to user(s) failed because of an invalid email address: ${email}`,
|
|
|
|
|
// });
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
// next();
|
|
|
|
|
// };
|
2022-03-30 20:11:26 -07:00
|
|
|
|
2022-04-05 16:24:23 -07:00
|
|
|
const deletingOwnUser = (
|
|
|
|
|
req: UserRequest.Delete,
|
|
|
|
|
res: express.Response,
|
|
|
|
|
next: express.NextFunction,
|
|
|
|
|
): any => {
|
|
|
|
|
if (req.user.id === req.params.identifier) {
|
|
|
|
|
return res.status(400).json({
|
|
|
|
|
message: `Cannot delete your own user`,
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
next();
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const transferingToDeletedUser = (
|
|
|
|
|
req: UserRequest.Delete,
|
|
|
|
|
res: express.Response,
|
|
|
|
|
next: express.NextFunction,
|
|
|
|
|
): any => {
|
|
|
|
|
if (req.query.transferId === req.params.identifier) {
|
|
|
|
|
return res.status(400).json({
|
|
|
|
|
message: `Request to delete a user failed because the user to delete and the transferee are the same user`,
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
next();
|
|
|
|
|
};
|
|
|
|
|
|
2022-04-06 17:35:48 -07:00
|
|
|
const validCursor = (
|
|
|
|
|
req: UserRequest.Get,
|
|
|
|
|
res: express.Response,
|
|
|
|
|
next: express.NextFunction,
|
|
|
|
|
): any => {
|
|
|
|
|
let offset = 0;
|
|
|
|
|
let limit = 10;
|
|
|
|
|
if (req.query.cursor) {
|
|
|
|
|
const { cursor } = req.query;
|
|
|
|
|
try {
|
|
|
|
|
({ offset, limit } = decodeCursor(cursor));
|
|
|
|
|
} catch (error) {
|
|
|
|
|
return res.status(400).json({
|
|
|
|
|
message: `invalid cursor`,
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-04-11 18:15:19 -07:00
|
|
|
// @ts-ignore
|
|
|
|
|
req.query.offset = offset;
|
|
|
|
|
// @ts-ignore
|
|
|
|
|
req.query.limit = limit;
|
2022-04-06 17:35:48 -07:00
|
|
|
next();
|
|
|
|
|
};
|
|
|
|
|
|
2022-03-30 20:11:26 -07:00
|
|
|
export const middlewares = {
|
2022-04-11 18:15:19 -07:00
|
|
|
createUsers: [instanceOwnerSetup, emailSetup, authorize(['owner'])],
|
2022-04-05 16:24:23 -07:00
|
|
|
deleteUsers: [
|
|
|
|
|
instanceOwnerSetup,
|
|
|
|
|
deletingOwnUser,
|
|
|
|
|
transferingToDeletedUser,
|
|
|
|
|
authorize(['owner']),
|
|
|
|
|
],
|
2022-04-11 18:15:19 -07:00
|
|
|
getUsers: [instanceOwnerSetup, validCursor, authorize(['owner'])],
|
|
|
|
|
getUser: [instanceOwnerSetup, authorize(['owner'])],
|
2022-03-30 20:11:26 -07:00
|
|
|
};
|
