chore: use monorepo organization

2025-05-12 10:52:54 +01:00 · 2025-05-12 10:52:54 +01:00 · a687827f7e
commit a687827f7e
parent deaf7d6ecc
1099 changed files with 8184 additions and 11535 deletions
--- a/packages/server/lib/users.js
+++ b/packages/server/lib/users.js
@ -0,0 +1,179 @@
+const _ = require('lodash/fp')
+const pgp = require('pg-promise')()
+const crypto = require('crypto')
+const argon2 = require('argon2')
+const uuid = require('uuid')
+
+const constants = require('./constants')
+const db = require('./db')
+
+/**
+ * Get user by token
+ *
+ * @name get
+ * @function
+ *
+ * @param {string} token User's token to query by
+ *
+ * @returns {user object} User object (containing name)
+ */
+function get (token) {
+  const sql = 'SELECT * FROM user_tokens WHERE token=$1'
+  return db.oneOrNone(sql, [token])
+}
+
+/**
+ * Get multiple users given an array of ids
+ *
+ * @name getByIds
+ * @function
+ *
+ * @param {array} ids Array with users' ids
+ *
+ * @returns {array} Array of users found
+ */
+function getByIds (ids) {
+  const sql = `SELECT * FROM users WHERE id IN ($1^)`
+  const idList = _.map(pgp.as.text, ids).join(',')
+  return db.any(sql, [idList])
+}
+
+function getUserById (id) {
+  const sql = `SELECT * FROM users WHERE id=$1`
+  return db.oneOrNone(sql, [id])
+}
+
+function getUserByUsername (username) {
+  const sql = `SELECT * FROM users WHERE username=$1`
+  return db.oneOrNone(sql, [username])
+}
+
+function getUsers () {
+  const sql = `SELECT id, username, role, enabled, last_accessed, last_accessed_from, last_accessed_address FROM users ORDER BY username`
+  return db.any(sql)
+}
+
+function verifyAndUpdateUser (id, ua, ip) {
+  const sql = `SELECT id, username, role, enabled FROM users WHERE id=$1 limit 1`
+  return db.oneOrNone(sql, [id])
+    .then(user => {
+      if (!user) return null
+
+      const sql2 = `UPDATE users SET last_accessed=now(), last_accessed_from=$1, last_accessed_address=$2 WHERE id=$3 RETURNING id, username, role, enabled`
+      return db.one(sql2, [ua, ip, id])
+    })
+    .then(user => user)
+}
+
+function saveTemp2FASecret (id, secret) {
+  const sql = 'UPDATE users SET temp_twofa_code=$1 WHERE id=$2'
+  return db.none(sql, [secret, id])
+}
+
+function save2FASecret (id, secret) {
+  return db.tx(t => {
+    const q1 = t.none('UPDATE users SET twofa_code=$1, temp_twofa_code=NULL WHERE id=$2', [secret, id])
+    const q2 = t.none(`DELETE FROM user_sessions WHERE sess -> 'user' ->> 'id'=$1`, [id])
+    return t.batch([q1, q2])
+  })
+}
+
+function validateAuthToken (token, type) {
+  const sql = `SELECT user_id, now() < expire AS success FROM auth_tokens
+    WHERE token=$1 AND type=$2`
+
+  return db.one(sql, [token, type])
+    .then(res => ({ userID: res.user_id, success: res.success }))
+}
+
+function reset2FASecret (token, id, secret) {
+  return validateAuthToken(token, 'reset_twofa').then(res => {
+    if (!res.success) throw new Error('Failed to verify 2FA reset token')
+    return db.tx(t => {
+      const q1 = t.none('UPDATE users SET twofa_code=$1, temp_twofa_code=NULL WHERE id=$2', [secret, id])
+      const q2 = t.none(`DELETE FROM user_sessions WHERE sess -> 'user' ->> 'id'=$1`, [id])
+      const q3 = t.none(`DELETE FROM auth_tokens WHERE token=$1 and type='reset_twofa'`, [token])
+      return t.batch([q1, q2, q3])
+    })
+  })
+}
+
+function updatePassword (token, id, password) {
+  return validateAuthToken(token, 'reset_password').then(res => {
+    if (!res.success) throw new Error('Failed to verify password reset token')
+    return argon2.hash(password).then(function (hash) {
+      return db.tx(t => {
+        const q1 = t.none(`UPDATE users SET password=$1 WHERE id=$2`, [hash, id])
+        const q2 = t.none(`DELETE FROM user_sessions WHERE sess -> 'user' ->> 'id'=$1`, [id])
+        const q3 = t.none(`DELETE FROM auth_tokens WHERE token=$1 and type='reset_password'`, [token])
+        return t.batch([q1, q2, q3])
+      })
+    })
+  })
+}
+
+function createUserRegistrationToken (username, role) {
+  const token = crypto.randomBytes(32).toString('hex')
+  const sql = `INSERT INTO user_register_tokens (token, username, role) VALUES ($1, $2, $3) ON CONFLICT (username)
+    DO UPDATE SET token=$1, expire=now() + interval '${constants.REGISTRATION_TOKEN_EXPIRATION_TIME}' RETURNING *`
+
+  return db.one(sql, [token, username, role])
+}
+
+function validateUserRegistrationToken (token) {
+  const sql = `SELECT username, role, now() < expire AS success FROM user_register_tokens WHERE token=$1`
+
+  return db.one(sql, [token])
+    .then(res => ({ username: res.username, role: res.role, success: res.success }))
+}
+
+function register (token, username, password, role) {
+  return validateUserRegistrationToken(token).then(res => {
+    if (!res.success) throw new Error('Failed to verify registration token')
+    return argon2.hash(password).then(hash => {
+      return db.tx(t => {
+        const q1 = t.none(`INSERT INTO users (id, username, password, role) VALUES ($1, $2, $3, $4)`, [uuid.v4(), username, hash, role])
+        const q2 = t.none(`DELETE FROM user_register_tokens WHERE token=$1`, [token])
+        return t.batch([q1, q2])
+      })
+    })
+  })
+}
+
+function changeUserRole (id, newRole) {
+  const sql = `UPDATE users SET role=$1 WHERE id=$2`
+  return db.none(sql, [newRole, id])
+}
+
+function enableUser (id) {
+  const sql = `UPDATE users SET enabled=true WHERE id=$1`
+  return db.none(sql, [id])
+}
+
+function disableUser (id) {
+  return db.tx(t => {
+    const q1 = t.none(`UPDATE users SET enabled=false WHERE id=$1`, [id])
+    const q2 = t.none(`DELETE FROM user_sessions WHERE sess -> 'user' ->> 'id'=$1`, [id])
+    return t.batch([q1, q2])
+  })
+}
+
+module.exports = {
+  get,
+  getByIds,
+  getUsers,
+  getUserById,
+  getUserByUsername,
+  verifyAndUpdateUser,
+  updatePassword,
+  saveTemp2FASecret,
+  save2FASecret,
+  reset2FASecret,
+  validateAuthToken,
+  createUserRegistrationToken,
+  validateUserRegistrationToken,
+  register,
+  changeUserRole,
+  enableUser,
+  disableUser
+}