Add admin user api interfaces

2025-05-12 21:30:35 +01:00 · 2025-03-21 17:05:04 -04:00 · 2025-03-21 17:05:04 -04:00 · deb30ed4ae
commit deb30ed4ae
parent 3b09ef3345
7 changed files with 204 additions and 3 deletions
--- a/server/middlewares/index.ts
+++ b/server/middlewares/index.ts
@ -14,3 +14,4 @@ export * from "./verifyAdmin";
 export * from "./verifySetResourceUsers";
 export * from "./verifyUserInRole";
 export * from "./verifyAccessTokenAccess";
+export * from "./verifyUserIsServerAdmin";
--- a/server/middlewares/verifyUserIsServerAdmin.ts
+++ b/server/middlewares/verifyUserIsServerAdmin.ts
@ -0,0 +1,37 @@
+import { Request, Response, NextFunction } from "express";
+import createHttpError from "http-errors";
+import HttpCode from "@server/types/HttpCode";
+
+export async function verifyUserIsServerAdmin(
+    req: Request,
+    res: Response,
+    next: NextFunction
+) {
+    const userId = req.user!.userId;
+
+    if (!userId) {
+        return next(
+            createHttpError(HttpCode.UNAUTHORIZED, "User not authenticated")
+        );
+    }
+    
+    try {
+        if (!req.user?.serverAdmin) {
+            return next(
+                createHttpError(
+                    HttpCode.FORBIDDEN,
+                    "User is not a server admin"
+                )
+            );
+        }
+        
+        return next();
+    } catch (e) {
+        return next(
+            createHttpError(
+                HttpCode.INTERNAL_SERVER_ERROR,
+                "Error verifying organization access"
+            )
+        );
+    }
+}
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@ -23,7 +23,8 @@ import {
    verifyRoleAccess,
    verifySetResourceUsers,
    verifyUserAccess,
-    getUserOrgs
+    getUserOrgs,
+    verifyUserIsServerAdmin
 } from "@server/middlewares";
 import { verifyUserHasAction } from "../middlewares/verifyUserHasAction";
 import { ActionsEnum } from "@server/auth/actions";
@ -418,6 +419,13 @@ unauthenticated.get("/resource/:resourceId/auth", resource.getResourceAuthInfo);

 unauthenticated.get("/user", verifySessionMiddleware, user.getUser);

+authenticated.get("/users", verifyUserIsServerAdmin, user.adminListUsers);
+authenticated.delete(
+    "/user/:userId",
+    verifyUserIsServerAdmin,
+    user.adminRemoveUser
+);
+
 authenticated.get("/org/:orgId/user/:userId", verifyOrgAccess, user.getOrgUser);
 authenticated.get(
    "/org/:orgId/users",
--- a/server/routers/user/adminListUsers.ts
+++ b/server/routers/user/adminListUsers.ts
@ -0,0 +1,92 @@
+import { Request, Response, NextFunction } from "express";
+import { z } from "zod";
+import { db } from "@server/db";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import { sql, eq } from "drizzle-orm";
+import logger from "@server/logger";
+import { users } from "@server/db/schema";
+
+const listUsersSchema = z
+    .object({
+        limit: z
+            .string()
+            .optional()
+            .default("1000")
+            .transform(Number)
+            .pipe(z.number().int().nonnegative()),
+        offset: z
+            .string()
+            .optional()
+            .default("0")
+            .transform(Number)
+            .pipe(z.number().int().nonnegative())
+    })
+    .strict();
+
+async function queryUsers(limit: number, offset: number) {
+    return await db
+        .select({
+            id: users.userId,
+            email: users.email,
+            dateCreated: users.dateCreated,
+        })
+        .from(users)
+        .where(eq(users.serverAdmin, false))
+        .limit(limit)
+        .offset(offset);
+}
+
+export type AdminListUsersResponse = {
+    users: NonNullable<Awaited<ReturnType<typeof queryUsers>>>;
+    pagination: { total: number; limit: number; offset: number };
+};
+
+export async function adminListUsers(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedQuery = listUsersSchema.safeParse(req.query);
+        if (!parsedQuery.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    parsedQuery.error.errors.map((e) => e.message).join(", ")
+                )
+            );
+        }
+        const { limit, offset } = parsedQuery.data;
+
+        const allUsers = await queryUsers(
+            limit,
+            offset
+        );
+
+        const [{ count }] = await db
+            .select({ count: sql<number>`count(*)` })
+            .from(users);
+
+        return response<AdminListUsersResponse>(res, {
+            data: {
+                users: allUsers,
+                pagination: {
+                    total: count,
+                    limit,
+                    offset
+                }
+            },
+            success: true,
+            error: false,
+            message: "Users retrieved successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
--- a/server/routers/user/adminRemoveUser.ts
+++ b/server/routers/user/adminRemoveUser.ts
@ -0,0 +1,61 @@
+import { Request, Response, NextFunction } from "express";
+import { z } from "zod";
+import { db } from "@server/db";
+import { userOrgs, users } from "@server/db/schema";
+import { and, eq } from "drizzle-orm";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import { fromError } from "zod-validation-error";
+
+const removeUserSchema = z
+    .object({
+        userId: z.string()
+    })
+    .strict();
+
+export async function adminRemoveUser(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedParams = removeUserSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const { userId } = parsedParams.data;
+
+        // get the user first
+        const user = await db
+            .select()
+            .from(userOrgs)
+            .where(eq(userOrgs.userId, userId));
+
+        if (!user || user.length === 0) {
+            return next(createHttpError(HttpCode.NOT_FOUND, "User not found"));
+        }
+
+        await db.delete(users).where(eq(users.userId, userId));
+
+        return response(res, {
+            data: null,
+            success: true,
+            error: false,
+            message: "User removed successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
--- a/server/routers/user/index.ts
+++ b/server/routers/user/index.ts
@ -4,4 +4,6 @@ export * from "./listUsers";
 export * from "./addUserRole";
 export * from "./inviteUser";
 export * from "./acceptInvite";
-export * from "./getOrgUser";
+export * from "./getOrgUser";
+export * from "./adminListUsers";
+export * from "./adminRemoveUser";
--- a/server/routers/user/removeUserOrg.ts
+++ b/server/routers/user/removeUserOrg.ts
@ -71,7 +71,7 @@ export async function removeUserOrg(
            data: null,
            success: true,
            error: false,
-            message: "User remove from org successfully",
+            message: "User removed from org successfully",
            status: HttpCode.OK
        });
    } catch (error) {