fosrl/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2025-05-12 21:30:35 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
pangolin/server/routers/user/inviteUser.ts
miloschwartz 53be2739bb
successful log in loop poc
2025-04-13 18:29:23 -04:00

278 lines
8.4 KiB
TypeScript
Raw Blame History

import NodeCache from "node-cache";
import { Request, Response, NextFunction } from "express";
import { z } from "zod";
import { db } from "@server/db";
import { orgs, userInvites, userOrgs, users } from "@server/db/schemas";
import { and, eq } from "drizzle-orm";
import response from "@server/lib/response";
import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import logger from "@server/logger";
import { alphabet, generateRandomString } from "oslo/crypto";
import { createDate, TimeSpan } from "oslo";
import config from "@server/lib/config";
import { hashPassword } from "@server/auth/password";
import { fromError } from "zod-validation-error";
import { sendEmail } from "@server/emails";
import SendInviteLink from "@server/emails/templates/SendInviteLink";
import { OpenAPITags, registry } from "@server/openApi";
import { UserType } from "@server/types/UserTypes";
const regenerateTracker = new NodeCache({ stdTTL: 3600, checkperiod: 600 });
const inviteUserParamsSchema = z
.object({
orgId: z.string()
})
.strict();
const inviteUserBodySchema = z
.object({
email: z
.string()
.email()
.transform((v) => v.toLowerCase()),
roleId: z.number(),
validHours: z.number().gt(0).lte(168),
sendEmail: z.boolean().optional(),
regenerate: z.boolean().optional()
})
.strict();
export type InviteUserBody = z.infer<typeof inviteUserBodySchema>;
export type InviteUserResponse = {
inviteLink: string;
expiresAt: number;
};
registry.registerPath({
method: "post",
path: "/org/{orgId}/create-invite",
description: "Invite a user to join an organization.",
tags: [OpenAPITags.Org],
request: {
params: inviteUserParamsSchema,
body: {
content: {
"application/json": {
schema: inviteUserBodySchema
}
}
}
},
responses: {}
});
export async function inviteUser(
req: Request,
res: Response,
next: NextFunction
): Promise<any> {
try {
const parsedParams = inviteUserParamsSchema.safeParse(req.params);
if (!parsedParams.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedParams.error).toString()
)
);
}
const parsedBody = inviteUserBodySchema.safeParse(req.body);
if (!parsedBody.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedBody.error).toString()
)
);
}
const { orgId } = parsedParams.data;
const {
email,
validHours,
roleId,
sendEmail: doEmail,
regenerate
} = parsedBody.data;
// Check if the organization exists
const org = await db
.select()
.from(orgs)
.where(eq(orgs.orgId, orgId))
.limit(1);
if (!org.length) {
return next(
createHttpError(HttpCode.NOT_FOUND, "Organization not found")
);
}
// Check if the user already exists in the `users` table
const existingUser = await db
.select()
.from(users)
.innerJoin(userOrgs, eq(users.userId, userOrgs.userId))
.where(
and(
eq(users.email, email),
eq(userOrgs.orgId, orgId),
eq(users.type, UserType.Internal)
)
)
.limit(1);
if (existingUser.length) {
return next(
createHttpError(
HttpCode.CONFLICT,
"This user is already a member of the organization."
)
);
}
// Check if an invitation already exists
const existingInvite = await db
.select()
.from(userInvites)
.where(
and(eq(userInvites.email, email), eq(userInvites.orgId, orgId))
)
.limit(1);
if (existingInvite.length && !regenerate) {
return next(
createHttpError(
HttpCode.CONFLICT,
"An invitation for this user already exists."
)
);
}
if (existingInvite.length) {
const attempts = regenerateTracker.get<number>(email) || 0;
if (attempts >= 3) {
return next(
createHttpError(
HttpCode.TOO_MANY_REQUESTS,
"You have exceeded the limit of 3 regenerations per hour."
)
);
}
regenerateTracker.set(email, attempts + 1);
const inviteId = existingInvite[0].inviteId; // Retrieve the original inviteId
const token = generateRandomString(
32,
alphabet("a-z", "A-Z", "0-9")
);
const expiresAt = createDate(
new TimeSpan(validHours, "h")
).getTime();
const tokenHash = await hashPassword(token);
await db
.update(userInvites)
.set({
tokenHash,
expiresAt
})
.where(
and(
eq(userInvites.email, email),
eq(userInvites.orgId, orgId)
)
);
const inviteLink = `${config.getRawConfig().app.dashboard_url}/invite?token=${inviteId}-${token}`;
if (doEmail) {
await sendEmail(
SendInviteLink({
email,
inviteLink,
expiresInDays: (validHours / 24).toString(),
orgName: org[0].name || orgId,
inviterName: req.user?.email || req.user?.username
}),
{
to: email,
from: config.getNoReplyEmail(),
subject: "Your invitation has been regenerated"
}
);
}
return response<InviteUserResponse>(res, {
data: {
inviteLink,
expiresAt
},
success: true,
error: false,
message: "Invitation regenerated successfully",
status: HttpCode.OK
});
}
// Create a new invite if none exists
const inviteId = generateRandomString(
10,
alphabet("a-z", "A-Z", "0-9")
);
const token = generateRandomString(32, alphabet("a-z", "A-Z", "0-9"));
const expiresAt = createDate(new TimeSpan(validHours, "h")).getTime();
const tokenHash = await hashPassword(token);
await db.transaction(async (trx) => {
await trx.insert(userInvites).values({
inviteId,
orgId,
email,
expiresAt,
tokenHash,
roleId
});
});
const inviteLink = `${config.getRawConfig().app.dashboard_url}/invite?token=${inviteId}-${token}`;
if (doEmail) {
await sendEmail(
SendInviteLink({
email,
inviteLink,
expiresInDays: (validHours / 24).toString(),
orgName: org[0].name || orgId,
inviterName: req.user?.email || req.user?.username
}),
{
to: email,
from: config.getNoReplyEmail(),
subject: `You're invited to join ${org[0].name || orgId}`
}
);
}
return response<InviteUserResponse>(res, {
data: {
inviteLink,
expiresAt
},
success: true,
error: false,
message: "User invited successfully",
status: HttpCode.OK
});
} catch (error) {
logger.error(error);
return next(
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
);
}
}
Reference in a new issue View git blame Copy permalink