2021-04-19 22:34:07 +12:00
|
|
|
const CouchDB = require("../../../db")
|
|
|
|
const {
|
2021-04-21 04:17:44 +12:00
|
|
|
generateGlobalUserID,
|
|
|
|
getGlobalUserParams,
|
2021-04-19 22:34:07 +12:00
|
|
|
StaticDatabases,
|
2021-04-22 03:42:44 +12:00
|
|
|
} = require("@budibase/auth").db
|
|
|
|
const { hash, getGlobalUserByEmail } = require("@budibase/auth").utils
|
2021-04-19 22:34:07 +12:00
|
|
|
const { UserStatus } = require("../../../constants")
|
|
|
|
|
2021-04-21 04:17:44 +12:00
|
|
|
const FIRST_USER_EMAIL = "test@test.com"
|
|
|
|
const FIRST_USER_PASSWORD = "test"
|
2021-04-19 22:38:54 +12:00
|
|
|
const GLOBAL_DB = StaticDatabases.GLOBAL.name
|
2021-04-19 22:34:07 +12:00
|
|
|
|
|
|
|
exports.userSave = async ctx => {
|
2021-04-19 22:38:54 +12:00
|
|
|
const db = new CouchDB(GLOBAL_DB)
|
2021-04-19 22:34:07 +12:00
|
|
|
const { email, password, _id } = ctx.request.body
|
2021-04-21 04:17:44 +12:00
|
|
|
|
|
|
|
// make sure another user isn't using the same email
|
|
|
|
const dbUser = await getGlobalUserByEmail(email)
|
|
|
|
if (dbUser != null && (dbUser._id !== _id || Array.isArray(dbUser))) {
|
|
|
|
ctx.throw(400, "Email address already in use.")
|
|
|
|
}
|
|
|
|
|
|
|
|
// get the password, make sure one is defined
|
|
|
|
let hashedPassword
|
|
|
|
if (password) {
|
|
|
|
hashedPassword = await hash(password)
|
|
|
|
} else if (dbUser) {
|
|
|
|
hashedPassword = dbUser.password
|
|
|
|
} else {
|
|
|
|
ctx.throw(400, "Password must be specified.")
|
|
|
|
}
|
|
|
|
|
2021-04-19 22:34:07 +12:00
|
|
|
let user = {
|
2021-04-21 04:17:44 +12:00
|
|
|
...dbUser,
|
2021-04-19 22:34:07 +12:00
|
|
|
...ctx.request.body,
|
2021-04-21 04:17:44 +12:00
|
|
|
_id: _id || generateGlobalUserID(),
|
2021-04-19 22:34:07 +12:00
|
|
|
password: hashedPassword,
|
|
|
|
}
|
|
|
|
// add the active status to a user if its not provided
|
|
|
|
if (user.status == null) {
|
|
|
|
user.status = UserStatus.ACTIVE
|
|
|
|
}
|
|
|
|
try {
|
|
|
|
const response = await db.post({
|
2021-04-21 04:17:44 +12:00
|
|
|
password: hashedPassword,
|
2021-04-19 22:34:07 +12:00
|
|
|
...user,
|
|
|
|
})
|
|
|
|
ctx.body = {
|
|
|
|
_id: response.id,
|
|
|
|
_rev: response.rev,
|
|
|
|
email,
|
|
|
|
}
|
|
|
|
} catch (err) {
|
|
|
|
if (err.status === 409) {
|
|
|
|
ctx.throw(400, "User exists already")
|
|
|
|
} else {
|
|
|
|
ctx.throw(err.status, err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-04-21 04:17:44 +12:00
|
|
|
exports.firstUser = async ctx => {
|
|
|
|
ctx.request.body = {
|
|
|
|
email: FIRST_USER_EMAIL,
|
|
|
|
password: FIRST_USER_PASSWORD,
|
|
|
|
roles: {},
|
|
|
|
builder: {
|
|
|
|
global: true,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
await exports.userSave(ctx)
|
|
|
|
}
|
|
|
|
|
2021-04-19 22:34:07 +12:00
|
|
|
exports.userDelete = async ctx => {
|
2021-04-19 22:38:54 +12:00
|
|
|
const db = new CouchDB(GLOBAL_DB)
|
2021-04-21 04:17:44 +12:00
|
|
|
const dbUser = await db.get(ctx.params.id)
|
2021-04-19 22:34:07 +12:00
|
|
|
await db.remove(dbUser._id, dbUser._rev)
|
|
|
|
ctx.body = {
|
2021-04-21 04:17:44 +12:00
|
|
|
message: `User ${ctx.params.id} deleted.`,
|
2021-04-19 22:34:07 +12:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// called internally by app server user fetch
|
|
|
|
exports.userFetch = async ctx => {
|
2021-04-19 22:38:54 +12:00
|
|
|
const db = new CouchDB(GLOBAL_DB)
|
2021-04-19 22:34:07 +12:00
|
|
|
const response = await db.allDocs(
|
2021-04-21 04:17:44 +12:00
|
|
|
getGlobalUserParams(null, {
|
2021-04-19 22:34:07 +12:00
|
|
|
include_docs: true,
|
|
|
|
})
|
|
|
|
)
|
|
|
|
const users = response.rows.map(row => row.doc)
|
|
|
|
// user hashed password shouldn't ever be returned
|
|
|
|
for (let user of users) {
|
|
|
|
if (user) {
|
|
|
|
delete user.password
|
|
|
|
}
|
|
|
|
}
|
|
|
|
ctx.body = users
|
|
|
|
}
|
|
|
|
|
|
|
|
// called internally by app server user find
|
|
|
|
exports.userFind = async ctx => {
|
2021-04-19 22:38:54 +12:00
|
|
|
const db = new CouchDB(GLOBAL_DB)
|
2021-04-19 22:34:07 +12:00
|
|
|
let user
|
|
|
|
try {
|
2021-04-21 04:17:44 +12:00
|
|
|
user = await db.get(ctx.params.id)
|
2021-04-19 22:34:07 +12:00
|
|
|
} catch (err) {
|
|
|
|
// no user found, just return nothing
|
|
|
|
user = {}
|
|
|
|
}
|
|
|
|
if (user) {
|
|
|
|
delete user.password
|
|
|
|
}
|
|
|
|
ctx.body = user
|
|
|
|
}
|