cal.pub0.org/packages/features/ee/users/server/trpc-router.ts

111 lines
4.2 KiB
TypeScript

import { z } from "zod";
import { WEBAPP_URL } from "@calcom/lib/constants";
import { defaultAvatarSrc } from "@calcom/lib/defaultAvatarImage";
import { _UserModel as User } from "@calcom/prisma/zod";
import type { inferRouterOutputs } from "@calcom/trpc";
import { TRPCError } from "@calcom/trpc";
import { authedAdminProcedure, middleware, router } from "@calcom/trpc/server/trpc";
export type UserAdminRouter = typeof userAdminRouter;
export type UserAdminRouterOutputs = inferRouterOutputs<UserAdminRouter>;
const userIdSchema = z.object({ userId: z.coerce.number() });
const userBodySchema = User.pick({
name: true,
email: true,
username: true,
bio: true,
timeZone: true,
weekStart: true,
theme: true,
defaultScheduleId: true,
locale: true,
timeFormat: true,
// brandColor: true,
// darkBrandColor: true,
allowDynamicBooking: true,
// away: true,
role: true,
// @note: disallowing avatar changes via API for now. We can add it later if needed. User should upload image via UI.
// avatar: true,
});
/** This helps to prevent reaching the 4MB payload limit by avoiding base64 and instead passing the avatar url */
export function getAvatarUrlFromUser(user: {
avatar: string | null;
username: string | null;
email: string;
}) {
if (!user.avatar || !user.username) return defaultAvatarSrc({ email: user.email });
return `${WEBAPP_URL}/${user.username}/avatar.png`;
}
/** @see https://www.prisma.io/docs/concepts/components/prisma-client/excluding-fields#excluding-the-password-field */
function exclude<UserType, Key extends keyof UserType>(user: UserType, keys: Key[]): Omit<UserType, Key> {
for (const key of keys) {
delete user[key];
}
return user;
}
/** Reusable logic that checks for admin permissions and if the requested user exists */
const authedAdminWithUserMiddleware = middleware(async ({ ctx, next, rawInput }) => {
const { prisma } = ctx;
const parsed = userIdSchema.safeParse(rawInput);
if (!parsed.success) throw new TRPCError({ code: "BAD_REQUEST", message: "User id is required" });
const { userId: id } = parsed.data;
const user = await prisma.user.findUnique({ where: { id } });
if (!user) throw new TRPCError({ code: "NOT_FOUND", message: "User not found" });
return next({
ctx: {
user: ctx.user,
requestedUser:
/** Don't leak the password */
exclude(user, ["password"]),
},
});
});
const authedAdminProcedureWithRequestedUser = authedAdminProcedure.use(authedAdminWithUserMiddleware);
export const userAdminRouter = router({
get: authedAdminProcedureWithRequestedUser.input(userIdSchema).query(async ({ ctx }) => {
const { requestedUser } = ctx;
return { user: requestedUser };
}),
list: authedAdminProcedure.query(async ({ ctx }) => {
const { prisma } = ctx;
// TODO: Add search, pagination, etc.
const users = await prisma.user.findMany();
return users.map((user) => ({
/** Don't leak the password */
...exclude(user, ["password"]),
/**
* FIXME: This should be either a prisma extension or middleware
* @see https://www.prisma.io/docs/concepts/components/prisma-client/middleware
* @see https://www.prisma.io/docs/concepts/components/prisma-client/client-extensions/result
**/
avatar: getAvatarUrlFromUser(user),
}));
}),
add: authedAdminProcedure.input(userBodySchema).mutation(async ({ ctx, input }) => {
const { prisma } = ctx;
const user = await prisma.user.create({ data: input });
return { user, message: `User with id: ${user.id} added successfully` };
}),
update: authedAdminProcedureWithRequestedUser
.input(userBodySchema.partial())
.mutation(async ({ ctx, input }) => {
const { prisma, requestedUser } = ctx;
const user = await prisma.user.update({ where: { id: requestedUser.id }, data: input });
return { user, message: `User with id: ${user.id} updated successfully` };
}),
delete: authedAdminProcedureWithRequestedUser.input(userIdSchema).mutation(async ({ ctx }) => {
const { prisma, requestedUser } = ctx;
await prisma.user.delete({ where: { id: requestedUser.id } });
return { message: `User with id: ${requestedUser.id} deleted successfully` };
}),
});