fosrl.pangolin/server/db/queries/verifySessionQueries.ts

import { db } from "@server/db";
import {
    Resource,
    ResourcePassword,
    ResourcePincode,
    ResourceRule,
    resourcePassword,
    resourcePincode,
    resourceRules,
    resources,
    roleResources,
    sessions,
    userOrgs,
    userResources,
    users
} from "@server/db";
import { and, eq } from "drizzle-orm";
import axios from "axios";
import config from "@server/lib/config";
import logger from "@server/logger";
import { tokenManager } from "@server/lib/tokenManager";

export type ResourceWithAuth = {
    resource: Resource | null;
    pincode: ResourcePincode | null;
    password: ResourcePassword | null;
};

export type UserSessionWithUser = {
    session: any;
    user: any;
};

/**
 * Get resource by domain with pincode and password information
 */
export async function getResourceByDomain(
    domain: string
): Promise<ResourceWithAuth | null> {
    if (config.isManagedMode()) {
        try {
            const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/resource/domain/${domain}`, await tokenManager.getAuthHeader());
            return response.data.data;
        } catch (error) {
            if (axios.isAxiosError(error)) {
                logger.error("Error fetching config in verify session:", {
                    message: error.message,
                    code: error.code,
                    status: error.response?.status,
                    statusText: error.response?.statusText,
                    url: error.config?.url,
                    method: error.config?.method
                });
            } else {
                logger.error("Error fetching config in verify session:", error);
            }
            return null;
        }
    }

    const [result] = await db
        .select()
        .from(resources)
        .leftJoin(
            resourcePincode,
            eq(resourcePincode.resourceId, resources.resourceId)
        )
        .leftJoin(
            resourcePassword,
            eq(resourcePassword.resourceId, resources.resourceId)
        )
        .where(eq(resources.fullDomain, domain))
        .limit(1);

    if (!result) {
        return null;
    }

    return {
        resource: result.resources,
        pincode: result.resourcePincode,
        password: result.resourcePassword
    };
}

/**
 * Get user session with user information
 */
export async function getUserSessionWithUser(
    userSessionId: string
): Promise<UserSessionWithUser | null> {
    if (config.isManagedMode()) {
        try {
            const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/session/${userSessionId}`, await tokenManager.getAuthHeader());
            return response.data.data;
        } catch (error) {
            if (axios.isAxiosError(error)) {
                logger.error("Error fetching config in verify session:", {
                    message: error.message,
                    code: error.code,
                    status: error.response?.status,
                    statusText: error.response?.statusText,
                    url: error.config?.url,
                    method: error.config?.method
                });
            } else {
                logger.error("Error fetching config in verify session:", error);
            }
            return null;
        }
    }

    const [res] = await db
        .select()
        .from(sessions)
        .leftJoin(users, eq(users.userId, sessions.userId))
        .where(eq(sessions.sessionId, userSessionId));

    if (!res) {
        return null;
    }

    return {
        session: res.session,
        user: res.user
    };
}

/**
 * Get user organization role
 */
export async function getUserOrgRole(userId: string, orgId: string) {
    if (config.isManagedMode()) {
        try {
            const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/user/${userId}/org/${orgId}/role`, await tokenManager.getAuthHeader());
            return response.data.data;
        } catch (error) {
            if (axios.isAxiosError(error)) {
                logger.error("Error fetching config in verify session:", {
                    message: error.message,
                    code: error.code,
                    status: error.response?.status,
                    statusText: error.response?.statusText,
                    url: error.config?.url,
                    method: error.config?.method
                });
            } else {
                logger.error("Error fetching config in verify session:", error);
            }
            return null;
        }
    }

    const userOrgRole = await db
        .select()
        .from(userOrgs)
        .where(
            and(
                eq(userOrgs.userId, userId),
                eq(userOrgs.orgId, orgId)
            )
        )
        .limit(1);

    return userOrgRole.length > 0 ? userOrgRole[0] : null;
}

/**
 * Check if role has access to resource
 */
export async function getRoleResourceAccess(resourceId: number, roleId: number) {
    if (config.isManagedMode()) {
        try {
            const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/role/${roleId}/resource/${resourceId}/access`, await tokenManager.getAuthHeader());
            return response.data.data;
        } catch (error) {
            if (axios.isAxiosError(error)) {
                logger.error("Error fetching config in verify session:", {
                    message: error.message,
                    code: error.code,
                    status: error.response?.status,
                    statusText: error.response?.statusText,
                    url: error.config?.url,
                    method: error.config?.method
                });
            } else {
                logger.error("Error fetching config in verify session:", error);
            }
            return null;
        }
    }

    const roleResourceAccess = await db
        .select()
        .from(roleResources)
        .where(
            and(
                eq(roleResources.resourceId, resourceId),
                eq(roleResources.roleId, roleId)
            )
        )
        .limit(1);

    return roleResourceAccess.length > 0 ? roleResourceAccess[0] : null;
}

/**
 * Check if user has direct access to resource
 */
export async function getUserResourceAccess(userId: string, resourceId: number) {
    if (config.isManagedMode()) {
        try {
            const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/user/${userId}/resource/${resourceId}/access`, await tokenManager.getAuthHeader());
            return response.data.data;
        } catch (error) {
            if (axios.isAxiosError(error)) {
                logger.error("Error fetching config in verify session:", {
                    message: error.message,
                    code: error.code,
                    status: error.response?.status,
                    statusText: error.response?.statusText,
                    url: error.config?.url,
                    method: error.config?.method
                });
            } else {
                logger.error("Error fetching config in verify session:", error);
            }
            return null;
        }
    }

    const userResourceAccess = await db
        .select()
        .from(userResources)
        .where(
            and(
                eq(userResources.userId, userId),
                eq(userResources.resourceId, resourceId)
            )
        )
        .limit(1);

    return userResourceAccess.length > 0 ? userResourceAccess[0] : null;
}

/**
 * Get resource rules for a given resource
 */
export async function getResourceRules(resourceId: number): Promise<ResourceRule[]> {
    if (config.isManagedMode()) {
        try {
            const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/resource/${resourceId}/rules`, await tokenManager.getAuthHeader());
            return response.data.data;
        } catch (error) {
            if (axios.isAxiosError(error)) {
                logger.error("Error fetching config in verify session:", {
                    message: error.message,
                    code: error.code,
                    status: error.response?.status,
                    statusText: error.response?.statusText,
                    url: error.config?.url,
                    method: error.config?.method
                });
            } else {
                logger.error("Error fetching config in verify session:", error);
            }
            return [];
        }
    }

    const rules = await db
        .select()
        .from(resourceRules)
        .where(eq(resourceRules.resourceId, resourceId));

    return rules;
}
Basic verify session breakout 2025-08-12 13:40:59 -07:00			`import { db } from "@server/db";`
			`import {`
			`Resource,`
			`ResourcePassword,`
			`ResourcePincode,`
			`ResourceRule,`
			`resourcePassword,`
			`resourcePincode,`
			`resourceRules,`
			`resources,`
			`roleResources,`
			`sessions,`
			`userOrgs,`
			`userResources,`
			`users`
			`} from "@server/db";`
			`import { and, eq } from "drizzle-orm";`
			`import axios from "axios";`
Adjust pulling in config 2025-08-12 16:47:59 -07:00			`import config from "@server/lib/config";`
Badger & traefik working now? 2025-08-14 21:48:14 -07:00			`import logger from "@server/logger";`
			`import { tokenManager } from "@server/lib/tokenManager";`
Basic verify session breakout 2025-08-12 13:40:59 -07:00
			`export type ResourceWithAuth = {`
			`resource: Resource \| null;`
			`pincode: ResourcePincode \| null;`
			`password: ResourcePassword \| null;`
			`};`

			`export type UserSessionWithUser = {`
			`session: any;`
			`user: any;`
			`};`

			`/**`
			`* Get resource by domain with pincode and password information`
			`*/`
			`export async function getResourceByDomain(`
			`domain: string`
			`): Promise<ResourceWithAuth \| null> {`
Rename hybrid to managed 2025-08-21 14:17:38 -07:00			`if (config.isManagedMode()) {`
Basic verify session breakout 2025-08-12 13:40:59 -07:00			`try {`
Rename hybrid to managed 2025-08-21 14:17:38 -07:00			const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/resource/domain/${domain}`, await tokenManager.getAuthHeader());
Badger & traefik working now? 2025-08-14 21:48:14 -07:00			`return response.data.data;`
Basic verify session breakout 2025-08-12 13:40:59 -07:00			`} catch (error) {`
Badger & traefik working now? 2025-08-14 21:48:14 -07:00			`if (axios.isAxiosError(error)) {`
			`logger.error("Error fetching config in verify session:", {`
			`message: error.message,`
			`code: error.code,`
			`status: error.response?.status,`
			`statusText: error.response?.statusText,`
			`url: error.config?.url,`
			`method: error.config?.method`
			`});`
			`} else {`
			`logger.error("Error fetching config in verify session:", error);`
			`}`
Basic verify session breakout 2025-08-12 13:40:59 -07:00			`return null;`
			`}`
			`}`

			`const [result] = await db`
			`.select()`
			`.from(resources)`
			`.leftJoin(`
			`resourcePincode,`
			`eq(resourcePincode.resourceId, resources.resourceId)`
			`)`
			`.leftJoin(`
			`resourcePassword,`
			`eq(resourcePassword.resourceId, resources.resourceId)`
			`)`
			`.where(eq(resources.fullDomain, domain))`
			`.limit(1);`

			`if (!result) {`
			`return null;`
			`}`

			`return {`
			`resource: result.resources,`
			`pincode: result.resourcePincode,`
			`password: result.resourcePassword`
			`};`
			`}`

			`/**`
			`* Get user session with user information`
			`*/`
			`export async function getUserSessionWithUser(`
			`userSessionId: string`
			`): Promise<UserSessionWithUser \| null> {`
Rename hybrid to managed 2025-08-21 14:17:38 -07:00			`if (config.isManagedMode()) {`
Basic verify session breakout 2025-08-12 13:40:59 -07:00			`try {`
Rename hybrid to managed 2025-08-21 14:17:38 -07:00			const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/session/${userSessionId}`, await tokenManager.getAuthHeader());
Badger & traefik working now? 2025-08-14 21:48:14 -07:00			`return response.data.data;`
Basic verify session breakout 2025-08-12 13:40:59 -07:00			`} catch (error) {`
Badger & traefik working now? 2025-08-14 21:48:14 -07:00			`if (axios.isAxiosError(error)) {`
			`logger.error("Error fetching config in verify session:", {`
			`message: error.message,`
			`code: error.code,`
			`status: error.response?.status,`
			`statusText: error.response?.statusText,`
			`url: error.config?.url,`
			`method: error.config?.method`
			`});`
			`} else {`
			`logger.error("Error fetching config in verify session:", error);`
			`}`
Basic verify session breakout 2025-08-12 13:40:59 -07:00			`return null;`
			`}`
			`}`

			`const [res] = await db`
			`.select()`
			`.from(sessions)`
			`.leftJoin(users, eq(users.userId, sessions.userId))`
			`.where(eq(sessions.sessionId, userSessionId));`

			`if (!res) {`
			`return null;`
			`}`

			`return {`
			`session: res.session,`
			`user: res.user`
			`};`
			`}`

			`/**`
			`* Get user organization role`
			`*/`
			`export async function getUserOrgRole(userId: string, orgId: string) {`
Rename hybrid to managed 2025-08-21 14:17:38 -07:00			`if (config.isManagedMode()) {`
Basic verify session breakout 2025-08-12 13:40:59 -07:00			`try {`
Rename hybrid to managed 2025-08-21 14:17:38 -07:00			const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/user/${userId}/org/${orgId}/role`, await tokenManager.getAuthHeader());
Badger & traefik working now? 2025-08-14 21:48:14 -07:00			`return response.data.data;`
Basic verify session breakout 2025-08-12 13:40:59 -07:00			`} catch (error) {`
Badger & traefik working now? 2025-08-14 21:48:14 -07:00			`if (axios.isAxiosError(error)) {`
			`logger.error("Error fetching config in verify session:", {`
			`message: error.message,`
			`code: error.code,`
			`status: error.response?.status,`
			`statusText: error.response?.statusText,`
			`url: error.config?.url,`
			`method: error.config?.method`
			`});`
			`} else {`
			`logger.error("Error fetching config in verify session:", error);`
			`}`
Basic verify session breakout 2025-08-12 13:40:59 -07:00			`return null;`
			`}`
			`}`

			`const userOrgRole = await db`
			`.select()`
			`.from(userOrgs)`
			`.where(`
			`and(`
			`eq(userOrgs.userId, userId),`
			`eq(userOrgs.orgId, orgId)`
			`)`
			`)`
			`.limit(1);`

			`return userOrgRole.length > 0 ? userOrgRole[0] : null;`
			`}`

			`/**`
			`* Check if role has access to resource`
			`*/`
			`export async function getRoleResourceAccess(resourceId: number, roleId: number) {`
Rename hybrid to managed 2025-08-21 14:17:38 -07:00			`if (config.isManagedMode()) {`
Basic verify session breakout 2025-08-12 13:40:59 -07:00			`try {`
Rename hybrid to managed 2025-08-21 14:17:38 -07:00			const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/role/${roleId}/resource/${resourceId}/access`, await tokenManager.getAuthHeader());
Badger & traefik working now? 2025-08-14 21:48:14 -07:00			`return response.data.data;`
Basic verify session breakout 2025-08-12 13:40:59 -07:00			`} catch (error) {`
Badger & traefik working now? 2025-08-14 21:48:14 -07:00			`if (axios.isAxiosError(error)) {`
			`logger.error("Error fetching config in verify session:", {`
			`message: error.message,`
			`code: error.code,`
			`status: error.response?.status,`
			`statusText: error.response?.statusText,`
			`url: error.config?.url,`
			`method: error.config?.method`
			`});`
			`} else {`
			`logger.error("Error fetching config in verify session:", error);`
			`}`
Basic verify session breakout 2025-08-12 13:40:59 -07:00			`return null;`
			`}`
			`}`

			`const roleResourceAccess = await db`
			`.select()`
			`.from(roleResources)`
			`.where(`
			`and(`
			`eq(roleResources.resourceId, resourceId),`
			`eq(roleResources.roleId, roleId)`
			`)`
			`)`
			`.limit(1);`

			`return roleResourceAccess.length > 0 ? roleResourceAccess[0] : null;`
			`}`

			`/**`
			`* Check if user has direct access to resource`
			`*/`
			`export async function getUserResourceAccess(userId: string, resourceId: number) {`
Rename hybrid to managed 2025-08-21 14:17:38 -07:00			`if (config.isManagedMode()) {`
Basic verify session breakout 2025-08-12 13:40:59 -07:00			`try {`
Rename hybrid to managed 2025-08-21 14:17:38 -07:00			const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/user/${userId}/resource/${resourceId}/access`, await tokenManager.getAuthHeader());
Badger & traefik working now? 2025-08-14 21:48:14 -07:00			`return response.data.data;`
Basic verify session breakout 2025-08-12 13:40:59 -07:00			`} catch (error) {`
Badger & traefik working now? 2025-08-14 21:48:14 -07:00			`if (axios.isAxiosError(error)) {`
			`logger.error("Error fetching config in verify session:", {`
			`message: error.message,`
			`code: error.code,`
			`status: error.response?.status,`
			`statusText: error.response?.statusText,`
			`url: error.config?.url,`
			`method: error.config?.method`
			`});`
			`} else {`
			`logger.error("Error fetching config in verify session:", error);`
			`}`
Basic verify session breakout 2025-08-12 13:40:59 -07:00			`return null;`
			`}`
			`}`

			`const userResourceAccess = await db`
			`.select()`
			`.from(userResources)`
			`.where(`
			`and(`
			`eq(userResources.userId, userId),`
			`eq(userResources.resourceId, resourceId)`
			`)`
			`)`
			`.limit(1);`

			`return userResourceAccess.length > 0 ? userResourceAccess[0] : null;`
			`}`

			`/**`
			`* Get resource rules for a given resource`
			`*/`
			`export async function getResourceRules(resourceId: number): Promise<ResourceRule[]> {`
Rename hybrid to managed 2025-08-21 14:17:38 -07:00			`if (config.isManagedMode()) {`
Basic verify session breakout 2025-08-12 13:40:59 -07:00			`try {`
Rename hybrid to managed 2025-08-21 14:17:38 -07:00			const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/resource/${resourceId}/rules`, await tokenManager.getAuthHeader());
Badger & traefik working now? 2025-08-14 21:48:14 -07:00			`return response.data.data;`
Basic verify session breakout 2025-08-12 13:40:59 -07:00			`} catch (error) {`
Badger & traefik working now? 2025-08-14 21:48:14 -07:00			`if (axios.isAxiosError(error)) {`
			`logger.error("Error fetching config in verify session:", {`
			`message: error.message,`
			`code: error.code,`
			`status: error.response?.status,`
			`statusText: error.response?.statusText,`
			`url: error.config?.url,`
			`method: error.config?.method`
			`});`
			`} else {`
			`logger.error("Error fetching config in verify session:", error);`
			`}`
Basic verify session breakout 2025-08-12 13:40:59 -07:00			`return [];`
			`}`
			`}`

			`const rules = await db`
			`.select()`
			`.from(resourceRules)`
			`.where(eq(resourceRules.resourceId, resourceId));`

			`return rules;`
			`}`