fosrl.pangolin/server/routers/org/createOrg.ts

import { Request, Response, NextFunction } from "express";
import { z } from "zod";
import { db } from "@server/db";
import { eq } from "drizzle-orm";
import {
    apiKeyOrg,
    apiKeys,
    domains,
    Org,
    orgDomains,
    orgs,
    roleActions,
    roles,
    userOrgs,
    users,
    actions
} from "@server/db";
import response from "@server/lib/response";
import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import logger from "@server/logger";
import config from "@server/lib/config";
import { fromError } from "zod-validation-error";
import { defaultRoleAllowedActions } from "../role";
import { OpenAPITags, registry } from "@server/openApi";

const createOrgSchema = z
    .object({
        orgId: z.string(),
        name: z.string().min(1).max(255)
    })
    .strict();

// const MAX_ORGS = 5;

registry.registerPath({
    method: "put",
    path: "/org",
    description: "Create a new organization",
    tags: [OpenAPITags.Org],
    request: {
        body: {
            content: {
                "application/json": {
                    schema: createOrgSchema
                }
            }
        }
    },
    responses: {}
});

export async function createOrg(
    req: Request,
    res: Response,
    next: NextFunction
): Promise<any> {
    try {
        // should this be in a middleware?
        if (config.getRawConfig().flags?.disable_user_create_org) {
            if (req.user && !req.user?.serverAdmin) {
                return next(
                    createHttpError(
                        HttpCode.FORBIDDEN,
                        "Only server admins can create organizations"
                    )
                );
            }
        }

        const parsedBody = createOrgSchema.safeParse(req.body);
        if (!parsedBody.success) {
            return next(
                createHttpError(
                    HttpCode.BAD_REQUEST,
                    fromError(parsedBody.error).toString()
                )
            );
        }

        const { orgId, name } = parsedBody.data;

        // make sure the orgId is unique
        const orgExists = await db
            .select()
            .from(orgs)
            .where(eq(orgs.orgId, orgId))
            .limit(1);

        if (orgExists.length > 0) {
            return next(
                createHttpError(
                    HttpCode.CONFLICT,
                    `Organization with ID ${orgId} already exists`
                )
            );
        }

        let error = "";
        let org: Org | null = null;

        await db.transaction(async (trx) => {
            const allDomains = await trx
                .select()
                .from(domains)
                .where(eq(domains.configManaged, true));

            const newOrg = await trx
                .insert(orgs)
                .values({
                    orgId,
                    name
                })
                .returning();

            if (newOrg.length === 0) {
                error = "Failed to create organization";
                trx.rollback();
                return;
            }

            org = newOrg[0];

            // Create admin role within the same transaction
            const [insertedRole] = await trx
                .insert(roles)
                .values({
                    orgId: newOrg[0].orgId,
                    isAdmin: true,
                    name: "Admin",
                    description: "Admin role with the most permissions"
                })
                .returning({ roleId: roles.roleId });

            if (!insertedRole || !insertedRole.roleId) {
                error = "Failed to create Admin role";
                trx.rollback();
                return;
            }

            const roleId = insertedRole.roleId;

            // Get all actions and create role actions
            const actionIds = await trx.select().from(actions).execute();
            
            if (actionIds.length > 0) {
                await trx
                    .insert(roleActions)
                    .values(
                        actionIds.map((action) => ({
                            roleId,
                            actionId: action.actionId,
                            orgId: newOrg[0].orgId
                        }))
                    );
            }

            await trx.insert(orgDomains).values(
                allDomains.map((domain) => ({
                    orgId: newOrg[0].orgId,
                    domainId: domain.domainId
                }))
            );

            if (req.user) {
                await trx.insert(userOrgs).values({
                    userId: req.user!.userId,
                    orgId: newOrg[0].orgId,
                    roleId: roleId,
                    isOwner: true
                });
            } else {
                // if org created by root api key, set the server admin as the owner
                const [serverAdmin] = await trx
                    .select()
                    .from(users)
                    .where(eq(users.serverAdmin, true));

                if (!serverAdmin) {
                    error = "Server admin not found";
                    trx.rollback();
                    return;
                }

                await trx.insert(userOrgs).values({
                    userId: serverAdmin.userId,
                    orgId: newOrg[0].orgId,
                    roleId: roleId,
                    isOwner: true
                });
            }

            const memberRole = await trx
                .insert(roles)
                .values({
                    name: "Member",
                    description: "Members can only view resources",
                    orgId
                })
                .returning();

            await trx.insert(roleActions).values(
                defaultRoleAllowedActions.map((action) => ({
                    roleId: memberRole[0].roleId,
                    actionId: action,
                    orgId
                }))
            );

            const rootApiKeys = await trx
                .select()
                .from(apiKeys)
                .where(eq(apiKeys.isRoot, true));

            for (const apiKey of rootApiKeys) {
                await trx.insert(apiKeyOrg).values({
                    apiKeyId: apiKey.apiKeyId,
                    orgId: newOrg[0].orgId
                });
            }
        });

        if (!org) {
            return next(
                createHttpError(
                    HttpCode.INTERNAL_SERVER_ERROR,
                    "Failed to create org"
                )
            );
        }

        if (error) {
            return next(createHttpError(HttpCode.INTERNAL_SERVER_ERROR, error));
        }

        return response(res, {
            data: org,
            success: true,
            error: false,
            message: "Organization created successfully",
            status: HttpCode.CREATED
        });
    } catch (error) {
        logger.error(error);
        return next(
            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
        );
    }
}
rename super user to admin and middleware refactoring 2024-11-05 22:38:57 -05:00			`import { Request, Response, NextFunction } from "express";`
			`import { z } from "zod";`
			`import { db } from "@server/db";`
			`import { eq } from "drizzle-orm";`
refactor create and update resource endpoints 2025-02-16 17:28:10 -05:00			`import {`
add user checks in routes 2025-05-02 10:44:50 -04:00			`apiKeyOrg,`
			`apiKeys,`
refactor create and update resource endpoints 2025-02-16 17:28:10 -05:00			`domains,`
			`Org,`
			`orgDomains,`
			`orgs,`
			`roleActions,`
			`roles,`
add user checks in routes 2025-05-02 10:44:50 -04:00			`userOrgs,`
support postgresql as database option 2025-06-04 12:02:07 -04:00			`users,`
			`actions`
			`} from "@server/db";`
refactor and reorganize 2025-01-01 21:41:31 -05:00			`import response from "@server/lib/response";`
rename super user to admin and middleware refactoring 2024-11-05 22:38:57 -05:00			`import HttpCode from "@server/types/HttpCode";`
			`import createHttpError from "http-errors";`
			`import logger from "@server/logger";`
refactor and reorganize 2025-01-01 21:41:31 -05:00			`import config from "@server/lib/config";`
rename super user to admin and middleware refactoring 2024-11-05 22:38:57 -05:00			`import { fromError } from "zod-validation-error";`
more user role stuff 2024-11-09 23:59:19 -05:00			`import { defaultRoleAllowedActions } from "../role";`
add openapi registers 2025-04-06 22:44:14 -04:00			`import { OpenAPITags, registry } from "@server/openApi";`
Add basic CRUD 2024-10-01 21:53:49 -04:00
use strict zod objects and hide proto on targets 2024-11-14 00:00:17 -05:00			`const createOrgSchema = z`
			`.object({`
			`orgId: z.string(),`
org setup wip 2024-12-21 14:11:10 -05:00			`name: z.string().min(1).max(255)`
use strict zod objects and hide proto on targets 2024-11-14 00:00:17 -05:00			`})`
			`.strict();`
Add endpoints 2024-10-01 21:34:07 -04:00
add createNewt action and remove max orgs restriction 2025-03-26 22:20:22 -04:00			`// const MAX_ORGS = 5;`
Add verify middleware 2024-10-03 22:31:20 -04:00
add openapi registers 2025-04-06 22:44:14 -04:00			`registry.registerPath({`
			`method: "put",`
			`path: "/org",`
			`description: "Create a new organization",`
			`tags: [OpenAPITags.Org],`
			`request: {`
			`body: {`
			`content: {`
			`"application/json": {`
			`schema: createOrgSchema`
			`}`
			`}`
			`}`
			`},`
			`responses: {}`
			`});`

rename super user to admin and middleware refactoring 2024-11-05 22:38:57 -05:00			`export async function createOrg(`
			`req: Request,`
			`res: Response,`
			`next: NextFunction`
			`): Promise<any> {`
Format files and fix http response 2024-10-06 18:05:20 -04:00			`try {`
setup server admin 2024-12-25 15:54:32 -05:00			`// should this be in a middleware?`
make config class and separate migrations script 2025-01-01 17:50:12 -05:00			`if (config.getRawConfig().flags?.disable_user_create_org) {`
add user checks in routes 2025-05-02 10:44:50 -04:00			`if (req.user && !req.user?.serverAdmin) {`
setup server admin 2024-12-25 15:54:32 -05:00			`return next(`
			`createHttpError(`
			`HttpCode.FORBIDDEN,`
			`"Only server admins can create organizations"`
			`)`
			`);`
			`}`
			`}`

Format files and fix http response 2024-10-06 18:05:20 -04:00			`const parsedBody = createOrgSchema.safeParse(req.body);`
			`if (!parsedBody.success) {`
			`return next(`
			`createHttpError(`
			`HttpCode.BAD_REQUEST,`
refactor contexts, format zod errors, and more refactoring 2024-11-03 13:57:51 -05:00			`fromError(parsedBody.error).toString()`
Format files and fix http response 2024-10-06 18:05:20 -04:00			`)`
			`);`
			`}`
Add basic CRUD 2024-10-01 21:53:49 -04:00
Add stepper 2024-10-14 19:30:38 -04:00			`const { orgId, name } = parsedBody.data;`
Add actions check to all endpoints 2024-10-06 16:43:59 -04:00
Add stepper 2024-10-14 19:30:38 -04:00			`// make sure the orgId is unique`
rename super user to admin and middleware refactoring 2024-11-05 22:38:57 -05:00			`const orgExists = await db`
			`.select()`
Add stepper 2024-10-14 19:30:38 -04:00			`.from(orgs)`
			`.where(eq(orgs.orgId, orgId))`
			`.limit(1);`
rename super user to admin and middleware refactoring 2024-11-05 22:38:57 -05:00
Add stepper 2024-10-14 19:30:38 -04:00			`if (orgExists.length > 0) {`
			`return next(`
			`createHttpError(`
			`HttpCode.CONFLICT,`
			`Organization with ID ${orgId} already exists`
			`)`
			`);`
			`}`
Add basic CRUD 2024-10-01 21:53:49 -04:00
org setup wip 2024-12-21 14:11:10 -05:00			`let error = "";`
			`let org: Org \| null = null;`
Fix resource new id number 2024-10-26 12:15:03 -04:00
org setup wip 2024-12-21 14:11:10 -05:00			`await db.transaction(async (trx) => {`
add list domains for org endpoint 2025-02-16 18:09:17 -05:00			`const allDomains = await trx`
			`.select()`
			`.from(domains)`
			`.where(eq(domains.configManaged, true));`
Add basic CRUD 2024-10-01 21:53:49 -04:00
org setup wip 2024-12-21 14:11:10 -05:00			`const newOrg = await trx`
			`.insert(orgs)`
			`.values({`
			`orgId,`
refactor create and update resource endpoints 2025-02-16 17:28:10 -05:00			`name`
org setup wip 2024-12-21 14:11:10 -05:00			`})`
			`.returning();`
Add stepper 2024-10-14 19:30:38 -04:00
org setup wip 2024-12-21 14:11:10 -05:00			`if (newOrg.length === 0) {`
			`error = "Failed to create organization";`
			`trx.rollback();`
			`return;`
			`}`

			`org = newOrg[0];`

support postgresql as database option 2025-06-04 12:02:07 -04:00			`// Create admin role within the same transaction`
			`const [insertedRole] = await trx`
			`.insert(roles)`
			`.values({`
			`orgId: newOrg[0].orgId,`
			`isAdmin: true,`
			`name: "Admin",`
			`description: "Admin role with the most permissions"`
			`})`
			`.returning({ roleId: roles.roleId });`
Add stepper 2024-10-14 19:30:38 -04:00
support postgresql as database option 2025-06-04 12:02:07 -04:00			`if (!insertedRole \|\| !insertedRole.roleId) {`
org setup wip 2024-12-21 14:11:10 -05:00			`error = "Failed to create Admin role";`
			`trx.rollback();`
			`return;`
			`}`

support postgresql as database option 2025-06-04 12:02:07 -04:00			`const roleId = insertedRole.roleId;`

			`// Get all actions and create role actions`
			`const actionIds = await trx.select().from(actions).execute();`

			`if (actionIds.length > 0) {`
			`await trx`
			`.insert(roleActions)`
			`.values(`
			`actionIds.map((action) => ({`
			`roleId,`
			`actionId: action.actionId,`
			`orgId: newOrg[0].orgId`
			`}))`
			`);`
			`}`

refactor create and update resource endpoints 2025-02-16 17:28:10 -05:00			`await trx.insert(orgDomains).values(`
			`allDomains.map((domain) => ({`
			`orgId: newOrg[0].orgId,`
			`domainId: domain.domainId`
			`}))`
			`);`

add user checks in routes 2025-05-02 10:44:50 -04:00			`if (req.user) {`
			`await trx.insert(userOrgs).values({`
			`userId: req.user!.userId,`
			`orgId: newOrg[0].orgId,`
			`roleId: roleId,`
			`isOwner: true`
			`});`
			`} else {`
			`// if org created by root api key, set the server admin as the owner`
			`const [serverAdmin] = await trx`
			`.select()`
			`.from(users)`
			`.where(eq(users.serverAdmin, true));`

			`if (!serverAdmin) {`
			`error = "Server admin not found";`
			`trx.rollback();`
			`return;`
			`}`

			`await trx.insert(userOrgs).values({`
			`userId: serverAdmin.userId,`
			`orgId: newOrg[0].orgId,`
			`roleId: roleId,`
			`isOwner: true`
			`});`
			`}`
org setup wip 2024-12-21 14:11:10 -05:00
			`const memberRole = await trx`
			`.insert(roles)`
			`.values({`
			`name: "Member",`
			`description: "Members can only view resources",`
			`orgId`
			`})`
			`.returning();`

			`await trx.insert(roleActions).values(`
more user role stuff 2024-11-09 23:59:19 -05:00			`defaultRoleAllowedActions.map((action) => ({`
			`roleId: memberRole[0].roleId,`
			`actionId: action,`
org setup wip 2024-12-21 14:11:10 -05:00			`orgId`
more user role stuff 2024-11-09 23:59:19 -05:00			`}))`
org setup wip 2024-12-21 14:11:10 -05:00			`);`
add user checks in routes 2025-05-02 10:44:50 -04:00
			`const rootApiKeys = await trx`
			`.select()`
			`.from(apiKeys)`
			`.where(eq(apiKeys.isRoot, true));`

			`for (const apiKey of rootApiKeys) {`
			`await trx.insert(apiKeyOrg).values({`
			`apiKeyId: apiKey.apiKeyId,`
			`orgId: newOrg[0].orgId`
			`});`
			`}`
org setup wip 2024-12-21 14:11:10 -05:00			`});`

			`if (!org) {`
			`return next(`
			`createHttpError(`
			`HttpCode.INTERNAL_SERVER_ERROR,`
support postgresql as database option 2025-06-04 12:02:07 -04:00			`"Failed to create org"`
org setup wip 2024-12-21 14:11:10 -05:00			`)`
			`);`
			`}`

			`if (error) {`
			`return next(createHttpError(HttpCode.INTERNAL_SERVER_ERROR, error));`
			`}`
more user role stuff 2024-11-09 23:59:19 -05:00
Format files and fix http response 2024-10-06 18:05:20 -04:00			`return response(res, {`
org setup wip 2024-12-21 14:11:10 -05:00			`data: org,`
Format files and fix http response 2024-10-06 18:05:20 -04:00			`success: true,`
			`error: false,`
			`message: "Organization created successfully",`
org setup wip 2024-12-21 14:11:10 -05:00			`status: HttpCode.CREATED`
Format files and fix http response 2024-10-06 18:05:20 -04:00			`});`
			`} catch (error) {`
			`logger.error(error);`
rename super user to admin and middleware refactoring 2024-11-05 22:38:57 -05:00			`return next(`
list roles, make sidebar component, responsive mobile settings menu selector 2024-11-09 00:08:17 -05:00			`createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")`
rename super user to admin and middleware refactoring 2024-11-05 22:38:57 -05:00			`);`
Format files and fix http response 2024-10-06 18:05:20 -04:00			`}`
organized routes and routes and added rate limiter 2024-10-02 00:04:40 -04:00			`}`