mirror/fosrl.pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2025-07-09 21:44:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add basic transactions

Browse source
This commit is contained in:
Owen Schwartz 2024-12-24 16:00:02 -05:00
parent c8676ce06a
commit 2f328fc719
No known key found for this signature in database
GPG key ID: 8271FDFFD9E0CCBD
22 changed files with 548 additions and 459 deletions
Download patch file Download diff file Expand all files Collapse all files

12
server/auth/resourceOtp.ts
View file

@ -3,11 +3,10 @@ import { resourceOtp } from "@server/db/schema";
import { and, eq } from "drizzle-orm";
import { createDate, isWithinExpirationDate, TimeSpan } from "oslo";
import { alphabet, generateRandomString, sha256 } from "oslo/crypto";
import { encodeHex } from "oslo/encoding";
import { sendEmail } from "@server/emails";
import ResourceOTPCode from "@server/emails/templates/ResourceOTPCode";
import config from "@server/config";
import { hash, verify } from "@node-rs/argon2";
import { verifyPassword } from "./password";
import { hashPassword } from "./password";
export async function sendResourceOtpEmail(
@ -37,7 +36,9 @@ export async function generateResourceOtpCode(
resourceId: number,
email: string
): Promise<string> {
await db
const otp = generateRandomString(8, alphabet("0-9", "A-Z", "a-z"));
await db.transaction(async (trx) => {
await trx
.delete(resourceOtp)
.where(
and(
@ -46,16 +47,15 @@ export async function generateResourceOtpCode(
)
);
const otp = generateRandomString(8, alphabet("0-9", "A-Z", "a-z"));
const otpHash = await hashPassword(otp);
await db.insert(resourceOtp).values({
await trx.insert(resourceOtp).values({
resourceId,
email,
otpHash,
expiresAt: createDate(new TimeSpan(15, "m")).getTime()
});
});
return otp;
}

10
server/auth/sendEmailVerificationCode.ts
View file

@ -31,18 +31,18 @@ async function generateEmailVerificationCode(
userId: string,
email: string
): Promise<string> {
await db
const code = generateRandomString(8, alphabet("0-9"));
await db.transaction(async (trx) => {
await trx
.delete(emailVerificationCodes)
.where(eq(emailVerificationCodes.userId, userId));
const code = generateRandomString(8, alphabet("0-9"));
await db.insert(emailVerificationCodes).values({
await trx.insert(emailVerificationCodes).values({
userId,
email,
code,
expiresAt: createDate(new TimeSpan(15, "m")).getTime()
});
});
return code;
}

39
server/routers/auth/disable2fa.ts
View file

@ -12,10 +12,12 @@ import { verifyPassword } from "@server/auth/password";
import { verifyTotpCode } from "@server/auth/2fa";
import logger from "@server/logger";
export const disable2faBody = z.object({
export const disable2faBody = z
.object({
password: z.string(),
code: z.string().optional(),
}).strict();
code: z.string().optional()
})
.strict();
export type Disable2faBody = z.infer<typeof disable2faBody>;
@ -26,7 +28,7 @@ export type Disable2faResponse = {
export async function disable2fa(
req: Request,
res: Response,
next: NextFunction,
next: NextFunction
): Promise<any> {
const parsedBody = disable2faBody.safeParse(req.body);
@ -34,8 +36,8 @@ export async function disable2fa(
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedBody.error).toString(),
),
fromError(parsedBody.error).toString()
)
);
}
@ -52,8 +54,8 @@ export async function disable2fa(
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Two-factor authentication is already disabled",
),
"Two-factor authentication is already disabled"
)
);
} else {
if (!code) {
@ -62,7 +64,7 @@ export async function disable2fa(
success: true,
error: false,
message: "Two-factor authentication required",
status: HttpCode.ACCEPTED,
status: HttpCode.ACCEPTED
});
}
}
@ -70,27 +72,28 @@ export async function disable2fa(
const validOTP = await verifyTotpCode(
code,
user.twoFactorSecret!,
user.userId,
user.userId
);
if (!validOTP) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"The two-factor code you entered is incorrect",
),
"The two-factor code you entered is incorrect"
)
);
}
await db
await db.transaction(async (trx) => {
await trx
.update(users)
.set({ twoFactorEnabled: false })
.where(eq(users.userId, user.userId));
await db
await trx
.delete(twoFactorBackupCodes)
.where(eq(twoFactorBackupCodes.userId, user.userId));
});
// TODO: send email to user confirming two-factor authentication is disabled
return response<null>(res, {
@ -98,15 +101,15 @@ export async function disable2fa(
success: true,
error: false,
message: "Two-factor authentication disabled",
status: HttpCode.OK,
status: HttpCode.OK
});
} catch (error) {
logger.error(error);
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"Failed to disable two-factor authentication",
),
"Failed to disable two-factor authentication"
)
);
}
}

11
server/routers/auth/requestPasswordReset.ts
View file

@ -63,19 +63,24 @@ export async function requestPasswordReset(
);
}
await db
const token = generateRandomString(
8,
alphabet("0-9", "A-Z", "a-z")
);
await db.transaction(async (trx) => {
await trx
.delete(passwordResetTokens)
.where(eq(passwordResetTokens.userId, existingUser[0].userId));
const token = generateRandomString(8, alphabet("0-9", "A-Z", "a-z"));
const tokenHash = await hashPassword(token);
await db.insert(passwordResetTokens).values({
await trx.insert(passwordResetTokens).values({
userId: existingUser[0].userId,
email: existingUser[0].email,
tokenHash,
expiresAt: createDate(new TimeSpan(2, "h")).getTime()
});
});
const url = `${config.app.base_url}/auth/reset-password?email=${email}&token=${token}`;

8
server/routers/auth/resetPassword.ts
View file

@ -135,20 +135,22 @@ export async function resetPassword(
await invalidateAllSessions(resetRequest[0].userId);
await db
await db.transaction(async (trx) => {
await trx
.update(users)
.set({ passwordHash })
.where(eq(users.userId, resetRequest[0].userId));
await db
await trx
.delete(passwordResetTokens)
.where(eq(passwordResetTokens.email, email));
});
await sendEmail(ConfirmPasswordReset({ email }), {
from: config.email?.no_reply,
to: email,
subject: "Password Reset Confirmation"
})
});
return response<ResetPasswordResponse>(res, {
data: null,

6
server/routers/auth/verifyEmail.ts
View file

@ -62,16 +62,18 @@ export async function verifyEmail(
const valid = await isValidCode(user, code);
if (valid) {
await db
await db.transaction(async (trx) => {
await trx
.delete(emailVerificationCodes)
.where(eq(emailVerificationCodes.userId, user.userId));
await db
await trx
.update(users)
.set({
emailVerified: true
})
.where(eq(users.userId, user.userId));
});
} else {
return next(
createHttpError(

6
server/routers/auth/verifyTotp.ts
View file

@ -73,7 +73,8 @@ export async function verifyTotp(
let codes;
if (valid) {
// if valid, enable two-factor authentication; the totp secret is no longer temporary
await db
await db.transaction(async (trx) => {
await trx
.update(users)
.set({ twoFactorEnabled: true })
.where(eq(users.userId, user.userId));
@ -83,11 +84,12 @@ export async function verifyTotp(
for (const code of backupCodes) {
const hash = await hashPassword(code);
await db.insert(twoFactorBackupCodes).values({
await trx.insert(twoFactorBackupCodes).values({
userId: user.userId,
codeHash: hash
});
}
});
}
// TODO: send email to user confirming two-factor authentication is enabled

52
server/routers/gerbil/receiveBandwidth.ts
View file

@ -1,10 +1,10 @@
import { Request, Response, NextFunction } from 'express';
import { DrizzleError, eq } from 'drizzle-orm';
import { sites, resources, targets, exitNodes } from '@server/db/schema';
import db from '@server/db';
import logger from '@server/logger';
import createHttpError from 'http-errors';
import HttpCode from '@server/types/HttpCode';
import { Request, Response, NextFunction } from "express";
import { DrizzleError, eq } from "drizzle-orm";
import { sites, resources, targets, exitNodes } from "@server/db/schema";
import db from "@server/db";
import logger from "@server/logger";
import createHttpError from "http-errors";
import HttpCode from "@server/types/HttpCode";
import response from "@server/utils/response";
interface PeerBandwidth {
@ -13,20 +13,25 @@ interface PeerBandwidth {
bytesOut: number;
}
export const receiveBandwidth = async (req: Request, res: Response, next: NextFunction): Promise<any> => {
export const receiveBandwidth = async (
req: Request,
res: Response,
next: NextFunction
): Promise<any> => {
try {
const bandwidthData: PeerBandwidth[] = req.body;
if (!Array.isArray(bandwidthData)) {
throw new Error('Invalid bandwidth data');
throw new Error("Invalid bandwidth data");
}
await db.transaction(async (trx) => {
for (const peer of bandwidthData) {
const { publicKey, bytesIn, bytesOut } = peer;
// Find the site by public key
const site = await db.query.sites.findFirst({
where: eq(sites.pubKey, publicKey),
const site = await trx.query.sites.findFirst({
where: eq(sites.pubKey, publicKey)
});
if (!site) {
@ -39,36 +44,45 @@ export const receiveBandwidth = async (req: Request, res: Response, next: NextFu
if (bytesIn > 0 || bytesOut > 0) {
online = true;
} else if (site.lastBandwidthUpdate) {
const lastBandwidthUpdate = new Date(site.lastBandwidthUpdate);
const lastBandwidthUpdate = new Date(
site.lastBandwidthUpdate
);
const currentTime = new Date();
const diff = currentTime.getTime() - lastBandwidthUpdate.getTime();
const diff =
currentTime.getTime() - lastBandwidthUpdate.getTime();
if (diff < 300000) {
online = false;
}
}
// Update the site's bandwidth usage
await db.update(sites)
await trx
.update(sites)
.set({
megabytesIn: (site.megabytesIn || 0) + bytesIn,
megabytesOut: (site.megabytesOut || 0) + bytesOut,
lastBandwidthUpdate: new Date().toISOString(),
online,
online
})
.where(eq(sites.siteId, site.siteId));
}
});
return response(res, {
data: {},
success: true,
error: false,
message: "Organization retrieved successfully",
status: HttpCode.OK,
status: HttpCode.OK
});
} catch (error) {
logger.error('Error updating bandwidth data:', error);
return next(createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred..."));
logger.error("Error updating bandwidth data:", error);
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"An error occurred..."
)
);
}
};

27
server/routers/newt/handleRegisterMessage.ts
View file

@ -39,7 +39,7 @@ export const handleRegisterMessage: MessageHandler = async (context) => {
return;
}
const [updatedSite] = await db
await db
.update(sites)
.set({
pubKey: publicKey
@ -47,7 +47,6 @@ export const handleRegisterMessage: MessageHandler = async (context) => {
.where(eq(sites.siteId, siteId))
.returning();
const [exitNode] = await db
.select()
.from(exitNodes)
@ -67,10 +66,13 @@ export const handleRegisterMessage: MessageHandler = async (context) => {
// add the peer to the exit node
await addPeer(site.exitNodeId, {
publicKey: publicKey,
allowedIps: [site.subnet],
allowedIps: [site.subnet]
});
const siteResources = await db.select().from(resources).where(eq(resources.siteId, siteId));
const siteResources = await db
.select()
.from(resources)
.where(eq(resources.siteId, siteId));
// get the targets from the resourceIds
const siteTargets = await db
@ -79,23 +81,26 @@ export const handleRegisterMessage: MessageHandler = async (context) => {
.where(
inArray(
targets.resourceId,
siteResources.map(resource => resource.resourceId)
siteResources.map((resource) => resource.resourceId)
)
);
const udpTargets = siteTargets
.filter((target) => target.protocol === "udp")
.map((target) => {
return `${target.internalPort ? target.internalPort + ":" : ""}${target.ip}:${target.port}`;
return `${target.internalPort ? target.internalPort + ":" : ""}${
target.ip
}:${target.port}`;
});
const tcpTargets = siteTargets
.filter((target) => target.protocol === "tcp")
.map((target) => {
return `${target.internalPort ? target.internalPort + ":" : ""}${target.ip}:${target.port}`;
return `${target.internalPort ? target.internalPort + ":" : ""}${
target.ip
}:${target.port}`;
});
return {
message: {
type: "newt/wg/connect",
@ -106,11 +111,11 @@ export const handleRegisterMessage: MessageHandler = async (context) => {
tunnelIP: site.subnet.split("/")[0],
targets: {
udp: udpTargets,
tcp: tcpTargets,
tcp: tcpTargets
}
}
},
},
broadcast: false, // Send to all clients
excludeSender: false, // Include sender in broadcast
excludeSender: false // Include sender in broadcast
};
};

22
server/routers/org/deleteOrg.ts
View file

@ -24,9 +24,7 @@ const deleteOrgSchema = z
})
.strict();
export type DeleteOrgResponse = {
}
export type DeleteOrgResponse = {};
export async function deleteOrg(
req: Request,
@ -79,6 +77,7 @@ export async function deleteOrg(
.where(eq(sites.orgId, orgId))
.limit(1);
await db.transaction(async (trx) => {
if (sites) {
for (const site of orgSites) {
if (site.pubKey) {
@ -86,7 +85,7 @@ export async function deleteOrg(
await deletePeer(site.exitNodeId!, site.pubKey);
} else if (site.type == "newt") {
// get the newt on the site by querying the newt table for siteId
const [deletedNewt] = await db
const [deletedNewt] = await trx
.delete(newts)
.where(eq(newts.siteId, site.siteId))
.returning();
@ -98,20 +97,27 @@ export async function deleteOrg(
sendToClient(deletedNewt.newtId, payload);
// delete all of the sessions for the newt
await db.delete(newtSessions)
await trx
.delete(newtSessions)
.where(
eq(newtSessions.newtId, deletedNewt.newtId)
eq(
newtSessions.newtId,
deletedNewt.newtId
)
);
}
}
}
logger.info(`Deleting site ${site.siteId}`);
await db.delete(sites).where(eq(sites.siteId, site.siteId))
await trx
.delete(sites)
.where(eq(sites.siteId, site.siteId));
}
}
await db.delete(orgs).where(eq(orgs.orgId, orgId));
await trx.delete(orgs).where(eq(orgs.orgId, orgId));
});
return response(res, {
data: null,

10
server/routers/resource/createResource.ts
View file

@ -89,8 +89,8 @@ export async function createResource(
}
const fullDomain = `${subdomain}.${org[0].domain}`;
const newResource = await db
await db.transaction(async (trx) => {
const newResource = await trx
.insert(resources)
.values({
siteId,
@ -114,19 +114,18 @@ export async function createResource(
);
}
await db.insert(roleResources).values({
await trx.insert(roleResources).values({
roleId: adminRole[0].roleId,
resourceId: newResource[0].resourceId
});
if (req.userOrgRoleId != adminRole[0].roleId) {
// make sure the user can access the resource
await db.insert(userResources).values({
await trx.insert(userResources).values({
userId: req.user?.userId!,
resourceId: newResource[0].resourceId
});
}
response<CreateResourceResponse>(res, {
data: newResource[0],
success: true,
@ -134,6 +133,7 @@ export async function createResource(
message: "Resource created successfully",
status: HttpCode.CREATED
});
});
} catch (error) {
if (
error instanceof SqliteError &&

6
server/routers/role/addRoleSite.ts
View file

@ -51,7 +51,8 @@ export async function addRoleSite(
const { roleId } = parsedParams.data;
const newRoleSite = await db
await db.transaction(async (trx) => {
const newRoleSite = await trx
.insert(roleSites)
.values({
roleId,
@ -65,7 +66,7 @@ export async function addRoleSite(
.where(eq(resources.siteId, siteId));
for (const resource of siteResources) {
await db.insert(roleResources).values({
await trx.insert(roleResources).values({
roleId,
resourceId: resource.resourceId
});
@ -78,6 +79,7 @@ export async function addRoleSite(
message: "Site added to role successfully",
status: HttpCode.CREATED
});
});
} catch (error) {
logger.error(error);
return next(

6
server/routers/role/createRole.ts
View file

@ -82,7 +82,8 @@ export async function createRole(
);
}
const newRole = await db
await db.transaction(async (trx) => {
const newRole = await trx
.insert(roles)
.values({
...roleData,
@ -90,7 +91,7 @@ export async function createRole(
})
.returning();
await db
await trx
.insert(roleActions)
.values(
defaultRoleAllowedActions.map((action) => ({
@ -108,6 +109,7 @@ export async function createRole(
message: "Role created successfully",
status: HttpCode.CREATED
});
});
} catch (error) {
logger.error(error);
return next(

6
server/routers/role/deleteRole.ts
View file

@ -98,14 +98,16 @@ export async function deleteRole(
);
}
await db.transaction(async (trx) => {
// move all users from the userOrgs table with roleId to newRoleId
await db
await trx
.update(userOrgs)
.set({ roleId: newRoleId })
.where(eq(userOrgs.roleId, roleId));
// delete the old role
await db.delete(roles).where(eq(roles.roleId, roleId));
await trx.delete(roles).where(eq(roles.roleId, roleId));
});
return response(res, {
data: null,

11
server/routers/role/removeRoleSite.ts
View file

@ -51,10 +51,14 @@ export async function removeRoleSite(
const { roleId } = parsedBody.data;
const deletedRoleSite = await db
await db.transaction(async (trx) => {
const deletedRoleSite = await trx
.delete(roleSites)
.where(
and(eq(roleSites.roleId, roleId), eq(roleSites.siteId, siteId))
and(
eq(roleSites.roleId, roleId),
eq(roleSites.siteId, siteId)
)
)
.returning();
@ -73,7 +77,7 @@ export async function removeRoleSite(
.where(eq(resources.siteId, siteId));
for (const resource of siteResources) {
await db
await trx
.delete(roleResources)
.where(
and(
@ -83,6 +87,7 @@ export async function removeRoleSite(
)
.returning();
}
});
return response(res, {
data: null,

15
server/routers/site/createSite.ts
View file

@ -94,9 +94,13 @@ export async function createSite(
};
}
const [newSite] = await db.insert(sites).values(payload).returning();
await db.transaction(async (trx) => {
const [newSite] = await trx
.insert(sites)
.values(payload)
.returning();
const adminRole = await db
const adminRole = await trx
.select()
.from(roles)
.where(and(eq(roles.isAdmin, true), eq(roles.orgId, orgId)))
@ -108,14 +112,14 @@ export async function createSite(
);
}
await db.insert(roleSites).values({
await trx.insert(roleSites).values({
roleId: adminRole[0].roleId,
siteId: newSite.siteId
});
if (req.userOrgRoleId != adminRole[0].roleId) {
// make sure the user can access the site
db.insert(userSites).values({
trx.insert(userSites).values({
userId: req.user?.userId!,
siteId: newSite.siteId
});
@ -125,7 +129,7 @@ export async function createSite(
if (type == "newt") {
const secretHash = await hashPassword(secret!);
await db.insert(newts).values({
await trx.insert(newts).values({
newtId: newtId!,
secretHash,
siteId: newSite.siteId,
@ -153,6 +157,7 @@ export async function createSite(
message: "Site created successfully",
status: HttpCode.CREATED
});
});
} catch (error) {
logger.error(error);
return next(

12
server/routers/site/deleteSite.ts
View file

@ -50,12 +50,13 @@ export async function deleteSite(
);
}
await db.transaction(async (trx) => {
if (site.pubKey) {
if (site.type == "wireguard") {
await deletePeer(site.exitNodeId!, site.pubKey);
} else if (site.type == "newt") {
// get the newt on the site by querying the newt table for siteId
const [deletedNewt] = await db
const [deletedNewt] = await trx
.delete(newts)
.where(eq(newts.siteId, siteId))
.returning();
@ -67,14 +68,15 @@ export async function deleteSite(
sendToClient(deletedNewt.newtId, payload);
// delete all of the sessions for the newt
db.delete(newtSessions)
.where(eq(newtSessions.newtId, deletedNewt.newtId))
.run();
await trx
.delete(newtSessions)
.where(eq(newtSessions.newtId, deletedNewt.newtId));
}
}
}
db.delete(sites).where(eq(sites.siteId, siteId)).run();
await trx.delete(sites).where(eq(sites.siteId, siteId));
});
return response(res, {
data: null,

8
server/routers/user/acceptInvite.ts
View file

@ -118,15 +118,19 @@ export async function acceptInvite(
);
}
await db.transaction(async (trx) => {
// add the user to the org
await db.insert(userOrgs).values({
await trx.insert(userOrgs).values({
userId: existingUser[0].userId,
orgId: existingInvite[0].orgId,
roleId: existingInvite[0].roleId
});
// delete the invite
await db.delete(userInvites).where(eq(userInvites.inviteId, inviteId));
await trx
.delete(userInvites)
.where(eq(userInvites.inviteId, inviteId));
});
return response<AcceptInviteResponse>(res, {
data: { accepted: true, orgId: existingInvite[0].orgId },

9
server/routers/user/addUserSite.ts
View file

@ -34,7 +34,8 @@ export async function addUserSite(
const { userId, siteId } = parsedBody.data;
const newUserSite = await db
await db.transaction(async (trx) => {
const newUserSite = await trx
.insert(userSites)
.values({
userId,
@ -42,13 +43,13 @@ export async function addUserSite(
})
.returning();
const siteResources = await db
const siteResources = await trx
.select()
.from(resources)
.where(eq(resources.siteId, siteId));
for (const resource of siteResources) {
await db.insert(userResources).values({
await trx.insert(userResources).values({
userId,
resourceId: resource.resourceId
});
@ -61,6 +62,8 @@ export async function addUserSite(
message: "Site added to user successfully",
status: HttpCode.CREATED
});
});
} catch (error) {
logger.error(error);
return next(

11
server/routers/user/inviteUser.ts
View file

@ -130,15 +130,19 @@ export async function inviteUser(
const tokenHash = await hashPassword(token);
await db.transaction(async (trx) => {
// delete any existing invites for this email
await db
await trx
.delete(userInvites)
.where(
and(eq(userInvites.email, email), eq(userInvites.orgId, orgId))
and(
eq(userInvites.email, email),
eq(userInvites.orgId, orgId)
)
)
.execute();
await db.insert(userInvites).values({
await trx.insert(userInvites).values({
inviteId,
orgId,
email,
@ -146,6 +150,7 @@ export async function inviteUser(
tokenHash,
roleId
});
});
const inviteLink = `${config.app.base_url}/invite?token=${inviteId}-${token}`;

13
server/routers/user/removeUserSite.ts
View file

@ -51,10 +51,14 @@ export async function removeUserSite(
const { siteId } = parsedBody.data;
const deletedUserSite = await db
await db.transaction(async (trx) => {
const deletedUserSite = await trx
.delete(userSites)
.where(
and(eq(userSites.userId, userId), eq(userSites.siteId, siteId))
and(
eq(userSites.userId, userId),
eq(userSites.siteId, siteId)
)
)
.returning();
@ -67,13 +71,13 @@ export async function removeUserSite(
);
}
const siteResources = await db
const siteResources = await trx
.select()
.from(resources)
.where(eq(resources.siteId, siteId));
for (const resource of siteResources) {
await db
await trx
.delete(userResources)
.where(
and(
@ -83,6 +87,7 @@ export async function removeUserSite(
)
.returning();
}
});
return response(res, {
data: null,

31
server/setup/ensureActions.ts
View file

@ -22,13 +22,15 @@ export async function ensureActions() {
.where(eq(roles.isAdmin, true))
.execute();
await db.transaction(async (trx) => {
// Add new actions
for (const actionId of actionsToAdd) {
logger.debug(`Adding action: ${actionId}`);
await db.insert(actions).values({ actionId }).execute();
await trx.insert(actions).values({ actionId }).execute();
// Add new actions to the Default role
if (defaultRoles.length != 0) {
await db
await trx
.insert(roleActions)
.values(
defaultRoles.map((role) => ({
@ -44,19 +46,23 @@ export async function ensureActions() {
// Remove deprecated actions
if (actionsToRemove.length > 0) {
logger.debug(`Removing actions: ${actionsToRemove.join(", ")}`);
await db
await trx
.delete(actions)
.where(inArray(actions.actionId, actionsToRemove))
.execute();
await db
await trx
.delete(roleActions)
.where(inArray(roleActions.actionId, actionsToRemove))
.execute();
}
});
}
export async function createAdminRole(orgId: string) {
const [insertedRole] = await db
let roleId: any;
await db.transaction(async (trx) => {
const [insertedRole] = await trx
.insert(roles)
.values({
orgId,
@ -67,16 +73,20 @@ export async function createAdminRole(orgId: string) {
.returning({ roleId: roles.roleId })
.execute();
const roleId = insertedRole.roleId;
if (!insertedRole || !insertedRole.roleId) {
throw new Error("Failed to create Admin role");
}
const actionIds = await db.select().from(actions).execute();
roleId = insertedRole.roleId;
const actionIds = await trx.select().from(actions).execute();
if (actionIds.length === 0) {
logger.info("No actions to assign to the Admin role");
return;
}
await db
await trx
.insert(roleActions)
.values(
actionIds.map((action) => ({
@ -86,6 +96,11 @@ export async function createAdminRole(orgId: string) {
}))
)
.execute();
});
if (!roleId) {
throw new Error("Failed to create Admin role");
}
return roleId;
}