basic invite user functional

This commit is contained in:
Milo Schwartz 2024-11-02 23:46:08 -04:00
parent a6bb8f5bb1
commit a6baebb216
No known key found for this signature in database
15 changed files with 684 additions and 137 deletions

View file

@ -210,13 +210,13 @@ export const userInvites = sqliteTable("userInvites", {
inviteId: text("inviteId").primaryKey(),
orgId: text("orgId")
.notNull()
.references(() => orgs.orgId),
.references(() => orgs.orgId, { onDelete: "cascade" }),
email: text("email").notNull(),
expiresAt: integer("expiresAt").notNull(),
tokenHash: text("token").notNull(),
roleId: integer("roleId")
.notNull()
.references(() => roles.roleId),
.references(() => roles.roleId, { onDelete: "cascade" }),
});
export type Org = InferSelectModel<typeof orgs>;

View file

@ -72,8 +72,8 @@ authenticated.post(
"/org/:orgId/create-invite",
verifyOrgAccess,
user.inviteUser
);
authenticated.post("/org/:orgId/accept-invite", user.acceptInvite);
); // maybe make this /invite/create instead
authenticated.post("/invite/accept", user.acceptInvite);
authenticated.get(
"/resource/:resourceId/roles",

View file

@ -9,13 +9,17 @@ import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import logger from "@server/logger";
import { fromError } from "zod-validation-error";
import { isWithinExpirationDate } from "oslo";
const acceptInviteBodySchema = z.object({
token: z.string(),
inviteId: z.string(),
});
export type AcceptInviteResponse = {};
export type AcceptInviteResponse = {
accepted: boolean;
orgId: string;
};
export async function acceptInvite(
req: Request,
@ -50,6 +54,12 @@ export async function acceptInvite(
);
}
if (!isWithinExpirationDate(new Date(existingInvite[0].expiresAt))) {
return next(
createHttpError(HttpCode.BAD_REQUEST, "Invite has expired")
);
}
const validToken = await verify(existingInvite[0].tokenHash, token, {
memoryCost: 19456,
timeCost: 2,
@ -79,6 +89,15 @@ export async function acceptInvite(
);
}
if (existingUser[0].email !== existingInvite[0].email) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Invite is not for this user"
)
);
}
let roleId: number;
// get the role to make sure it exists
const existingRole = await db
@ -109,7 +128,7 @@ export async function acceptInvite(
await db.delete(userInvites).where(eq(userInvites.inviteId, inviteId));
return response<AcceptInviteResponse>(res, {
data: {},
data: { accepted: true, orgId: existingInvite[0].orgId },
success: true,
error: false,
message: "Invite accepted",

View file

@ -24,6 +24,8 @@ const inviteUserBodySchema = z.object({
validHours: z.number().gt(0).lte(168),
});
export type InviteUserBody = z.infer<typeof inviteUserBodySchema>;
export type InviteUserResponse = {
inviteLink: string;
expiresAt: number;
@ -112,7 +114,7 @@ export async function inviteUser(
roleId,
});
const inviteLink = `${config.app.base_url}/invite/${inviteId}-${token}`;
const inviteLink = `${config.app.base_url}/invite?token=${inviteId}-${token}`;
return response<InviteUserResponse>(res, {
data: {