add server admin panel to delete users

2025-08-31 23:10:00 +02:00 · 2025-03-21 18:04:14 -04:00 · 2025-03-21 18:04:14 -04:00 · ec106ab87f
commit ec106ab87f
parent 83e70cc7c4
10 changed files with 439 additions and 18 deletions
--- a/server/lib/config.ts
+++ b/server/lib/config.ts
@ -245,13 +245,9 @@ export class Config {
            : "false";
        process.env.DASHBOARD_URL = parsedConfig.data.app.dashboard_url;

-        this.checkSupporterKey()
-            .then(() => {
-                console.log("Supporter key checked");
-            })
-            .catch((error) => {
-                console.error("Error checking supporter key:", error);
-            });
+        this.checkSupporterKey().catch((error) => {
+            console.error("Error checking supporter key:", error);
+        });

        this.rawConfig = parsedConfig.data;
    }
--- a/server/middlewares/verifyUserIsServerAdmin.ts
+++ b/server/middlewares/verifyUserIsServerAdmin.ts
@ -14,7 +14,7 @@ export async function verifyUserIsServerAdmin(
            createHttpError(HttpCode.UNAUTHORIZED, "User not authenticated")
        );
    }
-    
+
    try {
        if (!req.user?.serverAdmin) {
            return next(
@ -24,7 +24,7 @@ export async function verifyUserIsServerAdmin(
                )
            );
        }
-        
+
        return next();
    } catch (e) {
        return next(
--- a/server/routers/user/adminListUsers.ts
+++ b/server/routers/user/adminListUsers.ts
@ -31,6 +31,7 @@ async function queryUsers(limit: number, offset: number) {
            id: users.userId,
            email: users.email,
            dateCreated: users.dateCreated,
+            serverAdmin: users.serverAdmin
        })
        .from(users)
        .where(eq(users.serverAdmin, false))
@ -60,10 +61,7 @@ export async function adminListUsers(
        }
        const { limit, offset } = parsedQuery.data;

-        const allUsers = await queryUsers(
-            limit,
-            offset
-        );
+        const allUsers = await queryUsers(limit, offset);

        const [{ count }] = await db
            .select({ count: sql<number>`count(*)` })
--- a/server/routers/user/adminRemoveUser.ts
+++ b/server/routers/user/adminRemoveUser.ts
@ -1,8 +1,8 @@
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
 import { db } from "@server/db";
-import { userOrgs, users } from "@server/db/schema";
-import { and, eq } from "drizzle-orm";
+import { users } from "@server/db/schema";
+import { eq } from "drizzle-orm";
 import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
@ -36,13 +36,22 @@ export async function adminRemoveUser(
        // get the user first
        const user = await db
            .select()
-            .from(userOrgs)
-            .where(eq(userOrgs.userId, userId));
+            .from(users)
+            .where(eq(users.userId, userId));

        if (!user || user.length === 0) {
            return next(createHttpError(HttpCode.NOT_FOUND, "User not found"));
        }

+        if (user[0].serverAdmin) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    "Cannot remove server admin"
+                )
+            );
+        }
+
        await db.delete(users).where(eq(users.userId, userId));

        return response(res, {
--- a/server/routers/user/index.ts
+++ b/server/routers/user/index.ts
@ -6,4 +6,4 @@ export * from "./inviteUser";
 export * from "./acceptInvite";
 export * from "./getOrgUser";
 export * from "./adminListUsers";
-export * from "./adminRemoveUser";
+export * from "./adminRemoveUser";