feat: user page & $dropFetch util

2025-11-12 15:52:39 +10:00 · 2025-03-14 12:22:08 +11:00
parent 3225f536ce
commit bd1cb67cd0
39 changed files with 416 additions and 166 deletions
--- a/server/api/v1/admin/auth/index.get.ts
+++ b/server/api/v1/admin/auth/index.get.ts
@ -0,0 +1,14 @@
+import { AuthMec } from "@prisma/client";
+import aclManager from "~/server/internal/acls";
+import { applicationSettings } from "~/server/internal/config/application-configuration";
+
+export default defineEventHandler(async (h3) => {
+  const allowed = await aclManager.allowSystemACL(h3, ["auth:read"]);
+  if (!allowed) throw createError({ statusCode: 403 });
+
+  const enabledMechanisms: AuthMec[] = await applicationSettings.get(
+    "enabledAuthencationMechanisms"
+  );
+
+  return enabledMechanisms;
+});
--- a/server/api/v1/admin/users/[id]/index.get.ts
+++ b/server/api/v1/admin/users/[id]/index.get.ts
@ -0,0 +1,26 @@
+import aclManager from "~/server/internal/acls";
+import prisma from "~/server/internal/db/database";
+
+export default defineEventHandler(async (h3) => {
+  const allowed = await aclManager.allowSystemACL(h3, ["user:read"]);
+  if (!allowed) throw createError({ statusCode: 403 });
+
+  const userId = getRouterParam(h3, "id");
+  if (!userId)
+    throw createError({
+      statusCode: 400,
+      statusMessage: "No userId in route.",
+    });
+
+  if (userId == "system")
+    throw createError({
+      statusCode: 400,
+      statusMessage: "Cannot delete system user.",
+    });
+
+  const user = await prisma.user.findUnique({ where: { id: userId } });
+  if (!user)
+    throw createError({ statusCode: 404, statusMessage: "User not found." });
+
+  return user;
+});
--- a/server/api/v1/admin/users/index.get.ts
+++ b/server/api/v1/admin/users/index.get.ts
@ -5,7 +5,18 @@ export default defineEventHandler(async (h3) => {
  const allowed = await aclManager.allowSystemACL(h3, ["user:read"]);
  if (!allowed) throw createError({ statusCode: 403 });

-  const users = await prisma.user.findMany({});
+  const users = await prisma.user.findMany({
+    where: {
+      id: { not: "system" },
+    },
+    include: {
+      authMecs: {
+        select: {
+          mec: true,
+        }
+      }
+    }
+  });

  return users;
 });
--- a/server/api/v1/auth/signin/simple.post.ts
+++ b/server/api/v1/auth/signin/simple.post.ts
@ -5,34 +5,57 @@ import { checkHash } from "~/server/internal/security/simple";
 import sessionHandler from "~/server/internal/session";

 export default defineEventHandler(async (h3) => {
-    const body = await readBody(h3);
+  const body = await readBody(h3);

-    const username = body.username;
-    const password = body.password;
-    const rememberMe = body.rememberMe ?? false;
-    if (username === undefined || password === undefined)
-        throw createError({ statusCode: 403, statusMessage: "Username or password missing from request." });
-
-    const authMek = await prisma.linkedAuthMec.findFirst({
-        where: {
-            mec: AuthMec.Simple,
-            credentials: {
-                array_starts_with: username
-            }
-        }
+  const username = body.username;
+  const password = body.password;
+  const rememberMe = body.rememberMe ?? false;
+  if (username === undefined || password === undefined)
+    throw createError({
+      statusCode: 403,
+      statusMessage: "Username or password missing from request.",
    });

-    if (!authMek) throw createError({ statusCode: 401, statusMessage: "Invalid username or password." });
+  const authMek = await prisma.linkedAuthMec.findFirst({
+    where: {
+      mec: AuthMec.Simple,
+      credentials: {
+        array_starts_with: username,
+      },
+      enabled: true,
+    },
+    include: {
+      user: {
+        select: {
+          enabled: true,
+        },
+      },
+    },
+  });

-    const credentials = authMek.credentials as JsonArray;
-    const hash = credentials.at(1);
+  if (!authMek)
+    throw createError({
+      statusCode: 401,
+      statusMessage: "Invalid username or password.",
+    });

-    if (!hash) throw createError({ statusCode: 403, statusMessage: "Invalid or disabled account. Please contact the server administrator." });
+  const credentials = authMek.credentials as JsonArray;
+  const hash = credentials.at(1);

-    if (!await checkHash(password, hash.toString()))
-        throw createError({ statusCode: 401, statusMessage: "Invalid username or password." });
+  if (!hash || !authMek.user.enabled)
+    throw createError({
+      statusCode: 403,
+      statusMessage:
+        "Invalid or disabled account. Please contact the server administrator.",
+    });

-    await sessionHandler.setUserId(h3, authMek.userId, rememberMe);
+  if (!(await checkHash(password, hash.toString())))
+    throw createError({
+      statusCode: 401,
+      statusMessage: "Invalid username or password.",
+    });

-    return { result: true, userId: authMek.userId }
-});
+  await sessionHandler.setUserId(h3, authMek.userId, rememberMe);
+
+  return { result: true, userId: authMek.userId };
+});