authorizer/server/resolvers/create_user.go

package resolvers

import (
	"context"
	"errors"
	"fmt"
	"strings"
	"time"

	log "github.com/sirupsen/logrus"

	"github.com/authorizerdev/authorizer/server/constants"
	"github.com/authorizerdev/authorizer/server/db"
	"github.com/authorizerdev/authorizer/server/db/models"
	"github.com/authorizerdev/authorizer/server/email"
	"github.com/authorizerdev/authorizer/server/graph/model"
	"github.com/authorizerdev/authorizer/server/parsers"
	"github.com/authorizerdev/authorizer/server/refs"
	"github.com/authorizerdev/authorizer/server/token"
	"github.com/authorizerdev/authorizer/server/utils"
	"github.com/authorizerdev/authorizer/server/validators"
)

// CreateUserResolver is a resolver for create user mutation
// This is admin only mutation
func CreateUserResolver(ctx context.Context, params model.CreateUserInput) (*model.User, error) {
	var res *model.User

	gc, err := utils.GinContextFromContext(ctx)
	if err != nil {
		log.Debug("Failed to get GinContext: ", err)
		return res, err
	}

	if !token.IsSuperAdmin(gc) {
		log.Debug("Not logged in as super admin")
		return res, fmt.Errorf("unauthorized")
	}

	log := log.New()

	if params.PhoneNumber != nil {
		// verify if phone number is unique
		if _, err := db.Provider.GetUserByPhoneNumber(ctx, strings.TrimSpace(refs.StringValue(params.PhoneNumber))); err == nil {
			log.Debug("user with given phone number already exists")
			return nil, errors.New("user with given phone number already exists")
		}
	}

	if params.EmailVerified != nil {
		if *params.EmailVerified {
			now := time.Now().Unix()
			params.EmailVerifiedAt = &now
		} else {
			params.EmailVerifiedAt = nil
		}
	}

	if params.Email != nil {
		// check if valid email
		if !validators.IsValidEmail(*params.Email) {
			log.Debug("Invalid email: ", *params.Email)
			return res, fmt.Errorf("invalid email address")
		}
		newEmail := strings.ToLower(*params.Email)
		// check if user with new email exists
		_, err = db.Provider.GetUserByEmail(ctx, newEmail)
		// err = nil means user exists
		if err == nil {
			log.Debug("User with email already exists: ", newEmail)
			return res, fmt.Errorf("user with this email address already exists")
		}

		hostname := parsers.GetHost(gc)
		params.Email = &newEmail
		params.EmailVerifiedAt = nil
		// insert verification request
		_, nonceHash, err := utils.GenerateNonce()
		if err != nil {
			log.Debug("Failed to generate nonce: ", err)
			return res, err
		}
		verificationType := constants.VerificationTypeUpdateEmail
		redirectURL := parsers.GetAppURL(gc)
		verificationToken, err := token.CreateVerificationToken(newEmail, verificationType, hostname, nonceHash, redirectURL)
		if err != nil {
			log.Debug("Failed to create verification token: ", err)
		}
		_, err = db.Provider.AddVerificationRequest(ctx, &models.VerificationRequest{
			Token:       verificationToken,
			Identifier:  verificationType,
			ExpiresAt:   time.Now().Add(time.Minute * 30).Unix(),
			Email:       newEmail,
			Nonce:       nonceHash,
			RedirectURI: redirectURL,
		})
		if err != nil {
			log.Debug("Failed to add verification request: ", err)
			return res, err
		}

		// exec it as go routine so that we can reduce the api latency
		go email.SendEmail([]string{*params.Email}, constants.VerificationTypeBasicAuthSignup, map[string]interface{}{
			"user":             params,
			"organization":     utils.GetOrganization(),
			"verification_url": utils.GetEmailVerificationURL(verificationToken, hostname, redirectURL),
		})

	}

	// json-typed model to store in database
	userdata := models.User{
		Email:           *params.Email,
		EmailVerifiedAt: params.EmailVerifiedAt,
		CreatedAt:       *params.CreatedAt,
		UpdatedAt:       *params.UpdatedAt,
		Password:        params.Password,
		GivenName:       params.GivenName,
		FamilyName:      params.FamilyName,
		MiddleName:      params.MiddleName,
		Nickname:        params.Nickname, // slug
		PhoneNumber:     params.PhoneNumber,
		Picture:         params.Picture,
	}

	var user *models.User
	user, err = db.Provider.AddUser(ctx, &userdata)

	if err != nil {
		log.Debug("Failed to update user: ", err)
		return res, err
	}

	createdAt := user.CreatedAt
	updatedAt := user.UpdatedAt
	res = &model.User{
		ID:			user.ID,
		Email:      user.Email,
		Picture:    user.Picture,
		GivenName:  user.GivenName,
		FamilyName: user.FamilyName,
		Roles:      strings.Split(user.Roles, ","),
		CreatedAt:  &createdAt,
		UpdatedAt:  &updatedAt,
	}
	return res, nil
}
create-user 2023-10-24 14:01:05 +00:00			`package resolvers`

			`import (`
			`"context"`
			`"errors"`
			`"fmt"`
			`"strings"`
			`"time"`

			`log "github.com/sirupsen/logrus"`

			`"github.com/authorizerdev/authorizer/server/constants"`
			`"github.com/authorizerdev/authorizer/server/db"`
			`"github.com/authorizerdev/authorizer/server/db/models"`
			`"github.com/authorizerdev/authorizer/server/email"`
			`"github.com/authorizerdev/authorizer/server/graph/model"`
			`"github.com/authorizerdev/authorizer/server/parsers"`
			`"github.com/authorizerdev/authorizer/server/refs"`
			`"github.com/authorizerdev/authorizer/server/token"`
			`"github.com/authorizerdev/authorizer/server/utils"`
			`"github.com/authorizerdev/authorizer/server/validators"`
			`)`

			`// CreateUserResolver is a resolver for create user mutation`
			`// This is admin only mutation`
			`func CreateUserResolver(ctx context.Context, params model.CreateUserInput) (*model.User, error) {`
			`var res *model.User`

			`gc, err := utils.GinContextFromContext(ctx)`
			`if err != nil {`
			`log.Debug("Failed to get GinContext: ", err)`
			`return res, err`
			`}`

			`if !token.IsSuperAdmin(gc) {`
			`log.Debug("Not logged in as super admin")`
			`return res, fmt.Errorf("unauthorized")`
			`}`

create_user-api 2023-10-24 17:49:34 +00:00			`log := log.New()`
create-user 2023-10-24 14:01:05 +00:00
			`if params.PhoneNumber != nil {`
			`// verify if phone number is unique`
			`if _, err := db.Provider.GetUserByPhoneNumber(ctx, strings.TrimSpace(refs.StringValue(params.PhoneNumber))); err == nil {`
			`log.Debug("user with given phone number already exists")`
			`return nil, errors.New("user with given phone number already exists")`
			`}`
			`}`

create_user-api 2023-10-24 17:49:34 +00:00			`if params.EmailVerified != nil {`
			`if *params.EmailVerified {`
			`now := time.Now().Unix()`
			`params.EmailVerifiedAt = &now`
			`} else {`
			`params.EmailVerifiedAt = nil`
			`}`
			`}`

create-user 2023-10-24 14:01:05 +00:00			`if params.Email != nil {`
			`// check if valid email`
			`if !validators.IsValidEmail(*params.Email) {`
			`log.Debug("Invalid email: ", *params.Email)`
			`return res, fmt.Errorf("invalid email address")`
			`}`
			`newEmail := strings.ToLower(*params.Email)`
			`// check if user with new email exists`
			`_, err = db.Provider.GetUserByEmail(ctx, newEmail)`
			`// err = nil means user exists`
			`if err == nil {`
			`log.Debug("User with email already exists: ", newEmail)`
			`return res, fmt.Errorf("user with this email address already exists")`
			`}`

			`hostname := parsers.GetHost(gc)`
			`params.Email = &newEmail`
create_user-api 2023-10-24 17:49:34 +00:00			`params.EmailVerifiedAt = nil`
create-user 2023-10-24 14:01:05 +00:00			`// insert verification request`
			`_, nonceHash, err := utils.GenerateNonce()`
			`if err != nil {`
			`log.Debug("Failed to generate nonce: ", err)`
			`return res, err`
			`}`
			`verificationType := constants.VerificationTypeUpdateEmail`
			`redirectURL := parsers.GetAppURL(gc)`
			`verificationToken, err := token.CreateVerificationToken(newEmail, verificationType, hostname, nonceHash, redirectURL)`
			`if err != nil {`
			`log.Debug("Failed to create verification token: ", err)`
			`}`
			`_, err = db.Provider.AddVerificationRequest(ctx, &models.VerificationRequest{`
			`Token: verificationToken,`
			`Identifier: verificationType,`
			`ExpiresAt: time.Now().Add(time.Minute * 30).Unix(),`
			`Email: newEmail,`
			`Nonce: nonceHash,`
			`RedirectURI: redirectURL,`
			`})`
			`if err != nil {`
			`log.Debug("Failed to add verification request: ", err)`
			`return res, err`
			`}`

			`// exec it as go routine so that we can reduce the api latency`
			`go email.SendEmail([]string{*params.Email}, constants.VerificationTypeBasicAuthSignup, map[string]interface{}{`
			`"user": params,`
			`"organization": utils.GetOrganization(),`
			`"verification_url": utils.GetEmailVerificationURL(verificationToken, hostname, redirectURL),`
			`})`

			`}`

			`// json-typed model to store in database`
			`userdata := models.User{`
create_user-api 2023-10-24 17:49:34 +00:00			`Email: *params.Email,`
			`EmailVerifiedAt: params.EmailVerifiedAt,`
			`CreatedAt: *params.CreatedAt,`
			`UpdatedAt: *params.UpdatedAt,`
			`Password: params.Password,`
			`GivenName: params.GivenName,`
			`FamilyName: params.FamilyName,`
			`MiddleName: params.MiddleName,`
			`Nickname: params.Nickname, // slug`
			`PhoneNumber: params.PhoneNumber,`
			`Picture: params.Picture,`
create-user 2023-10-24 14:01:05 +00:00			`}`

			`var user *models.User`
			`user, err = db.Provider.AddUser(ctx, &userdata)`

			`if err != nil {`
create_user-api 2023-10-24 17:49:34 +00:00			`log.Debug("Failed to update user: ", err)`
create-user 2023-10-24 14:01:05 +00:00			`return res, err`
			`}`

create_user-api 2023-10-24 17:49:34 +00:00			`createdAt := user.CreatedAt`
			`updatedAt := user.UpdatedAt`
create-user 2023-10-24 14:01:05 +00:00			`res = &model.User{`
create_user-api 2023-10-24 17:49:34 +00:00			`ID: user.ID,`
			`Email: user.Email,`
			`Picture: user.Picture,`
			`GivenName: user.GivenName,`
			`FamilyName: user.FamilyName,`
			`Roles: strings.Split(user.Roles, ","),`
			`CreatedAt: &createdAt,`
			`UpdatedAt: &updatedAt,`
create-user 2023-10-24 14:01:05 +00:00			`}`
			`return res, nil`
			`}`