mirror of
https://github.com/Dokploy/dokploy
synced 2025-06-26 18:27:59 +00:00
refactor: update user and authentication schema with two-factor support
This commit is contained in:
Mauricio Siu
@@ -119,3 +119,12 @@ export const invitationRelations = relations(invitation, ({ one }) => ({
|
||||
references: [organization.id],
|
||||
}),
|
||||
}));
|
||||
|
||||
export const twoFactor = pgTable("two_factor", {
|
||||
id: text("id").primaryKey(),
|
||||
secret: text("secret").notNull(),
|
||||
backupCodes: text("backup_codes").notNull(),
|
||||
userId: text("user_id")
|
||||
.notNull()
|
||||
.references(() => users_temp.id, { onDelete: "cascade" }),
|
||||
});
|
||||
|
||||
@@ -59,10 +59,12 @@ export const users_temp = pgTable("user_temp", {
|
||||
.array()
|
||||
.notNull()
|
||||
.default(sql`ARRAY[]::text[]`),
|
||||
|
||||
// authId: text("authId")
|
||||
// .notNull()
|
||||
// .references(() => auth.id, { onDelete: "cascade" }),
|
||||
// Auth
|
||||
twoFactorEnabled: boolean("two_factor_enabled"),
|
||||
email: text("email").notNull().unique(),
|
||||
emailVerified: boolean("email_verified").notNull(),
|
||||
image: text("image"),
|
||||
@@ -151,10 +153,8 @@ export const usersRelations = relations(users_temp, ({ one, many }) => ({
|
||||
|
||||
const createSchema = createInsertSchema(users_temp, {
|
||||
id: z.string().min(1),
|
||||
// authId: z.string().min(1),
|
||||
token: z.string().min(1),
|
||||
isRegistered: z.boolean().optional(),
|
||||
// adminId: z.string(),
|
||||
accessedProjects: z.array(z.string()).optional(),
|
||||
accessedServices: z.array(z.string()).optional(),
|
||||
canCreateProjects: z.boolean().optional(),
|
||||
@@ -297,3 +297,30 @@ export const apiUpdateWebServerMonitoring = z.object({
|
||||
})
|
||||
.required(),
|
||||
});
|
||||
|
||||
export const apiUpdateUser = createSchema.partial().extend({
|
||||
metricsConfig: z
|
||||
.object({
|
||||
server: z.object({
|
||||
type: z.enum(["Dokploy", "Remote"]),
|
||||
refreshRate: z.number(),
|
||||
port: z.number(),
|
||||
token: z.string(),
|
||||
urlCallback: z.string(),
|
||||
retentionDays: z.number(),
|
||||
cronJob: z.string(),
|
||||
thresholds: z.object({
|
||||
cpu: z.number(),
|
||||
memory: z.number(),
|
||||
}),
|
||||
}),
|
||||
containers: z.object({
|
||||
refreshRate: z.number(),
|
||||
services: z.object({
|
||||
include: z.array(z.string()),
|
||||
exclude: z.array(z.string()),
|
||||
}),
|
||||
}),
|
||||
})
|
||||
.optional(),
|
||||
});
|
||||
|
||||
@@ -2,7 +2,11 @@ import type { IncomingMessage } from "node:http";
|
||||
import * as bcrypt from "bcrypt";
|
||||
import { betterAuth } from "better-auth";
|
||||
import { drizzleAdapter } from "better-auth/adapters/drizzle";
|
||||
import { createAuthMiddleware, organization } from "better-auth/plugins";
|
||||
import {
|
||||
createAuthMiddleware,
|
||||
organization,
|
||||
twoFactor,
|
||||
} from "better-auth/plugins";
|
||||
import { desc, eq } from "drizzle-orm";
|
||||
import { db } from "../db";
|
||||
import * as schema from "../db/schema";
|
||||
@@ -85,6 +89,7 @@ export const auth = betterAuth({
|
||||
},
|
||||
|
||||
plugins: [
|
||||
twoFactor(),
|
||||
organization({
|
||||
async sendInvitationEmail(data, request) {
|
||||
const inviteLink = `https://example.com/accept-invitation/${data.id}`;
|
||||
|
||||
@@ -12,41 +12,40 @@ import * as bcrypt from "bcrypt";
|
||||
import { eq } from "drizzle-orm";
|
||||
import { IS_CLOUD } from "../constants";
|
||||
|
||||
export type Admin = typeof users_temp.$inferSelect;
|
||||
export type User = typeof users_temp.$inferSelect;
|
||||
export const createInvitation = async (
|
||||
input: typeof apiCreateUserInvitation._type,
|
||||
adminId: string,
|
||||
) => {
|
||||
await db.transaction(async (tx) => {
|
||||
const result = await tx
|
||||
.insert(auth)
|
||||
.values({
|
||||
email: input.email.toLowerCase(),
|
||||
rol: "user",
|
||||
password: bcrypt.hashSync("01231203012312", 10),
|
||||
})
|
||||
.returning()
|
||||
.then((res) => res[0]);
|
||||
|
||||
if (!result) {
|
||||
throw new TRPCError({
|
||||
code: "BAD_REQUEST",
|
||||
message: "Error creating the user",
|
||||
});
|
||||
}
|
||||
const expiresIn24Hours = new Date();
|
||||
expiresIn24Hours.setDate(expiresIn24Hours.getDate() + 1);
|
||||
const token = randomBytes(32).toString("hex");
|
||||
// await tx
|
||||
// .insert(users)
|
||||
// .values({
|
||||
// adminId: adminId,
|
||||
// authId: result.id,
|
||||
// token,
|
||||
// expirationDate: expiresIn24Hours.toISOString(),
|
||||
// })
|
||||
// .returning();
|
||||
});
|
||||
// await db.transaction(async (tx) => {
|
||||
// const result = await tx
|
||||
// .insert(auth)
|
||||
// .values({
|
||||
// email: input.email.toLowerCase(),
|
||||
// rol: "user",
|
||||
// password: bcrypt.hashSync("01231203012312", 10),
|
||||
// })
|
||||
// .returning()
|
||||
// .then((res) => res[0]);
|
||||
// if (!result) {
|
||||
// throw new TRPCError({
|
||||
// code: "BAD_REQUEST",
|
||||
// message: "Error creating the user",
|
||||
// });
|
||||
// }
|
||||
// const expiresIn24Hours = new Date();
|
||||
// expiresIn24Hours.setDate(expiresIn24Hours.getDate() + 1);
|
||||
// const token = randomBytes(32).toString("hex");
|
||||
// await tx
|
||||
// .insert(users)
|
||||
// .values({
|
||||
// adminId: adminId,
|
||||
// authId: result.id,
|
||||
// token,
|
||||
// expirationDate: expiresIn24Hours.toISOString(),
|
||||
// })
|
||||
// .returning();
|
||||
// });
|
||||
};
|
||||
|
||||
export const findUserById = async (userId: string) => {
|
||||
@@ -65,7 +64,7 @@ export const findUserById = async (userId: string) => {
|
||||
return user;
|
||||
};
|
||||
|
||||
export const updateUser = async (userId: string, userData: Partial<Admin>) => {
|
||||
export const updateUser = async (userId: string, userData: Partial<User>) => {
|
||||
const user = await db
|
||||
.update(users_temp)
|
||||
.set({
|
||||
@@ -80,7 +79,7 @@ export const updateUser = async (userId: string, userData: Partial<Admin>) => {
|
||||
|
||||
export const updateAdminById = async (
|
||||
adminId: string,
|
||||
adminData: Partial<Admin>,
|
||||
adminData: Partial<User>,
|
||||
) => {
|
||||
// const admin = await db
|
||||
// .update(admins)
|
||||
@@ -93,13 +92,6 @@ export const updateAdminById = async (
|
||||
// return admin;
|
||||
};
|
||||
|
||||
export const findAdminById = async (userId: string) => {
|
||||
const admin = await db.query.admins.findFirst({
|
||||
// where: eq(admins.userId, userId),
|
||||
});
|
||||
return admin;
|
||||
};
|
||||
|
||||
export const isAdminPresent = async () => {
|
||||
const admin = await db.query.member.findFirst({
|
||||
where: eq(member.role, "owner"),
|
||||
@@ -113,33 +105,6 @@ export const isAdminPresent = async () => {
|
||||
return true;
|
||||
};
|
||||
|
||||
export const findAdminByAuthId = async (authId: string) => {
|
||||
const admin = await db.query.admins.findFirst({
|
||||
where: eq(admins.authId, authId),
|
||||
with: {
|
||||
users: true,
|
||||
},
|
||||
});
|
||||
if (!admin) {
|
||||
throw new TRPCError({
|
||||
code: "NOT_FOUND",
|
||||
message: "Admin not found",
|
||||
});
|
||||
}
|
||||
return admin;
|
||||
};
|
||||
|
||||
export const findAdmin = async () => {
|
||||
const admin = await db.query.admins.findFirst({});
|
||||
if (!admin) {
|
||||
throw new TRPCError({
|
||||
code: "NOT_FOUND",
|
||||
message: "Admin not found",
|
||||
});
|
||||
}
|
||||
return admin;
|
||||
};
|
||||
|
||||
export const getUserByToken = async (token: string) => {
|
||||
// const user = await db.query.users.findFirst({
|
||||
// where: eq(users.token, token),
|
||||
@@ -171,24 +136,6 @@ export const removeUserById = async (userId: string) => {
|
||||
.then((res) => res[0]);
|
||||
};
|
||||
|
||||
export const removeAdminByAuthId = async (authId: string) => {
|
||||
const admin = await findAdminByAuthId(authId);
|
||||
if (!admin) return null;
|
||||
|
||||
// First delete all associated users
|
||||
const users = admin.users;
|
||||
|
||||
// for (const user of users) {
|
||||
// await removeUserById(user.id);
|
||||
// }
|
||||
// Then delete the auth record which will cascade delete the admin
|
||||
return await db
|
||||
.delete(auth)
|
||||
.where(eq(auth.id, authId))
|
||||
.returning()
|
||||
.then((res) => res[0]);
|
||||
};
|
||||
|
||||
export const getDokployUrl = async () => {
|
||||
if (IS_CLOUD) {
|
||||
return "https://app.dokploy.com";
|
||||
|
||||
@@ -10,6 +10,7 @@ import { TOTP } from "otpauth";
|
||||
import QRCode from "qrcode";
|
||||
import { IS_CLOUD } from "../constants";
|
||||
import { findUserById } from "./admin";
|
||||
import type { User } from "./user";
|
||||
|
||||
export const findAuthById = async (authId: string) => {
|
||||
const result = await db.query.users_temp.findFirst({
|
||||
@@ -51,11 +52,7 @@ export const generate2FASecret = async (userId: string) => {
|
||||
};
|
||||
};
|
||||
|
||||
export const verify2FA = async (
|
||||
auth: Omit<Auth, "password">,
|
||||
secret: string,
|
||||
pin: string,
|
||||
) => {
|
||||
export const verify2FA = async (auth: User, secret: string, pin: string) => {
|
||||
const totp = new TOTP({
|
||||
issuer: "Dokploy",
|
||||
label: `${auth?.email}`,
|
||||
|
||||
@@ -1,4 +1,3 @@
|
||||
import { findAdmin } from "@dokploy/server/services/admin";
|
||||
import { getAllServers } from "@dokploy/server/services/server";
|
||||
import { scheduleJob } from "node-schedule";
|
||||
import { db } from "../../db/index";
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
import { existsSync, readFileSync, writeFileSync } from "node:fs";
|
||||
import { join } from "node:path";
|
||||
import { paths } from "@dokploy/server/constants";
|
||||
import type { User } from "@dokploy/server/services/user";
|
||||
import { dump, load } from "js-yaml";
|
||||
import { loadOrCreateConfig, writeTraefikConfig } from "./application";
|
||||
import type { FileConfig } from "./file-types";
|
||||
import type { MainTraefikConfig } from "./types";
|
||||
import type { User } from "@dokploy/server/services/user";
|
||||
|
||||
export const updateServerTraefik = (
|
||||
user: User | null,
|
||||
|
||||
Reference in New Issue
Block a user