mirror of
https://github.com/Dokploy/dokploy
synced 2025-06-26 18:27:59 +00:00
208 lines
4.4 KiB
TypeScript
208 lines
4.4 KiB
TypeScript
import { db } from "@/server/db";
|
|
import { users } from "@/server/db/schema";
|
|
import { TRPCError } from "@trpc/server";
|
|
import { eq } from "drizzle-orm";
|
|
|
|
export type User = typeof users.$inferSelect;
|
|
|
|
export const findUserById = async (userId: string) => {
|
|
const user = await db.query.users.findFirst({
|
|
where: eq(users.userId, userId),
|
|
});
|
|
if (!user) {
|
|
throw new TRPCError({
|
|
code: "NOT_FOUND",
|
|
message: "User not found",
|
|
});
|
|
}
|
|
return user;
|
|
};
|
|
|
|
export const findUserByAuthId = async (authId: string) => {
|
|
const user = await db.query.users.findFirst({
|
|
where: eq(users.authId, authId),
|
|
with: {
|
|
auth: true,
|
|
},
|
|
});
|
|
if (!user) {
|
|
throw new TRPCError({
|
|
code: "NOT_FOUND",
|
|
message: "User not found",
|
|
});
|
|
}
|
|
return user;
|
|
};
|
|
|
|
export const findUsers = async () => {
|
|
const users = await db.query.users.findMany({
|
|
with: {
|
|
auth: {
|
|
columns: {
|
|
secret: false,
|
|
},
|
|
},
|
|
},
|
|
});
|
|
return users;
|
|
};
|
|
|
|
export const addNewProject = async (authId: string, projectId: string) => {
|
|
const user = await findUserByAuthId(authId);
|
|
|
|
await db
|
|
.update(users)
|
|
.set({
|
|
accesedProjects: [...user.accesedProjects, projectId],
|
|
})
|
|
.where(eq(users.authId, authId));
|
|
};
|
|
|
|
export const addNewService = async (authId: string, serviceId: string) => {
|
|
const user = await findUserByAuthId(authId);
|
|
await db
|
|
.update(users)
|
|
.set({
|
|
accesedServices: [...user.accesedServices, serviceId],
|
|
})
|
|
.where(eq(users.authId, authId));
|
|
};
|
|
|
|
export const canPerformCreationService = async (
|
|
userId: string,
|
|
projectId: string,
|
|
) => {
|
|
const { accesedProjects, canCreateServices } = await findUserByAuthId(userId);
|
|
const haveAccessToProject = accesedProjects.includes(projectId);
|
|
|
|
if (canCreateServices && haveAccessToProject) {
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
};
|
|
|
|
export const canPerformAccessService = async (
|
|
userId: string,
|
|
serviceId: string,
|
|
) => {
|
|
const { accesedServices } = await findUserByAuthId(userId);
|
|
const haveAccessToService = accesedServices.includes(serviceId);
|
|
|
|
if (haveAccessToService) {
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
};
|
|
|
|
export const canPeformDeleteService = async (
|
|
authId: string,
|
|
serviceId: string,
|
|
) => {
|
|
const { accesedServices, canDeleteServices } = await findUserByAuthId(authId);
|
|
const haveAccessToService = accesedServices.includes(serviceId);
|
|
|
|
if (canDeleteServices && haveAccessToService) {
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
};
|
|
|
|
export const canPerformCreationProject = async (authId: string) => {
|
|
const { canCreateProjects } = await findUserByAuthId(authId);
|
|
|
|
if (canCreateProjects) {
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
};
|
|
|
|
export const canPerformDeleteProject = async (authId: string) => {
|
|
const { canDeleteProjects } = await findUserByAuthId(authId);
|
|
|
|
if (canDeleteProjects) {
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
};
|
|
|
|
export const canPerformAccessProject = async (
|
|
authId: string,
|
|
projectId: string,
|
|
) => {
|
|
const { accesedProjects } = await findUserByAuthId(authId);
|
|
|
|
const haveAccessToProject = accesedProjects.includes(projectId);
|
|
|
|
if (haveAccessToProject) {
|
|
return true;
|
|
}
|
|
return false;
|
|
};
|
|
|
|
export const canAccessToTraefikFiles = async (authId: string) => {
|
|
const { canAccessToTraefikFiles } = await findUserByAuthId(authId);
|
|
return canAccessToTraefikFiles;
|
|
};
|
|
|
|
export const checkServiceAccess = async (
|
|
authId: string,
|
|
serviceId: string,
|
|
action = "access" as "access" | "create" | "delete",
|
|
) => {
|
|
let hasPermission = false;
|
|
switch (action) {
|
|
case "create":
|
|
hasPermission = await canPerformCreationService(authId, serviceId);
|
|
break;
|
|
case "access":
|
|
hasPermission = await canPerformAccessService(authId, serviceId);
|
|
break;
|
|
case "delete":
|
|
hasPermission = await canPeformDeleteService(authId, serviceId);
|
|
break;
|
|
default:
|
|
hasPermission = false;
|
|
}
|
|
if (!hasPermission) {
|
|
throw new TRPCError({
|
|
code: "UNAUTHORIZED",
|
|
message: "Permission denied",
|
|
});
|
|
}
|
|
};
|
|
|
|
export const checkProjectAccess = async (
|
|
authId: string,
|
|
action: "create" | "delete" | "access",
|
|
projectId?: string,
|
|
) => {
|
|
let hasPermission = false;
|
|
switch (action) {
|
|
case "access":
|
|
hasPermission = await canPerformAccessProject(
|
|
authId,
|
|
projectId as string,
|
|
);
|
|
break;
|
|
case "create":
|
|
hasPermission = await canPerformCreationProject(authId);
|
|
break;
|
|
case "delete":
|
|
hasPermission = await canPerformDeleteProject(authId);
|
|
break;
|
|
default:
|
|
hasPermission = false;
|
|
}
|
|
if (!hasPermission) {
|
|
throw new TRPCError({
|
|
code: "UNAUTHORIZED",
|
|
message: "Permission denied",
|
|
});
|
|
}
|
|
};
|