Users and Authorization

Author: artemdemo

packages/cli/src/cli/dev/dev-server/database.ts

@@ -1,15 +1,18 @@
 import Datastore from "@seald-io/nedb";
-import type { Entity } from "@/core/resources/entity/schema.js";
 
 export class Database {
   private collections: Map<string, Datastore> = new Map();
 
-  load(entities: Entity[]) {
-    for (const entity of entities) {
-      this.collections.set(entity.name, new Datastore());
+  initCollections(names: string[]) {
+    for (const name of names) {
+      this.collections.set(name, new Datastore());
     }
   }
 
+  hasCollection(name: string): boolean {
+    return this.collections.has(name);
+  }
+
   getCollection(name: string): Datastore | undefined {
     return this.collections.get(name);
   }

packages/cli/src/cli/dev/dev-server/main.ts

@@ -16,12 +16,13 @@ import {
   broadcastEntityEvent,
   createRealtimeServer,
 } from "./realtime.js";
-import { createEntityRoutes } from "./routes/entities.js";
+import { createEntityRoutes } from "./routes/entities/entities-router.js";
 import {
   createCustomIntegrationRoutes,
   createFileToken,
   createIntegrationRoutes,
 } from "./routes/integrations.js";
+import { createUsersRoutes } from "./routes/users.js";
 import { WatchBase44 } from "./watcher.js";
 
 const DEFAULT_PORT = 4400;
@@ -76,8 +77,20 @@ export async function createDevServer(
     next();
   });
 
+  app.use((req, res, next) => {
+    const auth = req.headers.authorization;
+    if (!auth || !auth.startsWith("Bearer ")) {
+      res.status(401).json({ error: "Unauthorized" });
+      return;
+    }
+    next();
+  });
+
   const devLogger = createDevLogger();
 
+  const usersRoutes = createUsersRoutes();
+  app.use("/api/apps/:appId/users", usersRoutes);
+
   const functionManager = new FunctionManager(
     functions,
     devLogger,
@@ -93,19 +106,16 @@ export async function createDevServer(
   }
 
   const db = new Database();
-  db.load(entities);
+  db.initCollections(entities.map((entity) => entity.name));
   if (db.getCollectionNames().length > 0) {
     clackLog.info(`Loaded entities: ${db.getCollectionNames().join(", ")}`);
   }
 
   // Socket.IO is attached after the HTTP server starts; entity routes receive
   // a broadcast callback that becomes a no-op until the server is ready.
   let emitEntityEvent: BroadcastEntityEvent = () => {};
-  const entityRoutes = createEntityRoutes(
-    db,
-    devLogger,
-    remoteProxy,
-    (...args) => emitEntityEvent(...args),
+  const entityRoutes = await createEntityRoutes(db, devLogger, (...args) =>
+    emitEntityEvent(...args),
   );
   app.use("/api/apps/:appId/entities", entityRoutes);
 
@@ -205,7 +215,7 @@ export async function createDevServer(
         if (previousEntityCount > 0) {
           devLogger.log("Entities directory changed, clearing data...");
         }
-        db.load(entities);
+        db.initCollections(entities.map((entity) => entity.name));
         if (db.getCollectionNames().length > 0) {
           devLogger.log(
             `Loaded entities: ${db.getCollectionNames().join(", ")}`,

…rc/cli/dev/dev-server/routes/entities.ts …erver/routes/entities/entities-router.tspackages/cli/src/cli/dev/dev-server/routes/entities.ts renamed to packages/cli/src/cli/dev/dev-server/routes/entities/entities-router.ts packages/cli/src/cli/dev/dev-server/routes/entities.ts renamed to packages/cli/src/cli/dev/dev-server/routes/entities/entities-router.ts

@@ -1,10 +1,12 @@
 import type Datastore from "@seald-io/nedb";
-import type { Request, RequestHandler, Response, Router } from "express";
+import type { Request, Response, Router } from "express";
 import { Router as createRouter, json } from "express";
 import { nanoid } from "nanoid";
-import type { Logger } from "../../createDevLogger.js";
-import type { Database } from "../database.js";
-import type { BroadcastEntityEvent, EntityEventType } from "../realtime.js";
+import type { Logger } from "../../../createDevLogger.js";
+import type { Database } from "../../database.js";
+import type { BroadcastEntityEvent, EntityEventType } from "../../realtime.js";
+import { createUserRouter } from "./entities-user-router.js";
+import { stripInternalFields } from "./utils.js";
 
 interface EntityParams {
   appId: string;
@@ -51,28 +53,11 @@ function parseFields(
   return Object.keys(projection).length > 0 ? projection : undefined;
 }
 
-function stripInternalFields<T extends Record<string, unknown>>(
-  doc: T[],
-): Omit<T, "_id">[];
-function stripInternalFields<T extends Record<string, unknown>>(
-  doc: T,
-): Omit<T, "_id">;
-function stripInternalFields<T extends Record<string, unknown>>(
-  doc: T | T[],
-): Omit<T, "_id"> | Omit<T, "_id">[] {
-  if (Array.isArray(doc)) {
-    return doc.map((d) => stripInternalFields(d));
-  }
-  const { _id, ...rest } = doc;
-  return rest;
-}
-
-export function createEntityRoutes(
+export async function createEntityRoutes(
   db: Database,
   logger: Logger,
-  remoteProxy: RequestHandler,
   broadcast: BroadcastEntityEvent,
-): Router {
+): Promise<Router> {
   const router = createRouter({ mergeParams: true });
   const parseBody = json();
 
@@ -116,15 +101,8 @@ export function createEntityRoutes(
     broadcast(appId, entityName, createData(data));
   }
 
-  router.get("/User/:id", (req, res, next) => {
-    logger.warn(
-      `"${req.originalUrl}" is not supported in local development, passing call to production`,
-    );
-    // This is necessary because Express strips the router prefix from req.url,
-    // so without this the proxy would send just `/User/:id` instead of the full path.
-    req.url = req.originalUrl;
-    remoteProxy(req, res, next);
-  });
+  const userRouter = await createUserRouter(db);
+  router.use("/User", userRouter);
 
   router.get(
     "/:entityName/:id",

packages/cli/src/cli/dev/dev-server/routes/entities/entities-user-router.ts

@@ -0,0 +1,52 @@
+import type { Request, Response, Router } from "express";
+import { Router as createRouter } from "express";
+import { nanoid } from "nanoid";
+import { readAuth } from "@/core/index.js";
+import type { Database } from "../../database.js";
+import { stripInternalFields } from "./utils.js";
+
+export async function createUserRouter(db: Database): Promise<Router> {
+  if (!db.hasCollection("User")) {
+    db.initCollections(["User"]);
+  }
+
+  const userInfo = await readAuth();
+
+  const meEntity = await db
+    .getCollection("User")
+    ?.findOneAsync({ email: userInfo.email });
+  let idMe: string | undefined = meEntity?.id;
+
+  if (!idMe) {
+    const now = new Date().toISOString().replace("Z", "000");
+    idMe = nanoid();
+    await db.getCollection("User")?.insertAsync({
+      id: idMe,
+      email: userInfo.email,
+      full_name: userInfo.name,
+      is_service: false,
+      is_verified: true,
+      disabled: null,
+      role: "admin",
+      collaborator_role: "editor",
+      created_date: now,
+      updated_date: now,
+    });
+  }
+
+  const router = createRouter({ mergeParams: true });
+
+  router.get("/:id", async (req: Request<{ id: string }>, res: Response) => {
+    const id = req.params.id === "me" ? idMe : req.params.id;
+    const result = await db.getCollection("User")?.findOneAsync({ id });
+    if (!result) {
+      res
+        .status(404)
+        .json({ error: `User with id "${req.params.id}" not found` });
+      return;
+    }
+    res.json(stripInternalFields(result));
+  });
+
+  return router;
+}

packages/cli/src/cli/dev/dev-server/routes/entities/utils.ts

@@ -0,0 +1,15 @@
+export function stripInternalFields<T extends Record<string, unknown>>(
+  doc: T[],
+): Omit<T, "_id">[];
+export function stripInternalFields<T extends Record<string, unknown>>(
+  doc: T,
+): Omit<T, "_id">;
+export function stripInternalFields<T extends Record<string, unknown>>(
+  doc: T | T[],
+): Omit<T, "_id"> | Omit<T, "_id">[] {
+  if (Array.isArray(doc)) {
+    return doc.map((d) => stripInternalFields(d));
+  }
+  const { _id, ...rest } = doc;
+  return rest;
+}

packages/cli/src/cli/dev/dev-server/routes/users.ts

@@ -0,0 +1,13 @@
+import { json, Router } from "express";
+
+export function createUsersRoutes(): Router {
+  const router = Router({ mergeParams: true });
+  const parseBody = json();
+
+  router.post("/invite-user", parseBody, (req, _res, next) => {
+    console.log("invite-user", req.body);
+    next();
+  });
+
+  return router;
+}

packages/cli/tests/cli/connectors_list_available.spec.ts

@@ -73,6 +73,7 @@ describe("connectors list-available command", () => {
     await t.givenLoggedInWithProject(fixture("basic"));
     t.api.mockAvailableIntegrationsList({
       integrations: [{ bad: "data" }],
+      // biome-ignore lint/suspicious/noExplicitAny: intentionally sending wrong data
     } as any);
 
     const result = await t.run("connectors", "list-available");