Refactor admin action naming and move user assertions
Renamed the admin actions to have a more uniform approach with "Action" suffixed. This makes the action function's purpose clear in the codebase. Also, moved the `assertUserIsNotCurrentSuperAdmin` method to a more suitable place in the code, arranging it in a private scope. This helps in maintaining clean code architecture and enhances readibility.
This commit is contained in:
giancarlo
@@ -1,7 +1,7 @@
|
||||
import 'server-only';
|
||||
|
||||
import { SupabaseClient } from '@supabase/supabase-js';
|
||||
|
||||
import 'server-only';
|
||||
|
||||
import { Database } from '@kit/supabase/database';
|
||||
|
||||
/**
|
||||
@@ -15,21 +15,10 @@ export class AdminAuthUserService {
|
||||
private readonly adminClient: SupabaseClient<Database>,
|
||||
) {}
|
||||
|
||||
async assertUserIsNotCurrentSuperAdmin(targetUserId: string) {
|
||||
const { data: user } = await this.client.auth.getUser();
|
||||
const currentUserId = user.user?.id;
|
||||
|
||||
if (!currentUserId) {
|
||||
throw new Error(`Error fetching user`);
|
||||
}
|
||||
|
||||
if (currentUserId === targetUserId) {
|
||||
throw new Error(
|
||||
`You cannot perform a destructive action on your own account as a Super Admin`,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Delete a user by deleting the user record and auth record.
|
||||
* @param userId
|
||||
*/
|
||||
async deleteUser(userId: string) {
|
||||
await this.assertUserIsNotCurrentSuperAdmin(userId);
|
||||
|
||||
@@ -41,19 +30,33 @@ export class AdminAuthUserService {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Ban a user by setting the ban duration to `876600h` (100 years).
|
||||
* @param userId
|
||||
*/
|
||||
async banUser(userId: string) {
|
||||
await this.assertUserIsNotCurrentSuperAdmin(userId);
|
||||
|
||||
return this.setBanDuration(userId, `876600h`);
|
||||
}
|
||||
|
||||
/**
|
||||
* Reactivate a user by setting the ban duration to `none`.
|
||||
* @param userId
|
||||
*/
|
||||
async reactivateUser(userId: string) {
|
||||
await this.assertUserIsNotCurrentSuperAdmin(userId);
|
||||
|
||||
return this.setBanDuration(userId, `none`);
|
||||
}
|
||||
|
||||
/**
|
||||
* Impersonate a user by generating a magic link and returning the access and refresh tokens.
|
||||
* @param userId
|
||||
*/
|
||||
async impersonateUser(userId: string) {
|
||||
await this.assertUserIsNotCurrentSuperAdmin(userId);
|
||||
|
||||
const {
|
||||
data: { user },
|
||||
error,
|
||||
@@ -110,6 +113,25 @@ export class AdminAuthUserService {
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* Assert that the target user is not the current user.
|
||||
* @param targetUserId
|
||||
*/
|
||||
private async assertUserIsNotCurrentSuperAdmin(targetUserId: string) {
|
||||
const { data: user } = await this.client.auth.getUser();
|
||||
const currentUserId = user.user?.id;
|
||||
|
||||
if (!currentUserId) {
|
||||
throw new Error(`Error fetching user`);
|
||||
}
|
||||
|
||||
if (currentUserId === targetUserId) {
|
||||
throw new Error(
|
||||
`You cannot perform a destructive action on your own account as a Super Admin`,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
private async setBanDuration(userId: string, banDuration: string) {
|
||||
await this.adminClient.auth.admin.updateUserById(userId, {
|
||||
ban_duration: banDuration,
|
||||
|
||||
Reference in New Issue
Block a user