chore: import upstream snapshot with attribution
This commit is contained in:
@@ -0,0 +1,284 @@
|
||||
import { redirect } from "@remix-run/server-runtime";
|
||||
import { prisma } from "~/db.server";
|
||||
import { logger } from "~/services/logger.server";
|
||||
import type { SearchParams } from "~/routes/admin._index";
|
||||
import {
|
||||
clearImpersonationId,
|
||||
commitImpersonationSession,
|
||||
getImpersonationId,
|
||||
setImpersonationId,
|
||||
} from "~/services/impersonation.server";
|
||||
import { authenticator } from "~/services/auth.server";
|
||||
import { requireUser } from "~/services/session.server";
|
||||
import { extractClientIp } from "~/utils/extractClientIp.server";
|
||||
|
||||
const pageSize = 20;
|
||||
|
||||
export async function adminGetUsers(userId: string, { page, search }: SearchParams) {
|
||||
page = page || 1;
|
||||
|
||||
search = search ? decodeURIComponent(search) : undefined;
|
||||
|
||||
const user = await prisma.user.findUnique({
|
||||
where: {
|
||||
id: userId,
|
||||
},
|
||||
});
|
||||
|
||||
if (user?.admin !== true) {
|
||||
throw new Error("Unauthorized");
|
||||
}
|
||||
|
||||
const users = await prisma.user.findMany({
|
||||
select: {
|
||||
id: true,
|
||||
name: true,
|
||||
email: true,
|
||||
admin: true,
|
||||
createdAt: true,
|
||||
displayName: true,
|
||||
orgMemberships: {
|
||||
select: {
|
||||
organization: {
|
||||
select: {
|
||||
title: true,
|
||||
slug: true,
|
||||
deletedAt: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
where: search
|
||||
? {
|
||||
OR: [
|
||||
{
|
||||
name: {
|
||||
contains: search,
|
||||
mode: "insensitive",
|
||||
},
|
||||
},
|
||||
{
|
||||
email: {
|
||||
contains: search,
|
||||
mode: "insensitive",
|
||||
},
|
||||
},
|
||||
{
|
||||
orgMemberships: {
|
||||
some: {
|
||||
organization: {
|
||||
title: {
|
||||
contains: search,
|
||||
mode: "insensitive",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
orgMemberships: {
|
||||
some: {
|
||||
organization: {
|
||||
slug: {
|
||||
contains: search,
|
||||
mode: "insensitive",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
],
|
||||
}
|
||||
: undefined,
|
||||
orderBy: {
|
||||
createdAt: "desc",
|
||||
},
|
||||
take: pageSize,
|
||||
skip: (page - 1) * pageSize,
|
||||
});
|
||||
|
||||
const totalUsers = await prisma.user.count();
|
||||
|
||||
return {
|
||||
users,
|
||||
page,
|
||||
pageCount: Math.ceil(totalUsers / pageSize),
|
||||
filters: {
|
||||
search,
|
||||
},
|
||||
};
|
||||
}
|
||||
|
||||
export async function adminGetOrganizations(userId: string, { page, search }: SearchParams) {
|
||||
page = page || 1;
|
||||
|
||||
search = search ? decodeURIComponent(search) : undefined;
|
||||
|
||||
const user = await prisma.user.findUnique({
|
||||
where: {
|
||||
id: userId,
|
||||
},
|
||||
});
|
||||
|
||||
if (user?.admin !== true) {
|
||||
throw new Error("Unauthorized");
|
||||
}
|
||||
|
||||
const organizations = await prisma.organization.findMany({
|
||||
select: {
|
||||
id: true,
|
||||
slug: true,
|
||||
title: true,
|
||||
v2Enabled: true,
|
||||
isActivated: true,
|
||||
deletedAt: true,
|
||||
members: {
|
||||
select: {
|
||||
user: {
|
||||
select: {
|
||||
email: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
where: search
|
||||
? {
|
||||
OR: [
|
||||
{
|
||||
members: {
|
||||
some: {
|
||||
user: {
|
||||
name: {
|
||||
contains: search,
|
||||
mode: "insensitive",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
members: {
|
||||
some: {
|
||||
user: {
|
||||
email: {
|
||||
contains: search,
|
||||
mode: "insensitive",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
slug: {
|
||||
contains: search,
|
||||
mode: "insensitive",
|
||||
},
|
||||
},
|
||||
{
|
||||
title: {
|
||||
contains: search,
|
||||
mode: "insensitive",
|
||||
},
|
||||
},
|
||||
{
|
||||
id: {
|
||||
contains: search,
|
||||
mode: "insensitive",
|
||||
},
|
||||
},
|
||||
],
|
||||
}
|
||||
: undefined,
|
||||
orderBy: {
|
||||
createdAt: "desc",
|
||||
},
|
||||
take: pageSize,
|
||||
skip: (page - 1) * pageSize,
|
||||
});
|
||||
|
||||
const totalOrgs = await prisma.organization.count();
|
||||
|
||||
return {
|
||||
organizations,
|
||||
page,
|
||||
pageCount: Math.ceil(totalOrgs / pageSize),
|
||||
filters: {
|
||||
search,
|
||||
},
|
||||
};
|
||||
}
|
||||
|
||||
export async function redirectWithImpersonation(
|
||||
request: Request,
|
||||
userId: string,
|
||||
path: string,
|
||||
currentUser?: { id: string; admin: boolean }
|
||||
) {
|
||||
const user = currentUser ?? (await requireUser(request));
|
||||
if (!user.admin) {
|
||||
throw new Error("Unauthorized");
|
||||
}
|
||||
|
||||
const xff = request.headers.get("x-forwarded-for");
|
||||
const ipAddress = extractClientIp(xff);
|
||||
|
||||
try {
|
||||
await prisma.impersonationAuditLog.create({
|
||||
data: {
|
||||
action: "START",
|
||||
adminId: user.id,
|
||||
targetId: userId,
|
||||
ipAddress,
|
||||
},
|
||||
});
|
||||
} catch (error) {
|
||||
logger.error("Failed to create impersonation audit log", {
|
||||
error,
|
||||
adminId: user.id,
|
||||
targetId: userId,
|
||||
});
|
||||
}
|
||||
|
||||
const session = await setImpersonationId(userId, request);
|
||||
|
||||
return redirect(path, {
|
||||
headers: { "Set-Cookie": await commitImpersonationSession(session) },
|
||||
});
|
||||
}
|
||||
|
||||
export async function clearImpersonation(request: Request, path: string) {
|
||||
const authUser = await authenticator.isAuthenticated(request);
|
||||
const targetId = await getImpersonationId(request);
|
||||
|
||||
if (targetId && authUser?.userId) {
|
||||
const xff = request.headers.get("x-forwarded-for");
|
||||
const ipAddress = extractClientIp(xff);
|
||||
|
||||
try {
|
||||
await prisma.impersonationAuditLog.create({
|
||||
data: {
|
||||
action: "STOP",
|
||||
adminId: authUser.userId,
|
||||
targetId,
|
||||
ipAddress,
|
||||
},
|
||||
});
|
||||
} catch (error) {
|
||||
logger.error("Failed to create impersonation audit log", {
|
||||
error,
|
||||
adminId: authUser.userId,
|
||||
targetId,
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
const session = await clearImpersonationId(request);
|
||||
|
||||
return redirect(path, {
|
||||
headers: {
|
||||
"Set-Cookie": await commitImpersonationSession(session),
|
||||
},
|
||||
});
|
||||
}
|
||||
Reference in New Issue
Block a user