285 lines
6.3 KiB
TypeScript
285 lines
6.3 KiB
TypeScript
import { redirect } from "@remix-run/server-runtime";
|
|
import { prisma } from "~/db.server";
|
|
import { logger } from "~/services/logger.server";
|
|
import type { SearchParams } from "~/routes/admin._index";
|
|
import {
|
|
clearImpersonationId,
|
|
commitImpersonationSession,
|
|
getImpersonationId,
|
|
setImpersonationId,
|
|
} from "~/services/impersonation.server";
|
|
import { authenticator } from "~/services/auth.server";
|
|
import { requireUser } from "~/services/session.server";
|
|
import { extractClientIp } from "~/utils/extractClientIp.server";
|
|
|
|
const pageSize = 20;
|
|
|
|
export async function adminGetUsers(userId: string, { page, search }: SearchParams) {
|
|
page = page || 1;
|
|
|
|
search = search ? decodeURIComponent(search) : undefined;
|
|
|
|
const user = await prisma.user.findUnique({
|
|
where: {
|
|
id: userId,
|
|
},
|
|
});
|
|
|
|
if (user?.admin !== true) {
|
|
throw new Error("Unauthorized");
|
|
}
|
|
|
|
const users = await prisma.user.findMany({
|
|
select: {
|
|
id: true,
|
|
name: true,
|
|
email: true,
|
|
admin: true,
|
|
createdAt: true,
|
|
displayName: true,
|
|
orgMemberships: {
|
|
select: {
|
|
organization: {
|
|
select: {
|
|
title: true,
|
|
slug: true,
|
|
deletedAt: true,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
where: search
|
|
? {
|
|
OR: [
|
|
{
|
|
name: {
|
|
contains: search,
|
|
mode: "insensitive",
|
|
},
|
|
},
|
|
{
|
|
email: {
|
|
contains: search,
|
|
mode: "insensitive",
|
|
},
|
|
},
|
|
{
|
|
orgMemberships: {
|
|
some: {
|
|
organization: {
|
|
title: {
|
|
contains: search,
|
|
mode: "insensitive",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
orgMemberships: {
|
|
some: {
|
|
organization: {
|
|
slug: {
|
|
contains: search,
|
|
mode: "insensitive",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
],
|
|
}
|
|
: undefined,
|
|
orderBy: {
|
|
createdAt: "desc",
|
|
},
|
|
take: pageSize,
|
|
skip: (page - 1) * pageSize,
|
|
});
|
|
|
|
const totalUsers = await prisma.user.count();
|
|
|
|
return {
|
|
users,
|
|
page,
|
|
pageCount: Math.ceil(totalUsers / pageSize),
|
|
filters: {
|
|
search,
|
|
},
|
|
};
|
|
}
|
|
|
|
export async function adminGetOrganizations(userId: string, { page, search }: SearchParams) {
|
|
page = page || 1;
|
|
|
|
search = search ? decodeURIComponent(search) : undefined;
|
|
|
|
const user = await prisma.user.findUnique({
|
|
where: {
|
|
id: userId,
|
|
},
|
|
});
|
|
|
|
if (user?.admin !== true) {
|
|
throw new Error("Unauthorized");
|
|
}
|
|
|
|
const organizations = await prisma.organization.findMany({
|
|
select: {
|
|
id: true,
|
|
slug: true,
|
|
title: true,
|
|
v2Enabled: true,
|
|
isActivated: true,
|
|
deletedAt: true,
|
|
members: {
|
|
select: {
|
|
user: {
|
|
select: {
|
|
email: true,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
where: search
|
|
? {
|
|
OR: [
|
|
{
|
|
members: {
|
|
some: {
|
|
user: {
|
|
name: {
|
|
contains: search,
|
|
mode: "insensitive",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
members: {
|
|
some: {
|
|
user: {
|
|
email: {
|
|
contains: search,
|
|
mode: "insensitive",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
slug: {
|
|
contains: search,
|
|
mode: "insensitive",
|
|
},
|
|
},
|
|
{
|
|
title: {
|
|
contains: search,
|
|
mode: "insensitive",
|
|
},
|
|
},
|
|
{
|
|
id: {
|
|
contains: search,
|
|
mode: "insensitive",
|
|
},
|
|
},
|
|
],
|
|
}
|
|
: undefined,
|
|
orderBy: {
|
|
createdAt: "desc",
|
|
},
|
|
take: pageSize,
|
|
skip: (page - 1) * pageSize,
|
|
});
|
|
|
|
const totalOrgs = await prisma.organization.count();
|
|
|
|
return {
|
|
organizations,
|
|
page,
|
|
pageCount: Math.ceil(totalOrgs / pageSize),
|
|
filters: {
|
|
search,
|
|
},
|
|
};
|
|
}
|
|
|
|
export async function redirectWithImpersonation(
|
|
request: Request,
|
|
userId: string,
|
|
path: string,
|
|
currentUser?: { id: string; admin: boolean }
|
|
) {
|
|
const user = currentUser ?? (await requireUser(request));
|
|
if (!user.admin) {
|
|
throw new Error("Unauthorized");
|
|
}
|
|
|
|
const xff = request.headers.get("x-forwarded-for");
|
|
const ipAddress = extractClientIp(xff);
|
|
|
|
try {
|
|
await prisma.impersonationAuditLog.create({
|
|
data: {
|
|
action: "START",
|
|
adminId: user.id,
|
|
targetId: userId,
|
|
ipAddress,
|
|
},
|
|
});
|
|
} catch (error) {
|
|
logger.error("Failed to create impersonation audit log", {
|
|
error,
|
|
adminId: user.id,
|
|
targetId: userId,
|
|
});
|
|
}
|
|
|
|
const session = await setImpersonationId(userId, request);
|
|
|
|
return redirect(path, {
|
|
headers: { "Set-Cookie": await commitImpersonationSession(session) },
|
|
});
|
|
}
|
|
|
|
export async function clearImpersonation(request: Request, path: string) {
|
|
const authUser = await authenticator.isAuthenticated(request);
|
|
const targetId = await getImpersonationId(request);
|
|
|
|
if (targetId && authUser?.userId) {
|
|
const xff = request.headers.get("x-forwarded-for");
|
|
const ipAddress = extractClientIp(xff);
|
|
|
|
try {
|
|
await prisma.impersonationAuditLog.create({
|
|
data: {
|
|
action: "STOP",
|
|
adminId: authUser.userId,
|
|
targetId,
|
|
ipAddress,
|
|
},
|
|
});
|
|
} catch (error) {
|
|
logger.error("Failed to create impersonation audit log", {
|
|
error,
|
|
adminId: authUser.userId,
|
|
targetId,
|
|
});
|
|
}
|
|
}
|
|
|
|
const session = await clearImpersonationId(request);
|
|
|
|
return redirect(path, {
|
|
headers: {
|
|
"Set-Cookie": await commitImpersonationSession(session),
|
|
},
|
|
});
|
|
}
|