feat(utils): user encryption helpers, db upsert set builder

Author: lorenzocorallo

backend/src/routers/tg/permissions.ts

@@ -4,13 +4,20 @@ import { DB, SCHEMA } from "@/db"
 import { ARRAY_USER_ROLE, type TUserRole, USER_ROLE } from "@/db/schema/tg/permissions"
 import { logger } from "@/logger"
 import { createTRPCRouter, publicProcedure } from "@/trpc"
+import { decryptUser, TgUserSchema } from "@/utils/users"
 
 const s = SCHEMA.TG
 
 const CAN_SELF_ASSIGN: TUserRole[] = [USER_ROLE.PRESIDENT, USER_ROLE.OWNER] as const
 const CAN_ASSIGN: TUserRole[] = [USER_ROLE.PRESIDENT, USER_ROLE.OWNER, USER_ROLE.DIRETTIVO] as const
 const CAN_ADD_BOT: TUserRole[] = [USER_ROLE.HR, USER_ROLE.OWNER, USER_ROLE.CREATOR, USER_ROLE.DIRETTIVO] as const
 
+const direttivoMember = z.object({
+  userId: z.number(),
+  user: TgUserSchema.nullable(),
+  isPresident: z.boolean(),
+})
+
 export default createTRPCRouter({
   getRoles: publicProcedure
     .input(z.object({ userId: z.number() }))
@@ -37,12 +44,7 @@ export default createTRPCRouter({
   getDirettivo: publicProcedure
     .output(
       z.object({
-        members: z.array(
-          z.object({
-            userId: z.number(),
-            isPresident: z.boolean(),
-          })
-        ),
+        members: z.array(direttivoMember),
         error: z.union([
           z.null(),
           z.enum(["EMPTY", "NOT_ENOUGH_MEMBERS", "TOO_MANY_MEMBERS", "INTERNAL_SERVER_ERROR"]),
@@ -51,11 +53,30 @@ export default createTRPCRouter({
     )
     .query(async () => {
       try {
-        const res = await DB.select({ userId: s.permissions.userId, roles: s.permissions.roles })
+        const res = await DB.select({ userId: s.permissions.userId, dbUser: s.users, roles: s.permissions.roles })
           .from(s.permissions)
           .where(arrayContains(s.permissions.roles, [USER_ROLE.DIRETTIVO]))
-
-        const members = res.map((r) => ({ userId: r.userId, isPresident: r.roles.includes(USER_ROLE.PRESIDENT) }))
+          .leftJoin(s.users, eq(s.permissions.userId, s.users.userId))
+
+        const members: z.infer<typeof direttivoMember>[] = await Promise.all(
+          res
+            .toSorted((a, b) => {
+              if (a.roles.includes(USER_ROLE.PRESIDENT) && b.roles.includes(USER_ROLE.PRESIDENT)) return 0
+              if (a.roles.includes(USER_ROLE.PRESIDENT)) return 1
+              if (b.roles.includes(USER_ROLE.PRESIDENT)) return -1
+              return 0
+            })
+            .map(async (r) => {
+              const isPresident = r.roles.includes(USER_ROLE.PRESIDENT)
+              const user = r.dbUser ? await decryptUser(r.dbUser) : null
+
+              return {
+                user,
+                userId: r.userId,
+                isPresident,
+              }
+            })
+        )
 
         if (res.length === 0) return { error: "EMPTY", members }
         if (res.length < 3) return { error: "NOT_ENOUGH_MEMBERS", members }

backend/src/routers/tg/users.ts

@@ -1,46 +1,22 @@
-import { eq, type SQL, sql } from "drizzle-orm"
+import { eq } from "drizzle-orm"
 import { z } from "zod"
 import { DB, SCHEMA } from "@/db"
 import { logger } from "@/logger"
 import { createTRPCRouter, publicProcedure } from "@/trpc"
-import { Cipher, DecryptError } from "@/utils/cipher"
+import { DecryptError } from "@/utils/cipher"
+import { upsertMultipleSetSql } from "@/utils/db"
+import { decryptUser, encryptUser, TgUserSchema } from "@/utils/users"
 
-const cipher = new Cipher("tg.users")
 const s = SCHEMA.TG
-
-const updatableCols: Readonly<(keyof typeof s.users.$inferInsert)[]> = [
-  "firstName",
-  "username",
-  "lastName",
-  "langCode",
-  "isBot",
-] as const
-
-const addUserUpdateSet = updatableCols.reduce<Partial<Record<(typeof updatableCols)[number], SQL<unknown>>>>(
-  (acc, curr) => {
-    acc[curr] = sql.raw(`excluded.${s.users[curr].name}`)
-    return acc
-  },
-  {}
-)
-//
-
-const UserSchema = z.object({
-  id: z.number(),
-  firstName: z.string().max(64),
-  lastName: z.string().max(64).optional(),
-  username: z.string().max(32).optional(),
-  isBot: z.boolean(),
-  langCode: z.string().max(35).optional(),
-})
+const upsertSet = upsertMultipleSetSql(s.users, ["firstName", "lastName", "username", "langCode", "isBot"])
 
 export default createTRPCRouter({
   get: publicProcedure
     .input(z.object({ userId: z.number() }))
     .output(
       z.union([
         z.object({
-          user: UserSchema,
+          user: TgUserSchema,
           error: z.null(),
         }),
         z.object({
@@ -54,20 +30,7 @@ export default createTRPCRouter({
         const res = await DB.select().from(s.users).where(eq(s.users.userId, input.userId)).limit(1)
         if (res.length === 0) return { error: "NOT_FOUND" }
 
-        const [firstName, lastName, username] = await Promise.all([
-          cipher.decrypt(res[0].firstName),
-          res[0].lastName ? cipher.decrypt(res[0].lastName) : undefined,
-          res[0].username ? cipher.decrypt(res[0].username) : undefined,
-        ])
-
-        const user: z.infer<typeof UserSchema> = {
-          id: res[0].userId,
-          firstName,
-          lastName,
-          username,
-          langCode: res[0].langCode ?? undefined,
-          isBot: res[0].isBot,
-        }
+        const user = await decryptUser(res[0])
 
         return {
           user,
@@ -84,7 +47,7 @@ export default createTRPCRouter({
     }),
 
   add: publicProcedure
-    .input(z.object({ users: z.array(UserSchema) }))
+    .input(z.object({ users: z.array(TgUserSchema) }))
     .output(
       z.union([
         z.object({
@@ -94,30 +57,13 @@ export default createTRPCRouter({
     )
     .mutation(async ({ input }) => {
       try {
-        const users: (typeof s.users.$inferInsert)[] = await Promise.all(
-          input.users.map(async (u) => {
-            const [firstName, lastName, username] = await Promise.all([
-              cipher.encrypt(u.firstName),
-              u.lastName ? cipher.encrypt(u.lastName) : undefined,
-              u.username ? cipher.encrypt(u.username) : undefined,
-            ])
-
-            return {
-              userId: u.id,
-              firstName,
-              lastName,
-              username,
-              isBot: u.isBot,
-              langCode: u.langCode,
-            }
-          })
-        )
+        const users = await Promise.all(input.users.map(encryptUser))
 
         const res = await DB.insert(s.users)
           .values(users)
           .onConflictDoUpdate({
             target: s.users.userId,
-            set: addUserUpdateSet,
+            set: upsertSet,
           })
           .returning()
 

backend/src/utils/db.ts

@@ -0,0 +1,15 @@
+import { type SQL, sql } from "drizzle-orm"
+import type { PgTableWithColumns, TableConfig } from "drizzle-orm/pg-core"
+
+type ColNames<TC extends TableConfig> = Readonly<(keyof TC["columns"])[]>
+type SetSQL<TC extends TableConfig> = Partial<Record<ColNames<TC>[number], SQL<unknown>>>
+
+export function upsertMultipleSetSql<TC extends TableConfig>(
+  table: PgTableWithColumns<TC>,
+  columnsToUpdate: ColNames<TC>
+): SetSQL<TC> {
+  return columnsToUpdate.reduce<SetSQL<TC>>((acc, curr) => {
+    acc[curr] = sql.raw(`excluded.${table[curr].name}`)
+    return acc
+  }, {})
+}

backend/src/utils/users.ts

@@ -0,0 +1,48 @@
+import z from "zod"
+import type { SCHEMA } from "@/db"
+import { Cipher } from "./cipher"
+
+const userCipher = new Cipher("tg.users")
+
+export const TgUserSchema = z.object({
+  id: z.number(),
+  firstName: z.string().max(64),
+  lastName: z.string().max(64).optional(),
+  username: z.string().max(32).optional(),
+  isBot: z.boolean(),
+  langCode: z.string().max(35).optional(),
+})
+
+export async function decryptUser(dbUser: typeof SCHEMA.TG.users.$inferSelect): Promise<z.infer<typeof TgUserSchema>> {
+  const [firstName, lastName, username] = await Promise.all([
+    dbUser.firstName,
+    dbUser.lastName ? userCipher.decrypt(dbUser.lastName) : undefined,
+    dbUser.username ? userCipher.decrypt(dbUser.username) : undefined,
+  ])
+
+  return {
+    id: dbUser.userId,
+    firstName,
+    lastName,
+    username,
+    isBot: dbUser.isBot,
+    langCode: dbUser.langCode ?? undefined,
+  }
+}
+
+export async function encryptUser(tgUser: z.infer<typeof TgUserSchema>): Promise<typeof SCHEMA.TG.users.$inferInsert> {
+  const [firstName, lastName, username] = await Promise.all([
+    tgUser.firstName,
+    tgUser.lastName ? userCipher.encrypt(tgUser.lastName) : undefined,
+    tgUser.username ? userCipher.encrypt(tgUser.username) : undefined,
+  ])
+
+  return {
+    firstName,
+    lastName,
+    username,
+    userId: tgUser.id,
+    langCode: tgUser.langCode ?? null,
+    isBot: tgUser.isBot,
+  }
+}