refactor: add more logic to user fsm

Author: colin404

cmd/onex-nightwatch/app/options/options.go

@@ -34,7 +34,7 @@ var _ app.CliOptions = (*Options)(nil)
 // Options contains everything necessary to create and run a nightwatch server.
 type Options struct {
 	HealthOptions         *genericoptions.HealthOptions  `json:"health" mapstructure:"health"`
-	MySQLOptions          *genericoptions.MySQLOptions   `json:"db" mapstructure:"db"`
+	MySQLOptions          *genericoptions.MySQLOptions   `json:"mysql" mapstructure:"mysql"`
 	RedisOptions          *genericoptions.RedisOptions   `json:"redis" mapstructure:"redis"`
 	UserWatcherMaxWorkers int64                          `json:"user-watcher-max-workers" mapstructure:"user-watcher-max-workers"`
 	DisableWatchers       []string                       `json:"disable-watchers" mapstructure:"disable-watchers"`
@@ -63,7 +63,7 @@ func NewOptions() *Options {
 // Flags returns flags for a specific server by section name.
 func (o *Options) Flags() (fss cliflag.NamedFlagSets) {
 	o.HealthOptions.AddFlags(fss.FlagSet("health"))
-	o.MySQLOptions.AddFlags(fss.FlagSet("db"))
+	o.MySQLOptions.AddFlags(fss.FlagSet("mysql"))
 	o.RedisOptions.AddFlags(fss.FlagSet("redis"))
 	o.Metrics.AddFlags(fss.FlagSet("metrics"))
 	o.Log.AddFlags(fss.FlagSet("log"))

internal/nightwatch/watcher/user/event.go

@@ -9,6 +9,7 @@ import (
 	"github.com/superproj/onex/internal/pkg/client/store"
 	known "github.com/superproj/onex/internal/pkg/known/usercenter"
 	"github.com/superproj/onex/internal/pkg/onexx"
+	"github.com/superproj/onex/internal/usercenter/model"
 	"github.com/superproj/onex/pkg/log"
 )
 
@@ -21,8 +22,13 @@ func NewActiveUserCallback(store store.Interface) fsm.Callback {
 	return func(ctx context.Context, event *fsm.Event) {
 		userM := onexx.FromUserM(ctx)
 		log.Infow("Now active user", "event", event.Event, "username", userM.Username)
-		// Fake active user operations.
-		time.Sleep(5 * time.Second)
+
+		// Active secrets if needed.
+		if err := iterateSecrets(ctx, store, userM.UserID, activeSecret); err != nil {
+			event.Err = err
+			return
+		}
+
 		log.Infow("Success to active user", "event", event.Event, "username", userM.Username)
 	}
 }
@@ -32,8 +38,13 @@ func NewDisableUserCallback(store store.Interface) fsm.Callback {
 	return func(ctx context.Context, event *fsm.Event) {
 		userM := onexx.FromUserM(ctx)
 		log.Infow("Now disable user", "event", event.Event, "username", userM.Username)
-		// Fake disable user operations.
-		time.Sleep(5 * time.Second)
+
+		// Disable secrets if needed.
+		if err := iterateSecrets(ctx, store, userM.UserID, disableSecret); err != nil {
+			event.Err = err
+			return
+		}
+
 		log.Infow("Success to disable user", "event", event.Event, "username", userM.Username)
 	}
 }
@@ -42,9 +53,22 @@ func NewDisableUserCallback(store store.Interface) fsm.Callback {
 func NewDeleteUserCallback(store store.Interface) fsm.Callback {
 	return func(ctx context.Context, event *fsm.Event) {
 		userM := onexx.FromUserM(ctx)
-		log.Infow("Now delete user", "event", event.Event, "username", userM.Username)
-		// Fake delete user operations.
-		time.Sleep(5 * time.Second)
+		log.Infow("Now delete user if needed", "event", event.Event, "username", userM.Username)
+
+		// If a user remains in an disalbed state for more than 5 years,
+		// the user should be deleted.
+		duration := time.Since(userM.UpdatedAt)
+		if duration.Hours() < 24*365*5 {
+			return
+		}
+
+		// Delete secrets if needed.
+		if err := iterateSecrets(ctx, store, userM.UserID, deleteSecret); err != nil {
+			event.Err = err
+			return
+		}
+
+		// Save user data for archiving purposes.
 		log.Infow("Success to delete user", "event", event.Event, "username", userM.Username)
 	}
 }
@@ -79,3 +103,57 @@ func NewUserEventAfterEvent(store store.Interface) fsm.Callback {
 		}
 	}
 }
+
+// activeSecret used to active user secret.
+func activeSecret(ctx context.Context, store store.Interface, secret *model.SecretM) error {
+	log.Infow("Now actice user secret", "userID", secret.UserID, "secretID", secret.SecretID)
+	// To avoid unnecessary database update operations, we first check
+	// whether updating the database is required.
+	if secret.Status == known.SecretStatusNormal {
+		return nil
+	}
+	secret.Status = known.SecretStatusNormal
+	return store.UserCenter().Secrets().Update(ctx, secret)
+}
+
+// disableSecret used to disable user secret.
+func disableSecret(ctx context.Context, store store.Interface, secret *model.SecretM) error {
+	log.Infow("Now disable user secret", "userID", secret.UserID, "secretID", secret.SecretID)
+	// To avoid unnecessary database update operations, we first check
+	// whether updating the database is required.
+	if secret.Status == known.SecretStatusDisabled {
+		return nil
+	}
+	secret.Status = known.SecretStatusDisabled
+	return store.UserCenter().Secrets().Update(ctx, secret)
+}
+
+// deleteSecret used to delete user secret.
+func deleteSecret(ctx context.Context, store store.Interface, secret *model.SecretM) error {
+	log.Infow("Now delete user secret", "userID", secret.UserID, "secretID", secret.SecretID)
+	return store.UserCenter().Secrets().Delete(ctx, secret.UserID, secret.Name)
+}
+
+// iterateSecrets iterates through the secrets of a user specified by userID
+// and calls the action function on each secret.
+func iterateSecrets(
+	ctx context.Context,
+	store store.Interface,
+	userID string,
+	action func(ctx context.Context, store store.Interface, secret *model.SecretM) error,
+) error {
+	// Retrieve the list of secrets for the specified user.
+	_, secrets, err := store.UserCenter().Secrets().List(ctx, userID)
+	if err != nil {
+		return err
+	}
+
+	// Iterate through each secret and perform the action function.
+	for i := range secrets {
+		if err := action(ctx, store, secrets[i]); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}

internal/nightwatch/watcher/user/fsm.go

@@ -26,9 +26,15 @@ func NewFSM(initial string, w *userWatcher) *fsm.FSM {
 	return fsm.NewFSM(
 		initial,
 		fsm.Events{
+			// Define status events.
 			{Name: known.UserStatusRegistered, Src: []string{known.UserStatusRegistered}, Dst: known.UserStatusActive},
 			{Name: known.UserStatusBlacklisted, Src: []string{known.UserStatusBlacklisted}, Dst: known.UserStatusDisabled},
-			{Name: known.UserStatusDisabled, Src: []string{known.UserStatusDisabled}, Dst: known.UserStatusDeleted},
+			// Define need events.
+			{Name: known.UserStatusNeedActive, Src: []string{known.UserStatusNeedActive}, Dst: known.UserStatusActive},
+			{Name: known.UserStatusNeedDisable, Src: []string{known.UserStatusNeedDisable}, Dst: known.UserStatusDisabled},
+			// After disabling the user, they can be deleted, and the FSM will automatically transition to the next deleted state.
+			// I have decided not to delete the user in the code, so the state transition here is commented out.
+			// {Name: known.UserStatusDisabled, Src: []string{known.UserStatusDisabled}, Dst: known.UserStatusDeleted},
 		},
 		fsm.Callbacks{
 			known.UserStatusActive:   NewActiveUserCallback(w.store),

internal/nightwatch/watcher/user/watcher.go

@@ -45,9 +45,12 @@ func (w *userWatcher) Run() {
 	}
 
 	allowOperations := []string{
+		// Need active user.
 		known.UserStatusRegistered,
+		// Need disable user.
 		known.UserStatusBlacklisted,
-		known.UserStatusDisabled,
+		known.UserStatusNeedActive,
+		known.UserStatusNeedDisable,
 	}
 
 	wp := workerpool.New(int(w.maxWorkers))

internal/pkg/known/usercenter/status.go

@@ -1,5 +1,6 @@
 package usercenter
 
+// Define user status.
 const (
 	// User has submitted registration information, the account is in a pending.
 	// The user needs to complete email/phone number verification steps to transition to an active state.
@@ -21,3 +22,19 @@ const (
 	// The deleted account can be chosen to be soft-deleted (with some data retained) or completely deleted.
 	UserStatusDeleted = "deleted"
 )
+
+// Define need status.
+// We can directly update the database to the "Need" state to inform
+// onex-nightwatch of what needs to be done.
+const (
+	// UserStatusNeedActive informs onex-nightwatch that the user needs to be activated.
+	UserStatusNeedActive = "need_active"
+	// UserStatusNeedDisable informs onex-nightwatch that the user needs to be disabled.
+	UserStatusNeedDisable = "need_disable"
+)
+
+// Define secret status.
+const (
+	SecretStatusDisabled = iota // Status used for disabling a secret.
+	SecretStatusNormal          // Status used for enabling a secret.
+)

internal/usercenter/auth/authn.go

@@ -119,7 +119,7 @@ func (a *authnImpl) Verify(accessToken string) (string, error) {
 			return "", err
 		}
 
-		if secret.Status == model.StatusSecretDisabled {
+		if secret.Status == known.SecretStatusDisabled {
 			return "", ErrSecretDisabled
 		}
 

internal/usercenter/model/hook.go

@@ -15,12 +15,6 @@ import (
 	"github.com/superproj/onex/pkg/authn"
 )
 
-// Secret status constants.
-const (
-	StatusSecretDisabled = iota // Status used for disabling a secret.
-	StatusSecretNormal          // Status used for enabling a secret.
-)
-
 // BeforeCreate runs before creating a SecretM database record and initializes various fields.
 func (s *SecretM) BeforeCreate(tx *gorm.DB) (err error) {
 	// Supports custom SecretKey, but users need to ensure the uniqueness of the SecretKey themselves.
@@ -34,7 +28,7 @@ func (s *SecretM) BeforeCreate(tx *gorm.DB) (err error) {
 	s.SecretKey = uuid.New().String()
 
 	// Set the default status for the secret as normal.
-	s.Status = StatusSecretNormal
+	s.Status = known.SecretStatusNormal
 
 	return nil
 }

pkg/options/mysql_options.go

@@ -54,20 +54,20 @@ func (o *MySQLOptions) Validate() []error {
 
 // AddFlags adds flags related to mysql storage for a specific APIServer to the specified FlagSet.
 func (o *MySQLOptions) AddFlags(fs *pflag.FlagSet, prefixes ...string) {
-	fs.StringVar(&o.Host, join(prefixes...)+"db.host", o.Host, ""+
+	fs.StringVar(&o.Host, join(prefixes...)+"mysql.host", o.Host, ""+
 		"MySQL service host address. If left blank, the following related mysql options will be ignored.")
-	fs.StringVar(&o.Username, join(prefixes...)+"db.username", o.Username, "Username for access to mysql service.")
-	fs.StringVar(&o.Password, join(prefixes...)+"db.password", o.Password, ""+
+	fs.StringVar(&o.Username, join(prefixes...)+"mysql.username", o.Username, "Username for access to mysql service.")
+	fs.StringVar(&o.Password, join(prefixes...)+"mysql.password", o.Password, ""+
 		"Password for access to mysql, should be used pair with password.")
-	fs.StringVar(&o.Database, join(prefixes...)+"db.database", o.Database, ""+
+	fs.StringVar(&o.Database, join(prefixes...)+"mysql.database", o.Database, ""+
 		"Database name for the server to use.")
-	fs.IntVar(&o.MaxIdleConnections, join(prefixes...)+"db.max-idle-connections", o.MaxOpenConnections, ""+
+	fs.IntVar(&o.MaxIdleConnections, join(prefixes...)+"mysql.max-idle-connections", o.MaxOpenConnections, ""+
 		"Maximum idle connections allowed to connect to mysql.")
-	fs.IntVar(&o.MaxOpenConnections, join(prefixes...)+"db.max-open-connections", o.MaxOpenConnections, ""+
+	fs.IntVar(&o.MaxOpenConnections, join(prefixes...)+"mysql.max-open-connections", o.MaxOpenConnections, ""+
 		"Maximum open connections allowed to connect to mysql.")
-	fs.DurationVar(&o.MaxConnectionLifeTime, join(prefixes...)+"db.max-connection-life-time", o.MaxConnectionLifeTime, ""+
+	fs.DurationVar(&o.MaxConnectionLifeTime, join(prefixes...)+"mysql.max-connection-life-time", o.MaxConnectionLifeTime, ""+
 		"Maximum connection life time allowed to connect to mysql.")
-	fs.IntVar(&o.LogLevel, join(prefixes...)+"db.log-mode", o.LogLevel, ""+
+	fs.IntVar(&o.LogLevel, join(prefixes...)+"mysql.log-mode", o.LogLevel, ""+
 		"Specify gorm log level.")
 }