feat(api,cli): users store

Author: heiytor

api/services/auth.go

@@ -16,6 +16,7 @@ import (
 	"time"
 
 	"github.com/cnf/structhash"
+	"github.com/shellhub-io/shellhub/api/store"
 	"github.com/shellhub-io/shellhub/pkg/api/authorizer"
 	"github.com/shellhub-io/shellhub/pkg/api/jwttoken"
 	"github.com/shellhub-io/shellhub/pkg/api/requests"
@@ -187,15 +188,14 @@ func (s *service) AuthLocalUser(ctx context.Context, req *requests.AuthLocalUser
 		return nil, 0, "", NewErrAuthMethodNotAllowed(models.UserAuthMethodLocal.String())
 	}
 
-	var err error
-	var user *models.User
-
+	ident := store.UserIdent("")
 	if req.Identifier.IsEmail() {
-		user, err = s.store.UserGetByEmail(ctx, strings.ToLower(string(req.Identifier)))
+		ident = store.UserIdentEmail
 	} else {
-		user, err = s.store.UserGetByUsername(ctx, strings.ToLower(string(req.Identifier)))
+		ident = store.UserIdentUsername
 	}
 
+	user, err := s.store.UserGet(ctx, ident, strings.ToLower(string(req.Identifier)))
 	if err != nil {
 		return nil, 0, "", NewErrAuthUnathorized(nil)
 	}
@@ -284,16 +284,16 @@ func (s *service) AuthLocalUser(ctx context.Context, req *requests.AuthLocalUser
 		return nil, 0, "", NewErrTokenSigned(err)
 	}
 
-	// Updates last_login and the hash algorithm to bcrypt if still using SHA256
-	changes := &models.UserChanges{LastLogin: clock.Now(), PreferredNamespace: &tenantID}
-	if !strings.HasPrefix(user.PasswordDigest, "$") {
+	user.LastLogin = clock.Now()
+	user.Preferences.PreferredNamespace = tenantID
+	if !strings.HasPrefix(user.PasswordDigest, "$") { // Updates the hash algorithm to bcrypt only if still using SHA256
 		if passwordDigest, _ := hash.Do(req.Password); passwordDigest != "" {
-			changes.Password = passwordDigest
+			user.PasswordDigest = passwordDigest
 		}
 	}
 
 	// TODO: evaluate make this update in a go routine.
-	if err := s.store.UserUpdate(ctx, user.ID, changes); err != nil {
+	if err := s.store.Save(ctx, user.ID); err != nil {
 		return nil, 0, "", NewErrUserUpdate(user, err)
 	}
 
@@ -322,7 +322,7 @@ func (s *service) AuthLocalUser(ctx context.Context, req *requests.AuthLocalUser
 }
 
 func (s *service) CreateUserToken(ctx context.Context, req *requests.CreateUserToken) (*models.UserAuthResponse, error) {
-	user, _, err := s.store.UserGetByID(ctx, req.UserID, false)
+	user, err := s.store.UserGet(ctx, store.UserIdentID, req.UserID)
 	if err != nil {
 		return nil, NewErrUserNotFound(req.UserID, err)
 	}
@@ -366,7 +366,8 @@ func (s *service) CreateUserToken(ctx context.Context, req *requests.CreateUserT
 		role = member.Role.String()
 
 		if user.Preferences.PreferredNamespace != namespace.TenantID {
-			_ = s.store.UserUpdate(ctx, user.ID, &models.UserChanges{PreferredNamespace: &tenantID})
+			user.Preferences.PreferredNamespace = tenantID
+			_ = s.store.Save(ctx, user)
 		}
 	}
 

api/services/member.go

@@ -53,7 +53,7 @@ func (s *service) AddNamespaceMember(ctx context.Context, req *requests.Namespac
 		return nil, NewErrNamespaceNotFound(req.TenantID, err)
 	}
 
-	user, _, err := s.store.UserGetByID(ctx, req.UserID, false)
+	user, err := s.store.UserGet(ctx, store.UserIdentID, req.UserID)
 	if err != nil || user == nil {
 		return nil, NewErrUserNotFound(req.UserID, err)
 	}
@@ -71,7 +71,7 @@ func (s *service) AddNamespaceMember(ctx context.Context, req *requests.Namespac
 	// In cloud instances, if the target user does not exist, we need to create a new user
 	// with the specified email. We use the inserted ID to identify the user once they complete
 	// the registration and accepts the invitation.
-	passiveUser, err := s.store.UserGetByEmail(ctx, strings.ToLower(req.MemberEmail))
+	passiveUser, err := s.store.UserGet(ctx, store.UserIdentEmail, strings.ToLower(req.MemberEmail))
 	if err != nil {
 		if !envs.IsCloud() || !errors.Is(err, store.ErrNoDocuments) {
 			return nil, NewErrUserNotFound(req.MemberEmail, err)
@@ -161,7 +161,7 @@ func (s *service) UpdateNamespaceMember(ctx context.Context, req *requests.Names
 		return NewErrNamespaceNotFound(req.TenantID, err)
 	}
 
-	user, _, err := s.store.UserGetByID(ctx, req.UserID, false)
+	user, err := s.store.UserGet(ctx, store.UserIdentID, req.UserID)
 	if err != nil {
 		return NewErrUserNotFound(req.UserID, err)
 	}
@@ -198,7 +198,7 @@ func (s *service) RemoveNamespaceMember(ctx context.Context, req *requests.Names
 		return nil, NewErrNamespaceNotFound(req.TenantID, err)
 	}
 
-	user, _, err := s.store.UserGetByID(ctx, req.UserID, false)
+	user, err := s.store.UserGet(ctx, store.UserIdentID, req.UserID)
 	if err != nil {
 		return nil, NewErrUserNotFound(req.UserID, err)
 	}
@@ -251,13 +251,14 @@ func (s *service) LeaveNamespace(ctx context.Context, req *requests.LeaveNamespa
 		return nil, nil
 	}
 
-	emptyString := "" // just to be used as a pointer
-	if err := s.store.UserUpdate(ctx, req.UserID, &models.UserChanges{PreferredNamespace: &emptyString}); err != nil {
-		log.WithError(err).
-			WithField("tenant_id", req.TenantID).
-			WithField("user_id", req.UserID).
-			Error("failed to reset user's preferred namespace")
-	}
+	// TODO: search for the user so we can use s.store.Save()
+	// emptyString := "" // just to be used as a pointer
+	// if err := s.store.UserUpdate(ctx, req.UserID, &models.UserChanges{PreferredNamespace: &emptyString}); err != nil {
+	// 	log.WithError(err).
+	// 		WithField("tenant_id", req.TenantID).
+	// 		WithField("user_id", req.UserID).
+	// 		Error("failed to reset user's preferred namespace")
+	// }
 
 	if err := s.AuthUncacheToken(ctx, req.TenantID, req.UserID); err != nil {
 		log.WithError(err).

api/services/namespace.go

@@ -25,7 +25,7 @@ type NamespaceService interface {
 
 // CreateNamespace creates a new namespace.
 func (s *service) CreateNamespace(ctx context.Context, req *requests.NamespaceCreate) (*models.Namespace, error) {
-	user, _, err := s.store.UserGetByID(ctx, req.UserID, false)
+	user, err := s.store.UserGet(ctx, store.UserIdentID, req.UserID)
 	if err != nil || user == nil {
 		return nil, NewErrUserNotFound(req.UserID, err)
 	}

api/services/setup.go

@@ -79,8 +79,9 @@ func (s *service) Setup(ctx context.Context, req requests.Setup) error {
 		},
 	}
 
+	// TODO: use a transaction here
 	if _, err = s.store.NamespaceCreate(ctx, namespace); err != nil {
-		if err := s.store.UserDelete(ctx, insertedID); err != nil {
+		if err := s.store.Delete(ctx, user); err != nil {
 			return NewErrUserDelete(err)
 		}
 

api/services/user.go

@@ -4,9 +4,12 @@ import (
 	"context"
 	"strings"
 
+	"github.com/shellhub-io/shellhub/api/store"
 	"github.com/shellhub-io/shellhub/pkg/api/requests"
 	"github.com/shellhub-io/shellhub/pkg/hash"
 	"github.com/shellhub-io/shellhub/pkg/models"
+	"golang.org/x/text/cases"
+	"golang.org/x/text/language"
 )
 
 type UserService interface {
@@ -23,7 +26,7 @@ type UserService interface {
 }
 
 func (s *service) UpdateUser(ctx context.Context, req *requests.UpdateUser) ([]string, error) {
-	user, _, err := s.store.UserGetByID(ctx, req.UserID, false)
+	user, err := s.store.UserGet(ctx, store.UserIdentID, req.UserID)
 	if err != nil {
 		return []string{}, NewErrUserNotFound(req.UserID, nil)
 	}
@@ -38,11 +41,20 @@ func (s *service) UpdateUser(ctx context.Context, req *requests.UpdateUser) ([]s
 		return conflicts, NewErrUserDuplicated(conflicts, nil)
 	}
 
-	changes := &models.UserChanges{
-		Name:          req.Name,
-		Username:      strings.ToLower(req.Username),
-		Email:         strings.ToLower(req.Email),
-		RecoveryEmail: strings.ToLower(req.RecoveryEmail),
+	if req.Name != "" {
+		user.Name = cases.Title(language.AmericanEnglish).String(strings.ToLower(req.Name))
+	}
+
+	if req.Username != "" {
+		user.Username = strings.ToLower(req.Username)
+	}
+
+	if req.Email != "" {
+		user.Email = strings.ToLower(req.Email)
+	}
+
+	if req.RecoveryEmail != "" {
+		user.Preferences.SecurityEmail = strings.ToLower(req.RecoveryEmail)
 	}
 
 	if req.Password != "" {
@@ -52,10 +64,10 @@ func (s *service) UpdateUser(ctx context.Context, req *requests.UpdateUser) ([]s
 		}
 
 		passwordDigest, _ := hash.Do(req.Password)
-		changes.Password = passwordDigest
+		user.PasswordDigest = passwordDigest
 	}
 
-	if err := s.store.UserUpdate(ctx, req.UserID, changes); err != nil {
+	if err := s.store.Save(ctx, user); err != nil {
 		return []string{}, NewErrUserUpdate(user, err)
 	}
 
@@ -66,7 +78,7 @@ func (s *service) UpdateUser(ctx context.Context, req *requests.UpdateUser) ([]s
 //
 // Deprecated, use [Service.UpdateUser] instead.
 func (s *service) UpdatePasswordUser(ctx context.Context, id, currentPassword, newPassword string) error {
-	user, _, err := s.store.UserGetByID(ctx, id, false)
+	user, err := s.store.UserGet(ctx, store.UserIdentID, id)
 	if user == nil {
 		return NewErrUserNotFound(id, err)
 	}
@@ -75,12 +87,11 @@ func (s *service) UpdatePasswordUser(ctx context.Context, id, currentPassword, n
 		return NewErrUserPasswordNotMatch(nil)
 	}
 
-	passwordDigest, err := hash.Do(newPassword)
-	if err != nil {
+	if user.PasswordDigest, err = hash.Do(newPassword); err != nil {
 		return NewErrUserPasswordInvalid(err)
 	}
 
-	if err := s.store.UserUpdate(ctx, id, &models.UserChanges{Password: passwordDigest}); err != nil {
+	if err := s.store.Save(ctx, user); err != nil {
 		return NewErrUserUpdate(user, err)
 	}
 

api/store/pg/internal/dbtest/fixtures/.keep

@@ -0,0 +1,18 @@
+- model: User
+  rows:
+    - id: 0195cefa-aa01-7efb-8098-c9c173056250
+      created_at: 2025-01-15T10:30:00+00:00
+      updated_at: 2025-01-15T10:30:00+00:00
+      last_login: null
+      status: confirmed
+      origin: local
+      external_id: ""
+      name: Jonh Doe
+      username: john_doe
+      email: [email protected]
+      security_email: [email protected]
+      password_digest: "$2y$12$VVm2ETx7AvaGlfMYqNYK9uzU2M45YZ70YnT..O.s1o2zdE1pekhq6"
+      auth_methods: [ local ]
+      namespace_ownership_limit: -1
+      email_marketing: true
+      preferred_namespace_id: null

api/store/pg/internal/dbtest/fixtures/users.yaml

@@ -0,0 +1,11 @@
+package entity
+
+import (
+	"github.com/shellhub-io/shellhub/pkg/models"
+	"github.com/uptrace/bun"
+)
+
+type User struct {
+	bun.BaseModel `bun:"table:users"`
+	models.User   `bun:"embed:"`
+}

api/store/pg/internal/entity/user.go

@@ -0,0 +1,8 @@
+BEGIN;
+
+DROP TYPE IF EXISTS user_origin;
+DROP TYPE IF EXISTS user_status;
+DROP TYPE IF EXISTS user_auth_method;
+DROP TABLE users;
+
+COMMIT;

api/store/pg/migrations/20250325195835_create_users_table.down.sql

@@ -0,0 +1,35 @@
+BEGIN;
+
+DROP TYPE IF EXISTS user_origin;
+CREATE TYPE user_origin AS ENUM ('local', 'saml');
+
+DROP TYPE IF EXISTS user_status;
+CREATE TYPE user_status AS ENUM ('invited', 'pending', 'confirmed');
+
+DROP TYPE IF EXISTS user_auth_method;
+CREATE TYPE user_auth_method AS ENUM ('local', 'saml');
+
+
+CREATE TABLE IF NOT EXISTS users(
+    id UUID PRIMARY KEY,
+
+    created_at TIMESTAMPTZ NOT NULL,
+    updated_at TIMESTAMPTZ NOT NULL,
+    last_login TIMESTAMPTZ,
+
+    origin user_origin NOT NULL,
+    external_id VARCHAR,
+    status user_status NOT NULL,
+    name VARCHAR(64) NOT NULL,
+    username VARCHAR(32) UNIQUE NOT NULL,
+    email VARCHAR(320) UNIQUE NOT NULL,
+    security_email VARCHAR(320),
+    password_digest CHAR(72) NOT NULL,
+    auth_methods user_auth_method[] NOT NULL,
+
+    namespace_ownership_limit INTEGER NOT NULL,
+    email_marketing BOOLEAN NOT NULL,  
+    preferred_namespace_id UUID
+);
+
+COMMIT;