feat: request additional user info

Author: bevzzz

src/roles/util.ts

@@ -155,13 +155,18 @@ export class Map {
     id: user.userId,
     roleNames: user.roles,
     active: user.active,
+    createdAt: Map.unknownDate(user.createdAt),
+    lastUsedAt: Map.unknownDate(user.lastUsedAt),
   });
   static dbUsers = (users: WeaviateDBUser[]): UserDB[] => users.map(Map.dbUser);
   static assignedUsers = (users: WeaviateAssignedUser[]): UserAssignment[] =>
     users.map((user) => ({
       id: user.userId || '',
       userType: user.userType,
     }));
+  static unknownDate = (date?: unknown): Date | undefined => (
+    date !== undefined && typeof date === "string"
+      ? new Date(date) : undefined);
 }
 
 class PermissionsMapping {

src/users/index.ts

@@ -8,7 +8,7 @@ import {
 } from '../openapi/types.js';
 import { Role } from '../roles/types.js';
 import { Map } from '../roles/util.js';
-import { AssignRevokeOptions, DeactivateOptions, GetAssignedRolesOptions, User, UserDB } from './types.js';
+import { AssignRevokeOptions, DeactivateOptions, GetAssignedRolesOptions, GetUserOptions, User, UserDB } from './types.js';
 
 /**
  * Operations supported for 'db', 'oidc', and legacy (non-namespaced) users.
@@ -116,14 +116,14 @@ export interface DBUsers extends UsersBase {
    * @param {string} userId The ID of the user to get.
    * @returns {Promise<UserDB>} ID, status, and assigned roles of a 'db_*' user.
    */
-  byName: (userId: string) => Promise<UserDB>;
+  byName: (userId: string, opts?: GetUserOptions) => Promise<UserDB>;
 
   /**
    * List all 'db_user' / 'db_env_user' users.
    *
    * @returns {Promise<UserDB[]>} ID, status, and assigned roles for each 'db_*' user.
    */
-  listAll: () => Promise<UserDB[]>;
+  listAll: (opts?: GetUserOptions) => Promise<UserDB[]>;
 }
 
 /** Operations supported for namespaced 'oidc' users.*/
@@ -195,8 +195,8 @@ const db = (connection: ConnectionREST): DBUsers => {
         .postEmpty<DeactivateOptions | null>(`/users/db/${userId}/deactivate`, opts || null)
         .then(() => true)
         .catch(expectCode(409)),
-    byName: (userId: string) => connection.get<WeaviateDBUser>(`/users/db/${userId}`, true).then(Map.dbUser),
-    listAll: () => connection.get<WeaviateDBUser[]>('/users/db', true).then(Map.dbUsers),
+    byName: (userId: string, opts?: GetUserOptions) => connection.get<WeaviateDBUser>(`/users/db/${userId}?includeLastUsedTime=${opts?.includeLastUsedTime || false}`, true).then(Map.dbUser),
+    listAll: (opts?: GetUserOptions) => connection.get<WeaviateDBUser[]>(`/users/db?includeLastUsedTime=${opts?.includeLastUsedTime || false}`, true).then(Map.dbUsers),
   };
 };
 
@@ -238,9 +238,7 @@ const namespacedUsers = (connection: ConnectionREST): NamespacedUsers => {
     getAssignedRoles: (userType: UserTypeInternal, userId: string, opts?: GetAssignedRolesOptions) =>
       connection
         .get<WeaviateRole[]>(
-          `/authz/users/${userId}/roles/${userType}${
-            opts?.includePermissions ? '?&includeFullRoles=true' : ''
-          }`
+          `/authz/users/${userId}/roles/${userType}?includeFullRoles=${opts?.includePermissions || false}`
         )
         .then(Map.roles),
     assignRoles: (roleNames: string | string[], userId: string, opts?: AssignRevokeOptions) =>

src/users/integration.test.ts

@@ -160,10 +160,46 @@ requireAtLeast(
       expect(roles.test.nodesPermissions).toHaveLength(1);
     });
 
+    requireAtLeast(1, 30, 1)('additional DUM features', () => {
+      it('should be able to fetch additional user info', async () => {
+        const admin = await makeClient('admin-key');
+        const timKey = await admin.users.db.create('timely-tim');
+
+        // Get user info with / without lastUserTime
+        let timUser = await admin.users.db.byName('timely-tim');
+        expect(timUser.createdAt).not.toBeUndefined(); // always returned
+        expect(timUser.lastUsedAt).toBeUndefined();
+
+        await expect(admin.users.db.byName('timely-tim', { includeLastUsedTime: true }))
+          .resolves.toEqual(expect.any(Date));
+
+        // apiKeyFirstLetters contain first letters of the API key
+        expect(timUser.apiKeyFirstLetters).not.toBeUndefined();
+        expect(timKey).toMatch(new RegExp(`^${timUser.apiKeyFirstLetters}.*`))
+
+        // Check that Tim cannnot see the first letters of the API key
+        const tim = await makeClient(timKey);
+        expect(await tim.users.getMyUser()).resolves.toHaveProperty('apiKeyFirstLetters', undefined);
+      });
+
+      it('should be able to list all users with additional info', async () => {
+        const admin = await makeClient('admin-key');
+        await admin.users.db.listAll({ includeLastUsedTime: true }).then(res => {
+          res.forEach((user, _) => {
+            expect(user).toEqual(expect.objectContaining({
+              createdAt: expect.any(Date),
+              lastUsedAt: expect.any(Date),
+              apiKeyFirstLetters: expect.any(String),
+            }));
+          });
+        });
+      });
+    })
+
     afterAll(() =>
       makeClient('admin-key').then(async (c) => {
         await Promise.all(
-          ['jim', 'pam', 'dwight', 'dynamic-dave', 'api-ashley', 'role-rick', 'permission-peter'].map((n) =>
+          ['jim', 'pam', 'dwight', 'dynamic-dave', 'api-ashley', 'role-rick', 'permission-peter', 'timely-tim'].map((n) =>
             c.users.db.delete(n)
           )
         );

src/users/types.ts

@@ -11,6 +11,10 @@ export type UserDB = {
   id: string;
   roleNames: string[];
   active: boolean;
+
+  createdAt?: Date;
+  lastUsedAt?: Date;
+  apiKeyFirstLetters?: string;
 };
 
 /** Optional arguments to /user/{type}/{username} enpoint. */
@@ -23,3 +27,6 @@ export type AssignRevokeOptions = { userType?: WeaviateUserTypeInternal };
 
 /** Optional arguments to /deactivate endpoint. */
 export type DeactivateOptions = { revokeKey?: boolean };
+
+/** Optional arguments to /users and /users/<id> endpoints. */
+export type GetUserOptions = { includeLastUsedTime?: boolean };