Flowise/packages/server/src/enterprise/controllers/user.controller.ts at cbad1a96ed6e2b4ac39d577c4acfd3d8716ba00a · FlowiseAI/Flowise · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
import { NextFunction, Request, Response } from 'express'
import { StatusCodes } from 'http-status-codes'
import { InternalFlowiseError } from '../../errors/internalFlowiseError'
import { GeneralErrorMessage } from '../../utils/constants'
import { getRunningExpressApp } from '../../utils/getRunningExpressApp'
import { User } from '../database/entities/user.entity'
import { LoggedInUser } from '../Interface.Enterprise'
import { AccountService } from '../services/account.service'
import { UserErrorMessage, UserService } from '../services/user.service'
import { assertMayReadTargetUser } from '../utils/tenantRequestGuards'

export class UserController {
    public async create(req: Request, res: Response, next: NextFunction) {
        try {
            const userService = new UserService()
            const user = await userService.createUser(req.body)
            return res.status(StatusCodes.CREATED).json(user)
        } catch (error) {
            next(error)
        }
    }

    public async read(req: Request, res: Response, next: NextFunction) {
        let queryRunner
        try {
            queryRunner = getRunningExpressApp().AppDataSource.createQueryRunner()
            await queryRunner.connect()

            const sessionUser = req.user as LoggedInUser | undefined
            if (!sessionUser) {
                throw new InternalFlowiseError(StatusCodes.UNAUTHORIZED, UserErrorMessage.USER_NOT_FOUND)
            }

            const query = req.query as Partial<User>
            const userService = new UserService()

            let user: User | null
            if (query.id) {
                await assertMayReadTargetUser(sessionUser, query.id, queryRunner)
                user = await userService.readUserById(query.id, queryRunner)
                if (!user) throw new InternalFlowiseError(StatusCodes.NOT_FOUND, UserErrorMessage.USER_NOT_FOUND)
            } else if (query.email) {
                const emailLc = query.email.trim().toLowerCase()
                const selfEmail = sessionUser.email?.trim().toLowerCase()
                if (!selfEmail || emailLc !== selfEmail) {
                    const byEmail = await userService.readUserByEmail(query.email, queryRunner)
                    if (!byEmail) throw new InternalFlowiseError(StatusCodes.NOT_FOUND, UserErrorMessage.USER_NOT_FOUND)
                    await assertMayReadTargetUser(sessionUser, byEmail.id, queryRunner)
                    user = byEmail
                } else {
                    user = await userService.readUserByEmail(query.email, queryRunner)
                    if (!user) throw new InternalFlowiseError(StatusCodes.NOT_FOUND, UserErrorMessage.USER_NOT_FOUND)
                }
            } else {
                throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, GeneralErrorMessage.UNHANDLED_EDGE_CASE)
            }

            if (user) {
                delete user.credential
                delete user.tempToken
                delete user.tokenExpiry
            }
            return res.status(StatusCodes.OK).json(user)
        } catch (error) {
            next(error)
        } finally {
            if (queryRunner) await queryRunner.release()
        }
    }

    public async update(req: Request, res: Response, next: NextFunction) {
        try {
            const currentUser = req.user
            if (!currentUser) {
                throw new InternalFlowiseError(StatusCodes.UNAUTHORIZED, UserErrorMessage.USER_NOT_FOUND)
            }
            const { id } = req.body
            if (currentUser.id !== id) {
                throw new InternalFlowiseError(StatusCodes.FORBIDDEN, UserErrorMessage.USER_NOT_FOUND)
            }
            const accountService = new AccountService()
            const result = await accountService.updateAuthenticatedUserProfile(currentUser.id, req.body, (userId, newEmail) =>
                accountService.syncStripeCustomerEmailAfterUserEmailChange(userId, newEmail)
            )
            return res.status(StatusCodes.OK).json(result)
        } catch (error) {
            next(error)
        }
    }

    public async test(req: Request, res: Response, next: NextFunction) {
        try {
            return res.status(StatusCodes.OK).json({ message: 'Hello World' })
        } catch (error) {
            next(error)
        }
    }
}