feat(api,cli): user store

Author: heiytor

api/services/auth.go

@@ -16,6 +16,7 @@ import (
 	"time"
 
 	"github.com/cnf/structhash"
+	"github.com/shellhub-io/shellhub/api/store"
 	"github.com/shellhub-io/shellhub/pkg/api/authorizer"
 	"github.com/shellhub-io/shellhub/pkg/api/jwttoken"
 	"github.com/shellhub-io/shellhub/pkg/api/requests"
@@ -183,19 +184,18 @@ func (s *service) AuthDevice(ctx context.Context, req requests.DeviceAuth, remot
 }
 
 func (s *service) AuthLocalUser(ctx context.Context, req *requests.AuthLocalUser, sourceIP string) (*models.UserAuthResponse, int64, string, error) {
-	if s, err := s.store.SystemGet(ctx); err != nil || !s.Authentication.Local.Enabled {
-		return nil, 0, "", NewErrAuthMethodNotAllowed(models.UserAuthMethodLocal.String())
-	}
-
-	var err error
-	var user *models.User
+	// if s, err := s.store.SystemGet(ctx); err != nil || !s.Authentication.Local.Enabled {
+	// 	return nil, 0, "", NewErrAuthMethodNotAllowed(models.UserAuthMethodLocal.String())
+	// }
 
+	var ident store.UserIdent
 	if req.Identifier.IsEmail() {
-		user, err = s.store.UserGetByEmail(ctx, strings.ToLower(string(req.Identifier)))
+		ident = store.UserIdentEmail
 	} else {
-		user, err = s.store.UserGetByUsername(ctx, strings.ToLower(string(req.Identifier)))
+		ident = store.UserIdentUsername
 	}
 
+	user, err := s.store.UserGet(ctx, ident, strings.ToLower(string(req.Identifier)))
 	if err != nil {
 		return nil, 0, "", NewErrAuthUnathorized(nil)
 	}
@@ -285,15 +285,15 @@ func (s *service) AuthLocalUser(ctx context.Context, req *requests.AuthLocalUser
 	}
 
 	// Updates last_login and the hash algorithm to bcrypt if still using SHA256
-	changes := &models.UserChanges{LastLogin: clock.Now(), PreferredNamespace: &tenantID}
+	user.LastLogin = clock.Now()
+	user.Preferences.PreferredNamespace = tenantID
 	if !strings.HasPrefix(user.PasswordDigest, "$") {
-		if pwdDigest, _ := hash.Do(req.Password); pwdDigest != "" {
-			changes.Password = pwdDigest
-		}
+		pwdDigest, _ := hash.Do(req.Password)
+		user.PasswordDigest = pwdDigest
 	}
 
 	// TODO: evaluate make this update in a go routine.
-	if err := s.store.UserUpdate(ctx, user.ID, changes); err != nil {
+	if err := s.store.UserSave(ctx, user); err != nil {
 		return nil, 0, "", NewErrUserUpdate(user, err)
 	}
 
@@ -322,7 +322,7 @@ func (s *service) AuthLocalUser(ctx context.Context, req *requests.AuthLocalUser
 }
 
 func (s *service) CreateUserToken(ctx context.Context, req *requests.CreateUserToken) (*models.UserAuthResponse, error) {
-	user, _, err := s.store.UserGetByID(ctx, req.UserID, false)
+	user, err := s.store.UserGet(ctx, store.UserIdentID, req.UserID)
 	if err != nil {
 		return nil, NewErrUserNotFound(req.UserID, err)
 	}
@@ -366,7 +366,8 @@ func (s *service) CreateUserToken(ctx context.Context, req *requests.CreateUserT
 		role = member.Role.String()
 
 		if user.Preferences.PreferredNamespace != namespace.TenantID {
-			_ = s.store.UserUpdate(ctx, user.ID, &models.UserChanges{PreferredNamespace: &tenantID})
+			user.Preferences.PreferredNamespace = namespace.TenantID
+			_ = s.store.Save(ctx, user)
 		}
 	}
 

api/services/member.go

@@ -53,7 +53,7 @@ func (s *service) AddNamespaceMember(ctx context.Context, req *requests.Namespac
 		return nil, NewErrNamespaceNotFound(req.TenantID, err)
 	}
 
-	user, _, err := s.store.UserGetByID(ctx, req.UserID, false)
+	user, err := s.store.UserGet(ctx, store.UserIdentID, req.UserID)
 	if err != nil || user == nil {
 		return nil, NewErrUserNotFound(req.UserID, err)
 	}
@@ -71,17 +71,18 @@ func (s *service) AddNamespaceMember(ctx context.Context, req *requests.Namespac
 	// In cloud instances, if the target user does not exist, we need to create a new user
 	// with the specified email. We use the inserted ID to identify the user once they complete
 	// the registration and accepts the invitation.
-	passiveUser, err := s.store.UserGetByEmail(ctx, strings.ToLower(req.MemberEmail))
+	passiveUser, err := s.store.UserGet(ctx, store.UserIdentEmail, strings.ToLower(req.MemberEmail))
 	if err != nil {
-		if !envs.IsCloud() || !errors.Is(err, store.ErrNoDocuments) {
-			return nil, NewErrUserNotFound(req.MemberEmail, err)
-		}
-
-		passiveUser = &models.User{}
-		passiveUser.ID, err = s.store.UserCreateInvited(ctx, strings.ToLower(req.MemberEmail))
-		if err != nil {
-			return nil, err
-		}
+		return nil, NewErrUserNotFound(req.MemberEmail, err)
+		// if !envs.IsCloud() || !errors.Is(err, store.ErrNoDocuments) {
+		// 	return nil, NewErrUserNotFound(req.MemberEmail, err)
+		// }
+
+		// passiveUser = &models.User{}
+		// passiveUser.ID, err = s.store.UserCreateInvited(ctx, strings.ToLower(req.MemberEmail))
+		// if err != nil {
+		// 	return nil, err
+		// }
 	}
 
 	// In cloud instances, if a member exists and their status is pending and the expiration date is reached,
@@ -161,7 +162,7 @@ func (s *service) UpdateNamespaceMember(ctx context.Context, req *requests.Names
 		return NewErrNamespaceNotFound(req.TenantID, err)
 	}
 
-	user, _, err := s.store.UserGetByID(ctx, req.UserID, false)
+	user, err := s.store.UserGet(ctx, store.UserIdentID, req.UserID)
 	if err != nil {
 		return NewErrUserNotFound(req.UserID, err)
 	}
@@ -198,7 +199,7 @@ func (s *service) RemoveNamespaceMember(ctx context.Context, req *requests.Names
 		return nil, NewErrNamespaceNotFound(req.TenantID, err)
 	}
 
-	user, _, err := s.store.UserGetByID(ctx, req.UserID, false)
+	user, err := s.store.UserGet(ctx, store.UserIdentID, req.UserID)
 	if err != nil {
 		return nil, NewErrUserNotFound(req.UserID, err)
 	}
@@ -237,11 +238,17 @@ func (s *service) LeaveNamespace(ctx context.Context, req *requests.LeaveNamespa
 		return nil, NewErrNamespaceNotFound(req.TenantID, err)
 	}
 
-	if m, ok := ns.FindMember(req.UserID); !ok || m.Role == authorizer.RoleOwner {
+	user, err := s.store.UserGet(ctx, store.UserIdentID, req.UserID)
+	if err != nil || user == nil {
+		return nil, NewErrUserNotFound(req.UserID, err)
+	}
+
+	member, ok := ns.FindMember(user.ID)
+	if !ok || member.Role == authorizer.RoleOwner {
 		return nil, NewErrAuthForbidden()
 	}
 
-	if err := s.removeMember(ctx, ns, req.UserID); err != nil { //nolint:revive
+	if err := s.removeMember(ctx, ns, user.ID); err != nil { //nolint:revive
 		return nil, err
 	}
 
@@ -251,8 +258,8 @@ func (s *service) LeaveNamespace(ctx context.Context, req *requests.LeaveNamespa
 		return nil, nil
 	}
 
-	emptyString := "" // just to be used as a pointer
-	if err := s.store.UserUpdate(ctx, req.UserID, &models.UserChanges{PreferredNamespace: &emptyString}); err != nil {
+	user.Preferences.PreferredNamespace = ""
+	if err := s.store.Save(ctx, user); err != nil {
 		log.WithError(err).
 			WithField("tenant_id", req.TenantID).
 			WithField("user_id", req.UserID).

api/services/namespace.go

@@ -25,7 +25,7 @@ type NamespaceService interface {
 
 // CreateNamespace creates a new namespace.
 func (s *service) CreateNamespace(ctx context.Context, req *requests.NamespaceCreate) (*models.Namespace, error) {
-	user, _, err := s.store.UserGetByID(ctx, req.UserID, false)
+	user, err := s.store.UserGet(ctx, store.UserIdentID, req.UserID)
 	if err != nil || user == nil {
 		return nil, NewErrUserNotFound(req.UserID, err)
 	}

api/services/setup.go

@@ -83,7 +83,7 @@ func (s *service) Setup(ctx context.Context, req requests.Setup) error {
 	}
 
 	if _, err = s.store.NamespaceCreate(ctx, namespace); err != nil {
-		if err := s.store.UserDelete(ctx, insertedID); err != nil {
+		if err := s.store.Delete(ctx, insertedID); err != nil {
 			return NewErrUserDelete(err)
 		}
 

api/services/user.go

@@ -4,9 +4,12 @@ import (
 	"context"
 	"strings"
 
+	"github.com/shellhub-io/shellhub/api/store"
 	"github.com/shellhub-io/shellhub/pkg/api/requests"
 	"github.com/shellhub-io/shellhub/pkg/hash"
 	"github.com/shellhub-io/shellhub/pkg/models"
+	"golang.org/x/text/cases"
+	"golang.org/x/text/language"
 )
 
 type UserService interface {
@@ -23,7 +26,7 @@ type UserService interface {
 }
 
 func (s *service) UpdateUser(ctx context.Context, req *requests.UpdateUser) ([]string, error) {
-	user, _, err := s.store.UserGetByID(ctx, req.UserID, false)
+	user, err := s.store.UserGet(ctx, store.UserIdentID, req.UserID)
 	if err != nil {
 		return []string{}, NewErrUserNotFound(req.UserID, nil)
 	}
@@ -38,11 +41,20 @@ func (s *service) UpdateUser(ctx context.Context, req *requests.UpdateUser) ([]s
 		return conflicts, NewErrUserDuplicated(conflicts, nil)
 	}
 
-	changes := &models.UserChanges{
-		Name:          req.Name,
-		Username:      strings.ToLower(req.Username),
-		Email:         strings.ToLower(req.Email),
-		RecoveryEmail: strings.ToLower(req.RecoveryEmail),
+	if req.Name != "" {
+		user.Name = cases.Title(language.AmericanEnglish).String(strings.ToLower(req.Name))
+	}
+
+	if req.Username != "" {
+		user.Username = strings.ToLower(req.Username)
+	}
+
+	if req.Email != "" {
+		user.Email = strings.ToLower(req.Email)
+	}
+
+	if req.RecoveryEmail != "" {
+		user.Preferences.RecoveryEmail = strings.ToLower(req.RecoveryEmail)
 	}
 
 	if req.Password != "" {
@@ -52,10 +64,10 @@ func (s *service) UpdateUser(ctx context.Context, req *requests.UpdateUser) ([]s
 		}
 
 		pwdDigest, _ := hash.Do(req.Password)
-		changes.Password = pwdDigest
+		user.PasswordDigest = pwdDigest
 	}
 
-	if err := s.store.UserUpdate(ctx, req.UserID, changes); err != nil {
+	if err := s.store.UserSave(ctx, user); err != nil {
 		return []string{}, NewErrUserUpdate(user, err)
 	}
 
@@ -66,7 +78,7 @@ func (s *service) UpdateUser(ctx context.Context, req *requests.UpdateUser) ([]s
 //
 // Deprecated, use [Service.UpdateUser] instead.
 func (s *service) UpdatePasswordUser(ctx context.Context, id, currentPassword, newPassword string) error {
-	user, _, err := s.store.UserGetByID(ctx, id, false)
+	user, err := s.store.UserGet(ctx, store.UserIdentID, id)
 	if user == nil {
 		return NewErrUserNotFound(id, err)
 	}
@@ -80,7 +92,9 @@ func (s *service) UpdatePasswordUser(ctx context.Context, id, currentPassword, n
 		return NewErrUserPasswordInvalid(err)
 	}
 
-	if err := s.store.UserUpdate(ctx, id, &models.UserChanges{Password: pwdDigest}); err != nil {
+	user.PasswordDigest = pwdDigest
+
+	if err := s.store.UserSave(ctx, user); err != nil {
 		return NewErrUserUpdate(user, err)
 	}
 

api/store/pg/internal/dbtest/fixtures/.keep

@@ -0,0 +1,18 @@
+- model: User
+  rows:
+    - id: 0195cefa-aa01-7efb-8098-c9c173056250
+      created_at: 2025-01-15T10:30:00+00:00
+      updated_at: 2025-01-15T10:30:00+00:00
+      last_login: null
+      status: confirmed
+      origin: local
+      external_id: ""
+      name: Jonh Doe
+      username: john_doe
+      email: [email protected]
+      security_email: [email protected]
+      password_digest: "$2y$12$VVm2ETx7AvaGlfMYqNYK9uzU2M45YZ70YnT..O.s1o2zdE1pekhq6"
+      auth_methods: [ local ]
+      namespace_ownership_limit: -1
+      email_marketing: true
+      preferred_namespace_id: null

api/store/pg/internal/dbtest/fixtures/users.yaml

@@ -0,0 +1,106 @@
+package entity
+
+import (
+	"time"
+
+	"github.com/shellhub-io/shellhub/pkg/models"
+	"github.com/uptrace/bun"
+)
+
+type User struct {
+	bun.BaseModel `bun:"table:users"`
+
+	ID             string          `bun:"id,pk,type:uuid"`
+	CreatedAt      time.Time       `bun:"created_at"`
+	UpdatedAt      time.Time       `bun:"updated_at"`
+	LastLogin      time.Time       `bun:"last_login,nullzero"`
+	Origin         string          `bun:"origin"`
+	ExternalID     string          `bun:"external_id,nullzero"`
+	Status         string          `bun:"status"`
+	Name           string          `bun:"name"`
+	Username       string          `bun:"username"`
+	Email          string          `bun:"email"`
+	PasswordDigest string          `bun:"password_digest"`
+	Preferences    UserPreferences `bun:"embed:"`
+	MFA            UserMFA         `bun:"-"`
+}
+
+type UserPreferences struct {
+	PreferredNamespace string   `bun:"preferred_namespace_id,nullzero"`
+	AuthMethods        []string `bun:"auth_methods,array"`
+	SecurityEmail      string   `bun:"security_email,nullzero"`
+	MaxNamespaces      int      `bun:"namespace_ownership_limit"`
+	EmailMarketing     bool     `bun:"email_marketing"`
+}
+
+type UserMFA struct {
+	Enabled       bool     `bun:"enabled"`
+	Secret        string   `bun:"secret,nullzero"`
+	RecoveryCodes []string `bun:"recovery_codes,nullzero,array"`
+}
+
+func UserFromModel(model *models.User) *User {
+	authMethods := make([]string, len(model.Preferences.AuthMethods))
+	for i, method := range model.Preferences.AuthMethods {
+		authMethods[i] = method.String()
+	}
+
+	return &User{
+		ID:             model.ID,
+		CreatedAt:      model.CreatedAt,
+		UpdatedAt:      model.UpdatedAt,
+		LastLogin:      model.LastLogin,
+		Origin:         model.Origin.String(),
+		ExternalID:     model.ExternalID,
+		Status:         model.Status.String(),
+		Name:           model.Name,
+		Username:       model.Username,
+		Email:          model.Email,
+		PasswordDigest: model.PasswordDigest,
+		Preferences: UserPreferences{
+			PreferredNamespace: model.Preferences.PreferredNamespace,
+			AuthMethods:        authMethods,
+			SecurityEmail:      model.Preferences.RecoveryEmail,
+			MaxNamespaces:      model.MaxNamespaces,
+			EmailMarketing:     model.EmailMarketing,
+		},
+		MFA: UserMFA{
+			Enabled:       model.MFA.Enabled,
+			Secret:        model.MFA.Secret,
+			RecoveryCodes: model.MFA.RecoveryCodes,
+		},
+	}
+}
+
+func UserToModel(entity *User) *models.User {
+	authMethods := make([]models.UserAuthMethod, len(entity.Preferences.AuthMethods))
+	for i, method := range entity.Preferences.AuthMethods {
+		authMethods[i] = models.UserAuthMethod(method)
+	}
+
+	return &models.User{
+		ID:             entity.ID,
+		Origin:         models.UserOrigin(entity.Origin),
+		ExternalID:     entity.ExternalID,
+		Status:         models.UserStatus(entity.Status),
+		MaxNamespaces:  entity.Preferences.MaxNamespaces,
+		CreatedAt:      entity.CreatedAt,
+		UpdatedAt:      entity.UpdatedAt,
+		LastLogin:      entity.LastLogin,
+		EmailMarketing: entity.Preferences.EmailMarketing,
+		Name:           entity.Name,
+		Username:       entity.Username,
+		Email:          entity.Email,
+		PasswordDigest: entity.PasswordDigest,
+		MFA: models.UserMFA{
+			Enabled:       entity.MFA.Enabled,
+			Secret:        entity.MFA.Secret,
+			RecoveryCodes: entity.MFA.RecoveryCodes,
+		},
+		Preferences: models.UserPreferences{
+			PreferredNamespace: entity.Preferences.PreferredNamespace,
+			AuthMethods:        authMethods,
+			RecoveryEmail:      entity.Preferences.SecurityEmail,
+		},
+	}
+}

api/store/pg/internal/entity/user.go

@@ -0,0 +1,8 @@
+BEGIN;
+
+DROP TYPE IF EXISTS user_origin;
+DROP TYPE IF EXISTS user_status;
+DROP TYPE IF EXISTS user_auth_method;
+DROP TABLE IF EXISTS users;
+
+COMMIT;