Hornwitser
753da6d3d4
Store events that are to be broadcasted in the database, and fetch events to serve in the /api/event stream to the client from the database. This ensures that events are not lost if the operation to open the stream takes longer than usual, or the client was not connected at the time the event was broadcast. To ensure no events are lost in the transition from server generating the page to the client hydrating and establishing a connection with the event stream, the /api/last-event-id endpoint is first queried on the server before any other entities is fetched from the database. The client then passes this id when establishing the event stream, and receives all events greater than that id.
81 lines
2.1 KiB
TypeScript
81 lines
2.1 KiB
TypeScript
/*
|
|
SPDX-FileCopyrightText: © 2025 Hornwitser <code@hornwitser.no>
|
|
SPDX-License-Identifier: AGPL-3.0-or-later
|
|
*/
|
|
import { nextEventId, readSessions, readUsers, writeSessions, writeUsers } from "~/server/database";
|
|
import { apiUserPatchSchema } from "~/shared/types/api";
|
|
import { z } from "zod/v4-mini";
|
|
import { broadcastEvent } from "~/server/streams";
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
await requireServerSessionWithAdmin(event);
|
|
const { success, error, data: patch } = apiUserPatchSchema.safeParse(await readBody(event));
|
|
if (!success) {
|
|
throw createError({
|
|
status: 400,
|
|
statusText: "Bad Request",
|
|
message: z.prettifyError(error),
|
|
});
|
|
}
|
|
|
|
const users = await readUsers();
|
|
const user = users.find(user => user.id === patch.id);
|
|
if (!user || user.deleted) {
|
|
throw createError({
|
|
status: 409,
|
|
statusText: "Conflict",
|
|
message: "User does not exist",
|
|
});
|
|
|
|
}
|
|
|
|
let accessChanged = false;
|
|
if (patch.type && patch.type !== user.type) {
|
|
if (patch.type === "anonymous" || user.type === "anonymous") {
|
|
throw createError({
|
|
status: 409,
|
|
statusText: "Conflict",
|
|
message: "Anonymous user type cannot be changed.",
|
|
});
|
|
}
|
|
user.type = patch.type;
|
|
accessChanged = true;
|
|
}
|
|
if (patch.name) {
|
|
if (user.type === "anonymous") {
|
|
throw createError({
|
|
status: 409,
|
|
statusText: "Conflict",
|
|
message: "Anonymous user cannot have name set.",
|
|
});
|
|
}
|
|
user.name = patch.name;
|
|
}
|
|
user.updatedAt = new Date().toISOString();
|
|
await writeUsers(users);
|
|
broadcastEvent({
|
|
id: await nextEventId(),
|
|
type: "user-update",
|
|
data: serverUserToApi(user),
|
|
});
|
|
|
|
// Rotate sessions with the user in it if the access changed
|
|
if (accessChanged) {
|
|
const sessions = await readSessions();
|
|
const nowMs = Date.now();
|
|
for (const session of sessions) {
|
|
if (session.accountId === user.id) {
|
|
session.rotatesAtMs = nowMs;
|
|
broadcastEvent({
|
|
id: await nextEventId(),
|
|
type: "session-expired",
|
|
sessionId: session.id,
|
|
});
|
|
}
|
|
}
|
|
await writeSessions(sessions);
|
|
}
|
|
|
|
// Update Schedule counts.
|
|
await updateScheduleInterestedCounts(users);
|
|
})
|