@etus/bhono-app 0.1.5 → 0.1.7

package/templates/base/src/server/services/users.ts

@@ -1,13 +1,12 @@
 // src/services/users.ts
-import { eq, and, isNull, isNotNull, sql } from 'drizzle-orm'
-import type { Database } from '../db/client'
-import { users, userAccounts, type UserRecord } from '../db/schema'
+import type { UserRecord } from '../db/records'
 import { logAudit } from '../lib/audit'
 import { auditedUpdate, auditedDelete } from '../lib/audited-db'
 import { createPaginationMeta, calculateOffset } from '../lib/pagination'
 import { NotFoundError } from '../lib/errors'
 import type { ServiceContext, PaginationQuery, PaginatedResponse, User } from '../types'
 import type { Role } from '../auth/roles'
+import { execute, queryAll, queryOne, toStringValue, toNullableString, type SqlRow, type SqlParams } from '../db/sql'
 
 // NOTE: CreateUserInput is commented out since user creation is disabled
 // (users should only be created through Google OAuth)
@@ -17,334 +16,425 @@ interface UpdateUserInput {
   status?: 'active' | 'inactive'
 }
 
-export const usersService = {
-  async findAll(
-    db: Database,
-    ctx: ServiceContext,
-    pagination: PaginationQuery
-  ): Promise<PaginatedResponse<User>> {
-    const offset = calculateOffset(pagination.page, pagination.limit)
-
-    // Build base query conditions
-    const conditions = [isNull(users.deletedAt)]
 
-    // Non-super-admin sees only users in their account
-    if (!ctx.user.isSuperAdmin) {
-      const userIdsInAccount = db
-        .select({ userId: userAccounts.userId })
-        .from(userAccounts)
-        .where(eq(userAccounts.accountId, ctx.accountId))
-
-      conditions.push(sql`${users.id} IN ${userIdsInAccount}`)
+const USER_SELECT_COLUMNS = `
+  id,
+  google_id as googleId,
+  email,
+  name,
+  avatar_url as avatarUrl,
+  status,
+  provider_ids as providerIds,
+  is_super_admin as isSuperAdmin,
+  created_at as createdAt,
+  updated_at as updatedAt,
+  deleted_at as deletedAt
+`
+
+
+function parseProviderIds(value: unknown): string[] {
+  if (!value) return []
+  if (Array.isArray(value)) return value.map((item) => String(item))
+  if (typeof value === 'string') {
+    try {
+      const parsed = JSON.parse(value) as unknown
+      if (Array.isArray(parsed)) {
+        return parsed.map((item) => String(item))
+      }
+    } catch {
+      return []
     }
+  }
+  return []
+}
 
-    // Add search filter if provided
-    if (pagination.query) {
-      conditions.push(
-        sql`(${users.email} LIKE ${'%' + pagination.query + '%'} OR ${users.name} LIKE ${'%' + pagination.query + '%'})`
-      )
-    }
+function toBoolean(value: unknown): boolean {
+  if (typeof value === 'boolean') return value
+  if (typeof value === 'number') return value !== 0
+  if (typeof value === 'string') return value === '1' || value.toLowerCase() === 'true'
+  return false
+}
 
-    // Get total count
-    const countResults = await db
-      .select({ count: sql<number>`count(*)` })
-      .from(users)
-      .where(and(...conditions))
-
-    const totalItems = countResults.at(0)?.count ?? 0
-
-    // Get paginated data
-    const data = await db
-      .select()
-      .from(users)
-      .where(and(...conditions))
-      .limit(pagination.limit)
-      .offset(offset)
-      .orderBy(sql`${users.createdAt} DESC`)
-
-    return {
-      data: data.map((u) => ({
-        id: u.id,
-        email: u.email,
-        name: u.name,
-        status: u.status,
-        providerIds: u.providerIds ?? [],
-        isSuperAdmin: u.isSuperAdmin,
-        createdAt: u.createdAt,
-        updatedAt: u.updatedAt,
-        deletedAt: u.deletedAt,
-      })),
-      meta: createPaginationMeta(totalItems, pagination.page, pagination.limit),
-    }
-  },
+function mapUserRow(row: SqlRow): UserRecord {
+  const googleId = row.googleId ?? row.google_id
+  const avatarUrl = row.avatarUrl ?? row.avatar_url
+  const providerIds = row.providerIds ?? row.provider_ids
+  const isSuperAdmin = row.isSuperAdmin ?? row.is_super_admin
+  const createdAt = row.createdAt ?? row.created_at
+  const updatedAt = row.updatedAt ?? row.updated_at
+  const deletedAt = row.deletedAt ?? row.deleted_at
+
+  return {
+    id: toStringValue(row.id),
+    googleId: toStringValue(googleId),
+    email: toStringValue(row.email),
+    name: toStringValue(row.name),
+    avatarUrl: toNullableString(avatarUrl),
+    status: row.status === 'inactive' ? 'inactive' : 'active',
+    providerIds: parseProviderIds(providerIds),
+    isSuperAdmin: toBoolean(isSuperAdmin),
+    createdAt: toStringValue(createdAt),
+    updatedAt: toStringValue(updatedAt),
+    deletedAt: toNullableString(deletedAt),
+  }
+}
 
-  async findById(db: Database, ctx: ServiceContext, id: string): Promise<User> {
-    const userResults = await db
-      .select()
-      .from(users)
-      .where(and(eq(users.id, id), isNull(users.deletedAt)))
-      .limit(1)
+function toUser(record: UserRecord): User {
+  return {
+    id: record.id,
+    email: record.email,
+    name: record.name,
+    status: record.status,
+    providerIds: record.providerIds,
+    isSuperAdmin: record.isSuperAdmin,
+    createdAt: record.createdAt,
+    updatedAt: record.updatedAt,
+    deletedAt: record.deletedAt,
+  }
+}
 
-    const userRecord = userResults.at(0)
-    if (!userRecord) {
+async function findAllSql(
+  db: D1Database,
+  ctx: ServiceContext,
+  pagination: PaginationQuery
+): Promise<PaginatedResponse<User>> {
+  const offset = calculateOffset(pagination.page, pagination.limit)
+  const whereClauses: string[] = ['u.deleted_at IS NULL']
+  const params: SqlParams = []
+
+  if (!ctx.user.isSuperAdmin) {
+    whereClauses.push('u.id IN (SELECT user_id FROM user_accounts WHERE account_id = ?)')
+    params.push(ctx.accountId)
+  }
+
+  if (pagination.query) {
+    whereClauses.push('(u.email LIKE ? OR u.name LIKE ?)')
+    const like = `%${pagination.query}%`
+    params.push(like, like)
+  }
+
+  const whereSql = whereClauses.length > 0 ? `WHERE ${whereClauses.join(' AND ')}` : ''
+
+  const countRow = await queryOne<{ count: number }>(
+    db,
+    `SELECT count(*) as count FROM users u ${whereSql}`,
+    params
+  )
+  const totalItems = countRow?.count ?? 0
+
+  const rows = await queryAll(
+    db,
+    `SELECT ${USER_SELECT_COLUMNS}
+     FROM users u
+     ${whereSql}
+     ORDER BY u.created_at DESC
+     LIMIT ? OFFSET ?`,
+    [...params, pagination.limit, offset]
+  )
+
+  return {
+    data: rows.map((row) => toUser(mapUserRow(row))),
+    meta: createPaginationMeta(totalItems, pagination.page, pagination.limit),
+  }
+}
+
+async function findByIdSql(
+  db: D1Database,
+  ctx: ServiceContext,
+  id: string
+): Promise<User> {
+  const row = await queryOne(
+    db,
+    `SELECT ${USER_SELECT_COLUMNS}
+     FROM users u
+     WHERE u.id = ? AND u.deleted_at IS NULL
+     LIMIT 1`,
+    [id]
+  )
+
+  if (!row) {
+    throw new NotFoundError('User')
+  }
+
+  if (!ctx.user.isSuperAdmin) {
+    const membership = await queryOne(
+      db,
+      `SELECT 1 as ok FROM user_accounts WHERE user_id = ? AND account_id = ? LIMIT 1`,
+      [id, ctx.accountId]
+    )
+    if (!membership) {
       throw new NotFoundError('User')
     }
+  }
 
-    // Check user has access (super-admin or same account)
-    if (!ctx.user.isSuperAdmin) {
-      const membershipResults = await db
-        .select()
-        .from(userAccounts)
-        .where(
-          and(
-            eq(userAccounts.userId, id),
-            eq(userAccounts.accountId, ctx.accountId)
-          )
-        )
-        .limit(1)
-
-      const membership = membershipResults.at(0)
-      if (!membership) {
-        throw new NotFoundError('User')
-      }
-    }
+  return toUser(mapUserRow(row))
+}
 
-    return {
-      id: userRecord.id,
-      email: userRecord.email,
-      name: userRecord.name,
-      status: userRecord.status,
-      providerIds: userRecord.providerIds ?? [],
-      isSuperAdmin: userRecord.isSuperAdmin,
-      createdAt: userRecord.createdAt,
-      updatedAt: userRecord.updatedAt,
-      deletedAt: userRecord.deletedAt,
-    }
-  },
+async function updateSql(
+  db: D1Database,
+  ctx: ServiceContext,
+  id: string,
+  input: UpdateUserInput
+): Promise<User> {
+  await findByIdSql(db, ctx, id)
+
+  const updates: Record<string, unknown> = {
+    updated_at: new Date().toISOString(),
+    updated_by_id: ctx.user.id,
+  }
+  if (input.name !== undefined) updates.name = input.name
+  if (input.status !== undefined) updates.status = input.status
+
+  const results = await auditedUpdate<UserRecord>(
+    db,
+    ctx,
+    'users',
+    updates,
+    { clause: 'id = ?', params: [id] }
+  )
+
+  const updated = results.at(0)
+  if (!updated) {
+    throw new Error('Failed to update user')
+  }
+
+  return toUser(mapUserRow(updated as unknown as SqlRow))
+}
+
+async function deleteSql(db: D1Database, ctx: ServiceContext, id: string): Promise<void> {
+  await findByIdSql(db, ctx, id)
+  await auditedDelete(db, ctx, 'users', { clause: 'id = ?', params: [id] })
+}
 
-  // NOTE: User creation is disabled - users should only be created through Google OAuth
-  // If you need to manually create users, add googleId to the CreateUserInput interface
-  // and ensure the googleId is provided when creating users.
-  /*
-  async create(ctx: ServiceContext, input: CreateUserInput): Promise<User> {
-    // Check email doesn't already exist
-    const [existing] = await db
-      .select()
-      .from(users)
-      .where(eq(users.email, input.email))
-      .limit(1)
+async function restoreSql(db: D1Database, ctx: ServiceContext, id: string): Promise<User> {
+  const row = await queryOne(
+    db,
+    `SELECT ${USER_SELECT_COLUMNS}
+     FROM users u
+     WHERE u.id = ? AND u.deleted_at IS NOT NULL
+     LIMIT 1`,
+    [id]
+  )
+
+  if (!row) {
+    throw new NotFoundError('User not found or not deleted')
+  }
+
+  const restored = await auditedUpdate<UserRecord>(
+    db,
+    ctx,
+    'users',
+    { deleted_at: null, deleted_by_id: null },
+    { clause: 'id = ?', params: [id] }
+  )
+
+  const restoredRow = restored.at(0)
+  if (!restoredRow) {
+    throw new NotFoundError('Failed to restore user')
+  }
+
+  return toUser(mapUserRow(restoredRow as unknown as SqlRow))
+}
+
+async function listRolesSql(
+  db: D1Database,
+  ctx: ServiceContext,
+  userId: string
+): Promise<{ accountId: string; role: Role }[]> {
+  await findByIdSql(db, ctx, userId)
+
+  const rows = await queryAll(
+    db,
+    `SELECT account_id as accountId, role
+     FROM user_accounts
+     WHERE user_id = ?`,
+    [userId]
+  )
+
+  return rows.map((row) => ({
+    accountId: toStringValue(row.accountId ?? row.account_id),
+    role: toStringValue(row.role) as Role,
+  }))
+}
+
+async function updateRoleSql(
+  db: D1Database,
+  ctx: ServiceContext,
+  userId: string,
+  accountId: string,
+  role: Role
+): Promise<void> {
+  await findByIdSql(db, ctx, userId)
+
+  const membership = await queryOne(
+    db,
+    `SELECT role FROM user_accounts WHERE user_id = ? AND account_id = ? LIMIT 1`,
+    [userId, accountId]
+  )
+
+  if (!membership) {
+    throw new NotFoundError('User not found in account')
+  }
+
+  await execute(
+    db,
+    `UPDATE user_accounts SET role = ? WHERE user_id = ? AND account_id = ?`,
+    [role, userId, accountId]
+  )
+
+  await logAudit(db, ctx, 'UserAccount', `${userId}-${accountId}`, 'UPDATE', { role })
+}
+
+async function removeFromAccountSql(
+  db: D1Database,
+  ctx: ServiceContext,
+  userId: string,
+  accountId: string
+): Promise<void> {
+  await findByIdSql(db, ctx, userId)
+
+  await execute(
+    db,
+    `DELETE FROM user_accounts WHERE user_id = ? AND account_id = ?`,
+    [userId, accountId]
+  )
+
+  await logAudit(db, ctx, 'UserAccount', `${userId}-${accountId}`, 'DELETE', {
+    userId,
+    accountId,
+  })
+}
+
+async function createUserAccountsSql(
+  db: D1Database,
+  ctx: ServiceContext,
+  items: { userId: string; accountId: string; role: Role }[]
+): Promise<{ success: boolean; count: number }> {
+  let count = 0
+
+  for (const item of items) {
+    const existing = await queryOne(
+      db,
+      `SELECT role FROM user_accounts WHERE user_id = ? AND account_id = ? LIMIT 1`,
+      [item.userId, item.accountId]
+    )
 
     if (existing) {
-      throw new ConflictError('User with this email already exists')
+      await execute(
+        db,
+        `UPDATE user_accounts SET role = ? WHERE user_id = ? AND account_id = ?`,
+        [item.role, item.userId, item.accountId]
+      )
+    } else {
+      await execute(
+        db,
+        `INSERT INTO user_accounts (user_id, account_id, role) VALUES (?, ?, ?)`,
+        [item.userId, item.accountId, item.role]
+      )
     }
 
-    // Create user
-    const [userRecord] = await db
-      .insert(users)
-      .values({
-        email: input.email,
-        name: input.name,
-        status: 'active',
-        createdById: ctx.user.id,
-        updatedById: ctx.user.id,
-      })
-      .returning()
-
-    // Create user-account relationship
-    await db.insert(userAccounts).values({
-      userId: userRecord.id,
-      accountId: ctx.accountId,
-      role: input.role,
+    count++
+
+    await logAudit(db, ctx, 'UserAccount', `${item.userId}-${item.accountId}`, 'INSERT', {
+      userId: item.userId,
+      accountId: item.accountId,
+      role: item.role,
     })
+  }
 
-    // Log audit
-    await logAudit(db, ctx, 'User', userRecord.id, 'INSERT', userRecord)
-
-    return {
-      id: userRecord.id,
-      email: userRecord.email,
-      name: userRecord.name,
-      status: userRecord.status,
-      providerIds: userRecord.providerIds ?? [],
-      isSuperAdmin: userRecord.isSuperAdmin,
-      createdAt: userRecord.createdAt,
-      updatedAt: userRecord.updatedAt,
-      deletedAt: userRecord.deletedAt,
-    }
-  },
-  */
+  return { success: true, count }
+}
 
-  async update(db: Database, ctx: ServiceContext, id: string, input: UpdateUserInput): Promise<User> {
-    // Verify user exists and accessible
-    await this.findById(db, ctx, id)
+async function deleteUserAccountsSql(
+  db: D1Database,
+  ctx: ServiceContext,
+  items: { userId: string; accountId: string; role: Role }[]
+): Promise<{ success: boolean; count: number }> {
+  let count = 0
 
-    // Update user with audit
-    const updateResults = await auditedUpdate<UserRecord>(
+  for (const item of items) {
+    await execute(
       db,
-      ctx,
-      users,
-      {
-        ...input,
-        updatedAt: new Date().toISOString(),
-        updatedById: ctx.user.id,
-      },
-      eq(users.id, id)
+      `DELETE FROM user_accounts WHERE user_id = ? AND account_id = ?`,
+      [item.userId, item.accountId]
     )
 
-    const userRecord: UserRecord | undefined = updateResults.at(0)
-    if (!userRecord) {
-      throw new Error('Failed to update user')
-    }
+    count++
 
-    return {
-      id: userRecord.id,
-      email: userRecord.email,
-      name: userRecord.name,
-      status: userRecord.status,
-      providerIds: userRecord.providerIds ?? [],
-      isSuperAdmin: userRecord.isSuperAdmin,
-      createdAt: userRecord.createdAt,
-      updatedAt: userRecord.updatedAt,
-      deletedAt: userRecord.deletedAt,
-    }
-  },
+    await logAudit(db, ctx, 'UserAccount', `${item.userId}-${item.accountId}`, 'DELETE', {
+      userId: item.userId,
+      accountId: item.accountId,
+    })
+  }
 
-  async delete(db: Database, ctx: ServiceContext, id: string): Promise<void> {
-    // Verify user exists and accessible
-    await this.findById(db, ctx, id)
+  return { success: true, count }
+}
 
-    // Soft delete with audit
-    await auditedDelete(db, ctx, users, eq(users.id, id))
+export const usersService = {
+  async findAll(
+    db: D1Database,
+    ctx: ServiceContext,
+    pagination: PaginationQuery
+  ): Promise<PaginatedResponse<User>> {
+    return findAllSql(db, ctx, pagination)
   },
 
-  // Bulk User-Account Operations
-  async createUserAccounts(
-    db: Database,
-    ctx: ServiceContext,
-    items: { userId: string; accountId: string; role: Role }[]
-  ): Promise<{ success: boolean; count: number }> {
-    let count = 0
-
-    for (const item of items) {
-      // Check if relationship already exists
-      const existingResults = await db
-        .select()
-        .from(userAccounts)
-        .where(
-          and(
-            eq(userAccounts.userId, item.userId),
-            eq(userAccounts.accountId, item.accountId)
-          )
-        )
-        .limit(1)
-
-      const existing = existingResults.at(0)
-      if (existing) {
-        // Update existing role
-        await db
-          .update(userAccounts)
-          .set({ role: item.role })
-          .where(
-            and(
-              eq(userAccounts.userId, item.userId),
-              eq(userAccounts.accountId, item.accountId)
-            )
-          )
-      } else {
-        // Create new relationship
-        await db.insert(userAccounts).values({
-          userId: item.userId,
-          accountId: item.accountId,
-          role: item.role,
-        })
-      }
+  async findById(db: D1Database, ctx: ServiceContext, id: string): Promise<User> {
+    return findByIdSql(db, ctx, id)
+  },
 
-      count++
+  async update(db: D1Database, ctx: ServiceContext, id: string, input: UpdateUserInput): Promise<User> {
+    return updateSql(db, ctx, id, input)
+  },
 
-      // Log audit
-      await logAudit(db, ctx, 'UserAccount', `${item.userId}-${item.accountId}`, 'INSERT', {
-        userId: item.userId,
-        accountId: item.accountId,
-        role: item.role,
-      })
-    }
+  async delete(db: D1Database, ctx: ServiceContext, id: string): Promise<void> {
+    await deleteSql(db, ctx, id)
+  },
 
-    return { success: true, count }
+  async restore(db: D1Database, ctx: ServiceContext, id: string): Promise<User> {
+    return restoreSql(db, ctx, id)
   },
 
-  async deleteUserAccounts(
-    db: Database,
+  async listUserRoles(
+    db: D1Database,
     ctx: ServiceContext,
-    items: { userId: string; accountId: string; role: Role }[]
-  ): Promise<{ success: boolean; count: number }> {
-    let count = 0
-
-    for (const item of items) {
-      await db
-        .delete(userAccounts)
-        .where(
-          and(
-            eq(userAccounts.userId, item.userId),
-            eq(userAccounts.accountId, item.accountId)
-          )
-        )
-
-      count++
-
-      // Log audit
-      await logAudit(db, ctx, 'UserAccount', `${item.userId}-${item.accountId}`, 'DELETE', {
-        userId: item.userId,
-        accountId: item.accountId,
-      })
-    }
-
-    return { success: true, count }
+    userId: string
+  ): Promise<{ accountId: string; role: Role }[]> {
+    return listRolesSql(db, ctx, userId)
   },
 
-  async restore(
-    db: Database,
+  async updateRole(
+    db: D1Database,
     ctx: ServiceContext,
-    id: string
-  ): Promise<User> {
-    // Find deleted record
-    const recordResults = await db
-      .select()
-      .from(users)
-      .where(and(
-        eq(users.id, id),
-        isNotNull(users.deletedAt)
-      ))
-      .limit(1)
-
-    const record = recordResults.at(0)
-    if (!record) {
-      throw new NotFoundError('User not found or not deleted')
-    }
+    userId: string,
+    accountId: string,
+    role: Role
+  ): Promise<void> {
+    await updateRoleSql(db, ctx, userId, accountId, role)
+  },
 
-    // Restore user
-    const restoreResults = await auditedUpdate<UserRecord>(
-      db,
-      ctx,
-      users,
-      { deletedAt: null, deletedById: null },
-      eq(users.id, id)
-    )
+  async removeFromAccount(
+    db: D1Database,
+    ctx: ServiceContext,
+    userId: string,
+    accountId: string
+  ): Promise<void> {
+    await removeFromAccountSql(db, ctx, userId, accountId)
+  },
 
-    const restored: UserRecord | undefined = restoreResults.at(0)
-    if (!restored) {
-      throw new NotFoundError('Failed to restore user')
-    }
+  async createUserAccounts(
+    db: D1Database,
+    ctx: ServiceContext,
+    items: { userId: string; accountId: string; role: Role }[]
+  ): Promise<{ success: boolean; count: number }> {
+    return createUserAccountsSql(db, ctx, items)
+  },
 
-    return {
-      id: restored.id,
-      email: restored.email,
-      name: restored.name,
-      status: restored.status,
-      providerIds: restored.providerIds ?? [],
-      isSuperAdmin: restored.isSuperAdmin,
-      createdAt: restored.createdAt,
-      updatedAt: restored.updatedAt,
-      deletedAt: restored.deletedAt,
-    }
+  async deleteUserAccounts(
+    db: D1Database,
+    ctx: ServiceContext,
+    items: { userId: string; accountId: string; role: Role }[]
+  ): Promise<{ success: boolean; count: number }> {
+    return deleteUserAccountsSql(db, ctx, items)
   },
 }