@openneuro/server 4.36.0-alpha.0 → 4.36.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openneuro/server",
-  "version": "4.36.0-alpha.0",
+  "version": "4.36.0",
   "description": "Core service for the OpenNeuro platform.",
   "license": "MIT",
   "main": "src/server.js",
@@ -21,7 +21,7 @@
     "@elastic/elasticsearch": "8.13.1",
     "@graphql-tools/schema": "^10.0.0",
     "@keyv/redis": "^2.7.0",
-    "@openneuro/search": "^4.36.0-alpha.0",
+    "@openneuro/search": "^4.36.0",
     "@sentry/node": "^8.25.0",
     "@sentry/profiling-node": "^8.25.0",
     "base64url": "^3.0.0",
@@ -86,5 +86,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "0d754964177331113f4279c48d6c0fae0f59adc2"
+  "gitHead": "ac7fa1782779cfdf1f46c9a5add8865155177b99"
 }

package/src/graphql/resolvers/__tests__/user.spec.ts

@@ -1,27 +1,352 @@
-import { vi } from "vitest"
+import {
+  afterAll,
+  beforeAll,
+  beforeEach,
+  describe,
+  expect,
+  it,
+  vi,
+} from "vitest"
+import { MongoMemoryServer } from "mongodb-memory-server"
+import mongoose, { Types } from "mongoose"
+import User from "../../../models/user"
 import { users } from "../user.js"
+import type { GraphQLContext } from "../user.js"
 
 vi.mock("ioredis")
 
+let mongod: MongoMemoryServer
+
+// Test data loaded before each test
+const testUsersSeedData = [
+  {
+    _id: new Types.ObjectId("60f0f0f0f0f0f0f0f0f0f0f1"),
+    id: "u1",
+    email: "atest1@example.com",
+    name: "Alice Admin",
+    admin: true,
+    blocked: false,
+    migrated: false,
+    updatedAt: new Date("2023-01-05T00:00:00.000Z"),
+    providerId: "0000-0000-0000-0001",
+    provider: "orcid",
+    orcid: "0000-0000-0000-0001",
+  },
+  {
+    _id: new Types.ObjectId("60f0f0f0f0f0f0f0f0f0f0f2"),
+    id: "u2",
+    email: "btest2@example.com",
+    name: "Test User",
+    admin: false,
+    blocked: false,
+    migrated: false,
+    updatedAt: new Date("2023-01-04T00:00:00.000Z"),
+    providerId: "google2",
+    provider: "google",
+  },
+  {
+    _id: new Types.ObjectId("60f0f0f0f0f0f0f0f0f0f0f3"),
+    id: "u3",
+    email: "ctest3@example.com",
+    name: "Test User",
+    admin: false,
+    blocked: true,
+    migrated: false,
+    updatedAt: new Date("2023-01-03T00:00:00.000Z"),
+    providerId: "0000-0000-0000-0003",
+    provider: "orcid",
+  },
+  {
+    _id: new Types.ObjectId("60f0f0f0f0f0f0f0f0f0f0f4"),
+    id: "u4",
+    email: "dtest4@example.com",
+    name: "Test Admin User",
+    admin: true,
+    blocked: true,
+    migrated: false,
+    updatedAt: new Date("2023-01-02T00:00:00.000Z"),
+    providerId: "0000-0000-0000-0004",
+    provider: "orcid",
+    orcid: "0000-0000-0000-0004",
+  },
+  {
+    _id: new Types.ObjectId("60f0f0f0f0f0f0f0f0f0f0f5"),
+    id: "u5",
+    email: "etest2@example.com",
+    name: "Test User",
+    admin: false,
+    blocked: false,
+    migrated: true,
+    updatedAt: new Date("2023-01-04T00:00:00.000Z"),
+    providerId: "google2",
+    provider: "google",
+  },
+  {
+    _id: new Types.ObjectId("60f0f0f0f0f0f0f0f0f0f0f6"),
+    id: "u6",
+    email: "ftest6@example.com",
+    name: "Test Admin User",
+    admin: true,
+    blocked: false,
+    migrated: false,
+    updatedAt: new Date("2023-01-06T00:00:00.000Z"),
+    providerId: "orcid6",
+    provider: "orcid",
+    orcid: "0000-0000-0000-0006",
+  }, // Most recent
+  {
+    _id: new Types.ObjectId("60f0f0f0f0f0f0f0f0f0f0f7"),
+    id: "u7",
+    email: "gtest7@example.com",
+    name: "Test User",
+    admin: false,
+    blocked: false,
+    migrated: false,
+    updatedAt: new Date("2023-01-05T00:00:00.000Z"),
+  }, // Same updatedAt as u1, for secondary sort testing
+]
+
+// Admin context for tests
+const adminContext: GraphQLContext = {
+  userInfo: { userId: "admin-user", admin: true, username: "adminUser" },
+}
+// Non-admin context for tests
+const nonAdminContext: GraphQLContext = {
+  userInfo: { userId: "normal-user", admin: false, username: "normalUser" },
+}
+
 describe("user resolvers", () => {
+  beforeAll(async () => {
+    mongod = await MongoMemoryServer.create()
+    const uri = mongod.getUri()
+    await mongoose.connect(uri)
+  })
+
+  afterAll(async () => {
+    await mongoose.disconnect()
+    await mongod.stop()
+  })
+
+  beforeEach(async () => {
+    await User.deleteMany({})
+    await User.insertMany(testUsersSeedData)
+  })
+
   describe("users()", () => {
-    it("throws an error for non-admins", () => {
-      expect(
-        users(
-          null,
-          { id: "3311cfe8-9764-434d-b80e-1b1ee72c686d" },
-          { userInfo: {} },
-        ),
-      ).rejects.toEqual(new Error("You must be a site admin to retrieve users"))
-    })
-    it("throws an error for non-admins", () => {
-      expect(
-        users(
-          null,
-          { id: "0000-0000-0000-000X" },
-          { userInfo: {} },
-        ),
-      ).rejects.toEqual(new Error("You must be a site admin to retrieve users"))
+    it("rejects data for non-admin context", async () => {
+      await expect(users(null, {}, nonAdminContext)).rejects.toThrow(
+        "You must be a site admin to retrieve users",
+      )
+    })
+
+    it("returns all non-migrated users by default, sorted by updatedAt desc then _id desc", async () => {
+      const result = await users(null, {}, adminContext)
+      // u5 is migrated. 6 non-migrated users: u1, u2, u3, u4, u6, u7
+      expect(result.users.length).toBe(6)
+      expect(result.totalCount).toBe(6)
+
+      const dbSortedUsers = await User.find({ migrated: { $ne: true } })
+        .sort({ updatedAt: -1, _id: -1 })
+        .exec()
+      const expectedIds = dbSortedUsers.map((u) => u.id)
+      expect(result.users.map((u) => u.id)).toEqual(expectedIds)
+      // Expected order based on seed data _ids: u6, u7, u1, u2, u3, u4
+      // (u7 _id > u1 _id, so u7 comes before u1 in _id desc sort when updatedAt is same)
+      expect(expectedIds).toEqual(["u6", "u7", "u1", "u2", "u3", "u4"])
+    })
+
+    it("handles pagination with limit", async () => {
+      const dbSortedUsers = await User.find({ migrated: { $ne: true } })
+        .sort({ updatedAt: -1, _id: -1 })
+        .exec()
+      const expectedLimitedIds = dbSortedUsers.slice(0, 2).map((u) => u.id)
+
+      const result = await users(null, { limit: 2 }, adminContext)
+      expect(result.users.length).toBe(2)
+      expect(result.totalCount).toBe(6)
+      expect(result.users.map((u) => u.id)).toEqual(expectedLimitedIds)
+    })
+
+    it("handles pagination with offset", async () => {
+      const dbSortedUsers = await User.find({ migrated: { $ne: true } })
+        .sort({ updatedAt: -1, _id: -1 })
+        .exec()
+      const expectedOffsetIds = dbSortedUsers.slice(4).map((u) => u.id) // Skips 4
+
+      const result = await users(null, { offset: 4 }, adminContext)
+      expect(result.users.length).toBe(2) // Total 6, offset 4, so 2 remaining
+      expect(result.totalCount).toBe(6)
+      expect(result.users.map((u) => u.id)).toEqual(expectedOffsetIds) // Should be ['u3', 'u4']
+    })
+
+    it("handles pagination with limit and offset", async () => {
+      const dbSortedUsers = await User.find({ migrated: { $ne: true } })
+        .sort({ updatedAt: -1, _id: -1 })
+        .exec()
+      const expectedPaginatedIds = dbSortedUsers.slice(1, 1 + 2).map((u) =>
+        u.id
+      ) // Skip 1, take 2
+
+      const result = await users(null, { limit: 2, offset: 1 }, adminContext)
+      expect(result.users.length).toBe(2)
+      expect(result.totalCount).toBe(6)
+      expect(result.users.map((u) => u.id)).toEqual(expectedPaginatedIds) // Should be ['u7', 'u1']
+    })
+
+    it("filters by isAdmin: true", async () => {
+      const result = await users(null, { isAdmin: true }, adminContext)
+      expect(result.users.length).toBe(3)
+      expect(result.totalCount).toBe(3)
+      const ids = result.users.map((u) => u.id)
+      expect(ids).toEqual(expect.arrayContaining(["u1", "u4", "u6"]))
+    })
+
+    it("filters by isAdmin: false", async () => {
+      const result = await users(null, { isAdmin: false }, adminContext)
+      expect(result.users.length).toBe(3)
+      expect(result.totalCount).toBe(3)
+      const ids = result.users.map((u) => u.id)
+      expect(ids).toEqual(expect.arrayContaining(["u2", "u3", "u7"]))
+    })
+
+    it("filters by isBlocked: true", async () => {
+      const result = await users(null, { isBlocked: true }, adminContext)
+      expect(result.users.length).toBe(2)
+      expect(result.totalCount).toBe(2)
+      const ids = result.users.map((u) => u.id)
+      expect(ids).toEqual(expect.arrayContaining(["u3", "u4"]))
+    })
+
+    it("filters by isBlocked: false", async () => {
+      const result = await users(null, { isBlocked: false }, adminContext)
+      // Not blocked (non-migrated): u1, u2, u6, u7 -> 4 users
+      expect(result.users.length).toBe(4)
+      expect(result.totalCount).toBe(4)
+      const ids = result.users.map((u) => u.id)
+      expect(ids).toEqual(expect.arrayContaining(["u1", "u2", "u6", "u7"]))
+    })
+
+    it("searches by name (case-insensitive, partial)", async () => {
+      const result = await users(null, { search: "Alice" }, adminContext)
+      expect(result.users.length).toBe(1)
+      expect(result.totalCount).toBe(1)
+      expect(result.users[0].id).toBe("u1")
+    })
+
+    it("searches by email (case-insensitive, partial)", async () => {
+      const result = await users(
+        null,
+        { search: "btest2@EXAMPLE" },
+        adminContext,
+      )
+      expect(result.users.length).toBe(1)
+      expect(result.totalCount).toBe(1)
+      expect(result.users[0].id).toBe("u2")
+    })
+
+    it("search returns empty if no match", async () => {
+      const result = await users(null, { search: "NoSuchUser" }, adminContext)
+      expect(result.users.length).toBe(0)
+      expect(result.totalCount).toBe(0)
+    })
+
+    it("combines search with other filters (e.g., isAdmin)", async () => {
+      await User.create({
+        _id: new Types.ObjectId(),
+        id: "u8",
+        email: "search_admin@example.com",
+        name: "Searchable Admin",
+        admin: true,
+        blocked: false,
+        migrated: false,
+        updatedAt: new Date("2023-01-07T00:00:00.000Z"),
+      })
+      // Search for "Admin" (matches u1 name, u6 name, u8 name) and isAdmin: true
+      const result = await users(
+        null,
+        { search: "Admin", isAdmin: true },
+        adminContext,
+      )
+      expect(result.users.length).toBe(4) // u1, u6, u8
+      expect(result.totalCount).toBe(4)
+      const ids = result.users.map((u) => u.id)
+      expect(ids).toEqual(expect.arrayContaining(["u1", "u6", "u8"]))
+    })
+
+    it("sorts by name ascending (with _id ascending as secondary)", async () => {
+      const result = await users(null, {
+        orderBy: [{ field: "name", order: "ascending" }],
+      }, adminContext)
+      const dbSortedUsers = await User.find({ migrated: { $ne: true } })
+        .sort({ name: 1, _id: 1 })
+        .exec()
+      expect(result.users.map((u) => u.id)).toEqual(
+        dbSortedUsers.map((u) => u.id),
+      )
+      // Expected: u1, u4, u6, u2, u3, u7
+      expect(dbSortedUsers.map((u) => u.id)).toEqual([
+        "u1",
+        "u4",
+        "u6",
+        "u2",
+        "u3",
+        "u7",
+      ])
+    })
+
+    it("sorts by email descending (with _id descending as secondary)", async () => {
+      const result = await users(null, {
+        orderBy: [{ field: "email", order: "descending" }],
+      }, adminContext)
+      const dbSortedUsers = await User.find({ migrated: { $ne: true } })
+        .sort({ email: -1, _id: -1 })
+        .exec()
+      expect(result.users.map((u) => u.id)).toEqual(
+        dbSortedUsers.map((u) => u.id),
+      )
+      // Expected: u7, u6, u4, u3, u2, u1
+      expect(dbSortedUsers.map((u) => u.id)).toEqual([
+        "u7",
+        "u6",
+        "u4",
+        "u3",
+        "u2",
+        "u1",
+      ])
+    })
+
+    it("handles multiple sort fields specified in orderBy (e.g. admin asc, name asc)", async () => {
+      const result = await users(null, {
+        orderBy: [
+          { field: "admin", order: "ascending" },
+          { field: "name", order: "ascending" },
+        ],
+      }, adminContext)
+      // Mongoose sort: { admin: 1, name: 1, _id: 1 } (since _id is added based on first sort field's order)
+      const dbSortedUsers = await User.find({ migrated: { $ne: true } })
+        .sort({ admin: 1, name: 1, _id: 1 })
+        .exec()
+      expect(result.users.map((u) => u.id)).toEqual(
+        dbSortedUsers.map((u) => u.id),
+      )
+      expect(dbSortedUsers.map((u) => u.id)).toEqual([
+        "u2",
+        "u3",
+        "u7",
+        "u1",
+        "u4",
+        "u6",
+      ])
+    })
+
+    it("correctly calculates totalCount regardless of pagination", async () => {
+      const result = await users(
+        null,
+        { isAdmin: true, limit: 1 },
+        adminContext,
+      )
+      expect(result.users.length).toBe(1)
+      expect(result.totalCount).toBe(3) // u1, u4, u6 are admins
     })
   })
 })

package/src/graphql/resolvers/comment.ts

@@ -105,7 +105,7 @@ export const deleteComment = async (
 const CommentFields = {
   parent: (obj) => comment(obj, { id: obj.parentId }),
   replies,
-  user: (obj) => user(obj, { id: obj.user._id }),
+  user: (obj) => user(obj, { id: obj.user._id }, null),
 }
 
 export default CommentFields

package/src/graphql/resolvers/dataset.ts

@@ -278,7 +278,7 @@ const worker = (obj) => getDatasetWorker(obj.id)
  * Dataset object
  */
 const Dataset = {
-  uploader: (ds) => user(ds, { id: ds.uploader }),
+  uploader: (ds, _, context) => user(ds, { id: ds.uploader }, context),
   draft: async (obj) => {
     const draftHead = await datalad.getDraftHead(obj.id)
     return {

package/src/graphql/resolvers/metadata.ts

@@ -27,7 +27,7 @@ export const metadata = async (
   // TODO - This could be a user object that is resolved with the full type instead of just email
   // Email matches the existing records however and the user object would require other changes
   const adminUsers = []
-  const { userPermissions } = await permissions(dataset)
+  const { userPermissions } = await permissions(dataset, null, context)
   for (const user of userPermissions) {
     if (user.level === "admin") {
       const userObj = await user.user

package/src/graphql/resolvers/permissions.ts

@@ -11,14 +11,14 @@ interface DatasetPermission {
   userPermissions: (PermissionDocument & { user: Promise<UserDocument> })[]
 }
 
-export async function permissions(ds): Promise<DatasetPermission> {
+export async function permissions(ds, _, context): Promise<DatasetPermission> {
   const permissions = await Permission.find({ datasetId: ds.id }).exec()
   return {
     id: ds.id,
     userPermissions: permissions.map(
       (userPermission) => ({
         ...userPermission.toJSON(),
-        user: user(ds, { id: userPermission.userId }),
+        user: user(ds, { id: userPermission.userId }, context),
       } as unknown as PermissionDocument & { user: Promise<UserDocument> }),
     ),
   }
@@ -28,13 +28,13 @@ const publishPermissions = async (datasetId) => {
   // Create permissionsUpdated object with DatasetPermissions in Dataset
   // and resolve all promises before publishing
   const ds = { id: datasetId }
-  const { id, userPermissions } = await permissions(ds)
+  const { id, userPermissions } = await permissions(ds, null, null)
   const permissionsUpdated = {
     id,
     userPermissions: await Promise.all(
       userPermissions.map(async (userPermission) => ({
         ...userPermission,
-        user: await user(ds, { id: userPermission.userId }),
+        user: await user(ds, { id: userPermission.userId }, null),
       })),
     ),
   }

package/src/graphql/resolvers/user.ts

@@ -2,29 +2,137 @@
  * User resolvers
  */
 import User from "../../models/user"
+
 function isValidOrcid(orcid: string): boolean {
   return /^[0-9]{4}-[0-9]{4}-[0-9]{4}-[0-9]{3}[0-9X]$/.test(orcid || "")
 }
 
-export const user = (obj, { id }) => {
+export async function user(obj, { id }, { userInfo }) {
+  let user
   if (isValidOrcid(id)) {
-    return User.findOne({
+    user = await User.findOne({
       $or: [{ "provider": "orcid", "providerId": id }],
     }).exec()
   } else {
     // If it's not a valid ORCID, fall back to querying by user id
-    return User.findOne({ "id": id }).exec()
+    user = await User.findOne({ "id": id }).exec()
+  }
+  if (userInfo?.admin || user.id === userInfo?.id) {
+    return user.toObject()
+  } else {
+    const obj = user.toObject()
+    delete obj.email
+    return obj
   }
 }
 
-export const users = (obj, args, { userInfo }) => {
-  if (userInfo.admin) {
-    return User.find().exec()
-  } else {
+export interface UserInfo {
+  userId: string
+  admin: boolean
+  username?: string
+  provider?: string
+  providerId?: string
+  blocked?: boolean
+}
+
+export interface GraphQLContext {
+  userInfo: UserInfo | null
+}
+
+type MongoOperatorValue =
+  | string
+  | number
+  | boolean
+  | RegExp
+  | (string | number | boolean | RegExp)[]
+
+type MongoQueryOperator<T> = T | {
+  $ne?: T
+  $regex?: string
+  $options?: string
+  $gt?: T
+  $gte?: T
+  $lt?: T
+  $lte?: T
+  $in?: T[]
+}
+
+type MongoFilterValue =
+  | MongoOperatorValue
+  | MongoQueryOperator<MongoOperatorValue>
+
+interface MongoQueryCondition {
+  [key: string]: MongoFilterValue
+}
+export const users = async (
+  obj: unknown,
+  { isAdmin, isBlocked, search, limit = 100, offset = 0, orderBy }: {
+    isAdmin?: boolean
+    isBlocked?: boolean
+    search?: string
+    limit?: number
+    offset?: number
+    orderBy?: { field: string; order?: "ascending" | "descending" }[]
+  },
+  context: GraphQLContext,
+) => {
+  // --- check admin ---
+  if (!context.userInfo?.admin) {
     return Promise.reject(
       new Error("You must be a site admin to retrieve users"),
     )
   }
+
+  const filter: {
+    admin?: MongoQueryOperator<boolean>
+    blocked?: MongoQueryOperator<boolean>
+    migrated?: MongoQueryOperator<boolean>
+    $or?: MongoQueryCondition[]
+    name?: MongoQueryOperator<string | RegExp>
+    email?: MongoQueryOperator<string | RegExp>
+  } = {}
+
+  if (isAdmin !== undefined) filter.admin = isAdmin
+  if (isBlocked !== undefined) filter.blocked = isBlocked
+
+  filter.migrated = { $ne: true }
+
+  if (search) {
+    filter.$or = [
+      { name: { $regex: search, $options: "i" } },
+      { email: { $regex: search, $options: "i" } },
+    ]
+  }
+
+  let sort: Record<string, "asc" | "desc"> = {}
+  if (orderBy && orderBy.length > 0) {
+    orderBy.forEach((sortRule) => {
+      sort[sortRule.field] = sortRule.order
+        ? sortRule.order === "ascending" ? "asc" : "desc"
+        : "asc"
+    })
+
+    if (!sort._id) {
+      const primarySortOrder = sort[orderBy[0].field] || "asc"
+      sort._id = primarySortOrder
+    }
+  } else {
+    sort = { updatedAt: "desc", _id: "desc" }
+  }
+
+  const totalCount = await User.countDocuments(filter).exec()
+
+  let query = User.find(filter)
+  if (offset !== undefined) query = query.skip(offset)
+  if (limit !== undefined) query = query.limit(limit)
+  query = query.sort(sort)
+
+  const users = await query.exec()
+
+  return {
+    users: users,
+    totalCount: totalCount,
+  }
 }
 
 export const removeUser = (obj, { id }, { userInfo }) => {
@@ -89,7 +197,6 @@ const UserResolvers = {
   avatar: (obj) => obj.avatar,
   orcid: (obj) => obj.orcid,
   created: (obj) => obj.created,
-  modified: (obj) => obj.modified,
   lastSeen: (obj) => obj.lastSeen,
   email: (obj) => obj.email,
   name: (obj) => obj.name,
@@ -98,6 +205,7 @@ const UserResolvers = {
   location: (obj) => obj.location,
   institution: (obj) => obj.institution,
   links: (obj) => obj.links,
+  modified: (obj) => obj.updatedAt,
 }
 
 export default UserResolvers

package/src/graphql/schema.ts

@@ -26,6 +26,12 @@ export const typeDefs = `
     descending
   }
 
+  # Sorting order for users
+  input UserSortInput {
+    field: String!
+    order: SortOrdering = ascending 
+  }
+
   # Sorting order for datasets
   input DatasetSort {
     # Dataset created time
@@ -83,7 +89,14 @@ export const typeDefs = `
     # Get one user
     user(id: ID!): User
     # Get a list of users
-    users: [User]
+    users(
+      orderBy: [UserSortInput!]
+      isAdmin: Boolean
+      isBlocked: Boolean
+      search: String
+      limit: Int 
+      offset: Int 
+    ): UserList! 
     # Get the total number of dataset participants
     participantCount(modality: String): Int @cacheControl(maxAge: 3600, scope: PUBLIC)
     # Request one snapshot
@@ -335,6 +348,11 @@ export const typeDefs = `
     links: [String]
   }
 
+  type UserList {
+    users: [User!]!
+    totalCount: Int!
+  }
+
   # Which provider a user login comes from
   enum UserProvider {
     google

package/src/libs/authentication/orcid.ts

@@ -2,6 +2,7 @@ import passport from "passport"
 import { parsedJwtFromRequest } from "./jwt"
 import * as Sentry from "@sentry/node"
 import { userMigration } from "./user-migration"
+import User from "../../models/user"
 
 export const requestAuth = passport.authenticate("orcid", {
   session: false,
@@ -29,7 +30,7 @@ export function completeRequestLogin(req, res, next, user) {
 }
 
 export const authCallback = (req, res, next) =>
-  passport.authenticate("orcid", (err, user) => {
+  passport.authenticate("orcid", async (err, user) => {
     if (err) {
       Sentry.captureException(err)
       if (err.type) {
@@ -41,6 +42,19 @@ export const authCallback = (req, res, next) =>
     if (!user) {
       return res.redirect("/")
     }
+
+    try {
+      // adds new date for login/lastSeen
+      await User.findByIdAndUpdate(user._id, { lastSeen: new Date() })
+    } catch (error: unknown) {
+      if (error instanceof Error) {
+        Sentry.captureException(error)
+      } else {
+        Sentry.captureException(new Error(String(error)))
+      }
+      // Don't block the login flow
+    }
+
     // Google user
     const existingAuth = parsedJwtFromRequest(req)
     if (existingAuth) {

package/src/models/user.ts

@@ -30,6 +30,7 @@ export interface UserDocument extends Document {
   created: Date
   // Last time the user authenticated
   lastSeen: Date
+  // Location populated from User or Github
   location: string
   // Institution populated from ORCID
   institution: string
@@ -37,7 +38,11 @@ export interface UserDocument extends Document {
   github: string
   // User profile links
   links: string[]
+  // Added for Mongoose timestamps
+  updatedAt: Date
+  // Avatar populated from Github
   avatar: string
+  // githubSynced populated from Github OAuth use
   githubSynced: Date
 }
 
@@ -61,7 +66,7 @@ const userSchema = new Schema({
   github: { type: String, default: "" },
   githubSynced: { type: Date },
   links: { type: [String], default: [] },
-})
+}, { timestamps: { createdAt: false, updatedAt: true } })
 
 userSchema.index({ id: 1, provider: 1 }, { unique: true })
 // Allow case-insensitive email queries