hazo_auth 1.4.2 → 1.6.0

package/src/app/api/hazo_auth/user_management/roles/route.ts

@@ -1,442 +0,0 @@
-// file_description: API route for roles management operations (list roles with permissions, create role, update role permissions)
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { get_hazo_connect_instance } from "../../../../../lib/hazo_connect_instance.server";
-import { createCrudService, getSqliteAdminService } from "hazo_connect/server";
-import { create_app_logger } from "../../../../../lib/app_logger";
-import { get_filename, get_line_number } from "../../../../../lib/utils/api_route_helpers";
-import { get_auth_cache } from "../../../../../lib/auth/auth_cache";
-import { get_auth_utility_config } from "../../../../../lib/auth_utility_config.server";
-
-// section: route_config
-export const dynamic = 'force-dynamic';
-
-// section: api_handler
-/**
- * GET - Fetch all roles with their permissions
- */
-export async function GET(request: NextRequest) {
-  const logger = create_app_logger();
-
-  try {
-    const hazoConnect = get_hazo_connect_instance();
-    const roles_service = createCrudService(hazoConnect, "hazo_roles");
-    const permissions_service = createCrudService(hazoConnect, "hazo_permissions");
-    const role_permissions_service = createCrudService(hazoConnect, "hazo_role_permissions");
-
-    // Fetch all roles (empty object means no filter - get all records)
-    const roles = await roles_service.findBy({});
-    const permissions = await permissions_service.findBy({});
-    const role_permissions = await role_permissions_service.findBy({});
-
-    if (!Array.isArray(roles) || !Array.isArray(permissions) || !Array.isArray(role_permissions)) {
-      return NextResponse.json(
-        { error: "Failed to fetch roles data" },
-        { status: 500 }
-      );
-    }
-
-    // Build role-permission mapping
-    const role_permission_map: Record<number, number[]> = {};
-    role_permissions.forEach((rp) => {
-      const role_id = rp.role_id as number;
-      const permission_id = rp.permission_id as number;
-      if (!role_permission_map[role_id]) {
-        role_permission_map[role_id] = [];
-      }
-      role_permission_map[role_id].push(permission_id);
-    });
-
-    // Build permission name map
-    const permission_name_map: Record<number, string> = {};
-    permissions.forEach((perm) => {
-      permission_name_map[perm.id as number] = perm.permission_name as string;
-    });
-
-    // Format response
-    const roles_with_permissions = roles.map((role) => {
-      const role_id = role.id as number;
-      const permission_ids = role_permission_map[role_id] || [];
-      const permission_names = permission_ids.map((pid) => permission_name_map[pid]).filter(Boolean);
-
-      return {
-        role_id: role.id,
-        role_name: role.role_name,
-        permissions: permission_names,
-      };
-    });
-
-    logger.info("user_management_roles_fetched", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      role_count: roles.length,
-      permission_count: permissions.length,
-    });
-
-    return NextResponse.json(
-      {
-        success: true,
-        roles: roles_with_permissions,
-        permissions: permissions.map((p) => ({
-          id: p.id,
-          permission_name: p.permission_name,
-        })),
-      },
-      { status: 200 }
-    );
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-
-    logger.error("user_management_roles_fetch_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-
-    return NextResponse.json(
-      { error: "Failed to fetch roles" },
-      { status: 500 }
-    );
-  }
-}
-
-/**
- * POST - Create new role
- */
-export async function POST(request: NextRequest) {
-  const logger = create_app_logger();
-
-  try {
-    const body = await request.json();
-    const { role_name } = body;
-
-    if (!role_name || typeof role_name !== "string" || role_name.trim().length === 0) {
-      return NextResponse.json(
-        { error: "role_name is required and must be a non-empty string" },
-        { status: 400 }
-      );
-    }
-
-    const hazoConnect = get_hazo_connect_instance();
-    const roles_service = createCrudService(hazoConnect, "hazo_roles");
-
-    // Check if role already exists
-    const existing_roles = await roles_service.findBy({
-      role_name: role_name.trim(),
-    });
-
-    if (Array.isArray(existing_roles) && existing_roles.length > 0) {
-      return NextResponse.json(
-        { error: "Role with this name already exists" },
-        { status: 409 }
-      );
-    }
-
-    // Create new role
-    const now = new Date().toISOString();
-    const new_role_result = await roles_service.insert({
-      role_name: role_name.trim(),
-      created_at: now,
-      changed_at: now,
-    });
-
-    // insert() returns an array, get the first element
-    if (!Array.isArray(new_role_result) || new_role_result.length === 0) {
-      return NextResponse.json(
-        { error: "Failed to create role - no record returned" },
-        { status: 500 }
-      );
-    }
-
-    const new_role = new_role_result[0] as { id: number; role_name: string };
-
-    logger.info("user_management_role_created", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      role_id: new_role.id,
-      role_name: role_name.trim(),
-    });
-
-    return NextResponse.json(
-      {
-        success: true,
-        role: {
-          role_id: new_role.id,
-          role_name: role_name.trim(),
-        },
-      },
-      { status: 201 }
-    );
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-
-    logger.error("user_management_role_create_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-
-    return NextResponse.json(
-      { error: "Failed to create role" },
-      { status: 500 }
-    );
-  }
-}
-
-/**
- * PUT - Update role permissions (save role-permission matrix)
- */
-export async function PUT(request: NextRequest) {
-  const logger = create_app_logger();
-
-  try {
-    const body = await request.json();
-    const { roles } = body;
-
-    if (!Array.isArray(roles)) {
-      return NextResponse.json(
-        { error: "roles array is required" },
-        { status: 400 }
-      );
-    }
-
-    const hazoConnect = get_hazo_connect_instance();
-    const roles_service = createCrudService(hazoConnect, "hazo_roles");
-    const permissions_service = createCrudService(hazoConnect, "hazo_permissions");
-    const role_permissions_service = createCrudService(hazoConnect, "hazo_role_permissions");
-
-    // Get all permissions to build name-to-id map (empty object means no filter - get all records)
-    const all_permissions = await permissions_service.findBy({});
-    if (!Array.isArray(all_permissions)) {
-      return NextResponse.json(
-        { error: "Failed to fetch permissions" },
-        { status: 500 }
-      );
-    }
-
-    const permission_name_to_id: Record<string, number> = {};
-    all_permissions.forEach((perm) => {
-      permission_name_to_id[perm.permission_name as string] = perm.id as number;
-    });
-
-    const now = new Date().toISOString();
-    const modified_role_ids: number[] = []; // Track all role IDs that were modified
-
-    // Process each role
-    for (const role_data of roles) {
-      const { role_id, role_name, permissions } = role_data;
-
-      if (!role_name || !Array.isArray(permissions)) {
-        continue; // Skip invalid entries
-      }
-
-      let current_role_id: number | undefined;
-
-      if (role_id) {
-        // Update existing role
-        current_role_id = role_id;
-        await roles_service.updateById(role_id, {
-          role_name: role_name.trim(),
-          changed_at: now,
-        });
-      } else {
-        // Create new role
-        const existing_roles = await roles_service.findBy({
-          role_name: role_name.trim(),
-        });
-
-        if (Array.isArray(existing_roles) && existing_roles.length > 0) {
-          current_role_id = existing_roles[0].id as number;
-        } else {
-          const new_role = await roles_service.insert({
-            role_name: role_name.trim(),
-            created_at: now,
-            changed_at: now,
-          });
-          
-          // Handle both single object and array responses from insert
-          if (Array.isArray(new_role) && new_role.length > 0) {
-            current_role_id = (new_role[0] as { id: number }).id;
-          } else if (!Array.isArray(new_role) && (new_role as { id?: number }).id !== undefined) {
-            current_role_id = (new_role as { id: number }).id;
-          } else {
-            // If insert didn't return an id, try to find the role by name
-            const inserted_roles = await roles_service.findBy({
-              role_name: role_name.trim(),
-            });
-            if (Array.isArray(inserted_roles) && inserted_roles.length > 0) {
-              current_role_id = inserted_roles[0].id as number;
-            }
-          }
-        }
-      }
-
-      // Skip if we couldn't determine the role ID
-      if (!current_role_id) {
-        logger.warn("user_management_role_id_not_found", {
-          filename: get_filename(),
-          line_number: get_line_number(),
-          role_name: role_name.trim(),
-          role_id,
-        });
-        continue;
-      }
-
-      // Track this role ID for cache invalidation
-      modified_role_ids.push(current_role_id);
-
-      // Get current role-permission mappings
-      const current_mappings = await role_permissions_service.findBy({
-        role_id: current_role_id,
-      });
-
-      const current_permission_ids = Array.isArray(current_mappings)
-        ? current_mappings.map((m) => m.permission_id as number)
-        : [];
-
-      // Get target permission IDs
-      const target_permission_ids = permissions
-        .map((perm_name: string) => permission_name_to_id[perm_name])
-        .filter((id: number | undefined) => id !== undefined);
-
-      // Delete removed permissions
-      // Note: hazo_role_permissions is a junction table without an id column
-      // We need to use SQLite admin service to delete by composite key (role_id, permission_id)
-      const to_delete = current_permission_ids.filter(
-        (id) => !target_permission_ids.includes(id)
-      );
-      
-      if (to_delete.length > 0) {
-        try {
-          const admin_service = getSqliteAdminService();
-          
-          for (const perm_id of to_delete) {
-            // Delete using SQLite admin service with criteria (role_id and permission_id)
-            await admin_service.deleteRows("hazo_role_permissions", {
-              role_id: current_role_id,
-              permission_id: perm_id,
-            });
-          }
-        } catch (adminError) {
-          // Fallback: try using createCrudService deleteById if rowid exists
-          // SQLite tables have a hidden rowid column that can be used
-          const error_message = adminError instanceof Error ? adminError.message : "Unknown error";
-          logger.warn("user_management_role_permission_delete_admin_failed", {
-            filename: get_filename(),
-            line_number: get_line_number(),
-            error: error_message,
-            note: "Trying fallback method",
-          });
-          
-          // Fallback: try to find and delete using rowid if available
-          for (const perm_id of to_delete) {
-            const mappings_to_delete = await role_permissions_service.findBy({
-              role_id: current_role_id,
-              permission_id: perm_id,
-            });
-            
-            if (Array.isArray(mappings_to_delete) && mappings_to_delete.length > 0) {
-              for (const mapping of mappings_to_delete) {
-                // Try deleteById with rowid (SQLite has hidden rowid)
-                try {
-                  // Check if mapping has an id field (could be rowid)
-                  if ((mapping as { id?: number; rowid?: number }).id !== undefined) {
-                    await role_permissions_service.deleteById((mapping as { id: number }).id);
-                  } else if ((mapping as { rowid?: number }).rowid !== undefined) {
-                    await role_permissions_service.deleteById((mapping as { rowid: number }).rowid);
-                  } else {
-                    // Last resort: log error
-                    logger.error("user_management_role_permission_delete_no_id", {
-                      filename: get_filename(),
-                      line_number: get_line_number(),
-                      role_id: current_role_id,
-                      permission_id: perm_id,
-                      mapping,
-                    });
-                  }
-                } catch (deleteError) {
-                  const delete_error_message = deleteError instanceof Error ? deleteError.message : "Unknown error";
-                  logger.error("user_management_role_permission_delete_failed", {
-                    filename: get_filename(),
-                    line_number: get_line_number(),
-                    role_id: current_role_id,
-                    permission_id: perm_id,
-                    error: delete_error_message,
-                  });
-                }
-              }
-            }
-          }
-        }
-      }
-
-      // Add new permissions
-      const to_add = target_permission_ids.filter(
-        (id) => !current_permission_ids.includes(id)
-      );
-      for (const perm_id of to_add) {
-        await role_permissions_service.insert({
-          role_id: current_role_id,
-          permission_id: perm_id,
-          created_at: now,
-          changed_at: now,
-        });
-      }
-    }
-
-    // Invalidate cache for all affected roles
-    try {
-      const config = get_auth_utility_config();
-      const cache = get_auth_cache(
-        config.cache_max_users,
-        config.cache_ttl_minutes,
-        config.cache_max_age_minutes,
-      );
-
-      // Invalidate by all role IDs that were modified (including newly created ones)
-      if (modified_role_ids.length > 0) {
-        cache.invalidate_by_roles(modified_role_ids);
-      }
-    } catch (cache_error) {
-      // Log but don't fail role update if cache invalidation fails
-      const cache_error_message =
-        cache_error instanceof Error ? cache_error.message : "Unknown error";
-      logger.warn("user_management_roles_cache_invalidation_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        error: cache_error_message,
-      });
-    }
-
-    logger.info("user_management_roles_updated", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      role_count: roles.length,
-    });
-
-    return NextResponse.json(
-      { success: true },
-      { status: 200 }
-    );
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-
-    logger.error("user_management_roles_update_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-
-    return NextResponse.json(
-      { error: "Failed to update roles" },
-      { status: 500 }
-    );
-  }
-}
-