Backend - Ajoute les utilisateurs et les droits supports et vérifiés

incubateur-ademe · Oct 1, 2024 · ee7563e · ee7563e
1 parent e356d7c
commit ee7563e
Show file tree

Hide file tree

Showing 9 changed files with 296 additions and 81 deletions.
diff --git a/backend/src/auth/guards/auth.guard.ts b/backend/src/auth/guards/auth.guard.ts
@@ -11,7 +11,7 @@ import { Request } from 'express';
 import BackendConfigurationService from '../../common/services/backend-configuration.service';
 import { getErrorMessage } from '../../common/services/errors.helper';
 import { PublicEndpoint } from '../decorators/public-endpoint.decorator';
-import { SupabaseJwtPayload } from '../models/auth.models';
+import { SupabaseJwtPayload } from '../models/supabase-jwt.models';
 
 @Injectable()
 export class AuthGuard implements CanActivate {

diff --git a/backend/src/auth/models/auth-users.table.ts b/backend/src/auth/models/auth-users.table.ts
@@ -0,0 +1,52 @@
+import { pgSchema } from 'drizzle-orm/pg-core';
+import { timestamp, uuid, varchar } from 'drizzle-orm/pg-core/index';
+
+export const authSchemaDB = pgSchema('auth');
+
+export const authUsersTable = authSchemaDB.table('users', {
+  id: uuid('user_id').primaryKey().notNull(),
+  email: varchar('email', { length: 255 }),
+  createdAt: timestamp('created_at', { withTimezone: true, mode: 'string' }),
+  lastSignInAt: timestamp('last_sign_in_at', {
+    withTimezone: true,
+    mode: 'string',
+  }),
+
+  /*
+  TODO
+  instance_id                 uuid,
+  aud                         varchar(255),
+  role                        varchar(255),
+  encrypted_password          varchar(255),
+  email_confirmed_at          timestamp with time zone,
+  invited_at                  timestamp with time zone,
+  confirmation_token          varchar(255),
+  confirmation_sent_at        timestamp with time zone,
+  recovery_token              varchar(255),
+  recovery_sent_at            timestamp with time zone,
+  email_change_token_new      varchar(255),
+  email_change                varchar(255),
+  email_change_sent_at        timestamp with time zone,
+  raw_app_meta_data           jsonb,
+  raw_user_meta_data          jsonb,
+  is_super_admin              boolean,
+  updated_at                  timestamp with time zone,
+  phone                       text         default NULL::character varying
+unique,
+  phone_confirmed_at          timestamp with time zone,
+  phone_change                text         default ''::character varying,
+  phone_change_token          varchar(255) default ''::character varying,
+  phone_change_sent_at        timestamp with time zone,
+  confirmed_at                timestamp with time zone generated always as (LEAST(email_confirmed_at, phone_confirmed_at)) stored,
+  email_change_token_current  varchar(255) default ''::character varying,
+  email_change_confirm_status smallint     default 0
+constraint users_email_change_confirm_status_check
+check ((email_change_confirm_status >= 0) AND (email_change_confirm_status <= 2)),
+banned_until                timestamp with time zone,
+  reauthentication_token      varchar(255) default ''::character varying,
+  reauthentication_sent_at    timestamp with time zone,
+  is_sso_user                 boolean      default false not null,
+  deleted_at                  timestamp with time zone,
+  is_anonymous                boolean      default false not null
+   */
+});
diff --git a/backend/src/auth/models/dcp.table.ts b/backend/src/auth/models/dcp.table.ts
@@ -0,0 +1,22 @@
+import { boolean, pgTable, uuid, varchar } from 'drizzle-orm/pg-core/index';
+import { text, timestamp } from 'drizzle-orm/pg-core';
+
+export const dcpTable = pgTable('dcp', {
+  userId: uuid('user_id').primaryKey().notNull(), // TODO .references(() => users.id),
+  nom: text('nom').notNull(),
+  prenom: text('prenom').notNull(),
+  email: text('email').notNull(),
+  limited: boolean('limited').default(false).notNull(),
+  deleted: boolean('deleted').default(false).notNull(),
+  createdAt: timestamp('created_at', { withTimezone: true, mode: 'string' })
+    .defaultNow()
+    .notNull(),
+  modifiedAt: timestamp('modified_at', { withTimezone: true, mode: 'string' })
+    .defaultNow()
+    .notNull(),
+  telephone: varchar('telephone', { length: 30 }),
+  cguAccepteesLe: timestamp('cgu_acceptees_le', {
+    withTimezone: true,
+    mode: 'string',
+  }),
+});
diff --git a/backend/src/auth/models/auth.models.ts → ...models/private-utilisateur-droit.table.ts b/backend/src/auth/models/auth.models.ts → ...models/private-utilisateur-droit.table.ts
@@ -8,8 +8,8 @@ import {
   timestamp,
   uuid,
 } from 'drizzle-orm/pg-core';
+import { collectiviteTable } from '../../collectivites/models/collectivite.table';
 import { default as jwt } from 'jsonwebtoken';
-import { collectiviteTable } from '../../collectivites/models/collectivite.models';
 
 export enum NiveauAcces {
   LECTURE = 'lecture',
@@ -26,43 +26,25 @@ export const niveauAccessEnum = pgEnum('niveau_acces', niveauAccessOrdonne);
 
 export const utilisateurDroitTable = pgTable('private_utilisateur_droit', {
   id: serial('id').primaryKey(),
-  user_id: uuid('user_id').notNull(), // TODO: reference user table
-  collectivite_id: integer('collectivite_id')
+  userId: uuid('user_id').notNull(), // TODO: reference user table
+  collectiviteId: integer('collectivite_id')
     .notNull()
     .references(() => collectiviteTable.id),
-  created_at: timestamp('created_at', { withTimezone: true })
+  createdAt: timestamp('created_at', { withTimezone: true })
     .default(sql.raw(`CURRENT_TIMESTAMP`))
     .notNull(),
-  modified_at: timestamp('modified_at', { withTimezone: true }).default(
-    sql.raw(`CURRENT_TIMESTAMP`)
+  modifiedAt: timestamp('modified_at', { withTimezone: true }).default(
+    sql.raw(`CURRENT_TIMESTAMP`),
   ),
   active: boolean('active').notNull(),
-  niveau_acces: niveauAccessEnum('niveau_acces')
+  niveauAcces: niveauAccessEnum('niveau_acces')
     .notNull()
     .default(NiveauAcces.LECTURE),
-  invitation_id: uuid('invitation_id'), // TODO: reference invitation table
+  invitationId: uuid('invitation_id'), // TODO: reference invitation table
 });
 export type UtilisateurDroitType = InferSelectModel<
   typeof utilisateurDroitTable
 >;
 export type CreateUtilisateurDroitType = InferInsertModel<
   typeof utilisateurDroitTable
 >;
-
-export enum SupabaseRole {
-  AUTHENTICATED = 'authenticated',
-  SERVICE_ROLE = 'service_role',
-  ANON = 'anon', // Anonymous
-}
-
-export interface SupabaseJwtPayload extends jwt.JwtPayload {
-  email?: string;
-  phone?: string;
-  app_metadata?: {
-    provider: string;
-    providers: string[];
-  };
-  session_id: string;
-  role: SupabaseRole;
-  is_anonymous: boolean;
-}
diff --git a/backend/src/auth/models/supabase-jwt.models.ts b/backend/src/auth/models/supabase-jwt.models.ts
@@ -0,0 +1,18 @@
+import * as jwt from 'jsonwebtoken';
+
+export enum SupabaseRole {
+  AUTHENTICATED = 'authenticated',
+  SERVICE_ROLE = 'service_role',
+  ANON = 'anon', // Anonymous
+}
+export interface SupabaseJwtPayload extends jwt.JwtPayload {
+  email?: string;
+  phone?: string;
+  app_metadata?: {
+    provider: string;
+    providers: string[];
+  };
+  session_id: string;
+  role: SupabaseRole;
+  is_anonymous: boolean;
+}
diff --git a/backend/src/auth/models/utilisateur-support.table.ts b/backend/src/auth/models/utilisateur-support.table.ts
@@ -0,0 +1,10 @@
+import { boolean, pgTable, uuid } from 'drizzle-orm/pg-core/index';
+import { dcpTable } from './dcp.table';
+
+export const utilisateurSupportTable = pgTable('utilisateur_support', {
+  userId: uuid('user_id')
+    .primaryKey()
+    .notNull()
+    .references(() => dcpTable.userId, { onDelete: 'cascade' }),
+  support: boolean('support').default(false).notNull(),
+});
diff --git a/backend/src/auth/models/utilisateur-verifie.table.ts b/backend/src/auth/models/utilisateur-verifie.table.ts
@@ -0,0 +1,10 @@
+import { boolean, pgTable, uuid } from 'drizzle-orm/pg-core/index';
+import { dcpTable } from './dcp.table';
+
+export const utilisateurVerifieTable = pgTable('utilisateur_verifie', {
+  userId: uuid('user_id')
+    .primaryKey()
+    .notNull()
+    .references(() => dcpTable.userId, { onDelete: 'cascade' }),
+  verifie: boolean('verifie').default(false).notNull(),
+});
diff --git a/backend/src/auth/services/auth.service.spec.ts b/backend/src/auth/services/auth.service.spec.ts
@@ -2,10 +2,10 @@ import { Test } from '@nestjs/testing';
 import DatabaseService from '../../common/services/database.service';
 import {
   NiveauAcces,
-  SupabaseRole,
   UtilisateurDroitType,
-} from '../models/auth.models';
+} from '../models/private-utilisateur-droit.table';
 import { AuthService } from './auth.service';
+import { SupabaseRole } from '../models/supabase-jwt.models';
 
 describe('AuthService', () => {
   let authService: AuthService;
@@ -62,23 +62,23 @@ describe('AuthService', () => {
       const droits: UtilisateurDroitType[] = [
         {
           id: 1,
-          user_id: '1',
-          collectivite_id: 1,
-          niveau_acces: NiveauAcces.EDITION,
+          userId: '1',
+          collectiviteId: 1,
+          niveauAcces: NiveauAcces.EDITION,
           active: true,
-          created_at: new Date(),
-          modified_at: null,
-          invitation_id: null,
+          createdAt: new Date(),
+          modifiedAt: null,
+          invitationId: null,
         },
         {
           id: 1,
-          user_id: '1',
-          collectivite_id: 2,
-          niveau_acces: NiveauAcces.ADMIN,
+          userId: '1',
+          collectiviteId: 2,
+          niveauAcces: NiveauAcces.ADMIN,
           active: true,
-          created_at: new Date(),
-          modified_at: null,
-          invitation_id: null,
+          createdAt: new Date(),
+          modifiedAt: null,
+          invitationId: null,
         },
       ];
 
@@ -96,23 +96,23 @@ describe('AuthService', () => {
       const droits: UtilisateurDroitType[] = [
         {
           id: 1,
-          user_id: '1',
-          collectivite_id: 1,
-          niveau_acces: NiveauAcces.EDITION,
+          userId: '1',
+          collectiviteId: 1,
+          niveauAcces: NiveauAcces.EDITION,
           active: true,
-          created_at: new Date(),
-          modified_at: null,
-          invitation_id: null,
+          createdAt: new Date(),
+          modifiedAt: null,
+          invitationId: null,
         },
         {
           id: 1,
-          user_id: '1',
-          collectivite_id: 2,
-          niveau_acces: NiveauAcces.ADMIN,
+          userId: '1',
+          collectiviteId: 2,
+          niveauAcces: NiveauAcces.ADMIN,
           active: false,
-          created_at: new Date(),
-          modified_at: null,
-          invitation_id: null,
+          createdAt: new Date(),
+          modifiedAt: null,
+          invitationId: null,
         },
       ];
 
@@ -130,23 +130,23 @@ describe('AuthService', () => {
       const droits: UtilisateurDroitType[] = [
         {
           id: 1,
-          user_id: '1',
-          collectivite_id: 1,
-          niveau_acces: NiveauAcces.LECTURE,
+          userId: '1',
+          collectiviteId: 1,
+          niveauAcces: NiveauAcces.LECTURE,
           active: true,
-          created_at: new Date(),
-          modified_at: null,
-          invitation_id: null,
+          createdAt: new Date(),
+          modifiedAt: null,
+          invitationId: null,
         },
         {
           id: 1,
-          user_id: '1',
-          collectivite_id: 2,
-          niveau_acces: NiveauAcces.ADMIN,
+          userId: '1',
+          collectiviteId: 2,
+          niveauAcces: NiveauAcces.ADMIN,
           active: true,
-          created_at: new Date(),
-          modified_at: null,
-          invitation_id: null,
+          createdAt: new Date(),
+          modifiedAt: null,
+          invitationId: null,
         },
       ];
 
@@ -164,13 +164,13 @@ describe('AuthService', () => {
       const droits: UtilisateurDroitType[] = [
         {
           id: 1,
-          user_id: '1',
-          collectivite_id: 2,
-          niveau_acces: NiveauAcces.EDITION,
+          userId: '1',
+          collectiviteId: 2,
+          niveauAcces: NiveauAcces.EDITION,
           active: true,
-          created_at: new Date(),
-          modified_at: null,
-          invitation_id: null,
+          createdAt: new Date(),
+          modifiedAt: null,
+          invitationId: null,
         },
       ];