mirror of
https://github.com/stack-auth/stack.git
synced 2026-06-27 21:01:03 +08:00
38ae913fc9
Some checks failed
all-good: Did all the other checks pass? / all-good (push) Has been cancelled
Ensure Prisma migrations are in sync with the schema / check_prisma_migrations (22.x) (push) Has been cancelled
DB migration compat / Check if migrations changed (push) Has been cancelled
Docker Server Build and Push / Docker Build and Push Server (push) Has been cancelled
Docker Server Build and Run / docker (push) Has been cancelled
Runs E2E API Tests (Local Emulator) / E2E Tests (Local Emulator, Node ${{ matrix.node-version }}) (22.x) (push) Has been cancelled
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (mock, 22.x) (push) Has been cancelled
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (prod, 22.x) (push) Has been cancelled
Runs E2E API Tests with custom port prefix / build (22.x) (push) Has been cancelled
Runs E2E Fallback Tests / E2E Fallback Tests (Node ${{ matrix.node-version }}) (22.x) (push) Has been cancelled
Lint & build / lint_and_build (24) (push) Has been cancelled
TOC Generator / TOC Generator (push) Has been cancelled
DB migration compat / Back-compat — Current branch migrations with ${{ needs.check-migrations-changed.outputs.base_branch }} branch code (push) Has been cancelled
DB migration compat / Forward-compat — Current branch code with ${{ needs.check-migrations-changed.outputs.base_branch }} branch migrations (push) Has been cancelled
DB migration compat / No migration changes (skipped) (push) Has been cancelled
## Summary
Completes the env-var side of the Hexclave rebrand: every
`STACK_*`-prefixed variable (including `NEXT_PUBLIC_STACK_*` and
`VITE_STACK_*`) is renamed to `HEXCLAVE_*` across all checked-in `.env`,
`.env.development`, and `.env.example` files (30 files, ~135 keys).
Legacy `STACK_*` names keep working everywhere via dual-read, so
**existing deployments, `.env.local` files, and self-hosted setups need
no immediate migration**.
## How legacy names keep working
- **Server code** already resolves `HEXCLAVE_*` first with `STACK_*`
fallback via `getEnvVariable`. Direct `process.env.STACK_X` readers fed
by the renamed files (prisma seed, e2e tests/helpers, internal-tool
scripts, examples, `prisma.config.ts`) now read `HEXCLAVE_X || STACK_X`.
- **Client code** (Next.js build-time inlining) uses literal dual-read
expressions; the dashboard's `_inlineEnvVars` already had them.
- **Docker/self-hosting**: `docker/server/entrypoint.sh` (shared by the
server and local-emulator images) gets a generic two-way
`HEXCLAVE_`↔`STACK_` env mirror — runs at startup and again before
sentinel replacement — replacing the previous URL-trio-only mirror.
Operators can use either prefix.
## The empty-placeholder trap (`||` vs `??`)
The checked-in templates define empty placeholders (`HEXCLAVE_X=#
comment` parses to `""` via dotenv). With `?? `-based fallbacks, that
empty string would silently shadow a real value under the legacy name —
including legacy vars set in Vercel/CI env at build time, since the
tracked `.env` is present during builds. All fallback chains therefore
treat empty-as-unset (`||`):
- `getEnvVariable` and `getProcessEnv` in `packages/shared`
- the dashboard/docs/example literal dual-reads
- the generated SDK env getters (via
`packages/template/scripts/generate-env.ts`; the generated
`src/generated/env.ts` files are gitignored and regenerate at build)
## Other notable changes
- Tests that override env now set the canonical `HEXCLAVE_*` name (it
wins over `STACK_*`): e2e `cross-domain-auth`, backend
`internal-feedback-emails` in-source test.
- e2e `helpers.ts` port-prefix expansion loop also matches the
`HEXCLAVE_` prefixes.
- `docker/local-emulator/generate-env-development.mjs` reads source keys
canonically (legacy fallback) and emits canonical keys; regenerated
output matches.
- `rotate-secrets.sh` falls back to
`HEXCLAVE_DATABASE_CONNECTION_STRING`.
- Docs code snippets (`docs/code-examples`) renamed outright to
canonical names, consistent with #1571.
- OAuth callback `console.warn` in `packages/template/src/lib/auth.ts`
now says Hexclave.
## Migration note for the team
Local `.env.local` files with legacy `STACK_*` overrides keep working
**unless** the override targets a var that `.env.development` now sets
to a real (non-empty) `HEXCLAVE_*` value — the canonical name wins over
file precedence. Rename those keys in your `.env.local` once.
## Verification
- `typecheck` + `lint` pass on every touched package (shared, backend,
dashboard, e2e, internal-tool, cli, docs, template). Pre-existing
failures on dev (`admin-app-impl.ts` typecheck, dashboard metrics-page
errors) are unchanged (identical error counts with/without this change).
- `getEnvVariable`/`getProcessEnv` fallback semantics smoke-tested
directly (empty-HEXCLAVE → legacy fallback, HEXCLAVE wins when set,
defaults intact).
- `internal-feedback-emails` in-source vitest passes; emulator env
generator `--check` passes; `bash -n` on touched shell scripts.
- Two independent review agents audited the diff for correctness bugs
and coverage gaps; all confirmed findings are fixed in the third commit.
<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Renamed all `STACK_*` env vars (including
`NEXT_PUBLIC_STACK_*`/`VITE_STACK_*`) to `HEXCLAVE_*` across env
templates and code, with dual‑read that treats empty as unset, detects
conflicts, ignores post‑build sentinels, and falls back to legacy names.
All GitHub Actions now use `HEXCLAVE_*`; local‑emulator e2e is fixed by
setting `NEXT_PUBLIC_HEXCLAVE_IS_LOCAL_EMULATOR` in CI.
- **Refactors**
- Added conflict‑aware dual‑read helpers (prefer `HEXCLAVE_*`,
empty‑as‑unset, ignore post‑build sentinels, preserve empty passthrough)
and used them across `packages/shared` (resolver + tests),
`apps/dashboard` inline/public envs (with tests), `apps/backend` Prisma
config/seed and vitest (accept both prefixes), `packages/cli`
(API/Dashboard URLs, project ID, `HEXCLAVE_EMULATOR_HOME`; tests),
Docker (`entrypoint.sh` mirroring + `rotate-secrets.sh` DB URL),
docs/components (`docs/src/lib/env.ts`), and examples; hosted/Vite apps
now error if both spellings differ.
- Port‑prefix expansion includes `HEXCLAVE_*`; backend tests use a new
helper to resolve DB connection strings; Prisma prefers
`HEXCLAVE_DATABASE_CONNECTION_STRING` with legacy fallback.
- Generated SDK env getters use plain `HEXCLAVE_*` || `STACK_*` (no
conflict throw); dashboard inline resolver preserves empty/sentinel
passthrough to avoid build failures; docs/examples include dual‑read
utilities.
- Tests now stub canonical `HEXCLAVE_*` flags (e.g., plan limits, bot
challenge, OAuth tokens, hosted handler) to avoid shadowing/conflict
with committed defaults.
- **Migration**
- No immediate action; legacy `STACK_*` names still work.
- If both names are set with different values, builds/scripts error. Set
only `HEXCLAVE_*` or make both equal.
- SDK consumers won’t see conflict throws; update env names to
`HEXCLAVE_*` over time.
<sup>Written for commit 7539fb9fbf.
Summary will update on new commits.</sup>
<a
href="https://cubic.dev/pr/hexclave/hexclave/pull/1588?utm_source=github"
target="_blank" rel="noopener noreferrer"
data-no-image-dialog="true"><picture><source
media="(prefers-color-scheme: dark)"
srcset="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"><source
media="(prefers-color-scheme: light)"
srcset="https://www.cubic.dev/buttons/review-in-cubic-light.svg"><img
alt="Review in cubic"
src="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"></picture></a>
<!-- End of auto-generated description by cubic. -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Migrated environment variable names from the legacy `STACK_*` prefix
to the new `HEXCLAVE_*` prefix across backend, dashboard, tooling,
Docker, and examples.
* Updated environment/config resolution to prefer `HEXCLAVE_*`, treat
empty strings as unset, and detect conflicts when both `STACK_*` and
`HEXCLAVE_*` are set to different values.
* Updated local emulator, server startup, and env-generation workflows
to use the new names (with legacy fallback where applicable).
* **Documentation**
* Updated docs and code examples to reference `HEXCLAVE_*` variables.
* **Tests**
* Refreshed unit and e2e coverage to validate dual-read behavior,
conflict detection, and empty-value handling.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
316 lines
13 KiB
TypeScript
316 lines
13 KiB
TypeScript
import { usersCrudHandlers } from "@/app/api/latest/users/crud";
|
|
import { getPrismaClientForTenancy, getPrismaSchemaForTenancy, sqlQuoteIdent } from "@/prisma-client";
|
|
import { KnownErrors } from "@hexclave/shared";
|
|
import { UsersCrud } from "@hexclave/shared/dist/interface/crud/users";
|
|
import { isValidCountryCode, normalizeCountryCode } from "@hexclave/shared/dist/schema-fields";
|
|
import { SignUpAuthMethod } from "@hexclave/shared/dist/utils/auth-methods";
|
|
import { getEnvBoolean, getNodeEnvironment } from "@hexclave/shared/dist/utils/env";
|
|
import { captureError } from "@hexclave/shared/dist/utils/errors";
|
|
import { KeyIntersect } from "@hexclave/shared/dist/utils/types";
|
|
import { createSignUpRuleContext } from "./cel-evaluator";
|
|
import { BestEffortEndUserRequestContext, getBestEffortEndUserRequestContext } from "./end-users";
|
|
import { calculateSignUpRiskAssessment } from "./risk-scores";
|
|
import { evaluateSignUpRules } from "./sign-up-rules";
|
|
import { Tenancy } from "./tenancies";
|
|
import { SignUpTurnstileAssessment } from "./turnstile";
|
|
|
|
/**
|
|
* Options for sign-up rule evaluation context.
|
|
*/
|
|
export type SignUpRuleOptions = {
|
|
authMethod: SignUpAuthMethod,
|
|
oauthProvider: string | null,
|
|
ipAddress: string | null,
|
|
ipTrusted: boolean | null,
|
|
countryCode: string | null,
|
|
requestContext?: BestEffortEndUserRequestContext | null,
|
|
turnstileAssessment: SignUpTurnstileAssessment,
|
|
};
|
|
|
|
function shouldAllowSignUpAfterVisibleBotChallengeFailure(): boolean {
|
|
return getEnvBoolean("STACK_ALLOW_SIGN_UP_ON_VISIBLE_BOT_CHALLENGE_FAILURE");
|
|
}
|
|
|
|
function isVisibleBotChallengeFailure(assessment: SignUpTurnstileAssessment): boolean {
|
|
return assessment.visibleChallengeResult != null && assessment.visibleChallengeResult !== "ok";
|
|
}
|
|
|
|
function assertVisibleBotChallengePassedForSignUp(assessment: SignUpTurnstileAssessment) {
|
|
if (isVisibleBotChallengeFailure(assessment) && !shouldAllowSignUpAfterVisibleBotChallengeFailure()) {
|
|
throw new KnownErrors.BotChallengeFailed("Visible bot challenge could not be completed");
|
|
}
|
|
}
|
|
|
|
async function persistSignUpHeuristicFacts(params: {
|
|
tenancy: Tenancy,
|
|
userId: string,
|
|
signedUpAt: Date,
|
|
signUpIp: string | null,
|
|
signUpIpTrusted: boolean | null,
|
|
signUpEmailNormalized: string | null,
|
|
signUpEmailBase: string | null,
|
|
}) {
|
|
const prisma = await getPrismaClientForTenancy(params.tenancy);
|
|
const schema = await getPrismaSchemaForTenancy(params.tenancy);
|
|
await prisma.$executeRaw`
|
|
UPDATE ${sqlQuoteIdent(schema)}."ProjectUser"
|
|
SET
|
|
"signedUpAt" = ${params.signedUpAt},
|
|
"signUpIp" = ${params.signUpIp},
|
|
"signUpIpTrusted" = ${params.signUpIpTrusted},
|
|
"signUpEmailNormalized" = ${params.signUpEmailNormalized},
|
|
"signUpEmailBase" = ${params.signUpEmailBase},
|
|
"shouldUpdateSequenceId" = true
|
|
WHERE "tenancyId" = ${params.tenancy.id}::UUID
|
|
AND "projectUserId" = ${params.userId}::UUID
|
|
`;
|
|
}
|
|
|
|
export function getDerivedSignUpCountryCode(requestCountryCode: string | null, email: string | null): string | null {
|
|
// In testing/development, allow deriving country code from email tags
|
|
// e.g. "user+CA@example.com" → "CA". Only works for @example.com addresses.
|
|
// Guarded to non-production environments to prevent user-controlled country code spoofing.
|
|
if (email != null && ["development", "test"].includes(getNodeEnvironment())) {
|
|
const match = email.match(/^[^+]+\+([^@]+)@example\.com$/i);
|
|
if (match) {
|
|
const tag = match[1];
|
|
const normalized = normalizeCountryCode(tag);
|
|
if (isValidCountryCode(normalized)) {
|
|
return normalized;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (requestCountryCode !== null) {
|
|
const normalized = normalizeCountryCode(requestCountryCode);
|
|
if (isValidCountryCode(normalized)) {
|
|
return normalized;
|
|
}
|
|
}
|
|
return null;
|
|
}
|
|
|
|
import.meta.vitest?.test("getDerivedSignUpCountryCode", ({ expect }) => {
|
|
expect(getDerivedSignUpCountryCode(" us ", null)).toBe("US");
|
|
expect(getDerivedSignUpCountryCode("de", null)).toBe("DE");
|
|
expect(getDerivedSignUpCountryCode("US", null)).toBe("US");
|
|
expect(getDerivedSignUpCountryCode("usa", null)).toBeNull();
|
|
expect(getDerivedSignUpCountryCode("1", null)).toBeNull();
|
|
expect(getDerivedSignUpCountryCode(null, null)).toBeNull();
|
|
|
|
// email tag derivation in dev/test environments
|
|
expect(getDerivedSignUpCountryCode(null, "test+us@example.com")).toBe("US");
|
|
expect(getDerivedSignUpCountryCode(null, "test+de@example.com")).toBe("DE");
|
|
expect(getDerivedSignUpCountryCode(null, "test+US@example.com")).toBe("US");
|
|
expect(getDerivedSignUpCountryCode(null, "test+invalid@example.com")).toBeNull();
|
|
expect(getDerivedSignUpCountryCode(null, "test+us@other.com")).toBeNull();
|
|
expect(getDerivedSignUpCountryCode(null, "test@example.com")).toBeNull();
|
|
expect(getDerivedSignUpCountryCode(null, "noplustag@example.com")).toBeNull();
|
|
|
|
// email tag takes precedence over requestCountryCode
|
|
expect(getDerivedSignUpCountryCode("de", "test+us@example.com")).toBe("US");
|
|
expect(getDerivedSignUpCountryCode("de", "test@example.com")).toBe("DE");
|
|
});
|
|
|
|
import.meta.vitest?.describe("visible bot challenge sign-up policy", () => {
|
|
const { expect, test, beforeEach, afterEach } = import.meta.vitest!;
|
|
const processEnv = Reflect.get(process, "env");
|
|
const originalFlag = Reflect.get(processEnv, "HEXCLAVE_ALLOW_SIGN_UP_ON_VISIBLE_BOT_CHALLENGE_FAILURE");
|
|
|
|
beforeEach(() => {
|
|
Reflect.deleteProperty(processEnv, "HEXCLAVE_ALLOW_SIGN_UP_ON_VISIBLE_BOT_CHALLENGE_FAILURE");
|
|
});
|
|
|
|
afterEach(() => {
|
|
if (originalFlag === undefined) {
|
|
Reflect.deleteProperty(processEnv, "HEXCLAVE_ALLOW_SIGN_UP_ON_VISIBLE_BOT_CHALLENGE_FAILURE");
|
|
} else {
|
|
Reflect.set(processEnv, "HEXCLAVE_ALLOW_SIGN_UP_ON_VISIBLE_BOT_CHALLENGE_FAILURE", originalFlag);
|
|
}
|
|
});
|
|
|
|
test("blocks sign-up by default after a visible challenge failure", () => {
|
|
expect(() => assertVisibleBotChallengePassedForSignUp({
|
|
status: "error",
|
|
visibleChallengeResult: "error",
|
|
})).toThrowError("Visible bot challenge could not be completed");
|
|
});
|
|
|
|
test("allows sign-up when visible challenge failure override is enabled", () => {
|
|
Reflect.set(processEnv, "HEXCLAVE_ALLOW_SIGN_UP_ON_VISIBLE_BOT_CHALLENGE_FAILURE", "true");
|
|
|
|
expect(() => assertVisibleBotChallengePassedForSignUp({
|
|
status: "error",
|
|
visibleChallengeResult: "error",
|
|
})).not.toThrow();
|
|
});
|
|
|
|
test("treats invalid visible challenges as bypassable failures when the override is enabled", () => {
|
|
Reflect.set(processEnv, "HEXCLAVE_ALLOW_SIGN_UP_ON_VISIBLE_BOT_CHALLENGE_FAILURE", "true");
|
|
|
|
expect(() => assertVisibleBotChallengePassedForSignUp({
|
|
status: "invalid",
|
|
visibleChallengeResult: "invalid",
|
|
})).not.toThrow();
|
|
});
|
|
});
|
|
|
|
/**
|
|
* Creates or upgrades an anonymous user with sign-up rule evaluation.
|
|
*
|
|
* This function evaluates sign-up rules before creating/upgrading the user.
|
|
* Use this for all signup paths:
|
|
* - Password signup
|
|
* - OTP signup
|
|
* - OAuth signup
|
|
* - Passkey signup
|
|
* - Anonymous user conversion
|
|
*
|
|
* Do NOT use this for creating anonymous users (use createOrUpgradeAnonymousUserWithoutRules directly).
|
|
*
|
|
* @param tenancy - The tenancy context
|
|
* @param currentUser - Current user (if any, for anonymous upgrade)
|
|
* @param createOrUpdate - User creation/update data
|
|
* @param allowedErrorTypes - Error types to allow
|
|
* @param signUpRuleOptions - Options for sign-up rule evaluation
|
|
* @returns Created or updated user
|
|
* @throws KnownErrors.SignUpRejected if a sign-up rule rejects the signup
|
|
*/
|
|
export async function createOrUpgradeAnonymousUserWithRules(
|
|
tenancy: Tenancy,
|
|
currentUser: UsersCrud["Admin"]["Read"] | null,
|
|
createOrUpdate: KeyIntersect<UsersCrud["Admin"]["Create"], UsersCrud["Admin"]["Update"]>,
|
|
allowedErrorTypes: (new (...args: any) => any)[],
|
|
signUpRuleOptions: SignUpRuleOptions,
|
|
): Promise<UsersCrud["Admin"]["Read"]> {
|
|
assertVisibleBotChallengePassedForSignUp(signUpRuleOptions.turnstileAssessment);
|
|
|
|
const email = createOrUpdate.primary_email ?? currentUser?.primary_email ?? null;
|
|
const primaryEmailVerified = createOrUpdate.primary_email_verified ?? currentUser?.primary_email_verified ?? false;
|
|
const endUserRequestContext = signUpRuleOptions.requestContext !== undefined
|
|
? signUpRuleOptions.requestContext
|
|
: signUpRuleOptions.ipAddress !== null && signUpRuleOptions.ipTrusted !== null
|
|
? null
|
|
: await getBestEffortEndUserRequestContext();
|
|
const requestIpAddress = signUpRuleOptions.ipAddress ?? endUserRequestContext?.ipAddress ?? null;
|
|
const requestIpTrusted = signUpRuleOptions.ipTrusted ?? endUserRequestContext?.ipTrusted ?? null;
|
|
// EndUserLocation.countryCode is string | undefined; coerce to string | null for downstream consumers
|
|
const requestCountryCode = signUpRuleOptions.countryCode ?? endUserRequestContext?.location?.countryCode ?? null;
|
|
const countryCode = getDerivedSignUpCountryCode(requestCountryCode, email);
|
|
const countryCodeToPersist = currentUser?.is_anonymous && currentUser.country_code != null
|
|
? currentUser.country_code
|
|
: countryCode;
|
|
|
|
const riskAssessment = await calculateSignUpRiskAssessment(tenancy, {
|
|
primaryEmail: email ?? null,
|
|
primaryEmailVerified,
|
|
authMethod: signUpRuleOptions.authMethod,
|
|
oauthProvider: signUpRuleOptions.oauthProvider,
|
|
ipAddress: requestIpAddress,
|
|
ipTrusted: requestIpTrusted,
|
|
turnstileAssessment: signUpRuleOptions.turnstileAssessment,
|
|
});
|
|
const riskScores = riskAssessment.scores;
|
|
|
|
const ruleResult = await evaluateSignUpRules(tenancy, createSignUpRuleContext({
|
|
email,
|
|
countryCode,
|
|
authMethod: signUpRuleOptions.authMethod,
|
|
oauthProvider: signUpRuleOptions.oauthProvider,
|
|
riskScores,
|
|
}));
|
|
|
|
if (!ruleResult.shouldAllow) {
|
|
throw new KnownErrors.SignUpRejected();
|
|
}
|
|
|
|
const existingRestrictionPrivateDetails = createOrUpdate.restricted_by_admin_private_details ?? currentUser?.restricted_by_admin_private_details;
|
|
const restrictionRuleId = ruleResult.restrictedBecauseOfSignUpRuleId;
|
|
const restrictionRuleDisplayName = restrictionRuleId
|
|
? (tenancy.config.auth.signUpRules[restrictionRuleId].displayName ?? "")
|
|
: "";
|
|
const restrictionPrivateDetails = restrictionRuleId
|
|
? `Restricted by sign-up rule: ${restrictionRuleId}${restrictionRuleDisplayName ? ` (${restrictionRuleDisplayName})` : ""}`
|
|
: null;
|
|
|
|
const enrichedCreateOrUpdate = {
|
|
...createOrUpdate,
|
|
...(ruleResult.restrictedBecauseOfSignUpRuleId != null ? {
|
|
restricted_by_admin: true,
|
|
restricted_by_admin_private_details: existingRestrictionPrivateDetails != null ? `${existingRestrictionPrivateDetails}\n\n${restrictionPrivateDetails}` : restrictionPrivateDetails,
|
|
} : {}),
|
|
...(countryCodeToPersist !== null ? { country_code: countryCodeToPersist } : {}),
|
|
risk_scores: {
|
|
sign_up: {
|
|
bot: riskScores.bot,
|
|
free_trial_abuse: riskScores.free_trial_abuse,
|
|
},
|
|
},
|
|
};
|
|
|
|
const signUpHeuristicFactsToPersist = {
|
|
tenancy,
|
|
signedUpAt: riskAssessment.heuristicFacts.signedUpAt,
|
|
signUpIp: riskAssessment.heuristicFacts.signUpIp,
|
|
signUpIpTrusted: riskAssessment.heuristicFacts.signUpIpTrusted,
|
|
signUpEmailNormalized: riskAssessment.heuristicFacts.signUpEmailNormalized,
|
|
signUpEmailBase: riskAssessment.heuristicFacts.signUpEmailBase,
|
|
} as const;
|
|
|
|
const user = await createOrUpgradeAnonymousUserWithoutRules(
|
|
tenancy,
|
|
currentUser,
|
|
enrichedCreateOrUpdate as KeyIntersect<UsersCrud["Admin"]["Create"], UsersCrud["Admin"]["Update"]>,
|
|
allowedErrorTypes,
|
|
);
|
|
|
|
try {
|
|
await persistSignUpHeuristicFacts({
|
|
...signUpHeuristicFactsToPersist,
|
|
userId: user.id,
|
|
});
|
|
} catch (error) {
|
|
captureError("persist-sign-up-heuristic-facts", error);
|
|
}
|
|
|
|
return user;
|
|
}
|
|
|
|
/**
|
|
* Creates or upgrades an anonymous user WITHOUT sign-up rule evaluation.
|
|
*
|
|
* Use this only for:
|
|
* - Creating anonymous users (no rules apply)
|
|
* - Internal operations where rules should be bypassed
|
|
*
|
|
* For all signup paths, use createOrUpgradeAnonymousUserWithRules instead.
|
|
*/
|
|
export async function createOrUpgradeAnonymousUserWithoutRules(
|
|
tenancy: Tenancy,
|
|
currentUser: UsersCrud["Admin"]["Read"] | null,
|
|
createOrUpdate: KeyIntersect<UsersCrud["Admin"]["Create"], UsersCrud["Admin"]["Update"]>,
|
|
allowedErrorTypes: (new (...args: any) => any)[],
|
|
): Promise<UsersCrud["Admin"]["Read"]> {
|
|
if (currentUser?.is_anonymous) {
|
|
// Upgrade anonymous user
|
|
return await usersCrudHandlers.adminUpdate({
|
|
tenancy,
|
|
user_id: currentUser.id,
|
|
data: {
|
|
...createOrUpdate,
|
|
is_anonymous: false,
|
|
},
|
|
allowedErrorTypes,
|
|
});
|
|
} else {
|
|
// Create new user (normal flow)
|
|
// Cast needed: createOrUpdate may contain create-only fields (like risk scores) that
|
|
// KeyIntersect<Create, Update> strips from the type since they're absent on Update
|
|
return await usersCrudHandlers.adminCreate({
|
|
tenancy,
|
|
data: createOrUpdate as UsersCrud["Admin"]["Create"],
|
|
allowedErrorTypes,
|
|
});
|
|
}
|
|
}
|