xuyue/teaching-design
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add users and refresh_tokens tables and CRUD

Browse Source
This commit is contained in:
yuetsh
2026-06-16 00:04:39 -06:00
parent d360d2fb2e
commit 9bf797f6cd
2 changed files with 186 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
server/db.test.ts
View File

@@ -1,6 +1,10 @@
import { afterEach, describe, expect, it, setSystemTime } from 'bun:test'
import { createEmptyBook, createEmptyTeachingDesign } from '../src/domain/teachingDesign'
import { createBook, deleteBook, getBook, listBooks, openDb, renameBook, saveBookData } from './db'
import {
createBook, deleteBook, getBook, listBooks, openDb, renameBook, saveBookData,
createUser, findUserByUsername, findUserById, listUsers, deleteUser,
createRefreshToken, findRefreshTokenByHash, deleteRefreshTokenByHash,
} from './db'
afterEach(() => {
setSystemTime()
@@ -93,3 +97,66 @@ describe('db', () => {
expect(deleteBook(db, 'missing')).toBe(false)
})
})
describe('users and refresh tokens', () => {
it('creates a user and finds them by username', () => {
const db = openDb(':memory:')
const user = createUser(db, { username: 'alice', passwordHash: 'hash1', role: 'user' })
expect(user.username).toBe('alice')
expect(user.role).toBe('user')
expect(findUserByUsername(db, 'alice')).toEqual(user)
})
it('returns null for unknown username', () => {
const db = openDb(':memory:')
expect(findUserByUsername(db, 'nobody')).toBeNull()
})
it('finds user by id', () => {
const db = openDb(':memory:')
const user = createUser(db, { username: 'bob', passwordHash: 'hash2', role: 'admin' })
expect(findUserById(db, user.id)).toEqual(user)
})
it('lists users ordered by creation time', () => {
const db = openDb(':memory:')
const a = createUser(db, { username: 'alice', passwordHash: 'h', role: 'user' })
const b = createUser(db, { username: 'bob', passwordHash: 'h', role: 'admin' })
const list = listUsers(db)
expect(list.map((u) => u.id)).toEqual([a.id, b.id])
expect(list[0]).not.toHaveProperty('passwordHash')
})
it('deletes a user and cascades to refresh tokens', () => {
const db = openDb(':memory:')
const user = createUser(db, { username: 'carol', passwordHash: 'h', role: 'user' })
createRefreshToken(db, { userId: user.id, tokenHash: 'hash123', expiresAt: '2099-01-01T00:00:00.000Z' })
expect(deleteUser(db, user.id)).toBe(true)
expect(findUserByUsername(db, 'carol')).toBeNull()
expect(findRefreshTokenByHash(db, 'hash123')).toBeNull()
})
it('returns false when deleting missing user', () => {
const db = openDb(':memory:')
expect(deleteUser(db, 'missing')).toBe(false)
})
it('creates and finds a refresh token by hash', () => {
const db = openDb(':memory:')
const user = createUser(db, { username: 'dave', passwordHash: 'h', role: 'user' })
const token = createRefreshToken(db, { userId: user.id, tokenHash: 'abc123', expiresAt: '2099-01-01T00:00:00.000Z' })
expect(findRefreshTokenByHash(db, 'abc123')).toEqual(token)
})
it('deletes a refresh token by hash', () => {
const db = openDb(':memory:')
const user = createUser(db, { username: 'eve', passwordHash: 'h', role: 'user' })
createRefreshToken(db, { userId: user.id, tokenHash: 'xyz', expiresAt: '2099-01-01T00:00:00.000Z' })
expect(deleteRefreshTokenByHash(db, 'xyz')).toBe(true)
expect(findRefreshTokenByHash(db, 'xyz')).toBeNull()
})
})

118
server/db.ts
View File

@@ -28,6 +28,29 @@ interface BookRow {
updated_at: string
}
export interface UserRecord {
id: string
username: string
passwordHash: string
role: 'admin' | 'user'
createdAt: string
}
export interface UserSummary {
id: string
username: string
role: 'admin' | 'user'
createdAt: string
}
export interface RefreshTokenRecord {
id: string
userId: string
tokenHash: string
expiresAt: string
createdAt: string
}
const SCHEMA = `
CREATE TABLE IF NOT EXISTS books (
id TEXT PRIMARY KEY,
@@ -35,11 +58,28 @@ const SCHEMA = `
data TEXT NOT NULL,
created_at TEXT NOT NULL,
updated_at TEXT NOT NULL
);
CREATE TABLE IF NOT EXISTS users (
id TEXT PRIMARY KEY,
username TEXT NOT NULL UNIQUE,
password_hash TEXT NOT NULL,
role TEXT NOT NULL DEFAULT 'user',
created_at TEXT NOT NULL
);
CREATE TABLE IF NOT EXISTS refresh_tokens (
id TEXT PRIMARY KEY,
user_id TEXT NOT NULL REFERENCES users(id) ON DELETE CASCADE,
token_hash TEXT NOT NULL,
expires_at TEXT NOT NULL,
created_at TEXT NOT NULL
)
`
export function openDb(path: string): Database {
const db = new Database(path)
db.run('PRAGMA foreign_keys = ON')
db.run(SCHEMA)
return db
}
@@ -115,3 +155,81 @@ export function deleteBook(db: Database, id: string): boolean {
const result = db.run('DELETE FROM books WHERE id = ?', [id])
return result.changes > 0
}
export function createUser(
db: Database,
params: { username: string; passwordHash: string; role: 'admin' | 'user' },
): UserRecord {
const id = crypto.randomUUID()
const now = new Date().toISOString()
db.run('INSERT INTO users (id, username, password_hash, role, created_at) VALUES (?, ?, ?, ?, ?)', [
id,
params.username,
params.passwordHash,
params.role,
now,
])
return { id, username: params.username, passwordHash: params.passwordHash, role: params.role, createdAt: now }
}
export function findUserByUsername(db: Database, username: string): UserRecord | null {
const row = db
.query<{ id: string; username: string; password_hash: string; role: string; created_at: string }, [string]>(
'SELECT id, username, password_hash, role, created_at FROM users WHERE username = ?',
)
.get(username)
if (!row) return null
return { id: row.id, username: row.username, passwordHash: row.password_hash, role: row.role as 'admin' | 'user', createdAt: row.created_at }
}
export function findUserById(db: Database, id: string): UserRecord | null {
const row = db
.query<{ id: string; username: string; password_hash: string; role: string; created_at: string }, [string]>(
'SELECT id, username, password_hash, role, created_at FROM users WHERE id = ?',
)
.get(id)
if (!row) return null
return { id: row.id, username: row.username, passwordHash: row.password_hash, role: row.role as 'admin' | 'user', createdAt: row.created_at }
}
export function listUsers(db: Database): UserSummary[] {
return db
.query<{ id: string; username: string; role: string; created_at: string }, []>(
'SELECT id, username, role, created_at FROM users ORDER BY created_at ASC',
)
.all()
.map((row) => ({ id: row.id, username: row.username, role: row.role as 'admin' | 'user', createdAt: row.created_at }))
}
export function deleteUser(db: Database, id: string): boolean {
const result = db.run('DELETE FROM users WHERE id = ?', [id])
return result.changes > 0
}
export function createRefreshToken(
db: Database,
params: { userId: string; tokenHash: string; expiresAt: string },
): RefreshTokenRecord {
const id = crypto.randomUUID()
const now = new Date().toISOString()
db.run(
'INSERT INTO refresh_tokens (id, user_id, token_hash, expires_at, created_at) VALUES (?, ?, ?, ?, ?)',
[id, params.userId, params.tokenHash, params.expiresAt, now],
)
return { id, userId: params.userId, tokenHash: params.tokenHash, expiresAt: params.expiresAt, createdAt: now }
}
export function findRefreshTokenByHash(db: Database, tokenHash: string): RefreshTokenRecord | null {
const row = db
.query<{ id: string; user_id: string; token_hash: string; expires_at: string; created_at: string }, [string]>(
'SELECT id, user_id, token_hash, expires_at, created_at FROM refresh_tokens WHERE token_hash = ?',
)
.get(tokenHash)
if (!row) return null
return { id: row.id, userId: row.user_id, tokenHash: row.token_hash, expiresAt: row.expires_at, createdAt: row.created_at }
}
export function deleteRefreshTokenByHash(db: Database, tokenHash: string): boolean {
const result = db.run('DELETE FROM refresh_tokens WHERE token_hash = ?', [tokenHash])
return result.changes > 0
}