feat: add users and refresh_tokens tables and CRUD
This commit is contained in:
118
server/db.ts
118
server/db.ts
@@ -28,6 +28,29 @@ interface BookRow {
|
||||
updated_at: string
|
||||
}
|
||||
|
||||
export interface UserRecord {
|
||||
id: string
|
||||
username: string
|
||||
passwordHash: string
|
||||
role: 'admin' | 'user'
|
||||
createdAt: string
|
||||
}
|
||||
|
||||
export interface UserSummary {
|
||||
id: string
|
||||
username: string
|
||||
role: 'admin' | 'user'
|
||||
createdAt: string
|
||||
}
|
||||
|
||||
export interface RefreshTokenRecord {
|
||||
id: string
|
||||
userId: string
|
||||
tokenHash: string
|
||||
expiresAt: string
|
||||
createdAt: string
|
||||
}
|
||||
|
||||
const SCHEMA = `
|
||||
CREATE TABLE IF NOT EXISTS books (
|
||||
id TEXT PRIMARY KEY,
|
||||
@@ -35,11 +58,28 @@ const SCHEMA = `
|
||||
data TEXT NOT NULL,
|
||||
created_at TEXT NOT NULL,
|
||||
updated_at TEXT NOT NULL
|
||||
);
|
||||
|
||||
CREATE TABLE IF NOT EXISTS users (
|
||||
id TEXT PRIMARY KEY,
|
||||
username TEXT NOT NULL UNIQUE,
|
||||
password_hash TEXT NOT NULL,
|
||||
role TEXT NOT NULL DEFAULT 'user',
|
||||
created_at TEXT NOT NULL
|
||||
);
|
||||
|
||||
CREATE TABLE IF NOT EXISTS refresh_tokens (
|
||||
id TEXT PRIMARY KEY,
|
||||
user_id TEXT NOT NULL REFERENCES users(id) ON DELETE CASCADE,
|
||||
token_hash TEXT NOT NULL,
|
||||
expires_at TEXT NOT NULL,
|
||||
created_at TEXT NOT NULL
|
||||
)
|
||||
`
|
||||
|
||||
export function openDb(path: string): Database {
|
||||
const db = new Database(path)
|
||||
db.run('PRAGMA foreign_keys = ON')
|
||||
db.run(SCHEMA)
|
||||
return db
|
||||
}
|
||||
@@ -115,3 +155,81 @@ export function deleteBook(db: Database, id: string): boolean {
|
||||
const result = db.run('DELETE FROM books WHERE id = ?', [id])
|
||||
return result.changes > 0
|
||||
}
|
||||
|
||||
export function createUser(
|
||||
db: Database,
|
||||
params: { username: string; passwordHash: string; role: 'admin' | 'user' },
|
||||
): UserRecord {
|
||||
const id = crypto.randomUUID()
|
||||
const now = new Date().toISOString()
|
||||
db.run('INSERT INTO users (id, username, password_hash, role, created_at) VALUES (?, ?, ?, ?, ?)', [
|
||||
id,
|
||||
params.username,
|
||||
params.passwordHash,
|
||||
params.role,
|
||||
now,
|
||||
])
|
||||
return { id, username: params.username, passwordHash: params.passwordHash, role: params.role, createdAt: now }
|
||||
}
|
||||
|
||||
export function findUserByUsername(db: Database, username: string): UserRecord | null {
|
||||
const row = db
|
||||
.query<{ id: string; username: string; password_hash: string; role: string; created_at: string }, [string]>(
|
||||
'SELECT id, username, password_hash, role, created_at FROM users WHERE username = ?',
|
||||
)
|
||||
.get(username)
|
||||
if (!row) return null
|
||||
return { id: row.id, username: row.username, passwordHash: row.password_hash, role: row.role as 'admin' | 'user', createdAt: row.created_at }
|
||||
}
|
||||
|
||||
export function findUserById(db: Database, id: string): UserRecord | null {
|
||||
const row = db
|
||||
.query<{ id: string; username: string; password_hash: string; role: string; created_at: string }, [string]>(
|
||||
'SELECT id, username, password_hash, role, created_at FROM users WHERE id = ?',
|
||||
)
|
||||
.get(id)
|
||||
if (!row) return null
|
||||
return { id: row.id, username: row.username, passwordHash: row.password_hash, role: row.role as 'admin' | 'user', createdAt: row.created_at }
|
||||
}
|
||||
|
||||
export function listUsers(db: Database): UserSummary[] {
|
||||
return db
|
||||
.query<{ id: string; username: string; role: string; created_at: string }, []>(
|
||||
'SELECT id, username, role, created_at FROM users ORDER BY created_at ASC',
|
||||
)
|
||||
.all()
|
||||
.map((row) => ({ id: row.id, username: row.username, role: row.role as 'admin' | 'user', createdAt: row.created_at }))
|
||||
}
|
||||
|
||||
export function deleteUser(db: Database, id: string): boolean {
|
||||
const result = db.run('DELETE FROM users WHERE id = ?', [id])
|
||||
return result.changes > 0
|
||||
}
|
||||
|
||||
export function createRefreshToken(
|
||||
db: Database,
|
||||
params: { userId: string; tokenHash: string; expiresAt: string },
|
||||
): RefreshTokenRecord {
|
||||
const id = crypto.randomUUID()
|
||||
const now = new Date().toISOString()
|
||||
db.run(
|
||||
'INSERT INTO refresh_tokens (id, user_id, token_hash, expires_at, created_at) VALUES (?, ?, ?, ?, ?)',
|
||||
[id, params.userId, params.tokenHash, params.expiresAt, now],
|
||||
)
|
||||
return { id, userId: params.userId, tokenHash: params.tokenHash, expiresAt: params.expiresAt, createdAt: now }
|
||||
}
|
||||
|
||||
export function findRefreshTokenByHash(db: Database, tokenHash: string): RefreshTokenRecord | null {
|
||||
const row = db
|
||||
.query<{ id: string; user_id: string; token_hash: string; expires_at: string; created_at: string }, [string]>(
|
||||
'SELECT id, user_id, token_hash, expires_at, created_at FROM refresh_tokens WHERE token_hash = ?',
|
||||
)
|
||||
.get(tokenHash)
|
||||
if (!row) return null
|
||||
return { id: row.id, userId: row.user_id, tokenHash: row.token_hash, expiresAt: row.expires_at, createdAt: row.created_at }
|
||||
}
|
||||
|
||||
export function deleteRefreshTokenByHash(db: Database, tokenHash: string): boolean {
|
||||
const result = db.run('DELETE FROM refresh_tokens WHERE token_hash = ?', [tokenHash])
|
||||
return result.changes > 0
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user