reworkd · awtkns · Jul 23, 2023 · Jul 4, 2023 · Jul 22, 2023 · Jul 22, 2023
diff --git a/next/prisma/schema.prisma b/next/prisma/schema.prisma
@@ -44,18 +44,55 @@ model User {
   email         String?   @unique
   emailVerified DateTime?
   image         String?
+  superAdmin    Boolean   @default(false) @map("super_admin")
 
   createDate DateTime @default(now())
 
   accounts Account[]
   sessions Session[]
   runs     Run[]
   Agent    Agent[]
+  UserRole UserRole[]
 
   @@index([email])
   @@index([createDate])
 }
 
+model Organization {
+  id   String @id @default(cuid())
+  name String @unique
+
+  created_by  String
+  create_date DateTime  @default(now())
+  update_date DateTime? @updatedAt
+  delete_date DateTime?
+
+  UserRole UserRole[]
+
+  @@index([name])
+  @@map("organization")
+}
+
+enum RoleName {
+  ADMIN
+  MEMBER
+}
+
+model UserRole {
+  id              String   @id @default(cuid())
+  user_id         String
+  organization_id String
+  role            RoleName
+
+  user         User          @relation(fields: [user_id], references: [id], onDelete: NoAction)
+  organization Organization? @relation(fields: [organization_id], references: [id], onDelete: NoAction)
+
+  @@unique([user_id, organization_id])
+  @@index([user_id])
+  @@index([organization_id])
+  @@map("user_role")
+}
+
 model VerificationToken {
   identifier String
   token      String   @unique

diff --git a/next/src/hooks/useAuth.ts b/next/src/hooks/useAuth.ts
@@ -1,6 +1,7 @@
 import type { Session } from "next-auth";
 import { signIn, signOut, useSession } from "next-auth/react";
 import { useEffect } from "react";
+import { useRouter } from "next/router";
 
 type Provider = "google" | "github" | "discord";
 
@@ -11,14 +12,26 @@ interface Auth {
   session: Session | null;
 }
 
-export function useAuth({ protectedRoute } = { protectedRoute: false }): Auth {
+interface UseAuthOptions {
+  protectedRoute?: boolean;
+  isAllowed?: (user: Session) => boolean;
+}
+
+export function useAuth(
+  { protectedRoute, isAllowed }: UseAuthOptions = { protectedRoute: false, isAllowed: () => true }
+): Auth {
   const { data: session, status } = useSession();
+  const { push } = useRouter();
 
   useEffect(() => {
     if (protectedRoute && status === "unauthenticated") {
       handleSignIn().catch(console.error);
     }
-  }, [protectedRoute, status]);
+
+    if (protectedRoute && status === "authenticated" && isAllowed && !isAllowed(session)) {
+      void push("/404").catch(console.error);
+    }
+  }, [protectedRoute, isAllowed, status, session, push]);
 
   const handleSignIn = async () => {
     await signIn();

diff --git a/next/src/pages/signin.tsx b/next/src/pages/signin.tsx
@@ -5,14 +5,15 @@ import Image from "next/image";
 import { useRouter } from "next/router";
 import { getServerSession } from "next-auth/next";
 import type { BuiltInProviderType } from "next-auth/providers";
-import { getProviders, signIn, useSession } from "next-auth/react";
 import type { ClientSafeProvider } from "next-auth/react";
+import { getProviders, signIn, useSession } from "next-auth/react";
 import type { LiteralUnion } from "next-auth/react/types";
 import React, { useState } from "react";
 import { FaDiscord, FaGithub, FaGoogle } from "react-icons/fa";
 
 import FadeIn from "../components/motions/FadeIn";
 import { authOptions } from "../server/auth/auth";
+import Checkbox from "../ui/checkbox";
 import Input from "../ui/input";
 
 const SignIn = ({ providers }: { providers: Provider }) => {
@@ -69,24 +70,30 @@ const SignIn = ({ providers }: { providers: Provider }) => {
 
 const InsecureSignin = () => {
   const [usernameValue, setUsernameValue] = useState("");
+  const adminState = useState(false);
+
   return (
-    <div>
+    <div className="flex flex-col">
       <Input
         value={usernameValue}
         onChange={(e) => setUsernameValue(e.target.value)}
         placeholder="Enter Username"
         type="text"
         name="Username Field"
       />
+      <Checkbox model={adminState} label="Admin" className="mt-2" />
       <button
         onClick={() => {
           if (!usernameValue) return;
 
-          signIn("credentials", { callbackUrl: "/", name: usernameValue }).catch(console.error);
+          signIn("credentials", {
+            callbackUrl: "/",
+            name: usernameValue,
+            superAdmin: adminState[0],
+          }).catch(console.error);
         }}
         className={clsx(
-          "mb-4 mt-4 flex items-center rounded-md bg-white px-10 py-3 text-sm font-semibold text-black sm:text-base",
-          "transition-colors duration-300 hover:bg-gray-200",
+          "mb-4 mt-4 flex items-center rounded-md bg-white px-10 py-3 text-sm font-semibold text-black transition-colors duration-300 hover:bg-gray-200 sm:text-base",
           !usernameValue && "cursor-not-allowed"
         )}
       >

diff --git a/next/src/pages/workflow/index.tsx b/next/src/pages/workflow/index.tsx
@@ -14,9 +14,9 @@ import type { WorkflowMeta } from "../../services/workflow/workflowApi";
 import WorkflowApi from "../../services/workflow/workflowApi";
 import { languages } from "../../utils/languages";
 
-
 const WorkflowList: NextPage = () => {
-  const { session } = useAuth({ protectedRoute: true });
+  const { session } = useAuth({ protectedRoute: true, isAllowed: (s) => s.user.superAdmin });
+
   const router = useRouter();
 
   const api = new WorkflowApi(session?.accessToken);

diff --git a/next/src/server/auth/index.ts b/next/src/server/auth/index.ts
@@ -3,8 +3,8 @@ import type { IncomingMessage, ServerResponse } from "http";
 import { PrismaAdapter } from "@next-auth/prisma-adapter";
 import merge from "lodash/merge";
 import type { GetServerSidePropsContext, NextApiRequest, NextApiResponse } from "next";
-import { getServerSession } from "next-auth";
 import type { AuthOptions } from "next-auth";
+import { getServerSession } from "next-auth";
 import type { Adapter } from "next-auth/adapters";
 
 import { authOptions as prodOptions } from "./auth";
@@ -16,7 +16,10 @@ const commonOptions: Partial<AuthOptions> & { adapter: Adapter } = {
   adapter: PrismaAdapter(prisma),
   callbacks: {
     async session({ session, user }) {
-      if (session.user) session.user.id = user.id;
+      if (session.user) {
+        session.user.id = user.id;
+        session.user.superAdmin = user.superAdmin;
+      }
 
       session.accessToken = (
         await prisma.session.findFirstOrThrow({

diff --git a/next/src/server/auth/local-auth.ts b/next/src/server/auth/local-auth.ts
@@ -8,8 +8,6 @@ import Credentials from "next-auth/providers/credentials";
 import { v4 } from "uuid";
 import { z } from "zod";
 
-
-
 const monthFromNow = () => {
   const now = new Date(Date.now());
   return new Date(now.setMonth(now.getMonth() + 1));
@@ -38,25 +36,32 @@ export const options = (
         name: "Username, Development Only (Insecure)",
         credentials: {
           name: { label: "Username", type: "text" },
+          superAdmin: { label: "SuperAdmin", type: "text" },
         },
         async authorize(credentials, req) {
           if (!credentials) return null;
 
           const creds = z
             .object({
               name: z.string().min(1),
+              superAdmin: z.preprocess((str) => str === "true", z.boolean()).default(false),
             })
             .parse(credentials);
 
           const user = await adapter.getUserByEmail(creds.name);
-          if (user) return user;
-
-          return adapter.createUser({
-            name: creds.name,
-            email: creds.name,
-            image: undefined,
-            emailVerified: null,
-          });
+          return user
+            ? adapter.updateUser({
+                id: user.id,
+                name: creds.name,
+                superAdmin: creds.superAdmin,
+              })
+            : adapter.createUser({
+                name: creds.name,
+                email: creds.name,
+                image: undefined,
+                emailVerified: null,
+                superAdmin: false,
+              });
         },
       }),
     ],

diff --git a/next/src/types/next-auth.d.ts b/next/src/types/next-auth.d.ts
@@ -14,5 +14,6 @@ declare module "next-auth" {
 
   interface User {
     image?: string;
+    superAdmin: boolean;
   }
 }
diff --git a/next/src/ui/checkbox.tsx b/next/src/ui/checkbox.tsx
@@ -0,0 +1,29 @@
+import clsx from "clsx";
+import type { ButtonHTMLAttributes, Dispatch, SetStateAction } from "react";
+
+export interface Props extends ButtonHTMLAttributes<HTMLInputElement> {
+  label?: string;
+  description?: string;
+  model: [boolean, Dispatch<SetStateAction<boolean>>];
+  className?: string;
+}
+
+function Checkbox(props: Props) {
+  return (
+    <div className={clsx("relative flex items-start", props.className)}>
+      <div className="flex h-6 items-center">
+        <input
+          type="checkbox"
+          className="h-4 w-4 rounded border-gray-300 text-indigo-600 focus:ring-indigo-600"
+          checked={props.model[0]}
+          onChange={(e) => props.model[1](e.target.checked)}
+        />
+      </div>
+      <div className="ml-3 text-sm leading-6 text-gray-400">
+        {props.label && <label className="font-medium">{props.label}</label>}
+      </div>
+    </div>
+  );
+}
+
+export default Checkbox;