feat: limit access for community members

Author: beeman

api-schema.graphql

@@ -21,12 +21,6 @@ input AdminCreateCommunityInput {
   websiteUrl: String
 }
 
-input AdminCreateCommunityMemberInput {
-  communityId: String!
-  role: CommunityRole!
-  userId: String!
-}
-
 input AdminCreateIdentityInput {
   ownerId: String!
   provider: IdentityProvider!
@@ -57,6 +51,7 @@ input AdminCreateUserInput {
 }
 
 input AdminFindManyBotInput {
+  communityId: String!
   limit: Int = 10
   page: Int = 1
   search: String
@@ -387,7 +382,6 @@ type Mutation {
   adminCreateBackup: Boolean!
   adminCreateBot(input: AdminCreateBotInput!): Bot
   adminCreateCommunity(input: AdminCreateCommunityInput!): Community
-  adminCreateCommunityMember(input: AdminCreateCommunityMemberInput!): CommunityMember
   adminCreateIdentity(input: AdminCreateIdentityInput!): Identity
   adminCreateNetwork(input: AdminCreateNetworkInput!): Network
   adminCreateNetworkToken(input: AdminCreateNetworkTokenInput!): NetworkToken
@@ -419,15 +413,13 @@ type Mutation {
   register(input: RegisterInput!): User
   userCreateBot(input: UserCreateBotInput!): Bot
   userCreateCommunity(input: UserCreateCommunityInput!): Community
-  userCreateCommunityMember(input: UserCreateCommunityMemberInput!): CommunityMember
   userCreateRule(input: UserCreateRuleInput!): Rule
   userCreateRuleCondition(input: UserCreateRuleConditionInput!): RuleCondition
   userCreateRulePermission(input: UserCreateRulePermissionInput!): RulePermission
   userDeleteBot(botId: String!): Boolean
   userDeleteCommunity(communityId: String!): Boolean
   userDeleteCommunityMember(communityMemberId: String!): Boolean
   userDeleteIdentity(identityId: String!): Boolean
-  userDeleteLog(logId: String!): Boolean
   userDeleteRule(ruleId: String!): Boolean
   userDeleteRuleCondition(ruleConditionId: String!): Boolean
   userDeleteRulePermission(rulePermissionId: String!): Boolean
@@ -659,12 +651,6 @@ input UserCreateCommunityInput {
   websiteUrl: String
 }
 
-input UserCreateCommunityMemberInput {
-  communityId: String!
-  role: CommunityRole!
-  userId: String!
-}
-
 input UserCreateRuleConditionInput {
   account: String
   amount: String

libs/api/bot/data-access/src/lib/api-bot-manager.service.ts

@@ -1,4 +1,5 @@
 import { Injectable, Logger, OnModuleInit } from '@nestjs/common'
+import { Bot } from '@prisma/client'
 
 import { createDiscordRestClient, DiscordBot } from '@pubkey-link/api-bot-util'
 import { ApiCoreService } from '@pubkey-link/api-core-data-access'
@@ -19,7 +20,7 @@ export class ApiBotManagerService implements OnModuleInit {
     const bots = await this.core.data.bot.findMany({ where: { status: BotStatus.Active } })
     for (const bot of bots) {
       this.logger.verbose(`Starting bot ${bot.name}`)
-      await this.startBot(bot.id)
+      await this.startBot(bot)
     }
   }
 
@@ -41,15 +42,15 @@ export class ApiBotManagerService implements OnModuleInit {
     return `https://discord.com/developers/applications/${botId}`
   }
 
-  async getBotRoles(botId: string, serverId: string): Promise<DiscordRole[]> {
+  async getBotRoles(userId: string, botId: string, serverId: string): Promise<DiscordRole[]> {
     const bot = this.getBotInstance(botId)
     if (!bot) {
       return []
     }
     return bot.getRoles(serverId)
   }
 
-  async getBotServers(botId: string): Promise<DiscordServer[]> {
+  async getBotServers(userId: string, botId: string): Promise<DiscordServer[]> {
     const bot = this.getBotInstance(botId)
 
     if (!bot) {
@@ -107,7 +108,7 @@ export class ApiBotManagerService implements OnModuleInit {
     return url.toString()
   }
 
-  async leaveBotServer(botId: string, serverId: string) {
+  async leaveBotServer(userId: string, botId: string, serverId: string) {
     return this.ensureBotInstance(botId).leaveServer(serverId)
   }
 
@@ -116,28 +117,32 @@ export class ApiBotManagerService implements OnModuleInit {
     // return `${this.core.config.apiUrl}/bot/${botId}/callback`
   }
 
-  async startBot(botId: string) {
-    const bot = await this.core.data.bot.findUnique({ where: { id: botId } })
-    if (!bot) {
-      throw new Error(`Bot with id ${botId} not found`)
-    }
+  async userStartBot(userId: string, botId: string) {
+    const bot = await this.botMember.ensureBotAdmin({ botId, userId })
+
+    return this.startBot(bot)
+  }
+
+  async userStopBot(userId: string, botId: string) {
+    const bot = await this.botMember.ensureBotAdmin({ botId, userId })
+
+    return this.stopBot(bot)
+  }
+
+  private async startBot(bot: Bot) {
     if (this.bots.get(bot.id)) {
       throw new Error(`Bot ${bot.name} already started`)
     }
 
-    const instance = new DiscordBot({ botId, token: bot.token })
+    const instance = new DiscordBot({ botId: bot.id, token: bot.token })
     await instance.start()
     await this.botMember.setupListeners(bot, instance)
     this.bots.set(bot.id, instance)
 
     return true
   }
 
-  async stopBot(botId: string) {
-    const bot = await this.core.data.bot.findUnique({ where: { id: botId } })
-    if (!bot) {
-      throw new Error(`Bot with id ${botId} not found`)
-    }
+  private async stopBot(bot: Bot) {
     const instance = this.bots.get(bot.id)
     if (!instance) {
       throw new Error(`Bot ${bot.name} not started`)
@@ -164,7 +169,7 @@ export class ApiBotManagerService implements OnModuleInit {
     return instance
   }
 
-  async syncBotServer(botId: string, serverId: string) {
+  async syncBotServer(userId: string, botId: string, serverId: string) {
     const bot = this.ensureBotInstance(botId)
     if (!bot) {
       console.log(`Can't find bot.`, botId, serverId)

libs/api/bot/data-access/src/lib/api-bot-member.service.ts

@@ -120,6 +120,15 @@ export class ApiBotMemberService {
       })
   }
 
+  async ensureBotAdmin({ botId, userId }: { botId: string; userId: string }) {
+    const bot = await this.core.data.bot.findUnique({ where: { id: botId } })
+    if (!bot) {
+      throw new Error(`Bot with id ${botId} not found`)
+    }
+    await this.core.ensureCommunityAdmin({ userId, communityId: bot.communityId })
+    return bot
+  }
+
   async getBotMemberIds(botId: string, serverId: string) {
     return this.core.data.botMember
       .findMany({ where: { botId, serverId } })
@@ -132,7 +141,7 @@ export class ApiBotMemberService {
       .then((items) => items.map((item) => item.providerId))
   }
 
-  async getBotMembers(botId: string, serverId: string) {
+  async getBotMembers(userId: string, botId: string, serverId: string) {
     return this.core.data.botMember.findMany({
       where: {
         botId,

libs/api/bot/data-access/src/lib/api-user-bot.service.ts

@@ -1,35 +1,43 @@
 import { Injectable, Logger } from '@nestjs/common'
 import { ApiCoreService } from '@pubkey-link/api-core-data-access'
-import { User } from 'discord.js'
+import { User as DiscordUser } from 'discord.js'
+import { ApiBotManagerService } from './api-bot-manager.service'
+import { ApiBotMemberService } from './api-bot-member.service'
 import { UserCreateBotInput } from './dto/user-create-bot.input'
 import { UserUpdateBotInput } from './dto/user-update-bot.input'
-import { ApiBotManagerService } from './api-bot-manager.service'
 
 @Injectable()
 export class ApiUserBotService {
   private readonly logger = new Logger(ApiUserBotService.name)
-  constructor(private readonly core: ApiCoreService, private readonly manager: ApiBotManagerService) {}
-
-  async createBot(input: UserCreateBotInput) {
-    const user: User = await this.manager.getBotUser(input.token)
-    this.logger.verbose(`Creating bot ${user.username}`)
-    const avatarUrl = `https://cdn.discordapp.com/avatars/${user.id}/${user.avatar}.png?size=1024`
+  constructor(
+    private readonly core: ApiCoreService,
+    private readonly manager: ApiBotManagerService,
+    private readonly member: ApiBotMemberService,
+  ) {}
+
+  async createBot(userId: string, input: UserCreateBotInput) {
+    await this.core.ensureCommunityAdmin({ communityId: input.communityId, userId })
+    const bot: DiscordUser = await this.manager.getBotUser(input.token)
+    this.logger.verbose(`Creating bot ${bot.username}`)
+    const avatarUrl = `https://cdn.discordapp.com/avatars/${bot.id}/${bot.avatar}.png?size=1024`
     return this.core.data.bot.create({
       data: {
-        id: user.id,
+        id: bot.id,
         avatarUrl,
-        name: user.username,
+        name: bot.username,
         ...input,
       },
     })
   }
 
-  async deleteBot(botId: string) {
+  async deleteBot(userId: string, botId: string) {
+    await this.member.ensureBotAdmin({ botId, userId })
     const deleted = await this.core.data.bot.delete({ where: { id: botId } })
     return !!deleted
   }
 
-  async findOneBot(communityId: string) {
+  async findOneBot(userId: string, communityId: string) {
+    await this.core.ensureCommunityAccess({ communityId, userId })
     const bot = await this.core.data.bot.findUnique({
       where: { communityId },
       include: { permissions: { include: { rules: { include: { rule: true } } } } },
@@ -48,7 +56,8 @@ export class ApiUserBotService {
     return { ...bot, application }
   }
 
-  async updateBot(botId: string, input: UserUpdateBotInput) {
+  async updateBot(userId: string, botId: string, input: UserUpdateBotInput) {
+    await this.member.ensureBotAdmin({ botId, userId })
     return this.core.data.bot.update({ where: { id: botId }, data: input })
   }
 }

libs/api/bot/data-access/src/lib/dto/admin-find-many-bot.input.ts

@@ -3,6 +3,8 @@ import { PagingInput } from '@pubkey-link/api-core-data-access'
 
 @InputType()
 export class AdminFindManyBotInput extends PagingInput() {
+  @Field()
+  communityId!: string
   @Field({ nullable: true })
   search?: string
 }

libs/api/bot/data-access/src/lib/helpers/get-admin-bot-where.input.ts

@@ -2,7 +2,9 @@ import { Prisma } from '@prisma/client'
 import { AdminFindManyBotInput } from '../dto/admin-find-many-bot.input'
 
 export function getAdminBotWhereInput(input: AdminFindManyBotInput): Prisma.BotWhereInput {
-  const where: Prisma.BotWhereInput = {}
+  const where: Prisma.BotWhereInput = {
+    communityId: input.communityId,
+  }
 
   if (input.search) {
     where.OR = [

libs/api/bot/feature/src/lib/api-user-bot.resolver.ts

@@ -1,6 +1,6 @@
 import { UseGuards } from '@nestjs/common'
 import { Args, Mutation, Query, Resolver } from '@nestjs/graphql'
-import { ApiAuthGraphQLUserGuard } from '@pubkey-link/api-auth-data-access'
+import { ApiAuthGraphQLUserGuard, CtxUserId } from '@pubkey-link/api-auth-data-access'
 import {
   ApiBotService,
   Bot,
@@ -17,62 +17,62 @@ export class ApiUserBotResolver {
   constructor(private readonly service: ApiBotService) {}
 
   @Mutation(() => Bot, { nullable: true })
-  userCreateBot(@Args('input') input: UserCreateBotInput) {
-    return this.service.user.createBot(input)
+  userCreateBot(@CtxUserId() userId: string, @Args('input') input: UserCreateBotInput) {
+    return this.service.user.createBot(userId, input)
   }
 
   @Mutation(() => Boolean, { nullable: true })
-  userDeleteBot(@Args('botId') botId: string) {
-    return this.service.user.deleteBot(botId)
+  userDeleteBot(@CtxUserId() userId: string, @Args('botId') botId: string) {
+    return this.service.user.deleteBot(userId, botId)
   }
 
   @Query(() => Bot, { nullable: true })
-  userFindOneBot(@Args('communityId') communityId: string) {
-    return this.service.user.findOneBot(communityId)
+  userFindOneBot(@CtxUserId() userId: string, @Args('communityId') communityId: string) {
+    return this.service.user.findOneBot(userId, communityId)
   }
 
   @Mutation(() => Bot, { nullable: true })
-  userUpdateBot(@Args('botId') botId: string, @Args('input') input: UserUpdateBotInput) {
-    return this.service.user.updateBot(botId, input)
+  userUpdateBot(@CtxUserId() userId: string, @Args('botId') botId: string, @Args('input') input: UserUpdateBotInput) {
+    return this.service.user.updateBot(userId, botId, input)
   }
 
   @Query(() => [DiscordServer], { nullable: true })
-  userGetBotServers(@Args('botId') botId: string) {
-    return this.service.manager.getBotServers(botId)
+  userGetBotServers(@CtxUserId() userId: string, @Args('botId') botId: string) {
+    return this.service.manager.getBotServers(userId, botId)
   }
 
   @Query(() => DiscordServer, { nullable: true })
-  userGetBotServer(@Args('botId') botId: string, @Args('serverId') serverId: string) {
+  userGetBotServer(@CtxUserId() userId: string, @Args('botId') botId: string, @Args('serverId') serverId: string) {
     return this.service.manager.getBotServer(botId, serverId)
   }
 
   @Query(() => [DiscordRole], { nullable: true })
-  userGetBotRoles(@Args('botId') botId: string, @Args('serverId') serverId: string) {
-    return this.service.manager.getBotRoles(botId, serverId)
+  userGetBotRoles(@CtxUserId() userId: string, @Args('botId') botId: string, @Args('serverId') serverId: string) {
+    return this.service.manager.getBotRoles(userId, botId, serverId)
   }
 
   @Query(() => [BotMember], { nullable: true })
-  userGetBotMembers(@Args('botId') botId: string, @Args('serverId') serverId: string) {
-    return this.service.member.getBotMembers(botId, serverId)
+  userGetBotMembers(@CtxUserId() userId: string, @Args('botId') botId: string, @Args('serverId') serverId: string) {
+    return this.service.member.getBotMembers(userId, botId, serverId)
   }
 
   @Mutation(() => Boolean, { nullable: true })
-  userLeaveBotServer(@Args('botId') botId: string, @Args('serverId') serverId: string) {
-    return this.service.manager.leaveBotServer(botId, serverId)
+  userLeaveBotServer(@CtxUserId() userId: string, @Args('botId') botId: string, @Args('serverId') serverId: string) {
+    return this.service.manager.leaveBotServer(userId, botId, serverId)
   }
 
   @Mutation(() => Boolean, { nullable: true })
-  userSyncBotServer(@Args('botId') botId: string, @Args('serverId') serverId: string) {
-    return this.service.manager.syncBotServer(botId, serverId)
+  userSyncBotServer(@CtxUserId() userId: string, @Args('botId') botId: string, @Args('serverId') serverId: string) {
+    return this.service.manager.syncBotServer(userId, botId, serverId)
   }
 
   @Mutation(() => Boolean, { nullable: true })
-  userStartBot(@Args('botId') botId: string) {
-    return this.service.manager.startBot(botId)
+  userStartBot(@CtxUserId() userId: string, @Args('botId') botId: string) {
+    return this.service.manager.userStartBot(userId, botId)
   }
 
   @Mutation(() => Boolean, { nullable: true })
-  userStopBot(@Args('botId') botId: string) {
-    return this.service.manager.stopBot(botId)
+  userStopBot(@CtxUserId() userId: string, @Args('botId') botId: string) {
+    return this.service.manager.userStopBot(userId, botId)
   }
 }

libs/api/community-member/data-access/src/index.ts

@@ -1,9 +1,7 @@
 export * from './lib/api-community-member-data-access.module'
 export * from './lib/api-community-member.service'
-export * from './lib/dto/admin-create-community-member.input'
 export * from './lib/dto/admin-find-many-community-member.input'
 export * from './lib/dto/admin-update-community-member.input'
-export * from './lib/dto/user-create-community-member.input'
 export * from './lib/dto/user-find-many-community-member.input'
 export * from './lib/dto/user-update-community-member.input'
 export * from './lib/entity/community-member-paging.entity'

libs/api/community-member/data-access/src/lib/api-admin-community-member.service.ts

@@ -1,6 +1,5 @@
 import { Injectable } from '@nestjs/common'
 import { ApiCoreService } from '@pubkey-link/api-core-data-access'
-import { AdminCreateCommunityMemberInput } from './dto/admin-create-community-member.input'
 import { AdminFindManyCommunityMemberInput } from './dto/admin-find-many-community-member.input'
 import { AdminUpdateCommunityMemberInput } from './dto/admin-update-community-member.input'
 import { CommunityMemberPaging } from './entity/community-member-paging.entity'
@@ -10,10 +9,6 @@ import { getAdminCommunityMemberWhereInput } from './helpers/get-admin-community
 export class ApiAdminCommunityMemberService {
   constructor(private readonly core: ApiCoreService) {}
 
-  async createCommunityMember(input: AdminCreateCommunityMemberInput) {
-    return this.core.data.communityMember.create({ data: input })
-  }
-
   async deleteCommunityMember(communityMemberId: string) {
     const deleted = await this.core.data.communityMember.delete({ where: { id: communityMemberId } })
     return !!deleted