ts/opsserver/handlers/users.handler.ts

import * as plugins from '../../plugins.js';
import type { OpsServer } from '../classes.opsserver.js';
import * as interfaces from '../../../ts_interfaces/index.js';
import { requireOpsAuth } from '../helpers/auth.js';

/**
 * Handler for OpsServer user accounts. Registers on adminRouter,
 * so admin middleware enforces auth + role check before the handler runs.
 * User data is owned by AdminHandler; this handler just exposes a safe
 * projection of it via TypedRequest.
 */
export class UsersHandler {
  constructor(private opsServerRef: OpsServer) {
    this.registerHandlers();
  }

  private registerHandlers(): void {
    const router = this.opsServerRef.adminRouter;

    // List users (admin-only)
    router.addTypedHandler(
      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_ListUsers>(
        'listUsers',
        async (dataArg) => {
          await requireOpsAuth(this.opsServerRef, dataArg, {
            scope: 'users:read',
            requireAdminIdentity: true,
            requireAdminToken: true,
          });
          const users = await this.opsServerRef.adminHandler.listUsers();
          return { users };
        },
      ),
    );

    router.addTypedHandler(
      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_CreateUser>(
        'createUser',
        async (dataArg) => {
          await requireOpsAuth(this.opsServerRef, dataArg, {
            scope: 'users:manage',
            requireAdminIdentity: true,
            requireAdminToken: true,
          });
          return this.opsServerRef.adminHandler.createUser({
            email: dataArg.email,
            name: dataArg.name,
            role: dataArg.role,
            password: dataArg.password,
            enableIdpGlobalAuth: dataArg.enableIdpGlobalAuth,
          });
        },
      ),
    );

    router.addTypedHandler(
      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_DeleteUser>(
        'deleteUser',
        async (dataArg) => {
          const auth = await requireOpsAuth(this.opsServerRef, dataArg, {
            scope: 'users:manage',
            requireAdminIdentity: true,
            requireAdminToken: true,
          });
          return this.opsServerRef.adminHandler.deleteUser({
            id: dataArg.id,
            requestingUserId: auth.userId,
          });
        },
      ),
    );
  }
}
feat(opsserver-access): add admin user listing to the access dashboard 2026-04-08 09:01:08 +00:00			`import * as plugins from '../../plugins.js';`
			`import type { OpsServer } from '../classes.opsserver.js';`
			`import * as interfaces from '../../../ts_interfaces/index.js';`
feat(ops-auth): add scoped API token auth across ops endpoints 2026-05-19 22:24:37 +00:00			`import { requireOpsAuth } from '../helpers/auth.js';`
feat(opsserver-access): add admin user listing to the access dashboard 2026-04-08 09:01:08 +00:00
			`/**`
feat(opsserver): add admin user create/delete management and default hosted idp.global auth support 2026-05-19 17:06:50 +00:00			`* Handler for OpsServer user accounts. Registers on adminRouter,`
feat(opsserver-access): add admin user listing to the access dashboard 2026-04-08 09:01:08 +00:00			`* so admin middleware enforces auth + role check before the handler runs.`
			`* User data is owned by AdminHandler; this handler just exposes a safe`
			`* projection of it via TypedRequest.`
			`*/`
			`export class UsersHandler {`
			`constructor(private opsServerRef: OpsServer) {`
			`this.registerHandlers();`
			`}`

			`private registerHandlers(): void {`
			`const router = this.opsServerRef.adminRouter;`

feat(opsserver): add admin user create/delete management and default hosted idp.global auth support 2026-05-19 17:06:50 +00:00			`// List users (admin-only)`
feat(opsserver-access): add admin user listing to the access dashboard 2026-04-08 09:01:08 +00:00			`router.addTypedHandler(`
			`new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_ListUsers>(`
			`'listUsers',`
feat(ops-auth): add scoped API token auth across ops endpoints 2026-05-19 22:24:37 +00:00			`async (dataArg) => {`
			`await requireOpsAuth(this.opsServerRef, dataArg, {`
			`scope: 'users:read',`
			`requireAdminIdentity: true,`
			`requireAdminToken: true,`
			`});`
feat(opsserver-admin): add persisted admin bootstrap flow with optional idp.global authentication 2026-05-14 00:30:09 +00:00			`const users = await this.opsServerRef.adminHandler.listUsers();`
feat(opsserver-access): add admin user listing to the access dashboard 2026-04-08 09:01:08 +00:00			`return { users };`
			`},`
			`),`
			`);`
feat(opsserver): add admin user create/delete management and default hosted idp.global auth support 2026-05-19 17:06:50 +00:00
			`router.addTypedHandler(`
			`new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_CreateUser>(`
			`'createUser',`
feat(ops-auth): add scoped API token auth across ops endpoints 2026-05-19 22:24:37 +00:00			`async (dataArg) => {`
			`await requireOpsAuth(this.opsServerRef, dataArg, {`
			`scope: 'users:manage',`
			`requireAdminIdentity: true,`
			`requireAdminToken: true,`
			`});`
			`return this.opsServerRef.adminHandler.createUser({`
			`email: dataArg.email,`
			`name: dataArg.name,`
			`role: dataArg.role,`
			`password: dataArg.password,`
			`enableIdpGlobalAuth: dataArg.enableIdpGlobalAuth,`
			`});`
			`},`
feat(opsserver): add admin user create/delete management and default hosted idp.global auth support 2026-05-19 17:06:50 +00:00			`),`
			`);`

			`router.addTypedHandler(`
			`new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_DeleteUser>(`
			`'deleteUser',`
feat(ops-auth): add scoped API token auth across ops endpoints 2026-05-19 22:24:37 +00:00			`async (dataArg) => {`
			`const auth = await requireOpsAuth(this.opsServerRef, dataArg, {`
			`scope: 'users:manage',`
			`requireAdminIdentity: true,`
			`requireAdminToken: true,`
			`});`
			`return this.opsServerRef.adminHandler.deleteUser({`
			`id: dataArg.id,`
			`requestingUserId: auth.userId,`
			`});`
			`},`
feat(opsserver): add admin user create/delete management and default hosted idp.global auth support 2026-05-19 17:06:50 +00:00			`),`
			`);`
feat(opsserver-access): add admin user listing to the access dashboard 2026-04-08 09:01:08 +00:00			`}`
			`}`