mirror of
https://github.com/pacnpal/thrilltrack-explorer.git
synced 2025-12-22 18:11:13 -05:00
Migrate Admin Admin Functions to wrapEdgeFunction
Migrate Phase 3 administrative functions to use the wrapEdgeFunction wrapper: - cancel-account-deletion - cancel-email-change - create-novu-subscriber - update-novu-subscriber - trigger-notification - remove-novu-subscriber - manage-moderator-topic - migrate-novu-users - sync-all-moderators-to-topic - update-novu-preferences - notify-system-announcement This update standardizes error handling, tracing, auth, and logging across admin endpoints, removes manual serve/CORS boilerplate, and prepares for consistent monitoring and testing.
This commit is contained in:
gpt-engineer-app[bot]
@@ -1,36 +1,21 @@
|
||||
import { createClient } from 'https://esm.sh/@supabase/supabase-js@2.57.4';
|
||||
import { corsHeaders } from '../_shared/cors.ts';
|
||||
import { edgeLogger, startRequest, endRequest } from '../_shared/logger.ts';
|
||||
import { formatEdgeError } from '../_shared/errorFormatter.ts';
|
||||
import { edgeLogger } from '../_shared/logger.ts';
|
||||
import { createEdgeFunction } from '../_shared/edgeFunctionWrapper.ts';
|
||||
|
||||
Deno.serve(async (req) => {
|
||||
const tracking = startRequest();
|
||||
|
||||
// Handle CORS preflight requests
|
||||
if (req.method === 'OPTIONS') {
|
||||
return new Response(null, {
|
||||
headers: {
|
||||
...corsHeaders,
|
||||
'X-Request-ID': tracking.requestId
|
||||
}
|
||||
export default createEdgeFunction(
|
||||
{
|
||||
name: 'cancel-email-change',
|
||||
requireAuth: true,
|
||||
corsHeaders: corsHeaders
|
||||
},
|
||||
async (req, context) => {
|
||||
context.span.setAttribute('action', 'cancel_email_change');
|
||||
edgeLogger.info('Cancelling email change for user', {
|
||||
action: 'cancel_email_change',
|
||||
requestId: context.requestId,
|
||||
userId: context.userId
|
||||
});
|
||||
}
|
||||
|
||||
try {
|
||||
// Get the user from the authorization header
|
||||
const authHeader = req.headers.get('Authorization');
|
||||
if (!authHeader) {
|
||||
const duration = endRequest(tracking);
|
||||
edgeLogger.error('Missing authorization header', {
|
||||
action: 'cancel_email_change',
|
||||
requestId: tracking.requestId,
|
||||
duration
|
||||
});
|
||||
throw new Error('No authorization header provided. Please ensure you are logged in.');
|
||||
}
|
||||
|
||||
// Extract the JWT token from the Authorization header
|
||||
const token = authHeader.replace('Bearer ', '');
|
||||
|
||||
// SECURITY: Service Role Key Usage
|
||||
// ---------------------------------
|
||||
@@ -38,7 +23,7 @@ Deno.serve(async (req) => {
|
||||
// This is required because:
|
||||
// 1. The cancel_user_email_change() database function has SECURITY DEFINER privileges
|
||||
// 2. It needs to modify auth.users table which is not accessible with regular user tokens
|
||||
// 3. User authentication is still verified via JWT token (passed to getUser())
|
||||
// 3. User authentication is verified via the wrapper's requireAuth
|
||||
// Scope: Limited to cancelling the authenticated user's own email change
|
||||
const supabaseUrl = Deno.env.get('SUPABASE_URL');
|
||||
const supabaseServiceKey = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY');
|
||||
@@ -54,50 +39,28 @@ Deno.serve(async (req) => {
|
||||
}
|
||||
});
|
||||
|
||||
// Verify the user's JWT token by passing it explicitly to getUser()
|
||||
// Note: verify_jwt = true in config.toml means Supabase has already validated the JWT
|
||||
const { data: { user }, error: authError } = await supabaseAdmin.auth.getUser(token);
|
||||
|
||||
if (authError || !user) {
|
||||
const duration = endRequest(tracking);
|
||||
edgeLogger.error('Auth verification failed', {
|
||||
action: 'cancel_email_change',
|
||||
requestId: tracking.requestId,
|
||||
duration,
|
||||
error: authError
|
||||
});
|
||||
throw new Error('Invalid session token. Please refresh the page and try again.');
|
||||
}
|
||||
|
||||
const userId = user.id;
|
||||
edgeLogger.info('Cancelling email change for user', {
|
||||
action: 'cancel_email_change',
|
||||
requestId: tracking.requestId,
|
||||
userId
|
||||
});
|
||||
|
||||
// Call the database function to clear email change fields
|
||||
// This function has SECURITY DEFINER privileges to access auth.users
|
||||
const { data: cancelled, error: cancelError } = await supabaseAdmin
|
||||
.rpc('cancel_user_email_change', { _user_id: userId });
|
||||
.rpc('cancel_user_email_change', { _user_id: context.userId });
|
||||
|
||||
if (cancelError || !cancelled) {
|
||||
edgeLogger.error('Error cancelling email change', {
|
||||
error: cancelError?.message,
|
||||
userId,
|
||||
requestId: tracking.requestId
|
||||
userId: context.userId,
|
||||
requestId: context.requestId
|
||||
});
|
||||
throw new Error('Unable to cancel email change: ' + (cancelError?.message || 'Unknown error'));
|
||||
}
|
||||
|
||||
edgeLogger.info('Successfully cancelled email change', { userId, requestId: tracking.requestId });
|
||||
edgeLogger.info('Successfully cancelled email change', { userId: context.userId, requestId: context.requestId });
|
||||
|
||||
// Log the cancellation in admin_audit_log
|
||||
const { error: auditError } = await supabaseAdmin
|
||||
.from('admin_audit_log')
|
||||
.insert({
|
||||
admin_user_id: userId,
|
||||
target_user_id: userId,
|
||||
admin_user_id: context.userId,
|
||||
target_user_id: context.userId,
|
||||
action: 'email_change_cancelled',
|
||||
details: {
|
||||
cancelled_at: new Date().toISOString(),
|
||||
@@ -107,17 +70,15 @@ Deno.serve(async (req) => {
|
||||
if (auditError) {
|
||||
edgeLogger.error('Error logging audit', {
|
||||
error: auditError.message,
|
||||
requestId: tracking.requestId
|
||||
requestId: context.requestId
|
||||
});
|
||||
// Don't fail the request if audit logging fails
|
||||
}
|
||||
|
||||
const duration = endRequest(tracking);
|
||||
edgeLogger.info('Successfully cancelled email change', {
|
||||
action: 'cancel_email_change',
|
||||
requestId: tracking.requestId,
|
||||
userId,
|
||||
duration
|
||||
requestId: context.requestId,
|
||||
userId: context.userId
|
||||
});
|
||||
|
||||
return new Response(
|
||||
@@ -125,43 +86,17 @@ Deno.serve(async (req) => {
|
||||
success: true,
|
||||
message: 'Email change cancelled successfully',
|
||||
user: {
|
||||
id: userId,
|
||||
id: context.userId,
|
||||
email: null,
|
||||
new_email: null,
|
||||
},
|
||||
requestId: tracking.requestId,
|
||||
}),
|
||||
{
|
||||
headers: {
|
||||
...corsHeaders,
|
||||
'Content-Type': 'application/json',
|
||||
'X-Request-ID': tracking.requestId
|
||||
'Content-Type': 'application/json'
|
||||
},
|
||||
status: 200,
|
||||
}
|
||||
);
|
||||
} catch (error) {
|
||||
const duration = endRequest(tracking);
|
||||
edgeLogger.error('Error in cancel-email-change function', {
|
||||
action: 'cancel_email_change',
|
||||
requestId: tracking.requestId,
|
||||
duration,
|
||||
error: formatEdgeError(error)
|
||||
});
|
||||
return new Response(
|
||||
JSON.stringify({
|
||||
success: false,
|
||||
error: error instanceof Error ? error.message : 'An unknown error occurred',
|
||||
requestId: tracking.requestId,
|
||||
}),
|
||||
{
|
||||
headers: {
|
||||
...corsHeaders,
|
||||
'Content-Type': 'application/json',
|
||||
'X-Request-ID': tracking.requestId
|
||||
},
|
||||
status: 400,
|
||||
}
|
||||
);
|
||||
}
|
||||
});
|
||||
);
|
||||
|
||||
Reference in New Issue
Block a user