1. Top
  2. yamori
  3. Files
  4. packages
  5. backend
  6. services
  7. workspace
  8. create_initial_admin.go
yamori

有給休暇計算を主目的とした簡易勤怠管理システム

  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12
  13. 13
  14. 14
  15. 15
  16. 16
  17. 17
  18. 18
  19. 19
  20. 20
  21. 21
  22. 22
  23. 23
  24. 24
  25. 25
  26. 26
  27. 27
  28. 28
  29. 29
  30. 30
  31. 31
  32. 32
  33. 33
  34. 34
  35. 35
  36. 36
  37. 37
  38. 38
  39. 39
  40. 40
  41. 41
  42. 42
  43. 43
  44. 44
  45. 45
  46. 46
  47. 47
  48. 48
  49. 49
  50. 50
  51. 51
  52. 52
  53. 53
  54. 54
  55. 55
  56. 56
  57. 57
  58. 58
  59. 59
  60. 60
  61. 61
  62. 62
  63. 63
  64. 64
  65. 65
  66. 66
  67. 67
  68. 68
  69. 69
  70. 70
  71. 71
  72. 72
  73. 73
  74. 74
  75. 75
  76. 76
  77. 77
  78. 78
  79. 79
  80. 80
  81. 81
  82. 82
  83. 83
  84. 84
  85. 85
  86. 86
  87. 87
  88. 88
  89. 89
  90. 90
  91. 91
  92. 92
  93. 93
  94. 94
  95. 95
  96. 96
  97. 97
  98. 98
  99. 99
  100. 100
  101. 101
  102. 102
  103. 103
  104. 104
  105. 105
  106. 106
  107. 107
  108. 108
  109. 109
  110. 110
  111. 111
  112. 112
  113. 113
  114. 114
  115. 115
  116. 116
  117. 117
  118. 118
  119. 119
  120. 120
  121. 121
  122. 122
  123. 123
  124. 124
  125. 125
  126. 126
  127. 127
  128. 128
  129. 129
  130. 130
  131. 131
  132. 132
  133. 133
  134. 134
  135. 135
  136. 136
  137. 137
  138. 138
  139. 139
  140. 140
  141. 141
  142. 142
  143. 143
  144. 144
  145. 145
  146. 146
  147. 147
  148. 148
  149. 149
  150. 150
  151. 151
  152. 152
  153. 153
  154. 154
  155. 155
  156. 156
  157. 157
  158. 158
  159. 159
  160. 160
  161. 161
  162. 162
  163. 163
  164. 164
  165. 165
  166. 166
  167. 167
  168. 168
  169. 169
  170. 170
  171. 171
  172. 172
  173. 173
  174. 174
  175. 175
  176. 176
  177. 177
  178. 178
  179. 179
  180. 180 
// SPDX-FileCopyrightText: 2025 Shota FUJI <pockawoooh@gmail.com>
// SPDX-License-Identifier: AGPL-3.0-only

package workspace

import (
	"bytes"
	"context"
	"crypto/rand"
	"strings"

	"connectrpc.com/connect"
	"github.com/google/uuid"
	"google.golang.org/protobuf/proto"

	eventV1 "pocka.jp/x/yamori/proto/go/backend/events/v1"
	errorV1 "pocka.jp/x/yamori/proto/go/error/v1"
	workspaceV2 "pocka.jp/x/yamori/proto/go/workspace/v2"

	"pocka.jp/x/yamori/backend/core/event"
	"pocka.jp/x/yamori/backend/core/projection"
	"pocka.jp/x/yamori/backend/crypto"
	workspaceEvent "pocka.jp/x/yamori/backend/events/workspace"
)

func (s *Service) CreateInitialAdmin(
	ctx context.Context,
	req *connect.Request[workspaceV2.CreateInitialAdminRequest],
) (*connect.Response[workspaceV2.CreateInitialAdminResponse], error) {
	initialAdminPassword := req.Msg.GetInitialAdminPassword()
	if initialAdminPassword == "" {
		return connect.NewResponse(&workspaceV2.CreateInitialAdminResponse{
			Result: &workspaceV2.CreateInitialAdminResponse_MissingFieldError{
				MissingFieldError: &errorV1.MissingFieldError{
					Path: proto.String("initial_admin_password"),
				},
			},
		}), nil
	}

	name := req.Msg.GetName()
	if name == "" {
		return connect.NewResponse(&workspaceV2.CreateInitialAdminResponse{
			Result: &workspaceV2.CreateInitialAdminResponse_MissingFieldError{
				MissingFieldError: &errorV1.MissingFieldError{
					Path: proto.String("name"),
				},
			},
		}), nil
	}

	// TODO: SystemError 以外にする
	if strings.Trim(name, " \r\n\t") != name {
		return connect.NewResponse(&workspaceV2.CreateInitialAdminResponse{
			Result: &workspaceV2.CreateInitialAdminResponse_SystemError{
				SystemError: &errorV1.SystemError{
					Message: proto.String("Name cannot have heading or trailing spaces"),
				},
			},
		}), nil
	}

	displayName := strings.Trim(req.Msg.GetDisplayName(), " \r\n\t")
	if displayName == "" {
		displayName = name
	}

	password := req.Msg.GetPassword()
	if password == "" {
		return connect.NewResponse(&workspaceV2.CreateInitialAdminResponse{
			Result: &workspaceV2.CreateInitialAdminResponse_MissingFieldError{
				MissingFieldError: &errorV1.MissingFieldError{
					Path: proto.String("password"),
				},
			},
		}), nil
	}

	// TODO: SystemError 以外にする
	if len(password) <= 8 {
		return connect.NewResponse(&workspaceV2.CreateInitialAdminResponse{
			Result: &workspaceV2.CreateInitialAdminResponse_SystemError{
				SystemError: &errorV1.SystemError{
					Message: proto.String("Password has to be longer than or equals to 8 bytes"),
				},
			},
		}), nil
	}

	tx, err := s.core.DB.Begin()
	if err != nil {
		return nil, err
	}
	defer tx.Rollback()

	ws, err := projection.GetWorkspace(tx)
	if err != nil {
		return nil, err
	}

	pw, err := projection.GetAdminCreationPassword(tx)
	if err != nil {
		return nil, err
	}

	users, err := projection.GetUsers(tx)
	if err != nil {
		return nil, err
	}

	if err := event.UpdateProjections(tx, ws, pw, users); err != nil {
		return nil, err
	}

	if pw.Projection.Password == nil {
		tx.Commit()
		return connect.NewResponse(&workspaceV2.CreateInitialAdminResponse{
			Result: &workspaceV2.CreateInitialAdminResponse_PasswordExpired{
				PasswordExpired: &errorV1.AuthenticationError{},
			},
		}), nil
	}

	hash := crypto.HashPassword([]byte(initialAdminPassword), pw.Projection.Password.Salt)
	if !bytes.Equal(hash, pw.Projection.Password.Hash) {
		return connect.NewResponse(&workspaceV2.CreateInitialAdminResponse{
			Result: &workspaceV2.CreateInitialAdminResponse_AuthenticationError{
				AuthenticationError: &errorV1.AuthenticationError{},
			},
		}), nil
	}

	for _, u := range users.Projection.Users {
		if u.GetName() == name {
			// TODO: SystemError 以外にする
			return connect.NewResponse(&workspaceV2.CreateInitialAdminResponse{
				Result: &workspaceV2.CreateInitialAdminResponse_SystemError{
					SystemError: &errorV1.SystemError{
						Message: proto.String("User with same name already exists."),
					},
				},
			}), nil
		}
	}

	id, err := uuid.NewRandom()
	if err != nil {
		return nil, err
	}

	keyID := make([]byte, 32)
	rand.Read(keyID)

	err = event.AppendEvents(tx, []*eventV1.Event{
		workspaceEvent.ExpireAdminCreationPassword(),
		workspaceEvent.CreateUser(id.String(), name, displayName, keyID),
		workspaceEvent.GrantAdminAccess(id.String()),
		workspaceEvent.ConfigurePasswordLogin(id.String(), password),
	})
	if err != nil {
		return nil, err
	}

	if err := tx.Commit(); err != nil {
		return nil, err
	}

	return connect.NewResponse(&workspaceV2.CreateInitialAdminResponse{
		Result: &workspaceV2.CreateInitialAdminResponse_Ok{
			Ok: &workspaceV2.User{
				Id: &workspaceV2.UserID{
					Value: proto.String(id.String()),
				},
				Name:        proto.String(name),
				DisplayName: proto.String(displayName),
				IsAdmin:     proto.Bool(true),
			},
		},
	}), nil
}