87 lines
2.7 KiB
Python
87 lines
2.7 KiB
Python
"""User management service: CRUD helpers against DuckDB."""
|
|
from typing import Any
|
|
|
|
from ..db import get_conn, get_write_lock
|
|
from .auth import hash_password
|
|
|
|
|
|
async def get_user(user_id: str) -> dict[str, Any] | None:
|
|
conn = get_conn()
|
|
row = conn.execute(
|
|
"SELECT id, email, role FROM users WHERE id = ?", [user_id]
|
|
).fetchone()
|
|
if row is None:
|
|
return None
|
|
return {"id": str(row[0]), "email": row[1], "role": row[2]}
|
|
|
|
|
|
async def list_users() -> list[dict[str, Any]]:
|
|
conn = get_conn()
|
|
rows = conn.execute(
|
|
"SELECT id, email, role FROM users ORDER BY email").fetchall()
|
|
return [{"id": str(r[0]), "email": r[1], "role": r[2]} for r in rows]
|
|
|
|
|
|
async def update_user(
|
|
user_id: str,
|
|
email: str | None = None,
|
|
password: str | None = None,
|
|
) -> dict[str, Any] | None:
|
|
"""Update email and/or password. Returns updated user or None if not found."""
|
|
conn = get_conn()
|
|
lock = get_write_lock()
|
|
|
|
if email is None and password is None:
|
|
return await get_user(user_id)
|
|
|
|
async with lock:
|
|
if email is not None:
|
|
existing = conn.execute(
|
|
"SELECT id FROM users WHERE email = ? AND id != ?", [
|
|
email, user_id]
|
|
).fetchone()
|
|
if existing:
|
|
raise ValueError("Email already in use.")
|
|
conn.execute(
|
|
"UPDATE users SET email = ?, updated_at = now() WHERE id = ?",
|
|
[email, user_id],
|
|
)
|
|
if password is not None:
|
|
conn.execute(
|
|
"UPDATE users SET password_hash = ?, updated_at = now() WHERE id = ?",
|
|
[hash_password(password), user_id],
|
|
)
|
|
row = conn.execute(
|
|
"SELECT id, email, role FROM users WHERE id = ?", [user_id]
|
|
).fetchone()
|
|
|
|
if row is None:
|
|
return None
|
|
return {"id": str(row[0]), "email": row[1], "role": row[2]}
|
|
|
|
|
|
async def set_user_role(user_id: str, role: str) -> dict[str, Any] | None:
|
|
conn = get_conn()
|
|
lock = get_write_lock()
|
|
async with lock:
|
|
conn.execute(
|
|
"UPDATE users SET role = ?, updated_at = now() WHERE id = ?",
|
|
[role, user_id],
|
|
)
|
|
row = conn.execute(
|
|
"SELECT id, email, role FROM users WHERE id = ?", [user_id]
|
|
).fetchone()
|
|
if row is None:
|
|
return None
|
|
return {"id": str(row[0]), "email": row[1], "role": row[2]}
|
|
|
|
|
|
async def delete_user(user_id: str) -> bool:
|
|
"""Delete user and their refresh tokens. Returns True if a row was removed."""
|
|
conn = get_conn()
|
|
lock = get_write_lock()
|
|
async with lock:
|
|
conn.execute("DELETE FROM refresh_tokens WHERE user_id = ?", [user_id])
|
|
conn.execute("DELETE FROM users WHERE id = ?", [user_id])
|
|
return True
|