add user migration, fix userId in Audit

Author: mms-gianni

server/prisma/schema.prisma

@@ -70,8 +70,6 @@ model User {
   username      String    @unique
   firstName     String?
   lastName      String?
-  company       String?
-  location      String?
   email         String    @unique
   emailVerified DateTime?
   password      String

server/src/apps/apps.controller.ts

@@ -11,6 +11,7 @@ import {
   Post,
   Put,
   UseGuards,
+  Request,
 } from '@nestjs/common';
 import { AppsService } from './apps.service';
 import { IUser } from '../auth/auth.interface';
@@ -65,6 +66,7 @@ export class AppsController {
     @Param('phase') phase: string,
     @Param('app') appName: string,
     @Body() app: any,
+    @Request() req: any,
   ) {
     if (appName !== 'new') {
       const msg = 'App name does not match the URL';
@@ -82,12 +84,10 @@ export class AppsController {
       throw new HttpException(msg, HttpStatus.BAD_REQUEST);
     }
 
-    //TODO: Migration -> this is a mock user
     const user: IUser = {
-      id: 1,
-      method: 'local',
-      username: 'admin',
-      apitoken: '1234567890',
+      id: req.user.userId,
+      strategy: req.user.strategy,
+      username: req.user.username,
     };
     return this.appsService.createApp(app, user);
   }
@@ -108,6 +108,7 @@ export class AppsController {
     @Param('app') appName: string,
     @Param('resourceVersion') resourceVersion: string,
     @Body() app: any,
+    @Request() req: any,
   ) {
     if (appName !== app.name) {
       const msg =
@@ -116,12 +117,10 @@ export class AppsController {
       throw new HttpException(msg, HttpStatus.BAD_REQUEST);
     }
 
-    //TODO: Migration -> this is a mock user
     const user: IUser = {
-      id: 1,
-      method: 'local',
-      username: 'admin',
-      apitoken: '1234567890',
+      id: req.user.userId,
+      strategy: req.user.strategy,
+      username: req.user.username,
     };
     return this.appsService.updateApp(app, resourceVersion, user);
   }
@@ -140,13 +139,13 @@ export class AppsController {
     @Param('pipeline') pipeline: string,
     @Param('phase') phase: string,
     @Param('app') app: string,
+    @Request() req: any,
   ) {
-    //TODO: Migration -> this is a mock user
+
     const user: IUser = {
-      id: 1,
-      method: 'local',
-      username: 'admin',
-      apitoken: '1234567890',
+      id: req.user.userId,
+      strategy: req.user.strategy,
+      username: req.user.username,
     };
     return this.appsService.deleteApp(pipeline, phase, app, user);
   }
@@ -201,13 +200,12 @@ export class AppsController {
     @Param('pipeline') pipeline: string,
     @Param('phase') phase: string,
     @Param('app') app: string,
+    @Request() req: any,
   ) {
-    //TODO: Migration -> this is a mock user
     const user: IUser = {
-      id: 1,
-      method: 'local',
-      username: 'admin',
-      apitoken: '1234567890',
+      id: req.user.userId,
+      strategy: req.user.strategy,
+      username: req.user.username,
     };
 
     return this.appsService.restartApp(pipeline, phase, app, user);
@@ -245,6 +243,7 @@ export class AppsController {
     @Param('phase') phase: string,
     @Param('app') app: string,
     @Body() body: any,
+    @Request() req: any,
   ) {
     if (process.env.KUBERO_CONSOLE_ENABLED !== 'true') {
       const msg = 'Console is not enabled';
@@ -266,11 +265,11 @@ export class AppsController {
       Logger.error(msg);
       throw new HttpException(msg, HttpStatus.BAD_REQUEST);
     }
+
     const user: IUser = {
-      id: 1,
-      method: 'local',
-      username: 'admin',
-      apitoken: '1234567890',
+      id: req.user.userId,
+      strategy: req.user.strategy,
+      username: req.user.username,
     };
 
     const podName = body.podName;

server/src/apps/apps.service.ts

@@ -86,7 +86,7 @@ export class AppsService {
 
       const m = {
         name: 'newApp',
-        user: user.username,
+        user: user.id,
         resource: 'app',
         action: 'create',
         severity: 'normal',
@@ -222,7 +222,7 @@ export class AppsService {
 
       const m = {
         name: 'deleteApp',
-        user: user.username,
+        user: user.id,
         resource: 'app',
         action: 'delete',
         severity: 'normal',
@@ -570,7 +570,7 @@ export class AppsService {
 
       const m = {
         name: 'restartApp',
-        user: user.username,
+        user: user.id,
         resource: 'app',
         action: 'restart',
         severity: 'normal',
@@ -629,7 +629,7 @@ export class AppsService {
 
       const m = {
         name: 'updateApp',
-        user: user.username,
+        user: user.id,
         resource: 'app',
         action: 'update',
         severity: 'normal',

server/src/auth/auth.interface.ts

@@ -1,6 +1,6 @@
 export type IUser = {
-  id: number;
-  method: string;
+  id: string;
+  strategy: string;
   username: string;
   apitoken?: string;
 };

server/src/auth/strategies/jwt.guard.ts

@@ -32,6 +32,7 @@ export class JwtAuthGuard extends AuthGuard('jwt') {
       this.logger.warn('Authentication failed: ' + info);
       throw err || new UnauthorizedException();
     }
+    //this.logger.debug(user, info);
     return user;
   }
 }

server/src/auth/strategies/jwt.strategy.ts

@@ -17,6 +17,12 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
   }
 
   async validate(payload: any) {
-    return { userId: payload.userID, username: payload.username };
+    //return payload // for debugging purposes
+    // cast userId to string in case it is a number
+    // Backward compatibility for userId as number v3.0.0
+    if (typeof payload.userId === 'number') {
+      payload.userId = payload.userId.toString();
+    }
+    return { userId: payload.userId, username: payload.username };
   }
 }

server/src/database/database.service.ts

@@ -6,25 +6,26 @@ import * as bcrypt from 'bcrypt';
 @Injectable()
 export class DatabaseService {
 
-  private static readonly logger = new Logger(DatabaseService.name);
-  private static readonly prisma = new PrismaClient();
+  private logger = new Logger(DatabaseService.name);
+  private readonly prisma = new PrismaClient();
 
   constructor() {
     // Initialize the Prisma client
-    DatabaseService.prisma.$connect()
+    this.prisma.$connect()
       .then(() => {
-        DatabaseService.logger.log('Connected to the database successfully.');
+        this.logger.log('Connected to the database successfully.');
       })
       .catch((error) => {
-        DatabaseService.logger.error('Failed to connect to the database.', error);
+        this.logger.error('Failed to connect to the database.', error);
       });
     this.runMigrations()
       .then(() => {
         // create user after migrations
         this.createAdminUser()
+        this.migrateLegeacyUsers()
       })
       .catch((error) => {
-        DatabaseService.logger.error('Error during database migrations.', error);
+        this.logger.error('Error during database migrations.', error);
       });
   }
 
@@ -47,13 +48,13 @@ export class DatabaseService {
     const prisma = new PrismaClient();
 
     try {
-      Logger.log('Running Prisma migrations...', 'Bootstrap');
+      this.logger.log('Running Prisma migrations...');
       // @ts-ignore
       await prisma.$executeRawUnsafe?.('PRAGMA foreign_keys=OFF;'); // For SQLite, optional
       // Use CLI for migrations
       execSync('npx prisma migrate deploy', { stdio: 'inherit' });
       //execSync('npx prisma migrate deploy', {});
-      Logger.log('Prisma migrations completed.', 'Bootstrap');
+      this.logger.log('Prisma migrations completed.');
       await prisma.$executeRaw`
         INSERT INTO "User" (
           "id", 
@@ -74,7 +75,7 @@ export class DatabaseService {
         ) ON CONFLICT DO NOTHING;`
       await prisma.$disconnect();
     } catch (err) {
-      Logger.error('Prisma migration failed', err, 'Bootstrap');
+      this.logger.error('Prisma migration failed', err);
       process.exit(1);
     }
   }
@@ -87,7 +88,7 @@ export class DatabaseService {
       where: { id: '2' },
     });
     if (existingUser) {
-      Logger.log('Admin user already exists. Skipping creation.', 'DatabaseService');
+      this.logger.log('Admin user already exists. Skipping creation.');
       return;
     }
 
@@ -101,8 +102,6 @@ export class DatabaseService {
       // Erstelle einen bcrypt-Hash
       const passwordHash = await bcrypt.hash(plainPassword, 10);
       console.log('\n\n\n', 'Admin account created since no user exists yet');
-      console.log('Please change the password after the first login.');
-      console.log('Admin credentials:');
       console.log('  username: ', adminUser);
       console.log('  password: ', plainPassword);
       console.log('  email:    ', adminEmail, '\n\n\n');
@@ -118,10 +117,70 @@ export class DatabaseService {
           updatedAt: new Date(),
         },
       });
-      Logger.log('Admin user created successfully.', 'DatabaseService');
+      this.logger.log('Admin user created successfully.');
     } catch (error) {
-      Logger.error('Failed to create admin user.', error, 'DatabaseService');
+      Logger.error('Failed to create admin user.', error);
     }
-    await prisma.$disconnect();
+    //await prisma.$disconnect();
+  }
+
+  private async migrateLegeacyUsers() {
+    const prisma = new PrismaClient();
+
+    const existingUsers = await prisma.user.count()
+    if (existingUsers > 2) {
+      this.logger.log('Legacy users already migrated. Skipping migration.');
+      return;
+    }
+
+    if (!process.env.KUBERO_USERS || process.env.KUBERO_USERS === '') {
+      this.logger.log('No legacy users to migrate. KUBERO_USERS is not set.');
+      return;
+    }
+
+    const u = Buffer.from(process.env.KUBERO_USERS, 'base64').toString(
+      'utf-8',
+    );
+    const users = JSON.parse(u);
+    
+    for (const user of users) {
+      let password = user.password;
+      if (
+        user.insecure &&
+        user.insecure === true &&
+        process.env.KUBERO_SESSION_KEY
+      ) {
+        this.logger.warn(
+          'User with unencrypted Password detected: "' +
+            user.username +
+            '" - This feature is deprecated and will be removed in the future',
+        );
+        password = crypto
+          .createHmac('sha256', process.env.KUBERO_SESSION_KEY)
+          .update(password)
+          .digest('hex');
+      }
+
+      const userID = crypto.randomUUID();
+
+      try {
+        await prisma.user.create({
+          data: {
+            id: userID,
+            username: user.username,
+            email: user.username + '@kubero.dev',
+            password: password,
+            isActive: true,
+          },
+        });
+        this.logger.log(`Migrated user ${user.username} successfully.`);
+
+      } catch (error) {
+        this.logger.error(`Failed to migrate user ${user.username}.`, error);
+      }
+    };
+    
+    this.logger.log('Legacy users migrated successfully.');
+    //await prisma.$disconnect();
   }
 }

server/src/deployments/deployments.controller.ts

@@ -7,6 +7,7 @@ import {
   Post,
   Put,
   UseGuards,
+  Request,
 } from '@nestjs/common';
 import { DeploymentsService } from './deployments.service';
 import {
@@ -69,13 +70,12 @@ export class DeploymentsController {
     @Param('phase') phase: string,
     @Param('app') app: string,
     @Body() body: CreateBuild,
+    @Request() req: any,
   ) {
-    //TODO: Migration -> this is a mock user
     const user: IUser = {
-      id: 1,
-      method: 'local',
-      username: 'admin',
-      apitoken: '1234567890',
+      id: req.user.userId,
+      strategy: req.user.strategy,
+      username: req.user.username,
     };
     return this.deploymentsService.triggerBuildjob(
       pipeline,
@@ -108,13 +108,12 @@ export class DeploymentsController {
     @Param('phase') phase: string,
     @Param('app') app: string,
     @Param('buildName') buildName: string,
+    @Request() req: any,
   ) {
-    //TODO: Migration -> this is a mock user
     const user: IUser = {
-      id: 1,
-      method: 'local',
-      username: 'admin',
-      apitoken: '1234567890',
+      id: req.user.userId,
+      strategy: req.user.strategy,
+      username: req.user.username,
     };
     return this.deploymentsService.deleteBuildjob(
       pipeline,