Require the caller of the rebuild-users script to explicitly allow different types of changes using command line options

dogamak · dogamak · commit 4125bf490020 · 2024-09-05T21:33:43.000+03:00
diff --git a/scripts/rebuild_users.ts b/scripts/rebuild_users.ts
@@ -1,7 +1,64 @@
+import arg from "arg";
 import UserService from "../src/services/UserService";
+import { isUserDatabaseObjectKey } from "../src/interfaces/UserDatabaseObject";
+
+const parseArgs = () =>
+  arg({
+    "--allow-field": [String],
+    "--allow-all-fields": Boolean,
+    "--allow-create": Boolean,
+    "--allow-delete": Boolean,
+    "--help": Boolean,
+
+    "-h": "--help",
+  });
+
+const printHelp = () => {
+  console.log("Usage: pnpm rebuild-users [--allow-create] [--allow-delete]");
+  console.log("  [--allow-all-fields] [--allow-field=<FIELD>]...");
+  console.log();
+  console.log("Rebuilds the users table from scratch based on NATS messages.");
+  console.log();
+  console.log("Calling this script with no options does not permit any changes");
+  console.log("and is essentially equivalent to a dry-run. You can explicitly");
+  console.log("allow wanted changes with the options listed below.");
+  console.log();
+  console.log("Options:");
+  console.log("  --allow-create          Allow creation of new users");
+  console.log("  --allow-delete          Allow deletion of existing users");
+  console.log("  --allow-all-fields      Allow changes to all fields");
+  console.log("  --allow-field=<FIELD>   Allow changes to the specified field");
+};
 
 async function main() {
-  await UserService.rebuild();
+  const args = parseArgs();
+
+  if (args["--help"]) {
+    printHelp();
+    process.exit(0);
+  }
+
+  let allowChanges: NonNullable<Parameters<typeof UserService.rebuild>[0]>["allowChanges"] = [];
+
+  if (args["--allow-all-fields"]) {
+    allowChanges = undefined;
+  } else {
+    for (const field of args["--allow-field"] ?? []) {
+      if (!isUserDatabaseObjectKey(field)) {
+        console.log(`Field ${field} does not exist!`);
+        process.exit(1);
+      } else {
+        allowChanges.push(field);
+      }
+    }
+  }
+
+  await UserService.rebuild({
+    allowCreate: args["--allow-create"] ?? false,
+    allowRemove: args["--allow-delete"] ?? false,
+    allowChanges,
+  });
+
   process.exit(0);
 }
 
diff --git a/src/interfaces/UserDatabaseObject.ts b/src/interfaces/UserDatabaseObject.ts
@@ -23,6 +23,35 @@ export default interface UserDatabaseObject {
   last_seq: number;
 }
 
+const KEYS: Array<keyof UserDatabaseObject> = [
+  "id",
+  "username",
+  "name",
+  "screen_name",
+  "email",
+  "residence",
+  "phone",
+  "hyy_member",
+  "membership",
+  "role",
+  "salt",
+  "hashed_password",
+  "password_hash",
+  "created",
+  "modified",
+  "tktl",
+  "deleted",
+  "hy_staff",
+  "hy_student",
+  "tktdt_student",
+  "registration_ban_bypass_until",
+  "last_seq",
+];
+
+export function isUserDatabaseObjectKey(key: string): key is keyof UserDatabaseObject {
+  return KEYS.includes(key as keyof UserDatabaseObject);
+}
+
 /**
  * User database object with additional payment information
  */
diff --git a/src/services/UserService.ts b/src/services/UserService.ts
@@ -44,6 +44,12 @@ const UserEvent = z.discriminatedUnion("type", [UserCreateEvent, UserImportEvent
 
 type UserEvent = z.infer<typeof UserEvent>;
 
+type RebuildOptions = {
+  allowChanges?: Array<keyof UserDatabaseObject>;
+  allowRemove?: boolean;
+  allowCreate?: boolean;
+};
+
 class UserService {
   abortSignal?: ConsumerAbortSignal;
 
@@ -384,7 +390,7 @@ class UserService {
     return this.dao.withTransaction(dao => callback(new UserService(dao)));
   }
 
-  public async rebuild() {
+  public async rebuild(options?: RebuildOptions) {
     const nats = await NatsService.get();
 
     await this.transaction(async tsx => {
@@ -412,13 +418,17 @@ class UserService {
 
         if (!after && before) {
           console.log(`User ${before.id} (${before.username}) disappeared during rebuild!`);
-          error = true;
+
+          if (!options?.allowRemove) error = true;
+
           return;
         }
 
         if (!before && after) {
           console.log(`New user ${after.id} (${after.username}) appeared during rebuild!`);
-          error = true;
+
+          if (!options?.allowCreate) error = true;
+
           return;
         }
 
@@ -444,14 +454,22 @@ class UserService {
               console.log(`Field ${key} of user ${id} changed: ${before} -> ${after}`);
             });
           }
+
+          if (options?.allowChanges) {
+            for (const [key] of diff) {
+              if (!options.allowChanges.includes(key)) {
+                console.log(`Unallowed field ${key} changed for user ${key}!`);
+                error = true;
+              }
+            }
+          }
         }
       });
 
       if (usersAfter.size !== usersBefore.size) {
         console.log(
           `User count does not match before (${usersBefore.size}) and after (${usersAfter.size}) the rebuild.`,
         );
-        error = true;
       }
 
       if (error) {
