1
import { noAuth, authFirst, requireAccount } from "./util";
2
import type { Customize } from "@cocalc/util/db-schema/server-settings";
3
import type {
4
  ApiKey,
5
  Action as ApiKeyAction,
6
} from "@cocalc/util/db-schema/api-keys";
7
import { type UserSearchResult } from "@cocalc/util/db-schema/accounts";
8

9
export const system = {
10
  getCustomize: noAuth,
11
  ping: noAuth,
12
  test: authFirst,
13
  terminate: authFirst,
14
  userTracking: authFirst,
15
  logClientError: authFirst,
16
  webappError: authFirst,
17
  manageApiKeys: authFirst,
18
  generateUserAuthToken: authFirst,
19
  revokeUserAuthToken: noAuth,
20
  userSearch: authFirst,
21
  getNames: requireAccount,
22
  adminResetPasswordLink: authFirst,
23
  sendEmailVerification: authFirst,
24
  deletePassport: authFirst,
25

26
  adminSalesloftSync: authFirst,
27
  userSalesloftSync: authFirst,
28
};
29

30
export interface System {
31
  // get all or specific customize data
32
  getCustomize: (fields?: string[]) => Promise<Customize>;
33
  // ping server and get back the current time
34
  ping: () => { now: number };
35
  // test API key and return scope information (account_id) and server time
36
  test: () => Promise<{ account_id: string; server_time: number }>;
37
  // terminate a service:
38
  //   - only admin can do this.
39
  //   - useful for development
40
  terminate: (service: "database" | "api") => Promise<void>;
41

42
  userTracking: (opts: {
43
    event: string;
44
    value: object;
45
    account_id?: string;
46
  }) => Promise<void>;
47

48
  logClientError: (opts: {
49
    account_id?: string;
50
    event: string;
51
    error: string;
52
  }) => Promise<void>;
53

54
  webappError: (opts: object) => Promise<void>;
55

56
  manageApiKeys: (opts: {
57
    account_id?: string;
58
    action: ApiKeyAction;
59
    project_id?: string;
60
    name?: string;
61
    expire?: Date;
62
    id?: number;
63
  }) => Promise<ApiKey[] | undefined>;
64

65
  generateUserAuthToken: (opts: {
66
    account_id?: string;
67
    user_account_id: string;
68
    password?: string;
69
  }) => Promise<string>;
70

71
  revokeUserAuthToken: (authToken: string) => Promise<void>;
72

73
  userSearch: (opts: {
74
    account_id?: string;
75
    query: string;
76
    limit?: number;
77
    admin?: boolean;
78
    only_email?: boolean;
79
  }) => Promise<UserSearchResult[]>;
80

81
  getNames: (account_ids: string[]) => Promise<{
82
    [account_id: string]:
83
      | {
84
          first_name: string;
85
          last_name: string;
86
          profile?: { color?: string; image?: string };
87
        }
88
      | undefined;
89
  }>;
90

91
  // adminResetPasswordLink: Enables admins (and only admins!) to generate and get a password reset
92
  // for another user.  The response message contains a password reset link,
93
  // though without the site part of the url (the client should fill that in).
94
  // This makes it possible for admins to reset passwords of users, even if
95
  // sending email is not setup, e.g., for cocalc-docker, and also deals with the
96
  // possibility that users have no email address, or broken email, or they
97
  // can't receive email due to crazy spam filtering.
98
  // Non-admins always get back an error.
99
  adminResetPasswordLink: (opts: {
100
    account_id?: string;
101
    user_account_id: string;
102
  }) => Promise<string>;
103

104
  // user must be an admin or get an error. Sync's the given salesloft accounts.
105
  adminSalesloftSync: (opts: {
106
    account_id?: string;
107
    account_ids: string[];
108
  }) => Promise<void>;
109

110
  userSalesloftSync: (opts: { account_id?: string }) => Promise<void>;
111

112
  sendEmailVerification: (opts: {
113
    account_id?: string;
114
    only_verify?: boolean;
115
  }) => Promise<void>;
116

117
  deletePassport: (opts: {
118
    account_id?: string;
119
    strategy: string;
120
    id: string;
121
  }) => Promise<void>;
122
}
123

124