feat: Add user management

.github/workflows/main_cliniciantoolkit.yml → .github/workflows/azure_deployment.yml

@@ -7,6 +7,7 @@ on:
     push:
         branches:
             - main
+            - development
     workflow_dispatch:
 
 env:
@@ -28,7 +29,6 @@ jobs:
             - name: npm install, build, and test
               run: |
                   npm install
-                  npx playwright install --with-deps
                   npm run build --if-present
                   npm run test --if-present
 
@@ -45,7 +45,7 @@ jobs:
         runs-on: ubuntu-latest
         needs: build
         environment:
-            name: "Production"
+            name: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }}
             url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
 
         steps:
@@ -62,6 +62,6 @@ jobs:
               uses: azure/webapps-deploy@v3
               with:
                   app-name: "cliniciantoolkit"
-                  slot-name: "Production"
+                  slot-name: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }}
                   package: .
-                  publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_9A3AB102193241559E3EADB479BA0400 }}
+                  publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_D8F19C70B5EA48B29386C08288419993 }}

.github/workflows/tests.yaml

@@ -26,7 +26,6 @@ jobs:
             - name: Install dependencies
               run: |
                   npm install
-                  npx playwright install --with-deps
             - name: Run tests
               run: |
                   npm run test

package.json

@@ -6,7 +6,7 @@
         "dev": "vite dev",
         "build": "vite build",
         "preview": "vite preview",
-        "test": "npm run test:integration && npm run test:unit",
+        "test": "npm run test:unit",
         "check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json",
         "check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
         "lint": "prettier --plugin-search-dir . --check 'src/**/*.{js,ts}' && eslint 'src/**/*.{js,ts}'",

src/hooks.server.ts

@@ -1,21 +1,42 @@
 import { logger } from "$lib/server/logging"
 import { randomUUID } from "crypto"
 import { performance } from "perf_hooks"
+import { pool } from "$lib/server/sql"
+import { DEVELOPMENT_USER } from "$lib/server/environment"
+import type { User } from "$lib/databaseTypes"
+import type { RequestEvent } from "@sveltejs/kit"
+
+const ADMIN_ENDPOINTS = ["/api/templates/.*?"]
 
 export async function handle({ event, resolve }) {
     const requestId = randomUUID()
     const startTime = performance.now()
 
-    const user = event.request.headers.get("X-MS-CLIENT-PRINCIPAL-NAME") || "[email protected]"
+    const userEmail = event.request.headers.get("X-MS-CLIENT-PRINCIPAL-NAME") || DEVELOPMENT_USER
     logger.info({
         type: `Request`,
         method: event.request.method,
         url: event.request.url,
-        user,
+        user: userEmail,
         requestId
     })
     event.request.headers.set("X-Request-ID", requestId)
-    event.request.headers.set("X-User", user)
+    event.request.headers.set("X-User", userEmail)
+
+    const user = await getOrInsertUser(userEmail)
+    if (!isUserAuthorized(event, user)) {
+        const endTime = performance.now()
+        const responseTime = `${(endTime - startTime).toFixed(3)}ms`
+        logger.error({
+            type: "Unauthorized",
+            method: event.request.method,
+            url: event.request.url,
+            user: userEmail,
+            requestId,
+            responseTime
+        })
+        return new Response("Unauthorized", { status: 401 })
+    }
 
     const response = await resolve(event)
 
@@ -26,7 +47,7 @@ export async function handle({ event, resolve }) {
         statusCode: response.status,
         method: event.request.method,
         url: event.request.url,
-        user,
+        user: userEmail,
         requestId,
         responseTime
     }
@@ -41,3 +62,33 @@ export async function handle({ event, resolve }) {
 
     return response
 }
+
+// Exported for testing purposes.
+export async function getOrInsertUser(email: string) {
+    return await pool.connect().then(async client => {
+        const getUserQuery = {
+            text: "SELECT * FROM users WHERE email = $1",
+            values: [email]
+        }
+        const getResult = await client.query(getUserQuery)
+        if (getResult.rows.length > 0) {
+            client.release()
+            return getResult.rows[0] as User
+        }
+
+        const insertUserQuery = {
+            text: "INSERT INTO users (email) VALUES ($1) RETURNING *",
+            values: [email]
+        }
+        const insertResult = await client.query(insertUserQuery)
+        client.release()
+        return insertResult.rows[0] as User
+    })
+}
+
+function isUserAuthorized(event: RequestEvent<Partial<Record<string, string>>, string | null>, user: User) {
+    if (!user.is_admin && ADMIN_ENDPOINTS.some(endpoint => event.request.url.match(endpoint))) {
+        return false
+    }
+    return true
+}

src/lib/databaseTypes.ts

@@ -0,0 +1,6 @@
+export type User = {
+    id: number
+    email: string
+    is_admin: boolean
+    is_alpha_user: boolean
+}

src/lib/server/azure.ts

@@ -1,4 +1,4 @@
-import { AZURE_BLOB_ACCOUNT_NAME, AZURE_BLOB_SAS } from "./secrets"
+import { AZURE_BLOB_ACCOUNT_NAME, AZURE_BLOB_SAS } from "./environment"
 import { logger } from "./logging"
 
 if (!AZURE_BLOB_ACCOUNT_NAME || !AZURE_BLOB_SAS) {

src/lib/server/secrets.ts → src/lib/server/environment.ts

@@ -11,3 +11,5 @@ export const AZURE_FUNCTION_PYTHON_KEY = env.AZURE_FUNCTION_PYTHON_KEY
 
 export const AZURE_BLOB_ACCOUNT_NAME = env.AZURE_BLOB_ACCOUNT_NAME
 export const AZURE_BLOB_SAS = env.AZURE_BLOB_SAS
+
+export const DEVELOPMENT_USER = env.DEVELOPMENT_USER

src/lib/server/sql.ts

@@ -1,5 +1,5 @@
 import pkg from "pg"
-import { POSTGRES_HOST, POSTGRES_USER, POSTGRES_PASSWORD, POSTGRES_DB, POSTGRES_PORT } from "./secrets"
+import { POSTGRES_HOST, POSTGRES_USER, POSTGRES_PASSWORD, POSTGRES_DB, POSTGRES_PORT } from "./environment"
 
 const { Pool } = pkg
 const config = {

src/routes/+layout.server.ts

@@ -0,0 +1,25 @@
+import type { User } from "$lib/databaseTypes"
+import { DEVELOPMENT_USER } from "$lib/server/environment.js"
+import { pool } from "$lib/server/sql"
+
+export async function load({ request }) {
+    const userEmail = request.headers.get("X-MS-CLIENT-PRINCIPAL-NAME") || DEVELOPMENT_USER
+    const userQuery = {
+        text: "SELECT * FROM users WHERE email = $1",
+        values: [userEmail]
+    }
+    const user: User = await pool.connect().then(async client => {
+        const result = await client.query(userQuery)
+        client.release()
+        return result.rows[0]
+    })
+
+    if (!user) {
+        return {
+            status: 401,
+            error: "User not found."
+        }
+    }
+
+    return { user }
+}

src/routes/api/health/+server.ts

@@ -1,5 +1,5 @@
 import { logger } from "$lib/server/logging"
-import { AZURE_FUNCTION_PYTHON_KEY, AZURE_FUNCTION_PYTHON_URL } from "$lib/server/secrets"
+import { AZURE_FUNCTION_PYTHON_KEY, AZURE_FUNCTION_PYTHON_URL } from "$lib/server/environment"
 
 export async function GET() {
     logger.info("Warming up the server.")

src/routes/api/intake-report/[id]/+server.ts

@@ -1,5 +1,5 @@
 import { logger } from "$lib/server/logging"
-import { AZURE_FUNCTION_PYTHON_KEY, AZURE_FUNCTION_PYTHON_URL } from "$lib/server/secrets"
+import { AZURE_FUNCTION_PYTHON_KEY, AZURE_FUNCTION_PYTHON_URL } from "$lib/server/environment"
 
 export async function GET({ params, fetch }) {
     const id = params.id

src/routes/api/llm/+server.ts

@@ -1,6 +1,6 @@
 import { env } from "$env/dynamic/private"
 import { logger } from "$lib/server/logging"
-import { AZURE_FUNCTION_PYTHON_KEY } from "$lib/server/secrets"
+import { AZURE_FUNCTION_PYTHON_KEY } from "$lib/server/environment"
 
 export async function POST({ fetch, request }) {
     logger.info("Making LLM request.")

src/routes/api/markdown2docx/+server.ts

@@ -1,5 +1,5 @@
 import { logger } from "$lib/server/logging"
-import { AZURE_FUNCTION_PYTHON_KEY, AZURE_FUNCTION_PYTHON_URL } from "$lib/server/secrets"
+import { AZURE_FUNCTION_PYTHON_KEY, AZURE_FUNCTION_PYTHON_URL } from "$lib/server/environment"
 
 export async function POST({ fetch, request }) {
     logger.info("Converting markdown to docx")

src/routes/api/templates/[id]/+server.ts

@@ -26,31 +26,6 @@ export async function POST({ request, params }) {
         })
 }
 
-export async function GET({ params }) {
-    const id = params.id
-    logger.info(`Getting template with id ${id}`)
-
-    const query = {
-        text: "SELECT * FROM templates WHERE id = $1",
-        values: [id]
-    }
-
-    return await pool
-        .connect()
-        .then(async client => {
-            const result = await client.query(query)
-            client.release()
-            return result.rows[0]
-        })
-        .then(row => {
-            return new Response(JSON.stringify(row), { headers: { "Content-Type": "application/json" } })
-        })
-        .catch(error => {
-            logger.error(`Error getting template with id ${id}:`, error)
-            return new Response(null, { status: 500 })
-        })
-}
-
 export async function PATCH({ params, request }) {
     const id = params.id
     let { text, parent_id } = await request.json()

src/routes/templates/+page.svelte

@@ -8,6 +8,8 @@
     import SelectedNodes from "./SelectedNodes.svelte"
     import MarkdownEditor from "$lib/components/MarkdownEditor.svelte"
 
+    export let data
+
     let selectedNodes: DecisionTree[] = []
     let tabSet: number = 0
     let editable: boolean = false
@@ -44,9 +46,11 @@
 
         <svelte:fragment slot="panel">
             <div hidden={tabSet !== 0}>
-                <div class="right-0">
-                    <SlideToggle name="slider-editable" size="sm" bind:checked={editable}>Editable</SlideToggle>
-                </div>
+                {#if data.user?.is_admin}
+                    <div class="right-0">
+                        <SlideToggle name="slider-editable" size="sm" bind:checked={editable}>Editable</SlideToggle>
+                    </div>
+                {/if}
                 <TemplatesDirectory {nodes} bind:selectedNodes {editable} />
             </div>
             <div hidden={tabSet !== 1}>

src/routes/templates/TemplatesDirectory/AdminButtons.svelte

@@ -56,11 +56,19 @@
                     headers: { "Content-Type": "application/json" },
                     body: JSON.stringify({ text: response.value })
                 })
-                    .then(res => res.json())
+                    .then(res => {
+                        if (!res.ok) {
+                            toastStore.trigger({
+                                message: `Failed to create the template: ${res.statusText}`,
+                                background: "variant-filled-error"
+                            })
+                        } else {
+                            return res.json()
+                        }
+                    })
                     .then(newNode => {
                         node.children = node.children.concat(new DecisionTree([newNode], newNode.id, node))
                     })
-                    .catch(console.error)
             }
         }
         modalStore.trigger(modal)
@@ -79,9 +87,15 @@
                     method: "PATCH",
                     headers: { "Content-Type": "application/json" },
                     body: JSON.stringify({ text: response.value, parentId })
+                }).then(result => {
+                    if (!result.ok) {
+                        toastStore.trigger({
+                            message: `Failed to edit the template: ${result.statusText}`,
+                            background: "variant-filled-error"
+                        })
+                    }
+                    node.text = response.value
                 })
-                    .then(() => (node.text = response.value))
-                    .catch(console.error)
             }
         }
         modalStore.trigger(modal)
@@ -101,7 +115,7 @@
                 await fetch(`/api/templates/${node.id}`, { method: "DELETE" }).then(response => {
                     if (!response.ok) {
                         toastStore.trigger({
-                            message: "Failed to delete the template.",
+                            message: "Failed to delete the template: " + response.statusText,
                             background: "variant-filled-error"
                         })
                     } else if (!node.parent) {

src/tests/components/Loadingbar.test.ts

@@ -1,6 +1,5 @@
 import { cleanup, render } from "@testing-library/svelte"
 import LoadingBar from "$lib/components/LoadingBar.svelte"
-
 afterEach(cleanup)
 
 describe("LoadingBar Component", () => {

src/tests/setup.ts

@@ -1 +1,9 @@
 import "@testing-library/jest-dom"
+
+vi.mock("lib/server/sql", async () => {
+    return {
+        pool: {
+            connect: vi.fn().mockResolvedValue({ rows: [] })
+        }
+    }
+})