fix: Add locks to user mutations (#5805)

2023-09-09 23:26:22 -04:00
parent c22ed0c82e
commit 9602d09964
5 changed files with 140 additions and 95 deletions
--- a/server/commands/userDemoter.ts
+++ b/server/commands/userDemoter.ts
@@ -1,36 +1,41 @@
+import { Transaction } from "sequelize";
 import { UserRole } from "@shared/types";
 import { ValidationError } from "@server/errors";
 import { Event, User } from "@server/models";
 import CleanupDemotedUserTask from "@server/queues/tasks/CleanupDemotedUserTask";
-import { sequelize } from "@server/storage/database";

 type Props = {
  user: User;
  actorId: string;
  to: UserRole;
+  transaction?: Transaction;
  ip: string;
 };

-export default async function userDemoter({ user, actorId, to, ip }: Props) {
+export default async function userDemoter({
+  user,
+  actorId,
+  to,
+  transaction,
+  ip,
+}: Props) {
  if (user.id === actorId) {
    throw ValidationError("Unable to demote the current user");
  }

-  return sequelize.transaction(async (transaction) => {
-    await user.demote(to, { transaction });
-    await Event.create(
-      {
-        name: "users.demote",
-        actorId,
-        userId: user.id,
-        teamId: user.teamId,
-        data: {
-          name: user.name,
-        },
-        ip,
+  await user.demote(to, { transaction });
+  await Event.create(
+    {
+      name: "users.demote",
+      actorId,
+      userId: user.id,
+      teamId: user.teamId,
+      data: {
+        name: user.name,
      },
-      { transaction }
-    );
-    await CleanupDemotedUserTask.schedule({ userId: user.id });
-  });
+      ip,
+    },
+    { transaction }
+  );
+  await CleanupDemotedUserTask.schedule({ userId: user.id });
 }
--- a/server/commands/userSuspender.ts
+++ b/server/commands/userSuspender.ts
@@ -1,12 +1,12 @@
 import { Transaction } from "sequelize";
 import { User, Event, GroupUser } from "@server/models";
 import CleanupDemotedUserTask from "@server/queues/tasks/CleanupDemotedUserTask";
-import { sequelize } from "@server/storage/database";
 import { ValidationError } from "../errors";

 type Props = {
  user: User;
  actorId: string;
+  transaction?: Transaction;
  ip: string;
 };

@@ -17,44 +17,43 @@ type Props = {
 export default async function userSuspender({
  user,
  actorId,
+  transaction,
  ip,
 }: Props): Promise<void> {
  if (user.id === actorId) {
    throw ValidationError("Unable to suspend the current user");
  }

-  await sequelize.transaction(async (transaction: Transaction) => {
-    await user.update(
-      {
-        suspendedById: actorId,
-        suspendedAt: new Date(),
-      },
-      {
-        transaction,
-      }
-    );
-    await GroupUser.destroy({
-      where: {
-        userId: user.id,
-      },
+  await user.update(
+    {
+      suspendedById: actorId,
+      suspendedAt: new Date(),
+    },
+    {
      transaction,
-    });
-    await Event.create(
-      {
-        name: "users.suspend",
-        actorId,
-        userId: user.id,
-        teamId: user.teamId,
-        data: {
-          name: user.name,
-        },
-        ip,
-      },
-      {
-        transaction,
-      }
-    );
-
-    await CleanupDemotedUserTask.schedule({ userId: user.id });
+    }
+  );
+  await GroupUser.destroy({
+    where: {
+      userId: user.id,
+    },
+    transaction,
  });
+  await Event.create(
+    {
+      name: "users.suspend",
+      actorId,
+      userId: user.id,
+      teamId: user.teamId,
+      data: {
+        name: user.name,
+      },
+      ip,
+    },
+    {
+      transaction,
+    }
+  );
+
+  await CleanupDemotedUserTask.schedule({ userId: user.id });
 }
--- a/server/commands/userUnsuspender.ts
+++ b/server/commands/userUnsuspender.ts
@@ -1,11 +1,11 @@
 import { Transaction } from "sequelize";
 import { User, Event } from "@server/models";
-import { sequelize } from "@server/storage/database";
 import { ValidationError } from "../errors";

 type Props = {
  user: User;
  actorId: string;
+  transaction?: Transaction;
  ip: string;
 };

@@ -16,34 +16,33 @@ type Props = {
 export default async function userUnsuspender({
  user,
  actorId,
+  transaction,
  ip,
 }: Props): Promise<void> {
  if (user.id === actorId) {
    throw ValidationError("Unable to unsuspend the current user");
  }

-  await sequelize.transaction(async (transaction: Transaction) => {
-    await user.update(
-      {
-        suspendedById: null,
-        suspendedAt: null,
+  await user.update(
+    {
+      suspendedById: null,
+      suspendedAt: null,
+    },
+    { transaction }
+  );
+  await Event.create(
+    {
+      name: "users.activate",
+      actorId,
+      userId: user.id,
+      teamId: user.teamId,
+      data: {
+        name: user.name,
      },
-      { transaction }
-    );
-    await Event.create(
-      {
-        name: "users.activate",
-        actorId,
-        userId: user.id,
-        teamId: user.teamId,
-        data: {
-          name: user.name,
-        },
-        ip,
-      },
-      {
-        transaction,
-      }
-    );
-  });
+      ip,
+    },
+    {
+      transaction,
+    }
+  );
 }