68 lines
3.1 KiB
JavaScript
68 lines
3.1 KiB
JavaScript
|
#!/usr/bin/env node
|
||
|
|
// One-time PRODUCTION migration for "BizGaze-only logins".
|
||
|
|
//
|
||
|
|
// Deletes the in-app (pre-BizGaze) local accounts. Combined with the BizGaze-only login
|
||
|
|
// change, every user then signs in through BizGaze and is provisioned into the same
|
||
|
|
// tenant — which restores the admin's "see all sessions" report.
|
||
|
|
//
|
||
|
|
// A "pre-BizGaze" account = a user with NO 'sso_user_created' audit entry for its email
|
||
|
|
// (i.e. created locally via register/console, not provisioned by a BizGaze login).
|
||
|
|
//
|
||
|
|
// SAFE BY DEFAULT: dry-run unless you pass --apply. BACK UP THE DB FIRST.
|
||
|
|
// Dry run : node scripts/migrate-bizgaze-only.js
|
||
|
|
// Apply : node scripts/migrate-bizgaze-only.js --apply
|
||
|
|
// Honors DB_PATH (same env var the server uses).
|
||
|
|
|
||
|
|
const db = require('../db');
|
||
|
|
const APPLY = process.argv.includes('--apply');
|
||
|
|
|
||
|
|
const tableExists = (name) => !!db.prepare("SELECT 1 FROM sqlite_master WHERE type='table' AND name=?").get(name);
|
||
|
|
|
||
|
|
const ssoEmails = new Set(
|
||
|
|
db.prepare("SELECT DISTINCT lower(user_email) AS e FROM audit_log WHERE action='sso_user_created' AND user_email IS NOT NULL")
|
||
|
|
.all().map((r) => r.e),
|
||
|
|
);
|
||
|
|
const users = db.prepare('SELECT id,email,name,role,team_id,active FROM users').all();
|
||
|
|
const keep = users.filter((u) => ssoEmails.has(String(u.email).toLowerCase()));
|
||
|
|
const remove = users.filter((u) => !ssoEmails.has(String(u.email).toLowerCase()));
|
||
|
|
|
||
|
|
console.log('=== Teams ===');
|
||
|
|
for (const t of db.prepare('SELECT id,name FROM teams').all()) {
|
||
|
|
const uc = db.prepare('SELECT COUNT(*) AS c FROM users WHERE team_id=?').get(t.id).c;
|
||
|
|
console.log(` ${t.id} ${t.name} (${uc} users)`);
|
||
|
|
}
|
||
|
|
console.log('\n=== Users ===');
|
||
|
|
console.log(` total: ${users.length} | BizGaze-provisioned (keep): ${keep.length} | local pre-BizGaze (delete): ${remove.length}`);
|
||
|
|
console.log('\n KEEP (already BizGaze-provisioned):');
|
||
|
|
keep.forEach((u) => console.log(` ${u.email} [${u.role}] team ${u.team_id}`));
|
||
|
|
console.log('\n DELETE (local / pre-BizGaze):');
|
||
|
|
remove.forEach((u) => console.log(` ${u.email} [${u.role}] team ${u.team_id}`));
|
||
|
|
|
||
|
|
if (!remove.length) { console.log('\nNothing to delete. Done.'); process.exit(0); }
|
||
|
|
|
||
|
|
if (!APPLY) {
|
||
|
|
console.log('\nDRY RUN — no changes made. Re-run with --apply to delete the local accounts above.');
|
||
|
|
console.log('After deletion, those users sign in via BizGaze and are recreated automatically.');
|
||
|
|
process.exit(0);
|
||
|
|
}
|
||
|
|
|
||
|
|
const delAuth = db.prepare('DELETE FROM sessions_auth WHERE user_id=?');
|
||
|
|
const delRefresh = tableExists('refresh_tokens') ? db.prepare('DELETE FROM refresh_tokens WHERE user_id=?') : null;
|
||
|
|
const delUser = db.prepare('DELETE FROM users WHERE id=?');
|
||
|
|
let deleted = 0;
|
||
|
|
db.exec('BEGIN');
|
||
|
|
try {
|
||
|
|
for (const u of remove) {
|
||
|
|
delAuth.run(u.id); // clear active sessions (FK) — also logs them out
|
||
|
|
if (delRefresh) delRefresh.run(u.id);
|
||
|
|
delUser.run(u.id);
|
||
|
|
deleted++;
|
||
|
|
}
|
||
|
|
db.exec('COMMIT');
|
||
|
|
} catch (e) {
|
||
|
|
db.exec('ROLLBACK');
|
||
|
|
console.error('FAILED — rolled back, no changes applied:', e.message);
|
||
|
|
process.exit(1);
|
||
|
|
}
|
||
|
|
console.log(`\nDONE. Deleted ${deleted} local account(s). They are recreated via BizGaze on next sign-in.`);
|