Refactor admin procedures into separate files

Extract admin procedures from router.ts into dedicated files under procedures/admin/ with consolidated exports via _routes.ts. Adds shared helper functions for response transformation and includes race condition fixes via transaction-scoped existence checks. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-09 17:00:04 +08:00
parent 2d445cc47b
commit c0966365f3
16 changed files with 579 additions and 112 deletions
--- a/apps/api-server/src/procedures/admin/users/create.ts
+++ b/apps/api-server/src/procedures/admin/users/create.ts
@@ -0,0 +1,63 @@
+/**
+ * admin.users.create - Create passwordless user, optionally add to org
+ */
+
+import { ORPCError } from "@orpc/server";
+import { authMiddleware, os, superuserMiddleware } from "../../base.js";
+
+export const adminUsersCreate = os.admin.users.create
+  .use(authMiddleware)
+  .use(superuserMiddleware)
+  .handler(async ({ input, context }) => {
+    const { email, name, orgSlug, orgRole } = input;
+    const normalizedEmail = email.toLowerCase();
+
+    // If orgSlug provided, verify org exists (outside transaction - read-only)
+    let orgId: number | undefined;
+    if (orgSlug) {
+      const org = await context.db
+        .selectFrom("orgs")
+        .where("slug", "=", orgSlug)
+        .select(["id"])
+        .executeTakeFirst();
+      if (!org) {
+        throw new ORPCError("NOT_FOUND", { message: "Organization not found" });
+      }
+      orgId = org.id;
+    }
+
+    // Create user in transaction (with race condition protection)
+    await context.db.transaction().execute(async (trx) => {
+      // Check for existing user inside transaction to prevent race condition
+      const existingUser = await trx
+        .selectFrom("users")
+        .where("email", "=", normalizedEmail)
+        .select(["id"])
+        .executeTakeFirst();
+      if (existingUser) {
+        throw new ORPCError("CONFLICT", {
+          message: "User with this email already exists",
+        });
+      }
+
+      const newUser = await trx
+        .insertInto("users")
+        .values({
+          email: normalizedEmail,
+          display_name: name || null,
+        })
+        .returning(["id"])
+        .executeTakeFirstOrThrow();
+
+      if (orgId !== undefined) {
+        await trx
+          .insertInto("org_members")
+          .values({
+            org_id: orgId,
+            user_id: newUser.id,
+            role: orgRole || "member",
+          })
+          .execute();
+      }
+    });
+  });