publisher-dashboard/apps/api-server/src/procedures/admin/users/create.ts

/**
 * admin.users.create - Create passwordless user, optionally add to org
 */

import { ORPCError } from "@orpc/server";
import { authMiddleware, os, superuserMiddleware } from "../../base.js";

export const adminUsersCreate = os.admin.users.create
  .use(authMiddleware)
  .use(superuserMiddleware)
  .handler(async ({ input, context }) => {
    const { email, name, orgSlug, orgRole } = input;
    const normalizedEmail = email.toLowerCase();

    // If orgSlug provided, verify org exists (outside transaction - read-only)
    let orgId: number | undefined;
    if (orgSlug) {
      const org = await context.db
        .selectFrom("orgs")
        .where("slug", "=", orgSlug)
        .select(["id"])
        .executeTakeFirst();
      if (!org) {
        throw new ORPCError("NOT_FOUND", { message: "Organization not found" });
      }
      orgId = org.id;
    }

    // Create user in transaction (with race condition protection)
    await context.db.transaction().execute(async (trx) => {
      // Check for existing user inside transaction to prevent race condition
      const existingUser = await trx
        .selectFrom("users")
        .where("email", "=", normalizedEmail)
        .select(["id"])
        .executeTakeFirst();
      if (existingUser) {
        throw new ORPCError("CONFLICT", {
          message: "User with this email already exists",
        });
      }

      const newUser = await trx
        .insertInto("users")
        .values({
          email: normalizedEmail,
          display_name: name || null,
        })
        .returning(["id"])
        .executeTakeFirstOrThrow();

      if (orgId !== undefined) {
        await trx
          .insertInto("org_members")
          .values({
            org_id: orgId,
            user_id: newUser.id,
            role: orgRole || "member",
          })
          .execute();
      }
    });
  });