remove concept of a GUEST user

Author: brendan-kellam

docs/api-reference/sourcebot-public.openapi.json

@@ -1025,8 +1025,7 @@
             "type": "string",
             "enum": [
               "OWNER",
-              "MEMBER",
-              "GUEST"
+              "MEMBER"
             ]
           },
           "createdAt": {

packages/db/prisma/migrations/20260417224042_remove_guest_org_role/migration.sql

@@ -0,0 +1,21 @@
+/*
+  Warnings:
+
+  - The values [GUEST] on the enum `OrgRole` will be removed. If these variants are still used in the database, this will fail.
+
+*/
+
+-- Remove the guest user and its membership (only holder of GUEST role)
+DELETE FROM "UserToOrg" WHERE "role" = 'GUEST';
+DELETE FROM "User" WHERE id = '1';
+
+-- AlterEnum
+BEGIN;
+CREATE TYPE "OrgRole_new" AS ENUM ('OWNER', 'MEMBER');
+ALTER TABLE "UserToOrg" ALTER COLUMN "role" DROP DEFAULT;
+ALTER TABLE "UserToOrg" ALTER COLUMN "role" TYPE "OrgRole_new" USING ("role"::text::"OrgRole_new");
+ALTER TYPE "OrgRole" RENAME TO "OrgRole_old";
+ALTER TYPE "OrgRole_new" RENAME TO "OrgRole";
+DROP TYPE "OrgRole_old";
+ALTER TABLE "UserToOrg" ALTER COLUMN "role" SET DEFAULT 'MEMBER';
+COMMIT;

packages/db/prisma/schema.prisma

@@ -311,7 +311,6 @@ model License {
 enum OrgRole {
   OWNER
   MEMBER
-  GUEST
 }
 
 model UserToOrg {

packages/web/src/actions.ts

@@ -518,11 +518,6 @@ export const experimental_addGithubRepositoryByUrl = async (repositoryUrl: strin
         }
     }));
 
-export const getCurrentUserRole = async (): Promise<OrgRole | ServiceError> => sew(() =>
-    withOptionalAuth(async ({ role }) => {
-        return role;
-    }));
-
 export const createInvites = async (emails: string[]): Promise<{ success: boolean } | ServiceError> => sew(() =>
     withAuth(async ({ org, user, role, prisma }) =>
         withMinimumOrgRole(role, OrgRole.OWNER, async () => {
@@ -762,9 +757,6 @@ export const getOrgMembers = async () => sew(() =>
         const members = await prisma.userToOrg.findMany({
             where: {
                 orgId: org.id,
-                role: {
-                    not: OrgRole.GUEST,
-                }
             },
             include: {
                 user: true,

packages/web/src/app/(app)/repos/[id]/page.tsx

@@ -1,14 +1,11 @@
-import { getCurrentUserRole } from "@/actions"
-import { sew } from "@/middleware/sew"
 import { Badge } from "@/components/ui/badge"
 import { Button } from "@/components/ui/button"
 import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "@/components/ui/card"
 import { Skeleton } from "@/components/ui/skeleton"
 import { Tooltip, TooltipContent, TooltipTrigger } from "@/components/ui/tooltip"
 import { env } from "@sourcebot/shared"
-import { ServiceErrorException } from "@/lib/serviceError"
-import { cn, getCodeHostInfoForRepo, isServiceError } from "@/lib/utils"
-import { withOptionalAuth } from "@/middleware/withAuth"
+import { cn, getCodeHostInfoForRepo } from "@/lib/utils"
+import { authenticatedPage, type OptionalAuthOptions } from "@/middleware/authenticatedPage"
 import { getConfigSettings, repoMetadataSchema } from "@sourcebot/shared"
 import { ExternalLink, Info } from "lucide-react"
 import Image from "next/image"
@@ -21,11 +18,27 @@ import { RepoBranchesTable } from "../components/repoBranchesTable"
 import { RepoJobsTable } from "../components/repoJobsTable"
 import { OrgRole } from "@sourcebot/db"
 
-export default async function RepoDetailPage({ params }: { params: Promise<{ id: string }> }) {
-    const { id } = await params
-    const repo = await getRepoWithJobs(Number.parseInt(id))
-    if (isServiceError(repo)) {
-        throw new ServiceErrorException(repo);
+type RepoDetailPageProps = {
+    params: Promise<{ id: string }>
+}
+
+export default authenticatedPage<RepoDetailPageProps, OptionalAuthOptions>(async ({ org, role, prisma }, props) => {
+    const { id } = await props.params;
+    const repo = await prisma.repo.findUnique({
+        where: {
+            id: Number.parseInt(id),
+            orgId: org.id,
+        },
+        include: {
+            jobs: {
+                orderBy: {
+                    createdAt: 'desc',
+                },
+            },
+        },
+    });
+    if (!repo) {
+        notFound();
     }
 
     const codeHostInfo = getCodeHostInfoForRepo({
@@ -52,11 +65,6 @@ export default async function RepoDetailPage({ params }: { params: Promise<{ id:
 
     const repoMetadata = repoMetadataSchema.parse(repo.metadata);
 
-    const userRole = await getCurrentUserRole();
-    if (isServiceError(userRole)) {
-        throw new ServiceErrorException(userRole);
-    }
-
     return (
         <>
             <div className="mb-6">
@@ -180,36 +188,11 @@ export default async function RepoDetailPage({ params }: { params: Promise<{ id:
                         <RepoJobsTable
                             data={repo.jobs}
                             repoId={repo.id}
-                            isIndexButtonVisible={userRole === OrgRole.OWNER}
+                            isIndexButtonVisible={role === OrgRole.OWNER}
                         />
                     </Suspense>
                 </CardContent>
             </Card>
         </>
-    )
-}
-
-const getRepoWithJobs = async (repoId: number) => sew(() =>
-    withOptionalAuth(async ({ prisma, org }) => {
-
-        const repo = await prisma.repo.findUnique({
-            where: {
-                id: repoId,
-                orgId: org.id,
-            },
-            include: {
-                jobs: {
-                    orderBy: {
-                        createdAt: 'desc'
-                    },
-                }
-            },
-        });
-
-        if (!repo) {
-            return notFound();
-        }
-
-        return repo;
-    })
-);
+    );
+}, { allowAnonymous: true });

packages/web/src/app/api/(server)/ee/chat/[chatId]/searchMembers/route.ts

@@ -1,5 +1,4 @@
 import { apiHandler } from "@/lib/apiHandler";
-import { SOURCEBOT_GUEST_USER_ID } from "@/lib/constants";
 import { ErrorCode } from "@/lib/errorCodes";
 import { notFound, queryParamsSchemaValidationError, serviceErrorResponse } from "@/lib/serviceError";
 import { isServiceError } from "@/lib/utils";
@@ -95,8 +94,6 @@ export const GET = apiHandler(async (
         const excludeUserIds = new Set([
             // Exclude the owner
             user.id,
-            // ... and the guest user
-            SOURCEBOT_GUEST_USER_ID,
             // ... as well as any existing
             ...sharedWithUsers.map((s) => s.userId),
         ]);

packages/web/src/ee/features/lighthouse/actions.ts

@@ -100,7 +100,6 @@ export const createCheckoutSession = async (successUrl: string, cancelUrl: strin
             const memberCount = await prisma.userToOrg.count({
                 where: {
                     orgId: org.id,
-                    role: { not: "GUEST" },
                 },
             });
 

packages/web/src/ee/features/lighthouse/servicePing.ts

@@ -1,4 +1,4 @@
-import { SINGLE_TENANT_ORG_ID, SOURCEBOT_GUEST_USER_ID } from "@/lib/constants";
+import { SINGLE_TENANT_ORG_ID } from "@/lib/constants";
 import { isServiceError } from "@/lib/utils";
 import { __unsafePrisma } from "@/prisma";
 import { createLogger, decryptActivationCode, env, SOURCEBOT_VERSION } from "@sourcebot/shared";
@@ -18,9 +18,6 @@ export const syncWithLighthouse = async (orgId: number) => {
     const userCount = await __unsafePrisma.userToOrg.count({
         where: {
             orgId,
-            userId: {
-                not: SOURCEBOT_GUEST_USER_ID,
-            }
         },
     });
 

packages/web/src/initialize.ts

@@ -1,52 +1,15 @@
-import { createGuestUser } from '@/lib/authUtils';
 import { __unsafePrisma } from "@/prisma";
 import { startServicePingCronJob } from '@/ee/features/lighthouse/servicePing';
-import { OrgRole } from '@sourcebot/db';
 import { createLogger, env, loadConfig } from "@sourcebot/shared";
 import { hasEntitlement } from '@/lib/entitlements';
-import { SINGLE_TENANT_ORG_ID, SOURCEBOT_GUEST_USER_ID } from './lib/constants';
-import { ServiceErrorException } from './lib/serviceError';
-import { getOrgMetadata, isServiceError } from './lib/utils';
+import { SINGLE_TENANT_ORG_ID } from './lib/constants';
+import { getOrgMetadata } from './lib/utils';
 
 const logger = createLogger('web-initialize');
 
-const pruneOldGuestUser = async () => {
-    // The old guest user doesn't have the GUEST role
-    const guestUser = await __unsafePrisma.userToOrg.findUnique({
-        where: {
-            orgId_userId: {
-                orgId: SINGLE_TENANT_ORG_ID,
-                userId: SOURCEBOT_GUEST_USER_ID,
-            },
-            role: {
-                not: OrgRole.GUEST,
-            }
-        },
-    });
-
-    if (guestUser) {
-        await __unsafePrisma.user.delete({
-            where: {
-                id: guestUser.userId,
-            },
-        });
-
-        logger.info(`Deleted old guest user ${guestUser.userId}`);
-    }
-}
-
 const init = async () => {
-    // This is needed because v4 introduces the GUEST org role as well as making authentication required. 
-    // To keep things simple, we'll just delete the old guest user if it exists in the DB
-    await pruneOldGuestUser();
-
     const hasAnonymousAccessEntitlement = await hasEntitlement("anonymous-access");
-    if (hasAnonymousAccessEntitlement) {
-        const res = await createGuestUser();
-        if (isServiceError(res)) {
-            throw new ServiceErrorException(res);
-        }
-    } else {
+    if (!hasAnonymousAccessEntitlement) {
         // If anonymous access entitlement is not enabled, set the flag to false in the org on init
         const org = await __unsafePrisma.org.findUnique({ where: { id: SINGLE_TENANT_ORG_ID } });
         if (org) {

packages/web/src/lib/authUtils.ts

@@ -1,8 +1,7 @@
 import type { User as AuthJsUser } from "next-auth";
 import { __unsafePrisma } from "@/prisma";
 import { OrgRole } from "@sourcebot/db";
-import { SINGLE_TENANT_ORG_ID, SOURCEBOT_GUEST_USER_EMAIL, SOURCEBOT_GUEST_USER_ID, SOURCEBOT_SUPPORT_EMAIL } from "@/lib/constants";
-import { hasEntitlement } from "@/lib/entitlements";
+import { SINGLE_TENANT_ORG_ID } from "@/lib/constants";
 import { isServiceError } from "@/lib/utils";
 import { orgNotFound, ServiceError, userNotFound } from "@/lib/serviceError";
 import { createLogger, getOfflineLicenseKey } from "@sourcebot/shared";
@@ -38,13 +37,7 @@ export const onCreateUser = async ({ user }: { user: AuthJsUser }) => {
             id: SINGLE_TENANT_ORG_ID,
         },
         include: {
-            members: {
-                where: {
-                    role: {
-                        not: OrgRole.GUEST,
-                    }
-                }
-            },
+            members: true,
         }
     });
 
@@ -67,8 +60,8 @@ export const onCreateUser = async ({ user }: { user: AuthJsUser }) => {
         throw new Error("Default org not found on single tenant user creation");
     }
 
-    // First (non-guest) user to sign up bootstraps the org as its OWNER. This
-    // is how a fresh deployment gets its initial admin without manual setup.
+    // First user to sign up bootstraps the org as its OWNER. This is how a
+    // fresh deployment gets its initial admin without manual setup.
     const isFirstUser = defaultOrg.members.length === 0;
     if (isFirstUser) {
         await __unsafePrisma.$transaction(async (tx) => {
@@ -134,68 +127,6 @@ export const onCreateUser = async ({ user }: { user: AuthJsUser }) => {
 };
 
 
-export const createGuestUser = async (): Promise<ServiceError | boolean> => {
-    const hasAnonymousAccessEntitlement = await hasEntitlement("anonymous-access");
-    if (!hasAnonymousAccessEntitlement) {
-        console.error(`Anonymous access isn't supported in your current plan. For support, contact ${SOURCEBOT_SUPPORT_EMAIL}.`);
-        return {
-            statusCode: StatusCodes.FORBIDDEN,
-            errorCode: ErrorCode.INSUFFICIENT_PERMISSIONS,
-            message: "Public access is not supported in your current plan",
-        } satisfies ServiceError;
-    }
-
-    const org = await __unsafePrisma.org.findUnique({
-        where: { id: SINGLE_TENANT_ORG_ID },
-    });
-    if (!org) {
-        return {
-            statusCode: StatusCodes.NOT_FOUND,
-            errorCode: ErrorCode.NOT_FOUND,
-            message: "Organization not found",
-        } satisfies ServiceError;
-    }
-
-    const user = await __unsafePrisma.user.upsert({
-        where: {
-            id: SOURCEBOT_GUEST_USER_ID,
-        },
-        update: {},
-        create: {
-            id: SOURCEBOT_GUEST_USER_ID,
-            name: "Guest",
-            email: SOURCEBOT_GUEST_USER_EMAIL,
-        },
-    });
-
-    await __unsafePrisma.org.update({
-        where: {
-            id: org.id,
-        },
-        data: {
-            members: {
-                upsert: {
-                    where: {
-                        orgId_userId: {
-                            orgId: org.id,
-                            userId: user.id,
-                        },
-                    },
-                    update: {},
-                    create: {
-                        role: OrgRole.GUEST,
-                        user: {
-                            connect: { id: user.id },
-                        },
-                    },
-                },
-            },
-        },
-    });
-
-    return true;
-};
-
 /**
  * Checks to see if the given organization has seat availability.
  * Seat availability is determined by the `seats` parameter in
@@ -207,13 +138,7 @@ export const orgHasAvailability = async (orgId: number): Promise<boolean> => {
             id: orgId,
         },
         include: {
-            members: {
-                where: {
-                    role: {
-                        not: OrgRole.GUEST
-                    }
-                }
-            },
+            members: true,
         }
     });