Added User management functionality #503
Conversation
added user management
updated db to work with the new user management functionality
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
1 issue found across 4 files
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="src/pages/user.tsx">
<violation number="1" location="src/pages/user.tsx:188">
P1: First-user/admin gating relies on a stale in-memory flag (FIRST_RUN) so multiple instances can all allow registration and create admins even when registration is disabled.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
src/db/db.ts
Outdated
|
|
||
| /** | ||
| * Ensure `role` column exists on users table. | ||
| * This works for both fresh installs and existing DBs, without touching user_version. |
There was a problem hiding this comment.
Why not touch user_version I think it was made for things like this?
src/pages/user.tsx
Outdated
| try { | ||
| db.exec("ROLLBACK"); | ||
| } catch { | ||
| // ignore rollback errors |
There was a problem hiding this comment.
Please at least comment on the reason why you are closing this without addressing it
|
Thanks for separating this! Looks good! There is some weird comments that sounds very AI, maybe look over them. I am also thinking about if you already have a first user, maybe it should be promoted to admin as part of the db migration? Though this is a little bit scary but deleting the db and starting from scratch is also some work. What do you think? |
Removed unnecessary comment about ensuring 'role' column in users table.
HI, exactly like this is working, an existing first user will be promoted to admin during the migration. |
Could you send a link to the code lines I can't find it |
you can find the files here https://github.com/Kosztyk/ConvertX/tree/adduser |
There was a problem hiding this comment.
1 issue found across 2 files (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="src/pages/user.tsx">
<violation number="1" location="src/pages/user.tsx:965">
P1: Last-admin protection is not atomic; concurrent demotions can leave zero admins.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
There was a problem hiding this comment.
1 issue found across 1 file (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="src/pages/user.tsx">
<violation number="1" location="src/pages/user.tsx:967">
P1: Transaction left open across await: BEGIN IMMEDIATE holds the shared SQLite connection while awaiting password hash, risking lock contention and cross-request interleaving.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
|
@C4illin I tried to fix all reported issues, hopefully now all the checks will pass and is safe to marge them. |
Could you link me the specific file and linenumber like this: https://github.com/C4illin/ConvertX/pull/503/changes#diff-edc834adbf0274511449786b6f3cf185c31f47eeccbe158e8377f772d7614c61R44-R47 |
|
HI,
This was addressed
try {
db.exec("ROLLBACK");
} catch (rollbackErr) {
console.warn("[user/edit-user] ROLLBACK failed:", rollbackErr);
}
throw e;
}
Line 955 user.tsx
From: Emrik Östling ***@***.***>
Date: Tuesday, 13 January 2026 at 21:29
To: C4illin/ConvertX ***@***.***>
Cc: Kosztyk ***@***.***>, Author ***@***.***>
Subject: Re: [C4illin/ConvertX] Added User management functionality (PR #503)
@C4illin commented on this pull request.
________________________________
In src/pages/user.tsx<#503 (comment)>:
@@ -232,13 +263,23 @@ export const user = new Elysia()
});
return redirect(`${WEBROOT}/`, 302);
- },
- { body: "signIn" },
- )
+ } catch (e) {
+ try {
+ db.exec("ROLLBACK");
+ } catch {
+ // ignore rollback errors
Please at least comment on the reason why you are closing this without addressing it
—
Reply to this email directly, view it on GitHub<#503 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AIVSICMFRRPTJS2DA6MQLNT4GVBSJAVCNFSM6AAAAACRMYPRY2VHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZTMNJXGUZTMMBWGM>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
|
HI,
This was addressed in
const userColumns = db.query("PRAGMA table_info(users)").all() as { name: string }[];
const hasRoleColumn = userColumns.some((col) => col.name === "role");
if (!hasRoleColumn) {
db.exec("ALTER TABLE users ADD COLUMN role TEXT NOT NULL DEFAULT 'user';");
const oldest = db
.query("SELECT id FROM users ORDER BY id ASC LIMIT 1")
.get() as { id: number } | null;
if (oldest) {
db.query("UPDATE users SET role = 'admin' WHERE id = ?").run(oldest.id);
console.log("Added 'role' column; promoted oldest existing user to admin (Policy A).");
} else {
console.log("Added 'role' column to users table (no users to promote).");
}
}
From: Emrik Östling ***@***.***>
Date: Tuesday, 13 January 2026 at 21:26
To: C4illin/ConvertX ***@***.***>
Cc: Kosztyk ***@***.***>, Author ***@***.***>
Subject: Re: [C4illin/ConvertX] Added User management functionality (PR #503)
[Image removed by sender.]C4illin left a comment (C4illin/ConvertX#503)<#503 (comment)>
Thanks for separating this! Looks good! There is some weird comments that sounds very AI, maybe look over them.
I am also thinking about if you already have a first user, maybe it should be promoted to admin as part of the db migration? Though this is a little bit scary but deleting the db and starting from scratch is also some work. What do you think?
HI, exactly like this is working, an existing first user will be promoted to admin during the migration.
Could you send a link to the code lines I can't find it
you can find the files here ***@***.***<https://github.com/Kosztyk/ConvertX/tree/adduser?rgh-link-date=2026-01-12T20%3A08%3A02Z>
Could you link me the specific file and linenumber like this: https://github.com/C4illin/ConvertX/pull/503/files#diff-edc834adbf0274511449786b6f3cf185c31f47eeccbe158e8377f772d7614c61R42-R47
—
Reply to this email directly, view it on GitHub<#503 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AIVSICLIRTAVEI2K5O7DOK34GVBEXAVCNFSM6AAAAACRMYPRY2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTONBWGA3DMOJQGA>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
There was a problem hiding this comment.
2 issues found across 2 files (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="src/db/db.ts">
<violation number="1" location="src/db/db.ts:47">
P1: Migration for v0 DBs no longer adds `file_names.status`, leaving existing v0 databases without the required column and causing SQL errors when status is inserted/queried.</violation>
</file>
<file name="src/pages/user.tsx">
<violation number="1">
P1: FIRST_RUN is now a stale module-level flag and is set false before successful user creation, so failures leave setup/login bricked when no user exists.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
There was a problem hiding this comment.
5 issues found across 2 files (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="src/pages/user.tsx">
<violation number="1" location="src/pages/user.tsx:931">
P1: Last-admin demotion check is no longer atomic; concurrent demotions can remove all admins</violation>
</file>
<file name="src/db/db.ts">
<violation number="1">
P2: Schema/migration drift: file_names.status defaults differ between fresh create ('not started', nullable) and migration ('queued', NOT NULL), yielding inconsistent data across installs.</violation>
<violation number="2">
P1: `users.email` uniqueness dropped for new DBs; duplicates now allowed at DB layer</violation>
<violation number="3">
P1: Foreign key enforcement and cascade deletes removed: constraints are no longer enabled and ON DELETE CASCADE is missing, allowing orphaned rows.</violation>
<violation number="4" location="src/db/db.ts:50">
P1: Role migration no longer seeds an admin; upgraded deployments will have zero admins and no way to manage users.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Removed comments related to initial schema bootstrap and version marker for clarity. Simplified the database initialization logic.
2 participants
add user;
delete
update user
First user created after application installation will be administrator by default, the rest of the users can be admin users or normal users.
Summary by cubic
Adds role-based user management. First user becomes admin; admins can add, edit, and delete users from the Account page.
New Features
Migration
Written for commit ca61491. Summary will update on new commits.