datasquirel/package-shared/functions/web-app/mariadb-user/revoke-all-existing-grants.ts

import { UserType } from "../../../types";
import { DSQL_DATASQUIREL_MARIADB_USERS } from "../../../types/dsql";
import grabDbNames from "../../../utils/grab-db-names";
import normalizeText from "../../../utils/normalize-text";
import dbHandler from "../../backend/dbHandler";
import decrypt from "../../dsql/decrypt";
import { createNewSQLUser } from "./handle-mariadb-user-creation";

type Params = {
    user: UserType;
    updatedRecord: DSQL_DATASQUIREL_MARIADB_USERS;
};

type Return = {
    msg?: string;
    success?: boolean;
};

export default async function revokeAllExistingGrants({
    user,
    updatedRecord,
}: Params): Promise<Return> {
    const { userDbPrefix } = grabDbNames({ user });
    const parsedPassword = decrypt({
        encryptedString: updatedRecord?.password || "",
    });

    const revokeAllPrivileges = await dbHandler({
        query: normalizeText(`
            REVOKE ALL PRIVILEGES ON *.* FROM '${updatedRecord.username}'@'${updatedRecord.host}'
        `),
    });

    if (!revokeAllPrivileges) {
        await createNewSQLUser({
            host: updatedRecord.host,
            password: parsedPassword,
            username: updatedRecord.username,
        });
    }

    const revokeGrantOption = await dbHandler({
        query: normalizeText(`
            REVOKE GRANT OPTION ON *.* FROM '${updatedRecord.username}'@'${updatedRecord.host}'
        `),
    });

    const userGrants = (await dbHandler({
        query: `SHOW GRANTS FOR '${updatedRecord.username}'@'${updatedRecord.host}'`,
    })) as any[];

    for (let i = 0; i < userGrants.length; i++) {
        const grantObject = userGrants[i];
        const grant = grantObject?.[Object.keys(grantObject)[0]];

        if (!grant?.match(/GRANT USAGE .* IDENTIFIED BY PASSWORD/)) {
            const revokeGrantText = grant
                .replace(/GRANT/, "REVOKE")
                .replace(/ TO /, " FROM ");

            const revokePrivilege = await dbHandler({ query: revokeGrantText });
        }
    }

    const flushPrivileges = await dbHandler({
        query: `FLUSH PRIVILEGES`,
    });

    return { success: true };
}