prune old guest user to remove need to wipe data on upgrade

Author: msukkari

docs/self-hosting/upgrade/v3-to-v4-guide.mdx

@@ -11,17 +11,10 @@ Please note that the following features are no longer supported in v4:
 - Unauthorized access to a Sourcebot deployment. Authentication is now required, and unauthorized access requires an unlimited seat [enterprise license](/self-hosting/license-key) 
 </Warning>
 
-<Warning>
-If your Sourcebot deployment doesn't have authentication enabled, or uses multi-tenancy mode, you'll need to reindex all your repos
-</Warning>
-
 ### If your deployment doesn't have authentication enabled
 <Steps>
     <Step title="Spin down deployment">
     </Step>
-    <Step title="Reset Sourcebot data">
-        Delete your Sourcebot cache (`.sourcebot`) directory. If you're using Sourcebot with an external postgres instance, reset the database in your instance used by Sourcebot.
-    </Step>
     <Step title="Set AUTH_URL environment variable if needed">
         If your Sourcebot instance is deployed behind a domain (ex. `https://sourcebot.yourcompany.com`) you **must** set the `AUTH_URL` environment variable to your deployment domain.
     </Step>
@@ -58,7 +51,7 @@ navigating to **Settings -> Members**. Emails can be sent on organization join r
 
 ### If your deployment uses multi-tenancy mode
 
-Unfortunately, multi-tenancy mode is no longer officially supported in v4. To upgrade to v4, you'll need to unset the `SOURCEBOT_TENANCY_MODE` environment variable. You can then follow the [instructions above](/self-hosting/upgrade/v3-to-v4-guide#if-your-deployment-doesnt-have-authentication-enabled-i-e-sourcebot-auth-enabled)
+Unfortunately, multi-tenancy mode is no longer officially supported in v4. To upgrade to v4, you'll need to unset the `SOURCEBOT_TENANCY_MODE` environment variable and wipe your Sourcebot cache. You can then follow the [instructions above](/self-hosting/upgrade/v3-to-v4-guide#if-your-deployment-doesnt-have-authentication-enabled-i-e-sourcebot-auth-enabled)
 to finish upgrading to v4 in single-tenant mode.
 
 ## Troubleshooting

packages/web/src/auth.ts

@@ -156,8 +156,18 @@ const onCreateUser = async ({ user }: { user: AuthJsUser }) => {
             throw new Error("Default org not found on single tenant user creation");
         }
 
+        // We can't use the getOrgMembers action here because we're not authed yet
+        const members = await prisma.userToOrg.findMany({
+            where: {
+                orgId: SINGLE_TENANT_ORG_ID,
+                role: {
+                    not: OrgRole.GUEST,
+                }
+            },
+        });
+
         // Only the first user to sign up will be an owner of the default org.
-        const isFirstUser = defaultOrg.members.length === 0;
+        const isFirstUser = members.length === 0;
         if (isFirstUser) {
             await prisma.$transaction(async (tx) => {
                 await tx.org.update({

packages/web/src/initialize.ts

@@ -1,7 +1,7 @@
-import { ConnectionSyncStatus, Prisma, RepoIndexingStatus } from '@sourcebot/db';
+import { ConnectionSyncStatus, OrgRole, Prisma, RepoIndexingStatus } from '@sourcebot/db';
 import { env } from './env.mjs';
 import { prisma } from "@/prisma";
-import { SINGLE_TENANT_ORG_ID, SINGLE_TENANT_ORG_DOMAIN, SINGLE_TENANT_ORG_NAME } from './lib/constants';
+import { SINGLE_TENANT_ORG_ID, SINGLE_TENANT_ORG_DOMAIN, SINGLE_TENANT_ORG_NAME, SOURCEBOT_GUEST_USER_ID } from './lib/constants';
 import { readFile } from 'fs/promises';
 import { watch } from 'fs';
 import stripJsonComments from 'strip-json-comments';
@@ -158,6 +158,31 @@ const syncDeclarativeConfig = async (configPath: string) => {
     await syncSearchContexts(config.contexts);
 }
 
+const pruneOldGuestUser = async () => {
+    // The old guest user doesn't have the GUEST role
+    const guestUser = await prisma.userToOrg.findUnique({
+        where: {
+            orgId_userId: {
+                orgId: SINGLE_TENANT_ORG_ID,
+                userId: SOURCEBOT_GUEST_USER_ID,
+            },
+            role: {
+                not: OrgRole.GUEST,
+            }
+        },
+    });
+
+    if (guestUser) {
+        await prisma.user.delete({
+            where: {
+                id: guestUser.userId,
+            },
+        });
+
+        console.log(`Deleted old guest user ${guestUser.userId}`);
+    }
+}
+
 const initSingleTenancy = async () => {
     await prisma.org.upsert({
         where: {
@@ -171,6 +196,10 @@ const initSingleTenancy = async () => {
         }
     });
 
+    // This is needed because v4 introduces the GUEST org role as well as making authentication required. 
+    // To keep things simple, we'll just delete the old guest user if it exists in the DB
+    await pruneOldGuestUser();
+
     const hasPublicAccessEntitlement = hasEntitlement("public-access");
     if (hasPublicAccessEntitlement) {
         const res = await createGuestUser(SINGLE_TENANT_ORG_DOMAIN);

packages/web/src/lib/constants.ts

@@ -24,6 +24,8 @@ export const TEAM_FEATURES = [
 
 export const MOBILE_UNSUPPORTED_SPLASH_SCREEN_DISMISSED_COOKIE_NAME = 'sb.mobile-unsupported-splash-screen-dismissed';
 
+// NOTE: changing SOURCEBOT_GUEST_USER_ID may break backwards compatibility since this value is used
+// to detect old guest users in the DB. If you change this value ensure it doesn't break upgrade flows
 export const SOURCEBOT_GUEST_USER_ID = '1';
 export const SOURCEBOT_GUEST_USER_EMAIL = 'guest@sourcebot.dev';
 export const SINGLE_TENANT_ORG_ID = 1;