feat: add API to create impersonation request (#2439)

Suvidh-kaushik · Achintya-Chatterjee · web-flow · commit 30cdfd611008 · 2025-06-22T01:30:41.000+05:30
* added model,route, controller and service for creation

* optimized create query handling

* removed rate-limiter imports

* fixed types in controllers and services

* fixed query used for creating the request

* fixed: small query updates and updated dev flag

* fixed status type and 403 forbidden error

---------

Co-authored-by: Achintya Chatterjee &lt;55826451+Achintya-Chatterjee@users.noreply.github.com&gt;
diff --git a/controllers/impersonationRequests.ts b/controllers/impersonationRequests.ts
@@ -0,0 +1,50 @@
+import {
+  ERROR_WHILE_CREATING_REQUEST,
+  FEATURE_NOT_IMPLEMENTED,
+  REQUEST_CREATED_SUCCESSFULLY
+} from "../constants/requests";
+import { createImpersonationRequestService } from "../services/impersonationRequests";
+import {
+  CreateImpersonationRequest,
+  CreateImpersonationRequestBody,
+  ImpersonationRequestResponse
+} from "../types/impersonationRequest";
+import { NextFunction } from "express";
+const logger = require("../utils/logger");
+
+/**
+ * Controller to handle creation of an impersonation request.
+ *
+ * @param {CreateImpersonationRequest} req - Express request object with user and body data.
+ * @param {ImpersonationRequestResponse} res - Express response object.
+ * @param {NextFunction} next - Express next middleware function.
+ * @returns {Promise<ImpersonationRequestResponse | void>}
+ */
+export const createImpersonationRequestController = async (
+  req: CreateImpersonationRequest,
+  res: ImpersonationRequestResponse,
+  next: NextFunction
+): Promise<ImpersonationRequestResponse | void> => {
+  try {
+    const { impersonatedUserId, reason } = req.body as CreateImpersonationRequestBody;
+    const userId = req.userData?.id;
+    const createdBy = req.userData?.username;
+
+    const impersonationRequest = await createImpersonationRequestService({
+      userId,
+      createdBy,
+      impersonatedUserId,
+      reason
+    });
+
+    return res.status(201).json({
+      message: REQUEST_CREATED_SUCCESSFULLY,
+      data: {
+        ...impersonationRequest
+      }
+    });
+  } catch (error) {
+    logger.error(ERROR_WHILE_CREATING_REQUEST, error);
+    next(error);
+  }
+};
diff --git a/middlewares/validators/impersonationRequests.ts b/middlewares/validators/impersonationRequests.ts
@@ -0,0 +1,37 @@
+import joi from "joi";
+import { NextFunction } from "express";
+import { CreateImpersonationRequest, ImpersonationRequestResponse } from "../../types/impersonationRequest";
+const logger = require("../../utils/logger");
+
+/**
+ * Validates the create Impersonation Request payload
+ * @param {CreateImpersonationRequest} req - request object.
+ * @param {ImpersonationRequestResponse} res - response object.
+ * @param {NextFunction} next - next middleware function.
+ * @returns {Promise<void>} Resolves or sends errors.
+ */
+export const createImpersonationRequestValidator = async (
+  req: CreateImpersonationRequest,
+  res: ImpersonationRequestResponse,
+  next: NextFunction
+): Promise<void> => {
+  const schema = joi.object().strict().keys({
+    impersonatedUserId: joi.string().required().messages({
+      "string.empty": "impersonatedUserId cannot be empty",
+      "any.required": "impersonatedUserId is required"
+    }),
+    reason: joi.string().required().messages({
+      "string.empty": "reason cannot be empty",
+      "any.required": "reason is required"
+    })
+  });
+
+  try {
+    await schema.validateAsync(req.body, { abortEarly: false });
+    next();
+  } catch ( error ) {
+    const errorMessages = error.details.map((detail:{message: string}) => detail.message);
+    logger.error(`Error while validating request payload : ${errorMessages}`);
+    return res.boom.badRequest(errorMessages);
+  }
+};
diff --git a/models/impersonationRequests.ts b/models/impersonationRequests.ts
@@ -0,0 +1,58 @@
+import firestore from "../utils/firestore";
+import {
+  ERROR_WHILE_CREATING_REQUEST,
+  IMPERSONATION_NOT_COMPLETED,
+  REQUEST_ALREADY_PENDING,
+  REQUEST_STATE
+} from "../constants/requests";
+import { Timestamp } from "firebase-admin/firestore";
+import { CreateImpersonationRequestModelDto, ImpersonationRequest } from "../types/impersonationRequest";
+import { Forbidden } from "http-errors";
+const logger = require("../utils/logger");
+
+const impersonationRequestModel = firestore.collection("impersonationRequests");
+
+/**
+ * Creates a new impersonation request in Firestore.
+ *
+ * Checks for existing requests with the same impersonatedUserId and userId that are either
+ * APPROVED or PENDING and not finished. Throws a Forbidden error if such a request exists.
+ *
+ * @param {CreateImpersonationRequestModelDto} body - The data for the new impersonation request.
+ * @returns {Promise<ImpersonationRequest>} The created impersonation request object.
+ * @throws {Forbidden} If a similar request is already pending or not completed.
+ * @throws {Error} Logs and rethrows any error encountered during creation.
+ */
+export const createImpersonationRequest = async (
+  body: CreateImpersonationRequestModelDto
+): Promise<ImpersonationRequest> => {
+  try {
+    const reqQuery = impersonationRequestModel
+      .where("impersonatedUserId", "==", body.impersonatedUserId)
+      .where("userId", "==", body.userId)
+      .where("status", "in", ["APPROVED", "PENDING"])
+      .where("isImpersonationFinished", "==", false).orderBy("createdAt", "desc").limit(1);
+
+    const snapshot = await reqQuery.get();
+
+    if (!snapshot.empty) {
+      throw new Forbidden("You are not allowed for this Operation at the moment");
+    }
+
+    const requestBody = {
+      createdAt: Timestamp.now(),
+      updatedAt: Timestamp.now(),
+      ...body,
+    } as ImpersonationRequest;
+
+    const result = await impersonationRequestModel.add(requestBody);
+
+    return {
+      id: result.id,
+      ...requestBody,
+    };
+  } catch (error) {
+    logger.error(ERROR_WHILE_CREATING_REQUEST, { error, requestData: body });
+    throw error;
+  }
+};
diff --git a/routes/impersonation.ts b/routes/impersonation.ts
@@ -0,0 +1,17 @@
+import express from "express";
+import { createImpersonationRequestValidator } from "../middlewares/validators/impersonationRequests";
+const router = express.Router();
+const authorizeRoles = require("../middlewares/authorizeRoles");
+const { SUPERUSER } = require("../constants/roles");
+import authenticate from "../middlewares/authenticate";
+import { createImpersonationRequestController } from "../controllers/impersonationRequests";
+
+router.post(
+  "/requests",
+  authenticate,
+  authorizeRoles([SUPERUSER]),
+  createImpersonationRequestValidator,
+  createImpersonationRequestController
+);
+
+module.exports = router;
diff --git a/routes/index.ts b/routes/index.ts
@@ -41,5 +41,6 @@ app.use("/v1/notifications", require("./notify"));
 app.use("/goals", require("./goals"));
 app.use("/invites", require("./invites"));
 app.use("/requests", require("./requests"));
+app.use("/impersonation", devFlagMiddleware, require("./impersonation"));
 app.use("/subscription", devFlagMiddleware, require("./subscription"));
 module.exports = app;
diff --git a/services/impersonationRequests.ts b/services/impersonationRequests.ts
@@ -0,0 +1,72 @@
+import {
+  ERROR_WHILE_CREATING_REQUEST,
+  LOG_ACTION,
+  REQUEST_LOG_TYPE,
+  REQUEST_STATE,
+  TASK_REQUEST_MESSAGES
+} from "../constants/requests";
+import { createImpersonationRequest } from "../models/impersonationRequests";
+import { fetchUser } from "../models/users";
+import { addLog } from "./logService";
+import { User } from "../typeDefinitions/users";
+import { NotFound } from "http-errors";
+import { CreateImpersonationRequestServiceBody, ImpersonationRequest } from "../types/impersonationRequest";
+const logger = require("../utils/logger");
+
+/**
+ * Service to create a new impersonation request.
+ *
+ * Checks if the impersonated user exists, creates the request, and logs the action.
+ *
+ * @param {CreateImpersonationRequestServiceBody} body - The request body containing impersonation details.
+ * @returns {Promise<ImpersonationRequest>} The created impersonation request object.
+ * @throws {NotFound} If the impersonated user does not exist.
+ * @throws {Error} If there is an error during request creation.
+ */
+export const createImpersonationRequestService = async (
+  body: CreateImpersonationRequestServiceBody
+) : Promise<ImpersonationRequest> => {
+  try {
+    const { userExists, user: impersonatedUser } = await fetchUser({ userId: body.impersonatedUserId });
+    if (!userExists) {
+      throw new NotFound(TASK_REQUEST_MESSAGES.USER_NOT_FOUND);
+    }
+
+    const { username: createdFor } = impersonatedUser as User;
+
+    const impersonationRequest = await createImpersonationRequest({
+      status: REQUEST_STATE.PENDING,
+      userId: body.userId,
+      impersonatedUserId: body.impersonatedUserId,
+      isImpersonationFinished: false,
+      createdBy: body.createdBy,
+      createdFor: createdFor,
+      reason: body.reason,
+    });
+
+    const impersonationRequestLog = {
+      type: REQUEST_LOG_TYPE.REQUEST_CREATED,
+      meta: {
+        requestId: impersonationRequest.id,
+        action: LOG_ACTION.CREATE,
+        userId: body.userId,
+        createdAt: Date.now(),
+      },
+      body: {
+        ...impersonationRequest,
+        isImpersonationFinished: String(impersonationRequest.isImpersonationFinished),
+      },
+    };
+
+    await addLog(
+      impersonationRequestLog.type,
+      impersonationRequestLog.meta,
+      impersonationRequestLog.body
+    );
+
+    return impersonationRequest;
+  } catch (error) {
+    logger.error(ERROR_WHILE_CREATING_REQUEST, error);
+    throw error;
+  }
+};
diff --git a/types/impersonationRequest.d.ts b/types/impersonationRequest.d.ts
@@ -26,7 +26,7 @@ export type CreateImpersonationRequestBody = {
    reason: string;
 };
 
-export type CreateImpersonationRequestModelBody = {
+export type CreateImpersonationRequestModelDto = {
     status: REQUEST_STATE;
     isImpersonationFinished: boolean;
     createdBy: string;
@@ -49,6 +49,14 @@ export type UpdateImpersonationRequestStatusBody = {
 
 export type ImpersonationRequestQuery = RequestQuery & {
     dev?: string;
+    createdBy?: string;
+    createdFor?: string;
+    status?: keyof typeof REQUEST_STATE;
+    id?: string;
+    prev?: string;
+    next?: string;
+    page?: number;
+    size?: number;
 };
 
 export type ImpersonationRequestResponse = Response & {
@@ -78,4 +86,11 @@ export type PaginatedImpersonationRequests = {
     prev: string;
     page: number;
     count: number;
+}
+
+export type CreateImpersonationRequestServiceBody={
+   userId: string;
+   createdBy: string;
+   impersonatedUserId: string;
+   reason: string;
 }
