Merge pull request #1935 from Real-Dev-Squad/develop

Dev to Main

Author: iamitprakash

config/default.js

@@ -64,6 +64,7 @@ module.exports = {
 
   userToken: {
     cookieName: `rds-session-${NODE_ENV}`,
+    cookieV2Name: `rds-session-v2-${NODE_ENV}`,
     ttl: 30 * 24 * 60 * 60, // in seconds
     refreshTtl: 180 * 24 * 60 * 60, // in seconds
     publicKey: "<publicKey>",

config/production.js

@@ -10,6 +10,7 @@ module.exports = {
   discordMissedUpdatesRoleId: "1183553844811153458",
   userToken: {
     cookieName: "rds-session",
+    cookieV2Name: "rds-session-v2",
   },
 
   services: {

constants/authorities.ts

@@ -0,0 +1,7 @@
+const AUTHORITIES = {
+  SUPERUSER: "super_user",
+  MEMBER: "member",
+  USER: "user",
+};
+
+module.exports = { AUTHORITIES };

controllers/auth.js

@@ -45,13 +45,18 @@ const githubAuthCallback = (req, res, next) => {
   const rdsUiUrl = new URL(config.get("services.rdsUi.baseUrl"));
   let authRedirectionUrl = rdsUiUrl;
   let devMode = false;
+  let isV2FlagPresent = false;
+
   if ("state" in req.query) {
     try {
       const redirectUrl = new URL(req.query.state);
       if (redirectUrl.searchParams.get("isMobileApp") === "true") {
         isMobileApp = true;
         redirectUrl.searchParams.delete("isMobileApp");
       }
+
+      if (redirectUrl.searchParams.get("v2") === "true") isV2FlagPresent = true;
+
       if (`.${redirectUrl.hostname}`.endsWith(`.${rdsUiUrl.hostname}`)) {
         // Matching *.realdevsquad.com
         authRedirectionUrl = redirectUrl;
@@ -78,18 +83,25 @@ const githubAuthCallback = (req, res, next) => {
         updated_at: Date.now(),
       };
 
-      const { userId, incompleteUserDetails } = await users.addOrUpdate(userData);
+      const { userId, incompleteUserDetails, role } = await users.addOrUpdate(userData);
 
       const token = authService.generateAuthToken({ userId });
 
-      // respond with a cookie
-      res.cookie(config.get("userToken.cookieName"), token, {
+      const cookieOptions = {
         domain: rdsUiUrl.hostname,
         expires: new Date(Date.now() + config.get("userToken.ttl") * 1000),
         httpOnly: true,
         secure: true,
         sameSite: "lax",
-      });
+      };
+      // respond with a cookie
+      res.cookie(config.get("userToken.cookieName"), token, cookieOptions);
+
+      /* redirectUrl woud be like https://realdevsquad.com?v2=true */
+      if (isV2FlagPresent) {
+        const tokenV2 = authService.generateAuthToken({ userId, role });
+        res.cookie(config.get("userToken.cookieV2Name"), tokenV2, cookieOptions);
+      }
 
       if (!devMode) {
         // TODO: Revisit incompleteUserDetails redirect condition
@@ -112,12 +124,15 @@ const githubAuthCallback = (req, res, next) => {
 const signout = (req, res) => {
   const cookieName = config.get("userToken.cookieName");
   const rdsUiUrl = new URL(config.get("services.rdsUi.baseUrl"));
-  res.clearCookie(cookieName, {
+  const cookieOptions = {
     domain: rdsUiUrl.hostname,
     httpOnly: true,
     secure: true,
     sameSite: "lax",
-  });
+  };
+  res.clearCookie(cookieName, cookieOptions);
+  const cookieV2Name = config.get("userToken.cookieV2Name");
+  res.clearCookie(cookieV2Name, cookieOptions);
   return res.json({
     message: "Signout successful",
   });

controllers/requests.ts

@@ -12,6 +12,7 @@ import {
 } from "../constants/requests";
 import { createRequest, getRequests, updateRequest } from "../models/requests";
 import { addLog } from "../models/logs";
+import { getPaginatedLink } from "../utils/helper";
 
 export const createRequestController = async (req: any, res: any) => {
   const requestBody = req.body;
@@ -113,9 +114,47 @@ export const getRequestsController = async (req: any, res: any) => {
     if (!requests) {
       return res.status(204).send();
     }
-    return res.status(200).send({
+
+    const { allRequests, next, prev, page } = requests;
+    if (allRequests.length === 0) {
+      return res.status(204).send();
+    }
+
+    if(page) {
+      const pageLink = `/requests?page=${page}&dev=${query.dev}`;
+      return res.status(200).json({
+        message: REQUEST_FETCHED_SUCCESSFULLY,
+        data: allRequests,
+        page: pageLink,
+      });
+    }
+
+    let nextUrl = null;
+    let prevUrl = null;
+    if (next) {
+      const nextLink = getPaginatedLink({
+        endpoint: "/requests",
+        query,
+        cursorKey: "next",
+        docId: next,
+      });
+      nextUrl = nextLink;
+    }
+    if (prev) {
+      const prevLink = getPaginatedLink({
+        endpoint: "/requests",
+        query,
+        cursorKey: "prev",
+        docId: prev,
+      });
+      prevUrl = prevLink;
+    }
+
+    return res.status(200).json({
       message: REQUEST_FETCHED_SUCCESSFULLY,
-      data: requests,
+      data: allRequests,
+      next: nextUrl,
+      prev: prevUrl,
     });
   } catch (err) {
     logger.error(ERROR_WHILE_FETCHING_REQUEST, err);

controllers/userStatus.js

@@ -74,15 +74,18 @@ const getAllUserStatus = async (req, res) => {
   try {
     const { allUserStatus } = await userStatusModel.getAllUserStatus(req.query);
     const activeUsers = [];
-    for (const status of allUserStatus) {
-      //  fetching users from users collection by userID in userStatus collection
-      const result = await dataAccess.retrieveUsers({ id: status.userId });
-      if (!result.user?.roles?.archived) {
-        status.full_name = `${result.user.first_name} ${result.user.last_name}`;
-        status.picture = result.user.picture;
-        status.username = result.user.username;
-        activeUsers.push(status);
-      }
+    if (allUserStatus) {
+      const allUsersStatusFetchPromises = allUserStatus.map(async (status) => {
+        //  fetching users from users collection with the help of userID in userStatus collection
+        const result = await dataAccess.retrieveUsers({ id: status.userId });
+        if (!result.user?.roles?.archived) {
+          status.full_name = `${result.user.first_name} ${result.user.last_name}`;
+          status.picture = result.user.picture;
+          status.username = result.user.username;
+          activeUsers.push(status);
+        }
+      });
+      await Promise.all(allUsersStatusFetchPromises);
     }
     return res.json({
       message: "All User Status found successfully.",

middlewares/validators/requests.ts

@@ -74,7 +74,17 @@ export const getRequestsMiddleware = async (req: OooRequestCreateRequest, res: O
       .string()
       .valid(REQUEST_STATE.APPROVED, REQUEST_STATE.PENDING, REQUEST_STATE.REJECTED)
       .optional(),
-    page: joi.number().integer().min(0),
+    page: joi.number().integer().min(0).when("next", {
+      is: joi.exist(),
+      then: joi.forbidden().messages({
+        "any.only": "next is not allowed when using page",
+      }),
+    }).when("prev", {
+      is: joi.exist(),
+      then: joi.forbidden().messages({
+        "any.only": "page is not allowed when using prev",
+      }),
+    }).optional(),
     next: joi
       .string()
       .optional(),

models/requests.ts

@@ -10,6 +10,8 @@ import {
   REQUEST_ALREADY_PENDING,
 } from "../constants/requests";
 import * as admin from "firebase-admin";
+import { getUserId } from "../utils/users";
+const SIZE = 5;
 
 export const createRequest = async (body: any) => {
   try {
@@ -76,41 +78,90 @@ export const updateRequest = async (id: string, body: any, lastModifiedBy: strin
   }
 };
 
-export const getRequests = async (query: RequestQuery) => {
-  const { id, type, requestedBy, state } = query;
+export const getRequests = async (query: any) => {
+  let { id, type, requestedBy, state, prev, next, page, size = SIZE } = query;
+  size = parseInt(size);
+  page = parseInt(page);
   try {
-    let requestQuery: admin.firestore.Query  = requestModel;
+    let requestQuery: any = requestModel;
+
     if (id) {
-      const requestsDoc = await requestModel.doc(id).get();
-      const request = requestsDoc.data();
-      if (!request) {
+      const requestDoc = await requestModel.doc(id).get();
+      if (!requestDoc.exists) {
         return null;
       }
       return {
-        id,
-        ...request,
+        allRequests: [
+          {
+            id: requestDoc.id,
+            ...requestDoc.data(),
+          },
+        ],
       };
     }
+
+    if (requestedBy) {
+      const requestedByUserId = await getUserId(requestedBy);
+      requestQuery = requestQuery.where("requestedBy", "==", requestedByUserId);
+    }
     if (type) {
       requestQuery = requestQuery.where("type", "==", type);
     }
-    if (requestedBy) {
-      requestQuery = requestQuery.where("requestedBy", "==", requestedBy);
-    }
     if (state) {
       requestQuery = requestQuery.where("state", "==", state);
     }
 
-    const requestsDoc = await requestQuery.get();
-    if (requestsDoc.empty) {
+    requestQuery = requestQuery.orderBy("createdAt", "desc");
+
+    let requestQueryDoc = requestQuery;
+
+    if (prev) {
+      requestQueryDoc = requestQueryDoc.limitToLast(size);
+    } else {
+      requestQueryDoc = requestQueryDoc.limit(size);
+    }
+
+    if (page) {
+      const startAfter = (page - 1) * size;
+      requestQueryDoc = requestQueryDoc.offset(startAfter);
+    } else if (next) {
+      const doc = await requestModel.doc(next).get();
+      requestQueryDoc = requestQueryDoc.startAt(doc);
+    } else if (prev) {
+      const doc = await requestModel.doc(prev).get();
+      requestQueryDoc = requestQueryDoc.endAt(doc);
+    }
+
+    const snapshot = await requestQueryDoc.get();
+    let nextDoc: any, prevDoc: any;
+
+    if (!snapshot.empty) {
+      const first = snapshot.docs[0];
+      prevDoc = await requestQuery.endBefore(first).limitToLast(1).get();
+
+      const last = snapshot.docs[snapshot.docs.length - 1];
+      nextDoc = await requestQuery.startAfter(last).limit(1).get();
+    }
+
+    let allRequests = [];
+    if (!snapshot.empty) {
+      snapshot.forEach((doc: any) => {
+        allRequests.push({
+          id: doc.id,
+          ...doc.data(),
+        });
+      });
+    }
+    if (allRequests.length === 0) {
       return null;
     }
-    return requestsDoc.docs.map((doc: any) => {
-      return {
-        id: doc.id,
-        ...doc.data(),
-      };
-    });
+
+    return {
+      allRequests,
+      prev: prevDoc.empty ? null : prevDoc.docs[0].id,
+      next: nextDoc.empty ? null : nextDoc.docs[0].id,
+      page: page ? page + 1 : null,
+    };
   } catch (error) {
     logger.error(ERROR_WHILE_FETCHING_REQUEST, error);
     throw error;

models/users.js

@@ -22,6 +22,7 @@ const photoVerificationModel = firestore.collection("photo-verification");
 const { ITEM_TAG, USER_STATE } = ALLOWED_FILTER_PARAMS;
 const admin = require("firebase-admin");
 const { INTERNAL_SERVER_ERROR } = require("../constants/errorMessages");
+const { AUTHORITIES } = require("../constants/authorities");
 
 /**
  * Adds or updates the user data
@@ -59,13 +60,15 @@ const addOrUpdate = async (userData, userId = null) => {
     if (!user || (user && user.empty)) {
       user = await userModel.where("github_id", "==", userData.github_id).limit(1).get();
     }
-    if (user && !user.empty) {
+    if (user && !user.empty && user.docs !== null) {
       await userModel.doc(user.docs[0].id).set(userData, { merge: true });
+      const data = user.docs[0].data();
       return {
         isNewUser: false,
         userId: user.docs[0].id,
         incompleteUserDetails: user.docs[0].data().incompleteUserDetails,
         updated_at: Date.now(),
+        role: Object.values(AUTHORITIES).find((role) => data.roles[role]) || AUTHORITIES.USER,
       };
     }
 
@@ -78,7 +81,13 @@ const addOrUpdate = async (userData, userId = null) => {
     userData.roles = { archived: false, in_discord: false };
     userData.incompleteUserDetails = true;
     const userInfo = await userModel.add(userData);
-    return { isNewUser: true, userId: userInfo.id, incompleteUserDetails: true, updated_at: Date.now() };
+    return {
+      isNewUser: true,
+      role: AUTHORITIES.USER,
+      userId: userInfo.id,
+      incompleteUserDetails: true,
+      updated_at: Date.now(),
+    };
   } catch (err) {
     logger.error("Error in adding or updating user", err);
     throw err;

test/integration/auth.test.js

@@ -227,4 +227,30 @@ describe("auth", function () {
         return done();
       });
   });
+
+  it("should send rds-session-v2 in res cookie", async function () {
+    const rdsUiUrl = new URL(config.get("services.rdsUi.baseUrl"));
+
+    sinon.stub(passport, "authenticate").callsFake((strategy, options, callback) => {
+      callback(null, "accessToken", githubUserInfo[0]);
+      return (req, res, next) => {};
+    });
+
+    const res = await chai
+      .request(app)
+      .get("/auth/github/callback")
+      .query({ code: "codeReturnedByGithub", state: rdsUiUrl.href + "?v2=true" })
+      .redirects(0);
+
+    expect(res).to.have.status(302);
+    // rds-session-v2=token; Domain=realdevsquad.com; Path=/; Expires=Tue, 06 Oct 2020 11:23:07 GMT; HttpOnly; Secure
+    expect(res.headers["set-cookie"]).to.have.length(2); /* res has 2 cookies rds-session & rds-session-v2 */
+    expect(res.headers["set-cookie"][1])
+      .to.be.a("string")
+      .and.satisfy((msg) => msg.startsWith(config.get("userToken.cookieV2Name")));
+    expect(res.headers["set-cookie"][1]).to.include("HttpOnly");
+    expect(res.headers["set-cookie"][1]).to.include("Secure");
+    expect(res.headers["set-cookie"][1]).to.include(`Domain=${rdsUiUrl.hostname}`);
+    expect(res.headers["set-cookie"][1]).to.include("SameSite=Lax");
+  });
 });