Merge pull request #2312 from Real-Dev-Squad/develop

Dev to Main Sync

Author: iamitprakash

config/custom-environment-variables.js

@@ -37,6 +37,11 @@ module.exports = {
     clientSecret: "GITHUB_CLIENT_SECRET",
   },
 
+  googleOauth: {
+    clientId: "GOOGLE_CLIENT_ID",
+    clientSecret: "GOOGLE_CLIENT_SECRET",
+  },
+
   githubAccessToken: "GITHUB_PERSONAL_ACCESS_TOKEN",
 
   firestore: "FIRESTORE_CONFIG",

config/default.js

@@ -32,6 +32,11 @@ module.exports = {
     clientSecret: "<clientSecret>",
   },
 
+  googleOauth: {
+    clientId: "<clientId>",
+    clientSecret: "<clientSecret>",
+  },
+
   emailServiceConfig: {
     email: "<RDS_EMAIL>",
     password: "<EMAIL PASSWORD GENERATED AFTER 2FA>",

controllers/auth.js

@@ -9,6 +9,120 @@ const {
   USER_DOES_NOT_EXIST_ERROR,
 } = require("../constants/errorMessages");
 
+const googleAuthLogin = (req, res, next) => {
+  const { redirectURL } = req.query;
+  return passport.authenticate("google", {
+    scope: ["email"],
+    state: redirectURL,
+  })(req, res, next);
+};
+
+function handleRedirectUrl(req) {
+  const rdsUiUrl = new URL(config.get("services.rdsUi.baseUrl"));
+  let authRedirectionUrl = rdsUiUrl;
+  let isMobileApp = false;
+  let isV2FlagPresent = false;
+  let devMode = false;
+
+  if ("state" in req.query) {
+    try {
+      const redirectUrl = new URL(req.query.state);
+      if (redirectUrl.searchParams.get("isMobileApp") === "true") {
+        isMobileApp = true;
+        redirectUrl.searchParams.delete("isMobileApp");
+      }
+
+      if (`.${redirectUrl.hostname}`.endsWith(`.${rdsUiUrl.hostname}`)) {
+        // Matching *.realdevsquad.com
+        authRedirectionUrl = redirectUrl;
+        devMode = Boolean(redirectUrl.searchParams.get("dev"));
+      } else {
+        logger.error(`Malicious redirect URL provided URL: ${redirectUrl}, Will redirect to RDS`);
+      }
+      if (redirectUrl.searchParams.get("v2") === "true") {
+        isV2FlagPresent = true;
+      }
+    } catch (error) {
+      logger.error("Invalid redirect URL provided", error);
+    }
+  }
+  return {
+    authRedirectionUrl,
+    isMobileApp,
+    isV2FlagPresent,
+    devMode,
+  };
+}
+
+const getAuthCookieOptions = () => {
+  const rdsUiUrl = new URL(config.get("services.rdsUi.baseUrl"));
+  return {
+    domain: rdsUiUrl.hostname,
+    expires: new Date(Date.now() + config.get("userToken.ttl") * 1000),
+    httpOnly: true,
+    secure: true,
+    sameSite: "lax",
+  };
+};
+
+async function handleGoogleLogin(req, res, user, authRedirectionUrl) {
+  try {
+    if (!user.emails || user.emails.length === 0) {
+      logger.error("Google login failed: No emails found in user data");
+      return res.boom.unauthorized("No email found in Google account");
+    }
+    const primaryEmail = user.emails.find((email) => email.verified === true);
+    if (!primaryEmail) {
+      logger.error("Google login failed: No verified email found");
+      return res.boom.unauthorized("No verified email found in Google account");
+    }
+
+    const userData = {
+      email: primaryEmail.value,
+      created_at: Date.now(),
+      updated_at: null,
+    };
+
+    const userDataFromDB = await users.fetchUser({ email: userData.email });
+
+    if (userDataFromDB.userExists) {
+      if (userDataFromDB.user.roles?.developer) {
+        const errorMessage = encodeURIComponent("Google login is restricted for developer role.");
+        const separator = authRedirectionUrl.search ? "&" : "?";
+        return res.redirect(`${authRedirectionUrl}${separator}error=${errorMessage}`);
+      }
+    }
+
+    const { userId, incompleteUserDetails } = await users.addOrUpdate(userData);
+
+    const token = authService.generateAuthToken({ userId });
+
+    const cookieOptions = getAuthCookieOptions();
+
+    res.cookie(config.get("userToken.cookieName"), token, cookieOptions);
+
+    if (incompleteUserDetails) {
+      authRedirectionUrl = "https://my.realdevsquad.com/new-signup";
+    }
+
+    return res.redirect(authRedirectionUrl);
+  } catch (err) {
+    logger.error("Unexpected error during Google login", err);
+    return res.boom.unauthorized("User cannot be authenticated");
+  }
+}
+
+const googleAuthCallback = (req, res, next) => {
+  const { authRedirectionUrl } = handleRedirectUrl(req);
+  return passport.authenticate("google", { session: false }, async (err, accessToken, user) => {
+    if (err) {
+      logger.error(err);
+      return res.boom.unauthorized("User cannot be authenticated");
+    }
+    return await handleGoogleLogin(req, res, user, authRedirectionUrl);
+  })(req, res, next);
+};
+
 /**
  * Makes authentication call to GitHub statergy
  *
@@ -41,33 +155,7 @@ const githubAuthLogin = (req, res, next) => {
  */
 const githubAuthCallback = (req, res, next) => {
   let userData;
-  let isMobileApp = false;
-  const rdsUiUrl = new URL(config.get("services.rdsUi.baseUrl"));
-  let authRedirectionUrl = rdsUiUrl;
-  let devMode = false;
-  let isV2FlagPresent = false;
-
-  if ("state" in req.query) {
-    try {
-      const redirectUrl = new URL(req.query.state);
-      if (redirectUrl.searchParams.get("isMobileApp") === "true") {
-        isMobileApp = true;
-        redirectUrl.searchParams.delete("isMobileApp");
-      }
-
-      if (redirectUrl.searchParams.get("v2") === "true") isV2FlagPresent = true;
-
-      if (`.${redirectUrl.hostname}`.endsWith(`.${rdsUiUrl.hostname}`)) {
-        // Matching *.realdevsquad.com
-        authRedirectionUrl = redirectUrl;
-        devMode = Boolean(redirectUrl.searchParams.get("dev"));
-      } else {
-        logger.error(`Malicious redirect URL provided URL: ${redirectUrl}, Will redirect to RDS`);
-      }
-    } catch (error) {
-      logger.error("Invalid redirect URL provided", error);
-    }
-  }
+  let { authRedirectionUrl, isMobileApp, isV2FlagPresent, devMode } = handleRedirectUrl(req);
   try {
     return passport.authenticate("github", { session: false }, async (err, accessToken, user) => {
       if (err) {
@@ -77,23 +165,33 @@ const githubAuthCallback = (req, res, next) => {
       userData = {
         github_id: user.username,
         github_display_name: user.displayName,
+        email: user._json.email,
         github_created_at: Number(new Date(user._json.created_at).getTime()),
         github_user_id: user.id,
         created_at: Date.now(),
         updated_at: null,
       };
 
+      if (!userData.email) {
+        const githubBaseUrl = config.get("githubApi.baseUrl");
+        const res = await fetch(`${githubBaseUrl}/user/emails`, {
+          headers: {
+            Authorization: `token ${accessToken}`,
+          },
+        });
+        const emails = await res.json();
+        const primaryEmails = emails.filter((item) => item.primary);
+
+        if (primaryEmails.length > 0) {
+          userData.email = primaryEmails[0].email;
+        }
+      }
+
       const { userId, incompleteUserDetails, role } = await users.addOrUpdate(userData);
 
       const token = authService.generateAuthToken({ userId });
 
-      const cookieOptions = {
-        domain: rdsUiUrl.hostname,
-        expires: new Date(Date.now() + config.get("userToken.ttl") * 1000),
-        httpOnly: true,
-        secure: true,
-        sameSite: "lax",
-      };
+      const cookieOptions = getAuthCookieOptions();
       // respond with a cookie
       res.cookie(config.get("userToken.cookieName"), token, cookieOptions);
 
@@ -232,6 +330,8 @@ const fetchDeviceDetails = async (req, res) => {
 module.exports = {
   githubAuthLogin,
   githubAuthCallback,
+  googleAuthLogin,
+  googleAuthCallback,
   signout,
   storeUserDeviceInfo,
   updateAuthStatus,

controllers/discordactions.js

@@ -119,26 +119,52 @@ const deleteGroupRole = async (req, res) => {
 };
 
 /**
- * Gets all group-roles
+ * Fetches all group roles or provides paginated results when ?dev=true is passed.
  *
- * @param res {Object} - Express response object
+ * @param {Object} req - Express request object.
+ * @param {Object} res - Express response object.
  */
-
-const getAllGroupRoles = async (req, res) => {
+const getPaginatedAllGroupRoles = async (req, res) => {
   try {
-    const { groups } = await discordRolesModel.getAllGroupRoles();
+    const { page = 0, size = 10, dev } = req.query;
+    const limit = parseInt(size, 10) || 10;
+    const offset = parseInt(page, 10) * limit;
+
+    if (limit < 1 || limit > 100) {
+      return res.boom.badRequest("Invalid size. Must be between 1 and 100.");
+    }
+
     const discordId = req.userData?.discordId;
+    if (dev === "true") {
+      const { roles, total } = await discordRolesModel.getPaginatedGroupRolesByPage({ offset, limit });
+      const groupsWithMembershipInfo = await discordRolesModel.enrichGroupDataWithMembershipInfo(discordId, roles);
+
+      const nextPage = offset + limit < total ? parseInt(page, 10) + 1 : null;
+      const prevPage = page > 0 ? parseInt(page, 10) - 1 : null;
+
+      const baseUrl = `${req.baseUrl}${req.path}`;
+      const next = nextPage !== null ? `${baseUrl}?page=${nextPage}&size=${limit}&dev=true` : null;
+      const prev = prevPage !== null ? `${baseUrl}?page=${prevPage}&size=${limit}&dev=true` : null;
+
+      return res.json({
+        message: "Roles fetched successfully!",
+        groups: groupsWithMembershipInfo,
+        links: { next, prev },
+      });
+    }
+
+    const { groups } = await discordRolesModel.getAllGroupRoles();
     const groupsWithMembershipInfo = await discordRolesModel.enrichGroupDataWithMembershipInfo(discordId, groups);
+
     return res.json({
       message: "Roles fetched successfully!",
       groups: groupsWithMembershipInfo,
     });
   } catch (err) {
-    logger.error(`Error while getting roles: ${err}`);
+    logger.error(`Error while fetching paginated group roles: ${err}`);
     return res.boom.badImplementation(INTERNAL_SERVER_ERROR);
   }
 };
-
 const getGroupsRoleId = async (req, res) => {
   try {
     const { discordId } = req.userData;
@@ -534,7 +560,7 @@ const getUserDiscordInvite = async (req, res) => {
 module.exports = {
   getGroupsRoleId,
   createGroupRole,
-  getAllGroupRoles,
+  getPaginatedAllGroupRoles,
   addGroupRoleToMember,
   deleteRole,
   updateDiscordImageForVerification,

controllers/userStatus.js

@@ -4,6 +4,9 @@ const { INTERNAL_SERVER_ERROR } = require("../constants/errorMessages");
 const dataAccess = require("../services/dataAccessLayer");
 const userStatusModel = require("../models/userStatus");
 const { userState, CANCEL_OOO } = require("../constants/userStatus");
+const ROLES = require("../constants/roles");
+const firestore = require("../utils/firestore");
+const usersCollection = firestore.collection("users");
 
 /**
  * Deletes a new User Status
@@ -107,6 +110,11 @@ const getAllUserStatus = async (req, res) => {
 const updateUserStatus = async (req, res) => {
   try {
     const userId = getUserIdBasedOnRoute(req);
+    const userDoc = await usersCollection.doc(userId).get();
+    if (!userDoc.exists) {
+      return res.boom.notFound("The User doesn't exist.");
+    }
+
     if (userId) {
       const dataToUpdate = req.body;
       const updateStatus = await userStatusModel.updateUserStatus(userId, dataToUpdate);
@@ -240,6 +248,26 @@ const updateUserStatusController = async (req, res, next) => {
   }
 };
 
+const updateUserStatuses = async (req, res, next) => {
+  try {
+    const { id: currentUserId, roles = {} } = req.userData;
+    const isSelf = req.params.userId === currentUserId;
+    const isSuperUser = roles[ROLES.SUPERUSER];
+
+    if (isSelf || isSuperUser) {
+      if (isSelf && Object.keys(req.body).includes(CANCEL_OOO)) {
+        return await cancelOOOStatus(req, res, next);
+      }
+      return await updateUserStatus(req, res, next);
+    }
+
+    return res.boom.unauthorized("You are not authorized to perform this action.");
+  } catch (err) {
+    logger.error(`Error in updateUserStatusController: ${err}`);
+    return res.boom.badImplementation("An unexpected error occurred.");
+  }
+};
+
 module.exports = {
   deleteUserStatus,
   getUserStatus,
@@ -250,4 +278,5 @@ module.exports = {
   getUserStatusControllers,
   batchUpdateUsersStatus,
   updateUserStatusController,
+  updateUserStatuses,
 };