add ability to get the issued tickets given the right role

Author: devksingh4

src/config.ts

@@ -54,7 +54,7 @@ const environmentConfig: EnvironmentConfigType = {
       "1": [], // Dummy Group for development only
     },
     UserRoleMapping: {
-      "[email protected]": [AppRoles.TICKET_SCANNER],
+      "[email protected]": [AppRoles.TICKETS_SCANNER],
     },
     AzureRoleMapping: { AutonomousWriters: [AppRoles.EVENTS_MANAGER] },
     ValidCorsOrigins: [
@@ -77,11 +77,17 @@ const environmentConfig: EnvironmentConfigType = {
       ], // Exec
     },
     UserRoleMapping: {
-      "[email protected]": [AppRoles.TICKET_SCANNER],
-      "[email protected]": [AppRoles.TICKET_SCANNER],
-      "[email protected]": [AppRoles.TICKET_SCANNER],
-      "[email protected]": [AppRoles.TICKET_SCANNER],
-      "[email protected]": [AppRoles.TICKET_SCANNER],
+      "[email protected]": [AppRoles.TICKETS_SCANNER],
+      "[email protected]": [AppRoles.TICKETS_SCANNER],
+      "[email protected]": [AppRoles.TICKETS_SCANNER],
+      "[email protected]": [
+        AppRoles.TICKETS_SCANNER,
+        AppRoles.TICKETS_MANAGER,
+      ],
+      "[email protected]": [
+        AppRoles.TICKETS_SCANNER,
+        AppRoles.TICKETS_MANAGER,
+      ],
     },
     AzureRoleMapping: { AutonomousWriters: [AppRoles.EVENTS_MANAGER] },
     ValidCorsOrigins: [

src/errors/index.ts

@@ -157,3 +157,14 @@ export class TicketNotValidError extends BaseError<"TicketNotValidError"> {
     });
   }
 }
+
+export class NotSupportedError extends BaseError<"NotSupportedError"> {
+  constructor({ message }: { message?: string }) {
+    super({
+      name: "NotSupportedError",
+      id: 110,
+      message: message || "This operation is not supported.",
+      httpStatusCode: 400,
+    });
+  }
+}

src/roles.ts

@@ -4,7 +4,8 @@ export type RunEnvironment = (typeof runEnvironments)[number];
 export enum AppRoles {
   EVENTS_MANAGER = "manage:events",
   SSO_INVITE_USER = "invite:sso",
-  TICKET_SCANNER = "scan:tickets",
+  TICKETS_SCANNER = "scan:tickets",
+  TICKETS_MANAGER = "manage:tickets",
 }
 export const allAppRoles = Object.values(AppRoles).filter(
   (value) => typeof value === "string",

src/routes/tickets.ts

@@ -1,10 +1,16 @@
 import { FastifyPluginAsync } from "fastify";
 import { z } from "zod";
-import { DynamoDBClient, UpdateItemCommand } from "@aws-sdk/client-dynamodb";
+import {
+  DynamoDBClient,
+  QueryCommand,
+  UpdateItemCommand,
+} from "@aws-sdk/client-dynamodb";
 import { genericConfig } from "../config.js";
 import {
   BaseError,
   DatabaseFetchError,
+  NotFoundError,
+  NotSupportedError,
   TicketNotFoundError,
   TicketNotValidError,
   UnauthenticatedError,
@@ -35,12 +41,20 @@ const purchaseSchema = z.object({
 
 type PurchaseData = z.infer<typeof purchaseSchema>;
 
-const responseJsonSchema = zodToJsonSchema(
+const ticketEntryZod = z.object({
+  valid: z.boolean(),
+  type: z.enum(["merch", "ticket"]),
+  ticketId: z.string().min(1),
+  purchaserData: purchaseSchema,
+});
+
+type TicketEntry = z.infer<typeof ticketEntryZod>;
+
+const responseJsonSchema = zodToJsonSchema(ticketEntryZod);
+
+const getTicketsResponseJsonSchema = zodToJsonSchema(
   z.object({
-    valid: z.boolean(),
-    type: z.enum(["merch", "ticket"]),
-    ticketId: z.string().min(1),
-    purchaserData: purchaseSchema,
+    tickets: z.array(ticketEntryZod),
   }),
 );
 
@@ -52,7 +66,79 @@ const dynamoClient = new DynamoDBClient({
   region: genericConfig.AwsRegion,
 });
 
+type TicketsGetRequest = {
+  Params: { id: string };
+  Querystring: { type: string };
+  Body: undefined;
+};
+
 const ticketsPlugin: FastifyPluginAsync = async (fastify, _options) => {
+  fastify.get<TicketsGetRequest>(
+    "/:eventId",
+    {
+      schema: {
+        querystring: {
+          type: "object", // Add this to specify it's an object schema
+          properties: {
+            // Add this to define the properties
+            type: {
+              type: "string",
+              enum: ["merch", "ticket"],
+            },
+          },
+        },
+        response: {
+          200: getTicketsResponseJsonSchema,
+        },
+      },
+      onRequest: async (request, reply) => {
+        await fastify.authorize(request, reply, [AppRoles.TICKETS_MANAGER]);
+      },
+    },
+    async (request, reply) => {
+      const eventId = (request.params as Record<string, string>).eventId;
+      const eventType = request.query?.type;
+      const issuedTickets: TicketEntry[] = [];
+      switch (eventType) {
+        case "merch":
+          const command = new QueryCommand({
+            TableName: genericConfig.MerchStorePurchasesTableName,
+            IndexName: "ItemIdIndexAll",
+            KeyConditionExpression: "item_id = :itemId",
+            ExpressionAttributeValues: {
+              ":itemId": { S: eventId },
+            },
+          });
+          const response = await dynamoClient.send(command);
+          if (!response.Items) {
+            throw new NotFoundError({
+              endpointName: `/api/v1/tickets/${eventId}`,
+            });
+          }
+          for (const item of response.Items) {
+            const unmarshalled = unmarshall(item);
+            issuedTickets.push({
+              type: "merch",
+              valid: true,
+              ticketId: unmarshalled["stripe_pi"],
+              purchaserData: {
+                email: unmarshalled["email"],
+                productId: eventId,
+                quantity: unmarshalled["quantity"],
+                size: unmarshalled["size"],
+              },
+            });
+          }
+          break;
+        default:
+          throw new NotSupportedError({
+            message: `Retrieving tickets currently only supported on type "merch"!`,
+          });
+      }
+      const response = { tickets: issuedTickets };
+      return reply.send(response);
+    },
+  );
   fastify.post<{ Body: VerifyPostRequest }>(
     "/checkIn",
     {
@@ -63,14 +149,16 @@ const ticketsPlugin: FastifyPluginAsync = async (fastify, _options) => {
         await fastify.zodValidateBody(request, reply, postSchema);
       },
       onRequest: async (request, reply) => {
-        await fastify.authorize(request, reply, [AppRoles.TICKET_SCANNER]);
+        await fastify.authorize(request, reply, [AppRoles.TICKETS_SCANNER]);
       },
     },
     async (request, reply) => {
       let command: UpdateItemCommand;
       let ticketId: string;
       if (!request.username) {
-        throw new UnauthenticatedError({ message: "Could not find username." });
+        throw new UnauthenticatedError({
+          message: "Could not find username.",
+        });
       }
       switch (request.body.type) {
         case "merch":
@@ -110,7 +198,9 @@ const ticketsPlugin: FastifyPluginAsync = async (fastify, _options) => {
           });
           break;
         default:
-          throw new ValidationError({ message: `Unknown verification type!` });
+          throw new ValidationError({
+            message: `Unknown verification type!`,
+          });
       }
       let purchaserData: PurchaseData;
       try {
@@ -200,7 +290,9 @@ const ticketsPlugin: FastifyPluginAsync = async (fastify, _options) => {
           });
           break;
         default:
-          throw new ValidationError({ message: `Unknown verification type!` });
+          throw new ValidationError({
+            message: `Unknown verification type!`,
+          });
       }
       await dynamoClient.send(command);
       reply.send(response);

tests/unit/auth.test.ts

@@ -80,6 +80,6 @@ test("Test user-specific role grants", async () => {
   const jsonBody = await response.json();
   expect(jsonBody).toEqual({
     username: "[email protected]",
-    roles: [AppRoles.TICKET_SCANNER],
+    roles: [AppRoles.TICKETS_SCANNER],
   });
 });

tests/unit/mockMerchPurchases.testdata.ts

@@ -10,7 +10,7 @@ const fulfilledMerchItem1 = {
     BOOL: true,
   },
   item_id: {
-    S: "sigpwny_fallctf_2022_shirt",
+    S: "2024_fa_barcrawl",
   },
   quantity: {
     N: "1",

tests/unit/tickets.test.ts

@@ -1,10 +1,14 @@
 import { afterAll, expect, test, beforeEach, vi, describe } from "vitest";
-import { DynamoDBClient, UpdateItemCommand } from "@aws-sdk/client-dynamodb";
+import {
+  DynamoDBClient,
+  QueryCommand,
+  UpdateItemCommand,
+} from "@aws-sdk/client-dynamodb";
 import { mockClient } from "aws-sdk-client-mock";
 import init from "../../src/index.js";
-import { EventGetResponse } from "../../src/routes/events.js";
 import { secretObject } from "./secret.testdata.js";
 import {
+  dynamoTableData,
   fulfilledMerchItem1,
   refundedMerchItem,
   unfulfilledMerchItem1,
@@ -39,7 +43,7 @@ describe("Test ticket purchase verification", async () => {
         ticketId:
           "9d98e1e3c2138c93dd5a284239eddfa9c3037a0862972cd0f51ee1b54257a37e",
       });
-    const responseDataJson = response.body as EventGetResponse;
+    const responseDataJson = response.body;
     expect(response.statusCode).toEqual(200);
     expect(responseDataJson).toEqual({
       valid: true,
@@ -69,7 +73,7 @@ describe("Test ticket purchase verification", async () => {
         ticketId:
           "9d98e1e3c2138c93dd5a284239eddfa9c3037a0862972cd0f51ee1b54257a37e",
       });
-    const responseDataJson = response.body as EventGetResponse;
+    const responseDataJson = response.body;
     expect(response.statusCode).toEqual(200);
     expect(responseDataJson).toEqual({
       valid: true,
@@ -99,7 +103,7 @@ describe("Test ticket purchase verification", async () => {
         email: "[email protected]",
         stripePi: "pi_6T9QvUwR2IOj4CyF35DsXK7P",
       });
-    const responseDataJson = response.body as EventGetResponse;
+    const responseDataJson = response.body;
     expect(response.statusCode).toEqual(400);
     expect(responseDataJson).toEqual({
       error: true,
@@ -125,7 +129,7 @@ describe("Test ticket purchase verification", async () => {
         ticketId:
           "975b4470cf37d7cf20fd404a711513fd1d1e68259ded27f10727d1384961843d",
       });
-    const responseDataJson = response.body as EventGetResponse;
+    const responseDataJson = response.body;
     expect(response.statusCode).toEqual(400);
     expect(responseDataJson).toEqual({
       error: true,
@@ -153,7 +157,7 @@ describe("Test merch purchase verification", async () => {
         email: "[email protected]",
         stripePi: "pi_8J4NrYdA3S7cW8Ty92FnGJ6L",
       });
-    const responseDataJson = response.body as EventGetResponse;
+    const responseDataJson = response.body;
     expect(response.statusCode).toEqual(200);
     expect(responseDataJson).toEqual({
       valid: true,
@@ -183,7 +187,7 @@ describe("Test merch purchase verification", async () => {
         ticketId:
           "975b4470cf37d7cf20fd404a711513fd1d1e68259ded27f10727d1384961843d",
       });
-    const responseDataJson = response.body as EventGetResponse;
+    const responseDataJson = response.body;
     expect(response.statusCode).toEqual(400);
     expect(responseDataJson).toEqual({
       error: true,
@@ -208,7 +212,7 @@ describe("Test merch purchase verification", async () => {
         email: "[email protected]",
         stripePi: "pi_6T9QvUwR2IOj4CyF35DsXK7P",
       });
-    const responseDataJson = response.body as EventGetResponse;
+    const responseDataJson = response.body;
     expect(response.statusCode).toEqual(400);
     expect(responseDataJson).toEqual({
       error: true,
@@ -233,7 +237,7 @@ describe("Test merch purchase verification", async () => {
         email: "[email protected]",
         stripePi: "pi_3Q5GewDiGOXU9RuS16txRR5D",
       });
-    const responseDataJson = response.body as EventGetResponse;
+    const responseDataJson = response.body;
     expect(response.statusCode).toEqual(400);
     expect(responseDataJson).toEqual({
       error: true,
@@ -244,6 +248,36 @@ describe("Test merch purchase verification", async () => {
   });
 });
 
+describe("Test getting all issued tickets", async () => {
+  test("Happy path: get all tickets", async () => {
+    ddbMock
+      .on(QueryCommand)
+      .resolvesOnce({ Items: dynamoTableData })
+      .resolvesOnce({});
+
+    const testJwt = createJwt();
+    await app.ready();
+    const response = await supertest(app.server)
+      .get("/api/v1/tickets/2024_fa_barcrawl?type=merch")
+      .set("authorization", `Bearer ${testJwt}`);
+    const responseDataJson = response.body;
+    expect(response.statusCode).toEqual(200);
+    expect(responseDataJson.tickets).toHaveLength(4);
+  });
+  test("Sad path: fail on type 'ticket'", async () => {
+    ddbMock.on(QueryCommand).rejects();
+
+    const testJwt = createJwt();
+    await app.ready();
+    const response = await supertest(app.server)
+      .get("/api/v1/tickets/2024_fa_barcrawl?type=ticket")
+      .set("authorization", `Bearer ${testJwt}`);
+    const responseDataJson = response.body;
+    expect(response.statusCode).toEqual(400);
+    expect(responseDataJson.id).toEqual(110);
+  });
+});
+
 afterAll(async () => {
   await app.close();
   vi.useRealTimers();