Sequelize update & readme corrections (#113)

* Update sequelize to v5 (#110)

* Update sequelize and use [Op.exp] instead of  for sequelize expressions

* Use findByPk instead of findById

* Fix import of sequelize in config

* Fix updateAttributes to update, as the former has been deprecated in favor of the latter

* Update pg version to support sequelize v5

* Fix up expected errors in tests

* Fix tests to match new sequelize version

* Fix tag counts via dedupe

* Handle slashes in go links (#109)

Problem:
If a go-link has a / in its name, any PUT/DELETEs referencing it will fail, as the / causes ExpressJS to interpret the request as a separate route.

Solution:
By using a wildcard regxp for the route path (https://expressjs.com/en/guide/routing.html#route-paths)
eg: /:shortLink(*)
ExpressJS will glob anything after the matching part of the route, handling the remainder appropriately.
req.params.shortLink will still return back the whole go-link, so this should have no impact on other links, even if they also start with the same prefix/

* Readme corrections (#91)

* Readme corrections

* Ignore intellij files

* Add note about environment

* Remove env comment

* Add announcements (#114)

* Add announcements migration and corresponding rest endpoints / integration tests

* Update names of announcement properties

* Fix cascade delete quotes tags migration to await on temp table creation (#116)

Co-authored-by: Ben Alderfer <[email protected]>

Author: gavrielrh

.gitignore

@@ -67,3 +67,6 @@ config/database/production.json
 
 # vim
 *.swp
+
+# intellij
+.idea

README.md

@@ -29,9 +29,9 @@ The following steps walk you through configuring Google OAuth, with the assumpti
 
 1. Navigate to [Google Developer Console](https://console.developers.google.com/project), making sure you are logged in to the Google account you would like associated with the OAuth Authentication.
 2. Select the option to create a new project, naming it whatever you wish. Click 'Create'. You should be redirected to your Project's API Manager page.
-3. Open the Credentials page by selecting it from the navigation pane on the left-hand side of the page.
+3. Open the Credentials page by selecting it from the navigation pane on the left-hand side of the page (hamburger menu > APIs & Services > Credentials).
 4. On the Credentials page, select the option 'Create credentials', and then 'OAuth client ID'.
-5. You should now see a warning that you must set a product name on the consent screen. Select the option to 'Configure consent screen'. You will now be taken to the 'OAuth consent screen' settings pane. On this page, fill in the 'Product name shown to users' field with a name identifiable to your users. `SSE Dev API` is a good choice. When you're ready, click 'Save'.
+5. You should now see a warning that you must set a product name on the consent screen. Select the option to 'Configure consent screen'. You will now be taken to the 'OAuth consent screen' settings pane. On this page, fill in the 'Application name' field with a name identifiable to your users. `SSE Dev API` is a good choice. When you're ready, click 'Save'.
 6. Next, you'll be guided through the process of creating your OAuth Client Credentials. First, select 'Web application' as the Application type. Next, fill in the following information on the form that appears:
     - **Name:** `SSE Dev API` (or however you'd like to refer to it internally)
     - **Authorized JavaScript origins:** `http://localhost:5000`
@@ -65,16 +65,6 @@ You only need to do this if you are working on mentoring-related endpoints.
 * Head back to [Google Developer Console](https://console.developers.google.com/apis/library). Go to the same project you created before. Go to Libraries and search for Google Calendar API. Enable that API.
 * Next go to Credentials Tab. Click Create Credentials > API Key. You can store this key in `keys/google.json` under `web.api_key` or set the ENV variable `GOOGLE_API_KEY`.
 
-### Google Calendar
-Only need to do this if you are working on mentoring-related endpoints.
-
-* Create a new Google Calendar for the Mentor Schedule
-* In the side bar, Click on the arrow next to your new calendar and go to calendar settings.
-* On the Calendar Details screen, you will find your calendar ID in the *Calendar Address* section. You can store this value in `keys/google.json` under `web.calendars.mentor`, or use the ENV variable `MENTOR_GOOGLE_CALENDAR`.
-* Go to the Share Calendar Tab and make the calendar public.
-* Head back to [Google Developer Console](https://console.developers.google.com/apis/library). Go to the same project you created before. Go to Libraries and search for Google Calendar API. Enable that API.
-* Next go to Credentials Tab. Click Create Credentials > API Key. You can store this key in `keys/google.json` under `web.api_key` or set the ENV variable `GOOGLE_API_KEY`.
-
 ### Configuring Mailgun
 Only need to do this if you are working on scoreboard-related endpoints.
 
@@ -89,7 +79,7 @@ Only need to do this if you are working on scoreboard-related endpoints.
 1. `npm install`
 2. `mkdir keys`
 3. `npm run keygen`
-4. `npm run bootstrap -- --admin:firstName [YOUR NAME] --admin:lastName [YOUR LAST NAME] --admin:dce [YOUR DCE] --keygen --seed` - Creates and migrates the database. If you specify the admin args, a membership will be created for that
+4. `npm run bootstrap -- --admin:firstName [YOUR NAME] --admin:lastName [YOUR LAST NAME] --admin:dce [YOUR DCE (ex: abc1234)] --keygen --seed` - Creates and migrates the database. If you specify the admin args, a membership will be created for that
 user with all permissions. If you specify keygen, all keys will be regenerated.
 If you specify seed it will seed the database.
 5. `npm start`

config/permissions.js

@@ -4,7 +4,7 @@
 // their permissions level and group assignment have to allow them to do so.
 //
 // Permission level is 'at least', so someone with
-// a 'low' permission cannot do 'high' permisison actions but
+// a 'low' permission cannot do 'high' permission actions but
 // someone with a 'high' permission can do 'low' permission actions.
 // Permission level is based on the provider they used to authenticate (eg. Google, Slack).
 //
@@ -157,4 +157,18 @@ export default {
       groups: { primary, officers },
     },
   },
+  announcements: {
+    create: {
+      level: levels.high,
+      groups: { primary },
+    },
+    update: {
+      level: levels.high,
+      groups: { primary },
+    },
+    destroy: {
+      level: levels.high,
+      groups: { primary },
+    },
+  },
 };

config/sequelize.js

@@ -1,4 +1,4 @@
-import Sequelize from 'sequelize';
+import { Sequelize } from 'sequelize';
 import nconf from './index';
 
 const env = nconf.get('NODE_ENV');

db/migrations/20171231073953-cascade-delete-quotes-tags.js

@@ -1,14 +1,14 @@
 // Add ON DELETE CASCADE and ON UPDATE CASCADE to the quotes_tags table
-export function up(queryInterface, Sequelize) {
+export async function up(queryInterface, Sequelize) {
   const dialect = queryInterface.sequelize.getDialect();
   // SQLite does not support the DROP CONSTRAINT syntax,
   // so we have to make a temporary table, copy all the data into it,
   // and then rename it to the original table. Since we use SQLite in
   // development and testing with small amounts of data, while this is
   // gross, it is not necessarily the end of the world.
   if (dialect === 'sqlite') {
-    return queryInterface.sequelize.transaction(t => Promise.all([
-      queryInterface.createTable('temp', {
+    return queryInterface.sequelize.transaction(async (t) => {
+      await queryInterface.createTable('temp', {
         tagName: {
           type: Sequelize.STRING,
           allowNull: false,
@@ -33,17 +33,20 @@ export function up(queryInterface, Sequelize) {
         },
         createdAt: Sequelize.DATE,
         updatedAt: Sequelize.DATE,
-      }, { transaction: t }),
-      queryInterface
-        .sequelize
-        .query('INSERT INTO temp SELECT * FROM quotes_tags;', { transaction: t }),
-      queryInterface
-        .sequelize
-        .query('DROP TABLE quotes_tags;', { transaction: t }),
-      queryInterface
-        .sequelize
-        .query('ALTER TABLE temp RENAME TO quotes_tags;', { transaction: t }),
-    ]));
+      }, {transaction: t});
+
+      return Promise.all([
+        queryInterface
+          .sequelize
+          .query('INSERT INTO temp SELECT * FROM quotes_tags;', {transaction: t}),
+        queryInterface
+          .sequelize
+          .query('DROP TABLE quotes_tags;', {transaction: t}),
+        queryInterface
+          .sequelize
+          .query('ALTER TABLE temp RENAME TO quotes_tags;', {transaction: t}),
+      ]);
+    });
   } else if (dialect === 'postgres') {
     return queryInterface.sequelize.transaction(t => Promise.all([
       queryInterface
@@ -71,12 +74,12 @@ export function up(queryInterface, Sequelize) {
 }
 
 // Remove ON DELETE CASCADE and ON UPDATE CASCADE FROM the quotes_tags table
-export function down(queryInterface, Sequelize) {
+export async function down(queryInterface, Sequelize) {
   const dialect = queryInterface.sequelize.getDialect();
   // See above comment about SQLite
   if (dialect === 'sqlite') {
-    return queryInterface.sequelize.transaction(t => Promise.all([
-      queryInterface.createTable('temp', {
+    return queryInterface.sequelize.transaction(async (t) => {
+      await queryInterface.createTable('temp', {
         tagName: {
           type: Sequelize.STRING,
           allowNull: false,
@@ -91,17 +94,20 @@ export function down(queryInterface, Sequelize) {
         },
         createdAt: Sequelize.DATE,
         updatedAt: Sequelize.DATE,
-      }, { transaction: t }),
-      queryInterface
-        .sequelize
-        .query('INSERT INTO temp SELECT * FROM quotes_tags;', { transaction: t }),
-      queryInterface
-        .sequelize
-        .query('DROP TABLE quotes_tags;', { transaction: t }),
-      queryInterface
-        .sequelize
-        .query('ALTER TABLE temp RENAME TO quotes_tags;', { transaction: t }),
-    ]));
+      }, { transaction: t });
+
+      return Promise.all([
+        queryInterface
+          .sequelize
+          .query('INSERT INTO temp SELECT * FROM quotes_tags;', { transaction: t }),
+        queryInterface
+          .sequelize
+          .query('DROP TABLE quotes_tags;', { transaction: t }),
+        queryInterface
+          .sequelize
+          .query('ALTER TABLE temp RENAME TO quotes_tags;', { transaction: t }),
+      ]);
+    });
   } else if (dialect === 'postgres') {
     return queryInterface.sequelize.transaction(t => Promise.all([
       queryInterface

db/migrations/20200328162403-create-announcement.js

@@ -0,0 +1,24 @@
+export function up(queryInterface, Sequelize) {
+  return queryInterface.createTable('announcements', {
+    id: {
+      type: Sequelize.INTEGER,
+      primaryKey: true,
+      autoIncrement: true,
+    },
+    message: {
+      type: Sequelize.TEXT,
+      allowNull: false,
+    },
+    category: Sequelize.STRING,
+    active: {
+      type: Sequelize.BOOLEAN,
+      allowNull: false,
+    },
+    createdAt: Sequelize.DATE,
+    updatedAt: Sequelize.DATE,
+  });
+}
+
+export function down(queryInterface) {
+  return queryInterface.dropTable('announcements');
+}

events/membership.js

@@ -25,55 +25,64 @@ const sendCongratsEmail = (user, secretary = null) => mailer.sendMail({
 });
 
 // If this is the first membership someone receives during the semester, send them a congrats email
-Membership.afterUpdate((membership) => {
-  const previousApproved = membership.previous('approved');
-  // Attempt to send email if this membership is being approved
-  if (membership.approved && (previousApproved === null || previousApproved === false)) {
-    // Count all active approved memberships for this user
-    Membership
-      .scope([
-        { method: ['user', membership.userDce] },
-        { method: ['approved', true] },
-        { method: ['active', moment().toISOString()] },
-      ])
-      .count()
-      .then((count) => {
-        // If there is only 1, then we can assume this is the first approved membership
-        // this person has received this semester, so we'll send them an email.
-        //
-        // Edge cases:
-        // 1. A User had 1 membership. It was deleted. They receieved another membership. They would receive a second email.
-        // 2. A User had 1 membership. It was unapproved. It was approved. They would receive a second email.
-        //
-        // We're fine with both cases because they're infrequent, if they occur at all
-        // – a user would be reminded of membership details which is ¯\_(ツ)_/¯
-        // Additionally, the only people who can approve memberships are primary officers,
-        // so we can trust that they won't abuse their power and spam someone's inbox.
-        if (count === 1) {
-          Promise
-            .all([
-              // Reload the membership to get the User associated with it
-              membership.reload({ include: [User] }),
-              // Find the current SSE Secretary
-              Officer
-                .scope([
-                  { method: ['title', 'Secretary'] },
-                  { method: ['active', moment().toISOString()] },
-                ])
-                .findAll({ include: [User] }),
-            ])
-            .then((values) => {
-              const user = values[0].user;
-              const secretary = values[1][0].user;
-              // Don't send emails during testing
-              if (config.get('NODE_ENV') !== 'test') {
-                console.log(`${moment().toISOString()}: Sending membership email to ${user.dce}@rit.edu`); // eslint-disable-line no-console
-                sendCongratsEmail(user, secretary);
-              }
-            });
-        }
-      });
-  }
-});
+Membership.hooks = {
+  afterUpdate: (membership) => {
+    const previousApproved = membership.previous('approved');
+    // Attempt to send email if this membership is being approved
+    if (membership.approved && (previousApproved === null || previousApproved === false)) {
+      // Count all active approved memberships for this user
+      Membership
+        .scope([
+          { method: ['user', membership.userDce] },
+          { method: ['approved', true] },
+          {
+            method: ['active', moment()
+              .toISOString()],
+          },
+        ])
+        .count()
+        .then((count) => {
+          // If there is only 1, then we can assume this is the first approved membership
+          // this person has received this semester, so we'll send them an email.
+          //
+          // Edge cases:
+          // 1. A User had 1 membership. It was deleted. They received another membership. They would receive a second email.
+          // 2. A User had 1 membership. It was unapproved. It was approved. They would receive a second email.
+          //
+          // We're fine with both cases because they're infrequent, if they occur at all
+          // – a user would be reminded of membership details which is ¯\_(ツ)_/¯
+          // Additionally, the only people who can approve memberships are primary officers,
+          // so we can trust that they won't abuse their power and spam someone's inbox.
+          if (count === 1) {
+            Promise
+              .all([
+                // Reload the membership to get the User associated with it
+                membership.reload({ include: [User] }),
+                // Find the current SSE Secretary
+                Officer
+                  .scope([
+                    { method: ['title', 'Secretary'] },
+                    {
+                      method: ['active', moment()
+                        .toISOString()],
+                    },
+                  ])
+                  .findAll({ include: [User] }),
+              ])
+              .then((values) => {
+                const user = values[0].user;
+                const secretary = values[1][0].user;
+                // Don't send emails during testing
+                if (config.get('NODE_ENV') !== 'test') {
+                  console.log(`${moment()
+                    .toISOString()}: Sending membership email to ${user.dce}@rit.edu`); // eslint-disable-line no-console
+                  sendCongratsEmail(user, secretary);
+                }
+              });
+          }
+        });
+    }
+  },
+};
 
 export default Membership;

middleware/permissions.js

@@ -3,7 +3,7 @@ import User from '../models/user';
 export function needs(endpoint, action) {
   return (req, res, next) => {
     User
-      .findById(req.auth.user.dce)
+      .findByPk(req.auth.user.dce)
       .then(user => user.can(endpoint, action, req.auth.level))
       .then(() => next())
       .catch(() => next({
@@ -35,7 +35,7 @@ export function needsApprovedIndex(endpoint) {
     }
 
     User
-      .findById(req.auth.user.dce)
+      .findByPk(req.auth.user.dce)
       .then(user => user.can(endpoint, 'unapproved', req.auth.level))
       .then(() => next())
       .catch(() => {
@@ -54,7 +54,7 @@ export function needsApprovedOne(endpoint) {
       return next();
     }
     User
-      .findById(req.auth.user.dce)
+      .findByPk(req.auth.user.dce)
       .then(user => user.can(endpoint, 'unapproved', req.auth.level))
       .then(() => {
         req.auth.allowed = true;

models/announcement.js

@@ -0,0 +1,33 @@
+import DataTypes from 'sequelize';
+import sequelize from '../config/sequelize';
+import paginate from '../helpers/paginate';
+import sorting from '../helpers/sorting';
+
+export default sequelize.define('announcements', {
+  message: {
+    type: DataTypes.STRING,
+    allowNull: false,
+  },
+  category: DataTypes.STRING,
+  active: {
+    type: DataTypes.BOOLEAN,
+    allowNull: false,
+  },
+}, {
+  scopes: {
+    onlyActive() {
+      return { where: { active: true } };
+    },
+    paginate,
+    orderBy(field, direction) {
+      return sorting(field, direction, [
+        'message',
+        'category',
+        'active',
+        'createdAt',
+        'updatedAt',
+      ]);
+    },
+  },
+});
+