Compare commits
5 Commits
0fa00e6759
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| c4a37f13be | |||
| c23536b3ed | |||
| dee5b2429d | |||
| df60ad4552 | |||
| 872a79663b |
30
API Tests/BGApp/Circle/Create.yml
Normal file
30
API Tests/BGApp/Circle/Create.yml
Normal file
@@ -0,0 +1,30 @@
|
||||
info:
|
||||
name: Create
|
||||
type: http
|
||||
seq: 1
|
||||
|
||||
http:
|
||||
method: POST
|
||||
url: "{{BASE_URL}}/{{SECTOR}}"
|
||||
body:
|
||||
type: json
|
||||
data: |-
|
||||
{
|
||||
"name": "{{Name}}",
|
||||
"isPublic": {{IsPublic}},
|
||||
"colour": "#FFFFFF"
|
||||
}
|
||||
auth: inherit
|
||||
|
||||
runtime:
|
||||
variables:
|
||||
- name: Name
|
||||
value: Test Private Circle
|
||||
- name: IsPublic
|
||||
value: "false"
|
||||
|
||||
settings:
|
||||
encodeUrl: true
|
||||
timeout: 0
|
||||
followRedirects: true
|
||||
maxRedirects: 5
|
||||
20
API Tests/BGApp/Circle/Delete.yml
Normal file
20
API Tests/BGApp/Circle/Delete.yml
Normal file
@@ -0,0 +1,20 @@
|
||||
info:
|
||||
name: Delete
|
||||
type: http
|
||||
seq: 4
|
||||
|
||||
http:
|
||||
method: DELETE
|
||||
url: "{{BASE_URL}}/{{SECTOR}}/{{CircleID}}"
|
||||
auth: inherit
|
||||
|
||||
runtime:
|
||||
variables:
|
||||
- name: CircleID
|
||||
value: 6Z4214
|
||||
|
||||
settings:
|
||||
encodeUrl: true
|
||||
timeout: 0
|
||||
followRedirects: true
|
||||
maxRedirects: 5
|
||||
20
API Tests/BGApp/Circle/Get.yml
Normal file
20
API Tests/BGApp/Circle/Get.yml
Normal file
@@ -0,0 +1,20 @@
|
||||
info:
|
||||
name: Get
|
||||
type: http
|
||||
seq: 2
|
||||
|
||||
http:
|
||||
method: GET
|
||||
url: "{{BASE_URL}}/{{SECTOR}}/{{CircleID}}"
|
||||
auth: inherit
|
||||
|
||||
runtime:
|
||||
variables:
|
||||
- name: CircleID
|
||||
value: P17GOJ
|
||||
|
||||
settings:
|
||||
encodeUrl: true
|
||||
timeout: 0
|
||||
followRedirects: true
|
||||
maxRedirects: 5
|
||||
24
API Tests/BGApp/Circle/Search.yml
Normal file
24
API Tests/BGApp/Circle/Search.yml
Normal file
@@ -0,0 +1,24 @@
|
||||
info:
|
||||
name: Search
|
||||
type: http
|
||||
seq: 5
|
||||
|
||||
http:
|
||||
method: GET
|
||||
url: "{{BASE_URL}}/{{SECTOR}}/search/{{Query}}/{{PageSize}}/{{Page}}"
|
||||
auth: inherit
|
||||
|
||||
runtime:
|
||||
variables:
|
||||
- name: Query
|
||||
value: test
|
||||
- name: PageSize
|
||||
value: "5"
|
||||
- name: Page
|
||||
value: "1"
|
||||
|
||||
settings:
|
||||
encodeUrl: true
|
||||
timeout: 0
|
||||
followRedirects: true
|
||||
maxRedirects: 5
|
||||
28
API Tests/BGApp/Circle/Update.yml
Normal file
28
API Tests/BGApp/Circle/Update.yml
Normal file
@@ -0,0 +1,28 @@
|
||||
info:
|
||||
name: Update
|
||||
type: http
|
||||
seq: 3
|
||||
|
||||
http:
|
||||
method: PATCH
|
||||
url: "{{BASE_URL}}/{{SECTOR}}/{{CircleID}}"
|
||||
body:
|
||||
type: json
|
||||
data: |-
|
||||
{
|
||||
"name":"{{Name}}"
|
||||
}
|
||||
auth: inherit
|
||||
|
||||
runtime:
|
||||
variables:
|
||||
- name: CircleID
|
||||
value: 6Z4214
|
||||
- name: Name
|
||||
value: Test update
|
||||
|
||||
settings:
|
||||
encodeUrl: true
|
||||
timeout: 0
|
||||
followRedirects: true
|
||||
maxRedirects: 5
|
||||
10
API Tests/BGApp/Circle/folder.yml
Normal file
10
API Tests/BGApp/Circle/folder.yml
Normal file
@@ -0,0 +1,10 @@
|
||||
info:
|
||||
name: Circle
|
||||
type: folder
|
||||
seq: 1
|
||||
|
||||
request:
|
||||
auth: inherit
|
||||
variables:
|
||||
- name: SECTOR
|
||||
value: circles
|
||||
@@ -17,9 +17,9 @@ http:
|
||||
runtime:
|
||||
variables:
|
||||
- name: GameID
|
||||
value: ""
|
||||
value: DM5GMY
|
||||
- name: Name
|
||||
value: ""
|
||||
value: Update test
|
||||
|
||||
settings:
|
||||
encodeUrl: true
|
||||
|
||||
@@ -5,13 +5,13 @@ info:
|
||||
|
||||
http:
|
||||
method: DELETE
|
||||
url: "{{BASE_URL}}/{{SECTOR}}/{{UserID}}"
|
||||
url: "{{BASE_URL}}/{{SECTOR}}/{{MatchID}}"
|
||||
auth: inherit
|
||||
|
||||
runtime:
|
||||
variables:
|
||||
- name: UserID
|
||||
value: ""
|
||||
- name: MatchID
|
||||
value: 846M1L
|
||||
|
||||
settings:
|
||||
encodeUrl: true
|
||||
|
||||
@@ -11,7 +11,7 @@ http:
|
||||
runtime:
|
||||
variables:
|
||||
- name: MatchID
|
||||
value: 9YQ84M
|
||||
value: 848O12
|
||||
|
||||
settings:
|
||||
encodeUrl: true
|
||||
|
||||
23
API Tests/BGApp/Matches/Leave.yml
Normal file
23
API Tests/BGApp/Matches/Leave.yml
Normal file
@@ -0,0 +1,23 @@
|
||||
info:
|
||||
name: Leave
|
||||
type: http
|
||||
seq: 4
|
||||
|
||||
http:
|
||||
method: POST
|
||||
url: "{{BASE_URL}}/{{SECTOR}}/{{MatchID}}/leave"
|
||||
body:
|
||||
type: json
|
||||
data: ""
|
||||
auth: inherit
|
||||
|
||||
runtime:
|
||||
variables:
|
||||
- name: MatchID
|
||||
value: 848O12
|
||||
|
||||
settings:
|
||||
encodeUrl: true
|
||||
timeout: 0
|
||||
followRedirects: true
|
||||
maxRedirects: 5
|
||||
@@ -11,7 +11,7 @@ http:
|
||||
runtime:
|
||||
variables:
|
||||
- name: PlayerID
|
||||
value: ""
|
||||
value: 539DPX
|
||||
|
||||
settings:
|
||||
encodeUrl: true
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
#file: noinspection SpellCheckingInspection
|
||||
name: BGApp
|
||||
variables:
|
||||
- name: BEARER_TOKEN
|
||||
|
||||
@@ -18,16 +18,6 @@ request:
|
||||
auth:
|
||||
type: bearer
|
||||
token: "{{BEARER_TOKEN}}"
|
||||
actions:
|
||||
- type: set-variable
|
||||
phase: after-response
|
||||
selector:
|
||||
expression: ${token}
|
||||
method: jsonq
|
||||
variable:
|
||||
name: Token
|
||||
scope: runtime
|
||||
disabled: true
|
||||
bundled: false
|
||||
extensions:
|
||||
bruno:
|
||||
|
||||
@@ -1,3 +1,81 @@
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
-- noinspection SpellCheckingInspectionForFile
|
||||
|
||||
--
|
||||
-- PostgreSQL database dump
|
||||
--
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
import * as React from 'react';
|
||||
import { brandColours } from '../utilities/helpers';
|
||||
import { size } from 'lodash';
|
||||
|
||||
interface InviteEmailProperties {
|
||||
playerName: string;
|
||||
@@ -21,57 +20,59 @@ export const InviteEmail = (props: InviteEmailProperties) => (
|
||||
cellSpacing={0}
|
||||
cellPadding={0}
|
||||
>
|
||||
<tr>
|
||||
<td align="center">
|
||||
<div
|
||||
style={{
|
||||
padding: '20px',
|
||||
borderRadius: '20px',
|
||||
background: brandColours.white,
|
||||
margin: '50px',
|
||||
color: brandColours.dark,
|
||||
maxWidth: '450px',
|
||||
}}
|
||||
>
|
||||
<h1>You're in, {props.playerName}!</h1>
|
||||
<p>
|
||||
You've been invited to join {process.env.PRODUCT_NAME}, please click the button below to
|
||||
finish signing up.
|
||||
</p>
|
||||
<p
|
||||
<tbody>
|
||||
<tr>
|
||||
<td align="center">
|
||||
<div
|
||||
style={{
|
||||
marginBottom: '40px',
|
||||
padding: '20px',
|
||||
borderRadius: '20px',
|
||||
background: brandColours.white,
|
||||
margin: '50px',
|
||||
color: brandColours.dark,
|
||||
maxWidth: '450px',
|
||||
}}
|
||||
>
|
||||
<a
|
||||
<h1>You're in, {props.playerName}!</h1>
|
||||
<p>
|
||||
You've been invited to join {process.env.PRODUCT_NAME}, please click the button below to
|
||||
finish signing up.
|
||||
</p>
|
||||
<p
|
||||
style={{
|
||||
display: 'inline-block',
|
||||
padding: '10px 20px',
|
||||
borderRadius: '5px',
|
||||
background: brandColours.primary,
|
||||
textDecoration: 'none',
|
||||
color: brandColours.light,
|
||||
fontSize: '20px',
|
||||
fontWeight: 'bold',
|
||||
marginBottom: '40px',
|
||||
}}
|
||||
href={`${process.env.ROOT_URL}/invitation/${props.inviteCode}`}
|
||||
>
|
||||
Join {process.env.PRODUCT_NAME}
|
||||
</a>
|
||||
</p>
|
||||
<p
|
||||
style={{
|
||||
fontSize: '0.8rem',
|
||||
opacity: '80%',
|
||||
}}
|
||||
>
|
||||
If above button does not work, copy the link below into a new browser tab:
|
||||
<br />
|
||||
{`${process.env.ROOT_URL}/invitation/${props.inviteCode}`}
|
||||
</p>
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
<a
|
||||
style={{
|
||||
display: 'inline-block',
|
||||
padding: '10px 20px',
|
||||
borderRadius: '5px',
|
||||
background: brandColours.primary,
|
||||
textDecoration: 'none',
|
||||
color: brandColours.light,
|
||||
fontSize: '20px',
|
||||
fontWeight: 'bold',
|
||||
}}
|
||||
href={`${process.env.ROOT_URL}/invitation/${props.inviteCode}`}
|
||||
>
|
||||
Join {process.env.PRODUCT_NAME}
|
||||
</a>
|
||||
</p>
|
||||
<p
|
||||
style={{
|
||||
fontSize: '0.8rem',
|
||||
opacity: '80%',
|
||||
}}
|
||||
>
|
||||
If above button does not work, copy the link below into a new browser tab:
|
||||
<br />
|
||||
{`${process.env.ROOT_URL}/invitation/${props.inviteCode}`}
|
||||
</p>
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
);
|
||||
|
||||
@@ -20,7 +20,7 @@ async function login(request: UnwrappedRequest<LoginRequest>): Promise<Response>
|
||||
const tokenLifeSpanInDays = 30;
|
||||
const token = jwt.sign(
|
||||
{
|
||||
u: verify.userId.raw,
|
||||
u: verify.userId,
|
||||
r: verify.refreshCount,
|
||||
},
|
||||
process.env.JWT_REFRESH_KEY as string,
|
||||
@@ -33,9 +33,9 @@ async function login(request: UnwrappedRequest<LoginRequest>): Promise<Response>
|
||||
httpOnly: true,
|
||||
secure: true,
|
||||
maxAge: tokenLifeSpanInDays * 24 * 60 * 60,
|
||||
path: '/api/auth/token'
|
||||
path: '/api/auth/token',
|
||||
});
|
||||
return new OkResponse();
|
||||
return new OkResponse({ token });
|
||||
} catch (error: any) {
|
||||
return new ErrorResponse(error as Error);
|
||||
}
|
||||
@@ -54,13 +54,13 @@ async function token(request: UnwrappedRequest): Promise<Response> {
|
||||
r: string;
|
||||
} = jwt.verify(refreshCookie, process.env.JWT_REFRESH_KEY as string) as { u: string; r: string };
|
||||
|
||||
if (!(await orm.users.verifyRefreshCount(UserId.fromID(refreshToken.u), refreshToken.r))) {
|
||||
if (!(await orm.users.verifyRefreshCount(UserId.fromHash(refreshToken.u), refreshToken.r))) {
|
||||
const response = new UnauthorizedResponse('Invalid refresh token');
|
||||
response.headers.set('Clear-Site-Data', '"cookies","cache","storage","executionContexts"');
|
||||
return response;
|
||||
}
|
||||
|
||||
const claims: Claims | null = await orm.claims.getByUserId(refreshToken.u);
|
||||
const claims: Claims | null = await orm.claims.getByUserId(UserId.fromHash(refreshToken.u));
|
||||
|
||||
const token = jwt.sign({ ...claims }, process.env.JWT_SECRET_KEY as string, {
|
||||
expiresIn: process.env.JWT_LIFESPAN as any,
|
||||
|
||||
74
src/endpoints/circles.ts
Normal file
74
src/endpoints/circles.ts
Normal file
@@ -0,0 +1,74 @@
|
||||
import { orm } from '../orm/orm';
|
||||
import { UnwrappedRequest } from '../utilities/guard';
|
||||
import { CreatedResponse, ErrorResponse, OkResponse, PagedResponse } from '../utilities/responseHelper';
|
||||
import { CreateCircleRequest, InviteToCircleRequest, UpdateCircleRequest } from '../utilities/requestModels';
|
||||
import { CircleId, PlayerId, UserId } from '../utilities/secureIds';
|
||||
|
||||
async function create(request: UnwrappedRequest<CreateCircleRequest>): Promise<Response> {
|
||||
try {
|
||||
return new CreatedResponse(await orm.circles.create(request.body, request.claims));
|
||||
} catch (error: any) {
|
||||
return new ErrorResponse(error as Error);
|
||||
}
|
||||
}
|
||||
|
||||
async function invite(request: UnwrappedRequest<InviteToCircleRequest>): Promise<Response> {
|
||||
try {
|
||||
let relatedEntityId: UserId | PlayerId | string | undefined;
|
||||
if (request.body.userId) {
|
||||
relatedEntityId = UserId.fromHash(request.body.userId);
|
||||
} else if (request.body.playerId) {
|
||||
relatedEntityId = PlayerId.fromHash(request.body.playerId);
|
||||
} else {
|
||||
relatedEntityId = request.body.email;
|
||||
}
|
||||
return new CreatedResponse(
|
||||
await orm.circles.invite(CircleId.fromHash(request.params.id), relatedEntityId, request.claims),
|
||||
);
|
||||
} catch (error: any) {
|
||||
return new ErrorResponse(error as Error);
|
||||
}
|
||||
}
|
||||
|
||||
async function get(request: UnwrappedRequest): Promise<Response> {
|
||||
try {
|
||||
return new OkResponse(await orm.circles.get(CircleId.fromHash(request.params.id)));
|
||||
} catch (error: any) {
|
||||
return new ErrorResponse(error as Error);
|
||||
}
|
||||
}
|
||||
|
||||
async function update(request: UnwrappedRequest<UpdateCircleRequest>): Promise<Response> {
|
||||
try {
|
||||
return new OkResponse(
|
||||
await orm.circles.update(CircleId.fromHash(request.params.id), request.body),
|
||||
);
|
||||
} catch (error: any) {
|
||||
return new ErrorResponse(error as Error);
|
||||
}
|
||||
}
|
||||
|
||||
async function drop(request: UnwrappedRequest): Promise<Response> {
|
||||
try {
|
||||
return new OkResponse(await orm.circles.drop(CircleId.fromHash(request.params.id)));
|
||||
} catch (error: any) {
|
||||
return new ErrorResponse(error as Error);
|
||||
}
|
||||
}
|
||||
|
||||
async function query(request: UnwrappedRequest): Promise<Response> {
|
||||
try {
|
||||
return new PagedResponse(request, await orm.circles.query(request.params.query));
|
||||
} catch (error: any) {
|
||||
return new ErrorResponse(error as Error);
|
||||
}
|
||||
}
|
||||
|
||||
export default {
|
||||
create,
|
||||
get,
|
||||
update,
|
||||
drop,
|
||||
query,
|
||||
invite,
|
||||
};
|
||||
@@ -1,17 +1,12 @@
|
||||
import { orm } from '../orm/orm';
|
||||
import { UnwrappedRequest } from '../utilities/guard';
|
||||
import { CreatedResponse, ErrorResponse, OkResponse, PagedResponse } from '../utilities/responseHelper';
|
||||
import {
|
||||
GameToCollectionRequest,
|
||||
CreateCollectionRequest,
|
||||
UpdateCollectionRequest,
|
||||
} from '../utilities/requestModels';
|
||||
import { GameToCollectionRequest, CreateCollectionRequest, UpdateCollectionRequest } from '../utilities/requestModels';
|
||||
import { CollectionId, GameId } from '../utilities/secureIds';
|
||||
|
||||
async function create(request: UnwrappedRequest<CreateCollectionRequest>): Promise<Response> {
|
||||
try {
|
||||
const newPlayer = await orm.collections.create(request.body, request.claims);
|
||||
return new CreatedResponse(newPlayer);
|
||||
return new CreatedResponse(await orm.collections.create(request.body, request.claims));
|
||||
} catch (error: any) {
|
||||
return new ErrorResponse(error as Error);
|
||||
}
|
||||
|
||||
@@ -1,23 +1,21 @@
|
||||
import { orm } from '../orm/orm';
|
||||
import { UnwrappedRequest } from '../utilities/guard';
|
||||
import { CreatedResponse, ErrorResponse, OkResponse, PagedResponse } from '../utilities/responseHelper';
|
||||
import {
|
||||
CreateGameRequest,
|
||||
UpdateGameRequest,
|
||||
} from '../utilities/requestModels';
|
||||
import { CreateGameRequest, UpdateGameRequest } from '../utilities/requestModels';
|
||||
import { GameId } from '../utilities/secureIds';
|
||||
|
||||
async function create(request: UnwrappedRequest<CreateGameRequest>): Promise<Response> {
|
||||
try {
|
||||
const newUser = await orm.games.create(
|
||||
{
|
||||
name: request.body.name,
|
||||
bggId: request.body.bggId,
|
||||
imagePath: request.body.imagePath,
|
||||
},
|
||||
request.claims,
|
||||
return new CreatedResponse(
|
||||
await orm.games.create(
|
||||
{
|
||||
name: request.body.name,
|
||||
bggId: request.body.bggId,
|
||||
imagePath: request.body.imagePath,
|
||||
},
|
||||
request.claims,
|
||||
),
|
||||
);
|
||||
return new CreatedResponse(newUser);
|
||||
} catch (error: any) {
|
||||
return new ErrorResponse(error as Error);
|
||||
}
|
||||
@@ -33,13 +31,7 @@ async function get(request: UnwrappedRequest): Promise<Response> {
|
||||
|
||||
async function update(request: UnwrappedRequest<UpdateGameRequest>): Promise<Response> {
|
||||
try {
|
||||
return new OkResponse(
|
||||
await orm.games.update(
|
||||
GameId.fromHash(request.params.id),
|
||||
request.body,
|
||||
request.claims,
|
||||
),
|
||||
);
|
||||
return new OkResponse(await orm.games.update(GameId.fromHash(request.params.id), request.body, request.claims));
|
||||
} catch (error: any) {
|
||||
return new ErrorResponse(error as Error);
|
||||
}
|
||||
|
||||
@@ -1,22 +1,18 @@
|
||||
import { orm } from '../orm/orm';
|
||||
import { UnwrappedRequest } from '../utilities/guard';
|
||||
import { CreatedResponse, ErrorResponse } from '../utilities/responseHelper';
|
||||
import {
|
||||
AcceptInviteRequest,
|
||||
InviteUserRequest,
|
||||
} from '../utilities/requestModels';
|
||||
import { AcceptInviteRequest, InviteUserRequest } from '../utilities/requestModels';
|
||||
import { PlayerId, UserId } from '../utilities/secureIds';
|
||||
|
||||
async function create(request: UnwrappedRequest<InviteUserRequest>): Promise<Response> {
|
||||
try {
|
||||
const newUser = await orm.invites.create(
|
||||
{
|
||||
return new CreatedResponse(
|
||||
await orm.invites.create({
|
||||
...request.body,
|
||||
playerId: PlayerId.fromHash(request.body.playerId),
|
||||
invitedByUserId: request.claims.userId as UserId,
|
||||
},
|
||||
}),
|
||||
);
|
||||
return new CreatedResponse(newUser);
|
||||
} catch (error: any) {
|
||||
return new ErrorResponse(error as Error);
|
||||
}
|
||||
@@ -24,8 +20,7 @@ async function create(request: UnwrappedRequest<InviteUserRequest>): Promise<Res
|
||||
|
||||
async function accept(request: UnwrappedRequest<AcceptInviteRequest>): Promise<Response> {
|
||||
try {
|
||||
const newUser = await orm.invites.accept(request.body);
|
||||
return new CreatedResponse(newUser);
|
||||
return new CreatedResponse(await orm.invites.accept(request.body));
|
||||
} catch (error: any) {
|
||||
return new ErrorResponse(error as Error);
|
||||
}
|
||||
|
||||
@@ -7,14 +7,15 @@ import { MatchParticipant } from '../orm/matches';
|
||||
|
||||
async function create(request: UnwrappedRequest<CreateMatchRequest>): Promise<Response> {
|
||||
try {
|
||||
const newUser = await orm.matches.create({
|
||||
gameId: GameId.fromHash(request.body.gameId),
|
||||
ownerId: request.claims.userId as UserId,
|
||||
participants: request.body.participants.map(
|
||||
(x) => new MatchParticipant(PlayerId.fromHash(x.playerId), x.standing),
|
||||
),
|
||||
});
|
||||
return new CreatedResponse(newUser);
|
||||
return new CreatedResponse(
|
||||
await orm.matches.create({
|
||||
gameId: GameId.fromHash(request.body.gameId),
|
||||
ownerId: request.claims.userId as UserId,
|
||||
participants: request.body.participants.map(
|
||||
(x) => new MatchParticipant(PlayerId.fromHash(x.playerId), x.standing),
|
||||
),
|
||||
}),
|
||||
);
|
||||
} catch (error: any) {
|
||||
return new ErrorResponse(error as Error);
|
||||
}
|
||||
@@ -30,7 +31,17 @@ async function get(request: UnwrappedRequest): Promise<Response> {
|
||||
|
||||
async function drop(request: UnwrappedRequest): Promise<Response> {
|
||||
try {
|
||||
return new OkResponse(await orm.matches.drop(UserId.fromHash(request.params.id), request.claims));
|
||||
return new OkResponse(await orm.matches.drop(MatchId.fromHash(request.params.id), request.claims));
|
||||
} catch (error: any) {
|
||||
return new ErrorResponse(error as Error);
|
||||
}
|
||||
}
|
||||
|
||||
async function leave(request: UnwrappedRequest): Promise<Response> {
|
||||
try {
|
||||
return new OkResponse(
|
||||
await orm.matches.removePlayer(MatchId.fromHash(request.params.id), request.claims.userId as UserId),
|
||||
);
|
||||
} catch (error: any) {
|
||||
return new ErrorResponse(error as Error);
|
||||
}
|
||||
@@ -40,4 +51,5 @@ export default {
|
||||
create,
|
||||
get,
|
||||
drop,
|
||||
leave,
|
||||
};
|
||||
|
||||
@@ -6,8 +6,7 @@ import { PlayerId } from '../utilities/secureIds';
|
||||
|
||||
async function create(request: UnwrappedRequest<CreatePlayerRequest>): Promise<Response> {
|
||||
try {
|
||||
const newPlayer = await orm.players.create(request.body);
|
||||
return new CreatedResponse(newPlayer);
|
||||
return new CreatedResponse(await orm.players.create(request.body));
|
||||
} catch (error: any) {
|
||||
return new ErrorResponse(error as Error);
|
||||
}
|
||||
|
||||
@@ -6,13 +6,12 @@ import { PlayerId, UserId } from '../utilities/secureIds';
|
||||
|
||||
async function create(request: UnwrappedRequest<CreateUserRequest>): Promise<Response> {
|
||||
try {
|
||||
const newUser = await orm.users.create(
|
||||
{
|
||||
return new CreatedResponse(
|
||||
await orm.users.create({
|
||||
...request.body,
|
||||
playerId: PlayerId.fromHash(request.body.playerId),
|
||||
}
|
||||
}),
|
||||
);
|
||||
return new CreatedResponse(newUser);
|
||||
} catch (error: any) {
|
||||
return new ErrorResponse(error as Error);
|
||||
}
|
||||
@@ -28,9 +27,7 @@ async function get(request: UnwrappedRequest): Promise<Response> {
|
||||
|
||||
async function update(request: UnwrappedRequest<UpdateUserRequest>): Promise<Response> {
|
||||
try {
|
||||
return new OkResponse(
|
||||
await orm.users.update(UserId.fromHash(request.params.id), request.body, request.claims),
|
||||
);
|
||||
return new OkResponse(await orm.users.update(UserId.fromHash(request.params.id), request.body, request.claims));
|
||||
} catch (error: any) {
|
||||
return new ErrorResponse(error as Error);
|
||||
}
|
||||
|
||||
@@ -8,6 +8,7 @@ import collections from './routes/collections';
|
||||
import { buildRoute } from './utilities/routeBuilder';
|
||||
import { MatchId } from './utilities/secureIds';
|
||||
import matches from './routes/matches';
|
||||
import circles from './routes/circles';
|
||||
|
||||
const server = Bun.serve({
|
||||
routes: buildRoute({
|
||||
@@ -19,6 +20,7 @@ const server = Bun.serve({
|
||||
invites,
|
||||
collections,
|
||||
matches,
|
||||
circles,
|
||||
},
|
||||
test: {
|
||||
GET: () => {
|
||||
|
||||
192
src/orm/circles.ts
Normal file
192
src/orm/circles.ts
Normal file
@@ -0,0 +1,192 @@
|
||||
import { Claims } from './claims';
|
||||
import { sql } from 'bun';
|
||||
import { first } from 'lodash';
|
||||
import { BadRequestError, NotFoundError, UnauthorizedError } from '../utilities/errors';
|
||||
import { CreateCircleRequest, UpdateCircleRequest } from '../utilities/requestModels';
|
||||
import { memo } from '../utilities/helpers';
|
||||
import { CircleId, PlayerId, UserId } from '../utilities/secureIds';
|
||||
import { orm } from './orm';
|
||||
import { User } from './user';
|
||||
|
||||
export class Circle {
|
||||
id: CircleId;
|
||||
owningUserId: UserId;
|
||||
name: string;
|
||||
isPublic: boolean;
|
||||
imagePath?: string;
|
||||
colour?: string;
|
||||
|
||||
constructor({
|
||||
id,
|
||||
owningUserId,
|
||||
name,
|
||||
isPublic,
|
||||
imagePath,
|
||||
colour,
|
||||
}: {
|
||||
id: CircleId;
|
||||
owningUserId: UserId;
|
||||
name: string;
|
||||
isPublic: boolean;
|
||||
imagePath?: string;
|
||||
colour?: string;
|
||||
}) {
|
||||
this.id = id;
|
||||
this.owningUserId = owningUserId;
|
||||
this.name = name;
|
||||
this.isPublic = isPublic;
|
||||
this.imagePath = imagePath;
|
||||
this.colour = colour;
|
||||
}
|
||||
}
|
||||
|
||||
export class CircleOrm {
|
||||
async create(model: CreateCircleRequest, claims?: Claims): Promise<Circle> {
|
||||
if (model.isPublic && claims && !claims.test(Claims.ADMIN, Claims.CIRCLES.PUBLIC.CREATE)) {
|
||||
throw new UnauthorizedError();
|
||||
}
|
||||
|
||||
await sql`INSERT INTO circles (owning_user_id, name, is_public, colour)
|
||||
VALUES (${claims?.userId.raw},
|
||||
${model.name},
|
||||
${model.isPublic},
|
||||
${model.colour})`;
|
||||
const newRecordId: string = (first(await sql`SELECT lastval();`) as any)?.lastval as string;
|
||||
|
||||
return await this.get(CircleId.fromID(newRecordId));
|
||||
}
|
||||
|
||||
async get(id: CircleId, claims?: Claims): Promise<Circle> {
|
||||
const record: any = first(
|
||||
await sql`SELECT *
|
||||
FROM circles
|
||||
WHERE id = ${id.raw}
|
||||
LIMIT 1`,
|
||||
);
|
||||
|
||||
if (!record) {
|
||||
throw new NotFoundError('No matching game exists');
|
||||
}
|
||||
|
||||
let user: User;
|
||||
if (
|
||||
claims &&
|
||||
!claims.test(Claims.ADMIN) &&
|
||||
!(claims.test(Claims.CIRCLES.PUBLIC.READ) && record.is_public) &&
|
||||
!(claims.test(Claims.CIRCLES.OWNED.READ) && record.owning_user_id === claims.userId.raw) &&
|
||||
!(
|
||||
claims.test(Claims.CIRCLES.PRIVATE.READ_IF_MEMBER) &&
|
||||
(user = await orm.users.get(claims.userId)) &&
|
||||
(await sql`SELECT * FROM player_circles WHERE circle_id = ${id.raw}`).some(
|
||||
(x: { player_id: string }) => x.player_id === user.playerId.raw,
|
||||
)
|
||||
)
|
||||
) {
|
||||
throw new UnauthorizedError();
|
||||
}
|
||||
|
||||
return new Circle({
|
||||
id: CircleId.fromID(record.id),
|
||||
owningUserId: UserId.fromID(record.owning_user_id),
|
||||
name: record.name,
|
||||
isPublic: record.is_public,
|
||||
imagePath: record.image_path,
|
||||
colour: record.colour,
|
||||
});
|
||||
}
|
||||
|
||||
async update(id: CircleId, patch: UpdateCircleRequest): Promise<Circle> {
|
||||
const circle = await this.get(id);
|
||||
circle.name = patch.name ?? circle.name;
|
||||
circle.colour = patch.colour ?? circle.colour;
|
||||
circle.imagePath = patch.imagePath ?? circle.imagePath;
|
||||
|
||||
await sql`UPDATE circles
|
||||
SET name=${circle.name},
|
||||
colour=${circle.colour},
|
||||
image_path=${circle.imagePath}
|
||||
WHERE id = ${id.raw}`;
|
||||
|
||||
return await this.get(id);
|
||||
}
|
||||
|
||||
async drop(id: CircleId): Promise<void> {
|
||||
// Ensure record exists before attempting to delete
|
||||
await this.get(id);
|
||||
await sql.transaction(async (tx) => {
|
||||
await tx`DELETE
|
||||
FROM player_circles
|
||||
WHERE circle_id = ${id.raw}`;
|
||||
await tx`DELETE
|
||||
FROM circle_invites
|
||||
WHERE circle_id = ${id.raw}`;
|
||||
await tx`DELETE
|
||||
FROM circle_comments
|
||||
WHERE circle_id = ${id.raw}`;
|
||||
await tx`DELETE
|
||||
FROM circles
|
||||
WHERE id = ${id.raw}`;
|
||||
});
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
async invite(
|
||||
circleId: CircleId,
|
||||
relatedRecord: PlayerId | UserId | string | undefined,
|
||||
claims: Claims,
|
||||
): Promise<void> {
|
||||
if (relatedRecord === undefined) {
|
||||
throw new BadRequestError();
|
||||
}
|
||||
|
||||
const circle = await this.get(circleId, claims);
|
||||
if (
|
||||
claims &&
|
||||
((circle.isPublic && !claims.test(Claims.CIRCLES.PUBLIC.USERS.INVITE)) ||
|
||||
(!circle.isPublic &&
|
||||
!(claims.test(Claims.CIRCLES.OWNED.USERS.INVITE) && circle.owningUserId === claims.userId)))
|
||||
) {
|
||||
throw new UnauthorizedError();
|
||||
}
|
||||
|
||||
let invitedUserId: UserId | undefined;
|
||||
if (relatedRecord instanceof UserId) {
|
||||
invitedUserId = relatedRecord;
|
||||
} else if (relatedRecord instanceof PlayerId) {
|
||||
invitedUserId = (await orm.users.getByPlayer(relatedRecord))?.id;
|
||||
} else {
|
||||
invitedUserId = (await orm.users.getByEmail(relatedRecord))?.id;
|
||||
}
|
||||
|
||||
if (!invitedUserId) {
|
||||
throw new BadRequestError();
|
||||
}
|
||||
await sql`INSERT INTO circle_invites(invited_user_id, invited_by_user_id, circle_id)
|
||||
VALUES (${invitedUserId.raw}, ${claims.userId.raw}, ${circleId.raw})`;
|
||||
}
|
||||
|
||||
query: (query: string) => Promise<Circle[]> = memo<(query: string) => Promise<Circle[]>, Circle[]>(this.#query);
|
||||
async #query(query: string): Promise<Circle[]> {
|
||||
const queryResult: any = await sql` SELECT
|
||||
id, name, owning_user_id, is_public
|
||||
FROM (SELECT *, SIMILARITY(${query}, name) as similarity FROM circles WHERE is_public=true)
|
||||
WHERE similarity > 0
|
||||
ORDER BY similarity
|
||||
LIMIT 5;`;
|
||||
|
||||
if (!queryResult) {
|
||||
throw new NotFoundError('No matching circles exists');
|
||||
}
|
||||
|
||||
return queryResult.map(
|
||||
(x: { id: string; name: string; owning_user_id: string; is_public: boolean }) =>
|
||||
new Circle({
|
||||
id: CircleId.fromID(x.id),
|
||||
name: x.name,
|
||||
isPublic: x.is_public,
|
||||
owningUserId: UserId.fromID(x.owning_user_id),
|
||||
}),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -3,36 +3,47 @@ import { ClaimDefinition } from '../utilities/claimDefinitions';
|
||||
import { UserId } from '../utilities/secureIds';
|
||||
|
||||
export class Claims extends ClaimDefinition {
|
||||
userId?: UserId;
|
||||
userId: UserId;
|
||||
claims: string[] = [];
|
||||
|
||||
constructor(raw?: { userId?: string; claims?: string[] }) {
|
||||
constructor(raw?: { userId?: string | UserId; claims?: string[] }) {
|
||||
super();
|
||||
this.userId = raw?.userId ? UserId.fromHash(raw.userId) : undefined;
|
||||
if (raw?.userId instanceof UserId) {
|
||||
this.userId = raw.userId;
|
||||
} else {
|
||||
this.userId = UserId.fromHash(raw?.userId ?? '');
|
||||
}
|
||||
this.claims = raw?.claims ?? [];
|
||||
}
|
||||
|
||||
public static test(guardClaim: string, userClaims?: Claims): Boolean {
|
||||
return userClaims === undefined || userClaims.claims.some((x) => x === guardClaim);
|
||||
test(...guardClaims: string[]): Boolean {
|
||||
return Claims.test(this, ...guardClaims);
|
||||
}
|
||||
|
||||
public static test(userClaims?: Claims, ...guardClaims: string[]): Boolean {
|
||||
return (
|
||||
userClaims === undefined ||
|
||||
userClaims.claims.some((x: string): boolean => guardClaims.some((y: string): boolean => x === y))
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
export class ClaimsOrm {
|
||||
async getByUserId(userId: string): Promise<Claims> {
|
||||
const dbResults: any[] = await sql`SELECT c.name
|
||||
async getByUserId(userId: UserId): Promise<Claims> {
|
||||
const records: any[] = await sql`SELECT c.name
|
||||
from user_claims as uc
|
||||
JOIN claims as c on uc.claim_id = c.id
|
||||
where uc.user_id = ${userId};`;
|
||||
const claims = new Claims();
|
||||
claims.userId = UserId.fromID(userId);
|
||||
claims.claims = dbResults.map((x) => x.name);
|
||||
return claims;
|
||||
where uc.user_id = ${userId.raw};`;
|
||||
return new Claims({
|
||||
userId: userId,
|
||||
claims: records.map((x) => x.name),
|
||||
});
|
||||
}
|
||||
|
||||
async getDefaultClaims(): Promise<number[]> {
|
||||
const dbResults: any[] = await sql`SELECT id
|
||||
const records: any[] = await sql`SELECT id
|
||||
FROM claims
|
||||
WHERE is_default = true;`;
|
||||
return dbResults.map((x) => x.id);
|
||||
return records.map((x) => x.id);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4,16 +4,18 @@ import { first } from 'lodash';
|
||||
import { NotFoundError, UnauthorizedError } from '../utilities/errors';
|
||||
import { UpdateCollectionRequest } from '../utilities/requestModels';
|
||||
import { Game } from './games';
|
||||
import { CollectionId, GameId } from '../utilities/secureIds';
|
||||
import { CollectionId, GameId, UserId } from '../utilities/secureIds';
|
||||
|
||||
export class Collection {
|
||||
id: CollectionId;
|
||||
name: string;
|
||||
ownerId: UserId;
|
||||
games: Game[];
|
||||
|
||||
constructor(input: { id: CollectionId; name: string; games?: Game[] }) {
|
||||
constructor(input: { id: CollectionId; name: string; ownerId:UserId; games?: Game[] }) {
|
||||
this.id = input.id;
|
||||
this.name = input?.name;
|
||||
this.ownerId = input.ownerId;
|
||||
this.games = input.games ?? [];
|
||||
}
|
||||
}
|
||||
@@ -22,41 +24,42 @@ export class CollectionsOrm {
|
||||
async create(model: { name: string }, claims: Claims): Promise<Collection> {
|
||||
await sql`INSERT INTO collections (name, user_id)
|
||||
VALUES (${model.name}, ${claims?.userId?.raw})`;
|
||||
const newPCollectionId: string = (first(await sql`SELECT lastval();`) as any)?.lastval as string;
|
||||
const newRecordId: string = (first(await sql`SELECT lastval();`) as any)?.lastval as string;
|
||||
|
||||
return await this.get(CollectionId.fromID(newPCollectionId));
|
||||
return await this.get(CollectionId.fromID(newRecordId));
|
||||
}
|
||||
|
||||
async get(id: CollectionId, claims?: Claims): Promise<Collection> {
|
||||
const dbResult: any = await sql`SELECT
|
||||
const records: any = await sql`SELECT
|
||||
c.id AS collection_id,
|
||||
c.name AS collection_name,
|
||||
c.user_id AS user_id,
|
||||
g.id AS game_id,
|
||||
g.name AS game_name
|
||||
FROM collections c
|
||||
LEFT JOIN collection_games cg ON cg.collection_id = c.id
|
||||
LEFT JOIN games g ON g.id = cg.game_id
|
||||
LEFT JOIN collection_games cg ON cg.collection_id = c.id
|
||||
LEFT JOIN games g ON g.id = cg.game_id
|
||||
WHERE c.id = ${id.raw}`;
|
||||
|
||||
if (!(Claims.test(Claims.ADMIN, claims) || Claims.test(Claims.COLLECTIONS.UNOWNED.READ, claims))) {
|
||||
throw new UnauthorizedError();
|
||||
} else if (
|
||||
Claims.test(Claims.COLLECTIONS.OWNED.READ, claims) &&
|
||||
claims?.userId &&
|
||||
dbResult?.[0]?.user_id !== claims.userId.raw
|
||||
if (
|
||||
claims &&
|
||||
!(
|
||||
claims.test(Claims.ADMIN, Claims.COLLECTIONS.UNOWNED.READ) ||
|
||||
(Claims.test(claims, Claims.COLLECTIONS.OWNED.READ) &&
|
||||
records?.[0]?.user_id === claims?.userId?.raw)
|
||||
)
|
||||
) {
|
||||
throw new UnauthorizedError();
|
||||
}
|
||||
|
||||
if (!dbResult?.length) {
|
||||
if (!records?.length) {
|
||||
throw new NotFoundError('No matching player exists');
|
||||
}
|
||||
|
||||
return new Collection({
|
||||
id: CollectionId.fromID(dbResult[0].collection_id),
|
||||
name: dbResult[0].collection_name,
|
||||
games: dbResult
|
||||
id: CollectionId.fromID(records[0].collection_id),
|
||||
name: records[0].collection_name,
|
||||
ownerId: UserId.fromID(records[0].user_id),
|
||||
games: records
|
||||
.filter((x: { game_id: string; game_name: string }) => x.game_id)
|
||||
.map(
|
||||
(x: { game_id: string; game_name: string }) =>
|
||||
@@ -69,25 +72,27 @@ export class CollectionsOrm {
|
||||
}
|
||||
|
||||
async list(claims?: Claims): Promise<Collection[]> {
|
||||
if (!claims || Claims.test(Claims.ADMIN, claims)) {
|
||||
if (!claims || claims?.test(Claims.ADMIN)) {
|
||||
return (await sql`SELECT * FROM collections`).map(
|
||||
(x: { id: string; name: string }) =>
|
||||
(x: { id: string; name: string, user_id: string }) =>
|
||||
new Collection({
|
||||
id: CollectionId.fromID(x.id),
|
||||
name: x.name,
|
||||
ownerId: UserId.fromID(x.user_id)
|
||||
}),
|
||||
);
|
||||
}
|
||||
|
||||
if (!Claims.test(Claims.COLLECTIONS.OWNED.LIST, claims)) {
|
||||
if (!claims.test(Claims.COLLECTIONS.OWNED.LIST)) {
|
||||
throw new UnauthorizedError();
|
||||
}
|
||||
|
||||
return (await sql`SELECT * FROM collections WHERE user_id=${claims.userId?.raw}`).map(
|
||||
(x: { id: string; name: string }) =>
|
||||
(x: { id: string; name: string; user_id: string }) =>
|
||||
new Collection({
|
||||
id: CollectionId.fromID(x.id),
|
||||
name: x.name,
|
||||
ownerId: UserId.fromID(x.user_id)
|
||||
}),
|
||||
);
|
||||
}
|
||||
@@ -95,15 +100,17 @@ export class CollectionsOrm {
|
||||
async update(id: CollectionId, patch: UpdateCollectionRequest, claims?: Claims): Promise<Collection> {
|
||||
const collection = await this.get(id);
|
||||
|
||||
if (!(Claims.test(Claims.ADMIN, claims) || Claims.test(Claims.COLLECTIONS.UNOWNED.UPDATE, claims))) {
|
||||
throw new UnauthorizedError();
|
||||
} else if (
|
||||
Claims.test(Claims.COLLECTIONS.OWNED.UPDATE, claims) &&
|
||||
claims?.userId &&
|
||||
collection.id !== claims.userId
|
||||
if (
|
||||
claims &&
|
||||
!(
|
||||
claims.test(Claims.ADMIN, Claims.COLLECTIONS.UNOWNED.UPDATE) ||
|
||||
(Claims.test(claims, Claims.COLLECTIONS.OWNED.UPDATE) &&
|
||||
collection.ownerId === claims?.userId)
|
||||
)
|
||||
) {
|
||||
throw new UnauthorizedError();
|
||||
}
|
||||
|
||||
collection.name = patch.name ?? collection.name;
|
||||
|
||||
await sql`UPDATE collections SET name=${collection.name} WHERE id=${id.raw}`;
|
||||
@@ -113,12 +120,14 @@ export class CollectionsOrm {
|
||||
|
||||
async drop(id: CollectionId, claims?: Claims): Promise<void> {
|
||||
const collection = await this.get(id);
|
||||
if (!(Claims.test(Claims.ADMIN, claims) || Claims.test(Claims.COLLECTIONS.UNOWNED.DELETE, claims))) {
|
||||
throw new UnauthorizedError();
|
||||
} else if (
|
||||
Claims.test(Claims.COLLECTIONS.OWNED.DELETE, claims) &&
|
||||
claims?.userId &&
|
||||
collection.id !== claims.userId
|
||||
|
||||
if (
|
||||
claims &&
|
||||
!(
|
||||
claims.test(Claims.ADMIN, Claims.COLLECTIONS.UNOWNED.DELETE) ||
|
||||
(Claims.test(claims, Claims.COLLECTIONS.OWNED.DELETE) &&
|
||||
collection.ownerId === claims?.userId)
|
||||
)
|
||||
) {
|
||||
throw new UnauthorizedError();
|
||||
}
|
||||
@@ -130,12 +139,14 @@ export class CollectionsOrm {
|
||||
|
||||
async addGame(id: CollectionId, gameId: GameId, claims: Claims): Promise<void> {
|
||||
const collection = await this.get(id);
|
||||
if (!(Claims.test(Claims.ADMIN, claims) || Claims.test(Claims.COLLECTIONS.UNOWNED.GAME.ADD, claims))) {
|
||||
throw new UnauthorizedError();
|
||||
} else if (
|
||||
Claims.test(Claims.COLLECTIONS.OWNED.GAME.ADD, claims) &&
|
||||
claims?.userId &&
|
||||
collection.id !== claims.userId
|
||||
|
||||
if (
|
||||
claims &&
|
||||
!(
|
||||
claims.test(Claims.ADMIN) ||
|
||||
(Claims.test(claims, Claims.COLLECTIONS.OWNED.GAME.ADD) &&
|
||||
collection.ownerId === claims?.userId)
|
||||
)
|
||||
) {
|
||||
throw new UnauthorizedError();
|
||||
}
|
||||
@@ -147,12 +158,14 @@ export class CollectionsOrm {
|
||||
}
|
||||
async removeGame(id: CollectionId, gameId: GameId, claims: Claims): Promise<void> {
|
||||
const collection = await this.get(id);
|
||||
if (!(Claims.test(Claims.ADMIN, claims) || Claims.test(Claims.COLLECTIONS.UNOWNED.GAME.REMOVE, claims))) {
|
||||
throw new UnauthorizedError();
|
||||
} else if (
|
||||
Claims.test(Claims.COLLECTIONS.OWNED.GAME.REMOVE, claims) &&
|
||||
claims?.userId &&
|
||||
collection.id !== claims.userId
|
||||
|
||||
if (
|
||||
claims &&
|
||||
!(
|
||||
claims.test(Claims.ADMIN) ||
|
||||
(Claims.test(claims, Claims.COLLECTIONS.OWNED.GAME.REMOVE) &&
|
||||
collection.ownerId === claims?.userId)
|
||||
)
|
||||
) {
|
||||
throw new UnauthorizedError();
|
||||
}
|
||||
|
||||
@@ -23,45 +23,45 @@ export class Game {
|
||||
export class GamesOrm {
|
||||
async create(model: CreateGameRequest, claims?: Claims): Promise<Game> {
|
||||
await sql`INSERT INTO games (name, image_path, bgg_id)
|
||||
VALUES (${model.name}, ${Claims.test(Claims.GAMES.MANAGE_IMAGES, claims) ? model.imagePath : null}, ${model.bggId})`;
|
||||
const newGameId: string = (first(await sql`SELECT lastval();`) as any)?.lastval as string;
|
||||
VALUES (${model.name}, ${claims?.test(Claims.GAMES.MANAGE_IMAGES) ? model.imagePath : null}, ${model.bggId})`;
|
||||
const newRecordId: string = (first(await sql`SELECT lastval();`) as any)?.lastval as string;
|
||||
|
||||
return await this.get(GameId.fromID(newGameId));
|
||||
return await this.get(GameId.fromID(newRecordId));
|
||||
}
|
||||
|
||||
async get(id: GameId): Promise<Game> {
|
||||
const dbResult: any = first(
|
||||
const record: any = first(
|
||||
await sql`SELECT *
|
||||
FROM games
|
||||
WHERE id = ${id.raw}
|
||||
LIMIT 1`,
|
||||
);
|
||||
|
||||
if (!dbResult) {
|
||||
if (!record) {
|
||||
throw new NotFoundError('No matching game exists');
|
||||
}
|
||||
|
||||
return new Game({
|
||||
id: GameId.fromID(dbResult.id),
|
||||
name: dbResult.name,
|
||||
bggId: dbResult.bgg_id,
|
||||
imagePath: dbResult.image_path,
|
||||
id: GameId.fromID(record.id),
|
||||
name: record.name,
|
||||
bggId: record.bgg_id,
|
||||
imagePath: record.image_path,
|
||||
});
|
||||
}
|
||||
|
||||
async update(id: GameId, patch: UpdateGameRequest, claims?: Claims): Promise<Game> {
|
||||
const gameToUpdate = await this.get(id);
|
||||
gameToUpdate.name = patch.name ?? gameToUpdate.name;
|
||||
gameToUpdate.bggId = patch.bggId ?? gameToUpdate.bggId;
|
||||
const game = await this.get(id);
|
||||
game.name = patch.name ?? game.name;
|
||||
game.bggId = patch.bggId ?? game.bggId;
|
||||
|
||||
if (Claims.test(Claims.GAMES.MANAGE_IMAGES, claims)) {
|
||||
gameToUpdate.imagePath = patch.imagePath ?? gameToUpdate.imagePath;
|
||||
if (claims?.test(Claims.GAMES.MANAGE_IMAGES)) {
|
||||
game.imagePath = patch.imagePath ?? game.imagePath;
|
||||
}
|
||||
|
||||
await sql`UPDATE games
|
||||
SET name=${gameToUpdate.name},
|
||||
bgg_id=${gameToUpdate.bggId},
|
||||
image_path=${gameToUpdate.imagePath}
|
||||
SET name=${game.name},
|
||||
bgg_id=${game.bggId},
|
||||
image_path=${game.imagePath}
|
||||
WHERE id = ${id.raw}`;
|
||||
|
||||
return await this.get(id);
|
||||
@@ -90,18 +90,18 @@ export class GamesOrm {
|
||||
|
||||
query: (query: string) => Promise<Game[]> = memo<(query: string) => Promise<Game[]>, Game[]>(this.#query);
|
||||
async #query(query: string): Promise<Game[]> {
|
||||
const dbResult: any = await sql` SELECT
|
||||
const records: any = await sql` SELECT
|
||||
id, name
|
||||
FROM (SELECT *, SIMILARITY(${query}, name) as similarity FROM games)
|
||||
WHERE similarity > 0
|
||||
ORDER BY similarity
|
||||
LIMIT 5;`;
|
||||
|
||||
if (!dbResult) {
|
||||
if (!records) {
|
||||
throw new NotFoundError('No matching game exists');
|
||||
}
|
||||
|
||||
return dbResult.map(
|
||||
return records.map(
|
||||
(x: { id: string; name: string }) =>
|
||||
new Game({
|
||||
id: GameId.fromID(x.id),
|
||||
|
||||
@@ -22,7 +22,7 @@ export class InvitesOrm {
|
||||
},
|
||||
claims?: Claims,
|
||||
): Promise<void> {
|
||||
if (!Claims.test(Claims.ADMIN, claims)) {
|
||||
if (!claims?.test(Claims.ADMIN)) {
|
||||
const userInviteCount = (
|
||||
first(
|
||||
await sql`SELECT COUNT(*) AS count
|
||||
@@ -35,7 +35,7 @@ export class InvitesOrm {
|
||||
throw new UnauthorizedError('Invite allowance reached.');
|
||||
}
|
||||
|
||||
const inviteExists = (
|
||||
const doesInviteExist = (
|
||||
first(
|
||||
await sql`SELECT COUNT(*) > 0 AS exists
|
||||
FROM user_invites
|
||||
@@ -45,12 +45,12 @@ export class InvitesOrm {
|
||||
exists: boolean;
|
||||
}
|
||||
)?.exists;
|
||||
if (inviteExists) {
|
||||
if (doesInviteExist) {
|
||||
throw new BadRequestError('Player has already been invited.');
|
||||
}
|
||||
}
|
||||
|
||||
const playerHasUser = (
|
||||
const isPlayerAssociatedWithUser = (
|
||||
first(
|
||||
await sql`SELECT COUNT(*) > 0 AS exists
|
||||
FROM users
|
||||
@@ -60,7 +60,7 @@ export class InvitesOrm {
|
||||
exists: boolean;
|
||||
}
|
||||
)?.exists;
|
||||
if (playerHasUser) {
|
||||
if (isPlayerAssociatedWithUser) {
|
||||
throw new BadRequestError('User has already been invited.');
|
||||
}
|
||||
|
||||
@@ -69,7 +69,7 @@ export class InvitesOrm {
|
||||
const invitationCode = createRandomString(6);
|
||||
await sql`INSERT INTO user_invites (invite_code, email, player_id, invited_by_user_id)
|
||||
VALUES (${invitationCode}, ${email}, ${playerId.raw}, ${invitedByUserId.raw})`;
|
||||
const newInviteId: string = (first(await sql`SELECT lastval();`) as any)?.lastval as string;
|
||||
const newRecordId: string = (first(await sql`SELECT lastval();`) as any)?.lastval as string;
|
||||
|
||||
const resend = new Resend(process.env.RESEND_KEY);
|
||||
const resendResponse = await resend.emails.send({
|
||||
@@ -83,51 +83,51 @@ export class InvitesOrm {
|
||||
throw new InternalServerError();
|
||||
}
|
||||
|
||||
await sql`UPDATE user_invites SET was_email_sent = true WHERE id=${newInviteId}`;
|
||||
await sql`UPDATE user_invites SET was_email_sent = true WHERE id=${newRecordId}`;
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
async accept({ inviteCode, password }: { inviteCode: string; password: string }): Promise<User> {
|
||||
const invite: {
|
||||
const record: {
|
||||
id: string;
|
||||
email: string;
|
||||
player_id: string;
|
||||
accepted: boolean;
|
||||
} = first(await sql`SELECT * FROM user_invites WHERE invite_code=${inviteCode} LIMIT 1`);
|
||||
|
||||
if (!invite) {
|
||||
if (!record) {
|
||||
throw new NotFoundError('Invalid invite code');
|
||||
}
|
||||
|
||||
if (invite.accepted) {
|
||||
if (record.accepted) {
|
||||
throw new UnauthorizedError('Invite already accepted');
|
||||
}
|
||||
|
||||
const playerHasUser = (
|
||||
const isPlayerAssociatedWithUser = (
|
||||
first(
|
||||
await sql`SELECT COUNT(*) > 0 AS exists
|
||||
FROM users
|
||||
WHERE player_id = ${invite.player_id}
|
||||
OR email = ${invite.email}`,
|
||||
WHERE player_id = ${record.player_id}
|
||||
OR email = ${record.email}`,
|
||||
) as {
|
||||
exists: boolean;
|
||||
}
|
||||
)?.exists;
|
||||
if (playerHasUser) {
|
||||
if (isPlayerAssociatedWithUser) {
|
||||
throw new BadRequestError('User has already been invited.');
|
||||
}
|
||||
|
||||
const createdUser = await orm.users.create({
|
||||
email: invite.email,
|
||||
playerId: PlayerId.fromID(invite.player_id),
|
||||
const user = await orm.users.create({
|
||||
email: record.email,
|
||||
playerId: PlayerId.fromID(record.player_id),
|
||||
password,
|
||||
});
|
||||
|
||||
await sql`UPDATE user_invites
|
||||
SET accepted = true
|
||||
WHERE id = ${invite.id}`;
|
||||
WHERE id = ${record.id}`;
|
||||
|
||||
return createdUser;
|
||||
return user;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4,6 +4,7 @@ import { first, orderBy } from 'lodash';
|
||||
import { BadRequestError, NotFoundError, UnauthorizedError } from '../utilities/errors';
|
||||
import { GameId, MatchId, PlayerId, UserId } from '../utilities/secureIds';
|
||||
import { calculateElos } from '../utilities/elo';
|
||||
import { orm } from './orm';
|
||||
|
||||
export class MatchParticipant {
|
||||
matchId?: MatchId;
|
||||
@@ -115,23 +116,25 @@ export class MatchOrm {
|
||||
WHERE m.id = ${id.raw}`;
|
||||
|
||||
if (
|
||||
claims &&
|
||||
!(
|
||||
Claims.test(Claims.ADMIN, claims) ||
|
||||
(Claims.test(Claims.MATCHES.OWNED.READ, claims) && dbResult?.[0]?.owner_id === claims?.userId?.raw) ||
|
||||
(Claims.test(Claims.MATCHES.PARTICIPANT.READ, claims) &&
|
||||
claims.test(Claims.ADMIN) ||
|
||||
(claims.test(Claims.MATCHES.OWNED.READ) && dbResult?.[0]?.owner_id === claims?.userId?.raw) ||
|
||||
(claims.test(Claims.MATCHES.PARTICIPANT.READ) &&
|
||||
dbResult?.some((x: any) => x.player_id === claims?.userId?.raw))
|
||||
)
|
||||
) {
|
||||
throw new UnauthorizedError();
|
||||
}
|
||||
|
||||
if (!dbResult) {
|
||||
throw new NotFoundError('No matching user exists');
|
||||
const matchData = dbResult?.find((x: any) => x.match_id);
|
||||
if (!matchData?.match_id) {
|
||||
throw new NotFoundError('No matching match exists');
|
||||
}
|
||||
|
||||
return new Match(
|
||||
MatchId.fromID(dbResult?.[0]?.match_id),
|
||||
GameId.fromID(dbResult?.[0]?.game_id),
|
||||
MatchId.fromID(matchData?.match_id),
|
||||
GameId.fromID(matchData?.game_id),
|
||||
orderBy(
|
||||
dbResult
|
||||
.filter((x: any) => x.player_id)
|
||||
@@ -152,28 +155,51 @@ export class MatchOrm {
|
||||
);
|
||||
}
|
||||
|
||||
async drop(id: UserId, claims?: Claims): Promise<void> {
|
||||
// if (
|
||||
// !(
|
||||
// Claims.test(Claims.ADMIN, claims) ||
|
||||
// Claims.test(Claims.USERS.OTHER.DELETE, claims) ||
|
||||
// (Claims.test(Claims.USERS.SELF.DELETE, claims) && id === claims?.userId)
|
||||
// )
|
||||
// ) {
|
||||
// throw new UnauthorizedError();
|
||||
// }
|
||||
//
|
||||
// // Ensure user exists before attempting to delete
|
||||
// await this.get(id);
|
||||
// await sql.transaction(async (tx) => {
|
||||
// await tx`DELETE
|
||||
// FROM user_claims
|
||||
// WHERE user_id = ${id.raw}`;
|
||||
// await tx`DELETE
|
||||
// FROM users
|
||||
// WHERE id = ${id.raw}`;
|
||||
// });
|
||||
async drop(id: MatchId, claims?: Claims): Promise<void> {
|
||||
const match = await this.get(id);
|
||||
if (
|
||||
claims &&
|
||||
!(claims.test(Claims.ADMIN) || (claims.test(Claims.MATCHES.OWNED.DELETE) && match.owner === claims?.userId))
|
||||
) {
|
||||
throw new UnauthorizedError();
|
||||
}
|
||||
|
||||
await sql.transaction(async (tx) => {
|
||||
await tx`DELETE
|
||||
FROM match_players
|
||||
WHERE match_id = ${id.raw}`;
|
||||
await tx`DELETE
|
||||
FROM matches
|
||||
WHERE id = ${id.raw}`;
|
||||
});
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
async removePlayer(matchId: MatchId, participantId: UserId | PlayerId): Promise<void> {
|
||||
let playerId: PlayerId;
|
||||
if (participantId instanceof PlayerId) {
|
||||
playerId = participantId;
|
||||
} else {
|
||||
playerId = (await orm.users.get(participantId))?.playerId;
|
||||
if (!playerId) {
|
||||
throw new BadRequestError('User is not a participant');
|
||||
}
|
||||
}
|
||||
|
||||
const player = await orm.players.get(playerId);
|
||||
|
||||
await sql.transaction(async (tx) => {
|
||||
const eloRefund = parseInt(
|
||||
(
|
||||
await tx`SELECT elo_change FROM public.match_players WHERE match_id=${matchId.raw} AND player_id = ${playerId.raw}`
|
||||
)?.[0]?.elo_change ?? 0,
|
||||
);
|
||||
await tx`DELETE FROM match_players WHERE match_id=${matchId.raw} AND player_id=${playerId.raw}`;
|
||||
if (!player.isRatingLocked) {
|
||||
await tx`UPDATE players SET elo=${player.elo - eloRefund} WHERE id=${playerId.raw}`;
|
||||
}
|
||||
});
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5,6 +5,7 @@ import { GamesOrm } from './games';
|
||||
import { InvitesOrm } from './invites';
|
||||
import { CollectionsOrm } from './collections';
|
||||
import { MatchOrm } from './matches';
|
||||
import { CircleOrm } from './circles';
|
||||
|
||||
class Orm {
|
||||
readonly claims: ClaimsOrm = new ClaimsOrm();
|
||||
@@ -14,6 +15,7 @@ class Orm {
|
||||
readonly invites: InvitesOrm = new InvitesOrm();
|
||||
readonly collections: CollectionsOrm = new CollectionsOrm();
|
||||
readonly matches: MatchOrm = new MatchOrm();
|
||||
readonly circles: CircleOrm = new CircleOrm();
|
||||
}
|
||||
|
||||
export const orm = new Orm();
|
||||
|
||||
@@ -32,42 +32,43 @@ export class PlayersOrm {
|
||||
async create(model: { name: string }): Promise<Player> {
|
||||
await sql`INSERT INTO players (name)
|
||||
VALUES (${model.name})`;
|
||||
const newPlayerId: string = (first(await sql`SELECT lastval();`) as any)?.lastval as string;
|
||||
const newRecordId: string = (first(await sql`SELECT lastval();`) as any)?.lastval as string;
|
||||
|
||||
return await this.get(PlayerId.fromID(newPlayerId));
|
||||
return await this.get(PlayerId.fromID(newRecordId));
|
||||
}
|
||||
|
||||
async get(id: PlayerId, claims?: Claims): Promise<Player> {
|
||||
if (!(Claims.test(Claims.ADMIN, claims) || Claims.test(Claims.PLAYERS.OTHER.READ, claims))) {
|
||||
throw new UnauthorizedError();
|
||||
} else if (Claims.test(Claims.PLAYERS.SELF.READ, claims) && claims?.userId) {
|
||||
if(claims) {
|
||||
const user = await orm.users.get(claims.userId);
|
||||
if (id.raw !== user.playerId.raw) {
|
||||
if(!(claims.test(Claims.ADMIN, Claims.PLAYERS.OTHER.READ) ||
|
||||
claims.test(Claims.PLAYERS.SELF.READ) && id === user.playerId)) {
|
||||
throw new UnauthorizedError();
|
||||
|
||||
}
|
||||
}
|
||||
const dbResult: any = first(
|
||||
|
||||
const record: any = first(
|
||||
await sql`SELECT *
|
||||
FROM players
|
||||
WHERE id = ${id.raw}
|
||||
LIMIT 1`,
|
||||
);
|
||||
|
||||
if (!dbResult) {
|
||||
if (!record) {
|
||||
throw new NotFoundError('No matching player exists');
|
||||
}
|
||||
|
||||
return new Player({
|
||||
id: PlayerId.fromID(dbResult.id),
|
||||
name: dbResult.name,
|
||||
elo: parseInt(dbResult.elo),
|
||||
isRatingLocked: dbResult.is_rating_locked,
|
||||
canBeMultiple: dbResult.can_be_multiple,
|
||||
id: PlayerId.fromID(record.id),
|
||||
name: record.name,
|
||||
elo: parseInt(record.elo),
|
||||
isRatingLocked: record.is_rating_locked,
|
||||
canBeMultiple: record.can_be_multiple,
|
||||
});
|
||||
}
|
||||
|
||||
async list(claims?: Claims): Promise<Player[]> {
|
||||
if (!claims || Claims.test(Claims.ADMIN, claims)) {
|
||||
if (!claims || claims.test(Claims.ADMIN)) {
|
||||
return (await sql`SELECT * FROM players`).map(
|
||||
(x: { id: string; name: string; elo: string; is_rating_locked: boolean; can_be_multiple: boolean }) =>
|
||||
new Player({
|
||||
@@ -80,7 +81,7 @@ export class PlayersOrm {
|
||||
);
|
||||
}
|
||||
|
||||
if (!Claims.test(Claims.PLAYERS.OTHER.READ, claims)) {
|
||||
if (!claims.test(Claims.PLAYERS.OTHER.READ)) {
|
||||
throw new UnauthorizedError();
|
||||
}
|
||||
|
||||
@@ -109,35 +110,35 @@ export class PlayersOrm {
|
||||
}
|
||||
|
||||
async update(id: PlayerId, patch: UpdatePlayerRequest, claims?: Claims): Promise<Player> {
|
||||
if (!(Claims.test(Claims.ADMIN, claims) || Claims.test(Claims.PLAYERS.OTHER.UPDATE, claims))) {
|
||||
throw new UnauthorizedError();
|
||||
} else if (Claims.test(Claims.PLAYERS.SELF.UPDATE, claims) && claims?.userId) {
|
||||
if(claims) {
|
||||
const user = await orm.users.get(claims.userId);
|
||||
if (id.raw !== user.playerId.raw) {
|
||||
if(!(claims.test(Claims.ADMIN, Claims.PLAYERS.OTHER.UPDATE) ||
|
||||
(claims.test(Claims.PLAYERS.SELF.UPDATE) && id === user.playerId)
|
||||
)) {
|
||||
throw new UnauthorizedError();
|
||||
}
|
||||
}
|
||||
|
||||
const playerToUpdate = await this.get(id);
|
||||
playerToUpdate.name = patch.name ?? playerToUpdate.name;
|
||||
playerToUpdate.isRatingLocked = patch.isRatingLocked ?? playerToUpdate.isRatingLocked;
|
||||
playerToUpdate.canBeMultiple = patch.canBeMultiple ?? playerToUpdate.canBeMultiple;
|
||||
const player = await this.get(id);
|
||||
player.name = patch.name ?? player.name;
|
||||
player.isRatingLocked = patch.isRatingLocked ?? player.isRatingLocked;
|
||||
player.canBeMultiple = patch.canBeMultiple ?? player.canBeMultiple;
|
||||
|
||||
await sql`UPDATE players
|
||||
SET name=${playerToUpdate.name},
|
||||
is_rating_locked=${playerToUpdate.isRatingLocked},
|
||||
can_be_multiple=${playerToUpdate.canBeMultiple}
|
||||
SET name=${player.name},
|
||||
is_rating_locked=${player.isRatingLocked},
|
||||
can_be_multiple=${player.canBeMultiple}
|
||||
WHERE id = ${id.raw}`;
|
||||
|
||||
return await this.get(id);
|
||||
}
|
||||
|
||||
async drop(id: PlayerId, claims?: Claims): Promise<void> {
|
||||
if (!(Claims.test(Claims.ADMIN, claims) || Claims.test(Claims.PLAYERS.OTHER.DELETE, claims))) {
|
||||
throw new UnauthorizedError();
|
||||
} else if (Claims.test(Claims.PLAYERS.SELF.DELETE, claims) && claims?.userId) {
|
||||
if(claims) {
|
||||
const user = await orm.users.get(claims.userId);
|
||||
if (id.raw !== user.playerId.raw) {
|
||||
if(!(claims.test(Claims.ADMIN, Claims.PLAYERS.OTHER.DELETE) ||
|
||||
(claims.test(Claims.PLAYERS.SELF.DELETE) && id === user.playerId)
|
||||
)) {
|
||||
throw new UnauthorizedError();
|
||||
}
|
||||
}
|
||||
|
||||
160
src/orm/user.ts
160
src/orm/user.ts
@@ -24,9 +24,15 @@ export class User {
|
||||
}
|
||||
|
||||
export class UsersOrm {
|
||||
async create(
|
||||
{ email, password, playerId }: { email: string; password: string; playerId: PlayerId },
|
||||
): Promise<User> {
|
||||
async create({
|
||||
email,
|
||||
password,
|
||||
playerId,
|
||||
}: {
|
||||
email: string;
|
||||
password: string;
|
||||
playerId: PlayerId;
|
||||
}): Promise<User> {
|
||||
const existingUser: any = first(
|
||||
await sql`SELECT id
|
||||
FROM users
|
||||
@@ -41,29 +47,29 @@ export class UsersOrm {
|
||||
const passwordHash = await argon2.hash(password);
|
||||
await sql`INSERT INTO users (email, pass_hash, player_id)
|
||||
VALUES (${email}, ${passwordHash}, ${playerId.raw})`;
|
||||
const newUserId: UserId = UserId.fromID((first(await sql`SELECT lastval();`) as any)?.lastval as string);
|
||||
const newRecordId: string = (first(await sql`SELECT lastval();`) as any)?.lastval as string;
|
||||
await sql.transaction(async (tx) => {
|
||||
for (let i in defaultClaims) {
|
||||
await tx`INSERT INTO user_claims (user_id, claim_id)
|
||||
VALUES (${newUserId.raw}, ${defaultClaims[i]})`;
|
||||
VALUES (${newRecordId}, ${defaultClaims[i]})`;
|
||||
}
|
||||
});
|
||||
|
||||
return await this.get(newUserId);
|
||||
return await this.get(UserId.fromID(newRecordId));
|
||||
}
|
||||
|
||||
async get(id: UserId, claims?: Claims): Promise<User> {
|
||||
if (
|
||||
claims &&
|
||||
!(
|
||||
Claims.test(Claims.ADMIN, claims) ||
|
||||
Claims.test(Claims.USERS.OTHER.READ, claims) ||
|
||||
(Claims.test(Claims.USERS.SELF.READ, claims) && id === claims?.userId)
|
||||
claims.test(Claims.ADMIN, Claims.USERS.OTHER.READ) ||
|
||||
(claims.test(Claims.USERS.SELF.READ) && id === claims?.userId)
|
||||
)
|
||||
) {
|
||||
throw new UnauthorizedError();
|
||||
}
|
||||
|
||||
const dbResult: any = first(
|
||||
const record: any = first(
|
||||
await sql`SELECT *
|
||||
FROM users
|
||||
WHERE id = ${id.raw}
|
||||
@@ -71,49 +77,111 @@ export class UsersOrm {
|
||||
LIMIT 1`,
|
||||
);
|
||||
|
||||
if (!dbResult) {
|
||||
if (!record) {
|
||||
throw new NotFoundError('No matching user exists');
|
||||
}
|
||||
|
||||
return new User(
|
||||
UserId.fromID(dbResult.id),
|
||||
PlayerId.fromID(dbResult.player_id),
|
||||
dbResult.email,
|
||||
dbResult.is_admin,
|
||||
UserId.fromID(record.id),
|
||||
PlayerId.fromID(record.player_id),
|
||||
record.email,
|
||||
record.is_admin,
|
||||
);
|
||||
}
|
||||
|
||||
async update(id: UserId, patch: UpdateUserRequest, claims?: Claims): Promise<User> {
|
||||
async getByPlayer(id: PlayerId, claims?: Claims): Promise<User> {
|
||||
const record: any = first(
|
||||
await sql`SELECT *
|
||||
FROM users
|
||||
WHERE player_id = ${id.raw}
|
||||
AND is_active = true
|
||||
LIMIT 1`,
|
||||
);
|
||||
|
||||
if (!record) {
|
||||
throw new NotFoundError('No matching user exists');
|
||||
}
|
||||
|
||||
if (
|
||||
claims &&
|
||||
!(
|
||||
Claims.test(Claims.ADMIN, claims) ||
|
||||
Claims.test(Claims.USERS.OTHER.UPDATE, claims) ||
|
||||
(Claims.test(Claims.USERS.SELF.UPDATE, claims) && id === claims?.userId)
|
||||
claims.test(Claims.ADMIN, Claims.USERS.OTHER.READ) ||
|
||||
(claims.test(Claims.USERS.SELF.READ) && record.id === claims?.userId.raw)
|
||||
)
|
||||
) {
|
||||
throw new UnauthorizedError();
|
||||
}
|
||||
|
||||
const userToUpdate = await this.get(id);
|
||||
if (Claims.test(Claims.ADMIN, claims)) {
|
||||
userToUpdate.isActive = patch.isActive ?? userToUpdate.isActive;
|
||||
userToUpdate.isAdmin = patch.isAdmin ?? userToUpdate.isAdmin;
|
||||
return new User(
|
||||
UserId.fromID(record.id),
|
||||
PlayerId.fromID(record.player_id),
|
||||
record.email,
|
||||
record.is_admin,
|
||||
);
|
||||
}
|
||||
|
||||
async getByEmail(email: string, claims?: Claims): Promise<User> {
|
||||
const record: any = first(
|
||||
await sql`SELECT *
|
||||
FROM users
|
||||
WHERE email = ${email}
|
||||
AND is_active = true
|
||||
LIMIT 1`,
|
||||
);
|
||||
|
||||
if (!record) {
|
||||
throw new NotFoundError('No matching user exists');
|
||||
}
|
||||
|
||||
if (
|
||||
claims &&
|
||||
!(
|
||||
claims.test(Claims.ADMIN, Claims.USERS.OTHER.READ) ||
|
||||
(claims.test(Claims.USERS.SELF.READ) && record.id === claims?.userId.raw)
|
||||
)
|
||||
) {
|
||||
throw new UnauthorizedError();
|
||||
}
|
||||
|
||||
return new User(
|
||||
UserId.fromID(record.id),
|
||||
PlayerId.fromID(record.player_id),
|
||||
record.email,
|
||||
record.is_admin,
|
||||
);
|
||||
}
|
||||
|
||||
async update(id: UserId, patch: UpdateUserRequest, claims?: Claims): Promise<User> {
|
||||
if (
|
||||
claims &&
|
||||
!(
|
||||
claims.test(Claims.ADMIN, Claims.USERS.OTHER.UPDATE) ||
|
||||
(claims.test(Claims.USERS.SELF.UPDATE) && id === claims?.userId)
|
||||
)
|
||||
) {
|
||||
throw new UnauthorizedError();
|
||||
}
|
||||
|
||||
const user = await this.get(id);
|
||||
if (!claims || claims.test(Claims.ADMIN)) {
|
||||
user.isActive = patch.isActive ?? user.isActive;
|
||||
user.isAdmin = patch.isAdmin ?? user.isAdmin;
|
||||
}
|
||||
|
||||
await sql`UPDATE users
|
||||
SET is_active=${userToUpdate.isActive},
|
||||
is_admin=${userToUpdate.isAdmin}
|
||||
WHERE id = ${id.raw}`;
|
||||
SET is_active=${user.isActive},
|
||||
is_admin=${user.isAdmin}
|
||||
WHERE id = ${id.raw}`;
|
||||
|
||||
return await this.get(id);
|
||||
}
|
||||
|
||||
async drop(id: UserId, claims?: Claims): Promise<void> {
|
||||
if (
|
||||
claims &&
|
||||
!(
|
||||
Claims.test(Claims.ADMIN, claims) ||
|
||||
Claims.test(Claims.USERS.OTHER.DELETE, claims) ||
|
||||
(Claims.test(Claims.USERS.SELF.DELETE, claims) && id === claims?.userId)
|
||||
claims.test(Claims.ADMIN, Claims.USERS.OTHER.DELETE) ||
|
||||
(claims.test(Claims.USERS.SELF.DELETE) && id === claims?.userId)
|
||||
)
|
||||
) {
|
||||
throw new UnauthorizedError();
|
||||
@@ -133,49 +201,41 @@ export class UsersOrm {
|
||||
return;
|
||||
}
|
||||
|
||||
async verifyCredentials(
|
||||
email: string,
|
||||
password: string,
|
||||
): Promise<{ userId: UserId; refreshCount: string } | null> {
|
||||
const dbResult: any = first(
|
||||
async verifyCredentials(email: string, password: string): Promise<{ userId: UserId; refreshCount: string } | null> {
|
||||
const record: any = first(
|
||||
await sql`SELECT *
|
||||
FROM users
|
||||
WHERE email = ${email}
|
||||
AND is_active = true
|
||||
limit 1`,
|
||||
);
|
||||
if (!dbResult) {
|
||||
if (!record) {
|
||||
throw new UnauthorizedError();
|
||||
}
|
||||
|
||||
if (!(await argon2.verify(dbResult.pass_hash, password))) {
|
||||
if (!(await argon2.verify(record.pass_hash, password))) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return {
|
||||
userId: UserId.fromID(dbResult.id),
|
||||
refreshCount: dbResult.refresh_count,
|
||||
userId: UserId.fromID(record.id),
|
||||
refreshCount: record.refresh_count,
|
||||
};
|
||||
}
|
||||
|
||||
async verifyRefreshCount(id: UserId, refreshCount: string): Promise<boolean> {
|
||||
const dbResult: any = first(
|
||||
const record: any = first(
|
||||
await sql`SELECT *
|
||||
FROM users
|
||||
WHERE id = ${id.raw}
|
||||
LIMIT 1`,
|
||||
);
|
||||
return dbResult.refresh_count === refreshCount;
|
||||
return record.refresh_count === refreshCount;
|
||||
}
|
||||
|
||||
async changePassword(
|
||||
id: UserId,
|
||||
oldPassword: string | null,
|
||||
newPassword: string,
|
||||
claims?: Claims,
|
||||
): Promise<void> {
|
||||
const isAdmin = Claims.test(Claims.ADMIN, claims);
|
||||
if (!(isAdmin || (Claims.test(Claims.USERS.SELF.UPDATE, claims) && id === claims?.userId))) {
|
||||
async changePassword(id: UserId, oldPassword: string | null, newPassword: string, claims?: Claims): Promise<void> {
|
||||
const isAdmin = claims?.test(Claims.ADMIN) ?? true;
|
||||
if (!(isAdmin || (claims?.test(Claims.USERS.SELF.UPDATE) && id === claims?.userId))) {
|
||||
throw new UnauthorizedError();
|
||||
}
|
||||
|
||||
@@ -183,14 +243,14 @@ export class UsersOrm {
|
||||
throw new BadRequestError('Password is required');
|
||||
}
|
||||
|
||||
const dbUser: any = first(
|
||||
const record: any = first(
|
||||
await sql`SELECT *
|
||||
FROM users
|
||||
WHERE id = ${id.raw}
|
||||
LIMIT 1`,
|
||||
);
|
||||
|
||||
if (!isAdmin && !(await argon2.verify(dbUser.pass_hash, oldPassword as string))) {
|
||||
if (!isAdmin && !(await argon2.verify(record.pass_hash, oldPassword as string))) {
|
||||
throw new UnauthorizedError();
|
||||
}
|
||||
|
||||
|
||||
@@ -14,7 +14,7 @@ export default {
|
||||
},
|
||||
changePassword: {
|
||||
':id': {
|
||||
PATCH: guard(auth.changePassword, [Claims.ADMIN, Claims.USERS.SELF.UPDATE]),
|
||||
PATCH: guard(auth.changePassword, Claims.ADMIN, Claims.USERS.SELF.UPDATE),
|
||||
},
|
||||
},
|
||||
};
|
||||
|
||||
32
src/routes/circles.ts
Normal file
32
src/routes/circles.ts
Normal file
@@ -0,0 +1,32 @@
|
||||
import { guard } from '../utilities/guard';
|
||||
import { Claims } from '../orm/claims';
|
||||
import circles from '../endpoints/circles';
|
||||
|
||||
export default {
|
||||
'POST': guard(circles.create, Claims.ADMIN, Claims.CIRCLES.PUBLIC.CREATE, Claims.CIRCLES.PRIVATE.CREATE),
|
||||
':id': {
|
||||
GET: guard(
|
||||
circles.get,
|
||||
Claims.ADMIN,
|
||||
Claims.CIRCLES.PUBLIC.READ,
|
||||
Claims.CIRCLES.PRIVATE.READ,
|
||||
Claims.CIRCLES.PRIVATE.READ_IF_MEMBER,
|
||||
),
|
||||
PATCH: guard(circles.update, Claims.ADMIN, Claims.CIRCLES.OWNED.UPDATE),
|
||||
DELETE: guard(circles.drop, Claims.ADMIN, Claims.CIRCLES.OWNED.DELETE),
|
||||
invite: {
|
||||
POST: guard(
|
||||
circles.invite,
|
||||
Claims.ADMIN,
|
||||
Claims.CIRCLES.PUBLIC.USERS.INVITE,
|
||||
Claims.CIRCLES.OWNED.USERS.INVITE,
|
||||
),
|
||||
},
|
||||
},
|
||||
'search': {
|
||||
':query': {
|
||||
variants: [':pageSize/:page', ':page'],
|
||||
GET: guard(circles.query, Claims.ADMIN, Claims.CIRCLES.PUBLIC.READ),
|
||||
},
|
||||
},
|
||||
};
|
||||
@@ -3,28 +3,20 @@ import { Claims } from '../orm/claims';
|
||||
import collections from '../endpoints/collections';
|
||||
|
||||
export default {
|
||||
'POST': guard(collections.create, [Claims.ADMIN, Claims.COLLECTIONS.CREATE]),
|
||||
'POST': guard(collections.create, Claims.ADMIN, Claims.COLLECTIONS.CREATE),
|
||||
':id': {
|
||||
GET: guard(collections.get, [Claims.ADMIN, Claims.COLLECTIONS.UNOWNED.READ, Claims.COLLECTIONS.OWNED.READ]),
|
||||
PATCH: guard(collections.update, [Claims.ADMIN, Claims.PLAYERS.OTHER.UPDATE, Claims.PLAYERS.SELF.UPDATE]),
|
||||
DELETE: guard(collections.drop, [Claims.ADMIN, Claims.PLAYERS.OTHER.DELETE, Claims.PLAYERS.SELF.DELETE]),
|
||||
GET: guard(collections.get, Claims.ADMIN, Claims.COLLECTIONS.UNOWNED.READ, Claims.COLLECTIONS.OWNED.READ),
|
||||
PATCH: guard(collections.update, Claims.ADMIN, Claims.PLAYERS.OTHER.UPDATE, Claims.PLAYERS.SELF.UPDATE),
|
||||
DELETE: guard(collections.drop, Claims.ADMIN, Claims.PLAYERS.OTHER.DELETE, Claims.PLAYERS.SELF.DELETE),
|
||||
add: {
|
||||
POST: guard(collections.addGame, [
|
||||
Claims.ADMIN,
|
||||
Claims.COLLECTIONS.UNOWNED.GAME.ADD,
|
||||
Claims.COLLECTIONS.OWNED.GAME.ADD,
|
||||
]),
|
||||
POST: guard(collections.addGame, Claims.ADMIN, Claims.COLLECTIONS.OWNED.GAME.ADD),
|
||||
},
|
||||
remove: {
|
||||
POST: guard(collections.removeGame, [
|
||||
Claims.ADMIN,
|
||||
Claims.COLLECTIONS.UNOWNED.GAME.REMOVE,
|
||||
Claims.COLLECTIONS.OWNED.GAME.REMOVE,
|
||||
]),
|
||||
POST: guard(collections.removeGame, Claims.ADMIN, Claims.COLLECTIONS.OWNED.GAME.REMOVE),
|
||||
},
|
||||
},
|
||||
'list': {
|
||||
variants: [':pageSize/:page', ':page'],
|
||||
GET: guard(collections.list, [Claims.ADMIN, Claims.COLLECTIONS.OWNED.LIST]),
|
||||
GET: guard(collections.list, Claims.ADMIN, Claims.COLLECTIONS.OWNED.LIST),
|
||||
},
|
||||
};
|
||||
|
||||
@@ -3,16 +3,16 @@ import { Claims } from '../orm/claims';
|
||||
import games from '../endpoints/games';
|
||||
|
||||
export default {
|
||||
'POST': guard(games.create, [Claims.ADMIN, Claims.GAMES.CREATE]),
|
||||
'POST': guard(games.create, Claims.ADMIN, Claims.GAMES.CREATE),
|
||||
':id': {
|
||||
GET: guard(games.get, [Claims.ADMIN, Claims.GAMES.READ]),
|
||||
PATCH: guard(games.update, [Claims.ADMIN, Claims.GAMES.UPDATE]),
|
||||
DELETE: guard(games.drop, [Claims.ADMIN, Claims.GAMES.DELETE]),
|
||||
GET: guard(games.get, Claims.ADMIN, Claims.GAMES.READ),
|
||||
PATCH: guard(games.update, Claims.ADMIN, Claims.GAMES.UPDATE),
|
||||
DELETE: guard(games.drop, Claims.ADMIN, Claims.GAMES.DELETE),
|
||||
},
|
||||
'search': {
|
||||
':query': {
|
||||
variants: [':pageSize/:page', ':page'],
|
||||
GET: guard(games.query, [Claims.ADMIN, Claims.GAMES.READ]),
|
||||
GET: guard(games.query, Claims.ADMIN, Claims.GAMES.READ),
|
||||
},
|
||||
},
|
||||
};
|
||||
|
||||
@@ -3,7 +3,7 @@ import { Claims } from '../orm/claims';
|
||||
import invite from '../endpoints/invites';
|
||||
|
||||
export default {
|
||||
POST: guard(invite.create, [Claims.ADMIN, Claims.USERS.INVITE]),
|
||||
POST: guard(invite.create, Claims.ADMIN, Claims.USERS.INVITE),
|
||||
accept: {
|
||||
POST: unwrapMethod(invite.accept),
|
||||
},
|
||||
|
||||
@@ -3,9 +3,12 @@ import matches from '../endpoints/matches';
|
||||
import { Claims } from '../orm/claims';
|
||||
|
||||
export default {
|
||||
'POST': guard(matches.create, [Claims.ADMIN, Claims.MATCHES.CREATE]),
|
||||
'POST': guard(matches.create, Claims.ADMIN, Claims.MATCHES.CREATE),
|
||||
':id': {
|
||||
GET: guard(matches.get, [Claims.ADMIN, Claims.MATCHES.OWNED.READ, Claims.MATCHES.PARTICIPANT.READ]),
|
||||
DELETE: guard(matches.drop, [Claims.ADMIN, Claims.MATCHES.OWNED.DELETE, Claims.USERS.SELF.UPDATE]),
|
||||
GET: guard(matches.get, Claims.ADMIN, Claims.MATCHES.OWNED.READ, Claims.MATCHES.PARTICIPANT.READ),
|
||||
DELETE: guard(matches.drop, Claims.ADMIN, Claims.MATCHES.OWNED.DELETE, Claims.USERS.SELF.UPDATE),
|
||||
leave: {
|
||||
POST: guard(matches.leave, Claims.MATCHES.PARTICIPANT.LEAVE),
|
||||
},
|
||||
},
|
||||
};
|
||||
|
||||
@@ -3,14 +3,14 @@ import { Claims } from '../orm/claims';
|
||||
import player from '../endpoints/players';
|
||||
|
||||
export default {
|
||||
'POST': guard(player.create, [Claims.ADMIN, Claims.PLAYERS.CREATE]),
|
||||
'POST': guard(player.create, Claims.ADMIN, Claims.PLAYERS.CREATE),
|
||||
':id': {
|
||||
GET: guard(player.get, [Claims.ADMIN, Claims.PLAYERS.OTHER.READ, Claims.PLAYERS.SELF.READ]),
|
||||
PATCH: guard(player.update, [Claims.ADMIN, Claims.PLAYERS.OTHER.UPDATE, Claims.PLAYERS.SELF.UPDATE]),
|
||||
DELETE: guard(player.drop, [Claims.ADMIN, Claims.PLAYERS.OTHER.DELETE, Claims.PLAYERS.SELF.DELETE]),
|
||||
GET: guard(player.get, Claims.ADMIN, Claims.PLAYERS.OTHER.READ, Claims.PLAYERS.SELF.READ),
|
||||
PATCH: guard(player.update, Claims.ADMIN, Claims.PLAYERS.OTHER.UPDATE, Claims.PLAYERS.SELF.UPDATE),
|
||||
DELETE: guard(player.drop, Claims.ADMIN, Claims.PLAYERS.OTHER.DELETE, Claims.PLAYERS.SELF.DELETE),
|
||||
},
|
||||
'list': {
|
||||
variants: [':pageSize/:page', ':page'],
|
||||
GET: guard(player.list, [Claims.ADMIN, Claims.PLAYERS.OTHER.READ]),
|
||||
GET: guard(player.list, Claims.ADMIN, Claims.PLAYERS.OTHER.READ),
|
||||
},
|
||||
};
|
||||
|
||||
@@ -3,10 +3,10 @@ import user from '../endpoints/users';
|
||||
import { Claims } from '../orm/claims';
|
||||
|
||||
export default {
|
||||
'POST': guard(user.create, [Claims.ADMIN, Claims.USERS.CREATE]),
|
||||
'POST': guard(user.create, Claims.ADMIN, Claims.USERS.CREATE),
|
||||
':id': {
|
||||
GET: guard(user.get, [Claims.ADMIN, Claims.USERS.OTHER.READ, Claims.USERS.SELF.READ]),
|
||||
PATCH: guard(user.update, [Claims.ADMIN, Claims.USERS.OTHER.UPDATE, Claims.USERS.SELF.UPDATE]),
|
||||
DELETE: guard(user.drop, [Claims.ADMIN, Claims.USERS.OTHER.UPDATE, Claims.USERS.SELF.UPDATE]),
|
||||
GET: guard(user.get, Claims.ADMIN, Claims.USERS.OTHER.READ, Claims.USERS.SELF.READ),
|
||||
PATCH: guard(user.update, Claims.ADMIN, Claims.USERS.OTHER.UPDATE, Claims.USERS.SELF.UPDATE),
|
||||
DELETE: guard(user.drop, Claims.ADMIN, Claims.USERS.OTHER.UPDATE, Claims.USERS.SELF.UPDATE),
|
||||
},
|
||||
};
|
||||
|
||||
@@ -29,49 +29,41 @@ export class ClaimDefinition {
|
||||
};
|
||||
public static readonly CIRCLES = {
|
||||
PUBLIC: {
|
||||
READ: 'CIRCLES_OWNED_READ',
|
||||
CREATE: 'CIRCLES_PUBLIC_CREATE',
|
||||
JOIN: 'CIRCLES_PUBLIC_JOIN',
|
||||
USERS: {
|
||||
ADD: 'CIRCLES_PUBLIC_USER_ADD',
|
||||
LIST: 'CIRCLES_PUBLIC_USER_LIST',
|
||||
INVITE: 'CIRCLES_PUBLIC_USER_INVITE',
|
||||
},
|
||||
COMMENTS: {
|
||||
ADD: 'CIRCLES_PUBLIC_COMMENTS_ADD',
|
||||
DELETE: 'CIRCLES_PUBLIC_COMMENTS_DELETE',
|
||||
},
|
||||
USERS: {
|
||||
INVITE: 'CIRCLES_PUBLIC_USER_INVITE',
|
||||
LIST: 'CIRCLES_PUBLIC_USER_LIST',
|
||||
},
|
||||
},
|
||||
PRIVATE: {
|
||||
READ: 'CIRCLES_PRIVATE_READ',
|
||||
READ_IF_MEMBER: 'CIRCLES_PRIVATE_READ_IF_MEMBER',
|
||||
CREATE: 'CIRCLES_PRIVATE_CREATE',
|
||||
USERS: {
|
||||
INVITE: 'CIRCLES_PRIVATE_USER_INVITE',
|
||||
COMMENTS: {
|
||||
ADD: 'CIRCLES_PRIVATE_COMMENTS_ADD',
|
||||
},
|
||||
},
|
||||
OWNED: {
|
||||
READ: 'CIRCLES_OWNED_READ',
|
||||
UPDATE: 'CIRCLES_OWNED_UPDATE',
|
||||
DELETE: 'CIRCLES_OWNED_DELETE',
|
||||
USERS: {
|
||||
PLAYERS: {
|
||||
ADD: 'CIRCLES_OWNED_USER_ADD',
|
||||
LIST: 'CIRCLES_OWNED_USER_LIST',
|
||||
USERS: {
|
||||
INVITE: 'CIRCLES_OWNED_USER_INVITE',
|
||||
},
|
||||
},
|
||||
USERS: {
|
||||
INVITE: 'CIRCLES_OWNED_USER_INVITE',
|
||||
},
|
||||
COMMENTS: {
|
||||
ADD: 'CIRCLES_OWNED_COMMENTS_ADD',
|
||||
DELETE: 'CIRCLES_OWNED_COMMENTS_DELETE',
|
||||
},
|
||||
},
|
||||
UNOWNED: {
|
||||
READ: 'CIRCLES_UNOWNED_READ',
|
||||
UPDATE: 'CIRCLES_UNOWNED_UPDATE',
|
||||
DELETE: 'CIRCLES_UNOWNED_DELETE',
|
||||
COMMENTS: {
|
||||
ADD: 'CIRCLES_UNOWNED_COMMENTS_ADD',
|
||||
DELETE: 'CIRCLES_UNOWNED_COMMENTS_DELETE',
|
||||
},
|
||||
},
|
||||
};
|
||||
public static readonly GAMES = {
|
||||
CREATE: 'GAMES_CREATE',
|
||||
@@ -120,10 +112,6 @@ export class ClaimDefinition {
|
||||
READ: 'COLLECTIONS_UNOWNED_READ',
|
||||
UPDATE: 'COLLECTIONS_UNOWNED_UPDATE',
|
||||
DELETE: 'COLLECTIONS_UNOWNED_DELETE',
|
||||
GAME: {
|
||||
ADD: 'COLLECTIONS_UNOWNED_GAME_ADD',
|
||||
REMOVE: 'COLLECTIONS_UNOWNED_GAME_REMOVE',
|
||||
},
|
||||
},
|
||||
};
|
||||
public static readonly COMMENTS = {
|
||||
|
||||
@@ -6,10 +6,10 @@ import { Claims } from '../orm/claims';
|
||||
export function guardRedirect(
|
||||
method: (request: UnwrappedRequest<any>) => Promise<Response> | Response,
|
||||
redirectMethod: Function,
|
||||
guardedClaims: string[],
|
||||
...guardedClaims: string[]
|
||||
) {
|
||||
try {
|
||||
return guard(method, guardedClaims);
|
||||
return guard(method, ...guardedClaims);
|
||||
} catch (e) {
|
||||
return redirectMethod();
|
||||
}
|
||||
@@ -17,19 +17,21 @@ export function guardRedirect(
|
||||
|
||||
export function guard(
|
||||
method: (request: UnwrappedRequest<any>) => Promise<Response> | Response,
|
||||
guardedClaims: string[],
|
||||
...guardedClaims: string[]
|
||||
): (r: Request) => Promise<Response> {
|
||||
return async (request: Request): Promise<Response> => {
|
||||
const authHeader: string | null =
|
||||
(request.headers.get('Authorization')?.replace(/^Bearer /, '') as string) ?? null;
|
||||
try {
|
||||
const userClaims: Claims = new Claims(jwt.verify(authHeader as string, process.env.JWT_SECRET_KEY as string) as any);
|
||||
if (!userClaims.claims.some((x: string): boolean => guardedClaims.includes(x))) {
|
||||
const userClaims: Claims = new Claims(
|
||||
jwt.verify(authHeader as string, process.env.JWT_SECRET_KEY as string) as any,
|
||||
);
|
||||
if (!userClaims.userId.raw || !userClaims.claims.some((x: string): boolean => guardedClaims.includes(x))) {
|
||||
return new UnauthorizedResponse('Unauthorized');
|
||||
}
|
||||
return method(await unwrap(request, userClaims));
|
||||
} catch (error: any) {
|
||||
console.log(error)
|
||||
console.log(error);
|
||||
if (error instanceof TokenExpiredError) {
|
||||
return new UnauthorizedResponse(error.message);
|
||||
}
|
||||
@@ -66,6 +68,6 @@ export function unwrapMethod<T = {}>(
|
||||
): (r: Request) => Promise<Response> {
|
||||
return async (request: Request) => {
|
||||
const unwrappedRequest = await unwrap<T>(request);
|
||||
return await methodToUnwrap(unwrappedRequest);
|
||||
return methodToUnwrap(unwrappedRequest);
|
||||
};
|
||||
}
|
||||
|
||||
@@ -54,3 +54,19 @@ export interface CreateMatchRequest {
|
||||
gameId: string;
|
||||
participants: { playerId: string; standing: number }[];
|
||||
}
|
||||
export interface CreateCircleRequest {
|
||||
name: string;
|
||||
isPublic: boolean;
|
||||
imagePath?: string;
|
||||
colour: string;
|
||||
}
|
||||
export interface UpdateCircleRequest {
|
||||
name: string;
|
||||
imagePath?: string;
|
||||
colour: string;
|
||||
}
|
||||
export interface InviteToCircleRequest {
|
||||
email?:string;
|
||||
userId?:string;
|
||||
playerId?:string;
|
||||
}
|
||||
@@ -1,5 +1,5 @@
|
||||
import { BadRequestError, NotFoundError, UnauthorizedError } from './errors';
|
||||
import { clamp, isObject } from 'lodash';
|
||||
import { clamp, isArray, isObject } from 'lodash';
|
||||
import { UnwrappedRequest } from './guard';
|
||||
|
||||
export class ErrorResponse extends Response {
|
||||
@@ -52,7 +52,7 @@ export class OkResponse extends Response {
|
||||
constructor(body?: any) {
|
||||
if (body) {
|
||||
return Response.json(
|
||||
isObject(body)
|
||||
isObject(body) && !isArray(body)
|
||||
? {
|
||||
...body,
|
||||
}
|
||||
|
||||
@@ -28,6 +28,7 @@ export function buildRoute(
|
||||
const endpointDefinition = {
|
||||
POST: route.POST,
|
||||
GET: route.GET,
|
||||
PATCH: route.PATCH,
|
||||
PUT: route.PUT,
|
||||
DELETE: route.DELETE,
|
||||
};
|
||||
|
||||
@@ -17,7 +17,7 @@ class SecureId {
|
||||
constructor(id: { public?: string; secure?: string }, hashScheme?: HashIds) {
|
||||
this.#hashScheme = hashScheme ?? (this.constructor as any).hashScheme;
|
||||
|
||||
if (id.public) {
|
||||
if (id.public !== undefined) {
|
||||
this.value = id.public;
|
||||
} else if (id.secure) {
|
||||
this.raw = id.secure;
|
||||
@@ -66,71 +66,104 @@ class SecureId {
|
||||
export class UserId extends SecureId {
|
||||
protected static override hashPrefix: string = 'UserId';
|
||||
|
||||
// This method exists to force type errors when using an incorrect ID class.
|
||||
#uniqueMethodUser(){}
|
||||
|
||||
public static fromHash(hash: string): UserId {
|
||||
return super.fromHash(hash, UserId);
|
||||
return super.fromHash(hash, UserId) as UserId;
|
||||
}
|
||||
|
||||
public static fromID(id: string): UserId {
|
||||
return super.fromID(id, UserId);
|
||||
return super.fromID(id, UserId) as UserId;
|
||||
}
|
||||
}
|
||||
|
||||
export class PlayerId extends SecureId {
|
||||
protected static override hashPrefix: string = 'PlayerId';
|
||||
|
||||
// This method exists to force type errors when using an incorrect ID class.
|
||||
#uniqueMethodPlayer(){}
|
||||
|
||||
public static fromHash(hash: string): PlayerId {
|
||||
return super.fromHash(hash, PlayerId);
|
||||
return super.fromHash(hash, PlayerId) as PlayerId;
|
||||
}
|
||||
|
||||
public static fromID(id: string): PlayerId {
|
||||
return super.fromID(id, PlayerId);
|
||||
return super.fromID(id, PlayerId) as PlayerId;
|
||||
}
|
||||
}
|
||||
|
||||
export class InviteId extends SecureId {
|
||||
protected static override hashPrefix: string = 'InviteId';
|
||||
|
||||
// This method exists to force type errors when using an incorrect ID class.
|
||||
#uniqueMethodInvite(){}
|
||||
|
||||
public static fromHash(hash: string): InviteId {
|
||||
return super.fromHash(hash, InviteId);
|
||||
return super.fromHash(hash, InviteId) as InviteId;
|
||||
}
|
||||
|
||||
public static fromID(id: string): InviteId {
|
||||
return super.fromID(id, InviteId);
|
||||
return super.fromID(id, InviteId) as InviteId;
|
||||
}
|
||||
}
|
||||
|
||||
export class GameId extends SecureId {
|
||||
protected static override hashPrefix: string = 'GameId';
|
||||
|
||||
// This method exists to force type errors when using an incorrect ID class.
|
||||
#uniqueMethodGame(){}
|
||||
|
||||
public static fromHash(hash: string): GameId {
|
||||
return super.fromHash(hash, GameId);
|
||||
return super.fromHash(hash, GameId) as GameId;
|
||||
}
|
||||
|
||||
public static fromID(id: string): GameId {
|
||||
return super.fromID(id, GameId);
|
||||
return super.fromID(id, GameId) as GameId;
|
||||
}
|
||||
}
|
||||
|
||||
export class CollectionId extends SecureId {
|
||||
protected static override hashPrefix: string = 'CollectionId';
|
||||
|
||||
// This method exists to force type errors when using an incorrect ID class.
|
||||
#uniqueMethodCollection(){}
|
||||
|
||||
public static fromHash(hash: string): CollectionId {
|
||||
return super.fromHash(hash, CollectionId);
|
||||
return super.fromHash(hash, CollectionId) as CollectionId;
|
||||
}
|
||||
|
||||
public static fromID(id: string): CollectionId {
|
||||
return super.fromID(id, CollectionId);
|
||||
return super.fromID(id, CollectionId) as CollectionId;
|
||||
}
|
||||
}
|
||||
|
||||
export class MatchId extends SecureId {
|
||||
protected static override hashPrefix: string = 'MatchId';
|
||||
|
||||
// This method exists to force type errors when using an incorrect ID class.
|
||||
#uniqueMethodMatch(){}
|
||||
|
||||
public static fromHash(hash: string): MatchId {
|
||||
return super.fromHash(hash, MatchId);
|
||||
return super.fromHash(hash, MatchId) as MatchId;
|
||||
}
|
||||
|
||||
public static fromID(id: string): MatchId {
|
||||
return super.fromID(id, MatchId);
|
||||
return super.fromID(id, MatchId) as MatchId;
|
||||
}
|
||||
}
|
||||
|
||||
export class CircleId extends SecureId {
|
||||
protected static override hashPrefix: string = 'CircleId';
|
||||
|
||||
// This method exists to force type errors when using an incorrect ID class.
|
||||
#uniqueMethodCircle(){}
|
||||
|
||||
public static fromHash(hash: string): CircleId {
|
||||
return super.fromHash(hash, CircleId) as CircleId;
|
||||
}
|
||||
|
||||
public static fromID(id: string): CircleId {
|
||||
return super.fromID(id, CircleId) as CircleId;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user