jd/bgApp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: jd:3464f32c4667d57b71db9ff9ef361dc3fab6ef8f
Branches Tags
jd:main
...
compare: jd:main
Branches Tags
jd:main

7 Commits
3464f32c46 ... main

Author SHA1 Message Date
jd
c4a37f13be Minor tidy up and refactor to improve consistency. 2026-03-03 00:17:46 +00:00
jd
c23536b3ed Finished initial implementation of circle endpoints 2026-03-02 23:52:12 +00:00
jd
dee5b2429d Fixed issues regarding claim verification in ORM 2026-02-24 00:03:06 +00:00
jd
df60ad4552 Added ability for users to update their password. Minor tidy up. 2026-02-23 20:48:52 +00:00
jd
872a79663b Finished implementing match endpoints 2026-02-22 12:02:05 +00:00
jd
0fa00e6759 Fixed some behaviour in Elo calculation. Began implement match logic. 2026-02-22 02:07:50 +00:00
jd
564ffe7c8c Fixed some behaviour in Elo calculation. Began implement match logic. 2026-02-22 02:07:44 +00:00
50 changed files with 1393 additions and 397 deletions
Expand all files Collapse all files

30
API Tests/BGApp/Circle/Create.yml Normal file
View File

@@ -0,0 +1,30 @@
info:
name: Create
type: http
seq: 1
http:
method: POST
url: "{{BASE_URL}}/{{SECTOR}}"
body:
type: json
data: |-
{
"name": "{{Name}}",
"isPublic": {{IsPublic}},
"colour": "#FFFFFF"
}
auth: inherit
runtime:
variables:
- name: Name
value: Test Private Circle
- name: IsPublic
value: "false"
settings:
encodeUrl: true
timeout: 0
followRedirects: true
maxRedirects: 5

20
API Tests/BGApp/Circle/Delete.yml Normal file
View File

@@ -0,0 +1,20 @@
info:
name: Delete
type: http
seq: 4
http:
method: DELETE
url: "{{BASE_URL}}/{{SECTOR}}/{{CircleID}}"
auth: inherit
runtime:
variables:
- name: CircleID
value: 6Z4214
settings:
encodeUrl: true
timeout: 0
followRedirects: true
maxRedirects: 5

20
API Tests/BGApp/Circle/Get.yml Normal file
View File

@@ -0,0 +1,20 @@
info:
name: Get
type: http
seq: 2
http:
method: GET
url: "{{BASE_URL}}/{{SECTOR}}/{{CircleID}}"
auth: inherit
runtime:
variables:
- name: CircleID
value: P17GOJ
settings:
encodeUrl: true
timeout: 0
followRedirects: true
maxRedirects: 5

24
API Tests/BGApp/Circle/Search.yml Normal file
View File

@@ -0,0 +1,24 @@
info:
name: Search
type: http
seq: 5
http:
method: GET
url: "{{BASE_URL}}/{{SECTOR}}/search/{{Query}}/{{PageSize}}/{{Page}}"
auth: inherit
runtime:
variables:
- name: Query
value: test
- name: PageSize
value: "5"
- name: Page
value: "1"
settings:
encodeUrl: true
timeout: 0
followRedirects: true
maxRedirects: 5

28
API Tests/BGApp/Circle/Update.yml Normal file
View File

@@ -0,0 +1,28 @@
info:
name: Update
type: http
seq: 3
http:
method: PATCH
url: "{{BASE_URL}}/{{SECTOR}}/{{CircleID}}"
body:
type: json
data: |-
{
"name":"{{Name}}"
}
auth: inherit
runtime:
variables:
- name: CircleID
value: 6Z4214
- name: Name
value: Test update
settings:
encodeUrl: true
timeout: 0
followRedirects: true
maxRedirects: 5

10
API Tests/BGApp/Circle/folder.yml Normal file
View File

@@ -0,0 +1,10 @@
info:
name: Circle
type: folder
seq: 1
request:
auth: inherit
variables:
- name: SECTOR
value: circles

4
API Tests/BGApp/Game/Update.yml
View File

@@ -17,9 +17,9 @@ http:
runtime:
variables:
- name: GameID
value: ""
value: DM5GMY
- name: Name
value: ""
value: Update test
settings:
encodeUrl: true

35
API Tests/BGApp/Matches/Create.yml Normal file
View File

@@ -0,0 +1,35 @@
info:
name: Create
type: http
seq: 1
http:
method: POST
url: "{{BASE_URL}}/{{SECTOR}}"
body:
type: json
data: |-
{
"gameId": "RM089N",
"participants": [
{"playerId": "Q3M1PR", "standing": 0},
{"playerId": "539DPX", "standing": 1},
{"playerId": "JZ7939", "standing": 2}
]
}
auth: inherit
runtime:
variables:
- name: Email
value: ""
- name: Password
value: ""
- name: PlayerID
value: ""
settings:
encodeUrl: true
timeout: 0
followRedirects: true
maxRedirects: 5

20
API Tests/BGApp/Matches/Delete.yml Normal file
View File

@@ -0,0 +1,20 @@
info:
name: Delete
type: http
seq: 3
http:
method: DELETE
url: "{{BASE_URL}}/{{SECTOR}}/{{MatchID}}"
auth: inherit
runtime:
variables:
- name: MatchID
value: 846M1L
settings:
encodeUrl: true
timeout: 0
followRedirects: true
maxRedirects: 5

20
API Tests/BGApp/Matches/Get.yml Normal file
View File

@@ -0,0 +1,20 @@
info:
name: Get
type: http
seq: 2
http:
method: GET
url: "{{BASE_URL}}/{{SECTOR}}/{{MatchID}}"
auth: inherit
runtime:
variables:
- name: MatchID
value: 848O12
settings:
encodeUrl: true
timeout: 0
followRedirects: true
maxRedirects: 5

23
API Tests/BGApp/Matches/Leave.yml Normal file
View File

@@ -0,0 +1,23 @@
info:
name: Leave
type: http
seq: 4
http:
method: POST
url: "{{BASE_URL}}/{{SECTOR}}/{{MatchID}}/leave"
body:
type: json
data: ""
auth: inherit
runtime:
variables:
- name: MatchID
value: 848O12
settings:
encodeUrl: true
timeout: 0
followRedirects: true
maxRedirects: 5

10
API Tests/BGApp/Matches/folder.yml Normal file
View File

@@ -0,0 +1,10 @@
info:
name: Matches
type: folder
seq: 1
request:
auth: inherit
variables:
- name: SECTOR
value: matches

2
API Tests/BGApp/Players/Get.yml
View File

@@ -11,7 +11,7 @@ http:
runtime:
variables:
- name: PlayerID
value: ""
value: 539DPX
settings:
encodeUrl: true

1
API Tests/BGApp/environments/BGApp.yml
View File

@@ -1,3 +1,4 @@
#file: noinspection SpellCheckingInspection
name: BGApp
variables:
- name: BEARER_TOKEN

10
API Tests/BGApp/opencollection.yml
View File

@@ -18,16 +18,6 @@ request:
auth:
type: bearer
token: "{{BEARER_TOKEN}}"
actions:
- type: set-variable
phase: after-response
selector:
expression: ${token}
method: jsonq
variable:
name: Token
scope: runtime
disabled: true
bundled: false
extensions:
bruno:

78
scripts/dbCreate.sql
View File

@@ -1,3 +1,81 @@
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
-- noinspection SpellCheckingInspectionForFile
--
-- PostgreSQL database dump
--

93
src/emails/invite.tsx
View File

@@ -1,6 +1,5 @@
import * as React from 'react';
import { brandColours } from '../utilities/helpers';
import { size } from 'lodash';
interface InviteEmailProperties {
playerName: string;
@@ -21,57 +20,59 @@ export const InviteEmail = (props: InviteEmailProperties) => (
cellSpacing={0}
cellPadding={0}
>
<tr>
<td align="center">
<div
style={{
padding: '20px',
borderRadius: '20px',
background: brandColours.white,
margin: '50px',
color: brandColours.dark,
maxWidth: '450px',
}}
>
<h1>You're in, {props.playerName}!</h1>
<p>
You've been invited to join {process.env.PRODUCT_NAME}, please click the button below to
finish signing up.
</p>
<p
<tbody>
<tr>
<td align="center">
<div
style={{
marginBottom: '40px',
padding: '20px',
borderRadius: '20px',
background: brandColours.white,
margin: '50px',
color: brandColours.dark,
maxWidth: '450px',
}}
>
<a
<h1>You're in, {props.playerName}!</h1>
<p>
You've been invited to join {process.env.PRODUCT_NAME}, please click the button below to
finish signing up.
</p>
<p
style={{
display: 'inline-block',
padding: '10px 20px',
borderRadius: '5px',
background: brandColours.primary,
textDecoration: 'none',
color: brandColours.light,
fontSize: '20px',
fontWeight: 'bold',
marginBottom: '40px',
}}
href={`${process.env.ROOT_URL}/invitation/${props.inviteCode}`}
>
Join {process.env.PRODUCT_NAME}
</a>
</p>
<p
style={{
fontSize: '0.8rem',
opacity: '80%',
}}
>
If above button does not work, copy the link below into a new browser tab:
<br />
{`${process.env.ROOT_URL}/invitation/${props.inviteCode}`}
</p>
</div>
</td>
</tr>
<a
style={{
display: 'inline-block',
padding: '10px 20px',
borderRadius: '5px',
background: brandColours.primary,
textDecoration: 'none',
color: brandColours.light,
fontSize: '20px',
fontWeight: 'bold',
}}
href={`${process.env.ROOT_URL}/invitation/${props.inviteCode}`}
>
Join {process.env.PRODUCT_NAME}
</a>
</p>
<p
style={{
fontSize: '0.8rem',
opacity: '80%',
}}
>
If above button does not work, copy the link below into a new browser tab:
<br />
{`${process.env.ROOT_URL}/invitation/${props.inviteCode}`}
</p>
</div>
</td>
</tr>
</tbody>
</table>
</div>
);

10
src/endpoints/auth.ts
View File

@@ -20,7 +20,7 @@ async function login(request: UnwrappedRequest<LoginRequest>): Promise<Response>
const tokenLifeSpanInDays = 30;
const token = jwt.sign(
{
u: verify.userId.raw,
u: verify.userId,
r: verify.refreshCount,
},
process.env.JWT_REFRESH_KEY as string,
@@ -33,9 +33,9 @@ async function login(request: UnwrappedRequest<LoginRequest>): Promise<Response>
httpOnly: true,
secure: true,
maxAge: tokenLifeSpanInDays * 24 * 60 * 60,
path: '/api/auth/token'
path: '/api/auth/token',
});
return new OkResponse();
return new OkResponse({ token });
} catch (error: any) {
return new ErrorResponse(error as Error);
}
@@ -54,13 +54,13 @@ async function token(request: UnwrappedRequest): Promise<Response> {
r: string;
} = jwt.verify(refreshCookie, process.env.JWT_REFRESH_KEY as string) as { u: string; r: string };
if (!(await orm.users.verifyRefreshCount(UserId.fromID(refreshToken.u), refreshToken.r))) {
if (!(await orm.users.verifyRefreshCount(UserId.fromHash(refreshToken.u), refreshToken.r))) {
const response = new UnauthorizedResponse('Invalid refresh token');
response.headers.set('Clear-Site-Data', '"cookies","cache","storage","executionContexts"');
return response;
}
const claims: Claims | null = await orm.claims.getByUserId(refreshToken.u);
const claims: Claims | null = await orm.claims.getByUserId(UserId.fromHash(refreshToken.u));
const token = jwt.sign({ ...claims }, process.env.JWT_SECRET_KEY as string, {
expiresIn: process.env.JWT_LIFESPAN as any,

74
src/endpoints/circles.ts Normal file
View File

@@ -0,0 +1,74 @@
import { orm } from '../orm/orm';
import { UnwrappedRequest } from '../utilities/guard';
import { CreatedResponse, ErrorResponse, OkResponse, PagedResponse } from '../utilities/responseHelper';
import { CreateCircleRequest, InviteToCircleRequest, UpdateCircleRequest } from '../utilities/requestModels';
import { CircleId, PlayerId, UserId } from '../utilities/secureIds';
async function create(request: UnwrappedRequest<CreateCircleRequest>): Promise<Response> {
try {
return new CreatedResponse(await orm.circles.create(request.body, request.claims));
} catch (error: any) {
return new ErrorResponse(error as Error);
}
}
async function invite(request: UnwrappedRequest<InviteToCircleRequest>): Promise<Response> {
try {
let relatedEntityId: UserId | PlayerId | string | undefined;
if (request.body.userId) {
relatedEntityId = UserId.fromHash(request.body.userId);
} else if (request.body.playerId) {
relatedEntityId = PlayerId.fromHash(request.body.playerId);
} else {
relatedEntityId = request.body.email;
}
return new CreatedResponse(
await orm.circles.invite(CircleId.fromHash(request.params.id), relatedEntityId, request.claims),
);
} catch (error: any) {
return new ErrorResponse(error as Error);
}
}
async function get(request: UnwrappedRequest): Promise<Response> {
try {
return new OkResponse(await orm.circles.get(CircleId.fromHash(request.params.id)));
} catch (error: any) {
return new ErrorResponse(error as Error);
}
}
async function update(request: UnwrappedRequest<UpdateCircleRequest>): Promise<Response> {
try {
return new OkResponse(
await orm.circles.update(CircleId.fromHash(request.params.id), request.body),
);
} catch (error: any) {
return new ErrorResponse(error as Error);
}
}
async function drop(request: UnwrappedRequest): Promise<Response> {
try {
return new OkResponse(await orm.circles.drop(CircleId.fromHash(request.params.id)));
} catch (error: any) {
return new ErrorResponse(error as Error);
}
}
async function query(request: UnwrappedRequest): Promise<Response> {
try {
return new PagedResponse(request, await orm.circles.query(request.params.query));
} catch (error: any) {
return new ErrorResponse(error as Error);
}
}
export default {
create,
get,
update,
drop,
query,
invite,
};

9
src/endpoints/collections.ts
View File

@@ -1,17 +1,12 @@
import { orm } from '../orm/orm';
import { UnwrappedRequest } from '../utilities/guard';
import { CreatedResponse, ErrorResponse, OkResponse, PagedResponse } from '../utilities/responseHelper';
import {
GameToCollectionRequest,
CreateCollectionRequest,
UpdateCollectionRequest,
} from '../utilities/requestModels';
import { GameToCollectionRequest, CreateCollectionRequest, UpdateCollectionRequest } from '../utilities/requestModels';
import { CollectionId, GameId } from '../utilities/secureIds';
async function create(request: UnwrappedRequest<CreateCollectionRequest>): Promise<Response> {
try {
const newPlayer = await orm.collections.create(request.body, request.claims);
return new CreatedResponse(newPlayer);
return new CreatedResponse(await orm.collections.create(request.body, request.claims));
} catch (error: any) {
return new ErrorResponse(error as Error);
}

30
src/endpoints/games.ts
View File

@@ -1,23 +1,21 @@
import { orm } from '../orm/orm';
import { UnwrappedRequest } from '../utilities/guard';
import { CreatedResponse, ErrorResponse, OkResponse, PagedResponse } from '../utilities/responseHelper';
import {
CreateGameRequest,
UpdateGameRequest,
} from '../utilities/requestModels';
import { CreateGameRequest, UpdateGameRequest } from '../utilities/requestModels';
import { GameId } from '../utilities/secureIds';
async function create(request: UnwrappedRequest<CreateGameRequest>): Promise<Response> {
try {
const newUser = await orm.games.create(
{
name: request.body.name,
bggId: request.body.bggId,
imagePath: request.body.imagePath,
},
request.claims,
return new CreatedResponse(
await orm.games.create(
{
name: request.body.name,
bggId: request.body.bggId,
imagePath: request.body.imagePath,
},
request.claims,
),
);
return new CreatedResponse(newUser);
} catch (error: any) {
return new ErrorResponse(error as Error);
}
@@ -33,13 +31,7 @@ async function get(request: UnwrappedRequest): Promise<Response> {
async function update(request: UnwrappedRequest<UpdateGameRequest>): Promise<Response> {
try {
return new OkResponse(
await orm.games.update(
GameId.fromHash(request.params.id),
request.body,
request.claims,
),
);
return new OkResponse(await orm.games.update(GameId.fromHash(request.params.id), request.body, request.claims));
} catch (error: any) {
return new ErrorResponse(error as Error);
}

15
src/endpoints/invites.ts
View File

@@ -1,22 +1,18 @@
import { orm } from '../orm/orm';
import { UnwrappedRequest } from '../utilities/guard';
import { CreatedResponse, ErrorResponse } from '../utilities/responseHelper';
import {
AcceptInviteRequest,
InviteUserRequest,
} from '../utilities/requestModels';
import { AcceptInviteRequest, InviteUserRequest } from '../utilities/requestModels';
import { PlayerId, UserId } from '../utilities/secureIds';
async function create(request: UnwrappedRequest<InviteUserRequest>): Promise<Response> {
try {
const newUser = await orm.invites.create(
{
return new CreatedResponse(
await orm.invites.create({
...request.body,
playerId: PlayerId.fromHash(request.body.playerId),
invitedByUserId: request.claims.userId as UserId,
},
}),
);
return new CreatedResponse(newUser);
} catch (error: any) {
return new ErrorResponse(error as Error);
}
@@ -24,8 +20,7 @@ async function create(request: UnwrappedRequest<InviteUserRequest>): Promise<Res
async function accept(request: UnwrappedRequest<AcceptInviteRequest>): Promise<Response> {
try {
const newUser = await orm.invites.accept(request.body);
return new CreatedResponse(newUser);
return new CreatedResponse(await orm.invites.accept(request.body));
} catch (error: any) {
return new ErrorResponse(error as Error);
}

55
src/endpoints/matches.ts Normal file
View File

@@ -0,0 +1,55 @@
import { orm } from '../orm/orm';
import { UnwrappedRequest } from '../utilities/guard';
import { CreatedResponse, ErrorResponse, OkResponse } from '../utilities/responseHelper';
import { CreateMatchRequest } from '../utilities/requestModels';
import { GameId, MatchId, PlayerId, UserId } from '../utilities/secureIds';
import { MatchParticipant } from '../orm/matches';
async function create(request: UnwrappedRequest<CreateMatchRequest>): Promise<Response> {
try {
return new CreatedResponse(
await orm.matches.create({
gameId: GameId.fromHash(request.body.gameId),
ownerId: request.claims.userId as UserId,
participants: request.body.participants.map(
(x) => new MatchParticipant(PlayerId.fromHash(x.playerId), x.standing),
),
}),
);
} catch (error: any) {
return new ErrorResponse(error as Error);
}
}
async function get(request: UnwrappedRequest): Promise<Response> {
try {
return new OkResponse(await orm.matches.get(MatchId.fromHash(request.params.id), request.claims));
} catch (error: any) {
return new ErrorResponse(error as Error);
}
}
async function drop(request: UnwrappedRequest): Promise<Response> {
try {
return new OkResponse(await orm.matches.drop(MatchId.fromHash(request.params.id), request.claims));
} catch (error: any) {
return new ErrorResponse(error as Error);
}
}
async function leave(request: UnwrappedRequest): Promise<Response> {
try {
return new OkResponse(
await orm.matches.removePlayer(MatchId.fromHash(request.params.id), request.claims.userId as UserId),
);
} catch (error: any) {
return new ErrorResponse(error as Error);
}
}
export default {
create,
get,
drop,
leave,
};

3
src/endpoints/players.ts
View File

@@ -6,8 +6,7 @@ import { PlayerId } from '../utilities/secureIds';
async function create(request: UnwrappedRequest<CreatePlayerRequest>): Promise<Response> {
try {
const newPlayer = await orm.players.create(request.body);
return new CreatedResponse(newPlayer);
return new CreatedResponse(await orm.players.create(request.body));
} catch (error: any) {
return new ErrorResponse(error as Error);
}

11
src/endpoints/users.ts
View File

@@ -6,13 +6,12 @@ import { PlayerId, UserId } from '../utilities/secureIds';
async function create(request: UnwrappedRequest<CreateUserRequest>): Promise<Response> {
try {
const newUser = await orm.users.create(
{
return new CreatedResponse(
await orm.users.create({
...request.body,
playerId: PlayerId.fromHash(request.body.playerId),
}
}),
);
return new CreatedResponse(newUser);
} catch (error: any) {
return new ErrorResponse(error as Error);
}
@@ -28,9 +27,7 @@ async function get(request: UnwrappedRequest): Promise<Response> {
async function update(request: UnwrappedRequest<UpdateUserRequest>): Promise<Response> {
try {
return new OkResponse(
await orm.users.update(UserId.fromHash(request.params.id), request.body, request.claims),
);
return new OkResponse(await orm.users.update(UserId.fromHash(request.params.id), request.body, request.claims));
} catch (error: any) {
return new ErrorResponse(error as Error);
}

11
src/index.ts
View File

@@ -6,20 +6,25 @@ import games from './routes/games';
import invites from './routes/invites';
import collections from './routes/collections';
import { buildRoute } from './utilities/routeBuilder';
import { MatchId } from './utilities/secureIds';
import matches from './routes/matches';
import circles from './routes/circles';
const server = Bun.serve({
routes: buildRoute({
[process.env.API_ROOT_PATH ?? '']:{
[process.env.API_ROOT_PATH ?? '']: {
auth,
users,
players,
games,
invites,
collections,
matches,
circles,
},
'test': {
test: {
GET: () => {
return new OkResponse();
return new OkResponse(MatchId.fromID('2').value);
},
},
}) as any,

192
src/orm/circles.ts Normal file
View File

@@ -0,0 +1,192 @@
import { Claims } from './claims';
import { sql } from 'bun';
import { first } from 'lodash';
import { BadRequestError, NotFoundError, UnauthorizedError } from '../utilities/errors';
import { CreateCircleRequest, UpdateCircleRequest } from '../utilities/requestModels';
import { memo } from '../utilities/helpers';
import { CircleId, PlayerId, UserId } from '../utilities/secureIds';
import { orm } from './orm';
import { User } from './user';
export class Circle {
id: CircleId;
owningUserId: UserId;
name: string;
isPublic: boolean;
imagePath?: string;
colour?: string;
constructor({
id,
owningUserId,
name,
isPublic,
imagePath,
colour,
}: {
id: CircleId;
owningUserId: UserId;
name: string;
isPublic: boolean;
imagePath?: string;
colour?: string;
}) {
this.id = id;
this.owningUserId = owningUserId;
this.name = name;
this.isPublic = isPublic;
this.imagePath = imagePath;
this.colour = colour;
}
}
export class CircleOrm {
async create(model: CreateCircleRequest, claims?: Claims): Promise<Circle> {
if (model.isPublic && claims && !claims.test(Claims.ADMIN, Claims.CIRCLES.PUBLIC.CREATE)) {
throw new UnauthorizedError();
}
await sql`INSERT INTO circles (owning_user_id, name, is_public, colour)
VALUES (${claims?.userId.raw},
${model.name},
${model.isPublic},
${model.colour})`;
const newRecordId: string = (first(await sql`SELECT lastval();`) as any)?.lastval as string;
return await this.get(CircleId.fromID(newRecordId));
}
async get(id: CircleId, claims?: Claims): Promise<Circle> {
const record: any = first(
await sql`SELECT *
FROM circles
WHERE id = ${id.raw}
LIMIT 1`,
);
if (!record) {
throw new NotFoundError('No matching game exists');
}
let user: User;
if (
claims &&
!claims.test(Claims.ADMIN) &&
!(claims.test(Claims.CIRCLES.PUBLIC.READ) && record.is_public) &&
!(claims.test(Claims.CIRCLES.OWNED.READ) && record.owning_user_id === claims.userId.raw) &&
!(
claims.test(Claims.CIRCLES.PRIVATE.READ_IF_MEMBER) &&
(user = await orm.users.get(claims.userId)) &&
(await sql`SELECT * FROM player_circles WHERE circle_id = ${id.raw}`).some(
(x: { player_id: string }) => x.player_id === user.playerId.raw,
)
)
) {
throw new UnauthorizedError();
}
return new Circle({
id: CircleId.fromID(record.id),
owningUserId: UserId.fromID(record.owning_user_id),
name: record.name,
isPublic: record.is_public,
imagePath: record.image_path,
colour: record.colour,
});
}
async update(id: CircleId, patch: UpdateCircleRequest): Promise<Circle> {
const circle = await this.get(id);
circle.name = patch.name ?? circle.name;
circle.colour = patch.colour ?? circle.colour;
circle.imagePath = patch.imagePath ?? circle.imagePath;
await sql`UPDATE circles
SET name=${circle.name},
colour=${circle.colour},
image_path=${circle.imagePath}
WHERE id = ${id.raw}`;
return await this.get(id);
}
async drop(id: CircleId): Promise<void> {
// Ensure record exists before attempting to delete
await this.get(id);
await sql.transaction(async (tx) => {
await tx`DELETE
FROM player_circles
WHERE circle_id = ${id.raw}`;
await tx`DELETE
FROM circle_invites
WHERE circle_id = ${id.raw}`;
await tx`DELETE
FROM circle_comments
WHERE circle_id = ${id.raw}`;
await tx`DELETE
FROM circles
WHERE id = ${id.raw}`;
});
return;
}
async invite(
circleId: CircleId,
relatedRecord: PlayerId | UserId | string | undefined,
claims: Claims,
): Promise<void> {
if (relatedRecord === undefined) {
throw new BadRequestError();
}
const circle = await this.get(circleId, claims);
if (
claims &&
((circle.isPublic && !claims.test(Claims.CIRCLES.PUBLIC.USERS.INVITE)) ||
(!circle.isPublic &&
!(claims.test(Claims.CIRCLES.OWNED.USERS.INVITE) && circle.owningUserId === claims.userId)))
) {
throw new UnauthorizedError();
}
let invitedUserId: UserId | undefined;
if (relatedRecord instanceof UserId) {
invitedUserId = relatedRecord;
} else if (relatedRecord instanceof PlayerId) {
invitedUserId = (await orm.users.getByPlayer(relatedRecord))?.id;
} else {
invitedUserId = (await orm.users.getByEmail(relatedRecord))?.id;
}
if (!invitedUserId) {
throw new BadRequestError();
}
await sql`INSERT INTO circle_invites(invited_user_id, invited_by_user_id, circle_id)
VALUES (${invitedUserId.raw}, ${claims.userId.raw}, ${circleId.raw})`;
}
query: (query: string) => Promise<Circle[]> = memo<(query: string) => Promise<Circle[]>, Circle[]>(this.#query);
async #query(query: string): Promise<Circle[]> {
const queryResult: any = await sql` SELECT
id, name, owning_user_id, is_public
FROM (SELECT *, SIMILARITY(${query}, name) as similarity FROM circles WHERE is_public=true)
WHERE similarity > 0
ORDER BY similarity
LIMIT 5;`;
if (!queryResult) {
throw new NotFoundError('No matching circles exists');
}
return queryResult.map(
(x: { id: string; name: string; owning_user_id: string; is_public: boolean }) =>
new Circle({
id: CircleId.fromID(x.id),
name: x.name,
isPublic: x.is_public,
owningUserId: UserId.fromID(x.owning_user_id),
}),
);
}
}

39
src/orm/claims.ts
View File

@@ -3,36 +3,47 @@ import { ClaimDefinition } from '../utilities/claimDefinitions';
import { UserId } from '../utilities/secureIds';
export class Claims extends ClaimDefinition {
userId?: UserId;
userId: UserId;
claims: string[] = [];
constructor(raw?: { userId?: string; claims?: string[] }) {
constructor(raw?: { userId?: string | UserId; claims?: string[] }) {
super();
this.userId = raw?.userId ? UserId.fromHash(raw.userId) : undefined;
if (raw?.userId instanceof UserId) {
this.userId = raw.userId;
} else {
this.userId = UserId.fromHash(raw?.userId ?? '');
}
this.claims = raw?.claims ?? [];
}
public static test(guardClaim: string, userClaims?: Claims): Boolean {
return userClaims === undefined || userClaims.claims.some((x) => x === guardClaim);
test(...guardClaims: string[]): Boolean {
return Claims.test(this, ...guardClaims);
}
public static test(userClaims?: Claims, ...guardClaims: string[]): Boolean {
return (
userClaims === undefined ||
userClaims.claims.some((x: string): boolean => guardClaims.some((y: string): boolean => x === y))
);
}
}
export class ClaimsOrm {
async getByUserId(userId: string): Promise<Claims> {
const dbResults: any[] = await sql`SELECT c.name
async getByUserId(userId: UserId): Promise<Claims> {
const records: any[] = await sql`SELECT c.name
from user_claims as uc
JOIN claims as c on uc.claim_id = c.id
where uc.user_id = ${userId};`;
const claims = new Claims();
claims.userId = UserId.fromID(userId);
claims.claims = dbResults.map((x) => x.name);
return claims;
where uc.user_id = ${userId.raw};`;
return new Claims({
userId: userId,
claims: records.map((x) => x.name),
});
}
async getDefaultClaims(): Promise<number[]> {
const dbResults: any[] = await sql`SELECT id
const records: any[] = await sql`SELECT id
FROM claims
WHERE is_default = true;`;
return dbResults.map((x) => x.id);
return records.map((x) => x.id);
}
}

105
src/orm/collections.ts
View File

@@ -4,16 +4,18 @@ import { first } from 'lodash';
import { NotFoundError, UnauthorizedError } from '../utilities/errors';
import { UpdateCollectionRequest } from '../utilities/requestModels';
import { Game } from './games';
import { CollectionId, GameId } from '../utilities/secureIds';
import { CollectionId, GameId, UserId } from '../utilities/secureIds';
export class Collection {
id: CollectionId;
name: string;
ownerId: UserId;
games: Game[];
constructor(input: { id: CollectionId; name: string; games?: Game[] }) {
constructor(input: { id: CollectionId; name: string; ownerId:UserId; games?: Game[] }) {
this.id = input.id;
this.name = input?.name;
this.ownerId = input.ownerId;
this.games = input.games ?? [];
}
}
@@ -22,41 +24,42 @@ export class CollectionsOrm {
async create(model: { name: string }, claims: Claims): Promise<Collection> {
await sql`INSERT INTO collections (name, user_id)
VALUES (${model.name}, ${claims?.userId?.raw})`;
const newPCollectionId: string = (first(await sql`SELECT lastval();`) as any)?.lastval as string;
const newRecordId: string = (first(await sql`SELECT lastval();`) as any)?.lastval as string;
return await this.get(CollectionId.fromID(newPCollectionId));
return await this.get(CollectionId.fromID(newRecordId));
}
async get(id: CollectionId, claims?: Claims): Promise<Collection> {
const dbResult: any = await sql`SELECT
const records: any = await sql`SELECT
c.id AS collection_id,
c.name AS collection_name,
c.user_id AS user_id,
g.id AS game_id,
g.name AS game_name
FROM collections c
LEFT JOIN collection_games cg ON cg.collection_id = c.id
LEFT JOIN games g ON g.id = cg.game_id
LEFT JOIN collection_games cg ON cg.collection_id = c.id
LEFT JOIN games g ON g.id = cg.game_id
WHERE c.id = ${id.raw}`;
if (!(Claims.test(Claims.ADMIN, claims) || Claims.test(Claims.COLLECTIONS.UNOWNED.READ, claims))) {
throw new UnauthorizedError();
} else if (
Claims.test(Claims.COLLECTIONS.OWNED.READ, claims) &&
claims?.userId &&
dbResult?.[0]?.user_id !== claims.userId.raw
if (
claims &&
!(
claims.test(Claims.ADMIN, Claims.COLLECTIONS.UNOWNED.READ) ||
(Claims.test(claims, Claims.COLLECTIONS.OWNED.READ) &&
records?.[0]?.user_id === claims?.userId?.raw)
)
) {
throw new UnauthorizedError();
}
if (!dbResult?.length) {
if (!records?.length) {
throw new NotFoundError('No matching player exists');
}
return new Collection({
id: CollectionId.fromID(dbResult[0].collection_id),
name: dbResult[0].collection_name,
games: dbResult
id: CollectionId.fromID(records[0].collection_id),
name: records[0].collection_name,
ownerId: UserId.fromID(records[0].user_id),
games: records
.filter((x: { game_id: string; game_name: string }) => x.game_id)
.map(
(x: { game_id: string; game_name: string }) =>
@@ -69,25 +72,27 @@ export class CollectionsOrm {
}
async list(claims?: Claims): Promise<Collection[]> {
if (!claims || Claims.test(Claims.ADMIN, claims)) {
if (!claims || claims?.test(Claims.ADMIN)) {
return (await sql`SELECT * FROM collections`).map(
(x: { id: string; name: string }) =>
(x: { id: string; name: string, user_id: string }) =>
new Collection({
id: CollectionId.fromID(x.id),
name: x.name,
ownerId: UserId.fromID(x.user_id)
}),
);
}
if (!Claims.test(Claims.COLLECTIONS.OWNED.LIST, claims)) {
if (!claims.test(Claims.COLLECTIONS.OWNED.LIST)) {
throw new UnauthorizedError();
}
return (await sql`SELECT * FROM collections WHERE user_id=${claims.userId?.raw}`).map(
(x: { id: string; name: string }) =>
(x: { id: string; name: string; user_id: string }) =>
new Collection({
id: CollectionId.fromID(x.id),
name: x.name,
ownerId: UserId.fromID(x.user_id)
}),
);
}
@@ -95,15 +100,17 @@ export class CollectionsOrm {
async update(id: CollectionId, patch: UpdateCollectionRequest, claims?: Claims): Promise<Collection> {
const collection = await this.get(id);
if (!(Claims.test(Claims.ADMIN, claims) || Claims.test(Claims.COLLECTIONS.UNOWNED.UPDATE, claims))) {
throw new UnauthorizedError();
} else if (
Claims.test(Claims.COLLECTIONS.OWNED.UPDATE, claims) &&
claims?.userId &&
collection.id !== claims.userId
if (
claims &&
!(
claims.test(Claims.ADMIN, Claims.COLLECTIONS.UNOWNED.UPDATE) ||
(Claims.test(claims, Claims.COLLECTIONS.OWNED.UPDATE) &&
collection.ownerId === claims?.userId)
)
) {
throw new UnauthorizedError();
}
collection.name = patch.name ?? collection.name;
await sql`UPDATE collections SET name=${collection.name} WHERE id=${id.raw}`;
@@ -113,12 +120,14 @@ export class CollectionsOrm {
async drop(id: CollectionId, claims?: Claims): Promise<void> {
const collection = await this.get(id);
if (!(Claims.test(Claims.ADMIN, claims) || Claims.test(Claims.COLLECTIONS.UNOWNED.DELETE, claims))) {
throw new UnauthorizedError();
} else if (
Claims.test(Claims.COLLECTIONS.OWNED.DELETE, claims) &&
claims?.userId &&
collection.id !== claims.userId
if (
claims &&
!(
claims.test(Claims.ADMIN, Claims.COLLECTIONS.UNOWNED.DELETE) ||
(Claims.test(claims, Claims.COLLECTIONS.OWNED.DELETE) &&
collection.ownerId === claims?.userId)
)
) {
throw new UnauthorizedError();
}
@@ -130,12 +139,14 @@ export class CollectionsOrm {
async addGame(id: CollectionId, gameId: GameId, claims: Claims): Promise<void> {
const collection = await this.get(id);
if (!(Claims.test(Claims.ADMIN, claims) || Claims.test(Claims.COLLECTIONS.UNOWNED.GAME.ADD, claims))) {
throw new UnauthorizedError();
} else if (
Claims.test(Claims.COLLECTIONS.OWNED.GAME.ADD, claims) &&
claims?.userId &&
collection.id !== claims.userId
if (
claims &&
!(
claims.test(Claims.ADMIN) ||
(Claims.test(claims, Claims.COLLECTIONS.OWNED.GAME.ADD) &&
collection.ownerId === claims?.userId)
)
) {
throw new UnauthorizedError();
}
@@ -147,12 +158,14 @@ export class CollectionsOrm {
}
async removeGame(id: CollectionId, gameId: GameId, claims: Claims): Promise<void> {
const collection = await this.get(id);
if (!(Claims.test(Claims.ADMIN, claims) || Claims.test(Claims.COLLECTIONS.UNOWNED.GAME.REMOVE, claims))) {
throw new UnauthorizedError();
} else if (
Claims.test(Claims.COLLECTIONS.OWNED.GAME.REMOVE, claims) &&
claims?.userId &&
collection.id !== claims.userId
if (
claims &&
!(
claims.test(Claims.ADMIN) ||
(Claims.test(claims, Claims.COLLECTIONS.OWNED.GAME.REMOVE) &&
collection.ownerId === claims?.userId)
)
) {
throw new UnauthorizedError();
}

40
src/orm/games.ts
View File

@@ -23,45 +23,45 @@ export class Game {
export class GamesOrm {
async create(model: CreateGameRequest, claims?: Claims): Promise<Game> {
await sql`INSERT INTO games (name, image_path, bgg_id)
VALUES (${model.name}, ${Claims.test(Claims.GAMES.MANAGE_IMAGES, claims) ? model.imagePath : null}, ${model.bggId})`;
const newGameId: string = (first(await sql`SELECT lastval();`) as any)?.lastval as string;
VALUES (${model.name}, ${claims?.test(Claims.GAMES.MANAGE_IMAGES) ? model.imagePath : null}, ${model.bggId})`;
const newRecordId: string = (first(await sql`SELECT lastval();`) as any)?.lastval as string;
return await this.get(GameId.fromID(newGameId));
return await this.get(GameId.fromID(newRecordId));
}
async get(id: GameId): Promise<Game> {
const dbResult: any = first(
const record: any = first(
await sql`SELECT *
FROM games
WHERE id = ${id.raw}
LIMIT 1`,
);
if (!dbResult) {
if (!record) {
throw new NotFoundError('No matching game exists');
}
return new Game({
id: GameId.fromID(dbResult.id),
name: dbResult.name,
bggId: dbResult.bgg_id,
imagePath: dbResult.image_path,
id: GameId.fromID(record.id),
name: record.name,
bggId: record.bgg_id,
imagePath: record.image_path,
});
}
async update(id: GameId, patch: UpdateGameRequest, claims?: Claims): Promise<Game> {
const gameToUpdate = await this.get(id);
gameToUpdate.name = patch.name ?? gameToUpdate.name;
gameToUpdate.bggId = patch.bggId ?? gameToUpdate.bggId;
const game = await this.get(id);
game.name = patch.name ?? game.name;
game.bggId = patch.bggId ?? game.bggId;
if (Claims.test(Claims.GAMES.MANAGE_IMAGES, claims)) {
gameToUpdate.imagePath = patch.imagePath ?? gameToUpdate.imagePath;
if (claims?.test(Claims.GAMES.MANAGE_IMAGES)) {
game.imagePath = patch.imagePath ?? game.imagePath;
}
await sql`UPDATE games
SET name=${gameToUpdate.name},
bgg_id=${gameToUpdate.bggId},
image_path=${gameToUpdate.imagePath}
SET name=${game.name},
bgg_id=${game.bggId},
image_path=${game.imagePath}
WHERE id = ${id.raw}`;
return await this.get(id);
@@ -90,18 +90,18 @@ export class GamesOrm {
query: (query: string) => Promise<Game[]> = memo<(query: string) => Promise<Game[]>, Game[]>(this.#query);
async #query(query: string): Promise<Game[]> {
const dbResult: any = await sql` SELECT
const records: any = await sql` SELECT
id, name
FROM (SELECT *, SIMILARITY(${query}, name) as similarity FROM games)
WHERE similarity > 0
ORDER BY similarity
LIMIT 5;`;
if (!dbResult) {
if (!records) {
throw new NotFoundError('No matching game exists');
}
return dbResult.map(
return records.map(
(x: { id: string; name: string }) =>
new Game({
id: GameId.fromID(x.id),

38
src/orm/invites.ts
View File

@@ -22,7 +22,7 @@ export class InvitesOrm {
},
claims?: Claims,
): Promise<void> {
if (!Claims.test(Claims.ADMIN, claims)) {
if (!claims?.test(Claims.ADMIN)) {
const userInviteCount = (
first(
await sql`SELECT COUNT(*) AS count
@@ -35,7 +35,7 @@ export class InvitesOrm {
throw new UnauthorizedError('Invite allowance reached.');
}
const inviteExists = (
const doesInviteExist = (
first(
await sql`SELECT COUNT(*) > 0 AS exists
FROM user_invites
@@ -45,12 +45,12 @@ export class InvitesOrm {
exists: boolean;
}
)?.exists;
if (inviteExists) {
if (doesInviteExist) {
throw new BadRequestError('Player has already been invited.');
}
}
const playerHasUser = (
const isPlayerAssociatedWithUser = (
first(
await sql`SELECT COUNT(*) > 0 AS exists
FROM users
@@ -60,7 +60,7 @@ export class InvitesOrm {
exists: boolean;
}
)?.exists;
if (playerHasUser) {
if (isPlayerAssociatedWithUser) {
throw new BadRequestError('User has already been invited.');
}
@@ -69,7 +69,7 @@ export class InvitesOrm {
const invitationCode = createRandomString(6);
await sql`INSERT INTO user_invites (invite_code, email, player_id, invited_by_user_id)
VALUES (${invitationCode}, ${email}, ${playerId.raw}, ${invitedByUserId.raw})`;
const newInviteId: string = (first(await sql`SELECT lastval();`) as any)?.lastval as string;
const newRecordId: string = (first(await sql`SELECT lastval();`) as any)?.lastval as string;
const resend = new Resend(process.env.RESEND_KEY);
const resendResponse = await resend.emails.send({
@@ -83,51 +83,51 @@ export class InvitesOrm {
throw new InternalServerError();
}
await sql`UPDATE user_invites SET was_email_sent = true WHERE id=${newInviteId}`;
await sql`UPDATE user_invites SET was_email_sent = true WHERE id=${newRecordId}`;
return;
}
async accept({ inviteCode, password }: { inviteCode: string; password: string }): Promise<User> {
const invite: {
const record: {
id: string;
email: string;
player_id: string;
accepted: boolean;
} = first(await sql`SELECT * FROM user_invites WHERE invite_code=${inviteCode} LIMIT 1`);
if (!invite) {
if (!record) {
throw new NotFoundError('Invalid invite code');
}
if (invite.accepted) {
if (record.accepted) {
throw new UnauthorizedError('Invite already accepted');
}
const playerHasUser = (
const isPlayerAssociatedWithUser = (
first(
await sql`SELECT COUNT(*) > 0 AS exists
FROM users
WHERE player_id = ${invite.player_id}
OR email = ${invite.email}`,
WHERE player_id = ${record.player_id}
OR email = ${record.email}`,
) as {
exists: boolean;
}
)?.exists;
if (playerHasUser) {
if (isPlayerAssociatedWithUser) {
throw new BadRequestError('User has already been invited.');
}
const createdUser = await orm.users.create({
email: invite.email,
playerId: PlayerId.fromID(invite.player_id),
const user = await orm.users.create({
email: record.email,
playerId: PlayerId.fromID(record.player_id),
password,
});
await sql`UPDATE user_invites
SET accepted = true
WHERE id = ${invite.id}`;
WHERE id = ${record.id}`;
return createdUser;
return user;
}
}

205
src/orm/matches.ts Normal file
View File

@@ -0,0 +1,205 @@
import { Claims } from './claims';
import { sql } from 'bun';
import { first, orderBy } from 'lodash';
import { BadRequestError, NotFoundError, UnauthorizedError } from '../utilities/errors';
import { GameId, MatchId, PlayerId, UserId } from '../utilities/secureIds';
import { calculateElos } from '../utilities/elo';
import { orm } from './orm';
export class MatchParticipant {
matchId?: MatchId;
playerId: PlayerId;
gamesPlayed?: number;
standing: number;
elo: number;
eloChange: number;
isRatingLocked?: boolean;
constructor(
playerId: PlayerId,
standing: number,
eloChange: number = 0,
gamesPlayed?: number,
elo: number = 1000,
matchId?: MatchId,
) {
this.matchId = matchId;
this.playerId = playerId;
this.standing = standing;
this.elo = elo;
this.gamesPlayed = gamesPlayed;
this.eloChange = eloChange;
}
}
export class Match {
id: MatchId;
gameId: GameId;
players: MatchParticipant[];
owner: UserId;
constructor(id: MatchId, gameId: GameId, players: MatchParticipant[], owner: UserId) {
this.id = id;
this.gameId = gameId;
this.players = players;
this.owner = owner;
}
}
export class MatchOrm {
async create({
gameId,
participants,
ownerId,
}: {
gameId: GameId;
participants: MatchParticipant[];
ownerId: UserId;
}): Promise<Match> {
await sql`INSERT INTO matches (game_id, owning_user_id) VALUES (${gameId.raw}, ${ownerId.raw})`;
const newMatchId = MatchId.fromID((first(await sql`SELECT lastval();`) as any)?.lastval as string);
const players = await sql`
SELECT p.id,
p.is_rating_locked,
(CASE WHEN p.is_rating_locked THEN 1000 ELSE 1000 + COALESCE(sum(mp.elo_change), 0) END) as elo,
(CASE WHEN p.is_rating_locked THEN 0 ELSE count(mp.*) END) as games_played
FROM players p
LEFT JOIN match_players mp ON mp.player_id = p.id
WHERE p.id IN ${sql(participants.map((x) => x.playerId.raw))}
GROUP BY p.id;`;
for (let i in participants) {
const player = players.find((x: any) => x.id === participants[i].playerId.raw);
participants[i].elo = parseInt(player.elo);
participants[i].gamesPlayed = parseInt(player.games_played);
participants[i].isRatingLocked = player.is_rating_locked;
}
const amendedPlayers = calculateElos(participants);
await sql.transaction(async (tx) => {
for (let i in amendedPlayers) {
await tx`
INSERT INTO match_players(match_id, player_id, standing, elo_change)
VALUES (${newMatchId.raw},
${amendedPlayers[i].playerId.raw},
${amendedPlayers[i].standing},
${amendedPlayers[i].isRatingLocked ? 0 : amendedPlayers[i].eloChange})`;
if (amendedPlayers[i].isRatingLocked) {
continue;
}
await tx`UPDATE players SET elo=${amendedPlayers[i].elo} WHERE id=${amendedPlayers[i].playerId.raw}`;
}
});
return await this.get(newMatchId);
}
async get(id: MatchId, claims?: Claims): Promise<Match> {
const dbResult = await sql`
SELECT m.id as match_id,
m.owning_user_id as owner_id,
g.id as game_id,
g.name as game_name,
p.id as player_id,
p.name as player_name,
p.elo as elo,
mp.standing as standing,
mp.elo_change as elo_change
FROM matches m
LEFT JOIN games g ON g.id = m.game_id
LEFT JOIN match_players mp ON mp.match_id = m.id
LEFT JOIN players p ON p.id = mp.player_id
WHERE m.id = ${id.raw}`;
if (
claims &&
!(
claims.test(Claims.ADMIN) ||
(claims.test(Claims.MATCHES.OWNED.READ) && dbResult?.[0]?.owner_id === claims?.userId?.raw) ||
(claims.test(Claims.MATCHES.PARTICIPANT.READ) &&
dbResult?.some((x: any) => x.player_id === claims?.userId?.raw))
)
) {
throw new UnauthorizedError();
}
const matchData = dbResult?.find((x: any) => x.match_id);
if (!matchData?.match_id) {
throw new NotFoundError('No matching match exists');
}
return new Match(
MatchId.fromID(matchData?.match_id),
GameId.fromID(matchData?.game_id),
orderBy(
dbResult
.filter((x: any) => x.player_id)
.map(
(x: any) =>
new MatchParticipant(
PlayerId.fromID(x.player_id),
parseInt(x.standing),
parseInt(x.elo_change),
undefined,
parseInt(x.elo),
),
),
'standing',
'asc',
),
UserId.fromID(dbResult?.[0]?.owner_id),
);
}
async drop(id: MatchId, claims?: Claims): Promise<void> {
const match = await this.get(id);
if (
claims &&
!(claims.test(Claims.ADMIN) || (claims.test(Claims.MATCHES.OWNED.DELETE) && match.owner === claims?.userId))
) {
throw new UnauthorizedError();
}
await sql.transaction(async (tx) => {
await tx`DELETE
FROM match_players
WHERE match_id = ${id.raw}`;
await tx`DELETE
FROM matches
WHERE id = ${id.raw}`;
});
return;
}
async removePlayer(matchId: MatchId, participantId: UserId | PlayerId): Promise<void> {
let playerId: PlayerId;
if (participantId instanceof PlayerId) {
playerId = participantId;
} else {
playerId = (await orm.users.get(participantId))?.playerId;
if (!playerId) {
throw new BadRequestError('User is not a participant');
}
}
const player = await orm.players.get(playerId);
await sql.transaction(async (tx) => {
const eloRefund = parseInt(
(
await tx`SELECT elo_change FROM public.match_players WHERE match_id=${matchId.raw} AND player_id = ${playerId.raw}`
)?.[0]?.elo_change ?? 0,
);
await tx`DELETE FROM match_players WHERE match_id=${matchId.raw} AND player_id=${playerId.raw}`;
if (!player.isRatingLocked) {
await tx`UPDATE players SET elo=${player.elo - eloRefund} WHERE id=${playerId.raw}`;
}
});
return;
}
}

4
src/orm/orm.ts
View File

@@ -4,6 +4,8 @@ import { PlayersOrm } from './players';
import { GamesOrm } from './games';
import { InvitesOrm } from './invites';
import { CollectionsOrm } from './collections';
import { MatchOrm } from './matches';
import { CircleOrm } from './circles';
class Orm {
readonly claims: ClaimsOrm = new ClaimsOrm();
@@ -12,6 +14,8 @@ class Orm {
readonly games: GamesOrm = new GamesOrm();
readonly invites: InvitesOrm = new InvitesOrm();
readonly collections: CollectionsOrm = new CollectionsOrm();
readonly matches: MatchOrm = new MatchOrm();
readonly circles: CircleOrm = new CircleOrm();
}
export const orm = new Orm();

61
src/orm/players.ts
View File

@@ -32,42 +32,43 @@ export class PlayersOrm {
async create(model: { name: string }): Promise<Player> {
await sql`INSERT INTO players (name)
VALUES (${model.name})`;
const newPlayerId: string = (first(await sql`SELECT lastval();`) as any)?.lastval as string;
const newRecordId: string = (first(await sql`SELECT lastval();`) as any)?.lastval as string;
return await this.get(PlayerId.fromID(newPlayerId));
return await this.get(PlayerId.fromID(newRecordId));
}
async get(id: PlayerId, claims?: Claims): Promise<Player> {
if (!(Claims.test(Claims.ADMIN, claims) || Claims.test(Claims.PLAYERS.OTHER.READ, claims))) {
throw new UnauthorizedError();
} else if (Claims.test(Claims.PLAYERS.SELF.READ, claims) && claims?.userId) {
if(claims) {
const user = await orm.users.get(claims.userId);
if (id.raw !== user.playerId.raw) {
if(!(claims.test(Claims.ADMIN, Claims.PLAYERS.OTHER.READ) ||
claims.test(Claims.PLAYERS.SELF.READ) && id === user.playerId)) {
throw new UnauthorizedError();
}
}
const dbResult: any = first(
const record: any = first(
await sql`SELECT *
FROM players
WHERE id = ${id.raw}
LIMIT 1`,
);
if (!dbResult) {
if (!record) {
throw new NotFoundError('No matching player exists');
}
return new Player({
id: PlayerId.fromID(dbResult.id),
name: dbResult.name,
elo: parseInt(dbResult.elo),
isRatingLocked: dbResult.is_rating_locked,
canBeMultiple: dbResult.can_be_multiple,
id: PlayerId.fromID(record.id),
name: record.name,
elo: parseInt(record.elo),
isRatingLocked: record.is_rating_locked,
canBeMultiple: record.can_be_multiple,
});
}
async list(claims?: Claims): Promise<Player[]> {
if (!claims || Claims.test(Claims.ADMIN, claims)) {
if (!claims || claims.test(Claims.ADMIN)) {
return (await sql`SELECT * FROM players`).map(
(x: { id: string; name: string; elo: string; is_rating_locked: boolean; can_be_multiple: boolean }) =>
new Player({
@@ -80,7 +81,7 @@ export class PlayersOrm {
);
}
if (!Claims.test(Claims.PLAYERS.OTHER.READ, claims)) {
if (!claims.test(Claims.PLAYERS.OTHER.READ)) {
throw new UnauthorizedError();
}
@@ -109,35 +110,35 @@ export class PlayersOrm {
}
async update(id: PlayerId, patch: UpdatePlayerRequest, claims?: Claims): Promise<Player> {
if (!(Claims.test(Claims.ADMIN, claims) || Claims.test(Claims.PLAYERS.OTHER.UPDATE, claims))) {
throw new UnauthorizedError();
} else if (Claims.test(Claims.PLAYERS.SELF.UPDATE, claims) && claims?.userId) {
if(claims) {
const user = await orm.users.get(claims.userId);
if (id.raw !== user.playerId.raw) {
if(!(claims.test(Claims.ADMIN, Claims.PLAYERS.OTHER.UPDATE) ||
(claims.test(Claims.PLAYERS.SELF.UPDATE) && id === user.playerId)
)) {
throw new UnauthorizedError();
}
}
const playerToUpdate = await this.get(id);
playerToUpdate.name = patch.name ?? playerToUpdate.name;
playerToUpdate.isRatingLocked = patch.isRatingLocked ?? playerToUpdate.isRatingLocked;
playerToUpdate.canBeMultiple = patch.canBeMultiple ?? playerToUpdate.canBeMultiple;
const player = await this.get(id);
player.name = patch.name ?? player.name;
player.isRatingLocked = patch.isRatingLocked ?? player.isRatingLocked;
player.canBeMultiple = patch.canBeMultiple ?? player.canBeMultiple;
await sql`UPDATE players
SET name=${playerToUpdate.name},
is_rating_locked=${playerToUpdate.isRatingLocked},
can_be_multiple=${playerToUpdate.canBeMultiple}
SET name=${player.name},
is_rating_locked=${player.isRatingLocked},
can_be_multiple=${player.canBeMultiple}
WHERE id = ${id.raw}`;
return await this.get(id);
}
async drop(id: PlayerId, claims?: Claims): Promise<void> {
if (!(Claims.test(Claims.ADMIN, claims) || Claims.test(Claims.PLAYERS.OTHER.DELETE, claims))) {
throw new UnauthorizedError();
} else if (Claims.test(Claims.PLAYERS.SELF.DELETE, claims) && claims?.userId) {
if(claims) {
const user = await orm.users.get(claims.userId);
if (id.raw !== user.playerId.raw) {
if(!(claims.test(Claims.ADMIN, Claims.PLAYERS.OTHER.DELETE) ||
(claims.test(Claims.PLAYERS.SELF.DELETE) && id === user.playerId)
)) {
throw new UnauthorizedError();
}
}

160
src/orm/user.ts
View File

@@ -24,9 +24,15 @@ export class User {
}
export class UsersOrm {
async create(
{ email, password, playerId }: { email: string; password: string; playerId: PlayerId },
): Promise<User> {
async create({
email,
password,
playerId,
}: {
email: string;
password: string;
playerId: PlayerId;
}): Promise<User> {
const existingUser: any = first(
await sql`SELECT id
FROM users
@@ -41,29 +47,29 @@ export class UsersOrm {
const passwordHash = await argon2.hash(password);
await sql`INSERT INTO users (email, pass_hash, player_id)
VALUES (${email}, ${passwordHash}, ${playerId.raw})`;
const newUserId: UserId = UserId.fromID((first(await sql`SELECT lastval();`) as any)?.lastval as string);
const newRecordId: string = (first(await sql`SELECT lastval();`) as any)?.lastval as string;
await sql.transaction(async (tx) => {
for (let i in defaultClaims) {
await tx`INSERT INTO user_claims (user_id, claim_id)
VALUES (${newUserId.raw}, ${defaultClaims[i]})`;
VALUES (${newRecordId}, ${defaultClaims[i]})`;
}
});
return await this.get(newUserId);
return await this.get(UserId.fromID(newRecordId));
}
async get(id: UserId, claims?: Claims): Promise<User> {
if (
claims &&
!(
Claims.test(Claims.ADMIN, claims) ||
Claims.test(Claims.USERS.OTHER.READ, claims) ||
(Claims.test(Claims.USERS.SELF.READ, claims) && id === claims?.userId)
claims.test(Claims.ADMIN, Claims.USERS.OTHER.READ) ||
(claims.test(Claims.USERS.SELF.READ) && id === claims?.userId)
)
) {
throw new UnauthorizedError();
}
const dbResult: any = first(
const record: any = first(
await sql`SELECT *
FROM users
WHERE id = ${id.raw}
@@ -71,49 +77,111 @@ export class UsersOrm {
LIMIT 1`,
);
if (!dbResult) {
if (!record) {
throw new NotFoundError('No matching user exists');
}
return new User(
UserId.fromID(dbResult.id),
PlayerId.fromID(dbResult.player_id),
dbResult.email,
dbResult.is_admin,
UserId.fromID(record.id),
PlayerId.fromID(record.player_id),
record.email,
record.is_admin,
);
}
async update(id: UserId, patch: UpdateUserRequest, claims?: Claims): Promise<User> {
async getByPlayer(id: PlayerId, claims?: Claims): Promise<User> {
const record: any = first(
await sql`SELECT *
FROM users
WHERE player_id = ${id.raw}
AND is_active = true
LIMIT 1`,
);
if (!record) {
throw new NotFoundError('No matching user exists');
}
if (
claims &&
!(
Claims.test(Claims.ADMIN, claims) ||
Claims.test(Claims.USERS.OTHER.UPDATE, claims) ||
(Claims.test(Claims.USERS.SELF.UPDATE, claims) && id === claims?.userId)
claims.test(Claims.ADMIN, Claims.USERS.OTHER.READ) ||
(claims.test(Claims.USERS.SELF.READ) && record.id === claims?.userId.raw)
)
) {
throw new UnauthorizedError();
}
const userToUpdate = await this.get(id);
if (Claims.test(Claims.ADMIN, claims)) {
userToUpdate.isActive = patch.isActive ?? userToUpdate.isActive;
userToUpdate.isAdmin = patch.isAdmin ?? userToUpdate.isAdmin;
return new User(
UserId.fromID(record.id),
PlayerId.fromID(record.player_id),
record.email,
record.is_admin,
);
}
async getByEmail(email: string, claims?: Claims): Promise<User> {
const record: any = first(
await sql`SELECT *
FROM users
WHERE email = ${email}
AND is_active = true
LIMIT 1`,
);
if (!record) {
throw new NotFoundError('No matching user exists');
}
if (
claims &&
!(
claims.test(Claims.ADMIN, Claims.USERS.OTHER.READ) ||
(claims.test(Claims.USERS.SELF.READ) && record.id === claims?.userId.raw)
)
) {
throw new UnauthorizedError();
}
return new User(
UserId.fromID(record.id),
PlayerId.fromID(record.player_id),
record.email,
record.is_admin,
);
}
async update(id: UserId, patch: UpdateUserRequest, claims?: Claims): Promise<User> {
if (
claims &&
!(
claims.test(Claims.ADMIN, Claims.USERS.OTHER.UPDATE) ||
(claims.test(Claims.USERS.SELF.UPDATE) && id === claims?.userId)
)
) {
throw new UnauthorizedError();
}
const user = await this.get(id);
if (!claims || claims.test(Claims.ADMIN)) {
user.isActive = patch.isActive ?? user.isActive;
user.isAdmin = patch.isAdmin ?? user.isAdmin;
}
await sql`UPDATE users
SET is_active=${userToUpdate.isActive},
is_admin=${userToUpdate.isAdmin}
WHERE id = ${id.raw}`;
SET is_active=${user.isActive},
is_admin=${user.isAdmin}
WHERE id = ${id.raw}`;
return await this.get(id);
}
async drop(id: UserId, claims?: Claims): Promise<void> {
if (
claims &&
!(
Claims.test(Claims.ADMIN, claims) ||
Claims.test(Claims.USERS.OTHER.DELETE, claims) ||
(Claims.test(Claims.USERS.SELF.DELETE, claims) && id === claims?.userId)
claims.test(Claims.ADMIN, Claims.USERS.OTHER.DELETE) ||
(claims.test(Claims.USERS.SELF.DELETE) && id === claims?.userId)
)
) {
throw new UnauthorizedError();
@@ -133,49 +201,41 @@ export class UsersOrm {
return;
}
async verifyCredentials(
email: string,
password: string,
): Promise<{ userId: UserId; refreshCount: string } | null> {
const dbResult: any = first(
async verifyCredentials(email: string, password: string): Promise<{ userId: UserId; refreshCount: string } | null> {
const record: any = first(
await sql`SELECT *
FROM users
WHERE email = ${email}
AND is_active = true
limit 1`,
);
if (!dbResult) {
if (!record) {
throw new UnauthorizedError();
}
if (!(await argon2.verify(dbResult.pass_hash, password))) {
if (!(await argon2.verify(record.pass_hash, password))) {
return null;
}
return {
userId: UserId.fromID(dbResult.id),
refreshCount: dbResult.refresh_count,
userId: UserId.fromID(record.id),
refreshCount: record.refresh_count,
};
}
async verifyRefreshCount(id: UserId, refreshCount: string): Promise<boolean> {
const dbResult: any = first(
const record: any = first(
await sql`SELECT *
FROM users
WHERE id = ${id.raw}
LIMIT 1`,
);
return dbResult.refresh_count === refreshCount;
return record.refresh_count === refreshCount;
}
async changePassword(
id: UserId,
oldPassword: string | null,
newPassword: string,
claims?: Claims,
): Promise<void> {
const isAdmin = Claims.test(Claims.ADMIN, claims);
if (!(isAdmin || (Claims.test(Claims.USERS.SELF.UPDATE, claims) && id === claims?.userId))) {
async changePassword(id: UserId, oldPassword: string | null, newPassword: string, claims?: Claims): Promise<void> {
const isAdmin = claims?.test(Claims.ADMIN) ?? true;
if (!(isAdmin || (claims?.test(Claims.USERS.SELF.UPDATE) && id === claims?.userId))) {
throw new UnauthorizedError();
}
@@ -183,14 +243,14 @@ export class UsersOrm {
throw new BadRequestError('Password is required');
}
const dbUser: any = first(
const record: any = first(
await sql`SELECT *
FROM users
WHERE id = ${id.raw}
LIMIT 1`,
);
if (!isAdmin && !(await argon2.verify(dbUser.pass_hash, oldPassword as string))) {
if (!isAdmin && !(await argon2.verify(record.pass_hash, oldPassword as string))) {
throw new UnauthorizedError();
}

2
src/routes/auth.ts
View File

@@ -14,7 +14,7 @@ export default {
},
changePassword: {
':id': {
PATCH: guard(auth.changePassword, [Claims.ADMIN, Claims.USERS.SELF.UPDATE]),
PATCH: guard(auth.changePassword, Claims.ADMIN, Claims.USERS.SELF.UPDATE),
},
},
};

32
src/routes/circles.ts Normal file
View File

@@ -0,0 +1,32 @@
import { guard } from '../utilities/guard';
import { Claims } from '../orm/claims';
import circles from '../endpoints/circles';
export default {
'POST': guard(circles.create, Claims.ADMIN, Claims.CIRCLES.PUBLIC.CREATE, Claims.CIRCLES.PRIVATE.CREATE),
':id': {
GET: guard(
circles.get,
Claims.ADMIN,
Claims.CIRCLES.PUBLIC.READ,
Claims.CIRCLES.PRIVATE.READ,
Claims.CIRCLES.PRIVATE.READ_IF_MEMBER,
),
PATCH: guard(circles.update, Claims.ADMIN, Claims.CIRCLES.OWNED.UPDATE),
DELETE: guard(circles.drop, Claims.ADMIN, Claims.CIRCLES.OWNED.DELETE),
invite: {
POST: guard(
circles.invite,
Claims.ADMIN,
Claims.CIRCLES.PUBLIC.USERS.INVITE,
Claims.CIRCLES.OWNED.USERS.INVITE,
),
},
},
'search': {
':query': {
variants: [':pageSize/:page', ':page'],
GET: guard(circles.query, Claims.ADMIN, Claims.CIRCLES.PUBLIC.READ),
},
},
};

22
src/routes/collections.ts
View File

@@ -3,28 +3,20 @@ import { Claims } from '../orm/claims';
import collections from '../endpoints/collections';
export default {
'POST': guard(collections.create, [Claims.ADMIN, Claims.COLLECTIONS.CREATE]),
'POST': guard(collections.create, Claims.ADMIN, Claims.COLLECTIONS.CREATE),
':id': {
GET: guard(collections.get, [Claims.ADMIN, Claims.COLLECTIONS.UNOWNED.READ, Claims.COLLECTIONS.OWNED.READ]),
PATCH: guard(collections.update, [Claims.ADMIN, Claims.PLAYERS.OTHER.UPDATE, Claims.PLAYERS.SELF.UPDATE]),
DELETE: guard(collections.drop, [Claims.ADMIN, Claims.PLAYERS.OTHER.DELETE, Claims.PLAYERS.SELF.DELETE]),
GET: guard(collections.get, Claims.ADMIN, Claims.COLLECTIONS.UNOWNED.READ, Claims.COLLECTIONS.OWNED.READ),
PATCH: guard(collections.update, Claims.ADMIN, Claims.PLAYERS.OTHER.UPDATE, Claims.PLAYERS.SELF.UPDATE),
DELETE: guard(collections.drop, Claims.ADMIN, Claims.PLAYERS.OTHER.DELETE, Claims.PLAYERS.SELF.DELETE),
add: {
POST: guard(collections.addGame, [
Claims.ADMIN,
Claims.COLLECTIONS.UNOWNED.GAME.ADD,
Claims.COLLECTIONS.OWNED.GAME.ADD,
]),
POST: guard(collections.addGame, Claims.ADMIN, Claims.COLLECTIONS.OWNED.GAME.ADD),
},
remove: {
POST: guard(collections.removeGame, [
Claims.ADMIN,
Claims.COLLECTIONS.UNOWNED.GAME.REMOVE,
Claims.COLLECTIONS.OWNED.GAME.REMOVE,
]),
POST: guard(collections.removeGame, Claims.ADMIN, Claims.COLLECTIONS.OWNED.GAME.REMOVE),
},
},
'list': {
variants: [':pageSize/:page', ':page'],
GET: guard(collections.list, [Claims.ADMIN, Claims.COLLECTIONS.OWNED.LIST]),
GET: guard(collections.list, Claims.ADMIN, Claims.COLLECTIONS.OWNED.LIST),
},
};

10
src/routes/games.ts
View File

@@ -3,16 +3,16 @@ import { Claims } from '../orm/claims';
import games from '../endpoints/games';
export default {
'POST': guard(games.create, [Claims.ADMIN, Claims.GAMES.CREATE]),
'POST': guard(games.create, Claims.ADMIN, Claims.GAMES.CREATE),
':id': {
GET: guard(games.get, [Claims.ADMIN, Claims.GAMES.READ]),
PATCH: guard(games.update, [Claims.ADMIN, Claims.GAMES.UPDATE]),
DELETE: guard(games.drop, [Claims.ADMIN, Claims.GAMES.DELETE]),
GET: guard(games.get, Claims.ADMIN, Claims.GAMES.READ),
PATCH: guard(games.update, Claims.ADMIN, Claims.GAMES.UPDATE),
DELETE: guard(games.drop, Claims.ADMIN, Claims.GAMES.DELETE),
},
'search': {
':query': {
variants: [':pageSize/:page', ':page'],
GET: guard(games.query, [Claims.ADMIN, Claims.GAMES.READ]),
GET: guard(games.query, Claims.ADMIN, Claims.GAMES.READ),
},
},
};

2
src/routes/invites.ts
View File

@@ -3,7 +3,7 @@ import { Claims } from '../orm/claims';
import invite from '../endpoints/invites';
export default {
POST: guard(invite.create, [Claims.ADMIN, Claims.USERS.INVITE]),
POST: guard(invite.create, Claims.ADMIN, Claims.USERS.INVITE),
accept: {
POST: unwrapMethod(invite.accept),
},

14
src/routes/matches.ts Normal file
View File

@@ -0,0 +1,14 @@
import { guard } from '../utilities/guard';
import matches from '../endpoints/matches';
import { Claims } from '../orm/claims';
export default {
'POST': guard(matches.create, Claims.ADMIN, Claims.MATCHES.CREATE),
':id': {
GET: guard(matches.get, Claims.ADMIN, Claims.MATCHES.OWNED.READ, Claims.MATCHES.PARTICIPANT.READ),
DELETE: guard(matches.drop, Claims.ADMIN, Claims.MATCHES.OWNED.DELETE, Claims.USERS.SELF.UPDATE),
leave: {
POST: guard(matches.leave, Claims.MATCHES.PARTICIPANT.LEAVE),
},
},
};

10
src/routes/players.ts
View File

@@ -3,14 +3,14 @@ import { Claims } from '../orm/claims';
import player from '../endpoints/players';
export default {
'POST': guard(player.create, [Claims.ADMIN, Claims.PLAYERS.CREATE]),
'POST': guard(player.create, Claims.ADMIN, Claims.PLAYERS.CREATE),
':id': {
GET: guard(player.get, [Claims.ADMIN, Claims.PLAYERS.OTHER.READ, Claims.PLAYERS.SELF.READ]),
PATCH: guard(player.update, [Claims.ADMIN, Claims.PLAYERS.OTHER.UPDATE, Claims.PLAYERS.SELF.UPDATE]),
DELETE: guard(player.drop, [Claims.ADMIN, Claims.PLAYERS.OTHER.DELETE, Claims.PLAYERS.SELF.DELETE]),
GET: guard(player.get, Claims.ADMIN, Claims.PLAYERS.OTHER.READ, Claims.PLAYERS.SELF.READ),
PATCH: guard(player.update, Claims.ADMIN, Claims.PLAYERS.OTHER.UPDATE, Claims.PLAYERS.SELF.UPDATE),
DELETE: guard(player.drop, Claims.ADMIN, Claims.PLAYERS.OTHER.DELETE, Claims.PLAYERS.SELF.DELETE),
},
'list': {
variants: [':pageSize/:page', ':page'],
GET: guard(player.list, [Claims.ADMIN, Claims.PLAYERS.OTHER.READ]),
GET: guard(player.list, Claims.ADMIN, Claims.PLAYERS.OTHER.READ),
},
};

8
src/routes/users.ts
View File

@@ -3,10 +3,10 @@ import user from '../endpoints/users';
import { Claims } from '../orm/claims';
export default {
'POST': guard(user.create, [Claims.ADMIN, Claims.USERS.CREATE]),
'POST': guard(user.create, Claims.ADMIN, Claims.USERS.CREATE),
':id': {
GET: guard(user.get, [Claims.ADMIN, Claims.USERS.OTHER.READ, Claims.USERS.SELF.READ]),
PATCH: guard(user.update, [Claims.ADMIN, Claims.USERS.OTHER.UPDATE, Claims.USERS.SELF.UPDATE]),
DELETE: guard(user.drop, [Claims.ADMIN, Claims.USERS.OTHER.UPDATE, Claims.USERS.SELF.UPDATE]),
GET: guard(user.get, Claims.ADMIN, Claims.USERS.OTHER.READ, Claims.USERS.SELF.READ),
PATCH: guard(user.update, Claims.ADMIN, Claims.USERS.OTHER.UPDATE, Claims.USERS.SELF.UPDATE),
DELETE: guard(user.drop, Claims.ADMIN, Claims.USERS.OTHER.UPDATE, Claims.USERS.SELF.UPDATE),
},
};

54
src/utilities/claimDefinitions.ts
View File

@@ -29,49 +29,41 @@ export class ClaimDefinition {
};
public static readonly CIRCLES = {
PUBLIC: {
READ: 'CIRCLES_OWNED_READ',
CREATE: 'CIRCLES_PUBLIC_CREATE',
JOIN: 'CIRCLES_PUBLIC_JOIN',
USERS: {
ADD: 'CIRCLES_PUBLIC_USER_ADD',
LIST: 'CIRCLES_PUBLIC_USER_LIST',
INVITE: 'CIRCLES_PUBLIC_USER_INVITE',
},
COMMENTS: {
ADD: 'CIRCLES_PUBLIC_COMMENTS_ADD',
DELETE: 'CIRCLES_PUBLIC_COMMENTS_DELETE',
},
USERS: {
INVITE: 'CIRCLES_PUBLIC_USER_INVITE',
LIST: 'CIRCLES_PUBLIC_USER_LIST',
},
},
PRIVATE: {
READ: 'CIRCLES_PRIVATE_READ',
READ_IF_MEMBER: 'CIRCLES_PRIVATE_READ_IF_MEMBER',
CREATE: 'CIRCLES_PRIVATE_CREATE',
USERS: {
INVITE: 'CIRCLES_PRIVATE_USER_INVITE',
COMMENTS: {
ADD: 'CIRCLES_PRIVATE_COMMENTS_ADD',
},
},
OWNED: {
READ: 'CIRCLES_OWNED_READ',
UPDATE: 'CIRCLES_OWNED_UPDATE',
DELETE: 'CIRCLES_OWNED_DELETE',
USERS: {
PLAYERS: {
ADD: 'CIRCLES_OWNED_USER_ADD',
LIST: 'CIRCLES_OWNED_USER_LIST',
USERS: {
INVITE: 'CIRCLES_OWNED_USER_INVITE',
},
},
USERS: {
INVITE: 'CIRCLES_OWNED_USER_INVITE',
},
COMMENTS: {
ADD: 'CIRCLES_OWNED_COMMENTS_ADD',
DELETE: 'CIRCLES_OWNED_COMMENTS_DELETE',
},
},
UNOWNED: {
READ: 'CIRCLES_UNOWNED_READ',
UPDATE: 'CIRCLES_UNOWNED_UPDATE',
DELETE: 'CIRCLES_UNOWNED_DELETE',
COMMENTS: {
ADD: 'CIRCLES_UNOWNED_COMMENTS_ADD',
DELETE: 'CIRCLES_UNOWNED_COMMENTS_DELETE',
},
},
};
public static readonly GAMES = {
CREATE: 'GAMES_CREATE',
@@ -82,24 +74,24 @@ export class ClaimDefinition {
};
public static readonly MATCHES = {
CREATE: 'MATCHES_CREATE',
COMMENTS: {
ADD: 'MATCHES_UNOWNED_COMMENTS_ADD',
},
OWNED: {
READ: 'MATCHES_OWNED_READ',
UPDATE: 'MATCHES_OWNED_UPDATE',
DELETE: 'MATCHES_OWNED_DELETE',
COMMENTS: {
ADD: 'MATCHES_OWNED_COMMENTS_ADD',
DELETE: 'MATCHES_OWNED_COMMENTS_DELETE',
},
},
UNOWNED: {
READ: 'MATCHES_UNOWNED_READ',
UPDATE: 'MATCHES_UNOWNED_UPDATE',
DELETE: 'MATCHES_UNOWNED_DELETE',
PARTICIPANT: {
READ: 'MATCHES_PARTICIPANT_READ',
LEAVE: 'MATCHES_LEAVE',
COMMENTS: {
ADD: 'MATCHES_UNOWNED_COMMENTS_ADD',
DELETE: 'MATCHES_UNOWNED_COMMENTS_DELETE',
ADD: 'MATCHES_PARTICIPANT_COMMENTS_ADD',
},
},
}
};
public static readonly COLLECTIONS = {
CREATE: 'COLLECTIONS_CREATE',
@@ -120,10 +112,6 @@ export class ClaimDefinition {
READ: 'COLLECTIONS_UNOWNED_READ',
UPDATE: 'COLLECTIONS_UNOWNED_UPDATE',
DELETE: 'COLLECTIONS_UNOWNED_DELETE',
GAME: {
ADD: 'COLLECTIONS_UNOWNED_GAME_ADD',
REMOVE: 'COLLECTIONS_UNOWNED_GAME_REMOVE',
},
},
};
public static readonly COMMENTS = {

32
src/utilities/elo.ts
View File

@@ -1,32 +1,26 @@
import { orderBy } from 'lodash';
import { MatchParticipant } from '../orm/matches';
interface GamePlayer {
id: string;
elo: number;
gamesPlayed: number;
standing: number;
eloChange?: number;
}
export interface GamePlayed {
players: GamePlayer[];
}
export function calculateElos(game: GamePlayed, provisionalPeriod: number = 1): GamePlayed {
const orderedResults = orderBy(game.players, 'standing', 'asc');
export function calculateElos(players: MatchParticipant[], provisionalPeriod: number = 1): MatchParticipant[] {
const orderedResults = orderBy(players, (x:any) => parseInt(x.standing ?? 0), 'asc');
for (let i = 0; i < orderedResults.length - 1; i++) {
for (let j = i + 1; j < orderedResults.length; j++) {
const challengerResults = calculateEloChange(orderedResults[i].elo, orderedResults[j].elo);
const challengerResults = calculateEloChange(
orderedResults[i].elo,
orderedResults[j].elo,
orderedResults[i].standing === orderedResults[j].standing,
);
orderedResults[i].eloChange =
(orderedResults[i].eloChange ?? 0) +
challengerResults.winnerChange * Math.min(1, orderedResults[j].gamesPlayed / provisionalPeriod);
challengerResults.winnerChange *
Math.min(1, ((orderedResults[j].gamesPlayed as number) + 1) / provisionalPeriod);
orderedResults[j].eloChange =
(orderedResults[j].eloChange ?? 0) +
challengerResults.loserChange * Math.min(1, orderedResults[i].gamesPlayed / provisionalPeriod);
challengerResults.loserChange *
Math.min(1, ((orderedResults[i].gamesPlayed as number) + 1) / provisionalPeriod);
}
}
return {
players: orderedResults,
};
return orderedResults;
}
interface EloResult {

16
src/utilities/guard.ts
View File

@@ -6,10 +6,10 @@ import { Claims } from '../orm/claims';
export function guardRedirect(
method: (request: UnwrappedRequest<any>) => Promise<Response> | Response,
redirectMethod: Function,
guardedClaims: string[],
...guardedClaims: string[]
) {
try {
return guard(method, guardedClaims);
return guard(method, ...guardedClaims);
} catch (e) {
return redirectMethod();
}
@@ -17,19 +17,21 @@ export function guardRedirect(
export function guard(
method: (request: UnwrappedRequest<any>) => Promise<Response> | Response,
guardedClaims: string[],
...guardedClaims: string[]
): (r: Request) => Promise<Response> {
return async (request: Request): Promise<Response> => {
const authHeader: string | null =
(request.headers.get('Authorization')?.replace(/^Bearer /, '') as string) ?? null;
try {
const userClaims: Claims = new Claims(jwt.verify(authHeader as string, process.env.JWT_SECRET_KEY as string) as any);
if (!userClaims.claims.some((x: string): boolean => guardedClaims.includes(x))) {
const userClaims: Claims = new Claims(
jwt.verify(authHeader as string, process.env.JWT_SECRET_KEY as string) as any,
);
if (!userClaims.userId.raw || !userClaims.claims.some((x: string): boolean => guardedClaims.includes(x))) {
return new UnauthorizedResponse('Unauthorized');
}
return method(await unwrap(request, userClaims));
} catch (error: any) {
console.log(error)
console.log(error);
if (error instanceof TokenExpiredError) {
return new UnauthorizedResponse(error.message);
}
@@ -66,6 +68,6 @@ export function unwrapMethod<T = {}>(
): (r: Request) => Promise<Response> {
return async (request: Request) => {
const unwrappedRequest = await unwrap<T>(request);
return await methodToUnwrap(unwrappedRequest);
return methodToUnwrap(unwrappedRequest);
};
}

20
src/utilities/requestModels.ts
View File

@@ -49,4 +49,24 @@ export interface UpdateCollectionRequest {
}
export interface GameToCollectionRequest {
gameId: string;
}
export interface CreateMatchRequest {
gameId: string;
participants: { playerId: string; standing: number }[];
}
export interface CreateCircleRequest {
name: string;
isPublic: boolean;
imagePath?: string;
colour: string;
}
export interface UpdateCircleRequest {
name: string;
imagePath?: string;
colour: string;
}
export interface InviteToCircleRequest {
email?:string;
userId?:string;
playerId?:string;
}

10
src/utilities/responseHelper.ts
View File

@@ -1,5 +1,5 @@
import { BadRequestError, NotFoundError, UnauthorizedError } from './errors';
import { clamp, isArray } from 'lodash';
import { clamp, isArray, isObject } from 'lodash';
import { UnwrappedRequest } from './guard';
export class ErrorResponse extends Response {
@@ -52,11 +52,11 @@ export class OkResponse extends Response {
constructor(body?: any) {
if (body) {
return Response.json(
isArray(body)
? body
: {
isObject(body) && !isArray(body)
? {
...body,
},
}
: body,
{
status: 200,
headers: {

1
src/utilities/routeBuilder.ts
View File

@@ -28,6 +28,7 @@ export function buildRoute(
const endpointDefinition = {
POST: route.POST,
GET: route.GET,
PATCH: route.PATCH,
PUT: route.PUT,
DELETE: route.DELETE,
};

67
src/utilities/secureIds.ts
View File

@@ -17,7 +17,7 @@ class SecureId {
constructor(id: { public?: string; secure?: string }, hashScheme?: HashIds) {
this.#hashScheme = hashScheme ?? (this.constructor as any).hashScheme;
if (id.public) {
if (id.public !== undefined) {
this.value = id.public;
} else if (id.secure) {
this.raw = id.secure;
@@ -66,59 +66,104 @@ class SecureId {
export class UserId extends SecureId {
protected static override hashPrefix: string = 'UserId';
// This method exists to force type errors when using an incorrect ID class.
#uniqueMethodUser(){}
public static fromHash(hash: string): UserId {
return super.fromHash(hash, UserId);
return super.fromHash(hash, UserId) as UserId;
}
public static fromID(id: string): UserId {
return super.fromID(id, UserId);
return super.fromID(id, UserId) as UserId;
}
}
export class PlayerId extends SecureId {
protected static override hashPrefix: string = 'PlayerId';
// This method exists to force type errors when using an incorrect ID class.
#uniqueMethodPlayer(){}
public static fromHash(hash: string): PlayerId {
return super.fromHash(hash, PlayerId);
return super.fromHash(hash, PlayerId) as PlayerId;
}
public static fromID(id: string): PlayerId {
return super.fromID(id, PlayerId);
return super.fromID(id, PlayerId) as PlayerId;
}
}
export class InviteId extends SecureId {
protected static override hashPrefix: string = 'InviteId';
// This method exists to force type errors when using an incorrect ID class.
#uniqueMethodInvite(){}
public static fromHash(hash: string): InviteId {
return super.fromHash(hash, InviteId);
return super.fromHash(hash, InviteId) as InviteId;
}
public static fromID(id: string): InviteId {
return super.fromID(id, InviteId);
return super.fromID(id, InviteId) as InviteId;
}
}
export class GameId extends SecureId {
protected static override hashPrefix: string = 'GameId';
// This method exists to force type errors when using an incorrect ID class.
#uniqueMethodGame(){}
public static fromHash(hash: string): GameId {
return super.fromHash(hash, GameId);
return super.fromHash(hash, GameId) as GameId;
}
public static fromID(id: string): GameId {
return super.fromID(id, GameId);
return super.fromID(id, GameId) as GameId;
}
}
export class CollectionId extends SecureId {
protected static override hashPrefix: string = 'CollectionId';
// This method exists to force type errors when using an incorrect ID class.
#uniqueMethodCollection(){}
public static fromHash(hash: string): CollectionId {
return super.fromHash(hash, CollectionId);
return super.fromHash(hash, CollectionId) as CollectionId;
}
public static fromID(id: string): CollectionId {
return super.fromID(id, CollectionId);
return super.fromID(id, CollectionId) as CollectionId;
}
}
export class MatchId extends SecureId {
protected static override hashPrefix: string = 'MatchId';
// This method exists to force type errors when using an incorrect ID class.
#uniqueMethodMatch(){}
public static fromHash(hash: string): MatchId {
return super.fromHash(hash, MatchId) as MatchId;
}
public static fromID(id: string): MatchId {
return super.fromID(id, MatchId) as MatchId;
}
}
export class CircleId extends SecureId {
protected static override hashPrefix: string = 'CircleId';
// This method exists to force type errors when using an incorrect ID class.
#uniqueMethodCircle(){}
public static fromHash(hash: string): CircleId {
return super.fromHash(hash, CircleId) as CircleId;
}
public static fromID(id: string): CircleId {
return super.fromID(id, CircleId) as CircleId;
}
}