push de la fleme

LICENSE

@@ -1,9 +0,0 @@
-MIT License
-
-Copyright (c) 2024 WorkSimplon
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -1,2 +1,3 @@
-# brief-04-back
+# brief-03-back
 
+<img src="./arkit.svg"/>

biome.json

@@ -8,7 +8,8 @@
 		"rules": {
 			"recommended": true,
 			"performance": {
-				"recommended": true
+				"recommended": true,
+				"noDelete": "off"
 			}
 		}
 	}

controllers/AuthController.js

@@ -142,7 +142,6 @@ async function loginUser(req, res) {
     .json(LoginServiceResult);
 }
 
-//TODO - To test
 async function getAllUsers(req, res) {
   const authHeader = req.headers.authorization;
   const bearerToken = authHeader.split(' ')[1];
@@ -173,17 +172,32 @@ async function getAllUsers(req, res) {
       .json(AllUserResponse);
 }
 
-//TODO - To test
 /**
- * Get user from the database based on the provided user ID and return it as a response.
+ * Retrieves a user from the database based on the user ID.
  *
- * @async
+ * @param {object} req - The request object.
- * @param {object} req - The request object containing the user ID as a parameter.
+ * @param {object} res - The response object.
- * @param {object} res - The response object to be used for sending the user data or error.
+ * @returns {Promise} A promise that resolves to the user object if found, or an error response if not found or unauthorized.
- * @return {Promise<void>} - A Promise that resolves when the user data is sent to the client or an error occurred.
+ * @throws {Error} If an error occurs while retrieving the user or verifying the bearer token.
  */
 async function getUser(req, res) {
-  const userId = req.params.userId;
+  const authHeader = req.headers.authorization;
+  const bearerToken = authHeader.split(' ')[1];
+  const payload = await JwtVerify(bearerToken);
+  const sourceUser = await getUserFromIdService(payload.sub)
+  if (!sourceUser) {
+    return res
+      .type('application/json')
+      .status(404)
+      .json({ error: 'You dont exist anymore' });
+  }
+  if (!sourceUser.isAdmin) {
+    return res
+      .type('application/json')
+      .status(403)
+      .json({ error: 'Unauthorized' });
+  }
+  const userId = req.params.id;
   const dbUser = await getUserFromIdService(userId);
   if (!dbUser) {
     logger.warn(`User not found (${req.ip})`);
@@ -192,13 +206,25 @@ async function getUser(req, res) {
       .status(404)
       .json({ error: 'User not found' });
   }
+  // biome-ignore lint/performance/noDelete: <explanation>
+  delete dbUser.passwordHash
+  // biome-ignore lint/performance/noDelete: <explanation>
+  delete dbUser._id
   return res
     .type('application/json')
     .status(200)
     .json(dbUser);
 }
 
-//TODO - To test
+//TODO - Implement reauth by current password in case of password change
+/**
+ * Edits the user's information.
+ *
+ * @async
+ * @param {Object} req - The request object.
+ * @param {Object} res - The response object.
+ * @return {Object} The modified user's information.
+ */
 async function editUser(req, res) {
   const body = req.body;
   if (!body) {
@@ -215,9 +241,10 @@ async function editUser(req, res) {
   /**
    * Represents the user ID that is the target for a specific operation.
    *
-   * @type {string|number}
+   * @type {string}
    */
-  const targetUserId = body.targetId | payload.sub
+  const targetUserId = req.params.id || payload.sub
+  console.log(targetUserId)
 
   if (!sourceUser) {
     logger.warn(`Unauthorized access attempt (${req.ip})`);
@@ -238,6 +265,7 @@ async function editUser(req, res) {
     if (body.firstName) modifiedData.firstName = `${body.firstName}`;
     if (body.lastName) modifiedData.lastName = `${body.lastName}`;
     if (body.displayName) modifiedData.displayName = `${body.displayName}`;
+    // Case handled with hashing by the service.
     if (body.password) modifiedData.password = `${body.password}`;
 
     //Call service
@@ -271,14 +299,19 @@ async function editUser(req, res) {
 
   }
 
-//TODO - To test
+/**
+ * Deletes a user.
+ *
+ * @param {object} req - The request object.
+ * @param {object} res - The response object.
+ * @return {object} The response object with appropriate status and response body.
+ */
 async function deleteUser(req, res) {
-  const body = req.body;
   const authHeader = req.headers.authorization;
   const bearerToken = authHeader.split(' ')[1];
   const payload = await JwtVerify(bearerToken);
   const sourceUser = await getUserFromIdService(payload.sub)
-  const targetUserId = body.targetId | payload.sub
+  const targetUserId = req.params.id
   if (!sourceUser) {
     logger.warn(`Unauthorized access attempt (${req.ip})`);
     return res
@@ -325,10 +358,12 @@ async function getSelf(req, res) {
     .type('application/json')
     .status(200)
     .json({
+      id: dbUser.id,
       username: dbUser.username,
       displayName: dbUser.displayName,
       firstName: dbUser.firstName,
-      lastName: dbUser.lastName
+      lastName: dbUser.lastName,
+      isAdmin: dbUser.isAdmin
     });
 }
 

controllers/EventController.js

@@ -8,9 +8,14 @@ const {
 
 const {
   getAllEventsService,
-  getEventFromIdService, alterUserSubscribedEventStateService, getUserSubscribedEventService
+  getEventFromIdService,
+  alterUserSubscribedEventStateService,
+  getUserSubscribedEventService, createEventService, editEventService, deleteEventService
 } = require("../services/EventService");
 
+const {Logger} = require('tslog')
+const logger = new Logger({ name: "Event Controller" });
+
 //TODO - To test
 /**
  * Retrieves all events.
@@ -54,7 +59,9 @@ async function getEvent(req, res) {
   return res.status(200).json(result);
 }
 
-//TODO Owner user, admin user             ===
+//TODO Get owned event
+
+//TODO - To test
 async function editEvent(req, res) {
   const body = req.body;
   const authHeader = req.headers.authorization;
@@ -69,26 +76,101 @@ async function editEvent(req, res) {
   if (!eventTargetId) {
     res.status(400).json({ message: "Event target ID is missing" });
   }
+  // biome-ignore lint/style/useConst: <explanation>
+  let modifiedData= {}
+  if (body.title) modifiedData.title = `${body.title}`;
+  if (body.subTitle) modifiedData.subTitle = `${body.subTitle}`;
+  if (body.base64Banner) modifiedData.base64Banner = `${body.base64Banner}`;
+  if (body.desc) modifiedData.desc = `${body.desc}`;
+  if (body.date) modifiedData.date = `${body.date}`;
+  if (body.were) modifiedData.were = `${body.were}`;
+  if (body.maxMembers) modifiedData.maxMembers = `${body.maxMembers}`;
 
+  const editEventResult = await editEventService(`${eventTargetId}`, modifiedData);
+
+  if (editEventResult.error === 'eventNotFound') {
+      return res.status(500).json({
+        error: 'editFailed',
+        message: 'Failed to edit event'
+      });
+  }
+  return res.status(200).json({
+      message: "Event edited successfully"
+  });
 }
 
-//TODO Owner user, admin user             ===
+//TODO - To test
 async function deleteEvent(req, res) {
   const authHeader = req.headers.authorization;
   const bearerToken = authHeader.split(' ')[1];
   const payload = await JwtVerify(bearerToken);
   const sourceUser = await getUserFromIdService(payload.sub)
+  const eventId = req.params.id;
+  if (!eventId) {
+    res.status(400).json({ message: "Event ID is missing" });
   }
-
+  const Event = getEventFromIdService(eventId)
-//TODO Event creation by logged user      ===
+  if (!Event) {
-async function createNewEvent(req, res) {
+    return res.status(404).json({ message: "Event not found" });
-  const authHeader = req.headers.authorization;
+  }
-  const bearerToken = authHeader.split(' ')[1];
+  if (Event.authorId !== sourceUser.id && !sourceUser.isAdmin) {
-  const payload = await JwtVerify(bearerToken);
+    return res.status(403).json({ message: "Unauthorized request" });
-  const sourceUser = await getUserFromIdService(payload.sub)
+  }
+  const deleteEventResult = await deleteEventService(Event.id)
+  if (!deleteEventResult) {
+      return res.status(500).json({
+          error: 'deleteFailed',
+          message: 'Failed to delete event'
+      });
+  }
+  return res.status(200).json({
+      message: "Event deleted successfully"
+  });
 }
 
 //TODO - To test
+async function createNewEvent(req, res) {
+  const body = req.body;
+  if (!body.title || !body.subTitle || !body.base64Banner || !body.desc || !body.date || !body.were || !body.maxMembers) {
+    logger.warn(`Field(s) missing (${req.ip})`);
+    return res
+      .type('application/json')
+      .status(400)
+      .json({ error: 'Field(s) missing' });
+  }
+  const authHeader = req.headers.authorization;
+  const bearerToken = authHeader.split(' ')[1];
+  const payload = await JwtVerify(bearerToken);
+  const sourceUser = await getUserFromIdService(payload.sub);
+  const targetUserId = body.authorId || sourceUser.id
+  if (targetUserId !== sourceUser.id && !sourceUser.isAdmin) {
+    return res.status(403).json({
+      error: "unauthorized",
+      message: "Unauthorized request"
+    });
+  }
+
+  // biome-ignore lint/style/useConst: <explanation>
+  let sanitizedData= {}
+  if (body.title) sanitizedData.title = `${body.title}`;
+  if (body.subTitle) sanitizedData.subTitle = `${body.subTitle}`;
+  if (body.base64Banner) sanitizedData.base64Banner = `${body.base64Banner}`;
+  if (body.desc) sanitizedData.desc = `${body.desc}`;
+  if (body.date) sanitizedData.date = `${body.date}`;
+  if (body.were) sanitizedData.were = `${body.were}`;
+  if (body.maxMembers) sanitizedData.maxMembers = `${body.maxMembers}`;
+
+  const createdEventResult = await createEventService(targetUserId, sanitizedData)
+
+  if (createdEventResult.error === 'createFailed') {
+    return res.status(500).json({
+      error: 'createFailed',
+      message: 'Failed to create event'
+    });
+  }
+  return res.status(200).json(createdEventResult.eventId);
+}
+
 /**
  * Retrieves the subscribed event for the specified user.
  *
@@ -101,11 +183,7 @@ async function getSubscribedEvent(req, res) {
   const bearerToken = authHeader.split(' ')[1];
   const payload = await JwtVerify(bearerToken);
   const sourceUser = await getUserFromIdService(payload.sub)
-  const targetId = body.targetId || sourceUser.id;
+  const subscribedEventResult = await getUserSubscribedEventService(sourceUser.id);
-  if (targetId !== sourceUser.id && !sourceUser.isAdmin) {
-    res.status(403).json({ message: "Unauthorized request" });
-  }
-  const subscribedEventResult = await getUserSubscribedEventService(targetId);
   if (subscribedEventResult.error === 'noSubscribedEventFound') {
     return res
       .type('application/json')

controllers/routes/auth/index.js

@@ -7,7 +7,8 @@ const {
   registerUser,
   getUser,
   editUser,
-  deleteUser
+  deleteUser,
+  getAllUsers
 } = require("../../AuthController");
 const {validateJWT} = require("../../../middlewares/AuthorizationMiddleware");
 
@@ -15,6 +16,7 @@ router.route("/login").post(loginUser)
 router.route("/register").post(registerUser)
 
 router.route("/me").get(validateJWT, getSelf)
+router.route("/all").get(validateJWT, getAllUsers)
 
 router.route("/:id").get(validateJWT, getUser)
 router.route("/:id").patch(validateJWT, editUser)

controllers/routes/event/index.js

@@ -13,6 +13,7 @@ const {
 const {validateJWT} = require("../../../middlewares/AuthorizationMiddleware");
 
 router.route("/all").get(getAllEvent)
+//TODO Get owned event
 router.route("/subscribed").get(validateJWT, getSubscribedEvent)
 router.route("/subscribed").post(validateJWT, alterSubscribedEventState)
 router.route("/new").post(validateJWT, createNewEvent)

models/Event.js

@@ -34,4 +34,4 @@ class Event {
         this.members = this.members.filter(member => member !== id);
   }
 }
-module.exports = Event;
+module.exports = {Event};

services/EventService.js

@@ -3,7 +3,7 @@ let Db = null
 getDatabase("brief04").then((value)=>{Db = value})
 
 const { Logger } = require('tslog');
-
+const {Event} = require('../models/Event')
 const logger = new Logger({ name: "Auth Controller" });
 
 //TODO Better return error integration                  ===
@@ -16,6 +16,8 @@ async function getEventFromIdService(id) {
   return await Db.collection("events").findOne({id: id});
 }
 
+//TODO Get owned event
+
 //TODO - To test
 /**
  * Retrieves all events from the database.
@@ -66,7 +68,6 @@ async function getAllEventsService(sourceId) {
   }
 }
 
-//TODO - To test
 /**
  * Retrieves the subscribed event(s) for a given user.
  *
@@ -87,9 +88,8 @@ async function getAllEventsService(sourceId) {
 async function getUserSubscribedEventService(targetId) {
   const subscribedEvent =  await Db.collection("events").find({
     members: {
-      $eltMatch: {
+      $in: [`${targetId}`]
-        $eq: {targetId}
+    }}).toArray();
-      }}}).toArray();
   if (!subscribedEvent) {
     logger.error(`No subscribed event found for USERID:${targetId}`)
     return {
@@ -183,11 +183,64 @@ async function editEventService(eventId, sanitizedData) {
 }
 
 //TODO Delete event - Owner || Admin                    ===
+async function deleteEventService(eventId) {
+  const deletedEventResult = await Db.collection("events").deleteOne({id: eventId});
+  if (deletedEventResult.deletedCount === 0) {
+    logger.error(`Failed to delete event (${eventId})`);
+    return { error: "deleteFailed" };
+  }
+  logger.info(`Event deleted successfully (${eventId})`);
+  return { error: "none" };
+}
+
+//TODO - To test
+/**
+ * Create a new event and store it in the database.
+ *
+ * @param {string} ownerId - The ID of the event owner.
+ * @param {object} sanitizedData - The sanitized data object containing event details.
+ * @return {object} - An object indicating the success or failure of the event creation.
+ */
+async function createEventService(ownerId, sanitizedData) {
+  const newEvent = new Event(
+    `${sanitizedData.title}`,
+    `${sanitizedData.subTitle}`,
+    `${sanitizedData.base64Banner}`,
+    `${sanitizedData.desc}`,
+    `${sanitizedData.date}`,
+    `${sanitizedData.were}`,
+    Number.parseInt(`${sanitizedData.maxMembers}`),
+    `${ownerId}`,)
+  const event = {
+    id: newEvent.id,
+    title: newEvent.title,
+    subTitle: newEvent.subTitle,
+    base64Banner: newEvent.base64Banner,
+    desc: newEvent.desc,
+    date: newEvent.date,
+    were: newEvent.were,
+    maxMembers: newEvent.maxMembers,
+    authorId: newEvent.authorId,
+    members: newEvent.members
+  };
+  const insertedEventResult = await Db.collection("events").insertOne(event);
+  if (insertedEventResult.insertedCount === 0) {
+    logger.error(`Failed to create event (${event.id})`);
+    return { error: "createFailed" };
+  }
+  logger.info(`Event created successfully (${event.id})`);
+  return {
+    error: "none",
+    eventId: event.id
+  };
+}
 
 module.exports = {
   getEventFromIdService,
   getAllEventsService,
   getUserSubscribedEventService,
   alterUserSubscribedEventStateService,
-  editEventService
+  editEventService,
+  createEventService,
+  deleteEventService
 }

services/UserService.js

@@ -174,6 +174,12 @@ async function LoginService(sanitizedData) {
  */
 async function getAllUsersService() {
   const users = await Db.collection("users").find().toArray();
+  // biome-ignore lint/complexity/noForEach: <explanation>
+  users.forEach(user => {
+    delete user.passwordHash
+    delete user._id
+    delete user.gdpr
+  });
   logger.info(`Query ${users.length} user(s)`)
   return {
     iat: Date.now(),
@@ -192,6 +198,12 @@ async function getAllUsersService() {
  *                    Otherwise, the error property will be a string "none".
  */
 async function editUserService(targetId, sanitizedData) {
+  if (sanitizedData.password) {
+    const passwordHash = await getHashFromPassword(sanitizedData.password)
+    delete sanitizedData.password
+    logger.info(`Changing password for user "${targetId}"`)
+    sanitizedData.passwordHash = passwordHash
+  }
   const updatedUserResult = await Db.collection("users").updateOne({id: targetId}, {$set: sanitizedData});
   if (updatedUserResult.modifiedCount === 0) {
     logger.info(`EDIT :> User not found (${targetId})`);