ENCOA-263

2024-12-11 22:00:43 +00:00
parent ce35ba71f4
commit 1a7d35317b
10 changed files with 234 additions and 194 deletions
--- a/src/pages/api/code/index.ts
+++ b/src/pages/api/code/index.ts
@@ -6,6 +6,12 @@ import { sessionOptions } from "@/lib/session";
 import { Code, Group, Type } from "@/interfaces/user";
 import { PERMISSIONS } from "@/constants/userPermissions";
 import { prepareMailer, prepareMailOptions } from "@/email";
+import { isAdmin } from "@/utils/users";
+import { requestUser } from "@/utils/api";
+import { doesEntityAllow } from "@/utils/permissions";
+import { getEntity, getEntityWithRoles } from "@/utils/entities.be";
+import { findBy } from "@/utils";
+import { EntityWithRoles } from "@/interfaces/entity";

 const db = client.db(process.env.MONGODB_DB);

@@ -25,117 +31,98 @@ async function get(req: NextApiRequest, res: NextApiResponse) {
 		return;
 	}

-	const { creator } = req.query as { creator?: string };
-	const snapshot = await db.collection("codes").find(creator ? { creator: creator } : {}).toArray();
+	const { entity } = req.query as { entity?: string };
+	const snapshot = await db.collection("codes").find(entity ? { entity } : {}).toArray();

 	res.status(200).json(snapshot);
 }

-async function post(req: NextApiRequest, res: NextApiResponse) {
-	if (!req.session.user) {
-		res.status(401).json({ ok: false, reason: "You must be logged in to generate a code!" });
-		return;
+const generateAndSendCode = async (
+	code: string,
+	type: Type,
+	expiryDate: null | Date,
+	entity?: string,
+	info?: {
+		email: string; name: string; passport_id?: string
+	}) => {
+	if (!info) {
+		await db.collection("codes").insertOne({
+			code, type, expiryDate, entity
+		})
+		return true
 	}

-	const { type, codes, infos, expiryDate } = req.body as {
+	const previousCode = await db.collection("codes").findOne<Code>({ email: info.email, entity })
+
+	const transport = prepareMailer();
+	const mailOptions = prepareMailOptions(
+		{
+			type,
+			code: previousCode ? previousCode.code : code,
+			environment: process.env.ENVIRONMENT,
+		},
+		[info.email.toLowerCase().trim()],
+		"EnCoach Registration",
+		"main",
+	);
+
+	try {
+		await transport.sendMail(mailOptions);
+		if (!previousCode) {
+			await db.collection("codes").insertOne({
+				code, type, expiryDate, entity, name: info.name.trim(), email: info.email.trim().toLowerCase(),
+				...(info.passport_id ? { passport_id: info.passport_id.trim() } : {})
+			})
+		}
+
+		return true;
+	} catch (e) {
+		return false;
+	}
+}
+
+const countAvailableCodes = async (entity: EntityWithRoles) => {
+	const usedUp = await db.collection("codes").countDocuments({ entity: entity.id })
+	const total = entity.licenses
+
+	return total - usedUp
+}
+
+async function post(req: NextApiRequest, res: NextApiResponse) {
+	const user = await requestUser(req, res)
+	if (!user) return res.status(401).json({ ok: false, reason: "You must be logged in to generate a code!" });
+
+	const { type, codes, infos, expiryDate, entity } = req.body as {
 		type: Type;
 		codes: string[];
-		infos?: { email: string; name: string; passport_id?: string }[];
+		infos?: { email: string; name: string; passport_id?: string, code: string }[];
 		expiryDate: null | Date;
+		entity?: string
 	};
-	const permission = PERMISSIONS.generateCode[type];

-	if (!permission.includes(req.session.user.type)) {
-		res.status(403).json({
-			ok: false,
-			reason: "Your account type does not have permissions to generate a code for that type of user!",
-		});
-		return;
-	}
+	if (!entity && !isAdmin(user))
+		return res.status(403).json({ ok: false, reason: "You must be an admin to generate a code without an entity!" });

-	const userCodes = await db.collection("codes").find<Code>({ creator: req.session.user.id }).toArray()
-	const creatorGroupsSnapshot = await db.collection("groups").find<Group>({ admin: req.session.user.id }).toArray()
+	const entityObj = entity ? await getEntityWithRoles(entity) : undefined
+	const isAllowed = entityObj ? doesEntityAllow(user, entityObj, 'create_code') : true
+	if (!isAllowed) return res.status(403).json({ ok: false, reason: "You do not have permissions to generate a code!" });

-	const creatorGroups = creatorGroupsSnapshot.filter((x) => x.name === "Students" || x.name === "Teachers" || x.name === "Corporate");
-	const usersInGroups = creatorGroups.flatMap((x) => x.participants);
-
-
-	if (req.session.user.type === "corporate") {
-		const totalCodes = userCodes.filter((x) => !x.userId || !usersInGroups.includes(x.userId)).length + usersInGroups.length + codes.length;
-		const allowedCodes = 0;
-
-		if (totalCodes > allowedCodes) {
-			res.status(403).json({
+	if (entityObj) {
+		const availableCodes = await countAvailableCodes(entityObj)
+		if (availableCodes < codes.length)
+			return res.status(400).json({
 				ok: false,
-				reason: `You have or would have exceeded your amount of allowed codes, you currently are allowed to generate ${allowedCodes - userCodes.length
-					} codes.`,
-			});
-			return;
-		}
+				reason: `You only have ${availableCodes} codes available, while trying to create ${codes.length} codes`
+			})
+	}
+	const valid = []
+	for (const code of codes) {
+		const info = findBy(infos || [], 'code', code)
+		const isValid = await generateAndSendCode(code, type, expiryDate, entity, info)
+		valid.push(isValid)
 	}

-	const codePromises = codes.map(async (code, index) => {
-		const codeRef = await db.collection("codes").findOne<Code>({ id: code });
-		let codeInformation = {
-			type,
-			code,
-			creator: req.session.user!.id,
-			creationDate: new Date().toISOString(),
-			expiryDate,
-		};
-
-		if (infos && infos.length > index) {
-			const { email, name, passport_id } = infos[index];
-			const previousCode = userCodes.find((x) => x.email === email) as Code;
-
-			const transport = prepareMailer();
-			const mailOptions = prepareMailOptions(
-				{
-					type,
-					code: previousCode ? previousCode.code : code,
-					environment: process.env.ENVIRONMENT,
-				},
-				[email.toLowerCase().trim()],
-				"EnCoach Registration",
-				"main",
-			);
-
-			try {
-				await transport.sendMail(mailOptions);
-
-				if (!previousCode && codeRef) {
-					await db.collection("codes").updateOne(
-						{ id: codeRef.id },
-						{
-							$set: {
-								id: codeRef.id,
-								...codeInformation,
-								email: email.trim().toLowerCase(),
-								name: name.trim(),
-								...(passport_id ? { passport_id: passport_id.trim() } : {}),
-							}
-						},
-						{ upsert: true }
-					);
-				}
-
-				return true;
-			} catch (e) {
-				return false;
-			}
-		} else {
-			// upsert: true -> if it doesnt exist insert
-			await db.collection("codes").updateOne(
-				{ id: code },
-				{ $set: { id: code, ...codeInformation } },
-				{ upsert: true }
-			);
-		}
-	});
-
-	Promise.all(codePromises).then((results) => {
-		res.status(200).json({ ok: true, valid: results.filter((x) => x).length });
-	});
+	return res.status(200).json({ ok: true, valid: valid.length });
 }

 async function del(req: NextApiRequest, res: NextApiResponse) {
--- a/src/pages/api/register.ts
+++ b/src/pages/api/register.ts
@@ -1,13 +1,15 @@
-import {NextApiRequest, NextApiResponse} from "next";
-import {createUserWithEmailAndPassword, getAuth} from "firebase/auth";
-import {app} from "@/firebase";
-import {sessionOptions} from "@/lib/session";
-import {withIronSessionApiRoute} from "iron-session/next";
-import {Code, CorporateInformation, DemographicInformation, Group, Type} from "@/interfaces/user";
-import {addUserToGroupOnCreation} from "@/utils/registration";
+import { NextApiRequest, NextApiResponse } from "next";
+import { createUserWithEmailAndPassword, getAuth } from "firebase/auth";
+import { app } from "@/firebase";
+import { sessionOptions } from "@/lib/session";
+import { withIronSessionApiRoute } from "iron-session/next";
+import { Code, CorporateInformation, DemographicInformation, Group, Type } from "@/interfaces/user";
+import { addUserToGroupOnCreation } from "@/utils/registration";
 import moment from "moment";
-import {v4} from "uuid";
+import { v4 } from "uuid";
 import client from "@/lib/mongodb";
+import { addUserToEntity, getEntityWithRoles } from "@/utils/entities.be";
+import { findBy } from "@/utils";

 const auth = getAuth(app);
 const db = client.db(process.env.MONGODB_DB);
@@ -29,7 +31,7 @@ const DEFAULT_LEVELS = {
 };

 async function register(req: NextApiRequest, res: NextApiResponse) {
-	const {type} = req.body as {
+	const { type } = req.body as {
 		type: "individual" | "corporate";
 	};

@@ -38,19 +40,18 @@ async function register(req: NextApiRequest, res: NextApiResponse) {
 }

 async function registerIndividual(req: NextApiRequest, res: NextApiResponse) {
-	const {email, passport_id, password, code} = req.body as {
+	const { email, passport_id, password, code } = req.body as {
 		email: string;
 		passport_id?: string;
 		password: string;
 		code?: string;
 	};

-	const codeDoc = await db.collection("codes").findOne<Code>({code});
+	const codeDoc = await db.collection("codes").findOne<Code>({ code });
+
+	if (code && code.length > 0 && !codeDoc)
+		return res.status(400).json({ error: "Invalid Code!" });

-	if (code && code.length > 0 && !!codeDoc) {
-		res.status(400).json({error: "Invalid Code!"});
-		return;
-	}

 	createUserWithEmailAndPassword(auth, email.toLowerCase(), password)
 		.then(async (userCredentials) => {
@@ -69,7 +70,7 @@ async function registerIndividual(req: NextApiRequest, res: NextApiResponse) {
 				focus: "academic",
 				type: email.endsWith("@ecrop.dev") ? "developer" : codeDoc ? codeDoc.type : "student",
 				subscriptionExpirationDate: codeDoc ? codeDoc.expiryDate : moment().subtract(1, "days").toISOString(),
-				...(passport_id ? {demographicInformation: {passport_id}} : {}),
+				...(passport_id ? { demographicInformation: { passport_id } } : {}),
 				registrationDate: new Date().toISOString(),
 				status: code ? "active" : "paymentDue",
 				// apparently there's an issue with the verification email system
@@ -80,23 +81,29 @@ async function registerIndividual(req: NextApiRequest, res: NextApiResponse) {
 			await db.collection("users").insertOne(user);

 			if (!!codeDoc) {
-				await db.collection("codes").updateOne({code: codeDoc.code}, {$set: {userId}});
-				if (codeDoc.creator) await addUserToGroupOnCreation(userId, codeDoc.type, codeDoc.creator);
+				await db.collection("codes").updateOne({ code: codeDoc.code }, { $set: { userId } });
+				if (codeDoc.entity) {
+					const inviteEntity = await getEntityWithRoles(codeDoc.entity)
+					if (inviteEntity) {
+						const defaultRole = findBy(inviteEntity.roles, 'isDefault', true)!
+						await addUserToEntity(userId, codeDoc.entity, defaultRole.id)
+					}
+				}
 			}

 			req.session.user = user;
 			await req.session.save();

-			res.status(200).json({user});
+			res.status(200).json({ user });
 		})
 		.catch((error) => {
 			console.log(error);
-			res.status(401).json({error});
+			res.status(401).json({ error });
 		});
 }

 async function registerCorporate(req: NextApiRequest, res: NextApiResponse) {
-	const {email, password} = req.body as {
+	const { email, password } = req.body as {
 		email: string;
 		password: string;
 		corporateInformation: CorporateInformation;
@@ -155,10 +162,10 @@ async function registerCorporate(req: NextApiRequest, res: NextApiResponse) {
 			req.session.user = user;
 			await req.session.save();

-			res.status(200).json({user});
+			res.status(200).json({ user });
 		})
 		.catch((error) => {
 			console.log(error);
-			res.status(401).json({error});
+			res.status(401).json({ error });
 		});
 }