ENCOA-263
This commit is contained in:
Tiago Ribeiro
@@ -6,6 +6,12 @@ import { sessionOptions } from "@/lib/session";
|
||||
import { Code, Group, Type } from "@/interfaces/user";
|
||||
import { PERMISSIONS } from "@/constants/userPermissions";
|
||||
import { prepareMailer, prepareMailOptions } from "@/email";
|
||||
import { isAdmin } from "@/utils/users";
|
||||
import { requestUser } from "@/utils/api";
|
||||
import { doesEntityAllow } from "@/utils/permissions";
|
||||
import { getEntity, getEntityWithRoles } from "@/utils/entities.be";
|
||||
import { findBy } from "@/utils";
|
||||
import { EntityWithRoles } from "@/interfaces/entity";
|
||||
|
||||
const db = client.db(process.env.MONGODB_DB);
|
||||
|
||||
@@ -25,117 +31,98 @@ async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
return;
|
||||
}
|
||||
|
||||
const { creator } = req.query as { creator?: string };
|
||||
const snapshot = await db.collection("codes").find(creator ? { creator: creator } : {}).toArray();
|
||||
const { entity } = req.query as { entity?: string };
|
||||
const snapshot = await db.collection("codes").find(entity ? { entity } : {}).toArray();
|
||||
|
||||
res.status(200).json(snapshot);
|
||||
}
|
||||
|
||||
async function post(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) {
|
||||
res.status(401).json({ ok: false, reason: "You must be logged in to generate a code!" });
|
||||
return;
|
||||
const generateAndSendCode = async (
|
||||
code: string,
|
||||
type: Type,
|
||||
expiryDate: null | Date,
|
||||
entity?: string,
|
||||
info?: {
|
||||
email: string; name: string; passport_id?: string
|
||||
}) => {
|
||||
if (!info) {
|
||||
await db.collection("codes").insertOne({
|
||||
code, type, expiryDate, entity
|
||||
})
|
||||
return true
|
||||
}
|
||||
|
||||
const { type, codes, infos, expiryDate } = req.body as {
|
||||
const previousCode = await db.collection("codes").findOne<Code>({ email: info.email, entity })
|
||||
|
||||
const transport = prepareMailer();
|
||||
const mailOptions = prepareMailOptions(
|
||||
{
|
||||
type,
|
||||
code: previousCode ? previousCode.code : code,
|
||||
environment: process.env.ENVIRONMENT,
|
||||
},
|
||||
[info.email.toLowerCase().trim()],
|
||||
"EnCoach Registration",
|
||||
"main",
|
||||
);
|
||||
|
||||
try {
|
||||
await transport.sendMail(mailOptions);
|
||||
if (!previousCode) {
|
||||
await db.collection("codes").insertOne({
|
||||
code, type, expiryDate, entity, name: info.name.trim(), email: info.email.trim().toLowerCase(),
|
||||
...(info.passport_id ? { passport_id: info.passport_id.trim() } : {})
|
||||
})
|
||||
}
|
||||
|
||||
return true;
|
||||
} catch (e) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
const countAvailableCodes = async (entity: EntityWithRoles) => {
|
||||
const usedUp = await db.collection("codes").countDocuments({ entity: entity.id })
|
||||
const total = entity.licenses
|
||||
|
||||
return total - usedUp
|
||||
}
|
||||
|
||||
async function post(req: NextApiRequest, res: NextApiResponse) {
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false, reason: "You must be logged in to generate a code!" });
|
||||
|
||||
const { type, codes, infos, expiryDate, entity } = req.body as {
|
||||
type: Type;
|
||||
codes: string[];
|
||||
infos?: { email: string; name: string; passport_id?: string }[];
|
||||
infos?: { email: string; name: string; passport_id?: string, code: string }[];
|
||||
expiryDate: null | Date;
|
||||
entity?: string
|
||||
};
|
||||
const permission = PERMISSIONS.generateCode[type];
|
||||
|
||||
if (!permission.includes(req.session.user.type)) {
|
||||
res.status(403).json({
|
||||
ok: false,
|
||||
reason: "Your account type does not have permissions to generate a code for that type of user!",
|
||||
});
|
||||
return;
|
||||
}
|
||||
if (!entity && !isAdmin(user))
|
||||
return res.status(403).json({ ok: false, reason: "You must be an admin to generate a code without an entity!" });
|
||||
|
||||
const userCodes = await db.collection("codes").find<Code>({ creator: req.session.user.id }).toArray()
|
||||
const creatorGroupsSnapshot = await db.collection("groups").find<Group>({ admin: req.session.user.id }).toArray()
|
||||
const entityObj = entity ? await getEntityWithRoles(entity) : undefined
|
||||
const isAllowed = entityObj ? doesEntityAllow(user, entityObj, 'create_code') : true
|
||||
if (!isAllowed) return res.status(403).json({ ok: false, reason: "You do not have permissions to generate a code!" });
|
||||
|
||||
const creatorGroups = creatorGroupsSnapshot.filter((x) => x.name === "Students" || x.name === "Teachers" || x.name === "Corporate");
|
||||
const usersInGroups = creatorGroups.flatMap((x) => x.participants);
|
||||
|
||||
|
||||
if (req.session.user.type === "corporate") {
|
||||
const totalCodes = userCodes.filter((x) => !x.userId || !usersInGroups.includes(x.userId)).length + usersInGroups.length + codes.length;
|
||||
const allowedCodes = 0;
|
||||
|
||||
if (totalCodes > allowedCodes) {
|
||||
res.status(403).json({
|
||||
if (entityObj) {
|
||||
const availableCodes = await countAvailableCodes(entityObj)
|
||||
if (availableCodes < codes.length)
|
||||
return res.status(400).json({
|
||||
ok: false,
|
||||
reason: `You have or would have exceeded your amount of allowed codes, you currently are allowed to generate ${allowedCodes - userCodes.length
|
||||
} codes.`,
|
||||
});
|
||||
return;
|
||||
}
|
||||
reason: `You only have ${availableCodes} codes available, while trying to create ${codes.length} codes`
|
||||
})
|
||||
}
|
||||
const valid = []
|
||||
for (const code of codes) {
|
||||
const info = findBy(infos || [], 'code', code)
|
||||
const isValid = await generateAndSendCode(code, type, expiryDate, entity, info)
|
||||
valid.push(isValid)
|
||||
}
|
||||
|
||||
const codePromises = codes.map(async (code, index) => {
|
||||
const codeRef = await db.collection("codes").findOne<Code>({ id: code });
|
||||
let codeInformation = {
|
||||
type,
|
||||
code,
|
||||
creator: req.session.user!.id,
|
||||
creationDate: new Date().toISOString(),
|
||||
expiryDate,
|
||||
};
|
||||
|
||||
if (infos && infos.length > index) {
|
||||
const { email, name, passport_id } = infos[index];
|
||||
const previousCode = userCodes.find((x) => x.email === email) as Code;
|
||||
|
||||
const transport = prepareMailer();
|
||||
const mailOptions = prepareMailOptions(
|
||||
{
|
||||
type,
|
||||
code: previousCode ? previousCode.code : code,
|
||||
environment: process.env.ENVIRONMENT,
|
||||
},
|
||||
[email.toLowerCase().trim()],
|
||||
"EnCoach Registration",
|
||||
"main",
|
||||
);
|
||||
|
||||
try {
|
||||
await transport.sendMail(mailOptions);
|
||||
|
||||
if (!previousCode && codeRef) {
|
||||
await db.collection("codes").updateOne(
|
||||
{ id: codeRef.id },
|
||||
{
|
||||
$set: {
|
||||
id: codeRef.id,
|
||||
...codeInformation,
|
||||
email: email.trim().toLowerCase(),
|
||||
name: name.trim(),
|
||||
...(passport_id ? { passport_id: passport_id.trim() } : {}),
|
||||
}
|
||||
},
|
||||
{ upsert: true }
|
||||
);
|
||||
}
|
||||
|
||||
return true;
|
||||
} catch (e) {
|
||||
return false;
|
||||
}
|
||||
} else {
|
||||
// upsert: true -> if it doesnt exist insert
|
||||
await db.collection("codes").updateOne(
|
||||
{ id: code },
|
||||
{ $set: { id: code, ...codeInformation } },
|
||||
{ upsert: true }
|
||||
);
|
||||
}
|
||||
});
|
||||
|
||||
Promise.all(codePromises).then((results) => {
|
||||
res.status(200).json({ ok: true, valid: results.filter((x) => x).length });
|
||||
});
|
||||
return res.status(200).json({ ok: true, valid: valid.length });
|
||||
}
|
||||
|
||||
async function del(req: NextApiRequest, res: NextApiResponse) {
|
||||
|
||||
Reference in New Issue
Block a user