h3n3/cadhub
1
0
Fork 0
Code Issues 35 Pull Requests Packages Projects Releases Wiki Activity

Lint project

Browse Source
This commit is contained in:
Kurt Hutten
2020-11-11 03:18:10 +11:00
parent d8efead4e8
commit 39898270df
33 changed files with 852 additions and 481 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
api/src/functions/identity-signup.js
View File

@@ -68,11 +68,12 @@ export const handler = async (req, _context) => {
const isUnique = !(await db.user.findOne({
where: { userName: seed },
}))
if(isUnique) {
if (isUnique) {
return seed
}
count += 1
const newSeed = count === 1 ? `${seed}_${count}` : seed.slice(0,-1) + count
const newSeed =
count === 1 ? `${seed}_${count}` : seed.slice(0, -1) + count
return generateUniqueUserName(newSeed, count)
}
const userNameSeed = enforceAlphaNumeric(email.split('@')[0])
@@ -83,7 +84,7 @@ export const handler = async (req, _context) => {
name: user.user_metadata && user.user_metadata.full_name,
id: user.id,
}
await createUserInsecure({input})
await createUserInsecure({ input })
return {
statusCode: 200,

2
api/src/graphql/parts.sdl.js
View File

@@ -16,7 +16,7 @@ export const schema = gql`
type Query {
parts: [Part!]!
part(id: String!): Part
partByUserAndTitle(userName: String! partTitle: String!): Part
partByUserAndTitle(userName: String!, partTitle: String!): Part
}
input CreatePartInput {

2
api/src/lib/auth.js
View File

@@ -142,7 +142,7 @@ export const requireAuth = ({ role } = {}) => {
throw new ForbiddenError("You don't have access to do that.")
}
if(context.currentUser?.sub === '5cea3906-1e8e-4673-8f0d-89e6a963c096') {
if (context.currentUser?.sub === '5cea3906-1e8e-4673-8f0d-89e6a963c096') {
throw new ForbiddenError("That's a local admin ONLY.")
}
}

23
api/src/lib/owner.js
View File

@@ -7,37 +7,38 @@ export const requireOwnership = async ({ userId, userName, partId } = {}) => {
if (!context.currentUser) {
throw new AuthenticationError("You don't have permission to do that.")
}
if(!userId && !userName && !partId) {
if (!userId && !userName && !partId) {
throw new ForbiddenError("You don't have access to do that.")
}
if(context.currentUser.roles?.includes('admin')) {
if (context.currentUser.roles?.includes('admin')) {
return
}
const netlifyUserId = context.currentUser?.sub
if(userId && userId !== netlifyUserId) {
if (userId && userId !== netlifyUserId) {
throw new ForbiddenError("You don't own this resource.")
}
if(userName) {
if (userName) {
const user = await db.user.findOne({
where: { userName },
})
if(!user || user.id !== netlifyUserId) {
if (!user || user.id !== netlifyUserId) {
throw new ForbiddenError("You don't own this resource.")
}
}
if(partId) {
const user = await db.part.findOne({
where: { id: partId },
}).user()
if (partId) {
const user = await db.part
.findOne({
where: { id: partId },
})
.user()
if(!user || user.id !== netlifyUserId) {
if (!user || user.id !== netlifyUserId) {
throw new ForbiddenError("You don't own this resource.")
}
}
}

3
api/src/services/helpers.js
View File

@@ -12,4 +12,5 @@ export const foreignKeyReplacement = (input) => {
return output
}
export const enforceAlphaNumeric = (string) => string.replace(/([^a-zA-Z\d_:])/g, '-')
export const enforceAlphaNumeric = (string) =>
string.replace(/([^a-zA-Z\d_:])/g, '-')

18
api/src/services/partReactions/partReactions.js
View File

@@ -18,20 +18,24 @@ export const partReaction = ({ id }) => {
export const togglePartReaction = async ({ input }) => {
// if write fails emote_userId_partId @@unique constraint, then delete it instead
requireAuth()
await requireOwnership({userId: input?.userId})
await requireOwnership({ userId: input?.userId })
const legalReactions = ['❤️', '👍', '😄', '🙌'] // TODO figure out a way of sharing code between FE and BE, so this is consistent with web/src/components/EmojiReaction/EmojiReaction.js
if(!legalReactions.includes(input.emote)) {
throw new UserInputError(`You can't react with '${input.emote}', only the following are allowed: ${legalReactions.join(', ')}`)
if (!legalReactions.includes(input.emote)) {
throw new UserInputError(
`You can't react with '${
input.emote
}', only the following are allowed: ${legalReactions.join(', ')}`
)
}
let dbPromise
const inputClone = {...input} // TODO foreignKeyReplacement mutates input, which I should fix but am lazy right now
try{
const inputClone = { ...input } // TODO foreignKeyReplacement mutates input, which I should fix but am lazy right now
try {
dbPromise = await db.partReaction.create({
data: foreignKeyReplacement(input),
})
} catch(e) {
} catch (e) {
dbPromise = db.partReaction.delete({
where: { emote_userId_partId: inputClone},
where: { emote_userId_partId: inputClone },
})
}
return dbPromise

19
api/src/services/parts/parts.js
View File

@@ -1,5 +1,8 @@
import { db } from 'src/lib/db'
import { foreignKeyReplacement, enforceAlphaNumeric } from 'src/services/helpers'
import {
foreignKeyReplacement,
enforceAlphaNumeric,
} from 'src/services/helpers'
import { requireAuth } from 'src/lib/auth'
import { requireOwnership } from 'src/lib/owner'
@@ -15,15 +18,15 @@ export const part = ({ id }) => {
export const partByUserAndTitle = async ({ userName, partTitle }) => {
const user = await db.user.findOne({
where: {
userName
}
userName,
},
})
return db.part.findOne({
where: {
title_userId: {
title: partTitle,
userId: user.id,
}
},
},
})
}
@@ -37,8 +40,8 @@ export const createPart = async ({ input }) => {
export const updatePart = async ({ id, input }) => {
requireAuth()
await requireOwnership({partId: id})
if(input.title) {
await requireOwnership({ partId: id })
if (input.title) {
input.title = enforceAlphaNumeric(input.title)
}
return db.part.update({
@@ -59,5 +62,7 @@ export const Part = {
Comment: (_obj, { root }) =>
db.part.findOne({ where: { id: root.id } }).Comment(),
Reaction: (_obj, { root }) =>
db.part.findOne({ where: { id: root.id } }).Reaction({where: {userId: _obj.userId}}),
db.part
.findOne({ where: { id: root.id } })
.Reaction({ where: { userId: _obj.userId } }),
}

27
api/src/services/users/users.js
View File

@@ -23,7 +23,7 @@ export const userName = ({ userName }) => {
export const createUser = ({ input }) => {
requireAuth({ role: 'admin' })
createUserInsecure({input})
createUserInsecure({ input })
}
export const createUserInsecure = ({ input }) => {
return db.user.create({
@@ -41,12 +41,15 @@ export const updateUser = ({ id, input }) => {
export const updateUserByUserName = async ({ userName, input }) => {
requireAuth()
await requireOwnership({userName})
if(input.userName) {
await requireOwnership({ userName })
if (input.userName) {
input.userName = enforceAlphaNumeric(input.userName)
}
if(input.userName && ['new', 'edit', 'update'].includes(input.userName)) { //TODO complete this and use a regexp so that it's not case sensitive, don't want someone with the userName eDiT
throw new UserInputError(`You've tried to used a protected word as you userName, try something other than `)
if (input.userName && ['new', 'edit', 'update'].includes(input.userName)) {
//TODO complete this and use a regexp so that it's not case sensitive, don't want someone with the userName eDiT
throw new UserInputError(
`You've tried to used a protected word as you userName, try something other than `
)
}
return db.user.update({
data: input,
@@ -63,10 +66,16 @@ export const deleteUser = ({ id }) => {
export const User = {
Parts: (_obj, { root }) => db.user.findOne({ where: { id: root.id } }).Part(),
Part: (_obj, { root, ...rest }) => _obj.partTitle && db.part.findOne({where: { title_userId: {
title: _obj.partTitle,
userId: root.id,
}}}),
Part: (_obj, { root, ...rest }) =>
_obj.partTitle &&
db.part.findOne({
where: {
title_userId: {
title: _obj.partTitle,
userId: root.id,
},
},
}),
Reaction: (_obj, { root }) =>
db.user.findOne({ where: { id: root.id } }).Reaction(),
Comment: (_obj, { root }) =>