From e67de98edab6b5be045351890645c80b98cf41d2 Mon Sep 17 00:00:00 2001 From: Hiroyuki Date: Mon, 22 Feb 2021 00:07:57 -0400 Subject: [PATCH] Fixes for authentication and support for resolutions --- src/api/board.ins/routes/root.ts | 365 ++++++++++++++++++++++++++++--- 1 file changed, 331 insertions(+), 34 deletions(-) diff --git a/src/api/board.ins/routes/root.ts b/src/api/board.ins/routes/root.ts index 49da1cb..5fcbbd6 100644 --- a/src/api/board.ins/routes/root.ts +++ b/src/api/board.ins/routes/root.ts @@ -125,31 +125,185 @@ export default class Root extends Route { }); }); + this.router.post('/resolution', async (req, res) => { + if (!req.body.pin) { + return res.status(401).json({ + code: this.constants.codes.UNAUTHORIZED, + message: this.constants.messages.UNAUTHORIZED, + }); + } + + const director = await this.server.client.db.Score.findOne({ pin: req.body.pin }); + const staffGuild = this.server.client.guilds.get('446067825673633794') || await this.server.client.getRESTGuild('446067825673633794'); + + if (!director || !staffGuild.members.get(director.userID)?.roles?.includes('662163685439045632')) { + return res.status(401).json({ + code: this.constants.codes.UNAUTHORIZED, + message: this.constants.messages.UNAUTHORIZED, + }); + } + + if (!req.body.subject || !req.body.body) { + return res.status(400).json({ + code: this.constants.codes.CLIENT_ERROR, + message: this.constants.messages.CLIENT_ERROR, + }); + } + + const resolutionID = genUUID(); + + const staffDiscord = this.server.client.users.get(director.userID) || await this.server.client.getRESTUser(director.userID); + const staffInformation = await this.server.client.db.Staff.findOne({ userID: director.userID }); + + const embed = new RichEmbed(); + embed.setTitle('Resolution'); + embed.setAuthor(`${staffDiscord.username}#${staffDiscord.discriminator}, ${staffInformation.pn.join(', ')}`, staffDiscord.avatarURL); + embed.setColor('#29be74'); + embed.addField('Subject', req.body.subject); + embed.addField('Body', req.body.body); + embed.setDescription(resolutionID); + embed.setTimestamp(new Date()); + + const resolution = await this.server.client.db.Resolution.create({ + issuedBy: director.userID, + subject: req.body.subject, + body: req.body.body, + at: new Date(), + oID: resolutionID, + processed: false, + }); + + res.status(200).json({ + code: this.constants.codes.SUCCESS, + message: `Created new Resolution with ID ${resolution.oID} by ${staffDiscord.username}#${staffDiscord.discriminator}, ${staffInformation.pn.join(', ')}.`, + }); + }); + this.router.delete('/eo/:id', async (req, res) => { - if (!req.params.id) return res.status(400).send(this.constants.messages.CLIENT_ERROR); - if (!(await this.server.client.db.ExecutiveOrder.exists({ oID: req.params.id }))) return res.status(404).send(this.constants.messages.NOT_FOUND); + if (!req.body.pin) { + return res.status(401).json({ + code: this.constants.codes.UNAUTHORIZED, + message: this.constants.messages.UNAUTHORIZED, + }); + } + + const director = await this.server.client.db.Score.findOne({ pin: req.body.pin }); + const staffGuild = this.server.client.guilds.get('446067825673633794') || await this.server.client.getRESTGuild('446067825673633794'); + + if (!director || !staffGuild.members.get(director.userID)?.roles?.includes('662163685439045632')) { + return res.status(401).json({ + code: this.constants.codes.UNAUTHORIZED, + message: this.constants.messages.UNAUTHORIZED, + }); + } + + if (!req.params.id) { + return res.status(400).json({ + code: this.constants.codes.CLIENT_ERROR, + message: this.constants.messages.CLIENT_ERROR, + }); + } + if (!(await this.server.client.db.ExecutiveOrder.exists({ oID: req.params.id }))) { + return res.status(404).json({ + code: this.constants.codes.NOT_FOUND, + message: this.constants.messages.NOT_FOUND, + }); + } await this.server.client.db.ExecutiveOrder.deleteOne({ oID: req.params.id }); - res.status(200).send({ message: `Executive Order with ID ${req.params.id} deleted.` }); + res.status(200).json({ message: `Executive Order with ID ${req.params.id} deleted.` }); }); this.router.delete('/motion/:id', async (req, res) => { - if (!req.params.id) return res.status(400).send(this.constants.messages.CLIENT_ERROR); - if (!(await this.server.client.db.Motion.exists({ oID: req.params.id }))) return res.status(404).send(this.constants.messages.NOT_FOUND); + if (!req.body.pin) { + return res.status(401).json({ + code: this.constants.codes.UNAUTHORIZED, + message: this.constants.messages.UNAUTHORIZED, + }); + } + + const director = await this.server.client.db.Score.findOne({ pin: req.body.pin }); + const staffGuild = this.server.client.guilds.get('446067825673633794') || await this.server.client.getRESTGuild('446067825673633794'); + + if (!director || !staffGuild.members.get(director.userID)?.roles?.includes('662163685439045632')) { + return res.status(401).json({ + code: this.constants.codes.UNAUTHORIZED, + message: this.constants.messages.UNAUTHORIZED, + }); + } + + if (!req.params.id) { + return res.status(400).json({ + code: this.constants.codes.CLIENT_ERROR, + message: this.constants.messages.CLIENT_ERROR, + }); + } + if (!(await this.server.client.db.Resolution.exists({ oID: req.params.id }))) { + return res.status(404).json({ + code: this.constants.codes.NOT_FOUND, + message: this.constants.messages.NOT_FOUND, + }); + } await this.server.client.db.Motion.deleteOne({ oID: req.params.id }); - res.status(200).send({ message: `Motion with ID ${req.params.id} deleted.` }); + res.status(200).json({ message: `Motion with ID ${req.params.id} deleted.` }); + }); + + this.router.delete('/resolution/:id', async (req, res) => { + if (!req.body.pin) { + return res.status(401).json({ + code: this.constants.codes.UNAUTHORIZED, + message: this.constants.messages.UNAUTHORIZED, + }); + } + + const director = await this.server.client.db.Score.findOne({ pin: req.body.pin }); + const staffGuild = this.server.client.guilds.get('446067825673633794') || await this.server.client.getRESTGuild('446067825673633794'); + + if (!director || !staffGuild.members.get(director.userID)?.roles?.includes('662163685439045632')) { + return res.status(401).json({ + code: this.constants.codes.UNAUTHORIZED, + message: this.constants.messages.UNAUTHORIZED, + }); + } + + if (!req.params.id) { + return res.status(400).json({ + code: this.constants.codes.CLIENT_ERROR, + message: this.constants.messages.CLIENT_ERROR, + }); + } + if (!(await this.server.client.db.Resolution.exists({ oID: req.params.id }))) { + return res.status(404).json({ + code: this.constants.codes.NOT_FOUND, + message: this.constants.messages.NOT_FOUND, + }); + } + + await this.server.client.db.Resolution.deleteOne({ oID: req.params.id }); + + res.status(200).json({ message: `Resolution with ID ${req.params.id} deleted.` }); }); this.router.get('/eo/:id', async (req, res) => { - if (!req.params.id) return res.status(400).send(this.constants.messages.CLIENT_ERROR); - if (!(await this.server.client.db.ExecutiveOrder.exists({ oID: req.params.id }))) return res.status(404).send(this.constants.messages.NOT_FOUND); + if (!req.params.id) { + return res.status(400).json({ + code: this.constants.codes.CLIENT_ERROR, + message: this.constants.messages.CLIENT_ERROR, + }); + } + if (!(await this.server.client.db.ExecutiveOrder.exists({ oID: req.params.id }))) { + return res.status(404).json({ + code: this.constants.codes.NOT_FOUND, + message: this.constants.messages.NOT_FOUND, + }); + } const executiveOrder = await this.server.client.db.ExecutiveOrder.findOne({ oID: req.params.id }); - res.status(200).send({ + res.status(200).json({ issuedBy: executiveOrder.issuedBy, id: executiveOrder.oID, subject: executiveOrder.subject, @@ -159,12 +313,22 @@ export default class Root extends Route { }); this.router.get('/motion/:id', async (req, res) => { - if (!req.params.id) return res.status(400).send(this.constants.messages.CLIENT_ERROR); - if (!(await this.server.client.db.Motion.exists({ oID: req.params.id }))) return res.status(404).send(this.constants.messages.NOT_FOUND); + if (!req.params.id) { + return res.status(400).json({ + code: this.constants.codes.CLIENT_ERROR, + message: this.constants.messages.CLIENT_ERROR, + }); + } + if (!(await this.server.client.db.Motion.exists({ oID: req.params.id }))) { + return res.status(404).json({ + code: this.constants.codes.NOT_FOUND, + message: this.constants.messages.NOT_FOUND, + }); + } const motion = await this.server.client.db.Motion.findOne({ oID: req.params.id }); - res.status(200).send({ + res.status(200).json({ issuedBy: motion.issuedBy, id: motion.oID, subject: motion.subject, @@ -173,10 +337,69 @@ export default class Root extends Route { }); }); + this.router.get('/resolution/:id', async (req, res) => { + if (!req.params.id) { + return res.status(400).json({ + code: this.constants.codes.CLIENT_ERROR, + message: this.constants.messages.CLIENT_ERROR, + }); + } + if (!(await this.server.client.db.Resolution.exists({ oID: req.params.id }))) { + return res.status(404).json({ + code: this.constants.codes.NOT_FOUND, + message: this.constants.messages.NOT_FOUND, + }); + } + + const resolution = await this.server.client.db.Resolution.findOne({ oID: req.params.id }); + + res.status(200).json({ + issuedBy: resolution.issuedBy, + id: resolution.oID, + subject: resolution.subject, + body: resolution.body, + at: new Date(resolution.at), + approvedAt: resolution.acceptedAt || null, + voteResults: resolution.voteResults || null, + }); + }); + this.router.patch('/eo/:id', async (req, res) => { - if (!req.params.id) return res.status(400).send(this.constants.messages.CLIENT_ERROR); - if (!(await this.server.client.db.ExecutiveOrder.exists({ oID: req.params.id }))) return res.status(404).send(this.constants.messages.NOT_FOUND); - if (!req.body.subject && !req.body.body) return res.status(400).send(this.constants.messages.CLIENT_ERROR); + if (!req.body.pin) { + return res.status(401).json({ + code: this.constants.codes.UNAUTHORIZED, + message: this.constants.messages.UNAUTHORIZED, + }); + } + + const director = await this.server.client.db.Score.findOne({ pin: req.body.pin }); + const staffGuild = this.server.client.guilds.get('446067825673633794') || await this.server.client.getRESTGuild('446067825673633794'); + + if (!director || !staffGuild.members.get(director.userID)?.roles?.includes('662163685439045632')) { + return res.status(401).json({ + code: this.constants.codes.UNAUTHORIZED, + message: this.constants.messages.UNAUTHORIZED, + }); + } + + if (!req.params.id) { + return res.status(400).json({ + code: this.constants.codes.CLIENT_ERROR, + message: this.constants.messages.CLIENT_ERROR, + }); + } + if (!(await this.server.client.db.ExecutiveOrder.exists({ oID: req.params.id }))) { + return res.status(404).json({ + code: this.constants.codes.NOT_FOUND, + message: this.constants.messages.NOT_FOUND, + }); + } + if (!req.body.subject && !req.body.body) { + return res.status(400).json({ + code: this.constants.codes.CLIENT_ERROR, + message: this.constants.messages.CLIENT_ERROR, + }); + } const executiveOrder = await this.server.client.db.ExecutiveOrder.findOne({ oID: req.params.id }); await executiveOrder.updateOne({ @@ -184,13 +407,45 @@ export default class Root extends Route { body: req.body.body || executiveOrder.body, }); - res.status(200).send({ message: `Updated Executive Order with ID ${executiveOrder.oID}.` }); + res.status(200).json({ message: `Updated Executive Order with ID ${executiveOrder.oID}.` }); }); this.router.patch('/motion/:id', async (req, res) => { - if (!req.params.id) return res.status(400).send(this.constants.messages.CLIENT_ERROR); - if (!(await this.server.client.db.Motion.exists({ oID: req.params.id }))) return res.status(404).send(this.constants.messages.NOT_FOUND); - if (!req.body.subject && !req.body.body) return res.status(400).send(this.constants.messages.CLIENT_ERROR); + if (!req.body.pin) { + return res.status(401).json({ + code: this.constants.codes.UNAUTHORIZED, + message: this.constants.messages.UNAUTHORIZED, + }); + } + + const director = await this.server.client.db.Score.findOne({ pin: req.body.pin }); + const staffGuild = this.server.client.guilds.get('446067825673633794') || await this.server.client.getRESTGuild('446067825673633794'); + + if (!director || !staffGuild.members.get(director.userID)?.roles?.includes('662163685439045632')) { + return res.status(401).json({ + code: this.constants.codes.UNAUTHORIZED, + message: this.constants.messages.UNAUTHORIZED, + }); + } + + if (!req.params.id) { + return res.status(400).json({ + code: this.constants.codes.CLIENT_ERROR, + message: this.constants.messages.CLIENT_ERROR, + }); + } + if (!(await this.server.client.db.Motion.exists({ oID: req.params.id }))) { + return res.status(404).json({ + code: this.constants.codes.NOT_FOUND, + message: this.constants.messages.NOT_FOUND, + }); + } + if (!req.body.subject && !req.body.body) { + return res.status(400).json({ + code: this.constants.codes.CLIENT_ERROR, + message: this.constants.messages.CLIENT_ERROR, + }); + } const motion = await this.server.client.db.Motion.findOne({ oID: req.params.id }); await motion.updateOne({ @@ -198,31 +453,73 @@ export default class Root extends Route { body: req.body.body || motion.body, }); - res.status(200).send({ message: `Updated Motion with ID ${motion.oID}.` }); + res.status(200).json({ message: `Updated Motion with ID ${motion.oID}.` }); + }); + + this.router.patch('/resolution/:id', async (req, res) => { + if (!req.body.pin) { + return res.status(401).json({ + code: this.constants.codes.UNAUTHORIZED, + message: this.constants.messages.UNAUTHORIZED, + }); + } + + const director = await this.server.client.db.Score.findOne({ pin: req.body.pin }); + const staffGuild = this.server.client.guilds.get('446067825673633794') || await this.server.client.getRESTGuild('446067825673633794'); + + if (!director || !staffGuild.members.get(director.userID)?.roles?.includes('662163685439045632')) { + return res.status(401).json({ + code: this.constants.codes.UNAUTHORIZED, + message: this.constants.messages.UNAUTHORIZED, + }); + } + + if (!req.params.id) { + return res.status(400).json({ + code: this.constants.codes.CLIENT_ERROR, + message: this.constants.messages.CLIENT_ERROR, + }); + } + if (!(await this.server.client.db.Motion.exists({ oID: req.params.id }))) { + return res.status(404).json({ + code: this.constants.codes.NOT_FOUND, + message: this.constants.messages.NOT_FOUND, + }); + } + if (!req.body.subject && !req.body.body) { + return res.status(400).json({ + code: this.constants.codes.CLIENT_ERROR, + message: this.constants.messages.CLIENT_ERROR, + }); + } + + const resolution = await this.server.client.db.Resolution.findOne({ oID: req.params.id }); + await resolution.updateOne({ + subject: req.body.subject || resolution.subject, + body: req.body.body || resolution.body, + }); + + res.status(200).json({ message: `Updated Resolution with ID ${resolution.oID}.` }); + }); + + + this.router.get('/eo', async (_req, res) => { + const executiveOrders = await this.server.client.db.ExecutiveOrder.find().lean(); + + + res.status(200).json({ executiveOrders }); }); this.router.get('/motion', async (_req, res) => { const motions = await this.server.client.db.Motion.find().lean(); - res.status(200).send({ - motions, - }); + res.status(200).json({ motions }); }); this.router.get('/resolution', async (_req, res) => { const resolutions = await this.server.client.db.Resolution.find().lean(); - res.status(200).send({ - resolutions, - }); - }); - - this.router.get('/eo', async (_req, res) => { - const executiveOrders = await this.server.client.db.ExecutiveOrder.find().lean(); - - res.status(200).send({ - executiveOrders, - }); + res.status(200).json({ resolutions }); }); } }