Merge pull request 'Alpha Release 0.1.1 - Hotfix release' (#106) from dev into main

Reviewed-on: #106 Reviewed-by: Philipp Dormann <philipp@philippdormann.de>
2021-01-16 20:32:39 +00:00 · 2021-01-16 20:32:39 +00:00 · 7533c349ef
commit 7533c349ef
parent 38b9a772cd 91569ced40
34 changed files with 1877 additions and 1667 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -90,11 +90,20 @@ trigger:
 kind: pipeline
 type: docker
 name: build:latest
 clone:
  disable: true
 steps:
  - name: clone
    image: alpine/git
    commands:
      - git clone $DRONE_REMOTE_URL .
      - git checkout dev
      - git merge main
      - git checkout main
  - name: build latest
    depends_on: ["clone"]
    image: plugins/docker
    depends_on: [clone]
    settings:
      username:
        from_secret: DOCKER_REGISTRY_USER
@ -104,6 +113,15 @@ steps:
      tags:
        - latest
      registry: registry.odit.services
  - name: push merge to repo
    depends_on: ["clone"]
    image: appleboy/drone-git-push
    settings:
      branch: dev
      commit: false
      remote: git@git.odit.services:lfk/backend.git
      ssh_key:
        from_secret: GITLAB_SSHKEY
 trigger:
  branch:
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,8 +2,32 @@
 All notable changes to this project will be documented in this file. Dates are displayed in UTC.
 #### [v0.1.1](https://git.odit.services/lfk/backend/compare/v0.1.0...v0.1.1)
 - 🚀Bumped version to v0.1.1 [`9445c6f`](https://git.odit.services/lfk/backend/commit/9445c6f21e376329b9200664a44a94ba1f1dd463)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`1b9d296`](https://git.odit.services/lfk/backend/commit/1b9d2969ebdca4dca84898b1e8307be7b781b90b)
 - Implemented the /me controller that allows a user to get and update themselves [`8ef5f90`](https://git.odit.services/lfk/backend/commit/8ef5f90abda97a73d5c5a7767a144ac3fb5288c1)
 - Implemented a baisc user checker/getter [`f1db883`](https://git.odit.services/lfk/backend/commit/f1db8836092269966a7f54e69b1f20c171e81b21)
 - Implemented getting own permissions [`4f6e816`](https://git.odit.services/lfk/backend/commit/4f6e81677c81c852e735407295c634b43b317479)
 - Hotfix: Missing relation bug [`6e6979c`](https://git.odit.services/lfk/backend/commit/6e6979cfe3660056cff6b9eabc194852234ac0a6)
 - Hotfix: Missing relation bug [`b167ba0`](https://git.odit.services/lfk/backend/commit/b167ba07f79709a2c3b33c5546c52659c42863f3)
 - automaticly merge main into dev after building a latest image [`02efb9a`](https://git.odit.services/lfk/backend/commit/02efb9a8e55831ecce4109e17b2f07a56e491fd5)
 - User deletion now requires confirmation [`6b7ecd3`](https://git.odit.services/lfk/backend/commit/6b7ecd3044c45b2eed46ee5010bed4dab4f02df9)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`3766899`](https://git.odit.services/lfk/backend/commit/3766899c8393545a89986a98dafd542edc4a1d39)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`6febb99`](https://git.odit.services/lfk/backend/commit/6febb994990b4cab7ee54b0368f74dd95664bfdf)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`de36a24`](https://git.odit.services/lfk/backend/commit/de36a24191a8cdc4ff6b23637ea9f91109b59bbb)
 - Merge pull request 'User self-management feature/100-me_endpoints' (#103) from feature/100-me_endpoints into dev [`a6c7d54`](https://git.odit.services/lfk/backend/commit/a6c7d54fe72ffe23add926afa0be150a7a370099)
 - Created barebones file for the userchecker [`e586a11`](https://git.odit.services/lfk/backend/commit/e586a11e2ad42af9c9bb5d2a47f48e3306fe49b2)
 - Updated descriptions and responses [`fc7b8f4`](https://git.odit.services/lfk/backend/commit/fc7b8f4c16cef0e72b04f096d5a17d4144b5feb7)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`50b893f`](https://git.odit.services/lfk/backend/commit/50b893f5370902ccc40f8bb45ed160103400f529)
 - Moved the me endpoints to /users/me [`f9834b5`](https://git.odit.services/lfk/backend/commit/f9834b5f4d80b11ee5f7773b339dd421341c6e7f)
 - Moved optional param to being optional [`a334adf`](https://git.odit.services/lfk/backend/commit/a334adffc6d07c8ab340263123e00a96f21acecb)
 #### [v0.1.0](https://git.odit.services/lfk/backend/compare/v0.0.12...v0.1.0)
 > 15 January 2021
 - Merge pull request 'First feature version 0.1.0' (#102) from dev into main [`38b9a77`](https://git.odit.services/lfk/backend/commit/38b9a772cd2d1c1e6298ae449d07db7c555a00e9)
 - Removed useless parts from functions and updated comments [`c05834f`](https://git.odit.services/lfk/backend/commit/c05834f2a13eb838efbf61be803e4e320561718e)
 - Switched tests over to the new id-only schema [`d88fb18`](https://git.odit.services/lfk/backend/commit/d88fb183198e66cadf5290c1ef7b7e4ccedad4f0)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`0e119e4`](https://git.odit.services/lfk/backend/commit/0e119e48340cd0a602a08da727b480aa2fe5500c)
@ -24,6 +48,7 @@ All notable changes to this project will be documented in this file. Dates are d
 - 🧾New changelog file version [CI SKIP] [skip ci] [`dc6ad9c`](https://git.odit.services/lfk/backend/commit/dc6ad9cdd3d8f29ef9a15bf7ac61c7c55c57e9fb)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`d1a0bed`](https://git.odit.services/lfk/backend/commit/d1a0bed00e01a0e9d8ba1165e3c6ca3dd910bd00)
 - Clarified comments [`1b799a6`](https://git.odit.services/lfk/backend/commit/1b799a697305791c3f67ac4a738c7287d1ac553e)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`6184304`](https://git.odit.services/lfk/backend/commit/618430433d03012c2cad5be6021cf1ea8fdf9624)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`8218a45`](https://git.odit.services/lfk/backend/commit/8218a452bdf7550ec1eed2b0045e94ea4ae91d31)
 - 🚀Bumped version to v0.1.0 [`80c5f9b`](https://git.odit.services/lfk/backend/commit/80c5f9b84de355b4408dcffd632589a9a0e4ad2e)
 - 🧾New changelog file version [CI SKIP] [skip ci] [`79f46cb`](https://git.odit.services/lfk/backend/commit/79f46cb745e4cb4bdac7dbb6c6c2b8fdc9867592)
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "@odit/lfk-backend",
-  "version": "0.1.0",
+  "version": "0.1.1",
  "main": "src/app.ts",
  "repository": "https://git.odit.services/lfk/backend",
  "author": {
--- a/src/app.ts
+++ b/src/app.ts
@ -5,10 +5,12 @@ import { config, e as errors } from './config';
 import loaders from "./loaders/index";
 import authchecker from "./middlewares/authchecker";
 import { ErrorHandler } from './middlewares/ErrorHandler';
 import UserChecker from './middlewares/UserChecker';
 const CONTROLLERS_FILE_EXTENSION = process.env.NODE_ENV === 'production' ? 'js' : 'ts';
 const app = createExpressServer({
  authorizationChecker: authchecker,
  currentUserChecker: UserChecker,
  middlewares: [ErrorHandler],
  development: config.development,
  cors: true,
--- a/src/controllers/MeController.ts
+++ b/src/controllers/MeController.ts
@ -0,0 +1,86 @@
 import { Body, CurrentUser, Delete, Get, JsonController, OnUndefined, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
 import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
 import { UpdateUser } from '../models/actions/update/UpdateUser';
 import { User } from '../models/entities/User';
 import { ResponseUser } from '../models/responses/ResponseUser';
 import { ResponseUserPermissions } from '../models/responses/ResponseUserPermissions';
 import { PermissionController } from './PermissionController';
@JsonController('/users/me')
@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
 export class MeController {
 	private userRepository: Repository<User>;
 	/**
 	 * Gets the repository of this controller's model/entity.
 	 */
 	constructor() {
 		this.userRepository = getConnectionManager().get().getRepository(User);
 	}
 	@Get('/')
 	@ResponseSchema(ResponseUser)
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@OnUndefined(UserNotFoundError)
 	@OpenAPI({ description: 'Lists all information about yourself.' })
 	async get(@CurrentUser() currentUser: User) {
 		let user = await this.userRepository.findOne({ id: currentUser.id }, { relations: ['permissions', 'groups', 'groups.permissions', 'permissions.principal', 'groups.permissions.principal'] })
 		if (!user) { throw new UserNotFoundError(); }
 		return new ResponseUser(user);
 	}
 	@Get('/')
 	@ResponseSchema(ResponseUserPermissions)
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@OnUndefined(UserNotFoundError)
 	@OpenAPI({ description: 'Lists all permissions granted to the you sorted into directly granted and inherited as permission response objects.' })
 	async getPermissions(@CurrentUser() currentUser: User) {
 		let user = await this.userRepository.findOne({ id: currentUser.id }, { relations: ['permissions', 'groups', 'groups.permissions', 'permissions.principal', 'groups.permissions.principal'] })
 		if (!user) { throw new UserNotFoundError(); }
 		return new ResponseUserPermissions(user);
 	}
 	@Put('/')
 	@ResponseSchema(ResponseUser)
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
 	@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
 	@OpenAPI({ description: "Update the yourself. <br> You can't edit your own permissions or group memberships here - Please use the /api/users/:id enpoint instead. <br> Please remember that ids can't be changed." })
 	async put(@CurrentUser() currentUser: User, @Body({ validate: true }) updateUser: UpdateUser) {
 		let oldUser = await this.userRepository.findOne({ id: currentUser.id }, { relations: ['groups'] });
 		updateUser.groups = oldUser.groups.map(g => g.id);
 		if (!oldUser) {
 			throw new UserNotFoundError();
 		}
 		if (oldUser.id != updateUser.id) {
 			throw new UserIdsNotMatchingError();
 		}
 		await this.userRepository.save(await updateUser.update(oldUser));
 		return new ResponseUser(await this.userRepository.findOne({ id: currentUser.id }, { relations: ['permissions', 'groups', 'groups.permissions'] }));
 	}
 	@Delete('/')
 	@ResponseSchema(ResponseUser)
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserDeletionNotConfirmedError, { statusCode: 406 })
 	@OpenAPI({ description: 'Delete yourself. <br> You have to confirm your decision by providing the ?force=true query param. <br> If there are any permissions directly granted to you they will get deleted as well.' })
 	async remove(@CurrentUser() currentUser: User, @QueryParam("force") force: boolean) {
 		if (!force) { throw new UserDeletionNotConfirmedError; }
 		if (!currentUser) { return UserNotFoundError; }
 		const responseUser = await this.userRepository.findOne({ id: currentUser.id }, { relations: ['permissions', 'groups', 'groups.permissions'] });;
 		const permissionControler = new PermissionController();
 		for (let permission of responseUser.permissions) {
 			await permissionControler.remove(permission.id, true);
 		}
 		await this.userRepository.delete(currentUser);
 		return new ResponseUser(responseUser);
 	}
 }
--- a/src/controllers/UserController.ts
+++ b/src/controllers/UserController.ts
@ -1,7 +1,7 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
-import { UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
+import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
 import { UserGroupNotFoundError } from '../errors/UserGroupErrors';
 import { CreateUser } from '../models/actions/create/CreateUser';
 import { UpdateUser } from '../models/actions/update/UpdateUser';
@ -105,9 +105,11 @@ export class UserController {
 	@Authorized("USER:DELETE")
 	@ResponseSchema(ResponseUser)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@ResponseSchema(UserDeletionNotConfirmedError, { statusCode: 406 })
 	@OnUndefined(204)
-	@OpenAPI({ description: 'Delete the user whose id you provided. <br> If there are any permissions directly granted to the user they will get deleted as well. <br> If no user with this id exists it will just return 204(no content).' })
+	@OpenAPI({ description: 'Delete the user whose id you provided. <br> You have to confirm your decision by providing the ?force=true query param. <br> If there are any permissions directly granted to the user they will get deleted as well. <br> If no user with this id exists it will just return 204(no content).' })
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
 		if (!force) { throw new UserDeletionNotConfirmedError; }
 		let user = await this.userRepository.findOne({ id: id });
 		if (!user) { return null; }
 		const responseUser = await this.userRepository.findOne({ id: id }, { relations: ['permissions', 'groups', 'groups.permissions'] });;
--- a/src/errors/UserErrors.ts
+++ b/src/errors/UserErrors.ts
@ -60,3 +60,15 @@ export class UserIdsNotMatchingError extends NotAcceptableError {
 	@IsString()
 	message = "The ids don't match!! \n And if you wanted to change a user's id: This isn't allowed!"
 }
 /**
 * Error to throw when two users' ids don't match.
 * Usually occurs when a user tries to change a user's id.
 */
 export class UserDeletionNotConfirmedError extends NotAcceptableError {
 	@IsString()
 	name = "UserDeletionNotConfirmedError"
 	@IsString()
 	message = "You are trying to delete a user! \n If you're sure about doing this: provide the ?force=true query param."
 }
--- a/src/middlewares/UserChecker.ts
+++ b/src/middlewares/UserChecker.ts
@ -0,0 +1,58 @@
 import cookie from "cookie";
 import * as jwt from "jsonwebtoken";
 import { Action } from 'routing-controllers';
 import { getConnectionManager } from 'typeorm';
 import { config } from '../config';
 import { IllegalJWTError, UserDisabledError, UserNonexistantOrRefreshtokenInvalidError } from '../errors/AuthError';
 import { JwtCreator, JwtUser } from '../jwtcreator';
 import { User } from '../models/entities/User';
 /**
 * TODO:
 */
 const UserChecker = async (action: Action) => {
    let jwtPayload = undefined
    try {
        let provided_token = "" + action.request.headers["authorization"].replace("Bearer ", "");
        jwtPayload = <any>jwt.verify(provided_token, config.jwt_secret);
        jwtPayload = jwtPayload["userdetails"];
    } catch (error) {
        jwtPayload = await refresh(action);
    }
    const user = await getConnectionManager().get().getRepository(User).findOne({ id: jwtPayload["id"], refreshTokenCount: jwtPayload["refreshTokenCount"] })
    if (!user) { throw new UserNonexistantOrRefreshtokenInvalidError() }
    if (user.enabled == false) { throw new UserDisabledError(); }
    return user;
 };
 /**
 * Handles soft-refreshing of access-tokens.
 * @param action Routing-Controllers action object that provides request and response objects among other stuff.
 */
 const refresh = async (action: Action) => {
    let refresh_token = undefined;
    try {
        refresh_token = cookie.parse(action.request.headers["cookie"])["lfk_backend__refresh_token"];
    }
    catch {
        throw new IllegalJWTError();
    }
    let jwtPayload = undefined;
    try {
        jwtPayload = <any>jwt.verify(refresh_token, config.jwt_secret);
    } catch (error) {
        throw new IllegalJWTError();
    }
    const user = await getConnectionManager().get().getRepository(User).findOne({ id: jwtPayload["id"], refreshTokenCount: jwtPayload["refreshTokenCount"] }, { relations: ['permissions', 'groups', 'groups.permissions'] })
    if (!user) { throw new UserNonexistantOrRefreshtokenInvalidError() }
    if (user.enabled == false) { throw new UserDisabledError(); }
    let newAccess = JwtCreator.createAccess(user);
    action.response.header("authorization", "Bearer " + newAccess);
    return await new JwtUser(user);
 }
 export default UserChecker;
--- a/src/models/actions/update/UpdateUser.ts
+++ b/src/models/actions/update/UpdateUser.ts
@ -76,6 +76,7 @@ export class UpdateUser {
     * Should the user be enabled?
     */
    @IsBoolean()
    @IsOptional()
    enabled: boolean = true;
    /**
--- a/src/models/entities/User.ts
+++ b/src/models/entities/User.ts
@ -138,10 +138,12 @@ export class User extends Principal {
    if (!this.groups) { return returnPermissions; }
    for (let group of this.groups) {
      if (group.permissions) {
        for (let permission of group.permissions) {
          returnPermissions.push(permission);
        }
      }
    }
    return returnPermissions;
  }
@ -159,10 +161,12 @@ export class User extends Principal {
    if (!this.groups) { return returnPermissions; }
    for (let group of this.groups) {
      if (group.permissions) {
        for (let permission of group.permissions) {
          returnPermissions.push(permission.toString());
        }
      }
    }
    return Array.from(new Set(returnPermissions));
  }
--- a/src/models/responses/ResponseUser.ts
+++ b/src/models/responses/ResponseUser.ts
@ -92,6 +92,8 @@ export class ResponseUser extends ResponsePrincipal {
        this.profilePic = user.profilePic;
        this.groups = user.groups;
        this.permissions = user.allPermissions;
        if (this.groups) {
            this.groups.forEach(function (g) { delete g.permissions });
        }
    }
 }