import * as jwt from "jsonwebtoken"; import { Body, Get, JsonController, OnUndefined, Param, Post } from 'routing-controllers'; import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi'; import { getConnectionManager, Repository } from 'typeorm'; import { config } from '../config'; import { InvalidCredentialsError, JwtNotProvidedError } from '../errors/AuthError'; import { RunnerEmailNeededError, RunnerNotFoundError } from '../errors/RunnerErrors'; import { RunnerOrganizationNotFoundError } from '../errors/RunnerOrganizationErrors'; import { JwtCreator } from '../jwtcreator'; import { CreateSelfServiceCitizenRunner } from '../models/actions/create/CreateSelfServiceCitizenRunner'; import { CreateSelfServiceRunner } from '../models/actions/create/CreateSelfServiceRunner'; import { Runner } from '../models/entities/Runner'; import { RunnerGroup } from '../models/entities/RunnerGroup'; import { RunnerOrganization } from '../models/entities/RunnerOrganization'; import { ResponseSelfServiceOrganisation } from '../models/responses/ResponseSelfServiceOrganisation'; import { ResponseSelfServiceRunner } from '../models/responses/ResponseSelfServiceRunner'; @JsonController() export class RunnerSelfServiceController { private runnerRepository: Repository; private orgRepository: Repository; /** * Gets the repository of this controller's model/entity. */ constructor() { this.runnerRepository = getConnectionManager().get().getRepository(Runner); this.orgRepository = getConnectionManager().get().getRepository(RunnerOrganization); } @Get('/runners/me/:jwt') @ResponseSchema(ResponseSelfServiceRunner) @ResponseSchema(RunnerNotFoundError, { statusCode: 404 }) @OnUndefined(RunnerNotFoundError) @OpenAPI({ description: 'Lists all information about yourself.
Please provide your runner jwt(that code we gave you during registration) for auth.
If you lost your jwt/personalized link please contact support.' }) async get(@Param('jwt') token: string) { return (new ResponseSelfServiceRunner(await this.getRunner(token))); } @Post('/runners/register') @ResponseSchema(ResponseSelfServiceRunner) @ResponseSchema(RunnerEmailNeededError, { statusCode: 406 }) @OpenAPI({ description: 'Create a new selfservice runner in the citizen org.
This endpoint shoud be used to allow "everyday citizen" to register themselves.
You have to provide a mail address, b/c the future we\'ll implement email verification.' }) async registerRunner(@Body({ validate: true }) createRunner: CreateSelfServiceCitizenRunner) { let runner = await createRunner.toEntity(); runner = await this.runnerRepository.save(runner); let response = new ResponseSelfServiceRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] })); response.token = JwtCreator.createSelfService(runner); return response; } @Post('/runners/register/:token') @ResponseSchema(ResponseSelfServiceRunner) @ResponseSchema(RunnerOrganizationNotFoundError, { statusCode: 404 }) @OpenAPI({ description: 'Create a new selfservice runner in a provided org.
The orgs get provided and authorized via api tokens that can be optained via the /organizations endpoint.' }) async registerOrganizationRunner(@Param('token') token: string, @Body({ validate: true }) createRunner: CreateSelfServiceRunner) { const org = await this.getOrgansisation(token); let runner = await createRunner.toEntity(org); runner = await this.runnerRepository.save(runner); let response = new ResponseSelfServiceRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] })); response.token = JwtCreator.createSelfService(runner); return response; } @Get('/organizations/selfservice/:token') @ResponseSchema(ResponseSelfServiceOrganisation, { isArray: false }) @ResponseSchema(RunnerOrganizationNotFoundError, { statusCode: 404 }) @OpenAPI({ description: 'Get the basic info and teams for a org.' }) async getSelfserviceOrg(@Param('token') token: string) { const orgid = (await this.getOrgansisation(token)).id; const org = await this.orgRepository.findOne({ id: orgid }, { relations: ['teams'] }) return new ResponseSelfServiceOrganisation(org); } /** * Get's a runner by a provided jwt token. * @param token The runner jwt provided by the runner to identitfy themselves. */ private async getRunner(token: string): Promise { if (token == "") { throw new JwtNotProvidedError(); } let jwtPayload = undefined try { jwtPayload = jwt.verify(token, config.jwt_secret); } catch (error) { throw new InvalidCredentialsError(); } const runner = await this.runnerRepository.findOne({ id: jwtPayload["id"] }, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] }); if (!runner) { throw new RunnerNotFoundError() } return runner; } /** * Get's a runner org by a provided registration api key. * @param token The organization's registration api token. */ private async getOrgansisation(token: string): Promise { token = Buffer.from(token, 'base64').toString('utf8'); const organization = await this.orgRepository.findOne({ key: token }); if (!organization) { throw new RunnerOrganizationNotFoundError; } return organization; } }