@openneuro/server 4.20.4 → 4.20.6-alpha.2

package/src/handlers/{datalad.js → datalad.ts}

@@ -1,8 +1,8 @@
-import request from 'superagent'
-import { Readable } from 'node:stream'
-import mime from 'mime-types'
-import { getFiles } from '../datalad/files'
-import { getDatasetWorker } from '../libs/datalad-service'
+import request from "superagent"
+import { Readable } from "node:stream"
+import mime from "mime-types"
+import { getFiles } from "../datalad/files"
+import { getDatasetWorker } from "../libs/datalad-service"
 
 /**
  * Handlers for datalad dataset manipulation
@@ -20,39 +20,39 @@ export const getFile = async (req, res) => {
   const { datasetId, snapshotId, filename } = req.params
   const worker = getDatasetWorker(datasetId)
   // Find the right tree
-  const pathComponents = filename.split(':')
-  let tree = snapshotId || 'HEAD'
+  const pathComponents = filename.split(":")
+  let tree = snapshotId || "HEAD"
   let file
   for (const level of pathComponents) {
     const files = await getFiles(datasetId, tree)
     if (level == pathComponents.slice(-1)) {
-      file = files.find(f => !f.directory && f.filename === level)
+      file = files.find((f) => !f.directory && f.filename === level)
     } else {
-      tree = files.find(f => f.directory && f.filename === level).id
+      tree = files.find((f) => f.directory && f.filename === level).id
     }
   }
   // Get the file URL and redirect if external or serve if local
-  if (file && file.urls[0].startsWith('https://s3.amazonaws.com/')) {
+  if (file && file.urls[0].startsWith("https://s3.amazonaws.com/")) {
     res.redirect(file.urls[0])
   } else {
     // Serve the file directly
-    res.set('Content-Type', mime.lookup(filename) || 'application/octet-stream')
+    res.set("Content-Type", mime.lookup(filename) || "application/octet-stream")
     const uri = snapshotId
       ? `http://${worker}/datasets/${datasetId}/snapshots/${snapshotId}/files/${filename}`
       : `http://${worker}/datasets/${datasetId}/files/${filename}`
     return fetch(uri)
-      .then(r => {
+      .then((r) => {
         // Set the content length (allow clients to catch HTTP issues better)
-        res.setHeader('Content-Length', Number(r.headers.get('content-length')))
+        res.setHeader("Content-Length", Number(r.headers.get("content-length")))
         return r.body
       })
-      .then(stream =>
+      .then((stream) =>
         // @ts-expect-error
-        Readable.fromWeb(stream, { highWaterMark: 4194304 }).pipe(res),
+        Readable.fromWeb(stream, { highWaterMark: 4194304 }).pipe(res)
       )
-      .catch(err => {
+      .catch((err) => {
         console.error(err)
-        res.status(500).send('Internal error transferring requested file')
+        res.status(500).send("Internal error transferring requested file")
       })
   }
 }
@@ -66,16 +66,16 @@ export const getObject = (req, res) => {
   // Backend depends on git object or git-annex key
   if (key.length === 40) {
     const uri = `${worker}/datasets/${datasetId}/objects/${key}`
-    res.set('Content-Type', 'application/octet-stream')
+    res.set("Content-Type", "application/octet-stream")
     return request.get(uri).pipe(res)
-  } else if (key.startsWith('SHA256E-') || key.startsWith('MD5E-')) {
+  } else if (key.startsWith("SHA256E-") || key.startsWith("MD5E-")) {
     const uri = `${worker}/datasets/${datasetId}/annex/${key}`
-    res.set('Content-Type', 'application/octet-stream')
+    res.set("Content-Type", "application/octet-stream")
     return request.get(uri).pipe(res)
   } else {
-    res.set('Content-Type', 'application/json')
+    res.set("Content-Type", "application/json")
     res.status(400).send({
-      error: 'Key must be a git object hash or git-annex key',
+      error: "Key must be a git object hash or git-annex key",
     })
   }
 }

package/src/handlers/{doi.js → doi.ts}

@@ -1,7 +1,7 @@
-import config from '../config'
-import doi from '../libs/doi'
-import Doi from '../models/doi'
-import Snapshot from '../models/snapshot'
+import config from "../config"
+import doi from "../libs/doi"
+import Doi from "../models/doi"
+import Snapshot from "../models/snapshot"
 
 export async function createSnapshotDoi(req, res) {
   let doiRes = null
@@ -28,7 +28,7 @@ export async function createSnapshotDoi(req, res) {
     }
     await doi
       .registerSnapshotDoi(datasetId, snapshotId, oldDesc)
-      .then(doiRes => {
+      .then((doiRes) => {
         if (doiRes) {
           Doi.updateOne(
             { datasetId: datasetId, snapshotId: snapshotId },
@@ -51,7 +51,7 @@ export async function getDoi(req, res) {
       datasetId: datasetId,
       snapshotId: snapshotId,
     },
-    'doi',
+    "doi",
   ).exec()
   return res.send(doi)
 }

package/src/handlers/reviewer.ts

@@ -1,24 +1,24 @@
-import Reviewer from '../models/reviewer'
-import { decodeJWT } from '../libs/authentication/jwt'
+import Reviewer from "../models/reviewer"
+import { decodeJWT } from "../libs/authentication/jwt"
 
 export const reviewerHandler = async (req, res, next) => {
   try {
     const token = req.params.token
     const decodedToken = decodeJWT(token)
-    if (decodedToken?.scopes.includes('dataset:reviewer')) {
+    if (decodedToken?.scopes.includes("dataset:reviewer")) {
       const reviewer = await Reviewer.exists({
         id: decodedToken.sub,
         datasetId: decodedToken.dataset,
       })
       if (reviewer) {
         res
-          .cookie('accessToken', token)
+          .cookie("accessToken", token)
           .redirect(`/datasets/${decodedToken.dataset}`)
       } else {
-        throw Error('Review token not valid')
+        throw Error("Review token not valid")
       }
     } else {
-      throw Error('Invalid token scope for reviewer')
+      throw Error("Invalid token scope for reviewer")
     }
   } catch (err) {
     res.status(401)

package/src/handlers/{sitemap.js → sitemap.ts}

@@ -1,15 +1,15 @@
-import sitemap from 'sitemap'
-import config from '../config.js'
-import Dataset from '../models/dataset'
+import sitemap from "sitemap"
+import config from "../config"
+import Dataset from "../models/dataset"
 
 // Static URLs - manual for now, could be generated from routes
 export const sitemapStaticUrls = () => [
-  { url: '/', priority: 0.9, changefreq: 'weekly' },
-  { url: '/public/datasets', priority: 1.0, changefreq: 'daily' },
-  { url: '/faq', priority: 0.6, changefreq: 'monthly' },
-  { url: '/pet', priority: 0.5, changefreq: 'monthly' },
-  { url: '/public/jobs', priority: 0.5, changefreq: 'monthly' },
-  { url: '/crn/graphql', priority: 0.3 },
+  { url: "/", priority: 0.9, changefreq: "weekly" },
+  { url: "/public/datasets", priority: 1.0, changefreq: "daily" },
+  { url: "/faq", priority: 0.6, changefreq: "monthly" },
+  { url: "/pet", priority: 0.5, changefreq: "monthly" },
+  { url: "/public/jobs", priority: 0.5, changefreq: "monthly" },
+  { url: "/crn/graphql", priority: 0.3 },
 ]
 
 // URLs generated from site data
@@ -18,25 +18,25 @@ export const sitemapDynamicUrls = () =>
     { $match: { public: true } },
     {
       $lookup: {
-        from: 'snapshots',
-        localField: 'id',
-        foreignField: 'datasetId',
-        as: 'snapshots',
+        from: "snapshots",
+        localField: "id",
+        foreignField: "datasetId",
+        as: "snapshots",
       },
     },
     {
-      $unwind: '$snapshots',
+      $unwind: "$snapshots",
     },
     {
       $project: {
         url: {
-          $concat: ['/datasets/', '$id', '/versions/', '$snapshots.tag'],
+          $concat: ["/datasets/", "$id", "/versions/", "$snapshots.tag"],
         },
         lastmodISO: {
-          $dateToString: { date: '$snapshots.created' },
+          $dateToString: { date: "$snapshots.created" },
         },
         priority: 0.8,
-        changefreq: 'daily', // To make sure new comments are indexed
+        changefreq: "daily", // To make sure new comments are indexed
       },
     },
   ]).exec()
@@ -50,14 +50,14 @@ export const sitemapFactory = async () => {
 }
 
 export const sitemapHandler = (req, res) => {
-  sitemapFactory().then(sm => {
+  sitemapFactory().then((sm) => {
     sm.toXML((err, xml) => {
       if (err) {
         // eslint-disable-next-line no-console
         console.error(err)
         return res.status(500).end()
       }
-      res.header('Content-Type', 'application/xml')
+      res.header("Content-Type", "application/xml")
       res.send(xml)
     })
   })

package/src/handlers/stars.ts

@@ -1,5 +1,5 @@
 // dependencies ------------------------------------------------------------
-import Star from '../models/stars'
+import Star from "../models/stars"
 
 /**
  * Stars
@@ -22,10 +22,10 @@ export default {
       datasetId: datasetId,
       userId: userId,
     })
-      .then(response => {
+      .then((response) => {
         return res.send(response.$op)
       })
-      .catch(err => {
+      .catch((err) => {
         next(err)
       })
   },
@@ -46,7 +46,7 @@ export default {
     Star.deleteOne({
       datasetId: datasetId,
       userId: userId,
-    }).catch(err => {
+    }).catch((err) => {
       if (err) {
         return next(err)
       } else {
@@ -64,26 +64,27 @@ export default {
    */
 
   getStars(req, res, next) {
-    const datasetId =
-      req.params.datasetId === 'undefined' ? null : req.params.datasetId
+    const datasetId = req.params.datasetId === "undefined"
+      ? null
+      : req.params.datasetId
     if (datasetId) {
       Star.find({
         datasetId: datasetId,
       })
         .exec()
-        .then(stars => {
+        .then((stars) => {
           res.send(stars)
         })
-        .catch(err => {
+        .catch((err) => {
           return next(err)
         })
     } else {
       Star.find()
         .exec()
-        .then(stars => {
+        .then((stars) => {
           res.send(stars)
         })
-        .catch(err => {
+        .catch((err) => {
           return next(err)
         })
     }

package/src/handlers/{subscriptions.js → subscriptions.ts}

@@ -1,6 +1,6 @@
-import notifications from '../libs/notifications'
-import Subscription from '../models/subscription'
-import mongoose from 'mongoose'
+import notifications from "../libs/notifications"
+import Subscription from "../models/subscription"
+import mongoose from "mongoose"
 const ObjectID = mongoose.Schema.Types.ObjectId
 
 /**
@@ -24,8 +24,8 @@ export const create = (req, res, next) => {
   const userId = data.userId
 
   subscribe(datasetId, userId)
-    .then(response => res.send(response.$op))
-    .catch(err => next(err))
+    .then((response) => res.send(response.$op))
+    .catch((err) => next(err))
 }
 
 /**
@@ -43,7 +43,7 @@ export const deleteSubscription = (req, res, next) => {
   Subscription.deleteOne({
     datasetId: datasetId,
     userId: userId,
-  }).catch(err => {
+  }).catch((err) => {
     if (err) {
       return next(err)
     } else {
@@ -61,15 +61,15 @@ export const deleteAll = (req, res, next) => {
     datasetId: datasetId,
   })
     .exec()
-    .then(subscriptions => {
-      subscriptions.forEach(subscription => {
+    .then((subscriptions) => {
+      subscriptions.forEach((subscription) => {
         Subscription.deleteOne({
           _id: new ObjectID(subscription._id),
         })
       })
       return res.send()
     })
-    .catch(err => {
+    .catch((err) => {
       if (err) {
         return next(err)
       }
@@ -84,26 +84,27 @@ export const deleteAll = (req, res, next) => {
  * Returns a list of subscriptions that are associated with a dataset
  */
 export const getSubscriptions = (req, res, next) => {
-  const datasetId =
-    req.params.datasetId === 'undefined' ? null : req.params.datasetId
+  const datasetId = req.params.datasetId === "undefined"
+    ? null
+    : req.params.datasetId
   if (datasetId) {
     Subscription.find({
       datasetId: datasetId,
     })
       .exec()
-      .then(subscriptions => {
+      .then((subscriptions) => {
         res.send(subscriptions)
       })
-      .catch(err => {
+      .catch((err) => {
         return next(err)
       })
   } else {
     Subscription.find()
       .exec()
-      .then(subscriptions => {
+      .then((subscriptions) => {
         res.send(subscriptions)
       })
-      .catch(err => {
+      .catch((err) => {
         return next(err)
       })
   }
@@ -123,7 +124,7 @@ export const checkUserSubscription = (req, res) => {
     userId: userId,
   })
     .exec()
-    .then(resp => {
+    .then((resp) => {
       if (resp) {
         return res.send({ subscribed: true })
       } else {

package/src/handlers/{users.js → users.ts}

@@ -1,5 +1,5 @@
 // dependencies ------------------------------------------------------------
-import { generateApiKey } from '../libs/apikey'
+import { generateApiKey } from "../libs/apikey"
 
 // handlers ----------------------------------------------------------------
 
@@ -10,6 +10,6 @@ import { generateApiKey } from '../libs/apikey'
  */
 export function createAPIKey(req, res, next) {
   generateApiKey(req.user)
-    .then(key => res.send(key))
-    .catch(err => next(err))
+    .then((key) => res.send(key))
+    .catch((err) => next(err))
 }

package/src/libs/__tests__/apikey.spec.ts

@@ -0,0 +1,25 @@
+import { vi } from "vitest"
+import jwt from "jsonwebtoken"
+import { apiKeyFactory } from "../apikey.js"
+import config from "../../config"
+
+vi.mock("ioredis")
+vi.mock("../../config.ts")
+
+const userMock = {
+  id: "1337",
+  name: "Total Poser",
+  email: "porkchopsandwich@gijoe.com",
+  admin: true,
+  provider: "google",
+}
+
+describe("util/apikey.js", () => {
+  describe("apiKeyFactory", () => {
+    it("produces a valid JWT", () => {
+      const token = jwt.verify(apiKeyFactory(userMock), config.auth.jwt.secret)
+      expect(token.sub).toEqual(userMock.id)
+      expect(token.email).toEqual(userMock.email)
+    })
+  })
+})

package/src/libs/__tests__/datalad-service.spec.ts

@@ -0,0 +1,27 @@
+import { vi } from "vitest"
+import { hashDatasetToRange } from "../datalad-service"
+
+vi.mock("ioredis")
+
+describe("datalad-service utils", () => {
+  describe("hashDatasetToRange()", () => {
+    it("is stable across a range of datasets", () => {
+      const range = 8
+      expect(hashDatasetToRange("ds000001", range)).toBe(4)
+      expect(hashDatasetToRange("ds000002", range)).toBe(5)
+      expect(hashDatasetToRange("ds000003", range)).toBe(4)
+      expect(hashDatasetToRange("ds000004", range)).toBe(6)
+      expect(hashDatasetToRange("ds001734", range)).toBe(1)
+      expect(hashDatasetToRange("ds001919", range)).toBe(6)
+    })
+    it("is comparable with a small range (4)", () => {
+      const range = 4
+      expect(hashDatasetToRange("ds000001", range)).toBe(0)
+      expect(hashDatasetToRange("ds000002", range)).toBe(1)
+      expect(hashDatasetToRange("ds000003", range)).toBe(0)
+      expect(hashDatasetToRange("ds000004", range)).toBe(2)
+      expect(hashDatasetToRange("ds001734", range)).toBe(1)
+      expect(hashDatasetToRange("ds001919", range)).toBe(2)
+    })
+  })
+})

package/src/libs/__tests__/{dataset.spec.js → dataset.spec.ts}

@@ -1,26 +1,26 @@
-import { vi } from 'vitest'
-import { connect } from 'mongoose'
-import { getAccessionNumber } from '../dataset.js'
+import { vi } from "vitest"
+import { connect } from "mongoose"
+import { getAccessionNumber } from "../dataset"
 
-vi.mock('ioredis')
+vi.mock("ioredis")
 
-describe('libs/dataset.js', () => {
-  describe('getAccessionNumber', () => {
+describe("libs/dataset", () => {
+  describe("getAccessionNumber", () => {
     beforeAll(() => {
       connect(globalThis.__MONGO_URI__)
     })
     it('returns strings starting with "ds"', async () => {
       const ds = await getAccessionNumber()
-      expect(ds.slice(0, 2)).toEqual('ds')
+      expect(ds.slice(0, 2)).toEqual("ds")
     })
-    it('generates sequential numbers', async () => {
+    it("generates sequential numbers", async () => {
       const first = await getAccessionNumber()
       const second = await getAccessionNumber()
       const fNum = parseInt(first.slice(2))
       const sNum = parseInt(second.slice(2))
       expect(fNum).toBeLessThan(sNum)
     })
-    it('returns 6 digits for ds ids', async () => {
+    it("returns 6 digits for ds ids", async () => {
       const ds = await getAccessionNumber()
       const num = ds.slice(2)
       expect(num).toHaveLength(6)

package/src/libs/{apikey.js → apikey.ts}

@@ -1,8 +1,8 @@
-import Key from '../models/key'
-import { addJWT } from '../libs/authentication/jwt'
-import config from '../config'
+import Key from "../models/key"
+import { addJWT } from "./authentication/jwt"
+import config from "../config"
 
-export const apiKeyFactory = user => {
+export const apiKeyFactory = (user) => {
   const apiKeyExpiration = 31536000
   return addJWT(config)(user, apiKeyExpiration).token
 }
@@ -11,7 +11,7 @@ export const apiKeyFactory = user => {
  * Replace or create an API key for a given user
  * @param {object} user
  */
-export const generateApiKey = user => {
+export const generateApiKey = (user) => {
   const userId = user.id
   const token = apiKeyFactory(user)
   return Key.updateOne(

package/src/libs/authentication/__tests__/jwt.spec.ts

@@ -0,0 +1,59 @@
+import { vi } from "vitest"
+import User from "../../../models/user"
+import { addJWT, jwtFromRequest } from "../jwt"
+
+vi.mock("ioredis")
+vi.mock("../../../config.ts")
+vi.unmock("mongoose")
+
+describe("jwt auth", () => {
+  describe("addJWT()", () => {
+    it("Extends a User model with a valid token", () => {
+      const config = {
+        auth: {
+          jwt: {
+            secret: "1234",
+          },
+        },
+      }
+      const user = new User({ email: "test@example.com" })
+      const obj = addJWT(config)(user)
+      expect(obj).toHaveProperty("token")
+    })
+  })
+  describe("jwtFromRequest()", () => {
+    it("handles both cookie and authorization headers", () => {
+      const cookieToken = "1234"
+      const headersToken = "Bearer 5678"
+      const cookieRequest = {
+        cookies: {
+          accessToken: cookieToken,
+        },
+      }
+      const headersRequest = {
+        headers: {
+          authorization: headersToken,
+        },
+      }
+      expect(jwtFromRequest(cookieRequest)).toEqual(cookieToken)
+      expect(jwtFromRequest(headersRequest)).toEqual("5678")
+    })
+    it("prefers authorization header when cookies are present", () => {
+      const req = {
+        cookies: {
+          accessToken: "1234",
+        },
+        headers: {
+          authorization: "Bearer 5678",
+        },
+      }
+      expect(jwtFromRequest(req)).toEqual("5678")
+    })
+    it("returns null when authorization header is missing", () => {
+      const req = {
+        headers: {},
+      }
+      expect(jwtFromRequest(req)).toEqual(null)
+    })
+  })
+})

package/src/libs/authentication/{crypto.js → crypto.ts}

@@ -1,41 +1,41 @@
-import crypto from 'crypto'
-import config from '../../config'
+import crypto from "crypto"
+import config from "../../config"
 
 const secret = config.auth.jwt.secret
-const algorithm = 'aes256'
+const algorithm = "aes256"
 const key = crypto
-  .createHash('sha256')
+  .createHash("sha256")
   .update(secret)
-  .digest('base64')
+  .digest("base64")
   .substr(0, 32)
 
-const delimiter = '.'
-const encoding = 'base64'
+const delimiter = "."
+const encoding = "base64"
 
 const pack = (iv, encrypted) => iv.toString(encoding) + delimiter + encrypted
 
-const unpack = encryptedPackage => {
+const unpack = (encryptedPackage) => {
   const [strIv, encrypted] = encryptedPackage.split(delimiter)
   const iv = Buffer.from(strIv, encoding)
   return [iv, encrypted]
 }
 
-export const encrypt = plainText => {
+export const encrypt = (plainText) => {
   const iv = crypto.randomBytes(16)
   const cipher = crypto.createCipheriv(algorithm, key, iv)
-  const encryptedText =
-    cipher.update(plainText, 'utf8', 'hex') + cipher.final('hex')
+  const encryptedText = cipher.update(plainText, "utf8", "hex") +
+    cipher.final("hex")
   const encryptedPackage = pack(iv, encryptedText)
   return encryptedPackage
 }
 
-export const decrypt = encryptedPackage => {
+export const decrypt = (encryptedPackage) => {
   const [iv, encryptedText] = unpack(encryptedPackage)
   const decipher = crypto.createDecipheriv(algorithm, key, iv)
-  const decryptedText =
-    decipher.update(encryptedText, 'hex', 'utf8') + decipher.final('utf8')
+  const decryptedText = decipher.update(encryptedText, "hex", "utf8") +
+    decipher.final("utf8")
   return decryptedText
 }
 
-export const hashObject = object =>
-  crypto.createHash('sha1').update(JSON.stringify(object)).digest('hex')
+export const hashObject = (object) =>
+  crypto.createHash("sha1").update(JSON.stringify(object)).digest("hex")

package/src/libs/authentication/google.ts

@@ -0,0 +1,18 @@
+import passport from "passport"
+
+export const requestAuth = (req, res, next) =>
+  passport.authenticate("google", {
+    scope: [
+      "https://www.googleapis.com/auth/userinfo.email",
+      "https://www.googleapis.com/auth/userinfo.profile",
+    ],
+    session: false,
+    accessType: "offline",
+    prompt: "consent",
+    state: req.query.redirectPath || null,
+  })(req, res, next)
+
+export const authCallback = passport.authenticate("google", {
+  failureRedirect: "/",
+  session: false,
+})