npm - @stamhoofd/backend - Versions diffs - 1.0.0 - Mend

@stamhoofd/backend 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (150) hide show

package/src/endpoints/organization/dashboard/email-templates/PatchEmailTemplatesEndpoint.ts ADDED Viewed

@@ -0,0 +1,85 @@
+import { AutoEncoderPatchType, Decoder, PatchableArrayAutoEncoder, PatchableArrayDecoder, StringDecoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { EmailTemplate } from '@stamhoofd/models';
+import { EmailTemplate as EmailTemplateStruct, PermissionLevel } from '@stamhoofd/structures';
+import { Context } from '../../../../helpers/Context';
+type Params = Record<string, never>;
+type Body = PatchableArrayAutoEncoder<EmailTemplateStruct>;
+type Query = undefined;
+type ResponseBody = EmailTemplateStruct[];
+export class PatchEmailTemplatesEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = new PatchableArrayDecoder(EmailTemplateStruct as Decoder<EmailTemplateStruct>, EmailTemplateStruct.patchType() as Decoder<AutoEncoderPatchType<EmailTemplateStruct>>, StringDecoder)
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "PATCH") {
+            return [false];
+        }
+        const params = Endpoint.parseParameters(request.url, "/email-templates", {});
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate()
+        // Fast throw first (more in depth checking for patches later)
+        if (!await Context.auth.canReadEmailTemplates(organization.id)) {
+            throw Context.auth.error()
+        }
+        const templates: EmailTemplate[] = []
+        // Get all patches
+        for (const patch of request.body.getPatches()) {
+            const template = await EmailTemplate.getByID(patch.id)
+            if (!template || !(await Context.auth.canAccessEmailTemplate(template, PermissionLevel.Write))) {
+                throw Context.auth.notFoundOrNoAccess("Je hebt geen toegang om deze emailtemplate te bewerken")
+            }
+            template.html = patch.html ?? template.html
+            template.subject = patch.subject ?? template.subject
+            template.text = patch.text ?? template.text
+            template.json = patch.json ?? template.json
+            await template.save()
+            templates.push(template)
+        }
+        for (const put of request.body.getPuts()) {
+            const struct = put.put
+            const template = new EmailTemplate()
+            template.id = struct.id
+            template.organizationId = organization.id
+            template.webshopId = struct.webshopId
+            template.groupId = struct.groupId
+            template.html = struct.html
+            template.subject = struct.subject
+            template.text = struct.text
+            template.json = struct.json
+            template.type = struct.type
+            // Check if valid + write permissions
+            if (!(await Context.auth.canAccessEmailTemplate(template, PermissionLevel.Write))) {
+                throw Context.auth.error("Je hebt geen toegang om deze emailtemplate te maken")
+            }
+            await template.save()
+            templates.push(template)
+        }
+        return new Response(templates.map(template => EmailTemplateStruct.create(template)))
+    }
+}

package/src/endpoints/organization/dashboard/mollie/CheckMollieEndpoint.ts ADDED Viewed

@@ -0,0 +1,80 @@
+import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
+import { MollieToken } from '@stamhoofd/models';
+import { CheckMollieResponse, Organization as OrganizationStruct, PermissionLevel } from "@stamhoofd/structures";
+import { AuthenticatedStructures } from '../../../../helpers/AuthenticatedStructures';
+import { Context } from '../../../../helpers/Context';
+type Params = Record<string, never>;
+type Body = undefined
+type Query = undefined
+type ResponseBody = OrganizationStruct|CheckMollieResponse
+export class CheckMollieEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "POST") {
+            return [false];
+        }
+        const params = Endpoint.parseParameters(request.url, "/mollie/check", {});
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate()
+        // Fast throw first (more in depth checking for patches later)
+        if (!await Context.auth.canManagePaymentAccounts(organization.id, PermissionLevel.Full)) {
+            throw Context.auth.error()
+        }
+        const mollie = await MollieToken.getTokenFor(organization.id)
+        if (!mollie) {
+            organization.privateMeta.mollieOnboarding = null
+            organization.privateMeta.mollieProfile = null
+            await organization.save()
+            if (request.request.getVersion() < 200) {
+                return new Response(await AuthenticatedStructures.organization(organization));
+            }
+            return new Response(CheckMollieResponse.create({
+                organization: await AuthenticatedStructures.organization(organization),
+                profiles: []
+            }));
+        }
+        const profiles = await mollie.getProfiles();
+        const status = await mollie.getOnboardingStatus();
+        organization.privateMeta.mollieOnboarding = status;
+        // Check profile is still valid
+        if (organization.privateMeta.mollieProfile) {
+            const s = organization.privateMeta.mollieProfile.id
+            const profile = profiles.find(p => p.id === s)
+            if (!profile) {
+                organization.privateMeta.mollieProfile = null
+            } else {
+                organization.privateMeta.mollieProfile = profile
+            }
+        }
+        await organization.save()
+        if (request.request.getVersion() < 200) {
+            return new Response(await AuthenticatedStructures.organization(organization));
+        }
+        return new Response(CheckMollieResponse.create({
+            organization: await AuthenticatedStructures.organization(organization),
+            profiles
+        }));
+    }
+}

package/src/endpoints/organization/dashboard/mollie/ConnectMollieEndpoint.ts ADDED Viewed

@@ -0,0 +1,54 @@
+import { AutoEncoder, Decoder, field, StringDecoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
+import { MollieToken } from '@stamhoofd/models';
+import { Organization as OrganizationStruct, PermissionLevel } from "@stamhoofd/structures";
+import { AuthenticatedStructures } from '../../../../helpers/AuthenticatedStructures';
+import { checkMollieSettlementsFor } from '../../../../helpers/CheckSettlements';
+import { Context } from '../../../../helpers/Context';
+type Params = Record<string, never>;
+class Body extends AutoEncoder {
+    @field({ decoder: StringDecoder })
+    code: string
+}
+type Query = undefined
+type ResponseBody = OrganizationStruct
+export class ConnectMollieEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = Body as Decoder<Body>
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "POST") {
+            return [false];
+        }
+        const params = Endpoint.parseParameters(request.url, "/mollie/connect", {});
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate()
+        // Fast throw first (more in depth checking for patches later)
+        if (!await Context.auth.canManagePaymentAccounts(organization.id, PermissionLevel.Full)) {
+            throw Context.auth.error()
+        }
+        const mollieToken = await MollieToken.create(organization, request.body.code)
+        // Check settlements after linking (shouldn't block)
+        checkMollieSettlementsFor(mollieToken.accessToken, true).catch(console.error)
+        return new Response(await AuthenticatedStructures.organization(organization));
+    }
+}

package/src/endpoints/organization/dashboard/mollie/DisconnectMollieEndpoint.ts ADDED Viewed

@@ -0,0 +1,49 @@
+import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
+import { MollieToken } from '@stamhoofd/models';
+import { Organization as OrganizationStruct, PermissionLevel } from "@stamhoofd/structures";
+import { AuthenticatedStructures } from '../../../../helpers/AuthenticatedStructures';
+import { Context } from '../../../../helpers/Context';
+type Params = Record<string, never>;
+type Body = undefined
+type Query = undefined
+type ResponseBody = OrganizationStruct
+export class DisonnectMollieEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "POST") {
+            return [false];
+        }
+        const params = Endpoint.parseParameters(request.url, "/mollie/disconnect", {});
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+    async handle(_: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate()
+        // Fast throw first (more in depth checking for patches later)
+        if (!await Context.auth.canManagePaymentAccounts(organization.id, PermissionLevel.Full)) {
+            throw Context.auth.error()
+        }
+        const mollieToken = await MollieToken.getTokenFor(organization.id)
+        await mollieToken?.revoke();
+        organization.privateMeta.mollieOnboarding = null;
+        organization.privateMeta.mollieProfile = null;
+        await organization.save()
+        // TODO: disable all payment methods that use this method
+        return new Response(await AuthenticatedStructures.organization(organization));
+    }
+}

package/src/endpoints/organization/dashboard/mollie/GetMollieDashboardEndpoint.ts ADDED Viewed

@@ -0,0 +1,63 @@
+import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
+import { isSimpleError, isSimpleErrors,SimpleError } from '@simonbackx/simple-errors';
+import { MollieToken } from '@stamhoofd/models';
+import { PermissionLevel } from '@stamhoofd/structures';
+import { Context } from '../../../../helpers/Context';
+type Params = Record<string, never>;
+type Body = undefined
+type Query = undefined
+type ResponseBody = string
+export class GetMollieDashboardEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+        const params = Endpoint.parseParameters(request.url, "/mollie/dashboard", {});
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+    async handle(_: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate()
+        // Fast throw first (more in depth checking for patches later)
+        if (!await Context.auth.canManagePaymentAccounts(organization.id, PermissionLevel.Full)) {
+            throw Context.auth.error()
+        }
+        const mollie = await MollieToken.getTokenFor(organization.id)
+        if (!mollie) {
+            throw new SimpleError({
+                code: "not_yet_linked",
+                message: "Mollie is nog niet gekoppeld. Koppel Mollie eerst voor je de gegevens aanvult"
+            })
+        }
+        try {
+            const url = await mollie.getOnboardingLink() as string
+            const response = new Response(url)
+            response.headers['Content-Type'] = "text/plain"
+            return response
+        } catch (e) {
+            if (isSimpleErrors(e) || isSimpleError(e)) {
+                throw e;
+            }
+            await mollie.delete()
+            throw new SimpleError({
+                code: "not_yet_linked",
+                message: "Mollie is nog niet gekoppeld. Koppel Mollie eerst voor je de gegevens aanvult"
+            })
+        }
+    }
+}

package/src/endpoints/organization/dashboard/nolt/CreateNoltTokenEndpoint.ts ADDED Viewed

@@ -0,0 +1,61 @@
+import { AutoEncoder, field, StringDecoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
+import jwt from 'jsonwebtoken';
+import { Context } from '../../../../helpers/Context';
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = undefined;
+class ResponseBody extends AutoEncoder {
+    @field({ decoder: StringDecoder })
+    jwt: string
+}
+export class CreateNoltTokenEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "POST") {
+            return [false];
+        }
+        if (!STAMHOOFD.NOLT_SSO_SECRET_KEY) {
+            return [false];
+        }
+        const params = Endpoint.parseParameters(request.url, "/nolt/create-token", {});
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+    async handle(_: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        const {user} = await Context.authenticate()
+        // Fast throw first (more in depth checking for patches later)
+        if (!await Context.auth.hasSomeAccess(organization.id)) {
+            throw Context.auth.error()
+        }
+        // Create token
+        const payload = {
+            // The ID that you use in your app for this user
+            id: user.id,
+            // The user's email address that
+            // Nolt should use for notifications
+            email: user.email,
+            // The display name for this user
+            name: user.firstName+" "+user.lastName,
+            // Optional: The URL to the user's avatar picture
+            imageUrl: organization.meta.squareLogo?.getPublicPath() ?? organization.meta.horizontalLogo?.getPublicPath() ?? undefined
+        }
+        const str = jwt.sign(payload, STAMHOOFD.NOLT_SSO_SECRET_KEY, { algorithm: 'HS256' });
+        return new Response(ResponseBody.create({ "jwt": str }));
+    }
+}

package/src/endpoints/organization/dashboard/organization/ApplyRegisterCodeEndpoint.test.ts ADDED Viewed

@@ -0,0 +1,64 @@
+import { Request } from "@simonbackx/simple-endpoints";
+import { OrganizationFactory, RegisterCodeFactory, STCredit, Token, UserFactory } from "@stamhoofd/models";
+import { PermissionLevel, Permissions } from "@stamhoofd/structures";
+import { testServer } from "../../../../../tests/helpers/TestServer";
+import { ApplyRegisterCodeEndpoint } from "./ApplyRegisterCodeEndpoint";
+describe("Endpoint.ApplyRegisterCodeEndpoint", () => {
+    // Test endpoint
+    const endpoint = new ApplyRegisterCodeEndpoint();
+    test("Cannot apply a register code if not platform admin", async () => {
+        const otherOrganization =  await new OrganizationFactory({}).create();
+        const code = await new RegisterCodeFactory({organization: otherOrganization}).create();
+        const organization =  await new OrganizationFactory({}).create();
+        const user = await new UserFactory({ organization, permissions: Permissions.create({ level: PermissionLevel.Full }) }).create()
+        const token = await Token.createToken(user)
+        const r = Request.buildJson(
+            "POST",
+            "/organization/register-code",
+            organization.getApiHost(),
+            {
+                registerCode: code.code,
+            }
+        );
+        r.headers.authorization = "Bearer "+token.accessToken
+        await expect(testServer.test(endpoint, r)).rejects.toThrow("You do not have permissions for this action");
+    });
+    test("Can apply a register code and apply the discount", async () => {
+        const otherOrganization =  await new OrganizationFactory({}).create();
+        const code = await new RegisterCodeFactory({organization: otherOrganization}).create();
+        const organization =  await new OrganizationFactory({}).create();
+        const user = await new UserFactory({
+            organization,
+            globalPermissions: Permissions.create({ level: PermissionLevel.Full }),
+            email: 'admin@stamhoofd.be'
+        }).create()
+        const token = await Token.createToken(user)
+        const r = Request.buildJson(
+            "POST",
+            "/organization/register-code",
+            organization.getApiHost(),
+            {
+                registerCode: code.code,
+            }
+        );
+        r.headers.authorization = "Bearer "+token.accessToken
+        const response = await testServer.test(endpoint, r);
+        expect(response.body).toBeUndefined();
+        // Check if this organization has an open register code
+        const credits = await STCredit.getForOrganization(organization.id);
+        expect(credits.length).toBe(1);
+        expect(credits[0].change).toBe(code.value);
+    });
+});

package/src/endpoints/organization/dashboard/organization/ApplyRegisterCodeEndpoint.ts ADDED Viewed

@@ -0,0 +1,84 @@
+import { AutoEncoder, Decoder, field, StringDecoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { Email } from '@stamhoofd/email';
+import { RegisterCode, UsedRegisterCode } from '@stamhoofd/models';
+import { Context } from '../../../../helpers/Context';
+type Params = Record<string, never>;
+type Query = undefined;
+type ResponseBody = undefined;
+class Body extends AutoEncoder {
+    @field({ decoder: StringDecoder })
+    registerCode: string
+}
+/**
+ * One endpoint to create, patch and delete groups. Usefull because on organization setup, we need to create multiple groups at once. Also, sometimes we need to link values and update multiple groups at once
+ */
+export class ApplyRegisterCodeEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = Body as Decoder<Body>
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "POST") {
+            return [false];
+        }
+        const params = Endpoint.parseParameters(request.url, "/organization/register-code", {});
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate()
+        if (!Context.auth.hasPlatformFullAccess()) {
+            throw Context.auth.error()
+        }
+        let code = request.body.registerCode;
+        if (code.startsWith('https:')) {
+            try {
+                const url = new URL(code);
+                const codeParam = url.searchParams.get('code');
+                if (codeParam) {
+                    console.log('Parsed code from URL', codeParam)
+                    code = codeParam;
+                }
+            } catch (e) {
+                console.error('Tried parsing code as URL but failed', code)
+            }
+        }
+        const {models, emails} = await RegisterCode.applyRegisterCode(organization, code)
+        for (const model of models) {
+            await model.save();
+        }
+        for (const email of emails) {
+            Email.sendInternal(email, organization.i18n)
+        }
+        if (organization.meta.packages.isPaid) {
+            // Already bought something: apply credit to other organization immediately
+            const code = await UsedRegisterCode.getFor(organization.id)
+            if (code && !code.creditId) {
+                console.log("Rewarding code "+code.id+" for payment")
+                // Deze code werd nog niet beloond
+                await code.reward()
+            }
+        }
+        return new Response(undefined);
+    }
+}

package/src/endpoints/organization/dashboard/organization/GetOrganizationArchivedGroups.ts ADDED Viewed

@@ -0,0 +1,43 @@
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { SimpleError } from "@simonbackx/simple-errors";
+import { Group, Token } from '@stamhoofd/models';
+import { Group as GroupStruct, GroupStatus } from "@stamhoofd/structures";
+import { AuthenticatedStructures } from "../../../../helpers/AuthenticatedStructures";
+import { Context } from "../../../../helpers/Context";
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = undefined
+type ResponseBody = GroupStruct[]
+export class GetOrganizationArchivedEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+        const params = Endpoint.parseParameters(request.url, "/organization/archived-groups", {});
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+    async handle(_: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate()
+        if (!await Context.auth.canAccessArchivedGroups(organization.id)) {
+            throw Context.auth.error()
+        }
+        // Get all admins
+        const groups = await Group.where({ organizationId: organization.id, status: GroupStatus.Archived, deletedAt: null })
+        const structures: GroupStruct[] = []
+        for (const g of groups) {
+            structures.push(await AuthenticatedStructures.group(g))
+        }
+        return new Response(structures);
+    }
+}

package/src/endpoints/organization/dashboard/organization/GetOrganizationDeletedGroups.ts ADDED Viewed

@@ -0,0 +1,42 @@
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { Group } from '@stamhoofd/models';
+import { Group as GroupStruct } from "@stamhoofd/structures";
+import { AuthenticatedStructures } from "../../../../helpers/AuthenticatedStructures";
+import { Context } from "../../../../helpers/Context";
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = undefined
+type ResponseBody = GroupStruct[]
+export class GetOrganizationAdminsEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+        const params = Endpoint.parseParameters(request.url, "/organization/deleted-groups", {});
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+    async handle(_: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate()
+        if (!await Context.auth.canAccessArchivedGroups(organization.id)) {
+            throw Context.auth.error()
+        }
+        // Get all admins
+        const groups = await Group.where({ organizationId: organization.id, deletedAt: { sign: '!=', value: null } })
+        const structures: GroupStruct[] = []
+        for (const g of groups) {
+            structures.push(await AuthenticatedStructures.group(g))
+        }
+        return new Response(structures);
+    }
+}

package/src/endpoints/organization/dashboard/organization/GetOrganizationSSOEndpoint.ts ADDED Viewed

@@ -0,0 +1,43 @@
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { OpenIDClientConfiguration } from "@stamhoofd/structures";
+import { Context } from "../../../../helpers/Context";
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = undefined;
+type ResponseBody = OpenIDClientConfiguration
+/**
+ * One endpoint to create, patch and delete groups. Usefull because on organization setup, we need to create multiple groups at once. Also, sometimes we need to link values and update multiple groups at once
+ */
+export class GetOrganizationSSOEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+        const params = Endpoint.parseParameters(request.url, "/organization/sso", {});
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+    async handle(_: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate()
+        if (!await Context.auth.canManageSSOSettings(organization.id)) {
+            throw Context.auth.error()
+        }
+        return new Response(organization.serverMeta.ssoConfiguration ?? OpenIDClientConfiguration.create({
+            clientId: "",
+            clientSecret: "",
+            issuer: ""
+        }));
+    }
+}