@stamhoofd/backend 1.0.0

package/src/endpoints/organization/dashboard/users/DeleteUserEndpoint.ts

@@ -0,0 +1,60 @@
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { SimpleError } from "@simonbackx/simple-errors";
+import { User } from '@stamhoofd/models';
+
+import { Context } from "../../../../helpers/Context";
+type Params = { id: string };
+type Query = undefined;
+type Body = undefined
+type ResponseBody = undefined
+
+export class DeleteUserEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "DELETE") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/user/@id", { id: String });
+
+        if (params) {
+            return [true, params as Params];
+        }
+
+        const params2 = Endpoint.parseParameters(request.url, "/api-keys/@id", { id: String });
+
+        if (params2) {
+            return [true, params2 as Params];
+        }
+
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        const {user} = await Context.authenticate()
+
+        // Fast throw first (more in depth checking for patches later)
+        if (!await Context.auth.canManageAdmins(organization.id)) {
+            throw Context.auth.error()
+        }
+
+        if (user.id == request.params.id) {
+            throw new SimpleError({
+                code: "permission_denied",
+                message: "Je kan jezelf niet verwijderen"
+            })
+        }
+
+        const editUser = await User.getByID(request.params.id)
+        if (!editUser || !Context.auth.checkScope(editUser.organizationId)) {
+            throw new SimpleError({
+                code: "permission_denied",
+                message: "Je hebt geen toegang om deze gebruiker te verwijderen"
+            })
+        }
+        
+        await editUser.delete();
+
+        return new Response(undefined);      
+    }
+}

package/src/endpoints/organization/dashboard/users/GetApiUsersEndpoint.ts

@@ -0,0 +1,47 @@
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { SimpleError } from "@simonbackx/simple-errors";
+import { Token, User } from '@stamhoofd/models';
+import { ApiUser } from "@stamhoofd/structures";
+
+import { Context } from "../../../../helpers/Context";
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = undefined
+type ResponseBody = ApiUser[]
+
+export class GetOrganizationAdminsEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/api-keys", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(_: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate()
+
+        // Fast throw first (more in depth checking for patches later)
+        if (!await Context.auth.canManageAdmins(organization.id)) {
+            throw Context.auth.error()
+        }
+
+        // Get all admins
+        const admins = await User.getApiUsers([organization.id])
+
+        const mapped: ApiUser[] = []
+        for (const admin of admins) {
+            mapped.push(await Token.getAPIUserWithToken(admin))
+        }
+
+        return new Response(
+            mapped
+        );
+    }
+}

package/src/endpoints/organization/dashboard/users/GetOrganizationAdminsEndpoint.ts

@@ -0,0 +1,41 @@
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { User } from '@stamhoofd/models';
+import { OrganizationAdmins, User as UserStruct } from "@stamhoofd/structures";
+
+import { Context } from "../../../../helpers/Context";
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = undefined
+type ResponseBody = OrganizationAdmins
+
+export class GetOrganizationAdminsEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/organization/admins", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(_: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate()
+
+        // Fast throw first (more in depth checking for patches later)
+        if (!await Context.auth.canManageAdmins(organization.id)) {
+            throw Context.auth.error()
+        }
+
+        // Get all admins
+        const admins = await User.getAdmins([organization.id])
+
+        return new Response(OrganizationAdmins.create({
+            users: admins.map(a => UserStruct.create({...a, hasAccount: a.hasAccount()})),
+        }));
+    }
+}

package/src/endpoints/organization/dashboard/webshops/CreateWebshopEndpoint.ts

@@ -0,0 +1,217 @@
+import { Decoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { SimpleError, SimpleErrors } from '@simonbackx/simple-errors';
+import { Webshop } from '@stamhoofd/models';
+import { PermissionLevel, PermissionsResourceType, PrivateWebshop, ResourcePermissions, Version, WebshopPrivateMetaData } from "@stamhoofd/structures";
+import { Formatter } from '@stamhoofd/utility';
+
+import { Context } from '../../../../helpers/Context';
+
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = PrivateWebshop;
+type ResponseBody = PrivateWebshop;
+
+/**
+ * One endpoint to create, patch and delete groups. Usefull because on organization setup, we need to create multiple groups at once. Also, sometimes we need to link values and update multiple groups at once
+ */
+
+export class CreateWebshopEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = PrivateWebshop as Decoder<PrivateWebshop>
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "POST") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/webshop", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        const {user} = await Context.authenticate()
+
+        // Fast throw first (more in depth checking for patches later)
+        if (!await Context.auth.canCreateWebshops(organization.id)) {
+            throw Context.auth.error("Je kan geen webshops maken, vraag aan de hoofdbeheerders om jou toegang te geven.")
+        }
+
+        const errors = new SimpleErrors()
+
+        const webshop = new Webshop()
+
+        webshop.id = request.body.id
+        webshop.meta = request.body.meta
+        webshop.meta.domainActive = false;
+        webshop.privateMeta = request.body.privateMeta
+        webshop.products = request.body.products
+        webshop.categories = request.body.categories
+        webshop.organizationId = organization.id
+        webshop.privateMeta.authorId = user.id;
+        webshop.privateMeta.dnsRecords = [];
+        let updateDNS = false
+
+        // Check if we can decide the domain
+        if (!request.body.domain && !request.body.domainUri) {
+            const webshops = await Webshop.where({ 
+                organizationId: organization.id, 
+                domain: { 
+                    value: null,
+                    sign: "!="
+                },
+                domainUri: {
+                    value: "",
+                    sign: "!="
+                }
+            })
+
+            const counters = new Map<string, number>()
+            for (const webshop of webshops) {
+                if (!webshop.domain || !webshop.meta.domainActive) {
+                    continue
+                }
+                const count  = (counters.get(webshop.domain) ?? 0) + 1
+                counters.set(webshop.domain, count)
+            }
+
+            if (counters.size > 0) {
+                const maxDomain = [...counters.entries()].reduce((a, e ) => e[1] > a[1] ? e : a)[0]
+                console.log("Choosing default domain for new webshop: ", maxDomain)
+
+                webshop.domain = maxDomain
+                webshop.domainUri = Formatter.slug(webshop.meta.name)
+                webshop.privateMeta.dnsRecords = WebshopPrivateMetaData.buildDNSRecords(maxDomain)
+                await this.checkDomainUri(webshop)
+                updateDNS = true
+            }
+
+        } else {
+            if (request.body.domain) {
+                webshop.domain = request.body.domain
+
+                if (request.body.domainUri) {
+                    webshop.domainUri = Formatter.slug(request.body.domainUri)
+                }
+
+                webshop.privateMeta.dnsRecords = WebshopPrivateMetaData.buildDNSRecords(request.body.domain)
+                await this.checkDomainUri(webshop)
+                updateDNS = true
+            }
+        }
+
+        webshop.uri = request.body.uri.length > 0 ? Formatter.slug(request.body.uri) : Formatter.slug(webshop.meta.name)
+
+        // Check if this uri is inique
+        let original = webshop.uri
+        const possibleSuffixes = [new Date().getFullYear().toString(), Formatter.slug(organization.uri)]
+
+        // Remove possible suffices from original
+        for (const suffix of possibleSuffixes) {
+            if (original.endsWith("-" + suffix)) {
+                original = original.slice(0, -suffix.length - 1)
+            }
+        }
+
+        let tried = 0
+        while (webshop.uri.length > 100 || await Webshop.getByURI(webshop.uri) !== undefined) {
+
+            console.log("Webshop already exists", webshop.uri)
+
+            let suffix = ""
+            if (tried < possibleSuffixes.length) {
+                suffix = "-" + possibleSuffixes[tried]
+            } else if (tried > 9) {
+                 suffix = "-" + Math.floor(Math.random() * 100000)
+            } else {
+                 suffix = "-" + (tried - possibleSuffixes.length + 2)
+            }
+            
+            webshop.uri = original.slice(0, 100 - suffix.length) + suffix;
+            
+            tried++
+            if (tried > 15) {
+                console.log("Failed to generate unique webshop uri")
+
+                throw new SimpleError({
+                    code: "failed_to_generate_unique_uri",
+                    message: "Failed to generate unique uri",
+                    human: "Er is een fout opgetreden bij het maken van de webshop, kies een andere naam voor jouw webshop",
+                    statusCode: 500
+                })
+            }
+        }
+
+        if (!await Context.auth.canAccessWebshop(webshop, PermissionLevel.Full)) {
+            // Create a temporary permission role for this user
+            const organizationPermissions = user.permissions?.organizationPermissions?.get(organization.id)
+            if (!organizationPermissions) {
+                throw new Error('Unexpected missing permissions')
+            }
+            const resourcePermissions = ResourcePermissions.create({
+                resourceName: webshop.meta.name,
+                level: PermissionLevel.Full
+            })
+            const patch = resourcePermissions.createInsertPatch(PermissionsResourceType.Webshops, webshop.id, organizationPermissions)
+            user.permissions!.organizationPermissions.set(organization.id, organizationPermissions.patch(patch))
+            console.log('Automatically granted author full permissions to resource', 'webshop', webshop.id, 'user', user.id, 'patch', patch.encode({version: Version}))
+            await user.save()
+        }
+
+        // Verify if we have full access
+        if (!await Context.auth.canAccessWebshop(webshop, PermissionLevel.Full)) {
+            throw new SimpleError({
+                code: "missing_permissions",
+                message: "You cannot create a webshop without having full permissions on the created webshop",
+                human: "Als je een webshop aanmaakt moet je ervoor zorgen dat jezelf ook volledige toegang hebt."
+            })
+        }
+
+        await webshop.save()
+
+        if (updateDNS) {
+            await webshop.updateDNSRecords()
+        }
+        
+        errors.throwIfNotEmpty()
+        return new Response(PrivateWebshop.create(webshop));
+    }
+
+    async checkDomainUri(webshop: Webshop) {
+        if (!webshop.domain) {
+            return
+        }
+        // Check if this uri is inique
+        const original = webshop.domainUri ? webshop.domainUri + '-' : ''
+        const possibleSuffixes = [new Date().getFullYear().toString()]
+        let tried = 0
+        while (await Webshop.getByDomain(webshop.domain, webshop.domainUri) !== undefined) {
+            console.log("Webshop already exists", webshop.domainUri)
+
+            if (tried < possibleSuffixes.length) {
+                webshop.domainUri = original + possibleSuffixes[tried]
+            } else if (tried > 9) {
+                webshop.domainUri = original + Math.floor(Math.random() * 100000)
+            } else {
+                webshop.domainUri = original + (tried - possibleSuffixes.length + 2)
+            }
+            
+            tried++
+
+            if (tried > 15) {
+                console.log("Failed to generate unique webshop domainUri")
+
+                throw new SimpleError({
+                    code: "failed_to_generate_unique_domainUri",
+                    message: "Failed to generate unique domainUri",
+                    human: "Er is een fout opgetreden bij het maken van de webshop, kies een andere naam voor jouw webshop",
+                    statusCode: 500
+                })
+            }
+        }
+    }
+}

package/src/endpoints/organization/dashboard/webshops/DeleteWebshopEndpoint.ts

@@ -0,0 +1,51 @@
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { SimpleError } from '@simonbackx/simple-errors';
+import { BalanceItem, Order, Webshop } from '@stamhoofd/models';
+import { PermissionLevel } from "@stamhoofd/structures";
+
+import { Context } from "../../../../helpers/Context";
+
+type Params = { id: string };
+type Query = undefined;
+type Body = undefined;
+type ResponseBody = undefined;
+
+/**
+ * One endpoint to create, patch and delete groups. Usefull because on organization setup, we need to create multiple groups at once. Also, sometimes we need to link values and update multiple groups at once
+ */
+
+export class DeleteWebshopEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "DELETE") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/webshop/@id", { id: String });
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate()
+
+        // Fast throw first (more in depth checking for patches later)
+        if (!await Context.auth.hasSomeAccess(organization.id)) {
+            throw Context.auth.error()
+        }
+
+        const webshop = await Webshop.getByID(request.params.id)
+        if (!webshop || !await Context.auth.canAccessWebshop(webshop, PermissionLevel.Full)) {
+            throw Context.auth.notFoundOrNoAccess()
+        }
+
+        const orders = await Order.where({ webshopId: webshop.id });
+        await BalanceItem.deleteForDeletedOrders(orders.map(o => o.id))
+        await webshop.delete()
+        return new Response(undefined);
+    }
+}

package/src/endpoints/organization/dashboard/webshops/GetDiscountCodesEndpoint.ts

@@ -0,0 +1,47 @@
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { SimpleError } from '@simonbackx/simple-errors';
+import { Webshop, WebshopDiscountCode } from '@stamhoofd/models';
+import { DiscountCode, PermissionLevel } from "@stamhoofd/structures";
+
+import { Context } from "../../../../helpers/Context";
+
+type Params = { id: string };
+type Query = undefined
+type Body = undefined
+type ResponseBody = DiscountCode[]
+
+export class GetWebshopDiscountCodesEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/webshop/@id/discount-codes", { id: String });
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate()
+
+        // Fast throw first (more in depth checking for patches later)
+        if (!await Context.auth.hasSomeAccess(organization.id)) {
+            throw Context.auth.error()
+        }
+
+        const webshop = await Webshop.getByID(request.params.id)
+        if (!webshop || !await Context.auth.canAccessWebshop(webshop, PermissionLevel.Full)) {
+            throw Context.auth.notFoundOrNoAccess()
+        }
+        
+        const discountCodes = await WebshopDiscountCode.where({webshopId: request.params.id})
+
+        return new Response(
+            discountCodes.map(d => d.getStructure())
+        );
+    }
+}

package/src/endpoints/organization/dashboard/webshops/GetWebshopOrdersEndpoint.ts

@@ -0,0 +1,83 @@
+import { Decoder } from "@simonbackx/simple-encoding";
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { Order, Webshop } from '@stamhoofd/models';
+import { PaginatedResponse, PermissionLevel, PrivateOrder, WebshopOrdersQuery } from "@stamhoofd/structures";
+
+import { Context } from "../../../../helpers/Context";
+
+type Params = { id: string };
+type Query = WebshopOrdersQuery
+type Body = undefined
+type ResponseBody = PaginatedResponse<PrivateOrder[], Query>
+
+export class GetWebshopOrdersEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    queryDecoder = WebshopOrdersQuery as Decoder<WebshopOrdersQuery>
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/webshop/@id/orders", { id: String });
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate()
+
+        // Fast throw first (more in depth checking for patches later)
+        if (!await Context.auth.hasSomeAccess(organization.id)) {
+            throw Context.auth.error()
+        }
+
+        const webshop = await Webshop.getByID(request.params.id)
+        if (!webshop || !await Context.auth.canAccessWebshop(webshop, PermissionLevel.Read)) {
+            throw Context.auth.notFoundOrNoAccess("Je hebt geen toegang tot de bestellingen van deze webshop")
+        }
+
+        let orders: Order[] | undefined = undefined
+        const limit = 50
+
+        if (request.query.updatedSince !== undefined) {
+            if (request.query.afterNumber !== undefined) {
+                orders = await Order.select("WHERE webshopId = ? AND number is not null AND (updatedAt > ? OR (updatedAt = ? AND number > ?)) ORDER BY updatedAt, number LIMIT ?", [webshop.id, request.query.updatedSince, request.query.updatedSince, request.query.afterNumber, limit])
+            } else {
+                orders = await Order.select("WHERE webshopId = ? AND number is not null AND updatedAt >= ? ORDER BY updatedAt, number LIMIT ?", [webshop.id, request.query.updatedSince, limit])
+            }
+        } else if (request.query.afterNumber !== undefined) {
+            orders = await Order.select("WHERE webshopId = ? AND number > ? ORDER BY updatedAt, number LIMIT ?", [webshop.id, request.query.afterNumber, limit])
+        } else {
+            orders = await Order.select("WHERE webshopId = ? AND number is not null ORDER BY updatedAt, number LIMIT ?", [webshop.id, limit])
+        }
+
+        //const paymentIds = orders.map(o => o.paymentId).filter(p => !!p) as string[]
+        //if (paymentIds.length > 0) {
+        //    const payments = await Payment.getByIDs(...paymentIds)
+        //    for (const order of orders) {
+        //        const payment = payments.find(p => p.id === order.paymentId)
+        //        order.setOptionalRelation(Order.payment, payment ?? null)
+        //    }
+        //} else {
+        //     for (const order of orders) {
+        //        order.setOptionalRelation(Order.payment, null)
+        //    }
+        //}
+
+        const structures = await Order.getPrivateStructures(orders)
+       
+        return new Response(
+            new PaginatedResponse({ 
+                results: structures,
+                next: orders.length >= limit ? WebshopOrdersQuery.create({
+                    updatedSince: orders[orders.length - 1].updatedAt ?? undefined,
+                    afterNumber: orders[orders.length - 1].number ?? undefined
+                }) : undefined
+            })
+        );
+    }
+}

package/src/endpoints/organization/dashboard/webshops/GetWebshopTicketsEndpoint.ts

@@ -0,0 +1,68 @@
+import { Decoder } from "@simonbackx/simple-encoding";
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { Ticket, Webshop } from '@stamhoofd/models';
+import { PaginatedResponse, PermissionLevel, TicketPrivate, WebshopTicketsQuery } from "@stamhoofd/structures";
+
+import { Context } from "../../../../helpers/Context";
+
+type Params = { id: string };
+type Query = WebshopTicketsQuery
+type Body = undefined
+type ResponseBody = PaginatedResponse<TicketPrivate[], Query>
+
+export class GetWebshopTicketsEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    queryDecoder = WebshopTicketsQuery as Decoder<WebshopTicketsQuery>
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/webshop/@id/tickets/private", { id: String });
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate()
+
+        // Fast throw first (more in depth checking for patches later)
+        if (!await Context.auth.hasSomeAccess(organization.id)) {
+            throw Context.auth.error()
+        }
+
+        const webshop = await Webshop.getByID(request.params.id)
+        if (!webshop || !await Context.auth.canAccessWebshopTickets(webshop, PermissionLevel.Read)) {
+            throw Context.auth.notFoundOrNoAccess("Je hebt geen toegang tot de tickets van deze webshop")
+        }
+        
+        let tickets: Ticket[] | undefined = undefined
+        const limit = 150
+
+        if (request.query.updatedSince !== undefined) {
+            if (request.query.lastId !== undefined) {
+                tickets = await Ticket.select("WHERE webshopId = ? AND (updatedAt > ? OR (updatedAt = ? AND id > ?)) ORDER BY updatedAt, id LIMIT ?", [webshop.id, request.query.updatedSince, request.query.updatedSince, request.query.lastId, limit])
+            } else {
+                tickets = await Ticket.select("WHERE webshopId = ? AND updatedAt >= ? ORDER BY updatedAt, id LIMIT ?", [webshop.id, request.query.updatedSince, limit])
+            }
+        } else {
+            tickets = await Ticket.select("WHERE webshopId = ? ORDER BY updatedAt, id LIMIT ?", [webshop.id, limit])
+        }
+
+        const supportsDeletedTickets = request.request.getVersion() >= 229
+
+        return new Response(
+            new PaginatedResponse({ 
+                results: tickets.map(ticket => TicketPrivate.create(ticket)).filter(ticket => supportsDeletedTickets || !ticket.deletedAt),
+                next: tickets.length >= limit ? WebshopTicketsQuery.create({
+                    updatedSince: tickets[tickets.length - 1].updatedAt ?? undefined,
+                    lastId: tickets[tickets.length - 1].id ?? undefined
+                }) : undefined
+            })
+        );
+    }
+}