npm - @stamhoofd/backend - Versions diffs - 1.0.0 - Mend

@stamhoofd/backend 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (150) hide show

package/src/endpoints/admin/organizations/GetOrganizationsCountEndpoint.ts ADDED Viewed

@@ -0,0 +1,42 @@
+import { Decoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
+import { CountFilteredRequest, CountResponse } from '@stamhoofd/structures';
+import { Context } from '../../../helpers/Context';
+import { GetOrganizationsEndpoint } from './GetOrganizationsEndpoint';
+type Params = Record<string, never>;
+type Query = CountFilteredRequest;
+type Body = undefined;
+type ResponseBody = CountResponse;
+export class GetOrganizationsCountEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    queryDecoder = CountFilteredRequest as Decoder<CountFilteredRequest>
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+        const params = Endpoint.parseParameters(request.url, "/admin/organizations/count", {});
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        await Context.authenticate()
+        const query = GetOrganizationsEndpoint.buildQuery(request.query)
+        const count = await query
+            .count();
+        return new Response(
+            CountResponse.create({
+                count
+            })
+        );
+    }
+}

package/src/endpoints/admin/organizations/GetOrganizationsEndpoint.ts ADDED Viewed

@@ -0,0 +1,320 @@
+/* eslint-disable @typescript-eslint/no-unsafe-argument */
+import { Decoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
+import { SimpleError } from '@simonbackx/simple-errors';
+import { Organization } from '@stamhoofd/models';
+import { SQL, SQLConcat, SQLFilterDefinitions, SQLNow, SQLNull, SQLOrderBy, SQLOrderByDirection, SQLScalar, SQLSortDefinitions, SQLWhereEqual, SQLWhereOr, SQLWhereSign, baseSQLFilterCompilers, compileToSQLFilter, compileToSQLSorter, createSQLColumnFilterCompiler, createSQLExpressionFilterCompiler, createSQLRelationFilterCompiler } from "@stamhoofd/sql";
+import { CountFilteredRequest, LimitedFilteredRequest, Organization as OrganizationStruct, PaginatedResponse, PermissionLevel, StamhoofdFilter, getSortFilter } from '@stamhoofd/structures';
+import { AuthenticatedStructures } from '../../../helpers/AuthenticatedStructures';
+import { Context } from '../../../helpers/Context';
+type Params = Record<string, never>;
+type Query = LimitedFilteredRequest;
+type Body = undefined;
+type ResponseBody = PaginatedResponse<OrganizationStruct[], LimitedFilteredRequest>
+export const filterCompilers: SQLFilterDefinitions = {
+    ...baseSQLFilterCompilers,
+    id: createSQLExpressionFilterCompiler(
+        SQL.column('organizations', 'id')
+    ),
+    name: createSQLExpressionFilterCompiler(
+        SQL.column('organizations', 'name')
+    ),
+    city: createSQLExpressionFilterCompiler(
+        SQL.jsonValue(SQL.column('organizations', 'address'), '$.value.city'),
+        undefined,
+        true,
+        false
+    ),
+    country: createSQLExpressionFilterCompiler(
+        SQL.jsonValue(SQL.column('organizations', 'address'), '$.value.country'),
+        undefined,
+        true,
+        false
+    ),
+    umbrellaOrganization: createSQLExpressionFilterCompiler(
+        SQL.jsonValue(SQL.column('organizations', 'meta'), '$.value.umbrellaOrganization'),
+        undefined,
+        true,
+        false
+    ),
+    type: createSQLExpressionFilterCompiler(
+        SQL.jsonValue(SQL.column('organizations', 'meta'), '$.value.type'),
+        undefined,
+        true,
+        false
+    ),
+    tags: createSQLExpressionFilterCompiler(
+        SQL.jsonValue(SQL.column('organizations', 'meta'), '$.value.tags'),
+        undefined,
+        true,
+        true
+    ),
+    packages: createSQLRelationFilterCompiler(
+        SQL.select().from(
+            SQL.table('stamhoofd_packages')
+        ).where(
+            SQL.column('organizationId'),
+            SQL.column('organizations', 'id'),
+        )
+        .andWhere(
+            SQL.column('validAt'),
+            SQLWhereSign.NotEqual,
+            new SQLNull()
+        ).andWhere(
+            new SQLWhereOr([
+                new SQLWhereEqual(
+                    SQL.column('validUntil'),
+                    SQLWhereSign.Equal,
+                    new SQLNull()
+                ),
+                new SQLWhereEqual(
+                    SQL.column('validUntil'),
+                    SQLWhereSign.Greater,
+                    new SQLNow()
+                )
+            ])
+        ).andWhere(
+            new SQLWhereOr([
+                new SQLWhereEqual(
+                    SQL.column('removeAt'),
+                    SQLWhereSign.Equal,
+                    new SQLNull()
+                ),
+                new SQLWhereEqual(
+                    SQL.column('removeAt'),
+                    SQLWhereSign.Greater,
+                    new SQLNow()
+                )
+            ])
+        ),
+        // const pack1 = await STPackage.where({ organizationId, validAt: { sign: "!=", value: null }, removeAt: { sign: ">", value: new Date() }})
+        // const pack2 = await STPackage.where({ organizationId, validAt: { sign: "!=", value: null }, removeAt: null })
+        {
+            ...baseSQLFilterCompilers,
+            "type": createSQLExpressionFilterCompiler(
+                SQL.jsonValue(SQL.column('meta'), '$.value.type'),
+                undefined,
+                true,
+                false
+            )
+        }
+    ),
+    members: createSQLRelationFilterCompiler(
+        SQL.select().from(
+            SQL.table('members')
+        ).join(
+            SQL.join(
+                SQL.table('registrations')
+            ).where(
+                SQL.column('members', 'id'),
+                SQL.column('registrations', 'memberId')
+            )
+        ).where(
+            SQL.column('registrations', 'organizationId'),
+            SQL.column('organizations', 'id'),
+        ),
+        {
+            ...baseSQLFilterCompilers,
+            name: createSQLExpressionFilterCompiler(
+                new SQLConcat(
+                    SQL.column('firstName'),
+                    new SQLScalar(' '),
+                    SQL.column('lastName'),
+                )
+            ),
+            "firstName": createSQLColumnFilterCompiler('firstName'),
+            "lastName": createSQLColumnFilterCompiler('lastName'),
+            "email": createSQLColumnFilterCompiler('email')
+        }
+    ),
+}
+const sorters: SQLSortDefinitions<Organization> = {
+    'id': {
+        getValue(a) {
+            return a.id
+        },
+        toSQL: (direction: SQLOrderByDirection): SQLOrderBy => {
+            return new SQLOrderBy({
+                column: SQL.column('id'),
+                direction
+            })
+        }
+    },
+    'name': {
+        getValue(a) {
+            return a.name
+        },
+        toSQL: (direction: SQLOrderByDirection): SQLOrderBy => {
+            return new SQLOrderBy({
+                column: SQL.column('name'),
+                direction
+            })
+        }
+    },
+    'type': {
+        getValue(a) {
+            return a.meta.type
+        },
+        toSQL: (direction: SQLOrderByDirection): SQLOrderBy => {
+            return new SQLOrderBy({
+                column: SQL.jsonValue(SQL.column('meta'), '$.value.type'),
+                direction
+            })
+        }
+    },
+    'city': {
+        getValue(a) {
+            return a.address.city
+        },
+        toSQL: (direction: SQLOrderByDirection): SQLOrderBy => {
+            return new SQLOrderBy({
+                column: SQL.jsonValue(SQL.column('address'), '$.value.city'),
+                direction
+            })
+        }
+    },
+    'country': {
+        getValue(a) {
+            return a.address.country
+        },
+        toSQL: (direction: SQLOrderByDirection): SQLOrderBy => {
+            return new SQLOrderBy({
+                column: SQL.jsonValue(SQL.column('address'), '$.value.country'),
+                direction
+            })
+        }
+    }
+}
+export class GetOrganizationsEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    queryDecoder = LimitedFilteredRequest as Decoder<LimitedFilteredRequest>
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+        const params = Endpoint.parseParameters(request.url, "/admin/organizations", {});
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+    static buildQuery(q: CountFilteredRequest|LimitedFilteredRequest) {
+        const tags = Context.auth.getPlatformAccessibleOrganizationTags(PermissionLevel.Read)
+        if (tags != 'all' && tags.length === 0) {
+            throw Context.auth.error()
+        }
+        let scopeFilter: StamhoofdFilter|undefined = undefined;
+        if (tags !== 'all') {
+            // Add organization scope filter
+            scopeFilter = {
+                tags: {
+                    $in: tags
+                }
+            };
+        }
+        const query = SQL
+            .select(
+                SQL.wildcard('organizations')
+            )
+            .from(
+                SQL.table('organizations')
+            );
+        if (scopeFilter) {
+            query.where(compileToSQLFilter(scopeFilter, filterCompilers))
+        }
+        if (q.filter) {
+            query.where(compileToSQLFilter(q.filter, filterCompilers))
+        }
+        if (q.search) {
+            let searchFilter: StamhoofdFilter|null = null
+            // todo: auto detect e-mailaddresses and search on admins
+            searchFilter = {
+                name: {
+                    $contains: q.search
+                }
+            }
+            if (searchFilter) {
+                query.where(compileToSQLFilter(searchFilter, filterCompilers))
+            }
+        }
+        if (q instanceof LimitedFilteredRequest) {
+            if (q.pageFilter) {
+                query.where(compileToSQLFilter(q.pageFilter, filterCompilers))
+            }
+            query.orderBy(compileToSQLSorter(q.sort, sorters))
+            query.limit(q.limit)
+        }
+        return query
+    }
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        await Context.authenticate()
+        if (request.query.limit > 100) {
+            throw new SimpleError({
+                code: 'invalid_field',
+                field: 'limit',
+                message: 'Limit can not be more than 100'
+            })
+        }
+        if (request.query.limit < 1) {
+            throw new SimpleError({
+                code: 'invalid_field',
+                field: 'limit',
+                message: 'Limit can not be less than 1'
+            })
+        }
+        const data = await GetOrganizationsEndpoint.buildQuery(request.query).fetch()
+        const organizations = Organization.fromRows(data, 'organizations');
+        let next: LimitedFilteredRequest|undefined;
+        if (organizations.length >= request.query.limit) {
+            const lastObject = organizations[organizations.length - 1];
+            const nextFilter = getSortFilter(lastObject, sorters, request.query.sort);
+            next = new LimitedFilteredRequest({
+                filter: request.query.filter,
+                pageFilter: nextFilter,
+                sort: request.query.sort,
+                limit: request.query.limit,
+                search: request.query.search
+            })
+            if (JSON.stringify(nextFilter) === JSON.stringify(request.query.pageFilter)) {
+                console.error('Found infinite loading loop for', request.query);
+                next = undefined;
+            }
+        }
+        return new Response(
+            new PaginatedResponse<OrganizationStruct[], LimitedFilteredRequest>({
+                results: await AuthenticatedStructures.adminOrganizations(organizations),
+                next
+            })
+        );
+    }
+}

package/src/endpoints/admin/organizations/PatchOrganizationsEndpoint.ts ADDED Viewed

@@ -0,0 +1,171 @@
+import { AutoEncoderPatchType, Decoder, PatchableArrayAutoEncoder, PatchableArrayDecoder, StringDecoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { SimpleError } from "@simonbackx/simple-errors";
+import { Organization, OrganizationRegistrationPeriod, Platform } from '@stamhoofd/models';
+import { OrganizationMetaData, Organization as OrganizationStruct } from "@stamhoofd/structures";
+import { Context } from '../../../helpers/Context';
+import { AuthenticatedStructures } from '../../../helpers/AuthenticatedStructures';
+import { Formatter } from '@stamhoofd/utility';
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = PatchableArrayAutoEncoder<OrganizationStruct>
+type ResponseBody = OrganizationStruct[]
+export class PatchOrganizationsEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = new PatchableArrayDecoder(OrganizationStruct as Decoder<OrganizationStruct>, OrganizationStruct.patchType() as Decoder<AutoEncoderPatchType<OrganizationStruct>>, StringDecoder)
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "PATCH") {
+            return [false];
+        }
+        const params = Endpoint.parseParameters(request.url, "/admin/organizations", {});
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        await Context.authenticate()
+        if (!Context.auth.hasPlatformFullAccess()) {
+            throw Context.auth.error()
+        }
+        if (request.body.changes.length == 0) {
+            return new Response([]);
+        }
+        const result: Organization[] = [];
+        const platform = await Platform.getShared()
+        for (const id of request.body.getDeletes()) {
+            const organization = await Organization.getByID(id);
+            if (!organization) {
+                throw new SimpleError({ code: "not_found", message: "Organization not found", statusCode: 404 });
+            }
+            await organization.delete();
+        }
+        // Bulk tag editing
+        for (const patch of request.body.getPatches()) {
+            const organization = await Organization.getByID(patch.id);
+            if (!organization) {
+                throw new SimpleError({ code: "not_found", message: "Organization not found", statusCode: 404 });
+            }
+            if (patch.meta?.tags) {
+                const cleanedPatch = OrganizationMetaData.patch({
+                    tags: patch.meta.tags as any
+                })
+                const patchedMeta = organization.meta.patch(cleanedPatch);
+                for (const tag of patchedMeta.tags) {
+                    if (!platform.config.tags.find(t => t.id === tag)) {
+                        throw new SimpleError({ code: "invalid_tag", message: "Invalid tag", statusCode: 400 });
+                    }
+                }
+                // Sort tags based on platform config order
+                patchedMeta.tags.sort((a, b) => {
+                    const aIndex = platform.config.tags.findIndex(t => t.id === a);
+                    const bIndex = platform.config.tags.findIndex(t => t.id === b);
+                    return aIndex - bIndex;
+                })
+                organization.meta.tags = patchedMeta.tags;
+            }
+            await organization.save();
+            result.push(organization);
+        }
+        // Organization creation
+        for (const {put} of request.body.getPuts()) {
+            if (put.name.length < 4) {
+                if (put.name.length == 0) {
+                    throw new SimpleError({
+                        code: "invalid_field",
+                        message: "Should not be empty",
+                        human: "Je bent de naam van je organisatie vergeten in te vullen",
+                        field: "organization.name"
+                    })
+                }
+                throw new SimpleError({
+                    code: "invalid_field",
+                    message: "Field is too short",
+                    human: "Kijk de naam van je organisatie na, deze is te kort. Vul eventueel aan met de gemeente.",
+                    field: "organization.name"
+                })
+            }
+            const uri = put.uri || Formatter.slug(put.name);
+            if (uri.length > 100) {
+                throw new SimpleError({
+                    code: "invalid_field",
+                    message: "Field is too long",
+                    human: "De naam van de vereniging is te lang. Probeer de naam wat te verkorten en probeer opnieuw.",
+                    field: "organization.name"
+                })
+            }
+            const uriExists = await Organization.getByURI(uri);
+            if (uriExists) {
+                throw new SimpleError({
+                    code: "name_taken",
+                    message: "An organization with the same name already exists",
+                    human: "Er bestaat al een vereniging met dezelfde URI. Pas deze aan zodat deze uniek is, en controleer of deze vereniging niet al bestaat.",
+                    field: "name",
+                });
+            }
+            const alreadyExists = await Organization.getByURI(Formatter.slug(put.name));
+            if (alreadyExists) {
+                throw new SimpleError({
+                    code: "name_taken",
+                    message: "An organization with the same name already exists",
+                    human: "Er bestaat al een vereniging met dezelfde naam. Voeg bijvoorbeeld de naam van je gemeente toe.",
+                    field: "name",
+                });
+            }
+            const organization = new Organization();
+            organization.id = put.id;
+            organization.name = put.name;
+            organization.uri = put.uri;
+            organization.meta = put.meta
+            organization.address = put.address
+            if (put.privateMeta) {
+                organization.privateMeta = put.privateMeta
+            }
+            try {
+                await organization.save();
+            } catch (e) {
+                console.error(e);
+                throw new SimpleError({
+                    code: "creating_organization",
+                    message: "Something went wrong while creating the organization. Please try again later or contact us.",
+                    statusCode: 500
+                });
+            }
+            const organizationPeriod = new OrganizationRegistrationPeriod();
+            organizationPeriod.organizationId = organization.id;
+            organizationPeriod.periodId = (await Platform.getShared()).periodId
+            await organizationPeriod.save();
+            result.push(organization);
+        }
+        return new Response(await AuthenticatedStructures.adminOrganizations(result));
+    }
+}

package/src/endpoints/auth/CreateAdminEndpoint.ts ADDED Viewed

@@ -0,0 +1,137 @@
+import { Decoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { SimpleError } from "@simonbackx/simple-errors";
+import { Email } from '@stamhoofd/email';
+import { PasswordToken, User } from '@stamhoofd/models';
+import { User as UserStruct,UserPermissions } from "@stamhoofd/structures";
+import { Formatter } from '@stamhoofd/utility';
+import { Context } from '../../helpers/Context';
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = UserStruct
+type ResponseBody = UserStruct
+export class CreateAdminEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = UserStruct as Decoder<UserStruct>
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "POST") {
+            return [false];
+        }
+        const params = Endpoint.parseParameters(request.url, "/user", {});
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOptionalOrganizationScope();
+        const {user} = await Context.authenticate()
+        // Fast throw first (more in depth checking for patches later)
+        if (organization) {
+            if (!await Context.auth.canManageAdmins(organization.id)) {
+                throw Context.auth.error()
+            }
+        } else {
+            // Fast throw first (more in depth checking for patches later)
+            if (!Context.auth.canManagePlatformAdmins()) {
+                throw Context.auth.error()
+            }
+        }
+        // First check if a user exists with this email?
+        const existing = await User.getForRegister(organization?.id ?? null, request.body.email)
+        const admin = existing ?? (await User.createInvited(organization, {
+            firstName: request.body.firstName,
+            lastName: request.body.lastName,
+            email: request.body.email,
+            allowPlatform: true
+        }))
+        if (!admin) {
+            throw new SimpleError({
+                code: 'internal_error',
+                message: 'Something went wrong while creating the admin',
+                human: 'Er ging iets mis bij het aanmaken van dit account',
+                statusCode: 500
+            })
+        }
+        // Merge permissions
+        if (!request.body.permissions) {
+            throw new SimpleError({
+                code: 'missing_field',
+                message: 'When creating administrators, you are required to specify permissions in the request',
+                field: 'permissions'
+            })
+        }
+        if (organization) {
+            admin.permissions = UserPermissions.limitedPatch(admin.permissions, request.body.permissions, organization.id)
+        } else {
+            if (admin.permissions) {
+                admin.permissions.patchOrPut(request.body.permissions)
+            } else {
+                admin.permissions = request.body.permissions.isPut() ? request.body.permissions : null
+            }
+        }
+        if (!admin.firstName && request.body.firstName) {
+            // Allow setting the name if the user didn't had a name yet
+            admin.firstName = request.body.firstName
+        }
+        if (!admin.lastName && request.body.lastName) {
+            // Allow setting the name if the user didn't had a name yet
+            admin.lastName = request.body.lastName
+        }
+        await admin.save();
+        const { from, replyTo } = {
+            from: organization ? organization.getStrongEmail(request.i18n) : Email.getInternalEmailFor(request.i18n),
+            replyTo: undefined
+        }
+        // Create a password token that is valid for 7 days
+        const validUntil = new Date();
+        validUntil.setTime(validUntil.getTime() + 7 * 24 * 3600 * 1000);
+        const dateTime = Formatter.dateTime(validUntil)
+        const recoveryUrl = await PasswordToken.getPasswordRecoveryUrl(admin, organization, request.i18n, validUntil)
+        const name = organization?.name ?? request.i18n.t("shared.platformName")
+        const what = organization ? `de vereniging ${name} op ${request.i18n.t("shared.platformName")}` : `${request.i18n.t("shared.platformName")}`
+        if (admin.hasAccount()) {
+            const url = "https://"+(STAMHOOFD.domains.dashboard ?? "stamhoofd.app")+"/"+request.i18n.locale;
+            Email.send({
+                from,
+                replyTo,
+                to: admin.getEmailTo(),
+                subject: "✉️ Beheerder van "+name,
+                type: "transactional",
+                text: (admin.firstName ? "Dag "+admin.firstName : "Hallo") + `, \n\n${user.firstName ?? 'Iemand'} heeft je toegevoegd als beheerder van ${what}. Je kan inloggen met je bestaande account (${admin.email}) door te surfen naar:\n${url}\n\nDaar kan je jouw vereniging zoeken en aanklikken.\n\n----\n\nWeet je jouw wachtwoord niet meer? Dan kan je een nieuw wachtwoord instellen via de onderstaande link:\n`+recoveryUrl+"\n\nDeze link is geldig tot "+dateTime+".\n\nKen je deze vereniging niet? Dan kan je deze e-mail veilig negeren.\n\nMet vriendelijke groeten,\n"+request.i18n.t("shared.platformName")+"\n"
+            });
+        } else {
+            // Send email
+            Email.send({
+                from,
+                replyTo,
+                to: admin.getEmailTo(),
+                subject: "✉️ Uitnodiging beheerder van "+name,
+                type: "transactional",
+                text: (admin.firstName ? "Dag "+admin.firstName : "Hallo") + `, \n\n${user.firstName ?? 'Iemand'} heeft je uitgenodigd om beheerder te worden van ${what}. Je kan een account aanmaken door op de volgende link te klikken of door deze te kopiëren in de URL-balk van je browser:\n`+recoveryUrl+"\n\nDeze link is geldig tot "+dateTime+".\n\nKen je deze vereniging niet? Dan kan je deze e-mail veilig negeren.\n\nMet vriendelijke groeten,\n"+request.i18n.t("shared.platformName")+"\n"
+            });
+        }
+        return new Response(UserStruct.create({...admin, hasAccount: admin.hasAccount()}));
+    }
+}