@stamhoofd/backend 1.0.0

package/src/endpoints/global/email/ManageEmailAddressEndpoint.ts

@@ -0,0 +1,57 @@
+import { AutoEncoder, BooleanDecoder, Decoder, field, StringDecoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { SimpleError } from '@simonbackx/simple-errors';
+import { EmailAddress } from '@stamhoofd/email';
+
+type Params = Record<string, never>;
+type Query = undefined;
+
+class Body extends AutoEncoder {
+    @field({ decoder: StringDecoder })
+    id: string
+
+    @field({ decoder: StringDecoder })
+    token: string
+
+    @field({ decoder: BooleanDecoder, optional: true })
+    unsubscribedMarketing?: boolean
+
+    @field({ decoder: BooleanDecoder, optional: true })
+    unsubscribedAll?: boolean
+}
+
+type ResponseBody = undefined;
+
+export class ManageEmailAddressEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = Body as Decoder<Body>;
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "POST") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/email/manage", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const email = await EmailAddress.getByID(request.body.id)
+        if (!email || email.token !== request.body.token || request.body.token.length < 10 || request.body.id.length < 10) {
+            throw new SimpleError({
+                code: "invalid_fields",
+                message: "Invalid token or id",
+                human: "Deze link is vervallen. Probeer het opnieuw in een recentere e-mail"
+            })
+        }
+
+        email.unsubscribedAll = request.body.unsubscribedAll ?? email.unsubscribedAll
+        email.unsubscribedMarketing = request.body.unsubscribedMarketing ?? email.unsubscribedMarketing
+
+        await email.save()
+        return new Response(undefined);
+    }
+}

package/src/endpoints/global/files/UploadFile.ts

@@ -0,0 +1,147 @@
+
+import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
+import { SimpleError } from '@simonbackx/simple-errors';
+import { File } from '@stamhoofd/structures';
+import { Formatter } from '@stamhoofd/utility';
+import AWS from 'aws-sdk';
+import formidable from 'formidable';
+import { promises as fs } from "fs";
+import { v4 as uuidv4 } from "uuid";
+
+import { Context } from '../../../helpers/Context';
+
+type Params = Record<string, never>;
+type Query = {};
+type Body = undefined
+type ResponseBody = File
+
+
+interface FormidableFile {
+  // The size of the uploaded file in bytes.
+  // If the file is still being uploaded (see `'fileBegin'` event),
+  // this property says how many bytes of the file have been written to disk yet.
+  size: number;
+
+  // The path this file is being written to. You can modify this in the `'fileBegin'` event in
+  // case you are unhappy with the way formidable generates a temporary path for your files.
+  filepath: string;
+
+  // The name this file had according to the uploading client.
+  originalFilename: string | null;
+
+  // The mime type of this file, according to the uploading client.
+  mimetype: string | null;
+}
+
+export class UploadFile extends Endpoint<Params, Query, Body, ResponseBody> {    
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "POST") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/upload-file", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        await Context.setOptionalOrganizationScope()
+        await Context.authenticate();
+
+        if (!Context.auth.canUpload()) {
+            throw Context.auth.error()
+        }
+
+        if (!STAMHOOFD.SPACES_BUCKET || !STAMHOOFD.SPACES_ENDPOINT || !STAMHOOFD.SPACES_KEY || !STAMHOOFD.SPACES_SECRET) {
+            throw new SimpleError({
+                code: "not_available",
+                message: "This endpoint is temporarily not available",
+                statusCode: 503
+            })
+        }
+
+        if (!request.request.request) {
+            throw new Error("Not supported without real request")
+        }
+
+        const form = formidable({ maxFileSize: 20 * 1024 * 1024, maxFields: 1, keepExtensions: true });
+        const file = await new Promise<FormidableFile>((resolve, reject) => {
+            if (!request.request.request) {
+                reject(new SimpleError({
+                    code: "invalid_request",
+                    message: "Invalid request",
+                    statusCode: 500
+                }));
+                return;
+            }
+            form.parse(request.request.request, (err, fields, files) => {
+                if (err) {
+                    reject(err);
+                    return;
+                }
+
+                if (!files.file || !Array.isArray(files.file) || files.file.length !== 1){
+                    reject(new SimpleError({
+                        code: "missing_field",
+                        message: "Missing file",
+                        field: "file"
+                    }))
+                    return;
+                }
+               
+                resolve(files.file[0]);
+            });
+        });
+
+
+        if (!STAMHOOFD.SPACES_BUCKET || !STAMHOOFD.SPACES_ENDPOINT || !STAMHOOFD.SPACES_KEY || !STAMHOOFD.SPACES_SECRET) {
+            throw new SimpleError({
+                code: "not_available",
+                message: "Uploading is not available",
+                statusCode: 503
+            })
+        }
+
+        const fileContent = await fs.readFile(file.filepath);
+
+        const s3 = new AWS.S3({
+            endpoint: STAMHOOFD.SPACES_ENDPOINT,
+            accessKeyId: STAMHOOFD.SPACES_KEY,
+            secretAccessKey: STAMHOOFD.SPACES_SECRET
+        });
+
+        let prefix = (STAMHOOFD.SPACES_PREFIX ?? "")
+        if (prefix.length > 0) {
+            prefix += "/"
+        }
+        
+        // Also include the source, in private mode
+        const fileId = uuidv4();
+        const uploadExt = file.mimetype == "application/pdf" ? "pdf" : "pdf"
+        const filenameWithoutExt = file.originalFilename?.split(".").slice(0, -1).join(".") ?? fileId
+        const key = prefix+(STAMHOOFD.environment ?? "development")+"/"+fileId+"/" + (Formatter.slug(filenameWithoutExt) +"."+uploadExt);
+        const params = {
+            Bucket: STAMHOOFD.SPACES_BUCKET,
+            Key: key,
+            Body: fileContent, // TODO
+            ContentType: file.mimetype ?? "application/pdf",
+            ACL: "public-read"
+        };
+
+        const fileStruct = new File({
+            id: fileId,
+            server: "https://"+STAMHOOFD.SPACES_BUCKET+"."+STAMHOOFD.SPACES_ENDPOINT,
+            path: key,
+            size: fileContent.length,
+            name: file.originalFilename
+        });
+
+        await s3.putObject(params).promise();
+
+        return new Response(fileStruct);
+    }
+}

package/src/endpoints/global/files/UploadImage.ts

@@ -0,0 +1,119 @@
+
+import { Decoder, ObjectData } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
+import { SimpleError } from '@simonbackx/simple-errors';
+import { Image } from '@stamhoofd/models';
+import { Image as ImageStruct, ResolutionRequest } from '@stamhoofd/structures';
+import formidable from 'formidable';
+import { promises as fs } from "fs";
+
+import { Context } from '../../../helpers/Context';
+
+type Params = Record<string, never>;
+type Query = {};
+type Body = undefined
+type ResponseBody = ImageStruct
+
+interface FormidableFile {
+  // The size of the uploaded file in bytes.
+  // If the file is still being uploaded (see `'fileBegin'` event),
+  // this property says how many bytes of the file have been written to disk yet.
+  size: number;
+
+  // The path this file is being written to. You can modify this in the `'fileBegin'` event in
+  // case you are unhappy with the way formidable generates a temporary path for your files.
+  filepath: string;
+
+  // The name this file had according to the uploading client.
+  originalFilename: string | null;
+
+  // The mime type of this file, according to the uploading client.
+  mimetype: string | null;
+}
+
+export class UploadImage extends Endpoint<Params, Query, Body, ResponseBody> {    
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "POST") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/upload-image", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        await Context.setOptionalOrganizationScope()
+        await Context.authenticate();
+
+        if (!Context.auth.canUpload()) {
+            throw Context.auth.error()
+        }
+
+        if (!STAMHOOFD.SPACES_BUCKET || !STAMHOOFD.SPACES_ENDPOINT || !STAMHOOFD.SPACES_KEY || !STAMHOOFD.SPACES_SECRET) {
+            throw new SimpleError({
+                code: "not_available",
+                message: "This endpoint is temporarily not available",
+                statusCode: 503
+            })
+        }
+
+        if (!request.request.request) {
+            throw new Error("Not supported without real request")
+        }
+
+        const form = formidable({ 
+            maxFileSize: 5 * 1024 * 1024, 
+            keepExtensions: true, 
+            maxFiles: 1 
+        });
+
+        const [file, resolutions] = await new Promise<[FormidableFile, ResolutionRequest[]]>((resolve, reject) => {
+            if (!request.request.request) {
+                reject(new SimpleError({
+                    code: "invalid_request",
+                    message: "Invalid request",
+                    statusCode: 500
+                }));
+                return;
+            }
+
+            form.parse(request.request.request, (err, fields, files) => {
+                if (err) {
+                    reject(err);
+                    return;
+                }
+                if (!fields.resolutions || !Array.isArray(fields.resolutions) || fields.resolutions.length !== 1){
+                    reject(new SimpleError({
+                        code: "missing_field",
+                        message: "Field resolutions is required",
+                        field: "resolutions"
+                    }))
+                    return;
+                }
+                if (!files.file || !Array.isArray(files.file) || files.file.length !== 1){
+                    reject(new SimpleError({
+                        code: "missing_field",
+                        message: "Missing file",
+                        field: "file"
+                    }))
+                    return;
+                }
+                try {   
+                    const resolutions = new ObjectData(JSON.parse(fields.resolutions[0]), { version: request.request.getVersion() }).array(ResolutionRequest as Decoder<ResolutionRequest>)
+                    resolve([files.file[0], resolutions]);
+                } catch (e) {
+                    reject(e)
+                }
+            });
+        });
+
+        const fileContent = await fs.readFile(file.filepath);
+        const image = await Image.create(fileContent, file.mimetype ?? undefined, resolutions)
+        return new Response(ImageStruct.create(image));
+    }
+}

package/src/endpoints/global/members/GetMemberFamilyEndpoint.ts

@@ -0,0 +1,76 @@
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { Member, MemberWithRegistrations } from "@stamhoofd/models";
+
+import { MembersBlob } from "@stamhoofd/structures";
+import { AuthenticatedStructures } from "../../../helpers/AuthenticatedStructures";
+import { Context } from "../../../helpers/Context";
+type Params = { id: string };
+type Query = undefined
+type Body = undefined
+type ResponseBody = MembersBlob
+
+/**
+ * One endpoint to create, patch and delete groups. Usefull because on organization setup, we need to create multiple groups at once. Also, sometimes we need to link values and update multiple groups at once
+ */
+
+export class GetMemberFamilyEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/organization/members/@id/family", { id: String});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOptionalOrganizationScope();
+        await Context.authenticate()
+
+        // Fast throw first (more in depth checking for patches later)
+        if (organization) {
+            if (!await Context.auth.hasSomeAccess(organization.id)) {
+                throw Context.auth.error()
+            }  
+        } else {
+            if (!Context.auth.hasSomePlatformAccess()) {
+                throw Context.auth.error()
+            }
+        }
+
+        const members = (await Member.getFamilyWithRegistrations(request.params.id))
+
+        let foundMember = false
+
+        const validatedMembers: MemberWithRegistrations[] = []
+
+        for (const member of members) {
+            if (member.id === request.params.id) {
+                foundMember = true;
+
+                // Check access to this member (this will automatically give access to the family)
+                if (!await Context.auth.canAccessMember(member)) {
+                    throw Context.auth.error("Je hebt geen toegang tot dit lid")
+                }
+                validatedMembers.push(member)
+                continue;
+            }
+            if (await Context.auth.canAccessMember(member)) {
+                // Remove from result
+                validatedMembers.push(member)
+            }
+        }
+
+        if (!foundMember) {
+            throw Context.auth.error("Je hebt geen toegang tot dit lid")
+        }
+
+        return new Response(
+            await AuthenticatedStructures.membersBlob(validatedMembers)
+        );
+    }
+}

package/src/endpoints/global/members/GetMembersCountEndpoint.ts

@@ -0,0 +1,43 @@
+import { Decoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
+import { CountFilteredRequest, CountResponse } from '@stamhoofd/structures';
+
+import { Context } from '../../../helpers/Context';
+import { GetMembersEndpoint } from './GetMembersEndpoint';
+
+type Params = Record<string, never>;
+type Query = CountFilteredRequest;
+type Body = undefined;
+type ResponseBody = CountResponse;
+
+export class GetMembersCountEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    queryDecoder = CountFilteredRequest as Decoder<CountFilteredRequest>
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/members/count", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        await Context.setOptionalOrganizationScope();
+        await Context.authenticate()
+        const query = await GetMembersEndpoint.buildQuery(request.query)
+        
+        const count = await query
+            .count();
+
+        return new Response(
+            CountResponse.create({
+                count
+            })
+        );
+    }
+}