@stamhoofd/backend 2.86.0 → 2.87.1

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@stamhoofd/backend",
-    "version": "2.86.0",
+    "version": "2.87.1",
     "main": "./dist/index.js",
     "exports": {
         ".": {
@@ -23,7 +23,7 @@
         "lint": "eslint"
     },
     "devDependencies": {
-        "@types/cookie": "^0.5.1",
+        "@types/cookie": "^0.6.0",
         "@types/luxon": "3.4.2",
         "@types/mailparser": "3.4.4",
         "@types/mysql": "^2.15.20",
@@ -44,17 +44,17 @@
         "@simonbackx/simple-encoding": "2.22.0",
         "@simonbackx/simple-endpoints": "1.20.1",
         "@simonbackx/simple-logging": "^1.0.1",
-        "@stamhoofd/backend-i18n": "2.86.0",
-        "@stamhoofd/backend-middleware": "2.86.0",
-        "@stamhoofd/email": "2.86.0",
-        "@stamhoofd/models": "2.86.0",
-        "@stamhoofd/queues": "2.86.0",
-        "@stamhoofd/sql": "2.86.0",
-        "@stamhoofd/structures": "2.86.0",
-        "@stamhoofd/utility": "2.86.0",
+        "@stamhoofd/backend-i18n": "2.87.1",
+        "@stamhoofd/backend-middleware": "2.87.1",
+        "@stamhoofd/email": "2.87.1",
+        "@stamhoofd/models": "2.87.1",
+        "@stamhoofd/queues": "2.87.1",
+        "@stamhoofd/sql": "2.87.1",
+        "@stamhoofd/structures": "2.87.1",
+        "@stamhoofd/utility": "2.87.1",
         "archiver": "^7.0.1",
         "axios": "^1.8.2",
-        "cookie": "^0.5.0",
+        "cookie": "^0.7.0",
         "formidable": "3.5.4",
         "handlebars": "^4.7.7",
         "jsonwebtoken": "9.0.0",
@@ -69,5 +69,5 @@
     "publishConfig": {
         "access": "public"
     },
-    "gitHead": "e7db435d283a81bee4f7d26c2ccc61ee1df0524c"
+    "gitHead": "a9a8e07e38224fe34e805e400b1a46d5c286a10a"
 }

package/src/crons/delete-old-email-drafts.ts

@@ -0,0 +1,37 @@
+import { registerCron } from '@stamhoofd/crons';
+import { Email } from '@stamhoofd/models';
+import { EmailStatus } from '@stamhoofd/structures';
+
+let lastRunDate: number | null = null;
+
+registerCron('deleteOldEmailDrafts', deleteOldEmailDrafts);
+
+/**
+ * Run every night at 5 AM.
+ */
+export async function deleteOldEmailDrafts() {
+    const now = new Date();
+
+    if (now.getDate() === lastRunDate) {
+        return;
+    }
+
+    const hour = now.getHours();
+
+    // between 5 and 6 AM
+    if (hour !== 5 && STAMHOOFD.environment !== 'development') {
+        return;
+    }
+
+    // Clear old email drafts older than 7 days
+    const sevenDaysAgo = new Date(now.getTime() - 7 * 24 * 60 * 60 * 1000);
+    const result = await Email.delete()
+        .where('status', EmailStatus.Draft)
+        .where('createdAt', '<', sevenDaysAgo)
+        .where('updatedAt', '<', sevenDaysAgo)
+        .where('sentAt', null);
+
+    console.log(`Deleted ${result.affectedRows} old email drafts.`);
+
+    lastRunDate = now.getDate();
+}

package/src/crons/endFunctionsOfUsersWithoutRegistration.ts

@@ -1,8 +1,12 @@
 import { registerCron } from '@stamhoofd/crons';
 import { FlagMomentCleanup } from '../helpers/FlagMomentCleanup';
 
-let lastCleanupYear: number = -1;
-let lastCleanupMonth: number = -1;
+// Only delete responsibilities when the server is running during a month change.
+// Chances are almost zero that we reboot during a month change
+// Running on every reboot also would have unintended consequences
+const now = new Date();
+let lastCleanupYear: number = now.getFullYear();
+let lastCleanupMonth: number = now.getMonth();
 
 registerCron('endFunctionsOfUsersWithoutRegistration', endFunctionsOfUsersWithoutRegistration);
 

package/src/crons/index.ts

@@ -3,3 +3,4 @@ import './clearExcelCache.js';
 import './endFunctionsOfUsersWithoutRegistration.js';
 import './update-cached-balances.js';
 import './balance-emails.js';
+import './delete-old-email-drafts.js';

package/src/endpoints/global/files/UploadFile.ts

@@ -135,40 +135,9 @@ export class UploadFile extends Endpoint<Params, Query, Body, ResponseBody> {
 
         // Also include the source, in private mode
         const fileId = uuidv4();
-        let uploadExt = '';
-
-        switch (file.mimetype?.toLocaleLowerCase()) {
-            case 'image/jpeg':
-            case 'image/jpg':
-                uploadExt = 'jpg';
-                break;
-            case 'image/png':
-                uploadExt = 'png';
-                break;
-            case 'image/gif':
-                uploadExt = 'gif';
-                break;
-            case 'image/webp':
-                uploadExt = 'webp';
-                break;
-            case 'image/svg+xml':
-                uploadExt = 'svg';
-                break;
-            case 'application/pdf':
-                uploadExt = 'pdf';
-                break;
-            case 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet':
-            case 'application/vnd.ms-excel':
-                uploadExt = 'xlsx';
-                break;
-
-            case 'application/vnd.openxmlformats-officedocument.wordprocessingml.document':
-            case 'application/msword':
-                uploadExt = 'docx';
-                break;
-        }
+        const uploadExt = File.contentTypeToExtension(file.mimetype ?? '') ?? '';
 
-        const filenameWithoutExt = file.originalFilename?.split('.').slice(0, -1).join('.') ?? fileId;
+        const filenameWithoutExt = file.originalFilename ? File.removeExtension(file.originalFilename) : fileId;
         const key = prefix + fileId + '/' + (Formatter.slug(filenameWithoutExt) + (uploadExt ? ('.' + uploadExt) : ''));
 
         const fileStruct = new File({
@@ -178,6 +147,7 @@ export class UploadFile extends Endpoint<Params, Query, Body, ResponseBody> {
             size: fileContent.length,
             name: file.originalFilename,
             isPrivate: request.query.isPrivate,
+            contentType: file.mimetype ?? null,
         });
 
         // Generate an upload signature for this file if it is private
@@ -196,7 +166,7 @@ export class UploadFile extends Endpoint<Params, Query, Body, ResponseBody> {
             Bucket: STAMHOOFD.SPACES_BUCKET,
             Key: key,
             Body: fileContent,
-            ContentType: file.mimetype ?? 'application/pdf',
+            ContentType: file.mimetype ?? 'application/octet-stream',
             ACL: request.query.isPrivate ? 'private' : 'public-read',
         });
         await Image.getS3Client().send(cmd);

package/src/endpoints/global/members/GetMembersEndpoint.ts

@@ -286,6 +286,7 @@ export class GetMembersEndpoint extends Endpoint<Params, Query, Body, ResponseBo
 
         for (const member of members) {
             if (!await Context.auth.canAccessMember(member, permissionLevel)) {
+                console.error('Unexpected member returned', member.id, requestQuery, query.getSQL());
                 throw Context.auth.error();
             }
         }

package/src/endpoints/global/organizations/CreateOrganizationEndpoint.ts

@@ -1,8 +1,8 @@
 import { Decoder } from '@simonbackx/simple-encoding';
 import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
 import { SimpleError } from '@simonbackx/simple-errors';
-import { EmailVerificationCode, Organization, User } from '@stamhoofd/models';
-import { CreateOrganization, PermissionLevel, Permissions, SignupResponse, UserPermissions } from '@stamhoofd/structures';
+import { EmailVerificationCode, Organization, RegistrationPeriod, User } from '@stamhoofd/models';
+import { CreateOrganization, PermissionLevel, Permissions, RegistrationPeriodSettings, SignupResponse, UserPermissions } from '@stamhoofd/structures';
 import { Formatter } from '@stamhoofd/utility';
 
 type Params = Record<string, never>;
@@ -85,6 +85,16 @@ export class CreateOrganizationEndpoint extends Endpoint<Params, Query, Body, Re
         organization.address = request.body.organization.address;
         organization.privateMeta.acquisitionTypes = request.body.organization.privateMeta?.acquisitionTypes ?? [];
 
+        const period = new RegistrationPeriod();
+
+        // WIP
+        period.settings = RegistrationPeriodSettings.create({});
+        period.startDate = new Date();
+        period.endDate = new Date(Date.now() + 1000 * 60 * 60 * 24 * 31); // 1 month
+
+        await period.save();
+        organization.periodId = period.id;
+
         try {
             await organization.save();
         }
@@ -96,6 +106,8 @@ export class CreateOrganizationEndpoint extends Endpoint<Params, Query, Body, Re
                 statusCode: 500,
             });
         }
+        period.organizationId = organization.id;
+        await period.save();
 
         const user = await User.register(
             organization,

package/src/endpoints/organization/dashboard/registration-periods/PatchOrganizationRegistrationPeriodsEndpoint.ts

@@ -294,8 +294,8 @@ export class PatchOrganizationRegistrationPeriodsEndpoint extends Endpoint<Param
             });
         }
 
-        const maximumStart = 1000 * 60 * 60 * 24 * 31 * 2; // 2 months in advance
-        if (STAMHOOFD.environment !== 'development' && period.startDate > new Date(Date.now() + maximumStart)) {
+        const maximumStart = 1000 * 60 * 60 * 24 * 31 * 8; // 8 months in advance
+        if (period.startDate > new Date(Date.now() + maximumStart)) {
             throw new SimpleError({
                 code: 'invalid_field',
                 message: 'Period start date is too far in the future',

package/src/helpers/AdminPermissionChecker.ts

@@ -181,8 +181,10 @@ export class AdminPermissionChecker {
         const organization = await this.getOrganization(group.organizationId);
 
         if (group.periodId !== organization.periodId) {
-            if (!await this.hasFullAccess(group.organizationId)) {
-                return false;
+            if (STAMHOOFD.userMode === 'organization' || group.periodId !== this.platform.period.id) {
+                if (!await this.hasFullAccess(group.organizationId)) {
+                    return false;
+                }
             }
         }
 
@@ -940,7 +942,7 @@ export class AdminPermissionChecker {
     /**
      * Return a list of RecordSettings the current user can view or edit
      */
-    async hasFinancialMemberAccess(member: MemberWithRegistrations, level: PermissionLevel = PermissionLevel.Read): Promise<boolean> {
+    async hasFinancialMemberAccess(member: MemberWithRegistrations, level: PermissionLevel = PermissionLevel.Read, organizationId?: string): Promise<boolean> {
         const isUserManager = this.isUserManager(member);
 
         if (isUserManager && level === PermissionLevel.Read) {
@@ -959,11 +961,19 @@ export class AdminPermissionChecker {
                 organizations.push(await this.getOrganization(member.organizationId));
             }
         }
-
-        for (const registration of member.registrations) {
-            if (this.checkScope(registration.organizationId)) {
-                if (!organizations.find(o => o.id === registration.organizationId)) {
-                    organizations.push(await this.getOrganization(registration.organizationId));
+        else {
+            if (organizationId) {
+                if (this.checkScope(organizationId)) {
+                    organizations.push(await this.getOrganization(organizationId));
+                }
+            }
+            else {
+                for (const registration of member.registrations) {
+                    if (this.checkScope(registration.organizationId)) {
+                        if (!organizations.find(o => o.id === registration.organizationId)) {
+                            organizations.push(await this.getOrganization(registration.organizationId));
+                        }
+                    }
                 }
             }
         }

package/src/helpers/AuthenticatedStructures.ts

@@ -400,6 +400,10 @@ export class AuthenticatedStructures {
             await BalanceItemService.flushCaches(Context.organization.id);
         }
         const balances = await CachedBalance.getForObjects(registrationIds, null);
+        const memberIds = members.map(m => m.id);
+        const allMemberBalances = Context.organization
+            ? (await CachedBalance.getForObjects(memberIds, Context.organization.id))
+            : [];
 
         if (includeUser) {
             for (const organizationId of includeUser.permissions?.organizationPermissions.keys() ?? []) {
@@ -451,15 +455,27 @@ export class AuthenticatedStructures {
                 }
             }
             member.registrations = member.registrations.filter(r => (Context.auth.organization && Context.auth.organization.active && r.organizationId === Context.auth.organization.id) || (organizations.get(r.organizationId)?.active ?? false));
-            const balancesPermission = await Context.auth.hasFinancialMemberAccess(member, PermissionLevel.Read);
+            const balancesPermission = await Context.auth.hasFinancialMemberAccess(member, PermissionLevel.Read, Context.organization?.id);
+
+            let memberBalances: GenericBalance[] = [];
+
+            if (balancesPermission && Context.organization) {
+                // Only return balances if in an organization scope and you have permission for the finances of that specific organization AND member
+                memberBalances = allMemberBalances
+                    .filter(b => member.id === b.objectId && b.objectType === ReceivableBalanceType.member)
+                    .map((b) => {
+                        return GenericBalance.create(b);
+                    });
+            }
 
             const blob = MemberWithRegistrationsBlob.create({
                 ...member,
+                balances: memberBalances,
                 registrations: member.registrations.map((r) => {
                     const base = r.getStructure();
 
                     base.balances = balancesPermission
-                        ? (balances.filter(b => r.id === b.objectId).map((b) => {
+                        ? (balances.filter(b => r.id === b.objectId && b.objectType === ReceivableBalanceType.registration).map((b) => {
                                 return GenericBalance.create(b);
                             }))
                         : [];
@@ -579,7 +595,6 @@ export class AuthenticatedStructures {
 
             return RegistrationWithMemberBlob.create({
                 ...registration,
-                balances: memberBlob.registrations.find(r => r.id === registration.id)?.balances ?? [],
                 member: memberBlob,
             });
         });
@@ -874,15 +889,15 @@ export class AuthenticatedStructures {
 
                             ...((member.details.defaultAge <= 18 || member.details.getMemberEmails().length === 0)
                                 ? member.details.parents.filter(p => p.getEmails().length > 0).map(p => ReceivableBalanceObjectContact.create({
-                                    firstName: p.firstName ?? '',
-                                    lastName: p.lastName ?? '',
-                                    emails: p.getEmails(),
-                                    meta: {
-                                        type: 'parent',
-                                        responsibilityIds: [],
-                                        url,
-                                    },
-                                }))
+                                        firstName: p.firstName ?? '',
+                                        lastName: p.lastName ?? '',
+                                        emails: p.getEmails(),
+                                        meta: {
+                                            type: 'parent',
+                                            responsibilityIds: [],
+                                            url,
+                                        },
+                                    }))
                                 : []),
                         ],
                     });
@@ -917,15 +932,15 @@ export class AuthenticatedStructures {
 
                             ...((member.details.defaultAge <= 18 || member.details.getMemberEmails().length === 0)
                                 ? member.details.parents.filter(p => p.getEmails().length > 0).map(p => ReceivableBalanceObjectContact.create({
-                                    firstName: p.firstName ?? '',
-                                    lastName: p.lastName ?? '',
-                                    emails: p.getEmails(),
-                                    meta: {
-                                        type: 'parent',
-                                        responsibilityIds: [],
-                                        url,
-                                    },
-                                }))
+                                        firstName: p.firstName ?? '',
+                                        lastName: p.lastName ?? '',
+                                        emails: p.getEmails(),
+                                        meta: {
+                                            type: 'parent',
+                                            responsibilityIds: [],
+                                            url,
+                                        },
+                                    }))
                                 : []),
                         ],
                     });

package/src/helpers/FlagMomentCleanup.ts

@@ -1,6 +1,7 @@
-import { Group, MemberResponsibilityRecord, Platform, Registration } from '@stamhoofd/models';
-import { SQL, SQLWhereExists, SQLWhereSign } from '@stamhoofd/sql';
+import { Group, Member, MemberResponsibilityRecord, Platform, Registration } from '@stamhoofd/models';
+import { SQL, SQLWhereExists } from '@stamhoofd/sql';
 import { GroupType } from '@stamhoofd/structures';
+import { MemberUserSyncer } from './MemberUserSyncer';
 
 export class FlagMomentCleanup {
     /**
@@ -16,6 +17,11 @@ export class FlagMomentCleanup {
             responsibility.endDate = now;
             await responsibility.save();
             console.log(`Ended responsibility with id ${responsibility.id}`);
+
+            const member = await Member.getByID(responsibility.memberId);
+            if (member) {
+                await MemberUserSyncer.onChangeMember(member);
+            }
         }));
     }
 
@@ -50,9 +56,15 @@ export class FlagMomentCleanup {
                         ).where(
                             SQL.column(Registration.table, 'deactivatedAt'),
                             null,
+                        ).whereNot(
+                            SQL.column(Registration.table, 'registeredAt'),
+                            null,
                         ).where(
                             SQL.column(Group.table, 'type'),
                             GroupType.Membership,
+                        ).where(
+                            SQL.column(Group.table, 'deletedAt'),
+                            null,
                         ),
                 ),
             )

package/src/seeds/1751445358-upload-email-attachments.ts

@@ -0,0 +1,106 @@
+import { PutObjectCommand } from '@aws-sdk/client-s3';
+import { Migration } from '@simonbackx/simple-database';
+import { SimpleError } from '@simonbackx/simple-errors';
+import { logger } from '@simonbackx/simple-logging';
+import { Email, Image } from '@stamhoofd/models';
+import { File } from '@stamhoofd/structures';
+import { Formatter } from '@stamhoofd/utility';
+import { v4 as uuidv4 } from 'uuid';
+
+/**
+ * Replace all base64 email attachments with file attachments.
+ */
+export default new Migration(async () => {
+    if (STAMHOOFD.environment == 'test') {
+        console.log('skipped in tests');
+        return;
+    }
+
+    process.stdout.write('\n');
+    let c = 0;
+
+    await logger.setContext({ tags: ['seed'] }, async () => {
+        for await (const email of Email.select().limit(10).all()) {
+            let save = false;
+            for (const attachment of email.attachments) {
+                if (attachment.content) {
+                    try {
+                        console.log('Uploading base64 attachment for email ' + email.id);
+                        save = true;
+
+                        let prefix = (STAMHOOFD.SPACES_PREFIX ?? '');
+                        if (prefix.length > 0) {
+                            prefix += '/';
+                        }
+
+                        prefix += (STAMHOOFD.environment ?? 'development') === 'development' ? ('development/') : ('');
+                        // Prepend user id to the file path
+                        // Private files
+                        if (email.userId) {
+                            prefix += 'users/' + email.userId + '/';
+                        }
+                        else {
+                            // Public files
+                            prefix += 'p/';
+                        }
+
+                        const fileContent = Buffer.from(attachment.content, 'base64');
+
+                        const fileId = uuidv4();
+                        const uploadExt = File.contentTypeToExtension(attachment.contentType ?? '') ?? '';
+                        const filenameWithoutExt = File.removeExtension(attachment.filename);
+                        const key = prefix + fileId + '/' + (Formatter.slug(filenameWithoutExt) + (uploadExt ? ('.' + uploadExt) : ''));
+
+                        const fileStruct = new File({
+                            id: fileId,
+                            server: 'https://' + STAMHOOFD.SPACES_BUCKET + '.' + STAMHOOFD.SPACES_ENDPOINT,
+                            path: key,
+                            size: fileContent.length,
+                            name: attachment.filename,
+                            isPrivate: true,
+                            contentType: attachment.contentType ?? null,
+                        });
+
+                        // Generate an upload signature for this file if it is private
+                        if (!await fileStruct.sign()) {
+                            throw new SimpleError({
+                                code: 'failed_to_sign',
+                                message: 'Failed to sign file',
+                                statusCode: 500,
+                            });
+                        }
+
+                        const cmd = new PutObjectCommand({
+                            Bucket: STAMHOOFD.SPACES_BUCKET,
+                            Key: key,
+                            Body: fileContent,
+                            ContentType: attachment.contentType ?? 'application/octet-stream',
+                            ACL: 'private',
+                        });
+                        await Image.getS3Client().send(cmd);
+
+                        console.log('Successfully uploaded base64 attachment for email ' + email.id + ' as file ' + fileStruct.id);
+
+                        attachment.file = fileStruct;
+                        attachment.content = null; // Clear the base64 content
+                    }
+                    catch (e) {
+                        console.error('Failed to upload base64 attachment for email ' + email.id, e);
+                        continue; // Skip this email if it fails
+                    }
+                }
+            }
+
+            if (save) {
+                await email.save();
+                c++;
+                process.stdout.write('.');
+            }
+        }
+    });
+
+    console.log('\nUpdated attachments for ' + c + ' emails');
+
+    // Do something here
+    return Promise.resolve();
+});

package/src/services/EventNotificationService.ts

@@ -152,7 +152,7 @@ export class EventNotificationService {
             }),
             Replacement.create({
                 token: 'reviewUrl',
-                value: forReviewers ? Context.i18n.localizedDomains.adminUrl + '/kampmeldingen/' + encodeURIComponent(notification.id) : (events.length === 0 ? organization.getBaseStructure().dashboardUrl : (organization.getBaseStructure().dashboardUrl + '/activiteiten/' + events[0].id + '/' + Formatter.slug(type.title))),
+                value: forReviewers ? Context.i18n.localizedDomains.adminUrl() + '/kampmeldingen/' + encodeURIComponent(notification.id) : (events.length === 0 ? organization.getBaseStructure().dashboardUrl : (organization.getBaseStructure().dashboardUrl + '/activiteiten/' + events[0].id + '/' + Formatter.slug(type.title))),
             }),
             Replacement.create({
                 token: 'dateRange',

package/src/sql-filters/members.ts

@@ -170,7 +170,11 @@ export const memberFilterCompilers: SQLFilterDefinitions = {
                 SQL.column('groups', 'deletedAt'),
                 null,
             ),
-        baseRegistrationFilterCompilers,
+        {
+            ...baseRegistrationFilterCompilers,
+            // Override the registration periodId - can be outdated - and always use the group periodId
+            periodId: createSQLColumnFilterCompiler(SQL.column('groups', 'periodId')),
+        },
     ),
     'responsibilities': createSQLRelationFilterCompiler(
         SQL.select()