@stamhoofd/models 2.1.1

package/src/models/StripeAccount.ts

@@ -0,0 +1,71 @@
+/* eslint-disable @typescript-eslint/no-unsafe-argument */
+import { column, Model } from '@simonbackx/simple-database';
+import { Requirements, StripeBusinessProfile, StripeCompany, StripeMetaAccountSettings, StripeMetaData } from '@stamhoofd/structures';
+import { v4 as uuidv4 } from "uuid";
+
+/**
+ * Keeps track of how much a member/user owes or needs to be reimbursed.
+ */
+export class StripeAccount extends Model {
+    static table = "stripe_accounts"
+
+    @column({
+        primary: true, type: "string", beforeSave(value) {
+            return value ?? uuidv4();
+        }
+    })
+    id!: string;
+
+    @column({ type: "string" })
+    organizationId: string
+
+    @column({ type: "string" })
+    accountId: string
+
+    @column({ type: "json", decoder: StripeMetaData })
+    meta = StripeMetaData.create({})
+
+    @column({ type: "string" })
+    status: 'active' | 'deleted' = 'active'
+
+    @column({
+        type: "datetime", beforeSave(old?: any) {
+            if (old !== undefined) {
+                return old;
+            }
+            const date = new Date()
+            date.setMilliseconds(0)
+            return date
+        }
+    })
+    createdAt: Date
+
+    @column({
+        type: "datetime", beforeSave() {
+            const date = new Date()
+            date.setMilliseconds(0)
+            return date
+        },
+        skipUpdate: true
+    })
+    updatedAt: Date
+
+    setMetaFromStripeAccount(account: any) {
+        this.meta = StripeMetaData.create({
+            type: account.type ?? 'express',
+            blob: account,
+            business_profile: StripeBusinessProfile.create(!account.business_profile?.name ? {...account.business_profile, name: ''} : account.business_profile),
+            business_type: account.business_type ?? this.meta.business_type ?? null,
+            company: account.company ? StripeCompany.create(account.company) : (this.meta.company ?? null),
+            charges_enabled: account.charges_enabled,
+            payouts_enabled: account.payouts_enabled,
+            details_submitted: account.details_submitted,
+            capabilities: account.capabilities,
+            requirements: Requirements.create(account.requirements),
+            future_requirements: Requirements.create(account.future_requirements),
+            settings: StripeMetaAccountSettings.create(account.settings),
+            bank_account_last4: account.external_accounts?.data[0]?.last4 ?? this.meta.bank_account_last4 ?? "",
+            bank_account_bank_name: account.external_accounts?.data[0]?.bank_name ?? this.meta.bank_account_bank_name ?? "",
+        });
+    }
+}

package/src/models/StripeCheckoutSession.ts

@@ -0,0 +1,22 @@
+import { column,Model } from "@simonbackx/simple-database";
+import { v4 as uuidv4 } from "uuid";
+
+export class StripeCheckoutSession extends Model {
+    static table = "stripe_checkout_sessions";
+
+    @column({
+        primary: true, type: "string", beforeSave(value) {
+            return value ?? uuidv4();
+        }
+    })
+    id!: string;
+
+    @column({ type: "string" })
+    paymentId: string;
+
+    @column({ type: "string" })
+    stripeSessionId: string;
+
+    @column({ type: "string", nullable: true })
+    organizationId: string | null = null;
+}

package/src/models/StripePaymentIntent.ts

@@ -0,0 +1,22 @@
+import { column,Model } from "@simonbackx/simple-database";
+import { v4 as uuidv4 } from "uuid";
+
+export class StripePaymentIntent extends Model {
+    static table = "stripe_payment_intents";
+
+    @column({
+        primary: true, type: "string", beforeSave(value) {
+            return value ?? uuidv4();
+        }
+    })
+    id!: string;
+
+    @column({ type: "string" })
+    paymentId: string;
+
+    @column({ type: "string" })
+    stripeIntentId: string;
+
+    @column({ type: "string", nullable: true })
+    organizationId: string | null = null;
+}

package/src/models/Ticket.ts

@@ -0,0 +1,145 @@
+import { column, ManyToOneRelation, Model } from "@simonbackx/simple-database";
+import { CartReservedSeat } from "@stamhoofd/structures";
+import basex from "base-x";
+import crypto from "crypto";
+import { v4 as uuidv4 } from "uuid";
+
+import { Order, Organization, Webshop } from './';
+
+// Note: 0 and O is removed to prevent typing it in wrong
+const ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZ'
+const bs58 = basex(ALPHABET)
+
+async function randomBytes(size: number): Promise<Buffer> {
+    return new Promise((resolve, reject) => {
+        crypto.randomBytes(size, (err: Error | null, buf: Buffer) => {
+            if (err) {
+                reject(err);
+                return;
+            }
+            resolve(buf);
+        });
+    });
+}
+
+/**
+ * Use this method when you don't need access to the items of an order.
+ * This avoids the select in the database, saving some bytes in network communication 
+ * (especially needed when clients requests all the changed tickets)
+ */
+export class Ticket extends Model {
+    static table = "webshop_tickets";
+
+    // Columns
+    @column({
+        primary: true, type: "string", beforeSave(value) {
+            return value ?? uuidv4();
+        }
+    })
+    id!: string;
+
+    /**
+     * Unique per webshop. Used for lookups
+     */
+    @column({ type: "string", async beforeSave(value) {
+        return value ?? bs58.encode(await randomBytes(10));
+    } })
+    secret!: string
+
+
+    @column({ foreignKey: Ticket.organization, type: "string" })
+    organizationId: string;
+
+    @column({ foreignKey: Ticket.webshop, type: "string" })
+    webshopId: string;
+
+    /**
+     * Important note: access to a ticket doesn't guarantee access to an order
+     * because one person could buy 10 tickets and share them with friends.
+     * The order details should remain private to a ticket holder except for the item details
+     * + also the orderID should remain private for the holder (since this provides access via URL, need to add a secret here)
+     */
+    @column({ foreignKey: Ticket.order, type: "string" })
+    orderId: string
+
+    /**
+     * null = whole order
+     */
+    @column({ type: "string", nullable: true })
+    itemId: string | null = null
+
+    /**
+     * If multiple items are made for the same product, this contains the index
+     */
+    @column({ type: "number" })
+    index = 0
+
+    /**
+     * total items with index
+     */
+    @column({ type: "number" })
+    total = 0
+
+    /**
+     * If multiple items are made for the same product, this contains the index
+     */
+    @column({ type: "json", nullable: true, decoder: CartReservedSeat })
+    seat: CartReservedSeat | null = null
+
+    /**
+     * In case the seat is changed, this contains the first assigned seat
+     */
+    @column({ type: "json", nullable: true, decoder: CartReservedSeat })
+    originalSeat: CartReservedSeat | null = null
+
+    @column({
+        type: "datetime", beforeSave(old?: any) {
+            if (old !== undefined) {
+                return old;
+            }
+            const date = new Date()
+            date.setMilliseconds(0)
+            return date
+        }
+    })
+    createdAt: Date
+
+    @column({
+        type: "datetime", beforeSave() {
+            const date = new Date()
+            date.setMilliseconds(0)
+            return date
+        },
+        skipUpdate: true
+    })
+    updatedAt: Date
+
+    @column({ type: "datetime", nullable: true })
+    deletedAt: Date | null = null
+
+    @column({ type: "datetime", nullable: true })
+    scannedAt: Date | null = null
+
+    @column({ type: "string", nullable: true })
+    scannedBy: string | null = null
+
+    static webshop = new ManyToOneRelation(Webshop, "webshop");
+    static order = new ManyToOneRelation(Order, "order");
+    static organization = new ManyToOneRelation(Organization, "organization");
+
+    getUrl(this: Ticket & { webshop: Webshop & { organization: Organization } }) {
+        return "https://"+this.webshop.getHost()+"/ticket/"+this.secret
+    }
+
+    get isDeleted() {
+        return this.deletedAt !== null;
+    }
+
+    async softDelete() {
+        if (this.isDeleted) {
+            return;
+        }
+        this.deletedAt = new Date();
+        await this.save()
+    }
+}

package/src/models/Token.test.ts

@@ -0,0 +1,69 @@
+import { Database } from '@simonbackx/simple-database';
+
+import { OrganizationFactory } from '../factories/OrganizationFactory';
+import { UserFactory } from '../factories/UserFactory';
+import { Organization } from './Organization';
+import { Token } from "./Token";
+import { User } from "./User";
+
+describe("Model.Token", () => {
+    const existingToken = "ABCDEFG";
+    let user: User;
+    let organization: Organization;
+
+    beforeAll(async () => {
+        organization = await new OrganizationFactory({}).create();
+        user = await new UserFactory({ organization }).create();
+
+        await Database.insert("INSERT INTO " + Token.table + " SET ?", [
+            {
+                accessToken: existingToken,
+                refreshToken: "refreshtoken",
+
+                accessTokenValidUntil: "2050-08-29 14:30:15",
+                refreshTokenValidUntil: "2050-08-29 14:30:15",
+                userId: user.id,
+                // = "myPassword"
+                createdAt: "2020-03-29 14:30:15",
+                updatedAt: "2020-03-29 14:30:15",
+            },
+        ]);
+    });
+
+    test("Get token", async () => {
+        const token: any = await Token.getByAccessToken(existingToken);
+        expect(token).toBeDefined();
+        expect(token).toBeInstanceOf(Token);
+        expect(token.user.id).toEqual(user.id);
+        expect(token.accessToken).toEqual(existingToken);
+        expect(token.userId).toEqual(user.id);
+    });
+
+    test("Create a token", async () => {
+        const token = await Token.createToken(user);
+        expect(token).toBeDefined();
+        if (!token) return;
+        expect(token).toBeInstanceOf(Token);
+        expect(token.user.id).toEqual(user.id);
+        expect(token.accessToken).toHaveLength(256);
+        expect(token.refreshToken).toHaveLength(256);
+        expect(token.accessTokenValidUntil.getTime()).toBeGreaterThan(new Date().getTime() + (3600 * 1000) / 2 - 1);
+        expect(token.accessTokenValidUntil.getTime()).toBeLessThan(new Date().getTime() + 3600 * 1000 * 24 * 365);
+
+        expect(token.refreshTokenValidUntil.getTime()).toBeGreaterThan(token.accessTokenValidUntil.getTime());
+        expect(token.refreshTokenValidUntil.getTime()).toBeLessThan(new Date().getTime() + 3600 * 1000 * 24 * 365);
+
+        expect(token.userId).toEqual(user.id);
+
+        const search = await Token.getByAccessToken(token.accessToken);
+        // Make sure we do not compare the organization, since that won't be loaded now, but is loaded on user, and on token
+
+        expect(search).toMatchObject({
+            accessToken: token.accessToken,
+            refreshToken: token.refreshToken,
+            userId: token.userId,
+            accessTokenValidUntil: token.accessTokenValidUntil,
+            refreshTokenValidUntil: token.refreshTokenValidUntil
+        });
+    });
+});

package/src/models/Token.ts

@@ -0,0 +1,269 @@
+import { column, Database, ManyToOneRelation, Model } from "@simonbackx/simple-database";
+import { ApiUser } from "@stamhoofd/structures";
+import crypto from "crypto";
+
+import { RateLimiter } from "../helpers/RateLimiter";
+import { User } from './';
+
+export type TokenWithUser = Token & { user: User };
+
+async function randomBytes(size: number): Promise<Buffer> {
+    return new Promise((resolve, reject) => {
+        crypto.randomBytes(size, (err: Error | null, buf: Buffer) => {
+            if (err) {
+                reject(err);
+                return;
+            }
+            resolve(buf);
+        });
+    });
+}
+
+export const apiUserRateLimiter = new RateLimiter({
+    limits: [
+        {   
+            // Block heavy bursts (5req/s for 5s)
+            limit: 25,
+            duration: 5 * 1000
+        },
+        {   
+            // max 1req/s during 150s
+            limit: 150,
+            duration: 150 * 1000
+        },
+        {   
+            // 1000 requests per hour
+            limit: 1000,
+            duration: 60 * 1000 * 60
+        },
+        {   
+            // 2000 requests per day
+            limit: 2000,
+            duration: 24 * 60 * 1000 * 60
+        }
+    ]
+});
+
+export class Token extends Model {
+    static table = "tokens";
+    static MAX_DEVICES = 15;
+
+    @column({ type: "string", foreignKey: Token.user })
+    userId: string;
+
+    // Columns
+    @column({ primary: true, type: "string" })
+    accessToken: string;
+
+    @column({ type: "string" })
+    refreshToken: string;
+
+    @column({ type: "datetime" })
+    accessTokenValidUntil: Date;
+
+    @column({ type: "datetime" })
+    refreshTokenValidUntil: Date;
+
+    @column({
+        type: "datetime", beforeSave(old?: any) {
+            if (old !== undefined) {
+                return old;
+            }
+            const date = new Date()
+            date.setMilliseconds(0)
+            return date
+        }
+    })
+    createdAt: Date
+
+    @column({
+        type: "datetime", beforeSave() {
+            const date = new Date()
+            date.setMilliseconds(0)
+            return date
+        },
+        skipUpdate: true
+    })
+    updatedAt: Date
+
+    static user = new ManyToOneRelation(User, "user");
+
+    isAccessTokenExpired(): boolean {
+        return this.accessTokenValidUntil < new Date() || this.refreshTokenValidUntil < new Date()
+    }
+
+    static async getAPIUserWithToken(user: User) {
+        if (!user.isApiUser) {
+            throw new Error('Unexpected user type')
+        }
+
+        const [lastToken] = await this.where({
+            userId: user.id
+        }, {limit: 1})
+
+        return ApiUser.create({
+            id: user.id,
+            organizationId: user.organizationId,
+            name: user.name,
+            permissions: user.permissions,
+            expiresAt: lastToken?.accessTokenValidUntil ?? null,
+            createdAt: user.createdAt,
+        })
+    }
+
+    /**
+     * Get the token and user for a given accessToken IF it is still valid
+     */
+    static async getByAccessToken(accessToken: string, ignoreExpireDate = false): Promise<TokenWithUser | undefined> {
+        const [rows] = await Database.select(
+            `SELECT ${this.getDefaultSelect()}, user.*  FROM ${
+                this.table
+            } ${Token.user.joinQuery(this.table, "user")} WHERE ${this.primary.name} = ? LIMIT 1 `,
+            [accessToken]
+        );
+
+        if (rows.length == 0) {
+            return undefined;
+        }
+
+        // Read member + address from first row
+        const token = this.fromRow(rows[0][this.table]);
+
+        if (!token) {
+            return undefined;
+        }
+
+        if (!ignoreExpireDate && (token.accessTokenValidUntil < new Date() || token.refreshTokenValidUntil < new Date())) {
+            // Also if the refresh token is invalid, the access token will always be invalid
+            return undefined
+        }
+
+        const user = User.fromRow(rows[0]["user"]) || null;
+
+        if (!user) {
+            console.warn("Selected a token without a user!");
+            return undefined;
+        }
+
+        return token.setRelation(Token.user, user);
+    }
+
+    // Methods
+    static async getByRefreshToken(refreshToken: string): Promise<TokenWithUser | undefined> {
+        const [rows] = await Database.select(
+            `SELECT ${this.getDefaultSelect()}, ${User.getDefaultSelect("user")}  FROM ${
+            this.table
+            } ${Token.user.joinQuery(this.table, "user")} WHERE \`refreshToken\` = ? LIMIT 1 `,
+            [refreshToken]
+        );
+
+        if (rows.length == 0) {
+            return undefined;
+        }
+
+        // Read member + address from first row
+        const token = this.fromRow(rows[0][this.table]);
+
+        if (!token) {
+            return undefined;
+        }
+
+        if (token.refreshTokenValidUntil < new Date()) {
+            // Refreh token invalid = can throw it away
+            token.delete().catch(e => {
+                console.error(e)
+            })
+            return undefined
+        }
+
+        const user = User.fromRow(rows[0]["user"]) || null;
+
+        if (!user || user.isApiUser) {
+            console.warn("Selected a token without a user!");
+            return undefined;
+        }
+
+        return token.setRelation(Token.user, user);
+    }
+
+    /**
+     * Create a token that is expired. This can be usefull if renewing the token is restricted by some account state.
+     * E.g. you cannot renew this token until the e-mail address has been verified.
+     * @param user 
+     */
+    static async createExpiredToken<U extends User>(user: U): Promise<(Token & { user: U })> {
+        const token = await this.createUnsavedToken(user);
+
+        /// Expired a month ago (to prevent any timezone bugs)
+        token.accessTokenValidUntil = new Date(Date.now() - 24 * 60 * 60 * 1000 * 31 );
+        token.accessTokenValidUntil.setMilliseconds(0);
+
+        await token.save();
+        return token;
+    }
+
+    /***
+     * Create a token without saving it
+     */
+    static async createUnsavedToken<U extends User>(user: U): Promise<(Token & { user: U })> {
+        // Get all the tokens of the user that are olde
+
+        // First search if we already have more than 5 tokens (we only allow up to 5 devices)
+        // In case we already have a token for that deviceId, we'll delete it first.
+        try {
+            const [
+                rows,
+            ] = await Database.delete(
+                `DELETE FROM \`${this.table}\` WHERE ${this.primary.name} IN (SELECT ${this.primary.name} FROM (SELECT ${this.primary.name} FROM \`${this.table}\` WHERE \`userId\` = ? ORDER BY\`refreshTokenValidUntil\` DESC LIMIT ? OFFSET ?) x)`,
+                [user.id, this.MAX_DEVICES, this.MAX_DEVICES]
+            );
+
+            if (rows.affectedRows > 0) {
+                console.log(`Deleted ${rows.affectedRows} old tokens first`);
+            }
+        } catch (e) {
+            // This is not a crucial operation, so don't fail when there is a deadlock problem in the query
+            console.error(e)
+        }
+        
+        const token = new Token().setRelation(Token.user, user);
+        token.accessTokenValidUntil = new Date();
+        token.accessTokenValidUntil.setTime(token.accessTokenValidUntil.getTime() + 3600 * 1000);
+        token.accessTokenValidUntil.setMilliseconds(0);
+
+        token.refreshTokenValidUntil = new Date();
+        token.refreshTokenValidUntil.setTime(token.refreshTokenValidUntil.getTime() + 3600 * 1000 * 24 * 365);
+        token.refreshTokenValidUntil.setMilliseconds(0);
+
+        token.accessToken = (await randomBytes(192)).toString("base64").toUpperCase();
+        token.refreshToken = (await randomBytes(192)).toString("base64").toUpperCase();
+        return token;
+    }
+
+    static async createToken<U extends User>(user: U): Promise<(Token & { user: U })> {
+        const token = await this.createUnsavedToken(user);
+        await token.save();
+        return token;
+    }
+
+    static async createApiToken<U extends User>(user: U): Promise<(Token & { user: U })> {
+        const token = await this.createUnsavedToken(user);
+        
+        // 5 year valid
+        token.accessTokenValidUntil = new Date();
+        token.accessTokenValidUntil.setTime(token.accessTokenValidUntil.getTime() + 1000 * 60 * 60 * 24 * 365 * 5);
+        token.accessTokenValidUntil.setMilliseconds(0);
+
+        token.refreshTokenValidUntil = new Date();
+        token.refreshTokenValidUntil.setTime(token.accessTokenValidUntil.getTime());
+        token.refreshTokenValidUntil.setMilliseconds(0);
+
+        await token.save();
+        return token;
+    }
+
+    static async clearFor(userId: string, currentToken: string) {
+        const query = `DELETE from ${this.table} where userId = ? AND accessToken != ?`;
+        await Database.delete(query, [userId, currentToken])
+    }
+}