@tiledesk/tiledesk-server 2.17.4 → 2.18.1

package/middleware/passport.js

@@ -81,13 +81,20 @@ winston.info('Authentication Oauth2 Signin enabled : ' + enableOauth2Signin);
 
 var jwthistory = undefined;
 try {
-    jwthistory = require('@tiledesk-ent/tiledesk-server-jwthistory');
-} catch (err) {
-    winston.debug("jwthistory not present");
+  jwthistory = require('@tiledesk-ent/tiledesk-server-jwthistory');
+} catch(err) {
+  winston.info("jwthistory not present", err);
 }
 
-module.exports = function (passport) {
+let JWT_HISTORY_ENABLED = false;
+if (process.env.JWT_HISTORY_ENABLED==true || process.env.JWT_HISTORY_ENABLED=="true") {
+  JWT_HISTORY_ENABLED = true;
+}
+winston.debug("JWT_HISTORY_ENABLED: " + JWT_HISTORY_ENABLED);
+
+
 
+module.exports = function(passport) {
     // passport.serializeUser(function(user, done) {
     //     console.log("serializeUser");
 
@@ -231,218 +238,212 @@ module.exports = function (passport) {
                 done(null, configSecret); //pub_jwt pp_jwt
             }
         }
-    }
+    };
 
 
-    winston.debug("passport opts: ", opts);
+  winston.debug("passport opts: ", opts);
 
-    passport.use(new JwtStrategy(opts, async (req, jwt_payload, done) => {
-        // passport.use(new JwtStrategy(opts, function(req, jwt_payload, done) {
-        winston.debug("jwt_payload", jwt_payload);
-        // console.log("req",req);
+  passport.use(new JwtStrategy(opts, async(req, jwt_payload, done)  => {
+  // passport.use(new JwtStrategy(opts, function(req, jwt_payload, done) {
+    winston.debug("jwt_payload",jwt_payload);
+    // console.log("req",req);
+    
 
+    // console.log("jwt_payload._doc._id",jwt_payload._doc._id);
 
-        // console.log("jwt_payload._doc._id",jwt_payload._doc._id);
 
+    if (jwt_payload._id == undefined  && (jwt_payload._doc == undefined || (jwt_payload._doc && jwt_payload._doc._id==undefined))) {
+      var err = "jwt_payload._id or jwt_payload._doc._id can t be undefined" ;
+      winston.error(err);
+      return done(null, false);
+    }
+                                                            //JWT OLD format
+     const identifier = jwt_payload._id || jwt_payload._doc._id;
+    
+    // const subject = jwt_payload.sub || jwt_payload._id || jwt_payload._doc._id;
+    winston.debug("passport identifier: " + identifier);
 
-        if (jwt_payload._id == undefined && (jwt_payload._doc == undefined || (jwt_payload._doc && jwt_payload._doc._id == undefined))) {
-            var err = "jwt_payload._id or jwt_payload._doc._id can t be undefined";
-            winston.error(err);
-            return done(null, false);
-        }
-        //JWT OLD format
-        const identifier = jwt_payload._id || jwt_payload._doc._id;
+    const subject = jwt_payload.sub;
+    winston.debug("passport subject: " + subject);
 
-        // const subject = jwt_payload.sub || jwt_payload._id || jwt_payload._doc._id;
-        winston.debug("passport identifier: " + identifier);
+    winston.debug("passport identifier: " + identifier + " subject " + subject);
 
-        const subject = jwt_payload.sub;
-        winston.debug("passport subject: " + subject);
+    var fullUrl = req.protocol + '://' + req.get('host') + req.originalUrl;
+    winston.debug("fullUrl:"+ fullUrl);
 
-        winston.debug("passport identifier: " + identifier + " subject " + subject);
+    winston.debug("req.disablePassportEntityCheck:"+req.disablePassportEntityCheck);
 
-        var fullUrl = req.protocol + '://' + req.get('host') + req.originalUrl;
-        winston.debug("fullUrl:" + fullUrl);
+    if (req && req.disablePassportEntityCheck) { //req can be null
+      // jwt_payload.id = jwt_payload._id; //often req.user.id is used inside code. req.user.id  is a mongoose getter of _id
+      // is better to rename req.user.id to req.user._id in all files
+      winston.debug("req.disablePassportEntityCheck enabled");
+      return done(null, jwt_payload);
+    }
+    winston.debug("jwthistory passport",jwthistory);
+
+    //TODO check into DB if JWT is revoked 
+    if (jwthistory && JWT_HISTORY_ENABLED==true) {
+      var jwtRevoked = await jwthistory.isJWTRevoked(jwt_payload.jti);
+      winston.debug("passport jwt jwtRevoked: "+ jwtRevoked);
+      if (jwtRevoked) {
+        winston.warn("passport jwt is revoked with jti: "+ jwt_payload.jti);
+        return done(null, false);
+      }
+    }
 
-        winston.debug("req.disablePassportEntityCheck:" + req.disablePassportEntityCheck);
+    if (subject == "bot") {
+      winston.debug("Passport JWT bot");
 
-        if (req && req.disablePassportEntityCheck) { //req can be null
-            // jwt_payload.id = jwt_payload._id; //often req.user.id is used inside code. req.user.id  is a mongoose getter of _id
-            // is better to rename req.user.id to req.user._id in all files
-            winston.debug("req.disablePassportEntityCheck enabled");
-            return done(null, jwt_payload);
-        }
+        let qbot = Faq_kb.findOne({_id: identifier}); //TODO add cache_bot_here
 
-        //TODO check into DB if JWT is revoked 
-        if (jwthistory) {
-            var jwtRevoked = await jwthistory.isJWTRevoked(jwt_payload.jti);
-            winston.debug("passport jwt jwtRevoked: " + jwtRevoked);
-            if (jwtRevoked) {
-                winston.warn("passport jwt is revoked with jti: " + jwt_payload.jti);
-                return done(null, false);
-            }
+          if (cacheEnabler.faq_kb) {
+            let id_project = jwt_payload.id_project;
+            winston.debug("jwt_payload.id_project:"+jwt_payload.id_project);
+            qbot.cache(cacheUtil.defaultTTL, id_project+":faq_kbs:id:"+identifier)
+            winston.debug('faq_kb cache enabled');
+          }
+  
+          qbot.exec(function(err, faq_kb) {
+
+          if (err) {
+            winston.error("Passport JWT bot err", err);
+            return done(err, false);
+          }
+          if (faq_kb) {
+            winston.debug("Passport JWT bot user", faq_kb);
+            return done(null, faq_kb);
+          } else {
+            winston.warn("Passport JWT bot not user");
+            return done(null, false);
+          }
+      });
+    // } else if (subject=="projects") {      
+
+    } else if (subject=="subscription") {
+    
+      Subscription.findOne({_id: identifier}, function(err, subscription) {
+        if (err) {
+          winston.error("Passport JWT subscription err", err);
+          return done(err, false);
+        }
+        if (subscription) {
+          winston.debug("Passport JWT subscription user", subscription);
+          return done(null, subscription);
+        } else {
+          winston.warn("Passport JWT subscription not user", subscription);
+          return done(null, false);
         }
+      });              
 
-        if (subject == "bot") {
-            winston.debug("Passport JWT bot");
+    } else if (subject=="userexternal") {
+    
+     
+        if (jwt_payload) {
 
-            let qbot = Faq_kb.findOne({_id: identifier}); //TODO add cache_bot_here
+          // const audUrl  = new URL(jwt_payload.aud);
+          // winston.info("audUrl: "+ audUrl );
 
-            if (cacheEnabler.faq_kb) {
-                let id_project = jwt_payload.id_project;
-                winston.debug("jwt_payload.id_project:" + jwt_payload.id_project);
-                qbot.cache(cacheUtil.defaultTTL, id_project + ":faq_kbs:id:" + identifier)
-                winston.debug('faq_kb cache enabled');
-            }
+          // const path = audUrl.pathname;
+          // winston.info("audUrl path: " + path );
+          
+          // const AudienceType = path.split("/")[1];
+          // winston.info("audUrl AudienceType: " + AudienceType );
 
-            qbot.exec(function (err, faq_kb) {
+          // const AudienceId = path.split("/")[2];
+          // winston.info("audUrl AudienceId: " + AudienceId );
 
-                if (err) {
-                    winston.error("Passport JWT bot err", err);
-                    return done(err, false);
-                }
-                if (faq_kb) {
-                    winston.debug("Passport JWT bot user", faq_kb);
-                    return done(null, faq_kb);
-                } else {
-                    winston.warn("Passport JWT bot not user");
-                    return done(null, false);
-                }
-            });
-            // } else if (subject=="projects") {      
+          // jwt_payload._id = AudienceId + "-" + jwt_payload._id;
+          
 
-        } else if (subject == "subscription") {
 
-            Subscription.findOne({_id: identifier}, function (err, subscription) {
-                if (err) {
-                    winston.error("Passport JWT subscription err", err);
-                    return done(err, false);
-                }
-                if (subscription) {
-                    winston.debug("Passport JWT subscription user", subscription);
-                    return done(null, subscription);
-                } else {
-                    winston.warn("Passport JWT subscription not user", subscription);
-                    return done(null, false);
-                }
-            });
+          winston.debug("Passport JWT userexternal", jwt_payload);
+          var userM = UserUtil.decorateUser(jwt_payload);
+          winston.debug("Passport JWT userexternal userM", userM);
 
-        } else if (subject == "userexternal") {
+          return done(null, userM );
+        }  else {
+          var err = {msg: "No jwt_payload passed. Its required"};
+          winston.error("Passport JWT userexternal err", err);
+          return done(err, false);
+        }                
 
+     } else if (subject=="guest") {
+    
+     
+        if (jwt_payload) {
+          winston.debug("Passport JWT guest", jwt_payload);
+          var userM = UserUtil.decorateUser(jwt_payload);
+          winston.debug("Passport JWT guest userM", userM);
+          return done(null, userM );
+        }  else {
+          var err = {msg: "No jwt_payload passed. Its required"};
+          winston.error("Passport JWT guest err", err);
+          return done(err, false);
+        }                   
+
+    } else {
+      winston.debug("Passport JWT generic user");
+      let quser = User.findOne({_id: identifier, status: 100})   //TODO user_cache_here
+        //@DISABLED_CACHE .cache(cacheUtil.defaultTTL, "users:id:"+identifier)
+
+        if (cacheEnabler.user) {
+          quser.cache(cacheUtil.defaultTTL, "users:id:"+identifier)
+          winston.debug('user cache enabled');
+        }
 
-            if (jwt_payload) {
+        quser.exec(function(err, user) {
+          if (err) {
+            winston.error("Passport JWT generic err ", err);
+            return done(err, false);
+          }
+          if (user) {
+            winston.debug("Passport JWT generic user ", user);
+            return done(null, user);
+          } else {
+            winston.debug("Passport JWT generic not user");
+            return done(null, false);
+          }
+      });
 
-                // const audUrl  = new URL(jwt_payload.aud);
-                // winston.info("audUrl: "+ audUrl );
+    }
+   
 
-                // const path = audUrl.pathname;
-                // winston.info("audUrl path: " + path );
 
-                // const AudienceType = path.split("/")[1];
-                // winston.info("audUrl AudienceType: " + AudienceType );
+  }));
 
-                // const AudienceId = path.split("/")[2];
-                // winston.info("audUrl AudienceId: " + AudienceId );
 
-                // jwt_payload._id = AudienceId + "-" + jwt_payload._id;
 
+  passport.use(new BasicStrategy(function(userid, password, done) {
+      
+      winston.debug("BasicStrategy: " + userid);
+      
 
-                winston.debug("Passport JWT userexternal", jwt_payload);
-                var userM = UserUtil.decorateUser(jwt_payload);
-                winston.debug("Passport JWT userexternal userM", userM);
+      var email = userid.toLowerCase();
+      winston.debug("email lowercase: " + email);
 
-                return done(null, userM);
-            } else {
-                var err = {msg: "No jwt_payload passed. Its required"};
-                winston.error("Passport JWT userexternal err", err);
-                return done(err, false);
-            }
-
-        } else if (subject == "guest") {
+      User.findOne({ email: email, status: 100}, 'email firstname lastname password emailverified id') //TODO user_cache_here. NOT used frequently. ma attento select. ATTENTO QUI NN USEREI LA SELECT altrimenti con JWT ho tuttto USER mentre con basich auth solo aluni campi
+      //@DISABLED_CACHE .cache(cacheUtil.defaultTTL, "users:email:"+email)
+      .exec(function (err, user) {
+       
+        if (err) {
+            // console.log("BasicStrategy err.stop");
+            return done(err); 
+        }
+        if (!user) { return done(null, false); }
+        
+        user.comparePassword(password, function (err, isMatch) {
+            if (isMatch && !err) {
 
+              // if user is found and password is right create a token
+              // console.log("BasicStrategy ok");
+              return done(null, user);
 
-            if (jwt_payload) {
-                winston.debug("Passport JWT guest", jwt_payload);
-                var userM = UserUtil.decorateUser(jwt_payload);
-                winston.debug("Passport JWT guest userM", userM);
-                return done(null, userM);
             } else {
-                var err = {msg: "No jwt_payload passed. Its required"};
-                winston.error("Passport JWT guest err", err);
-                return done(err, false);
+                return done(err);
             }
-
-        } else {
-            winston.debug("Passport JWT generic user");
-            let quser = User.findOne({_id: identifier, status: 100})   //TODO user_cache_here
-            //@DISABLED_CACHE .cache(cacheUtil.defaultTTL, "users:id:"+identifier)
-
-            if (cacheEnabler.user) {
-                quser.cache(cacheUtil.defaultTTL, "users:id:" + identifier)
-                winston.debug('user cache enabled');
-            }
-
-            quser.exec(function (err, user) {
-                if (err) {
-                    winston.error("Passport JWT generic err ", err);
-                    return done(err, false);
-                }
-                if (user) {
-                    winston.debug("Passport JWT generic user ", user);
-                    return done(null, user);
-                } else {
-                    winston.debug("Passport JWT generic not user");
-                    return done(null, false);
-                }
-            });
-
-        }
-
-
-    }));
-
-
-    passport.use(new BasicStrategy(function (userid, password, done) {
-
-        winston.debug("BasicStrategy: " + userid);
-
-
-        var email = userid.toLowerCase();
-        winston.debug("email lowercase: " + email);
-
-        User.findOne({
-            email: email,
-            status: 100
-        }, 'email firstname lastname password emailverified id') //TODO user_cache_here. NOT used frequently. ma attento select. ATTENTO QUI NN USEREI LA SELECT altrimenti con JWT ho tuttto USER mentre con basich auth solo aluni campi
-            //@DISABLED_CACHE .cache(cacheUtil.defaultTTL, "users:email:"+email)
-            .exec(function (err, user) {
-
-                if (err) {
-                    // console.log("BasicStrategy err.stop");
-                    return done(err);
-                }
-                if (!user) {
-                    return done(null, false);
-                }
-
-                user.comparePassword(password, function (err, isMatch) {
-                    if (isMatch && !err) {
-
-                        // if user is found and password is right create a token
-                        // console.log("BasicStrategy ok");
-                        return done(null, user);
-
-                    } else {
-                        return done(err);
-                    }
-                });
-
-
-                // if (user) { return done(null, user); }
-                // if (!user) { return done(null, false); }
-                // if (!user.verifyPassword(password)) { return done(null, false); }
-            });
-    }));
+        });
+      });
+  }));
 
 
     if (enableGoogleSignin == true) {

package/migrations/1757601159298-project_user_role_type.js

@@ -0,0 +1,45 @@
+var Project_user = require("../models/project_user");
+var winston = require('../config/winston');
+
+/**
+ * Make any changes you need to make to the database here
+ */
+async function up () {
+  let p = await Project_user.find({}).exec()
+  // Write migration here
+  await new Promise((resolve, reject) => {
+     Project_user.updateMany({"$or":[{ "role": "agent" }, { "role": "supervisor" }, { "role":  "admin" }, { "role": "owner" }]}, {"$set": {"roleType": 1 }}, function (err, updates) {
+      if (err) {
+        winston.error("Error appling the migration script", err);
+      }
+      winston.info("Schema updated for " + updates.nModified + " project_user of type agents")
+      winston.debug("updates",updates)      
+      //  return resolve('ok'); 
+    });  
+
+     return Project_user.updateMany({"$or":[{ "role": "user" }, { "role": "guest" }]}, {"$set": {"roleType": 2 }}, function (err, updates) {
+          if (err) {
+            winston.error("Error appling the migration script", err);
+          }
+          winston.info("Schema updated for " + updates.nModified + " project_user of type user"),
+          winston.debug("updates",updates)
+           return resolve('ok'); 
+        });  
+    
+  
+  });
+     
+ 
+} 
+  
+/** 
+ * Make any changes that UNDO the up function side effects here (if possible)
+ */
+async function down () {
+  
+  // Write migration here
+  // console.log("down*********");
+}
+
+module.exports = { up, down }; 
+  

package/models/department.js

@@ -3,6 +3,8 @@ var Schema = mongoose.Schema;
 var routingConstants = require('../models/routingConstants');
 var winston = require('../config/winston');
 var TagSchema = require("../models/tag");
+var GroupMemberSchema = require("../models/groupMemberSchama");
+
 
 var DepartmentSchema = new Schema({
   id_bot: {
@@ -34,6 +36,7 @@ var DepartmentSchema = new Schema({
   id_group: {
     type: String,
   },
+  groups: [GroupMemberSchema],
   // used??
   online_msg: {
     type: String,

package/models/groupMemberSchama.js

@@ -0,0 +1,19 @@
+var mongoose = require('mongoose');
+var Schema = mongoose.Schema;
+var winston = require('../config/winston');
+
+var GroupMemberSchema = new Schema({
+  
+  group_id: {
+    type: String,
+    required: true
+  },  
+  percentage: {
+    type: Number,
+    required: true,
+  }
+}
+);
+
+
+module.exports = GroupMemberSchema;

package/models/kb_setting.js

@@ -1,7 +1,11 @@
 let mongoose = require('mongoose');
 let Schema = mongoose.Schema;
 let winston = require('../config/winston');
-let expireAfterSeconds = process.env.UNANSWERED_QUESTION_EXPIRATION_TIME || 7 * 24 * 60 * 60; // 7 days
+
+const expireAfterSeconds = (() => {
+  const n = Number(process.env.UNANSWERED_QUESTION_EXPIRATION_TIME);
+  return !isNaN(n) && n >= 0 ? n : 7 * 24 * 60 * 60; // default 7 days
+})();
 
 const EngineSchema = new Schema({
   name: {
@@ -205,7 +209,7 @@ const UnansweredQuestionSchema = new Schema({
 });
 
 // Add TTL index to automatically delete documents after 30 days
-UnansweredQuestionSchema.index({ created_at: 1 }, { expireAfterSeconds: expireAfterSeconds }); // 30 days
+UnansweredQuestionSchema.index({ createdAt: 1 }, { expireAfterSeconds: expireAfterSeconds }); // 30 days
 
 // DEPRECATED !! - Start
 const KBSettingSchema = new Schema({

package/models/permissionConstants.js

@@ -0,0 +1,19 @@
+const OWNER_ROLE = [                                
+        ];
+
+const ADMIN_ROLE = [                               
+                "request_read_all"
+        ];
+const AGENT_ROLE= [
+                "request_read_group"
+        ];
+
+// console.log("ADMIN_ROLE", ADMIN_ROLE.concat(AGENT_ROLE));
+module.exports = {
+        "agent": AGENT_ROLE,
+        "admin": ADMIN_ROLE.concat(AGENT_ROLE),
+        "owner": OWNER_ROLE.concat(ADMIN_ROLE).concat(AGENT_ROLE) 
+
+}
+// const ADMIN_ROLE = Object.assign({}, ADMIN_ROLE, AGENT_ROLE)  
+// const ADMIN_ROLE = { ...ADMIN_ROLE, ...AGENT_ROLE }  

package/models/project_user.js

@@ -31,6 +31,10 @@ var TagSchema = require("../models/tag");
       index: true
       // required: true
     },
+    roleType: {
+      type: Number,  //1 for agents 2 for users
+      index: true
+    },
     user_available: {
       type: Boolean,
       default: true, 
@@ -63,6 +67,7 @@ var TagSchema = require("../models/tag");
       type: Object,
     },
     tags: [TagSchema],
+    permissions: [String],
     createdBy: {
       type: String,
       required: true
@@ -86,14 +91,16 @@ var TagSchema = require("../models/tag");
   );
 
  
-Project_userSchema.virtual('events', {
-    ref: 'event', // The model to use
-    localField: '_id', // Find people where `localField`
-    foreignField: 'project_user', // is equal to `foreignField`
-    justOne: false,
-    // options: { getters: true }
-    options: { sort: { createdAt: -1 }, limit: 5 } // Query options, see http://bit.ly/mongoose-query-options
-});
+
+  //TODO COMMENT IT unused. Now events are not saved to the db
+// Project_userSchema.virtual('events', {
+//     ref: 'event', // The model to use
+//     localField: '_id', // Find people where `localField`
+//     foreignField: 'project_user', // is equal to `foreignField`
+//     justOne: false,
+//     // options: { getters: true }
+//     options: { sort: { createdAt: -1 }, limit: 5 } // Query options, see http://bit.ly/mongoose-query-options
+// });
 
 Project_userSchema.virtual('isAuthenticated').get(function () {
   if (this.role === RoleConstants.GUEST ) {
@@ -103,6 +110,77 @@ Project_userSchema.virtual('isAuthenticated').get(function () {
   }
 });
 
+Project_userSchema.methods.getAllPermissions = function () {
+  // console.log("this", this);
+  winston.debug("this.permissions", this.permissions);
+
+  // console.log("this.rolePermissions", this.rolePermissions);
+  winston.debug("this._doc.rolePermissions", this._doc.rolePermissions);
+
+  let all = this.permissions;
+
+  if (this._doc.rolePermissions) {
+    all = [...new Set([...this.permissions, ...this._doc.rolePermissions])]; //https://medium.com/@rivoltafilippo/javascript-merge-arrays-without-duplicates-3fbd8f4881be
+  }
+  // const all = this.permissions.concat(this._doc.rolePermissions);
+  winston.verbose("getAllPermissions all", all);
+
+  return all;
+  
+}
+
+
+
+Project_userSchema.methods.hasPermissionOrRole = function (permission, roles) {
+  var all_permissions = this.getAllPermissions();
+  // var all_permissions = this.getAllPermissions();
+  // console.log("hasPermissionOrRole", all_permissions, permission,  this.role, roles)
+  if (all_permissions && all_permissions.length>0 ) {
+    if (all_permissions.includes(permission)) {
+      // console.log("hasPermissionOrRole found", permission)
+      return true;
+    } else {
+      return false;
+    }
+  }else {
+    if (roles instanceof Array) {
+      // console.log("hasPermissionOrRole roles instanceof Array");
+      for (var i = 0; i < roles.length; i++) {
+        if (roles[i]==this.role) {
+          return true;
+        }
+      }
+      return false;
+
+    } else {
+      // console.log("roles instanceof  ", roles instanceof );
+      // console.log("this.role instanceof  ", this.role instanceof );
+      
+      // console.log("hasPermissionOrRole role ", this.role, roles);
+      if (this.role==roles) {
+        // console.log("role ok");
+        return true;
+      } else {
+        // console.log("role ko");
+        return false;
+      }
+    }
+    
+    
+  }
+}
+
+Project_userSchema.methods.hasPermission = function (permission) {
+  if (this.permissions && this.permissions.length>0 ) {
+    if (this.permissions.includes(permission)) {
+      return true;
+    } else {
+      return false;
+    }
+  }else {
+    return false;
+  }
+}
 
 
   // var query = { id_project: req.params.projectid, id_user: req.user._id};

package/models/request.js

@@ -11,6 +11,7 @@ var ProjectUserSchema = require("../models/project_user").schema;
 var RequestStatus = require("../models/requestStatus");
 var LeadSchema = require("../models/lead").schema; //it's not used but i you run test like (mocha departmentService.js) it throws this not blocking exception: error: error getting requestSchema hasn't been registered for model "lead".
 var NoteSchema = require("../models/note").schema;
+
 var TagSchema = require("../models/tag");
 var LocationSchema = require("../models/location");
 var RequestSnapshotSchema = require("../models/requestSnapshot");