@tiledesk/tiledesk-server 2.17.4 → 2.18.3

package/CHANGELOG.md

@@ -5,11 +5,16 @@
 🚀        IN PRODUCTION                        🚀
 (https://www.npmjs.com/package/@tiledesk/tiledesk-server/v/2.3.77) 
 
-# 2.17.5
-- Refactor error handling and code structure in webhook.js
+# 2.18.3
+- Added permissions logic
+- Added custom roles support
+- Add answered questions functionality
+- Added AnsweredQuestion schema with TTL index for automatic deletion.
+- Updated UnansweredQuestion schema to include additional fields and improved query handling for searching and sorting.
+- Enhanced the deletion process for unanswered questions.
 
 # 2.17.4
-- Added support for Pinecone Reranking for Standard knowledge bases
+- Refactor error handling and code structure in webhook.js
 
 # 2.17.3
 - Added missing import path on kb route

package/app.js

@@ -130,6 +130,7 @@ var integration = require('./routes/integration')
 var kbsettings = require('./routes/kbsettings');
 var kb = require('./routes/kb');
 var unanswered = require('./routes/unanswered');
+var answered = require('./routes/answered');
 
 // var admin = require('./routes/admin');
 var faqpub = require('./routes/faqpub');
@@ -149,6 +150,7 @@ var property = require('./routes/property');
 var segment = require('./routes/segment');
 var webhook = require('./routes/webhook');
 var webhooks = require('./routes/webhooks');
+var roles = require('./routes/roles');
 var copilot = require('./routes/copilot');
 var mcp = require('./routes/mcp');
 
@@ -642,12 +644,14 @@ app.use('/:projectid/mcp', [passport.authenticate(['basic', 'jwt'], { session: f
 
 app.use('/:projectid/kbsettings', [passport.authenticate(['basic', 'jwt'], { session: false }), validtoken, roleChecker.hasRoleOrTypes('agent', ['bot','subscription'])], kbsettings);
 app.use('/:projectid/kb/unanswered', [passport.authenticate(['basic', 'jwt'], { session: false }), validtoken, roleChecker.hasRoleOrTypes('admin', ['bot','subscription'])], unanswered);
+app.use('/:projectid/kb/answered', [passport.authenticate(['basic', 'jwt'], { session: false }), validtoken, roleChecker.hasRoleOrTypes('admin', ['bot','subscription'])], answered);
 app.use('/:projectid/kb', [passport.authenticate(['basic', 'jwt'], { session: false }), validtoken, roleChecker.hasRoleOrTypes('admin', ['bot','subscription'])], kb);
 
 app.use('/:projectid/logs', [passport.authenticate(['basic', 'jwt'], { session: false }), validtoken, roleChecker.hasRole('agent')], logs);
 
 app.use('/:projectid/webhooks', [passport.authenticate(['basic', 'jwt'], { session: false }), validtoken, roleChecker.hasRole('admin')], webhooks);
 app.use('/:projectid/copilot', [passport.authenticate(['basic', 'jwt'], { session: false }), validtoken, roleChecker.hasRole('agent')], copilot);
+app.use('/:projectid/roles', [passport.authenticate(['basic', 'jwt'], { session: false }), validtoken, roleChecker.hasRole('agent')], roles);
 
 app.use('/:projectid/files', filesp);
 

package/channels/chat21/chat21WebHook.js

@@ -307,7 +307,12 @@ router.post('/', function (req, res) {
                 // TODO se stato = 50 e scrive visitatotre sposto a stato 100 poi queuue lo smista
 
                 // TOOD update also request attributes and sourcePage
-                
+                if (message.sender !== 'system') {
+                  Request.findOneAndUpdate({request_id: request.request_id, id_project: request.id_project}, { "attributes.last_message": savedMessage}).catch((err) => {
+                    winston.error("Create message - saving last message in request error: ", err);
+                  })
+                }
+
                     // return requestService.incrementMessagesCountByRequestId(request.request_id, request.id_project).then(function(savedRequest) {
                       // winston.debug("savedRequest.participants.indexOf(message.sender)", savedRequest.participants.indexOf(message.sender));
                       winston.debug("before updateWaitingTimeByRequestId*******",request.participants, message.sender);

package/docs/routes-answered.md

@@ -0,0 +1,153 @@
+# Route `kb/answered` — domande con risposta (Knowledge Base)
+
+Documentazione per [`routes/answered.js`](../routes/answered.js).
+
+## Scopo
+
+API REST per gestire le **domande già risposte** associate a un **namespace** della Knowledge Base del progetto. I documenti sono persistiti nel modello Mongoose `AnsweredQuestion` (vedi [`models/kb_setting.js`](../models/kb_setting.js)).
+
+Ogni operazione è vincolata al **progetto corrente** (`req.projectid`, derivato dal segmento `:projectid` nell’URL) e alla validità del **namespace** (deve esistere un `Namespace` con `id` uguale al `namespace` richiesto e `id_project` uguale al progetto).
+
+## Montaggio e autenticazione
+
+In [`app.js`](../app.js) il router è montato così:
+
+- **Path base:** `/:projectid/kb/answered`
+- **Middleware:** `passport.authenticate(['basic', 'jwt'])`, `validtoken`, `roleChecker.hasRoleOrTypes('admin', ['bot','subscription'])`
+
+Sono quindi richiesti autenticazione (Basic o JWT), token valido e ruolo **admin** oppure tipi **bot** / **subscription**.
+
+Esempio di URL completo (sviluppo locale):
+
+```http
+GET http://localhost:3000/{projectId}/kb/answered/{namespace}
+```
+
+Sostituire `{projectId}` con l’ID MongoDB del progetto.
+
+## Modello dati (`AnsweredQuestion`)
+
+| Campo         | Tipo     | Note                                      |
+|---------------|----------|-------------------------------------------|
+| `id_project`  | string   | Impostato dal server dal contesto progetto |
+| `namespace`   | string   | ID del namespace (validato contro `Namespace`) |
+| `question`    | string   | Obbligatorio                              |
+| `answer`      | string   | Obbligatorio                              |
+| `tokens`      | number   | Opzionale                                 |
+| `request_id`  | string   | Opzionale                                 |
+| `created_at` / `updated_at` | date | Da `timestamps: true`              |
+
+Indici rilevanti: TTL su `created_at`, indice composto `(id_project, namespace, created_at)`, indice **testo** su `question` e `answer` (pesi question 5, answer 1) per la ricerca full-text.
+
+---
+
+## Endpoint
+
+Tutti i path qui sotto sono relativi a `/:projectid/kb/answered`.
+
+### `POST /`
+
+Aggiunge una nuova domanda risposta.
+
+**Body JSON**
+
+| Campo        | Obbligatorio | Descrizione        |
+|-------------|--------------|--------------------|
+| `namespace` | sì           | ID namespace       |
+| `question`  | sì           | Testo domanda      |
+| `answer`    | sì           | Testo risposta     |
+| `tokens`    | no           | Numero opzionale   |
+| `request_id`| no           | Riferimento richiesta |
+
+**Risposte**
+
+| HTTP | Significato |
+|------|-------------|
+| 200  | Documento salvato (corpo = documento MongoDB creato) |
+| 400  | Parametri mancanti (`namespace`, `question`, `answer`) |
+| 403  | Namespace non appartenente al progetto |
+| 500  | Errore server |
+
+---
+
+### `GET /:namespace`
+
+Elenco paginato delle domande risposte per il namespace.
+
+**Query**
+
+| Parametro    | Default | Descrizione |
+|--------------|---------|-------------|
+| `page`       | `0`     | Pagina (0-based) |
+| `limit`      | `20`    | Elementi per pagina |
+| `sortField`  | `created_at` | Campo ordinamento |
+| `direction`  | `-1`    | `1` crescente, `-1` decrescente |
+| `search`     | —       | Se presente, attiva ricerca **full-text** (`$text`); l’ordinamento usa lo score di testo |
+
+**Risposta 200**
+
+```json
+{
+  "count": 0,
+  "questions": [],
+  "query": {
+    "page": 0,
+    "limit": 20,
+    "sortField": "created_at",
+    "direction": -1,
+    "search": "..."
+  }
+}
+```
+
+**Altri codici:** `400` (namespace mancante), `403` (namespace non valido per il progetto), `500`.
+
+---
+
+### `DELETE /:id`
+
+Elimina una singola domanda per `_id` MongoDB.
+
+**Risposte:** `200` con `{ success, message }`, `404` se non trovata (o non del progetto), `500`.
+
+---
+
+### `DELETE /namespace/:namespace`
+
+Elimina **tutte** le domande risposte per `namespace` nel progetto corrente.
+
+**Risposta 200:** `{ success, count: <deletedCount>, message }`.
+
+**403** se il namespace non appartiene al progetto. **500** in errore.
+
+---
+
+### `GET /count/:namespace`
+
+Restituisce il conteggio documenti per `id_project` + `namespace`.
+
+**Risposta 200:** `{ count: <number> }`.
+
+**400** / **403** / **500** come negli altri endpoint con validazione namespace.
+
+---
+
+## Funzione interna `validateNamespace(id_project, namespace_id)`
+
+Verifica che esista un documento `Namespace` con `id_project` e `id: namespace_id`. Usata in creazione, lettura elenco, cancellazione bulk e conteggio.
+
+---
+
+## Nota sull’ordine delle route Express
+
+Nel file è definito `GET /:namespace` **prima** di `GET /count/:namespace`. In Express la prima route che corrisponde vince: una richiesta del tipo `GET .../kb/answered/count/<namespace>` può essere interpretata come `GET /:namespace` con `namespace` uguale alla stringa letterale `count`, invece che come endpoint di conteggio.
+
+Per far funzionare l’URL `GET /count/:namespace` come previsto dal codice, in genere occorre registrare **`GET /count/:namespace` prima di `GET /:namespace`**, oppure usare un prefisso path diverso per uno dei due. Verificare il comportamento in ambiente reale o adeguare l’ordine delle route se il conteggio non risponde come atteso.
+
+---
+
+## Riferimenti
+
+- Router: [`routes/answered.js`](../routes/answered.js)
+- Modello e indici: [`models/kb_setting.js`](../models/kb_setting.js) (`AnsweredQuestionSchema`)
+- Montaggio app: [`app.js`](../app.js) (`/:projectid/kb/answered`)

package/event/authEvent.js

@@ -1,4 +1,5 @@
 const EventEmitter = require('events');
+var RoleConstants = require("../models/roleConstants");
 
 class AuthEvent extends EventEmitter {
     constructor() {
@@ -9,6 +10,21 @@ class AuthEvent extends EventEmitter {
 
 const authEvent = new AuthEvent();
 
+ var projectuserUpdateKey = 'project_user.update';
+if (process.env.QUEUE_ENABLED === "true") {
+  projectuserUpdateKey = 'project_user.update.queue';
+}
+
+authEvent.on(projectuserUpdateKey,  function(event) { 
+      if (event.updatedProject_userPopulated) {
+        var pu = event.updatedProject_userPopulated;
+        if (pu.roleType === RoleConstants.TYPE_AGENTS) {          
+          authEvent.emit("project_user.update.agent", event);
+        } else {
+          authEvent.emit("project_user.update.user", event);
+        }
+      }
+});
 
 //listen for sigin and signup event
 

package/event/projectUserEvent.js

@@ -0,0 +1,39 @@
+const EventEmitter = require('events');
+const winston = require('../config/winston');
+const Group = require("../models/group");
+
+class ProjectUserEvent extends EventEmitter {
+    constructor() {
+        super();
+        this.registerListeners();
+    }
+
+    registerListeners() {
+
+        this.on('project_user.deleted', async (pu) => {
+
+            try {
+                winston.debug('[project_user.deleted] Event catched:', pu);
+    
+                const id_project = pu.id_project;
+                let id_user = pu.id_user.toString();
+                if (typeof id_user === 'object' && id_user._id) {
+                    id_user = id_user._id.toString();
+                }
+    
+                const result = await Group.updateMany({ id_project: id_project }, { $pull: { members: id_user }});
+                winston.verbose(`Event project_user.deleted: User ${id_user} removed from ${result?.nModified} groups.`)
+
+            } catch (err) {
+                winston.verbose(`Event project_user.deleted: Error removing user ${id_user} from groups: `, err);
+            }
+
+        });
+
+    }
+}
+
+// Istanza singleton
+const puEvent = new ProjectUserEvent();
+
+module.exports = puEvent;

package/event/roleEvent.js

@@ -0,0 +1,9 @@
+const EventEmitter = require('events');
+
+class RoleEvent extends EventEmitter {}
+
+const roleEvent = new RoleEvent();
+
+
+
+module.exports = roleEvent;

package/middleware/has-role.js

@@ -1,18 +1,16 @@
-var Project_user = require("../models/project_user");
 var Faq_kb = require("../models/faq_kb");
 var Subscription = require("../models/subscription");
 var winston = require('../config/winston');
 
-var cacheUtil = require('../utils/cacheUtil');
-var cacheEnabler = require("../services/cacheEnabler");
-
+var projectUserService = require("../services/projectUserService");
 class RoleChecker {
     
 
     
     constructor() {
+      winston.debug("RoleChecker");
 
-        this.ROLES =  {
+      this.ROLES =  {
             "guest":        ["guest"],
             "user":         ["guest","user"],
             "teammate":     ["guest","user","teammate"],
@@ -20,7 +18,7 @@ class RoleChecker {
             "supervisor":   ["guest","user","teammate","agent","supervisor"],
             "admin":        ["guest","user","teammate","agent", "supervisor", "admin"],
             "owner":        ["guest","user","teammate","agent", "supervisor", "admin", "owner"],
-        }
+      }
     }
       
     isType(type) {        
@@ -87,18 +85,90 @@ class RoleChecker {
       }    
         
   
+      hasPermission(permission) {
+        var that = this;
+        return async(req, res, next) => {
+          if (!req.params.projectid && !req.projectid) {
+            return res.status(400).send({success: false, msg: 'req.params.projectid is not defined.'});
+          }
+
+          let projectid = req.params.projectid || req.projectid;
+
+          var project_user = req.projectuser;
+          winston.debug("hasPermission project_user hasPermission", project_user);
+
+          if (!project_user) {
+
+            try {
+              project_user = await projectUserService.getWithPermissions(req.user._id, projectid, req.user.sub);            
+            } catch(err) {
+              winston.error("Error getting project_user for hasrole",err);
+              return next(err);
+            }
+            winston.debug("project_user: ", JSON.stringify(project_user));
+          }     
+
+          if (project_user) {
+            
+            req.projectuser = project_user;
+            winston.debug("hasPermission req.projectuser", req.projectuser);
+
+            var permissions = project_user._doc.rolePermissions;
+           
+            winston.debug("hasPermission permissions", permissions);
+  
+            winston.debug("hasPermission permission: "+ permission);
+
+            if (permission==undefined) {
+                winston.debug("permission is empty go next");
+                return next();
+            }
+
+            if (permissions!=undefined && permissions.length>0) {
+              if (permissions.includes(permission)) {
+                next();
+              }else {                         
+                res.status(403).send({success: false, msg: 'you dont have the required permission.'});                
+              }
+            } else { 
+              res.status(403).send({success: false, msg: 'you dont have the required permission. Is is empty'});                       
+            }
+          } else {
+          
+            /**
+            * Updated by Johnny - 29mar2024 - START
+            */
+            // console.log("req.user: ", req.user);
+            if (req.user.email === process.env.ADMIN_EMAIL) {
+              req.user.attributes = { isSuperadmin: true };
+              next();
+            } else {
+              res.status(403).send({success: false, msg: 'you dont belong to the project.'});
+            }
+            /**
+            * Updated by Johnny - 29mar2024 - END
+            */
+          
+          }
+       
+       
+         
+          
+        }
+      }
       
 
       hasRole(role) {
         return this.hasRoleOrTypes(role);
       }
 
-       hasRoleOrTypes(role, types) {
-           
+       hasRoleOrTypes(role, types, permission) {
+        // console.log("hasRoleOrTypes",role,types);
+
         var that = this;
 
         // winston.debug("HasRole");
-        return function(req, res, next) {
+        return async(req, res, next) => {
           
           // winston.debug("req.originalUrl" + req.originalUrl);
           // winston.debug("req.params" + JSON.stringify(req.params));
@@ -111,7 +181,7 @@ class RoleChecker {
 
           let projectid = req.params.projectid || req.projectid;
 
-        //  winston.info("req.user._id: " + req.user._id);
+          //  winston.info("req.user._id: " + req.user._id);
 
           // winston.info("req.projectuser: " + req.projectuser);
           //winston.debug("req.user", req.user);
@@ -135,138 +205,107 @@ class RoleChecker {
           //   res.status(403).send({success: false, msg: 'req.user._id not defined.'});
           // }
           winston.debug("hasRoleOrType req.user._id " +req.user._id);
-          // project_user_qui_importante
-
-          // JWT_HERE
-          var query = { id_project: projectid, id_user: req.user._id, status: "active"};
-          let cache_key = projectid+":project_users:iduser:"+req.user._id
-
-          if (req.user.sub && (req.user.sub=="userexternal" || req.user.sub=="guest")) {
-            query = { id_project: projectid, uuid_user: req.user._id, status: "active"};
-            cache_key = projectid+":project_users:uuid_user:"+req.user._id
+          // project_user_qui_importante         
+
+          var project_user = req.projectuser;
+          winston.debug("hasRoleOrTypes project_user hasRoleOrTypes", project_user);
+
+          if (!project_user) {
+            winston.debug("load project_user");
+            try {
+              project_user = await projectUserService.getWithPermissions(req.user._id, projectid, req.user.sub);            
+            } catch(err) {
+              winston.error("Error getting project_user for hasrole",err);
+              return next(err);
+            }
+                    
+            winston.debug("project_user: ", JSON.stringify(project_user));
+            
           }
-          winston.debug("hasRoleOrType query " + JSON.stringify(query));
 
-          let q = Project_user.findOne(query);
-          if (cacheEnabler.project_user) { 
-            q.cache(cacheUtil.defaultTTL, cache_key);
-            winston.debug("cacheEnabler.project_user enabled");
+          if (project_user) {
+            
+            req.projectuser = project_user;
+            winston.debug("hasRoleOrTypes req.projectuser", req.projectuser.toJSON());
 
-          }
-            q.exec(function (err, project_user) {
-              if (err) {
-                winston.error("Error on Request path: " + req.originalUrl);
-                winston.error("Error getting project_user for hasrole",err);
-                return next(err);
-              }
-              winston.debug("project_user: ", JSON.stringify(project_user));
-              
-              
-      
-              if (project_user) {
-                
-                req.projectuser = project_user;
-                winston.debug("req.projectuser", req.projectuser);
+            var userRole = project_user.role;
+            winston.debug("userRole", userRole);
 
-                var userRole = project_user.role;
-                winston.debug("userRole", userRole);
-      
-                if (!role) {
-                  next();
-                }else {
-      
-                  var hierarchicalRoles = that.ROLES[userRole];
-                  winston.debug("hierarchicalRoles", hierarchicalRoles);
-      
-                  if ( hierarchicalRoles && hierarchicalRoles.includes(role)) {
-                    next();
-                  }else {
-                    res.status(403).send({success: false, msg: 'you dont have the required role.'});
-                  }
-                }
-              } else {
-              
-                /**
-                 * Updated by Johnny - 29mar2024 - START
-                 */
-                // console.log("req.user: ", req.user);
-                if (req.user.email === process.env.ADMIN_EMAIL) {
-                  req.user.attributes = { isSuperadmin: true };
+  
+            if (!role) { //????
+              next();
+            }else {
+  
+              var hierarchicalRoles = that.ROLES[userRole];
+              winston.debug("hierarchicalRoles", hierarchicalRoles);
+  
+              if ( hierarchicalRoles ) {  //standard role
+                winston.debug("standard role: "+ userRole);
+                if (hierarchicalRoles.includes(role)) {
                   next();
                 } else {
-                  res.status(403).send({success: false, msg: 'you dont belong to the project.'});
+                  res.status(403).send({success: false, msg: 'you dont have the required role.'});
                 }
-                /**
-                 * Updated by Johnny - 29mar2024 - END
-                 */
+              } else { //custom role
+                
+                winston.debug("custom role: "+ userRole);
+                return that.hasPermission(permission)(req, res, next);
 
-                // if (req.user) equals super admin next()
-                //res.status(403).send({success: false, msg: 'you dont belong to the project.'});
-              }
-      
-          });
-      
-        }
-        
-      }
+                // if (permission==undefined) {
+                //   winston.debug("permission is empty go next");
+                //   return next();
+                // }
 
-// unused
-      hasRoleAsPromise(role, user_id, projectid) {
+                // // invece di questo codice richiama hasPermission()
+                // var permissions = project_user._doc.rolePermissions;
            
-        var that = this;
+                // winston.debug("hasPermission permissions", permissions);
+      
+                // winston.debug("hasPermission permission: "+ permission);               
 
-        return new Promise(function (resolve, reject) {              
-          // project_user_qui_importante
+                // if (permissions!=undefined && permissions.length>0) {
+                //   if (permissions.includes(permission)) {
+                //     next();
+                //   }else {                         
+                //     res.status(403).send({success: false, msg: 'you dont have the required permission.'});                
+                //   }
+                // } else { 
+                //   res.status(403).send({success: false, msg: 'you dont have the required permission. Is is empty'});                       
+                // }
 
-           // JWT_HERE
-          var query = { id_project: req.params.projectid, id_user: req.user._id, status: "active"};
-          if (req.user.sub && (req.user.sub=="userexternal" || req.user.sub=="guest")) {
-            query = { id_project: req.params.projectid, uuid_user: req.user._id};
-          }
 
-          Project_user.find(query).
-            exec(function (err, project_users) {
-              if (err) {
-                winston.error(err);
-                return reject(err);
               }
-
-      
-              if (project_users && project_users.length>0) {
                 
-                var project_user= project_users[0];
+            }
+          
+          } else {
+          
+            /**
+             * Updated by Johnny - 29mar2024 - START
+             */
+            // console.log("req.user: ", req.user);
+            if (req.user.email === process.env.ADMIN_EMAIL) {
+              req.user.attributes = { isSuperadmin: true };
+              next();
+            } else {
+              res.status(403).send({success: false, msg: 'you dont belong to the project.'});
+            }
+            /**
+             * Updated by Johnny - 29mar2024 - END
+             */
 
-                var userRole = project_user.role;
-                // winston.debug("userRole", userRole);
-      
-                if (!role) {
-                  resolve(project_user);
-                }else {
-      
-                  var hierarchicalRoles = that.ROLES[userRole];
-                  // winston.debug("hierarchicalRoles", hierarchicalRoles);
-      
-                  if ( hierarchicalRoles.includes(role)) {
-                    resolve(project_user);
-                  }else {
-                    reject({success: false, msg: 'you dont have the required role.'});
-                  }
-                }
-              } else {
-              
-                // if (req.user) equals super admin next()
-                reject({success: false, msg: 'you dont belong to the project.'});
-              }
-      
-          });
+            // if (req.user) equals super admin next()
+            //res.status(403).send({success: false, msg: 'you dont belong to the project.'});
+          }
       
-        });
       
-    }
-
+        }
+      }
+        
 }
 
 
+
 var roleChecker = new RoleChecker();
 module.exports = roleChecker;