implemented groups and password hashing

- added Groups with creator, admins, members, groupChats, name - implemented hashing before storing the password in the database
5 years ago · 97ed21e469
parent ba828da18a
commit 97ed21e469
9 changed files with 328 additions and 2 deletions
--- a/src/graphql/resolvers.ts
+++ b/src/graphql/resolvers.ts
@ -1,8 +1,10 @@
 import {GraphQLError} from "graphql";
 import * as status from "http-status";
 import dataaccess from "../lib/dataaccess";
 import {UserNotFoundError} from "../lib/errors/UserNotFoundError";
 import {Group} from "../lib/models";
 import * as models from "../lib/models";
-import {NotLoggedInGqlError, PostNotFoundGqlError} from "../lib/errors/graphqlErrors";
+import {GroupNotFoundGqlError, NotLoggedInGqlError, PostNotFoundGqlError} from "../lib/errors/graphqlErrors";
 import globals from "../lib/globals";
 import {InternalEvents} from "../lib/InternalEvents";
 import {is} from "../lib/regex";
@ -106,7 +108,7 @@ export function resolver(req: any, res: any): any {
                    if (post) {
                        return await post.vote(req.session.userId, type);
                    } else {
-                        res.status(400);
+                        res.status(status.BAD_REQUEST);
                        return new PostNotFoundGqlError(postId);
                    }
                } else {
@ -229,5 +231,99 @@ export function resolver(req: any, res: any): any {
        async getPosts({first, offset, sort}: {first: number, offset: number, sort: dataaccess.SortType}) {
            return await dataaccess.getPosts(first, offset, sort);
        },
        async createGroup({name, members}: {name: string, members: number[]}) {
            if (req.session.userId) {
                return await dataaccess.createGroup(name, req.session.userId, members);
            } else {
                return new NotLoggedInGqlError();
            }
        },
        async joinGroup({id}: {id: number}) {
            if (req.session.userId) {
                const group = await models.Group.findByPk(id);
                if (group) {
                    const user = await models.User.findByPk(req.session.userId);
                    await group.$add("rMembers", user);
                    await (await group.chat()).$add("rMembers", user);
                    return group;
                } else {
                    res.status(status.BAD_REQUEST);
                    return new GroupNotFoundGqlError(id);
                }
            } else {
                res.status(status.UNAUTHORIZED);
                return new NotLoggedInGqlError();
            }
        },
        async leaveGroup({id}: {id: number}) {
            if (req.session.userId) {
                const group = await models.Group.findByPk(id);
                if (group) {
                    const user = await models.User.findByPk(req.session.userId);
                    await group.$remove("rMembers", user);
                    await (await group.chat()).$remove("rMembers", user);
                    return group;
                } else {
                    res.status(status.BAD_REQUEST);
                    return new GroupNotFoundGqlError(id);
                }
            } else {
                res.status(status.UNAUTHORIZED);
                return new NotLoggedInGqlError();
            }
        },
        async addGroupAdmin({groupId, userId}: {groupId: number, userId: number}) {
            if (req.session.userId) {
                const group = await models.Group.findByPk(groupId);
                const user = await models.User.findByPk(userId);
                const self = await models.User.findByPk(req.session.userId);
                if (!group) {
                    res.status(status.BAD_REQUEST);
                    return new GroupNotFoundGqlError(groupId);
                }
                if (!user) {
                    res.status(status.BAD_REQUEST);
                    return new UserNotFoundError(userId.toString()).graphqlError;
                }
                if (!(await group.$has("rAdmins", self)) && (await group.creator()) !== self.id) {
                    res.status(status.FORBIDDEN);
                    return new GraphQLError("You are not a group admin!");
                }
                await group.$add("rAdmins", user);
                return group;
            } else {
                res.status(status.UNAUTHORIZED);
                return new NotLoggedInGqlError();
            }
        },
        async removeGroupAdmin({groupId, userId}: {groupId: number, userId: number}) {
            if (req.session.userId) {
                const group = await models.Group.findByPk(groupId);
                const user = await models.User.findByPk(userId);
                if (!group) {
                    res.status(status.BAD_REQUEST);
                    return new GroupNotFoundGqlError(groupId);
                }
                if (!user) {
                    res.status(status.BAD_REQUEST);
                    return new UserNotFoundError(userId.toString()).graphqlError;
                }
                if ((await group.creator()).id === userId) {
                    res.status(status.FORBIDDEN);
                    return new GraphQLError("You can't remove the creator of a group.");
                }
                if ((await group.creator()).id !== req.session.userId) {
                    res.status(status.FORBIDDEN);
                    return new GraphQLError("You are not a group admin!");
                }
                await group.$remove("rAdmins", user);
                return group;
            } else {
                res.status(status.UNAUTHORIZED);
                return new NotLoggedInGqlError();
            }
        },
    };
 }
--- a/src/graphql/schema.graphql
+++ b/src/graphql/schema.graphql
@ -60,6 +60,21 @@ type Mutation {
    "Creates a chat between the user (and optional an other user)"
    createChat(members: [ID!]): ChatRoom
    "Creates a new group with a given name and additional members"
    createGroup(name: String!, members: [ID!]): Group
    "Joins a group with the given id"
    joinGroup(id: ID!): Group
    "leaves the group with the given id"
    leaveGroup(id: ID!): Group
    "adds an admin to the group"
    addGroupAdmin(groupId: ID!, userId: ID!): Group
    "removes an admin from the group"
    removeGroupAdmin(groupId: ID!, userId: ID!): Group
 }
 interface UserData {
@ -148,6 +163,16 @@ type Profile implements UserData {
    "all received request for groupChats/friends/events"
    receivedRequests: [Request]
    "all groups the user is an admin of"
    administratedGroups: [Group]
    "all groups the user has created"
    createdGroups: [Group]
    "all groups the user has joined"
    groups: [Group]
 }
 "represents a single user post"
@ -225,6 +250,26 @@ type ChatMessage {
    htmlContent: String
 }
 type Group {
    "ID of the group"
    id: ID!
    "name of the group"
    name: String!
    "the creator of the group"
    creator: User
    "all admins of the group"
    admins: [User]!
    "the members of the group with pagination"
    members(first: Int = 10, offset: Int = 0): [User]!
    "the groups chat"
    chat: ChatRoom
 }
 "represents the type of vote performed on a post"
 enum VoteType {
    UPVOTE
--- a/src/lib/dataaccess.ts
+++ b/src/lib/dataaccess.ts
@ -1,3 +1,4 @@
 import * as crypto from "crypto";
 import {Sequelize} from "sequelize-typescript";
 import {ChatNotFoundError} from "./errors/ChatNotFoundError";
 import {EmailAlreadyRegisteredError} from "./errors/EmailAlreadyRegisteredError";
@ -36,6 +37,9 @@ namespace dataaccess {
                models.PostVote,
                models.Request,
                models.User,
                models.Group,
                models.GroupAdmin,
                models.GroupMember,
            ]);
        } catch (err) {
            globals.logger.error(err.message);
@ -62,6 +66,9 @@ namespace dataaccess {
     * @param password
     */
    export async function getUserByLogin(email: string, password: string): Promise<models.User> {
        const hash = crypto.createHash("sha512");
        hash.update(password);
        password = hash.digest("hex");
        const user = await models.User.findOne({where: {email, password}});
        if (user) {
            return user;
@ -77,6 +84,9 @@ namespace dataaccess {
     * @param password
     */
    export async function registerUser(username: string, email: string, password: string): Promise<models.User> {
        const hash = crypto.createHash("sha512");
        hash.update(password);
        password = hash.digest("hex");
        const existResult = !!(await models.User.findOne({where: {username, email, password}}));
        const handle = generateHandle(username);
        if (!existResult) {
@ -201,6 +211,27 @@ namespace dataaccess {
        return request;
    }
    /**
     * Create a new group.
     * @param name
     * @param creator
     * @param members
     */
    export async function createGroup(name: string, creator: number, members: number[]): Promise<models.Group> {
        return sequelize.transaction(async (t) => {
            members.push(creator);
            const groupChat = await createChat(...members);
            const group = await models.Group.create({name, creatorId: creator, chatId: groupChat.id}, {transaction: t});
            const creatorUser = await models.User.findByPk(creator, {transaction: t});
            await group.$add("rAdmins", creatorUser, {transaction: t});
            for (const member of members) {
                const user = await models.User.findByPk(member, {transaction: t});
                await group.$add("rMembers", user, {transaction: t});
            }
            return group;
        });
    }
    /**
     * Enum representing the types of votes that can be performed on a post.
     */
--- a/src/lib/errors/graphqlErrors.ts
+++ b/src/lib/errors/graphqlErrors.ts
@ -11,3 +11,9 @@ export class PostNotFoundGqlError extends GraphQLError {
        super(`Post '${postId}' not found!`);
    }
 }
 export class GroupNotFoundGqlError extends GraphQLError {
    constructor(groupId: number) {
        super(`Group '${groupId}' not found!`);
    }
 }
--- a/src/lib/models/Group.ts
+++ b/src/lib/models/Group.ts
@ -0,0 +1,65 @@
 import * as sqz from "sequelize";
 import {
    BelongsTo,
    BelongsToMany,
    Column,
    CreatedAt, ForeignKey,
    HasMany,
    Model,
    NotNull,
    Table,
    Unique,
    UpdatedAt,
 } from "sequelize-typescript";
 import {ChatMessage} from "./ChatMessage";
 import {ChatRoom} from "./ChatRoom";
 import {GroupAdmin} from "./GroupAdmin";
 import {GroupMember} from "./GroupMember";
 import {User} from "./User";
@Table({underscored: true})
 export class Group extends Model<Group> {
    @NotNull
    @Column( {allowNull: false})
    public name: string;
    @NotNull
    @ForeignKey(() => User)
    @Column({allowNull: false})
    public creatorId: number;
    @NotNull
    @ForeignKey(() => ChatRoom)
    @Column({allowNull: false})
    public chatId: number;
    @BelongsTo(() => User, "creatorId")
    public rCreator: User;
    @BelongsToMany(() => User, () => GroupAdmin)
    public rAdmins: User[];
    @BelongsToMany(() => User, () => GroupMember)
    public rMembers: User[];
    @BelongsTo(() => ChatRoom)
    public rChat: ChatRoom;
    public async creator(): Promise<User> {
        return await this.$get("rCreator") as User;
    }
    public async admins(): Promise<User[]> {
        return await this.$get("rAdmins") as User[];
    }
    public async members({first, offset}: {first: number, offset: number}): Promise<User[]> {
        const limit = first || 10;
        offset = offset || 0;
        return await this.$get("rMembers", {limit, offset}) as User[];
    }
    public async chat(): Promise<ChatRoom> {
        return await this.$get("rChat") as ChatRoom;
    }
 }
--- a/src/lib/models/GroupAdmin.ts
+++ b/src/lib/models/GroupAdmin.ts
@ -0,0 +1,28 @@
 import * as sqz from "sequelize";
 import {
    BelongsTo,
    BelongsToMany,
    Column,
    CreatedAt, ForeignKey,
    HasMany,
    Model, Not,
    NotNull,
    Table,
    Unique,
    UpdatedAt,
 } from "sequelize-typescript";
 import {Group} from "./Group";
 import {User} from "./User";
@Table({underscored: true})
 export class GroupAdmin extends Model<GroupAdmin> {
    @NotNull
    @ForeignKey(() => User)
    @Column({allowNull: false})
    public userId: number;
    @NotNull
    @ForeignKey(() => Group)
    @Column({allowNull: false})
    public groupId: number;
 }
--- a/src/lib/models/GroupMember.ts
+++ b/src/lib/models/GroupMember.ts
@ -0,0 +1,28 @@
 import * as sqz from "sequelize";
 import {
    BelongsTo,
    BelongsToMany,
    Column,
    CreatedAt, ForeignKey,
    HasMany,
    Model, Not,
    NotNull,
    Table,
    Unique,
    UpdatedAt,
 } from "sequelize-typescript";
 import {Group} from "./Group";
 import {User} from "./User";
@Table({underscored: true})
 export class GroupMember extends Model<GroupMember> {
    @NotNull
    @ForeignKey(() => User)
    @Column({allowNull: false})
    public userId: number;
    @NotNull
    @ForeignKey(() => Group)
    @Column({allowNull: false})
    public groupId: number;
 }
--- a/src/lib/models/User.ts
+++ b/src/lib/models/User.ts
@ -15,6 +15,9 @@ import {ChatMember} from "./ChatMember";
 import {ChatMessage} from "./ChatMessage";
 import {ChatRoom} from "./ChatRoom";
 import {Friendship} from "./Friendship";
 import {Group} from "./Group";
 import {GroupAdmin} from "./GroupAdmin";
 import {GroupMember} from "./GroupMember";
 import {Post} from "./Post";
 import {PostVote} from "./PostVote";
 import {Request, RequestType} from "./Request";
@ -52,6 +55,12 @@ export class User extends Model<User> {
    @BelongsToMany(() => ChatRoom, () => ChatMember)
    public rChats: ChatRoom[];
    @BelongsToMany(() => Group, () => GroupAdmin)
    public rAdministratedGroups: Group[];
    @BelongsToMany(() => Group, () => GroupMember)
    public rGroups: Group[];
    @HasMany(() => Post, "authorId")
    public rPosts: Post[];
@ -64,6 +73,9 @@ export class User extends Model<User> {
    @HasMany(() => ChatMessage, "authorId")
    public messages: ChatMessage[];
    @HasMany(() => Group, "creatorId")
    public rCreatedGroups: Group[];
    @CreatedAt
    public readonly createdAt!: Date;
@ -102,6 +114,18 @@ export class User extends Model<User> {
        return this.$count("rPosts");
    }
    public async administratedGroups(): Promise<Group[]> {
        return await this.$get("rAdministratedGroups") as Group[];
    }
    public async createdGroups(): Promise<Group[]> {
        return await this.$get("rCreatedGroups") as Group[];
    }
    public async groups(): Promise<Group[]> {
        return await this.$get("rGroups") as Group[];
    }
    public async denyRequest(sender: number, type: RequestType) {
        const request = await this.$get("rReceivedRequests",
            {where: {senderId: sender, requestType: type}}) as Request[];
--- a/src/lib/models/index.ts
+++ b/src/lib/models/index.ts
@ -6,3 +6,6 @@ export {Post} from "./Post";
 export {PostVote} from "./PostVote";
 export {Request} from "./Request";
 export {User} from "./User";
 export {Group} from "./Group";
 export {GroupAdmin} from "./GroupAdmin";
 export {GroupMember} from "./GroupMember";