Feature/admin (#232)

devsoc-unsw · Aug 24, 2023 · 09a9c5a · 09a9c5a
1 parent 3ffeebd
commit 09a9c5a
Show file tree

Hide file tree

Showing 146 changed files with 688 additions and 19,575 deletions.
diff --git a/backend/src/controllers/course.controller.ts b/backend/src/controllers/course.controller.ts
@@ -2,16 +2,7 @@ import { Router, Request, Response, NextFunction } from "express";
 import { formatError, getLogger } from "../utils/logger";
 import { IController } from "../interfaces/IController";
 import { CourseService } from "../services/course.service";
-
-import {
-  BookmarkCourseSchema,
-  UpdateCourseSchema,
-  CourseBody,
-  BookmarkCourse,
-} from "../api/schemas/course.schema";
-import validationMiddleware from "../api/middlewares/validation";
-import { HTTPError } from "../utils/errors";
-import { badRequest } from "../utils/constants";
+import verifyToken from "../api/middlewares/auth";
 
 export class CourseController implements IController {
   private readonly logger = getLogger();
@@ -49,35 +40,6 @@ export class CourseController implements IController {
           }
         },
       )
-      .put(
-        "/courses/:courseCode",
-        validationMiddleware(UpdateCourseSchema, "body"),
-        async (
-          req: Request<{ courseCode: string }, unknown, CourseBody>,
-          res: Response,
-          next: NextFunction,
-        ) => {
-          const { courseCode } = req.params;
-          this.logger.debug(`Received request in PUT /courses/${courseCode}`);
-          try {
-            const { course } = req.body;
-            if (courseCode !== course.courseCode)
-              throw new HTTPError(badRequest);
-            const result = await this.courseService.updateCourse(course);
-            this.logger.info(
-              `Responding to client in PUT /courses/${courseCode}`,
-            );
-            return res.status(200).json(result);
-          } catch (err: any) {
-            this.logger.warn(
-              `An error occurred when trying to PUT /courses/${courseCode} ${formatError(
-                err,
-              )}`,
-            );
-            return next(err);
-          }
-        },
-      )
       .get(
         "/course/:courseCode",
         async (
@@ -129,6 +91,7 @@ export class CourseController implements IController {
       )
       .delete(
         "/cached/:key",
+        [verifyToken],
         async (
           req: Request<{ key: string }, unknown>,
           res: Response,
@@ -137,7 +100,8 @@ export class CourseController implements IController {
           this.logger.debug(`Received request in DELETE /cached/:key`);
           try {
             const key: string = req.params.key;
-            const result = await this.courseService.flushKey(key);
+            const zid = req.headers.zid as string;
+            const result = await this.courseService.flushKey(zid, key);
             this.logger.info(`Responding to client in DELETE /cached/${key}`);
             return res.status(200).json(result);
           } catch (err: any) {

diff --git a/backend/src/controllers/report.controller.ts b/backend/src/controllers/report.controller.ts
@@ -1,6 +1,7 @@
 import { Router, Request, Response, NextFunction } from "express";
 import { formatError, getLogger } from "../utils/logger";
 import { ReportService } from "../services/report.service";
+import verifyToken from "../api/middlewares/auth";
 import validationMiddleware from "../api/middlewares/validation";
 import {
   CreateReport,
@@ -23,10 +24,12 @@ export class ReportController implements IController {
     return Router()
       .get(
         "/reports",
+        [verifyToken],
         async (req: Request, res: Response, next: NextFunction) => {
           this.logger.debug(`Received GET request in /reports`);
           try {
-            const result = await this.reportService.getAllReports();
+            const zid = req.headers.zid as string;
+            const result = await this.reportService.getAllReports(zid);
             this.logger.info(`Responding to client in /reports`);
             return res.status(200).json(result);
           } catch (err: any) {
@@ -41,7 +44,7 @@ export class ReportController implements IController {
       )
       .post(
         "/reports",
-        validationMiddleware(CreateReportSchema, "body"),
+        [verifyToken, validationMiddleware(CreateReportSchema, "body")],
         async (
           req: Request<Record<string, never>, unknown, CreateReport>,
           res: Response,
@@ -65,7 +68,7 @@ export class ReportController implements IController {
       )
       .put(
         "/reports",
-        validationMiddleware(UpdateReportStatusSchema, "body"),
+        [verifyToken, validationMiddleware(UpdateReportStatusSchema, "body")],
         async (
           req: Request<Record<string, never>, unknown, UpdateReportStatus>,
           res: Response,

diff --git a/backend/src/controllers/review.controller.ts b/backend/src/controllers/review.controller.ts
@@ -1,6 +1,7 @@
 import { Router, Request, Response, NextFunction } from "express";
 import { formatError, getLogger } from "../utils/logger";
 import { ReviewService } from "../services/review.service";
+import verifyToken from "../api/middlewares/auth";
 import validationMiddleware from "../api/middlewares/validation";
 import { HTTPError } from "../utils/errors";
 import { badRequest } from "../utils/constants";
@@ -73,7 +74,7 @@ export class ReviewController implements IController {
       )
       .post(
         "/reviews",
-        validationMiddleware(PostReviewSchema, "body"),
+        [verifyToken, validationMiddleware(PostReviewSchema, "body")],
         async (
           req: Request<Record<string, never>, unknown, PostReviewRequestBody>,
           res: Response,
@@ -98,7 +99,7 @@ export class ReviewController implements IController {
       )
       .put(
         "/reviews/:reviewId",
-        validationMiddleware(PutReviewRequestBodySchema, "body"),
+        [verifyToken, validationMiddleware(PutReviewRequestBodySchema, "body")],
         async (
           req: Request<{ reviewId: string }, unknown, PutReviewRequestBody>,
           res: Response,
@@ -129,6 +130,7 @@ export class ReviewController implements IController {
       )
       .delete(
         "/reviews/:reviewId",
+        [verifyToken],
         async (
           req: Request<{ reviewId: string }, unknown>,
           res: Response,
@@ -155,7 +157,7 @@ export class ReviewController implements IController {
       )
       .post(
         "/reviews/bookmark",
-        validationMiddleware(BookmarkReviewSchema, "body"),
+        [verifyToken, validationMiddleware(BookmarkReviewSchema, "body")],
         async (
           req: Request<Record<string, never>, unknown, BookmarkReview>,
           res: Response,
@@ -182,7 +184,7 @@ export class ReviewController implements IController {
       )
       .post(
         "/reviews/upvote",
-        validationMiddleware(UpvoteReviewSchema, "body"),
+        [verifyToken, validationMiddleware(UpvoteReviewSchema, "body")],
         async (
           req: Request<Record<string, never>, unknown, UpvoteReview>,
           res: Response,

diff --git a/backend/src/repositories/course.repository.ts b/backend/src/repositories/course.repository.ts
@@ -196,13 +196,4 @@ export class CourseRepository {
     const courses = rawCourses.map((course) => CourseSchema.parse(course));
     return courses;
   }
-
-  async save(course: Course): Promise<Course> {
-    const newCourseData = await this.prisma.courses.update({
-      where: { courseCode: course.courseCode },
-      data: { ...course },
-    });
-    const newCourse = CourseSchema.parse(newCourseData);
-    return newCourse;
-  }
 }
diff --git a/backend/src/repositories/report.repository.ts b/backend/src/repositories/report.repository.ts
@@ -1,25 +1,19 @@
 import { PrismaClient } from "@prisma/client";
-import {
-  CreateReport,
-  Report,
-  ReportSchema,
-  UpdateReportStatus,
-} from "../api/schemas/report.schema";
+import { CreateReport, UpdateReportStatus } from "../api/schemas/report.schema";
 
 export class ReportRepository {
   constructor(private readonly prisma: PrismaClient) {}
 
-  async getAllReports(): Promise<Report[]> {
+  async getAllReports() {
     const rawReports = await this.prisma.reports.findMany({
       include: {
         users: true,
       },
     });
-    const reports = rawReports.map((report) => ReportSchema.parse(report));
-    return reports;
+    return rawReports;
   }
 
-  async getReportByUser(zid: string): Promise<Report[]> {
+  async getReportByUser(zid: string) {
     const rawReports = await this.prisma.reports.findMany({
       where: {
         zid: zid,
@@ -28,8 +22,7 @@ export class ReportRepository {
         reviews: true,
       },
     });
-    const reports = rawReports.map((report) => ReportSchema.parse(report));
-    return reports;
+    return rawReports;
   }
 
   async getReportByUserAndReview(zid: string, reviewId: string) {
@@ -70,19 +63,15 @@ export class ReportRepository {
     return rawReport;
   }
 
-  async saveReport(report: UpdateReportStatus): Promise<Report> {
-    const rawReport = await this.prisma.reports.update({
+  async updateReport(report: UpdateReportStatus) {
+    const updatedReport = await this.prisma.reports.update({
       where: {
         reportId: report.reportId,
       },
       data: {
         ...report,
       },
-      include: {
-        users: true,
-      },
     });
-    const savedReport = ReportSchema.parse(rawReport);
-    return savedReport;
+    return updatedReport;
   }
 }
diff --git a/backend/src/services/course.service.test.ts b/backend/src/services/course.service.test.ts
@@ -64,29 +64,6 @@ describe("CourseService", () => {
     });
   });
 
-  describe("updateCourse", () => {
-    it("should throw HTTP 400 error if no courses in database", () => {
-      const service = courseService();
-      const course = getMockCourses()[0];
-      courseRepository.getCourse = jest.fn().mockResolvedValue(undefined);
-
-      const errorResult = new HTTPError(badRequest);
-      expect(service.updateCourse(course)).rejects.toThrow(errorResult);
-    });
-
-    it("should resolve and return new updated course", () => {
-      const service = courseService();
-      const entity = getCourseEntity();
-      const course = getMockCourses()[0];
-      courseRepository.getCourse = jest.fn().mockResolvedValue(entity);
-      courseRepository.save = jest.fn().mockResolvedValue(entity);
-
-      expect(service.updateCourse(course)).resolves.toEqual({
-        course: course,
-      });
-    });
-  });
-
   describe("getCourse", () => {
     it("should throw HTTP 500 error if there is no course in database", () => {
       const service = courseService();

diff --git a/backend/src/services/course.service.ts b/backend/src/services/course.service.ts
@@ -1,11 +1,14 @@
 import { getLogger } from "../utils/logger";
 import { HTTPError } from "../utils/errors";
-import { badRequest, internalServerError } from "../utils/constants";
+import {
+  badRequest,
+  internalServerError,
+  unauthorizedError,
+} from "../utils/constants";
 import { CourseRepository } from "../repositories/course.repository";
 import { UserRepository } from "../repositories/user.repository";
 import RedisClient from "../modules/redis";
 import {
-  BookmarkCourse,
   Course,
   CourseBody,
   CoursesSuccessResponse,
@@ -85,27 +88,18 @@ export class CourseService {
     return { courses };
   }
 
-  async updateCourse(updatedCourse: Course): Promise<CourseBody | undefined> {
-    let course = await this.courseRepository.getCourse(
-      updatedCourse.courseCode,
-    );
-
-    if (!course) {
-      this.logger.error(
-        `There is no course with courseCode ${updatedCourse.courseCode}.`,
-      );
+  async flushKey(zid: string, key: string) {
+    const userInfo = await this.userRepository.getUser(zid);
+    if (!userInfo) {
+      this.logger.error(`Database could not find user with zid ${zid}`);
       throw new HTTPError(badRequest);
     }
 
-    course = await this.courseRepository.save(course);
-
-    this.logger.info(
-      `Successfully updated course with courseCode ${updatedCourse.courseCode}.`,
-    );
-    return { course };
-  }
+    if (!userInfo.isAdmin) {
+      this.logger.error(`Non-admin ${zid} tried retrieving reports`);
+      throw new HTTPError(unauthorizedError);
+    }
 
-  async flushKey(key: string) {
     await this.redis.del(key);
   }
 }