Add leaderboard

Author: ArktinenKarpalo

openapi.yaml

@@ -828,6 +828,31 @@ paths:
                   type: string
                   example: '[email protected]'
                   minLength: 1
+  /api/v1/statistics/leaderboard: 
+    get: 
+      summary: Get top list of rv users, requires RV-Terminal-Secret header
+      operationId: leaderboard
+      tags:
+        - normal
+      responses: 
+        200: 
+          description: Check success.
+          content: 
+            application/json: 
+              schema: 
+                type: array
+                required: 
+                  - name
+                  - saldo
+                properties: 
+                  name: 
+                    type: string
+                  saldo:
+                    type: integer
+        403:
+          '$ref': '#/components/responses/NotAuthorizedErrorResponse'
+        400:
+          '$ref': '#/components/responses/BadRequestErrorResponse'
   /api/v1/user/user_exists: 
     post: 
       summary: Check if an user with the given username exists

src/app.ts

@@ -17,11 +17,11 @@ import auth_route from './routes/auth.js';
 import user_categories from './routes/categories.js';
 import user_products from './routes/products.js';
 import register_route from './routes/register.js';
+import statistics_route from './routes/statistics.js';
 import api_reset_route from './routes/test_env/api_data_reset.js';
 import user_route from './routes/user.js';
 import user_deposit_history_route from './routes/userDepositHistory.js';
 import user_purchase_history_route from './routes/userPurchaseHistory.js';
-
 const app = express();
 
 app.use(express.urlencoded({ extended: false }));
@@ -48,6 +48,7 @@ app.use('/api/v1/user', user_route);
 app.use('/api/v1/register', register_route);
 app.use('/api/v1/products', user_products);
 app.use('/api/v1/categories', user_categories);
+app.use('/api/v1/statistics', statistics_route);
 
 app.use('/api/v1/admin/defaultMargin', admin_default_margin);
 app.use('/api/v1/admin/products', admin_products);

src/db/userStore.ts

@@ -174,6 +174,11 @@ export const verifyRfid = async (rfid, rfidHash) => {
 	return await bcrypt.compare(rfid, rfidHash);
 };
 
+export const leaderboard = async () => {
+	const result = await knex.raw('SELECT name, saldo FROM "RVPERSON" ORDER BY saldo DESC limit 50;');
+	return result.rows;
+};
+
 export const recordDeposit = async (userId, amount, type) => {
 	if (type != 'cash' && type != 'banktransfer') {
 		throw new Error(`Unknown deposit type: ${type}`);

src/routes/authMiddleware.ts

@@ -8,6 +8,21 @@ export interface Authenticated_request extends Request {
 	user?: userStore.user;
 }
 
+export const requireRvTerminalSecretMiddleware = () => {
+	return async (req, res, next) => {
+		const authHeader = req.get('RV-Terminal-Secret');
+		if (authHeader !== process.env.RV_TERMINAL_SECRET) {
+			logger.warn('Request is not authorized for %s %s, missing rv terminal secret', req.method, req.originalUrl);
+			res.status(403).json({
+				error_code: 'not_authorized',
+				message: 'Not authorized',
+			});
+			return;
+		}
+		next();
+	};
+};
+
 const authMiddleware = ({
 	requiredRole = null,
 	tokenSecret = process.env.JWT_SECRET,

src/routes/statistics.ts

@@ -0,0 +1,12 @@
+import express from 'express';
+import { leaderboard } from '../db/userStore.js';
+import { requireRvTerminalSecretMiddleware } from './authMiddleware.js';
+const router = express.Router();
+
+router.get('/leaderboard', requireRvTerminalSecretMiddleware(), async (_, res) => {
+	const lb = await leaderboard();
+	console.log(lb);
+	res.json(lb);
+});
+
+export default router;