Merge branch 'dev' of https://github.com/Vizzuality/tnc-blue-carbon-c…

…ost-tool into feature/scorecard-view

.github/workflows/deploy.yml

@@ -146,6 +146,8 @@ jobs:
             AWS_SES_ACCESS_KEY_SECRET=${{ secrets.AWS_SES_ACCESS_KEY_SECRET }}
             AWS_SES_DOMAIN=${{ secrets.AWS_SES_DOMAIN }}
             AWS_REGION=${{ secrets.AWS_REGION }}
+            BACKOFFICE_SESSION_COOKIE_NAME=${{ vars.BACKOFFICE_SESSION_COOKIE_NAME }}
+            BACKOFFICE_SESSION_COOKIE_SECRET=${{ secrets.BACKOFFICE_SESSION_COOKIE_SECRET }}
           context: .
           cache-from: type=gha
           cache-to: type=gha,mode=max
@@ -155,47 +157,47 @@ jobs:
             ${{ steps.login-ecr.outputs.registry }}/${{ secrets.API_REPOSITORY_NAME }}:${{ github.sha }}
             ${{ steps.login-ecr.outputs.registry }}/${{ secrets.API_REPOSITORY_NAME }}:${{ needs.set_environment_name.outputs.env_name }}
 
-  build_admin:
+  build_backoffice:
     needs: [ set_environment_name ]
     environment:
       name: ${{ needs.set_environment_name.outputs.env_name }}
     runs-on: ubuntu-latest
-    name: Build Admin image and push to Amazon ECR
+    name: Build Backoffice image and push to Amazon ECR
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
 
       - uses: dorny/paths-filter@v3
-        id: admin-changes
+        id: backoffice-changes
         with:
           filters: |
-            admin:
-              - 'admin/**'
+            backoffice:
+              - 'backoffice/**'
               - '.github/workflows/**'
             shared:
               - 'shared/**'
 
       - name: Configure AWS credentials
-        if: ${{ github.event_name == 'workflow_dispatch' || steps.admin-changes.outputs.admin == 'true' }}
+        if: ${{ github.event_name == 'workflow_dispatch' || steps.backoffice-changes.outputs.backoffice == 'true' }}
         uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-access-key-id: ${{ secrets.PIPELINE_USER_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.PIPELINE_USER_SECRET_ACCESS_KEY }}
           aws-region: ${{ secrets.AWS_REGION }}
 
       - name: Login to Amazon ECR
-        if: ${{ github.event_name == 'workflow_dispatch' || steps.admin-changes.outputs.admin == 'true' }}
+        if: ${{ github.event_name == 'workflow_dispatch' || steps.backoffice-changes.outputs.backoffice == 'true' }}
         id: login-ecr
         uses: aws-actions/amazon-ecr-login@v2
         with:
           mask-password: 'true'
 
       - name: Set up Docker Buildx
-        if: ${{ github.event_name == 'workflow_dispatch' || steps.admin-changes.outputs.admin == 'true' }}
+        if: ${{ github.event_name == 'workflow_dispatch' || steps.backoffice-changes.outputs.backoffice == 'true' }}
         uses: docker/setup-buildx-action@v3
 
       - name: Build, tag, and push Admin image to Amazon ECR
-        if: ${{ github.event_name == 'workflow_dispatch' || steps.admin-changes.outputs.admin == 'true' }}
+        if: ${{ github.event_name == 'workflow_dispatch' || steps.backoffice-changes.outputs.backoffice == 'true' }}
         uses: docker/build-push-action@v6
         with:
           build-args: |
@@ -205,10 +207,12 @@ jobs:
             DB_USERNAME=${{ secrets.DB_USERNAME }}
             DB_PASSWORD=${{ secrets.DB_PASSWORD }}
             API_URL=${{ vars.NEXT_PUBLIC_API_URL }}
+            BACKOFFICE_SESSION_COOKIE_NAME=${{ vars.BACKOFFICE_SESSION_COOKIE_NAME }}
+            BACKOFFICE_SESSION_COOKIE_SECRET=${{ secrets.BACKOFFICE_SESSION_COOKIE_SECRET }}
           context: .
           cache-from: type=gha
           cache-to: type=gha,mode=max
-          file: ./admin/Dockerfile
+          file: ./backoffice/Dockerfile
           push: true
           tags: |
             ${{ steps.login-ecr.outputs.registry }}/${{ secrets.ADMIN_REPOSITORY_NAME }}:${{ github.sha }}
@@ -217,7 +221,7 @@ jobs:
 
   deploy:
     name: Deploy Services to Amazon EBS
-    needs: [ set_environment_name, build_client, build_api, build_admin ]
+    needs: [ set_environment_name, build_client, build_api, build_backoffice]
     runs-on: ubuntu-latest
     environment:
       name: ${{ needs.set_environment_name.outputs.env_name }}
@@ -258,7 +262,7 @@ jobs:
               restart: always
               ports:
                 - 4000:4000
-            admin:
+            backoffice:
               image: $ECR_REGISTRY/$ECR_REPOSITORY_ADMIN:$IMAGE_TAG
               restart: always
               ports:
@@ -274,7 +278,7 @@ jobs:
               depends_on:
                 - api
                 - client
-                - admin
+                - backoffice
           EOF
 
       - name: Generate zip file

api/Dockerfile

@@ -17,6 +17,8 @@ ARG AWS_SES_ACCESS_KEY_ID
 ARG AWS_SES_ACCESS_KEY_SECRET
 ARG AWS_SES_DOMAIN
 ARG AWS_REGION
+ARG BACKOFFICE_SESSION_COOKIE_NAME
+ARG BACKOFFICE_SESSION_COOKIE_SECRET
 
 ENV DB_HOST $DB_HOST
 ENV DB_PORT $DB_PORT
@@ -35,6 +37,8 @@ ENV AWS_SES_ACCESS_KEY_ID $AWS_SES_ACCESS_KEY_ID
 ENV AWS_SES_ACCESS_KEY_SECRET $AWS_SES_ACCESS_KEY_SECRET
 ENV AWS_SES_DOMAIN $AWS_SES_DOMAIN
 ENV AWS_REGION $AWS_REGION
+ENV BACKOFFICE_SESSION_COOKIE_NAME $BACKOFFICE_SESSION_COOKIE_NAME
+ENV BACKOFFICE_SESSION_COOKIE_SECRET $BACKOFFICE_SESSION_COOKIE_SECRET
 
 
 WORKDIR /app

api/package.json

@@ -31,7 +31,7 @@
     "class-transformer": "catalog:",
     "class-validator": "catalog:",
     "dotenv": "16.4.5",
-    "financejs": "^4.1.0",
+    "financial": "^0.2.4",
     "jsonapi-serializer": "^3.6.9",
     "lodash": "^4.17.21",
     "nestjs-base-service": "catalog:",
@@ -43,6 +43,7 @@
     "reflect-metadata": "catalog:",
     "rxjs": "^7.8.1",
     "typeorm": "catalog:",
+    "uid-safe": "^2.1.5",
     "xlsx": "^0.18.5",
     "zod": "catalog:"
   },
@@ -61,6 +62,7 @@
     "@types/passport-jwt": "^4.0.1",
     "@types/passport-local": "^1.0.38",
     "@types/supertest": "^6.0.0",
+    "@types/uid-safe": "^2.1.5",
     "@typescript-eslint/eslint-plugin": "^7.0.0",
     "@typescript-eslint/parser": "^7.0.0",
     "eslint": "^8.42.0",

api/src/modules/api-events/events.enum.ts

@@ -7,6 +7,8 @@ export enum API_EVENT_TYPES {
   EXCEL_IMPORT_FAILED = 'system.excel_import.failed',
   EXCEL_IMPORT_SUCCESS = 'system.excel_import.success',
   EXCEL_IMPORT_STARTED = 'system.excel_import.started',
+  CUSTOM_PROJECT_SAVED = 'custom_project.saved',
+  ERROR_SAVING_CUSTOM_PROJECT = 'custom_project.error_saving',
   // More events to come....
 }
 

api/src/modules/auth/auth.module.ts

@@ -6,6 +6,7 @@ import { AuthenticationModule } from '@api/modules/auth/authentication.module';
 import { RequestPasswordRecoveryCommandHandler } from '@api/modules/auth/commands/request-password-recovery-command.handler';
 import { NewUserEventHandler } from '@api/modules/admin/events/handlers/new-user-event.handler';
 import { PasswordRecoveryRequestedEventHandler } from '@api/modules/auth/events/handlers/password-recovery-requested.handler';
+import { BackofficeService } from './backoffice.service';
 
 @Module({
   imports: [AuthenticationModule, NotificationsModule],
@@ -15,6 +16,7 @@ import { PasswordRecoveryRequestedEventHandler } from '@api/modules/auth/events/
     RequestPasswordRecoveryCommandHandler,
     NewUserEventHandler,
     PasswordRecoveryRequestedEventHandler,
+    BackofficeService,
   ],
   exports: [AuthenticationModule, AuthMailer],
 })

api/src/modules/auth/authentication.controller.ts

@@ -5,6 +5,7 @@ import {
   UseInterceptors,
   ClassSerializerInterceptor,
   HttpStatus,
+  Res,
 } from '@nestjs/common';
 import { User } from '@shared/entities/users/user.entity';
 import { LocalAuthGuard } from '@api/modules/auth/guards/local-auth.guard';
@@ -21,13 +22,18 @@ import { CommandBus } from '@nestjs/cqrs';
 import { RequestPasswordRecoveryCommand } from '@api/modules/auth/commands/request-password-recovery.command';
 import { EmailConfirmation } from '@api/modules/auth/strategies/email-update.strategy';
 import { ROLES } from '@shared/entities/users/roles.enum';
+import { Response } from 'express';
+import { ApiConfigService } from '../config/app-config.service';
+import { BackofficeService } from './backoffice.service';
 
 @Controller()
 @UseInterceptors(ClassSerializerInterceptor)
 export class AuthenticationController {
   constructor(
     private authService: AuthenticationService,
+    private readonly backofficeService: BackofficeService,
     private readonly commandBus: CommandBus,
+    private readonly configService: ApiConfigService,
   ) {}
 
   @Public()
@@ -48,9 +54,27 @@ export class AuthenticationController {
   @Public()
   @UseGuards(LocalAuthGuard)
   @TsRestHandler(authContract.login)
-  async login(@GetUser() user: User): Promise<ControllerResponse> {
+  async login(
+    @GetUser() user: User,
+    @Res({ passthrough: true }) res: Response,
+  ): Promise<ControllerResponse> {
     return tsRestHandler(authContract.login, async () => {
-      const userWithAccessToken = await this.authService.logIn(user);
+      const [userWithAccessToken, backofficeSession] =
+        await this.authService.logIn(user);
+      if (backofficeSession !== undefined) {
+        const cookieName = this.configService.get(
+          'BACKOFFICE_SESSION_COOKIE_NAME',
+        );
+        const cookieValue =
+          this.backofficeService.generateCookieFromBackofficeSession(
+            backofficeSession,
+          );
+        res.cookie(cookieName, cookieValue, {
+          ...backofficeSession.sess.cookie,
+          sameSite: 'lax',
+        });
+      }
+
       return {
         body: userWithAccessToken,
         status: 201,

api/src/modules/auth/authentication.module.ts

@@ -14,9 +14,12 @@ import { JwtManager } from '@api/modules/auth/services/jwt.manager';
 import { ConfirmAccountStrategy } from '@api/modules/auth/strategies/confirm-account.strategy';
 import { PasswordManager } from '@api/modules/auth/services/password.manager';
 import { EmailConfirmationJwtStrategy } from '@api/modules/auth/strategies/email-update.strategy';
+import { BackOfficeSession } from '@shared/entities/users/backoffice-session';
+import { TypeOrmModule } from '@nestjs/typeorm';
 
 @Module({
   imports: [
+    TypeOrmModule.forFeature([BackOfficeSession]),
     PassportModule.register({ defaultStrategy: 'jwt' }),
     JwtModule.registerAsync({
       imports: [ApiConfigModule],