dreampipcom · angeloreale · Aug 25, 2024 · Aug 21, 2024 · Aug 22, 2024 · Aug 22, 2024
diff --git a/.env.local.public b/.env.local.public
@@ -34,6 +34,7 @@ NEXUS_BASE_PATH=
 
 # for docker images only
 NEXUS_STANDALONE=
+NEXUS_STANDALONE_PRISMA_ONLY=
 
 # keep alive secret for private endpoints healthcheck
 NEXUS_KEEPALIVE=

diff --git a/lib/auth/constants.ts b/lib/auth/constants.ts
@@ -15,6 +15,7 @@ import {
   GetPrivateCommonServices,
   UpdatePrivateUserAbilities,
   GetPrivateCommonAbilities,
+  GetPrivateAbilities,
 } from '@controller';
 import { PrivatePrisma } from '@model';
 
@@ -35,15 +36,23 @@ export const GetSession = async ({ cookies = '' }) => {
   }
 };
 
+// to-do: admin sanitizer
+
 // schema sanitizer
 const allUsersSideEffects = async ({ user }: any) => {
   const services = await GetPrivateCommonServices({});
   const abilities = await GetPrivateCommonAbilities({});
   const commonServices = services.map((service: any) => service?.id).map((el: any) => el);
   const commonAbilities = abilities.map((ability: any) => ability?.id).map((el: any) => el);
 
+  const [dpcpAbility] = await GetPrivateAbilities({ type: 'R', target: 'dpcp-vibemodulator', action: 'view-listings' });
+
   await UpdatePrivateUserServices({ user, services: [...commonServices, ...user.servicesIds], upsert: false });
-  await UpdatePrivateUserAbilities({ user, abilities: [...commonAbilities, ...user.abilitiesIds], upsert: false });
+  await UpdatePrivateUserAbilities({
+    user,
+    abilities: [...commonAbilities, ...user.abilitiesIds, dpcpAbility.id],
+    upsert: false,
+  });
 };
 
 export const providers: any[] = [
@@ -126,7 +135,7 @@ export const authConfig = {
       return true;
     },
     async redirect() {
-      return `${process.env.MAIN_URL}/dash`;
+      return `${process.env.MAIN_URL}/dash/signin`;
     },
     // async jwt({ user, token }) {
     //   if (user) {
@@ -191,7 +200,7 @@ export const authConfig = {
   trustHost: true,
   pages: {
     signIn: '/dash/signin',
-    signOut: '/',
+    signOut: '/dash/signin',
     error: '/dash/error', // Error code passed in query string as ?error=
     verifyRequest: '/dash/verify', // (used for check email message)
     // newUser: '/' // New users will be directed here on first sign in (leave the property out if not of interest)

diff --git a/lib/model/interfaces/get-private-abilities.ts b/lib/model/interfaces/get-private-abilities.ts
@@ -1,3 +1,4 @@
+/* eslint @typescript-eslint/no-unused-vars:0 */
 // @controller/get-private-services.ts
 import { whoAmI } from '@controller';
 import { PrivatePrisma } from '@model';
@@ -7,8 +8,11 @@ const PAGE_SIZE = 100;
 const getPrivateAbilities = async ({
   id,
   name,
-  locale = 'es',
+  locale = 'en',
   user,
+  type,
+  target,
+  action,
   page = 0,
   offset = 0,
   limit = PAGE_SIZE,
@@ -18,8 +22,16 @@ const getPrivateAbilities = async ({
 
   const adaptQuery: any = {
     where: {
-      id,
-      name: { [locale]: name },
+      OR: [
+        {
+          id,
+        },
+        {
+          type,
+          target,
+          action,
+        },
+      ],
     },
     skip: page * (limit + offset),
     take: limit,
@@ -31,7 +43,7 @@ const getPrivateAbilities = async ({
       const supportedQueries: Record<string, any> = {
         user: {
           query: {
-            OR: [{ id: { in: loggedUser?.servicesIds }, name: { [locale]: name } }, { userOwner: loggedUser?.id }],
+            OR: [{ id: { in: loggedUser?.abilities } }, { userOwnerId: loggedUser.id }],
           },
         },
         // group: {
@@ -49,15 +61,16 @@ const getPrivateAbilities = async ({
         return acc;
       }, {});
 
-      adaptQuery.where = {
-        ...adaptQuery.where,
-        ...query,
-      };
+      adaptQuery.where.OR = query?.OR;
     } catch (e) {
-      throw new Error('Code 001: Wrong filter');
+      throw new Error('Code 000/2: Wrong filter');
     }
   }
 
+  if (!(adaptQuery?.where?.OR?.length > 0)) {
+    throw new Error('Code 000/1: Malformed request');
+  }
+
   const response = await PrivatePrisma.abilities.findMany(adaptQuery);
 
   return response;

diff --git a/lib/model/interfaces/get-private-common-abilities.ts b/lib/model/interfaces/get-private-common-abilities.ts
@@ -7,7 +7,11 @@ const getPrivateCommonAbilities = async ({ page = 0, offset = 0, limit = PAGE_SI
   // to-do: move, this will be a middleware
   const adaptQuery: any = {
     where: {
-      nature: 'COMMON',
+      OR: [
+        {
+          nature: 'COMMON',
+        },
+      ],
     },
     skip: page * (limit + offset),
     take: limit,
@@ -37,15 +41,16 @@ const getPrivateCommonAbilities = async ({ page = 0, offset = 0, limit = PAGE_SI
         return acc;
       }, {});
 
-      adaptQuery.where = {
-        ...adaptQuery.where,
-        ...query,
-      };
+      adaptQuery.where.OR = query?.OR;
     } catch (e) {
-      throw new Error('Code 001: Wrong filter');
+      throw new Error('Code 000/2: Wrong filter');
     }
   }
 
+  if (!(adaptQuery?.where?.OR?.length > 0)) {
+    throw new Error('Code 000/1: Malformed request');
+  }
+
   const response = await PrivatePrisma.abilities.findMany(adaptQuery);
 
   return response;

diff --git a/lib/model/interfaces/get-private-common-services.ts b/lib/model/interfaces/get-private-common-services.ts
@@ -7,7 +7,11 @@ const getPrivateCommonServices = async ({ page = 0, offset = 0, limit = PAGE_SIZ
   // to-do: move, this will be a middleware
   const adaptQuery: any = {
     where: {
-      nature: 'COMMON',
+      OR: [
+        {
+          nature: 'COMMON',
+        },
+      ],
     },
     skip: page * (limit + offset),
     take: limit,
@@ -37,15 +41,16 @@ const getPrivateCommonServices = async ({ page = 0, offset = 0, limit = PAGE_SIZ
         return acc;
       }, {});
 
-      adaptQuery.where = {
-        ...adaptQuery.where,
-        ...query,
-      };
+      adaptQuery.where.OR = query?.OR;
     } catch (e) {
-      throw new Error('Code 001: Wrong filter');
+      throw new Error('Code 000/2: Wrong filter');
     }
   }
 
+  if (!(adaptQuery?.where?.OR?.length > 0)) {
+    throw new Error('Code 000/1: Malformed request');
+  }
+
   const response = await PrivatePrisma.services.findMany(adaptQuery);
 
   return response;

diff --git a/lib/model/interfaces/get-private-services.ts b/lib/model/interfaces/get-private-services.ts
@@ -1,14 +1,15 @@
+/* eslint @typescript-eslint/no-unused-vars:0 */
 // @controller/get-private-services.ts
 import { PrivatePrisma } from '@model';
-import { whoAmI } from '@controller';
+import { whoAmI, canI } from '@controller';
 
 const PAGE_SIZE = 100;
 
 const getPrivateServices = async ({
   id,
-  name,
-  locale = 'es',
   user,
+  locale = 'en',
+  target,
   page = 0,
   offset = 0,
   limit = PAGE_SIZE,
@@ -18,8 +19,14 @@ const getPrivateServices = async ({
 
   const adaptQuery: any = {
     where: {
-      id,
-      name: { [locale]: name },
+      OR: [
+        {
+          id,
+        },
+        {
+          slug: target,
+        },
+      ],
     },
     skip: page * (limit + offset),
     take: limit,
@@ -31,7 +38,7 @@ const getPrivateServices = async ({
       const supportedQueries: Record<string, any> = {
         user: {
           query: {
-            OR: [{ id: { in: loggedUser?.servicesIds }, name: { [locale]: name } }, { userOwner: loggedUser?.id }],
+            OR: [{ id: { in: loggedUser?.services } }, { userOwnerId: loggedUser.id }],
           },
         },
         // group: {
@@ -49,18 +56,25 @@ const getPrivateServices = async ({
         return acc;
       }, {});
 
-      adaptQuery.where = {
-        ...adaptQuery.where,
-        ...query,
-      };
+      adaptQuery.where.OR = query?.OR;
+
+      const response = await PrivatePrisma.services.findMany(adaptQuery);
+      return response;
     } catch (e) {
-      throw new Error('Code 001: Wrong filter');
+      throw new Error(`Code 000/2: Wrong filter: ${e}`);
     }
   }
 
-  const response = await PrivatePrisma.services.findMany(adaptQuery);
+  if (!(adaptQuery?.where?.OR?.length > 0)) {
+    throw new Error('Code 000/1: Malformed request');
+  }
 
-  return response;
+  if (await canI({ type: 'R', action: 'view-listings', target, user: loggedUser })) {
+    const response = await PrivatePrisma.services.findMany(adaptQuery);
+    return response;
+  } else {
+    throw new Error(`Code 001/0: Not authorized.`);
+  }
 };
 
 export default getPrivateServices;
diff --git a/lib/model/interfaces/get-public-listings-iface.ts b/lib/model/interfaces/get-public-listings-iface.ts
@@ -5,6 +5,13 @@ const PAGE_SIZE = 100;
 
 const getPublicListings = async ({ page = 0, offset = 0, limit = PAGE_SIZE, filters = [] }: any) => {
   const adaptQuery: any = {
+    where: {
+      OR: [
+        {
+          status: 'ACTIVE',
+        },
+      ],
+    },
     skip: page * (limit + offset),
     take: limit,
     cacheStrategy: process.env.NEXUS_STANDALONE !== 'true' ? { ttl: 90, swr: 60 * 60 * 24 * 7 } : undefined,
@@ -45,14 +52,16 @@ const getPublicListings = async ({ page = 0, offset = 0, limit = PAGE_SIZE, filt
         return acc;
       }, {});
 
-      adaptQuery.where = {
-        ...query,
-      };
+      adaptQuery.where.OR = query?.OR;
     } catch (e) {
-      throw new Error('Code 001: Wrong filter');
+      throw new Error('Code 000/2: Wrong filter');
     }
   }
 
+  if (!(adaptQuery?.where?.OR?.length > 0)) {
+    throw new Error('Code 000/1: Malformed request');
+  }
+
   const response = await PublicPrisma.publicListings.findMany(adaptQuery);
 
   return response;

diff --git a/lib/model/interfaces/middleware/authorization.ts b/lib/model/interfaces/middleware/authorization.ts
@@ -2,11 +2,11 @@
 import { getSession, GetSession } from '@auth';
 import { GetPrivateAbilities } from '@controller';
 import { cookies as nextCookies } from 'next/headers';
-export const canI = async ({ name, user }: any) => {
+export const canI = async ({ type, target, action, user }: any) => {
   try {
-    const ability = await GetPrivateAbilities({ name });
+    const abilities = await GetPrivateAbilities({ type, target, action });
     // to-do add authorization/validation checks
-    const yes = user?.abilities?.includes(ability[0]?.id);
+    const yes = abilities?.some((ability) => user?.abilities.includes(ability.id));
     // return the capacity
     return yes;
   } catch (e) {
@@ -18,7 +18,6 @@ export const whoAmI = async ({ cookies }: any) => {
     const cookieString = nextCookies().getAll().toString();
     const session = (await getSession()) || (await GetSession({ cookies: cookieString || cookies }));
     // to-do add authorization/validation checks
-    console.log({ cookieString, session });
     return session?.user;
   } catch (e) {
     throw new Error(`Code 007: Can't identify user ${e}`);

diff --git a/lib/model/interfaces/update-private-user-abilities.ts b/lib/model/interfaces/update-private-user-abilities.ts
@@ -6,7 +6,7 @@ import { PrivatePrisma } from '@model';
 const updatePrivateUserAbilities = async ({ upsert = false, user, abilities }: any) => {
   try {
     // to-do: move this will be a middleware
-    if (abilities?.length === 0) return new Error('Code 002: Missing data (abilities)');
+    if (abilities?.length === 0) return new Error('Code 002/1: Missing data (abilities)');
 
     const loggedUser = user || (await whoAmI({}));
 
@@ -29,7 +29,7 @@ const updatePrivateUserAbilities = async ({ upsert = false, user, abilities }: a
 
     return response;
   } catch (e) {
-    throw new Error(`Code 003: Missing results: ${e}`);
+    throw new Error(`Code 002/0: Missing results: ${e}`);
   }
 };
 

diff --git a/lib/model/interfaces/update-private-user-favorite-listings.ts b/lib/model/interfaces/update-private-user-favorite-listings.ts
@@ -3,17 +3,15 @@
 import { whoAmI, canI } from '@controller';
 import { PrivatePrisma } from '@model';
 
-const updatePrivateUserFavoriteListings = async ({ upsert = true, user, listings = [], type = 'id' }: any) => {
+const updatePrivateUserFavoriteListings = async ({ upsert = true, user, target, listings = [], type = 'id' }: any) => {
   try {
     if (listings?.length === 0) return new Error('Code 002: Missing data (listings)');
 
     const loggedUser = user || (await whoAmI({}));
 
-    console.log({ user, loggedUser });
-
     const delta = upsert ? listings.filter((listing: any) => !loggedUser?.favorites?.includes(listing)) : [];
 
-    if ((await canI({ name: 'Ability 1', user: loggedUser })) && type === 'id') {
+    if ((await canI({ type: 'U', action: 'favorite', target, user: loggedUser })) && type === 'id') {
       const swapUserData = loggedUser.favorites.filter((listing: string) => !listings.includes(listing));
       const payload = upsert
         ? {
@@ -31,7 +29,7 @@ const updatePrivateUserFavoriteListings = async ({ upsert = true, user, listings
 
       const response = await PrivatePrisma.user.update(adaptQuery);
       return response;
-    } else if ((await canI({ name: 'Ability 1', user: loggedUser })) && type === 'string') {
+    } else if ((await canI({ type: 'U', action: 'favorite', target, user: loggedUser })) && type === 'string') {
       const userData = loggedUser?.favoritesStrings;
       const swapData = userData.filter((listing: string) => listings.includes(listing));
       const transaction = userData
@@ -54,10 +52,10 @@ const updatePrivateUserFavoriteListings = async ({ upsert = true, user, listings
       const response = await PrivatePrisma.user.update(adaptQuery);
       return response;
     } else {
-      throw new Error(`403: Not authorized.`);
+      throw new Error(`Code 001/0: Not authorized.`);
     }
   } catch (e) {
-    throw new Error(`Code 003: Missing results: ${e}`);
+    throw new Error(`Code 002/0: Missing results: ${e}`);
   }
 };