xfarrow/blink
0
0
Fork 0
mirror of https://github.com/xfarrow/blink synced 2025-06-27 09:03:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

npx eslint --fix

Browse Source
This commit is contained in:
Alessandro Ferro
2024-02-23 11:17:02 +01:00
parent 4a712f4de3
commit 7bd6889768
18 changed files with 618 additions and 662 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
backend/apis/nodejs/src/app.js
View File

@ -20,10 +20,9 @@ const rateLimit = require('express-rate-limit');
const personRoutes = require('./routes/person_routes.js');
const organizationRoutes = require('./routes/organization_routes.js');
const organizationAdminRoutes = require('./routes/organization_admin_routes.js');
const organizationPostRoutes = require('./routes/organization_post_routes.js')
const organizationPostRoutes = require('./routes/organization_post_routes.js');
const jwt_utils = require('./utils/jwt_utils.js');
// Application configuration
const app = express();
app.use(express.json()); // Middleware which parses JSON for POST requests
@ -31,7 +30,7 @@ app.use(cors()); // Enable CORS for all routes
app.use(rateLimit({
windowMs: process.env.LIMITER_WINDOW,
max: process.env.LIMITER_MAXIMUM_PER_WINDOW,
message: {error : "Too many requests from this IP, please try again later"}
message: { error: 'Too many requests from this IP, please try again later' }
})); // Apply the rate limiter middleware to all routes
const publicRoutes = express.Router();

76
backend/apis/nodejs/src/models/organization_admin_model.js
View File

@ -20,13 +20,13 @@ const knex = require('../utils/knex_config');
* @param {*} organizationId
* @returns true if administrator, false otherwise
*/
async function isPersonAdmin(personId, organizationId){
const isPersonAdmin = await knex('OrganizationAdministrator')
.where('id_person', personId)
.where('id_organization', organizationId)
.select('*')
.first();
return isPersonAdmin;
async function isPersonAdmin (personId, organizationId) {
const isPersonAdmin = await knex('OrganizationAdministrator')
.where('id_person', personId)
.where('id_organization', organizationId)
.select('*')
.first();
return isPersonAdmin;
}
/**
@ -34,12 +34,12 @@ async function isPersonAdmin(personId, organizationId){
* @param {*} personId
* @param {*} organizationId
*/
async function addOrganizationAdministrator(personId, organizationId){
await knex('OrganizationAdministrator')
.insert({
id_person: personId,
id_organization: organizationId
});
async function addOrganizationAdministrator (personId, organizationId) {
await knex('OrganizationAdministrator')
.insert({
id_person: personId,
id_organization: organizationId
});
}
/**
@ -48,35 +48,35 @@ async function addOrganizationAdministrator(personId, organizationId){
* @param {*} personId
* @param {*} organizationId
*/
async function removeOrganizationAdmin(personId, organizationId){
const transaction = await knex.transaction();
async function removeOrganizationAdmin (personId, organizationId) {
const transaction = await knex.transaction();
// We lock the table to ensure that we won't have concurrency issues
// while checking remainingAdministrators.
// TODO: Understand whether a lock on the table is really necessary
await transaction.raw('LOCK TABLE "OrganizationAdministrator" IN SHARE MODE');
// We lock the table to ensure that we won't have concurrency issues
// while checking remainingAdministrators.
// TODO: Understand whether a lock on the table is really necessary
await transaction.raw('LOCK TABLE "OrganizationAdministrator" IN SHARE MODE');
await transaction('OrganizationAdministrator')
.where('id_person', personId)
.where('id_organization', organizationId)
await transaction('OrganizationAdministrator')
.where('id_person', personId)
.where('id_organization', organizationId)
.del();
// TODO: If the user instead deletes their entire profile, the organization will not be deleted. Fix. (database schema)
const remainingAdministrators = await transaction('OrganizationAdministrator')
.where({ id_organization: organizationId });
if (remainingAdministrators.length === 0) {
// If no more users, delete the organization
await transaction('Organization')
.where('id', organizationId)
.del();
}
// TODO: If the user instead deletes their entire profile, the organization will not be deleted. Fix. (database schema)
const remainingAdministrators = await transaction('OrganizationAdministrator')
.where({ id_organization: organizationId });
if (remainingAdministrators.length === 0) {
// If no more users, delete the organization
await transaction('Organization')
.where('id', organizationId)
.del();
}
await transaction.commit();
await transaction.commit();
}
module.exports = {
isPersonAdmin,
addOrganizationAdministrator,
removeOrganizationAdmin
};
isPersonAdmin,
addOrganizationAdministrator,
removeOrganizationAdmin
};

104
backend/apis/nodejs/src/models/organization_model.js
View File

@ -21,14 +21,14 @@ const knex = require('../utils/knex_config');
* @param {*} is_hiring
* @returns
*/
function organization(name, location, description, is_hiring){
const organization = {
name: name,
location: location,
description: description,
is_hiring: is_hiring
};
return organization;
function organization (name, location, description, is_hiring) {
const organization = {
name,
location,
description,
is_hiring
};
return organization;
}
/**
@ -36,7 +36,7 @@ function organization(name, location, description, is_hiring){
* @param {*} id
* @returns
*/
async function getOrganizationById(id){
async function getOrganizationById (id) {
const organization = await knex('Organization')
.where('id', id)
.select('*')
@ -48,19 +48,19 @@ async function getOrganizationById(id){
* Insert an Organization and its relative Administrator
* @param {*} organization
*/
async function insertOrganization(organization, organizationAdministratorId){
await knex.transaction(async (trx) => {
// We have to insert either both in Organization and in OrganizationAdministrator
// or in neither
const organizationResult = await trx('Organization')
.insert(organization, '*');
async function insertOrganization (organization, organizationAdministratorId) {
await knex.transaction(async (trx) => {
// We have to insert either both in Organization and in OrganizationAdministrator
// or in neither
const organizationResult = await trx('Organization')
.insert(organization, '*');
// Inserting in the "OrganizationAdministrator" table
await trx('OrganizationAdministrator')
.insert({
id_person: organizationAdministratorId,
id_organization: organizationResult[0].id,
});
// Inserting in the "OrganizationAdministrator" table
await trx('OrganizationAdministrator')
.insert({
id_person: organizationAdministratorId,
id_organization: organizationResult[0].id
});
});
}
@ -72,43 +72,43 @@ async function insertOrganization(organization, organizationAdministratorId){
* @param {*} personId
* @returns true if the row was updated, false otherwise
*/
async function updateOrganizationIfAdministrator(organization, organizationId, personId){
// // const isOrganizationAdmin = await knex('OrganizationAdministrator')
// // .where('id_person', req.jwt.person_id)
// // .where('id_organization', req.params.id)
// // .select('*')
// // .first();
async function updateOrganizationIfAdministrator (organization, organizationId, personId) {
// // const isOrganizationAdmin = await knex('OrganizationAdministrator')
// // .where('id_person', req.jwt.person_id)
// // .where('id_organization', req.params.id)
// // .select('*')
// // .first();
// // // This introduces a Time of check Time of use weakeness
// // // which could'have been fixed by either
// // // 1) Using "whereExists", thanks to the "it's easier to ask for
// // // forgiveness than for permission" padarigm. Or,
// // // 2) Using a serializable transaction.
// // //
// // // The undersigned chose not to follow these approaches because
// // // this does not introduces any serious vulnerability. In this
// // // way it seems more readable.
// // // This introduces a Time of check Time of use weakeness
// // // which could'have been fixed by either
// // // 1) Using "whereExists", thanks to the "it's easier to ask for
// // // forgiveness than for permission" padarigm. Or,
// // // 2) Using a serializable transaction.
// // //
// // // The undersigned chose not to follow these approaches because
// // // this does not introduces any serious vulnerability. In this
// // // way it seems more readable.
// // if(!isOrganizationAdmin){
// // return res.status(403).json({error : "Forbidden"});
// // }
// // if(!isOrganizationAdmin){
// // return res.status(403).json({error : "Forbidden"});
// // }
// // await knex('Organization')
// // .where('id', req.params.id)
// // .update({
// // name: req.body.name,
// // location: req.body.location,
// // description: req.body.description,
// // is_hiring: req.body.is_hiring
// // });
// // await knex('Organization')
// // .where('id', req.params.id)
// // .update({
// // name: req.body.name,
// // location: req.body.location,
// // description: req.body.description,
// // is_hiring: req.body.is_hiring
// // });
const numberOfUpdatedRows = await knex('Organization')
.where('id', organizationId)
.whereExists(function(){
.whereExists(function () {
this.select('*')
.from('OrganizationAdministrator')
.where('id_person', personId)
.where('id_organization', organizationId)
.where('id_organization', organizationId);
})
.update(organization);
return numberOfUpdatedRows == 1;
@ -121,14 +121,14 @@ async function updateOrganizationIfAdministrator(organization, organizationId, p
* @param {*} personId PersonId of the supposedly administrator
* @returns true if the Organization was successfully deleted, false otherwise
*/
async function deleteOrganizationIfAdmin(organizationId, personId){
async function deleteOrganizationIfAdmin (organizationId, personId) {
const numberOfDeletedRows = await knex('Organization')
.where({ id: organizationId })
.whereExists(function(){
.whereExists(function () {
this.select('*')
.from('OrganizationAdministrator')
.where('id_person', personId)
.where('id_organization', organizationId)
.where('id_organization', organizationId);
})
.del();
return numberOfDeletedRows == 1;

137
backend/apis/nodejs/src/models/person_model.js
View File

@ -25,17 +25,17 @@ const bcrypt = require('bcrypt');
* @param {*} place_of_living
* @returns
*/
function person(email, password, display_name, date_of_birth, available, enabled, place_of_living) {
const person = {
email: email.toLowerCase(),
password: password,
display_name: display_name,
date_of_birth: date_of_birth,
available: available,
enabled: enabled,
place_of_living: place_of_living
};
return person;
function person (email, password, display_name, date_of_birth, available, enabled, place_of_living) {
const person = {
email: email.toLowerCase(),
password,
display_name,
date_of_birth,
available,
enabled,
place_of_living
};
return person;
}
/**
@ -43,10 +43,10 @@ function person(email, password, display_name, date_of_birth, available, enabled
* @param {*} email email to look the Person for
* @returns the Person object
*/
async function getPersonByEmail(email){
return await knex('Person')
.where('email', email.toLowerCase())
.first();
async function getPersonByEmail (email) {
return await knex('Person')
.where('email', email.toLowerCase())
.first();
}
/**
@ -54,11 +54,11 @@ async function getPersonByEmail(email){
* @param {*} id - The id to look the person for
* @returns
*/
async function getPersonById(id){
return await knex('Person')
.select('*')
.where({ id: id })
.first();
async function getPersonById (id) {
return await knex('Person')
.select('*')
.where({ id })
.first();
}
/**
@ -67,27 +67,27 @@ async function getPersonById(id){
* @param {*} person A Person object
* @param {*} activationLink the activationLink identifier
*/
async function registerPerson(person, activationLink){
// We need to insert either both in the "Person" table
// and in the "ActivationLink" one, or in neither
await knex.transaction(async (tr) => {
const personIdResult = await tr('Person')
.insert({
email: person.email.toLowerCase(),
password: person.password,
display_name: person.display_name,
date_of_birth: person.date_of_birth,
available: person.available,
enabled: person.enabled,
place_of_living: person.place_of_living
})
.returning("id");
await tr('ActivationLink')
.insert({
person_id: personIdResult[0].id,
identifier: activationLink
});
});
async function registerPerson (person, activationLink) {
// We need to insert either both in the "Person" table
// and in the "ActivationLink" one, or in neither
await knex.transaction(async (tr) => {
const personIdResult = await tr('Person')
.insert({
email: person.email.toLowerCase(),
password: person.password,
display_name: person.display_name,
date_of_birth: person.date_of_birth,
available: person.available,
enabled: person.enabled,
place_of_living: person.place_of_living
})
.returning('id');
await tr('ActivationLink')
.insert({
person_id: personIdResult[0].id,
identifier: activationLink
});
});
}
/**
@ -97,20 +97,20 @@ async function registerPerson(person, activationLink){
* @param {*} password
* @returns
*/
async function getPersonByEmailAndPassword(email, password){
const person = await knex('Person')
.where('email', email.toLowerCase())
.where('enabled', true)
.select('*')
.first();
async function getPersonByEmailAndPassword (email, password) {
const person = await knex('Person')
.where('email', email.toLowerCase())
.where('enabled', true)
.select('*')
.first();
if(person){
const passwordMatches = await bcrypt.compare(password, person.password);
if (passwordMatches) {
return person;
}
if (person) {
const passwordMatches = await bcrypt.compare(password, person.password);
if (passwordMatches) {
return person;
}
return null;
}
return null;
}
/**
@ -118,32 +118,31 @@ async function getPersonByEmailAndPassword(email, password){
* @param {*} person The Person to update
* @param {*} person_id The database id of the Person to update
*/
async function updatePerson(person, person_id){
await knex('Person')
.where('id', person_id)
.update(person);
async function updatePerson (person, person_id) {
await knex('Person')
.where('id', person_id)
.update(person);
}
/**
* Deletes a Person specified by its database id.
* @param {*} person_id
*/
async function deletePerson(person_id){
await knex('Person')
.where({id : person_id})
.del();
async function deletePerson (person_id) {
await knex('Person')
.where({ id: person_id })
.del();
}
// Exporting a function
// means making a JavaScript function defined in one
// module available for use in another module.
module.exports = {
person,
getPersonByEmail,
getPersonById,
getPersonByEmailAndPassword,
registerPerson,
updatePerson,
deletePerson
person,
getPersonByEmail,
getPersonById,
getPersonByEmailAndPassword,
registerPerson,
updatePerson,
deletePerson
};

62
backend/apis/nodejs/src/routes/organization_admin_routes.js
View File

@ -22,29 +22,27 @@ const organization_admin_model = require('../models/organization_admin_model');
*
* Required field(s): organization_id, person_id
*/
async function addOrganizationAdmin(req, res){
async function addOrganizationAdmin (req, res) {
// Ensure that the required fields are present before proceeding
if (!req.body.organization_id || !req.body.person_id) {
return res.status(400).json({ error: 'Invalid request' });
}
// Ensure that the required fields are present before proceeding
if (!req.body.organization_id || !req.body.person_id) {
return res.status(400).json({ error : "Invalid request"});
}
try {
const isPersonAdmin = await organization_admin_model.isPersonAdmin(req.jwt.person_id, req.body.organization_id);
// TOC/TOU
if(!isPersonAdmin){
return res.status(401).json({error : "Forbidden"});
}
await organization_admin_model.addOrganizationAdministrator(req.body.person_id, req.body.organization_id);
return res.status(200).json({success : true});
}
catch (error) {
console.error('Error while adding organization admin: ' + error);
res.status(500).json({error : "Internal server error"});
try {
const isPersonAdmin = await organization_admin_model.isPersonAdmin(req.jwt.person_id, req.body.organization_id);
// TOC/TOU
if (!isPersonAdmin) {
return res.status(401).json({ error: 'Forbidden' });
}
await organization_admin_model.addOrganizationAdministrator(req.body.person_id, req.body.organization_id);
return res.status(200).json({ success: true });
} catch (error) {
console.error('Error while adding organization admin: ' + error);
res.status(500).json({ error: 'Internal server error' });
}
}
/**
/**
* DELETE Request
*
* Deletes a Person from the list of Administrators of an Organization.
@ -53,21 +51,19 @@ async function addOrganizationAdmin(req, res){
*
* Required field(s): organization_id
*/
async function removeOrganizationAdmin(req, res){
async function removeOrganizationAdmin (req, res) {
// Ensure that the required fields are present before proceeding
if (!req.body.organization_id) {
return res.status(400).json({ error: 'Invalid request' });
}
// Ensure that the required fields are present before proceeding
if (!req.body.organization_id) {
return res.status(400).json({ error : "Invalid request"});
}
try{
await organization_admin_model.removeOrganizationAdmin(req.jwt.person_id, req.body.organization_id);
return res.status(200).json({success : true});
}
catch (error){
console.error(error);
return res.status(500).json({ error: "Internal server error"});
}
try {
await organization_admin_model.removeOrganizationAdmin(req.jwt.person_id, req.body.organization_id);
return res.status(200).json({ success: true });
} catch (error) {
console.error(error);
return res.status(500).json({ error: 'Internal server error' });
}
}
module.exports = {

73
backend/apis/nodejs/src/routes/organization_post_routes.js
View File

@ -21,41 +21,39 @@ const knex = require('../utils/knex_config');
* Required field(s): organization_id, content
* @returns the inserted Post
*/
async function createOrganizationPost(req, res){
async function createOrganizationPost (req, res) {
// Ensure that the required fields are present before proceeding
if (!req.body.organization_id || !req.body.content) {
return res.status(400).json({ error: 'Invalid request' });
}
// Ensure that the required fields are present before proceeding
if (!req.body.organization_id || !req.body.content) {
return res.status(400).json({ error : "Invalid request"});
}
try {
// Check if the current user is a organization's administrator
const isOrganizationAdmin = await knex('OrganizationAdministrator')
try {
// Check if the current user is a organization's administrator
const isOrganizationAdmin = await knex('OrganizationAdministrator')
.where('id_person', req.jwt.person_id)
.where('id_organization', req.body.organization_id)
.select('*')
.first();
// Non-exploitable TOC/TOU weakness
// For more information https://softwareengineering.stackexchange.com/questions/451038/when-should-i-be-worried-of-time-of-check-time-of-use-vulnerabilities-during-dat
if(!isOrganizationAdmin){
return res.status(403).json({error : "Forbidden"});
}
// Non-exploitable TOC/TOU weakness
// For more information https://softwareengineering.stackexchange.com/questions/451038/when-should-i-be-worried-of-time-of-check-time-of-use-vulnerabilities-during-dat
if (!isOrganizationAdmin) {
return res.status(403).json({ error: 'Forbidden' });
}
const organizationPost = await knex('OrganizationPost')
const organizationPost = await knex('OrganizationPost')
.insert({
organization_id: req.body.organization_id,
content: req.body.content,
original_author: req.jwt.person_id
})
.returning('*');
return res.status(200).json(organizationPost[0]);
}
catch (error) {
console.log("Error while creating Organization Post: " + error);
return res.status(500).json({error : "Internal server error"});
}
return res.status(200).json(organizationPost[0]);
} catch (error) {
console.log('Error while creating Organization Post: ' + error);
return res.status(500).json({ error: 'Internal server error' });
}
}
/**
* DELETE Request
@ -65,11 +63,10 @@ async function createOrganizationPost(req, res){
*
* Required field(s): none.
*/
async function deleteOrganizationPost(req, res){
async function deleteOrganizationPost (req, res) {
const organizationPostIdToDelete = req.params.id;
try{
try {
const isOrganizationAdmin = await knex('OrganizationPost')
.join('OrganizationAdministrator', 'OrganizationPost.organization_id', 'OrganizationAdministrator.id_organization')
.where('OrganizationPost.id', organizationPostIdToDelete)
@ -77,20 +74,18 @@ async function deleteOrganizationPost(req, res){
.select('*')
.first();
// Unexploitable TOC/TOU
if(isOrganizationAdmin){
await knex('OrganizationPost')
.where('id', organizationPostIdToDelete)
.del();
return res.status(200).json({success : true});
}
else{
return res.status(401).json({error : "Forbidden"});
}
}
catch (error) {
// Unexploitable TOC/TOU
if (isOrganizationAdmin) {
await knex('OrganizationPost')
.where('id', organizationPostIdToDelete)
.del();
return res.status(200).json({ success: true });
} else {
return res.status(401).json({ error: 'Forbidden' });
}
} catch (error) {
console.log(error);
res.status(500).json({error : "Internal server error"});
res.status(500).json({ error: 'Internal server error' });
}
}
@ -98,6 +93,6 @@ async function deleteOrganizationPost(req, res){
// means making a JavaScript function defined in one
// module available for use in another module.
module.exports = {
createOrganizationPost,
deleteOrganizationPost
createOrganizationPost,
deleteOrganizationPost
};

72
backend/apis/nodejs/src/routes/organization_routes.js
View File

@ -22,21 +22,19 @@ const organization_model = require('../models/organization_model');
*
* @returns the inserted organization
*/
async function createOrganization(req, res){
async function createOrganization (req, res) {
// Ensure that the required fields are present before proceeding
if (!req.body.name) {
return res.status(400).json({ error : "Invalid request"});
return res.status(400).json({ error: 'Invalid request' });
}
try{
try {
const organization = organization_model.organization(req.body.name, req.body.location, req.body.description, req.body.is_hiring);
await organization_model.insertOrganization(organization, req.jwt.person_id);
return res.status(200).json({ Organization: organization });
}
catch (error){
} catch (error) {
console.error('Error creating Organization:', error);
res.status(500).json({error : "Internal server error"});
res.status(500).json({ error: 'Internal server error' });
}
}
@ -46,42 +44,39 @@ async function createOrganization(req, res){
*
* Required field(s): none.
*/
async function updateOrganization(req, res){
async function updateOrganization (req, res) {
const updateOrganization = {};
if(req.body.name){
if (req.body.name) {
updateOrganization.name = req.body.name;
}
if(req.body.location){
if (req.body.location) {
updateOrganization.location = req.body.location;
}
if(req.body.description){
if (req.body.description) {
updateOrganization.description = req.body.description;
}
if(req.body.is_hiring){
if (req.body.is_hiring) {
updateOrganization.is_hiring = req.body.is_hiring;
}
if (Object.keys(updateOrganization).length === 0) {
return res.status(400).json({ error : "Bad request. No data to update"});
return res.status(400).json({ error: 'Bad request. No data to update' });
}
try {
const isUpdateSuccessful = organization_model.updateOrganizationIfAdministrator(updateOrganization, req.params.id, req.jwt.person_id);
if(isUpdateSuccessful){
return res.status(200).json({ success : "true"});
if (isUpdateSuccessful) {
return res.status(200).json({ success: 'true' });
} else {
return res.status(404).json({ error: 'Organization either not found or insufficient permissions' });
}
else{
return res.status(404).json({error : "Organization either not found or insufficient permissions"});
}
}
catch (error) {
} catch (error) {
console.log(error);
return res.status(500).json({error : "Internal server error"});
return res.status(500).json({ error: 'Internal server error' });
}
}
@ -91,19 +86,17 @@ async function updateOrganization(req, res){
* Deletes the specified organization if the logged user is
* one of its administrator
*/
async function deleteOrganization(req, res){
async function deleteOrganization (req, res) {
try {
const isDeleteSuccessful = organization_model.deleteOrganizationIfAdmin(req.params.id, req.jwt.person_id);
if(isDeleteSuccessful){
return res.status(403).json({error: "Forbidden"});
if (isDeleteSuccessful) {
return res.status(403).json({ error: 'Forbidden' });
} else {
return res.status(200).json({ success: true });
}
else{
return res.status(200).json({success: true});
}
}
catch (error) {
} catch (error) {
console.error(error);
return res.status(500).json({error : "Internal server error"});
return res.status(500).json({ error: 'Internal server error' });
}
}
@ -116,19 +109,17 @@ async function deleteOrganization(req, res){
*
* @returns the organization.
*/
async function getOrganization(req, res){
async function getOrganization (req, res) {
try {
const organization = await organization_model.getOrganizationById(req.params.id);
if(organization) {
if (organization) {
return res.status(200).json(organization);
} else {
return res.status(404).json({ error: 'Not found' });
}
else{
return res.status(404).json({error : "Not found"});
}
}
catch (error) {
console.error("Error retrieving an organization: " + error);
return res.status(500).json({error : "Internal server error"});
} catch (error) {
console.error('Error retrieving an organization: ' + error);
return res.status(500).json({ error: 'Internal server error' });
}
}
@ -138,4 +129,3 @@ module.exports = {
updateOrganization,
deleteOrganization
};

151
backend/apis/nodejs/src/routes/person_routes.js
View File

@ -27,18 +27,17 @@ const person_model = require('../models/person_model');
*
* @returns The activationlink identifier
*/
async function registerPerson(req, res){
async function registerPerson (req, res) {
// Does this server allow users to register?
if (process.env.ALLOW_USER_REGISTRATION === 'false'){
return res.status(403).json({error : "Users cannot register on this server"});
if (process.env.ALLOW_USER_REGISTRATION === 'false') {
return res.status(403).json({ error: 'Users cannot register on this server' });
}
// Ensure that the required fields are present before proceeding
if (!req.body.display_name || !req.body.email || !req.body.password) {
return res.status(400).json({ error : "Some or all required fields are missing"});
return res.status(400).json({ error: 'Some or all required fields are missing' });
}
if(!validator.validateEmail(req.body.email)){
return res.status(400).json({ error : "The email is not in a valid format"});
if (!validator.validateEmail(req.body.email)) {
return res.status(400).json({ error: 'The email is not in a valid format' });
}
// Generate activation link token
@ -46,11 +45,11 @@ async function registerPerson(req, res){
// Hash provided password
const hashPasswordPromise = bcrypt.hash(req.body.password, 10);
try{
try {
// Check whether e-mail exists already (enforced by database constraints)
const existingUser = await person_model.getPersonByEmail(req.body.email);
if(existingUser){
return res.status(409).json({ error: "E-mail already in use" });
if (existingUser) {
return res.status(409).json({ error: 'E-mail already in use' });
}
const personToInsert = person_model.person(
req.body.email,
@ -61,11 +60,10 @@ async function registerPerson(req, res){
true,
req.body.place_of_living);
await person_model.registerPerson(personToInsert, activationLink);
return res.status(200).json({ activationLink: activationLink });
}
catch (error){
return res.status(200).json({ activationLink });
} catch (error) {
console.error('Error registering person:', error);
res.status(500).json({error : "Internal server error"});
res.status(500).json({ error: 'Internal server error' });
}
}
@ -79,25 +77,23 @@ async function registerPerson(req, res){
*
* @returns The token
*/
async function login(req, res){
async function login (req, res) {
// Ensure that the required fields are present before proceeding
if (!req.body.email || !req.body.password) {
return res.status(400).json({error : "Invalid request"});
return res.status(400).json({ error: 'Invalid request' });
}
try{
try {
const person = await person_model.getPersonByEmailAndPassword(req.body.email, req.body.password);
if (person){
if (person) {
const token = jwt_utils.generateToken(person.id);
res.status(200).json({token: token });
res.status(200).json({ token });
} else {
res.status(401).json({ error: 'Unauthorized' });
}
else{
res.status(401).json({error : "Unauthorized"});
}
} catch(error){
} catch (error) {
console.error('Error logging in: ', error);
res.status(500).json({error : "Internal server error"});
res.status(500).json({ error: 'Internal server error' });
}
}
@ -110,21 +106,20 @@ async function login(req, res){
*
* @returns The Person
*/
async function getPerson(req, res){
async function getPerson (req, res) {
try {
const person = await person_model.getPersonById(req.params.id);
if(person){
if (person) {
// I am retrieving either myself or an enabled user
if(person.id == req.jwt.person_id || person.enabled){
delete person['password']; // remove password field for security reasons
if (person.id == req.jwt.person_id || person.enabled) {
delete person.password; // remove password field for security reasons
return res.status(200).send(person);
}
}
return res.status(404).json({error: "Not found"});
}
catch (error) {
console.log("Error while getting person: " + error);
return res.status(500).json({error : "Internal server error"});
return res.status(404).json({ error: 'Not found' });
} catch (error) {
console.log('Error while getting person: ' + error);
return res.status(500).json({ error: 'Internal server error' });
}
}
@ -136,18 +131,17 @@ async function getPerson(req, res){
*
* @returns Person's details
*/
async function getMyself(req, res){
try{
async function getMyself (req, res) {
try {
const person = await person_model.getPersonById(req.jwt.person_id);
if(person){
delete person['password'];
if (person) {
delete person.password;
return res.status(200).send(person);
}
return res.status(404).json({error: "Not found"});
}
catch (error){
console.log("Error while getting myself: " + error);
return res.status(500).json({error : "Internal server error"});
return res.status(404).json({ error: 'Not found' });
} catch (error) {
console.log('Error while getting myself: ' + error);
return res.status(500).json({ error: 'Internal server error' });
}
}
@ -161,61 +155,57 @@ async function getMyself(req, res){
* new_password if updating the password.
*
*/
async function updatePerson(req, res){
if (req.jwt.person_id != req.params.id){
return res.status(403).json({ error : "Forbidden"});
async function updatePerson (req, res) {
if (req.jwt.person_id != req.params.id) {
return res.status(403).json({ error: 'Forbidden' });
}
const updatePerson = {};
if(req.body.display_name){
if (req.body.display_name) {
updatePerson.display_name = req.body.display_name;
}
if(req.body.date_of_birth){
if(validator.isPostgresDateFormatValid(req.body.date_of_birth)){
if (req.body.date_of_birth) {
if (validator.isPostgresDateFormatValid(req.body.date_of_birth)) {
updatePerson.date_of_birth = req.body.date_of_birth;
}
else{
return res.status(400).json({ error : "Date of birth format not valid. Please specify a YYYY-MM-DD date"});
} else {
return res.status(400).json({ error: 'Date of birth format not valid. Please specify a YYYY-MM-DD date' });
}
}
if(req.body.available){
if (req.body.available) {
updatePerson.available = req.body.available;
}
if(req.body.place_of_living){
if (req.body.place_of_living) {
updatePerson.place_of_living = req.body.place_of_living;
}
// If we are tying to change password, the old password must be provided
if(req.body.old_password && req.body.new_password){
if (req.body.old_password && req.body.new_password) {
const user = await knex('Person')
.select('password')
.where({ id: req.jwt.person_id })
.first();
const passwordMatches = await bcrypt.compare(req.body.old_password, user.password);
if(passwordMatches){
updatePerson.password = await bcrypt.hash(req.body.new_password, 10);
}
else{
return res.status(401).json({ error : "Password verification failed"});
}
const passwordMatches = await bcrypt.compare(req.body.old_password, user.password);
if (passwordMatches) {
updatePerson.password = await bcrypt.hash(req.body.new_password, 10);
} else {
return res.status(401).json({ error: 'Password verification failed' });
}
}
if (Object.keys(updatePerson).length === 0) {
return res.status(400).json({ error : "Bad request. No data to update"});
return res.status(400).json({ error: 'Bad request. No data to update' });
}
try {
await person_model.updatePerson(updatePerson, req.params.id);
return res.status(200).json({ success : "true"});
}
catch (error) {
console.log("Error while updating a Person: " + error);
return res.status(500).json({ error : "Internal server error"});
return res.status(200).json({ success: 'true' });
} catch (error) {
console.log('Error while updating a Person: ' + error);
return res.status(500).json({ error: 'Internal server error' });
}
}
@ -228,15 +218,14 @@ async function updatePerson(req, res){
* Required field(s): none
*
*/
async function deletePerson(req, res) {
async function deletePerson (req, res) {
// TODO: Delete Organization if this user was its only administrator
try {
await person_model.deletePerson(req.jwt.person_id);
return res.status(200).json({success: true});
}
catch (error) {
console.log("Error deleting a Person: " + error);
return res.status(500).json({error : "Internal server error"});
return res.status(200).json({ success: true });
} catch (error) {
console.log('Error deleting a Person: ' + error);
return res.status(500).json({ error: 'Internal server error' });
}
}
@ -244,10 +233,10 @@ async function deletePerson(req, res) {
// means making a JavaScript function defined in one
// module available for use in another module.
module.exports = {
registerPerson,
login,
getPerson,
getMyself,
updatePerson,
deletePerson
registerPerson,
login,
getPerson,
getMyself,
updatePerson,
deletePerson
};

58
backend/apis/nodejs/src/utils/jwt_utils.js
View File

@ -13,39 +13,39 @@
const jwt = require('jsonwebtoken');
function generateToken(person_id) {
// The payload the JWT will carry within itself
const payload = {
person_id: person_id
};
function generateToken (person_id) {
// The payload the JWT will carry within itself
const payload = {
person_id
};
const token = jwt.sign(payload, process.env.JWT_SECRET_KEY, {
expiresIn: '8h'
});
return token;
const token = jwt.sign(payload, process.env.JWT_SECRET_KEY, {
expiresIn: '8h'
});
return token;
}
// Middlware
function verifyToken (req, res, next) {
const token = req.headers.authorization;
if (!token) {
return res.status(401).send({ error: 'No token provided' });
}
// Middlware
function verifyToken(req, res, next) {
const token = req.headers.authorization;
if (!token) {
return res.status(401).send({error : 'No token provided'});
jwt.verify(token, process.env.JWT_SECRET_KEY, (err, decoded) => {
if (err) {
return res.status(401).send({ error: 'Failed to authenticate token' });
}
jwt.verify(token, process.env.JWT_SECRET_KEY, (err, decoded) => {
if (err) {
return res.status(401).send({error : 'Failed to authenticate token'});
}
// If the token is valid, store the decoded data in the request object
// req.jwt will contain the payload created in generateToken
req.jwt = decoded;
next();
});
}
// If the token is valid, store the decoded data in the request object
// req.jwt will contain the payload created in generateToken
req.jwt = decoded;
next();
});
}
module.exports = {
generateToken,
verifyToken
module.exports = {
generateToken,
verifyToken
};

20
backend/apis/nodejs/src/utils/knex_config.js
View File

@ -12,14 +12,14 @@
*/
const knexInstance = require('knex')({
client: 'pg',
connection: {
host: process.env.POSTGRES_SERVER,
user: process.env.POSTGRES_USERNAME,
password: process.env.POSTGRES_PASSWORD,
port: process.env.POSTGRES_PORT,
database: 'Blink'
}
});
client: 'pg',
connection: {
host: process.env.POSTGRES_SERVER,
user: process.env.POSTGRES_USERNAME,
password: process.env.POSTGRES_PASSWORD,
port: process.env.POSTGRES_PORT,
database: 'Blink'
}
});
module.exports = knexInstance;
module.exports = knexInstance;

16
backend/apis/nodejs/src/utils/validation.js
View File

@ -16,9 +16,9 @@
* @param {*} email email to validate
* @returns true or false
*/
function validateEmail(email) {
const regex = /^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$/;
return regex.test(email);
function validateEmail (email) {
const regex = /^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$/;
return regex.test(email);
}
/**
@ -27,12 +27,12 @@ function validateEmail(email) {
* @param {*} dateString the date to validate
* @returns true or false
*/
function isPostgresDateFormatValid(dateString) {
const regex = /^\d{4}-\d{2}-\d{2}$/;
return regex.test(dateString);
function isPostgresDateFormatValid (dateString) {
const regex = /^\d{4}-\d{2}-\d{2}$/;
return regex.test(dateString);
}
module.exports = {
validateEmail,
isPostgresDateFormatValid
validateEmail,
isPostgresDateFormatValid
};

24
backend/apis/nodejs/tests/person.test.js
View File

@ -7,24 +7,24 @@ require('dotenv').config({ path: '../src/.env' });
describe('Person Tests', () => {
test('Correct registration', async () => {
const response = await request(app)
.post('/api/register')
.send({
email : "johntestdoe@mail.org",
password : "password",
display_name : "John Doe"
})
.post('/api/register')
.send({
email: 'johntestdoe@mail.org',
password: 'password',
display_name: 'John Doe'
});
expect(response.status).toBe(200);
expect(response.body).toEqual({ activationLink: expect.any(String) });
});
test('Incorrect registration', async () => {
const response = await request(app)
.post('/api/register')
.send({
email : "this is not an email",
password : "password",
display_name : "John Doe"
})
.post('/api/register')
.send({
email: 'this is not an email',
password: 'password',
display_name: 'John Doe'
});
expect(response.status).toBe(400);
});
});

2
frontend/vanilla/constants.js
View File

@ -1 +1 @@
const apiUrl = "http://localhost:3000/blinkapi";
const apiUrl = 'http://localhost:3000/blinkapi';

45
tutorials/0_callbacks.js
View File

@ -1,31 +1,28 @@
// https://javascript.info/callbacks
function execute_action(param, callback){
if(param == "something"){
console.log("Executing action: " + param);
callback(null, Date.now());
}
else{
// We can call callback with one argument even if
// the signature states two parameters
callback(new Error("Invalid parameter"))
}
function execute_action (param, callback) {
if (param == 'something') {
console.log('Executing action: ' + param);
callback(null, Date.now());
} else {
// We can call callback with one argument even if
// the signature states two parameters
callback(new Error('Invalid parameter'));
}
}
function entryPoint(){
/* ===== Begin Simple callback ===== */
function entryPoint () {
/* ===== Begin Simple callback ===== */
execute_action("something", function (error, time_of_completion){
if(error){
console.log("Something happened");
}
else{
console.log("Time of completion: " + new Date(time_of_completion).toDateString());
}
});
console.log("I started here!");
/*
execute_action('something', function (error, time_of_completion) {
if (error) {
console.log('Something happened');
} else {
console.log('Time of completion: ' + new Date(time_of_completion).toDateString());
}
});
console.log('I started here!');
/*
Ciò è utile se ad esempio execute_action fa operazioni lente (ad esempio
scrittura su database, connessioni HTTP ecc..) ma abbiamo bisogno
del suo valore di ritorno per continuare una determinata operazione
@ -38,7 +35,7 @@ function entryPoint(){
comprendere le basi di questo meccanismo.
*/
/* ===== End Simple Callback ===== */
/* ===== End Simple Callback ===== */
}
entryPoint();

16
tutorials/1_promises.js
View File

@ -10,24 +10,24 @@
Remember that Promises are not intrensically asyncronous
*/
let promise = new Promise(function(resolve, reject) {
setTimeout(() => resolve("done"), 500);
});
const promise = new Promise(function (resolve, reject) {
setTimeout(() => resolve('done'), 500);
});
/*
The first argument of .then is a function that runs when the promise is resolved and receives the result.
The second argument of .then is a function that runs when the promise is rejected and receives the error.
*/
promise.then(
result => console.log("The operation was successful. It returned " + result),
error => console.log("The operation was not successful: " + error)
result => console.log('The operation was successful. It returned ' + result),
error => console.log('The operation was not successful: ' + error)
);
/*
Or we can pass only one argument if we're interested only in a positive result
*/
promise.then(
result => console.log("The operation was successful. It returned " + result)
result => console.log('The operation was successful. It returned ' + result)
);
/*
@ -37,12 +37,12 @@ promise.then(
promise.catch internally just calls promise.then(null, f)
*/
promise.catch(
error => console.log(error)
error => console.log(error)
);
/*
finally gets always called
*/
promise.finally(
() => console.log("The execution has terminated. Bye")
() => console.log('The execution has terminated. Bye')
);

36
tutorials/2_promise_chaining.js
View File

@ -3,26 +3,18 @@
// .then() returns a new Promise when you do "return",
// internally calling resolve().
new Promise(function(resolve, reject) {
setTimeout(() => resolve(1), 1);
}).then(function(result) {
console.log(result);
return result * 2;
}).then(function(result) {
console.log(result);
return result * 2;
}).then(function(result) {
console.log(result);
return result * 2;
});
new Promise(function (resolve, reject) {
setTimeout(() => resolve(1), 1);
}).then(function (result) {
console.log(result);
return result * 2;
}).then(function (result) {
console.log(result);
return result * 2;
}).then(function (result) {
console.log(result);
return result * 2;
});
/*
It will print
@ -45,12 +37,12 @@ new Promise(function(resolve, reject) {
fetch('http://www.fsf.org')
// .then below runs when the remote server responds
.then(function(response) {
.then(function (response) {
// response.text() returns a new promise that resolves with the full response text
// when it loads
return response.text();
})
.then(function(text) {
.then(function (text) {
// ...and here's the content of the remote file
console.log(text);
});

87
tutorials/3_async-await.js
View File

@ -3,63 +3,62 @@
// A async function always returns a promise. Other values are wrapped in a resolved promise automatically.
// Async e Await sono solo "sintassi zuccherina" per rendere l'utilizzo delle Promise più semplice
async function f1() {
return 1;
}
async function f1 () {
return 1;
}
f1().then(console.log); // 1
f1().then(console.log); // 1
// The keyword await makes JavaScript wait until that promise settles and returns its result.
// It can be used in async functions only
// Lets emphasize: await literally suspends the function execution until the promise settles,
// and then resumes it with the promise result.
async function f2() {
let promise = new Promise((resolve, reject) => {
setTimeout(() => resolve("done!"), 1000)
async function f2 () {
const promise = new Promise((resolve, reject) => {
setTimeout(() => resolve('done!'), 1000);
});
let result = await promise; // wait until the promise resolves (*)
const result = await promise; // wait until the promise resolves (*)
console.log(result); // "done!"
}
f2();
f2();
// Tutto il codice nella stessa funzione (o nello stesso blocco di codice)
// dopo "await" è da considerarsi nel "then()" di una promessa. Pertanto dopo
// await (ma prima del completamento della Promise),
// il flusso di esecuzione va fuori a quel blocco di codice. Ad esempio considera
// il seguente esempio:
async function exampleAsyncFunction() {
console.log('Before await');
await new Promise(function(resolve, reject) {
setTimeout(() => resolve("done"), 500);
}); // Pauses execution here until the promise resolves.
console.log('After await');
}
// Tutto il codice nella stessa funzione (o nello stesso blocco di codice)
// dopo "await" è da considerarsi nel "then()" di una promessa. Pertanto dopo
// await (ma prima del completamento della Promise),
// il flusso di esecuzione va fuori a quel blocco di codice. Ad esempio considera
// il seguente esempio:
async function exampleAsyncFunction () {
console.log('Before await');
await new Promise(function (resolve, reject) {
setTimeout(() => resolve('done'), 500);
}); // Pauses execution here until the promise resolves.
console.log('After await');
}
console.log('Start');
exampleAsyncFunction();
console.log('End');
console.log('Start');
exampleAsyncFunction();
console.log('End');
// Il risultato sarà:
// Start, Before Await, End, After await
// Viene prima "End" e poi "After Await", perché
// dopo await, il flusso di esecuzione ritorna al
// chiamante
// Il risultato sarà:
// Start, Before Await, End, After await
// Viene prima "End" e poi "After Await", perché
// dopo await, il flusso di esecuzione ritorna al
// chiamante
// Domande
//
// Why await only works in async function in javascript?
// https://stackoverflow.com/questions/49640647/why-await-only-works-in-async-function-in-javascript
//
// Why using async-await
// https://stackoverflow.com/questions/42624647/why-use-async-when-i-have-to-use-await
//
// Si faccia presente che non è possibile creare da zero una funzione asincrona (come
// setInterval o fetch)
// https://stackoverflow.com/questions/61857274/how-to-create-custom-asynchronous-function-in-javascript
//
// Altra domanda interessante
// https://stackoverflow.com/questions/42624647/why-use-async-when-i-have-to-use-await
// Domande
//
// Why await only works in async function in javascript?
// https://stackoverflow.com/questions/49640647/why-await-only-works-in-async-function-in-javascript
//
// Why using async-await
// https://stackoverflow.com/questions/42624647/why-use-async-when-i-have-to-use-await
//
// Si faccia presente che non è possibile creare da zero una funzione asincrona (come
// setInterval o fetch)
// https://stackoverflow.com/questions/61857274/how-to-create-custom-asynchronous-function-in-javascript
//
// Altra domanda interessante
// https://stackoverflow.com/questions/42624647/why-use-async-when-i-have-to-use-await

10
tutorials/delay.js
View File

@ -3,10 +3,10 @@
The function delay(ms) should return a promise. That promise should resolve after ms milliseconds, so that we can add .then to it, like this:
*/
function delay(ms){
return new Promise(resolve => {
setTimeout(resolve, ms);
});
function delay (ms) {
return new Promise(resolve => {
setTimeout(resolve, ms);
});
}
delay(1000).then(() => console.log("Hello world!"));
delay(1000).then(() => console.log('Hello world!'));