From db8b3eea515bc791b305e2976d890b2e9d192a61 Mon Sep 17 00:00:00 2001 From: Dm1tr1y147 Date: Fri, 9 Oct 2020 17:22:20 +0500 Subject: [PATCH] Finished single form and all forms of user getting. Added resolver authentication. Some code refactors --- .gitignore | 4 +- src/controllers/auth.ts | 30 +++++++++++++++ src/controllers/form.ts | 54 ++++++++++++++++++++++++++ src/controllers/index.ts | 79 ++------------------------------------- src/controllers/types.ts | 21 +++++++++++ src/db/index.ts | 11 ++++-- src/index.ts | 8 ++-- src/resolvers/Form.ts | 42 +++++++++++++++++---- src/resolvers/User.ts | 6 ++- src/typeDefs/typeDefs.gql | 3 +- 10 files changed, 164 insertions(+), 94 deletions(-) create mode 100644 src/controllers/auth.ts create mode 100644 src/controllers/form.ts create mode 100644 src/controllers/types.ts diff --git a/.gitignore b/.gitignore index a1c0e16..cce557e 100644 --- a/.gitignore +++ b/.gitignore @@ -2,10 +2,10 @@ /build -.env.local - *.gen.ts +*.local* + npm-debug.log* yarn-debug.log* yarn-error.log* \ No newline at end of file diff --git a/src/controllers/auth.ts b/src/controllers/auth.ts new file mode 100644 index 0000000..36d484d --- /dev/null +++ b/src/controllers/auth.ts @@ -0,0 +1,30 @@ +import { PrismaClient } from "@prisma/client" + +import { getDBFormAuthor } from "../db" +import { CheckRightsAndResolve } from "./types" + +const checkRightsAndResolve: CheckRightsAndResolve = async (params) => { + const { user, expected, controller } = params + + if (!user) throw new Error("Authentication required") + + if (expected.id.self && (!expected.admin || user.admin)) return controller(user.id) + else if ( + (!expected.id.n || user.id == expected.id.n) && + (!expected.admin || user.admin) + ) + return controller() + throw new Error("Authentication error") +} + +const getFormAuthor = async (db: PrismaClient, id: number) => { + const author = await getDBFormAuthor(db, id) + + if (!author) throw Error("Not found") + + const authorId = author.author.id + + return authorId +} + +export { checkRightsAndResolve, getFormAuthor } diff --git a/src/controllers/form.ts b/src/controllers/form.ts new file mode 100644 index 0000000..bacddd0 --- /dev/null +++ b/src/controllers/form.ts @@ -0,0 +1,54 @@ +import { PrismaClient } from "@prisma/client" +import { getDBForm, getDBFormByUser } from "../db" +import { FullForm } from "../db/types" + +import { Form as GraphqlForm, FormSubmission } from "../typeDefs/typeDefs.gen" + +const getForm = async ( + db: PrismaClient, + id: number +): Promise => { + const dbForm: FullForm = await getDBForm(db, id) + + if (dbForm == null) throw new Error("Not found") + + const form: GraphqlForm = { + id: dbForm.id, + title: dbForm.title, + questions: [...dbForm.choisesQuestions, ...dbForm.inputQuestions], + dateCreated: dbForm.dateCreated.toString(), + submissions: dbForm.submissions.map((submission) => ({ + answers: submission.answers, + date: submission.date.toString(), + id: submission.id, + })), + author: dbForm.author, + } + + return form +} + +const getForms = async ( + db: PrismaClient, + userId: number +): Promise => { + const dbForms = await getDBFormByUser(db, userId) + + const forms = [ + ...dbForms.map((form) => ({ + id: form.id, + title: form.title, + questions: [...form.choisesQuestions, ...form.inputQuestions], + dateCreated: form.dateCreated.toString(), + submissions: form.submissions.map((submission) => ({ + answers: submission.answers, + date: submission.date.toString(), + id: submission.id, + })), + })), + ] + + return forms +} + +export { getForm, getForms } diff --git a/src/controllers/index.ts b/src/controllers/index.ts index 4e49217..69f7403 100644 --- a/src/controllers/index.ts +++ b/src/controllers/index.ts @@ -1,77 +1,4 @@ -import { PrismaClient } from "@prisma/client" -import { getDBForm, getDBFormAuthor, getDBFormByUser } from "../db" -import { FullForm } from "../db/types" +import { getForm, getForms } from "./form" +import { checkRightsAndResolve, getFormAuthor } from "./auth" -import { Form as GraphqlForm, FormSubmission } from "../typeDefs/typeDefs.gen" -import { JwtPayloadType } from "../types" - -const getForm = async ( - db: PrismaClient, - id?: number -): Promise => { - const dbForm: FullForm = await getDBForm(db, id) - - if (dbForm == null) throw new Error("Not found") - - const form: GraphqlForm = { - id: dbForm.id, - title: dbForm.title, - questions: [...dbForm.choisesQuestions, ...dbForm.inputQuestions], - dateCreated: dbForm.dateCreated.toString(), - submissions: dbForm.submissions.map((submission) => ({ - answers: submission.answers, - date: submission.date.toString(), - id: submission.id, - })), - } - - return form -} - -const getForms = async ( - db: PrismaClient, - userId: number -): Promise => { - const dbForms = await getDBFormByUser(db, userId) - - const forms = [ - ...dbForms.map((form) => ({ - id: form.id, - title: form.title, - questions: [...form.choisesQuestions, ...form.inputQuestions], - dateCreated: form.dateCreated.toString(), - submissions: form.submissions.map((submission) => ({ - answers: submission.answers, - date: submission.date.toString(), - id: submission.id, - })), - })), - ] - - return forms -} - -const checkRightsAndResolve = async ( - user: JwtPayloadType, - expected: JwtPayloadType, - controller: any -) => { - if ( - (!expected.id || user.id == expected.id) && - (!expected.admin || expected.admin) - ) - return controller() - throw new Error("Authentification error") -} - -const getFormAuthor = async (db: PrismaClient, id: number) => { - const author = await getDBFormAuthor(db, id) - - if (!author) throw Error("Not found") - - const authorId = author.author.id - - return authorId -} - -export { getForm, getForms, checkRightsAndResolve, getFormAuthor } +export { checkRightsAndResolve, getForm, getFormAuthor, getForms } diff --git a/src/controllers/types.ts b/src/controllers/types.ts new file mode 100644 index 0000000..27fe9f9 --- /dev/null +++ b/src/controllers/types.ts @@ -0,0 +1,21 @@ +import { JwtPayloadType } from "../types" + +type expectedType = { + id: { + n: number + self: boolean + } + admin: boolean +} + +interface ICheckRightsAndResolve { + user: JwtPayloadType | null + expected: expectedType + controller: T +} + +type CheckRightsAndResolve = ( + params: ICheckRightsAndResolve +) => Promise + +export { CheckRightsAndResolve } diff --git a/src/db/index.ts b/src/db/index.ts index 2f6976b..7b9d5c0 100644 --- a/src/db/index.ts +++ b/src/db/index.ts @@ -1,12 +1,17 @@ import { PrismaClient } from "@prisma/client" -const getDBForm = async (db: PrismaClient, id?: number) => { +const getDBForm = async (db: PrismaClient, id: number) => { return await db.form.findOne({ where: { - id: id ? id : undefined, + id, }, include: { - author: true, + author: { + select: { + id: true, + name: true, + }, + }, choisesQuestions: { include: { variants: true, diff --git a/src/index.ts b/src/index.ts index 730041e..65e59d9 100644 --- a/src/index.ts +++ b/src/index.ts @@ -1,4 +1,4 @@ -import { ApolloServer } from "apollo-server-express" +import { ApolloServer, makeExecutableSchema } from "apollo-server-express" import express from "express" import expressJwt from "express-jwt" import { PrismaClient } from "@prisma/client" @@ -18,8 +18,10 @@ app.use( ) const server = new ApolloServer({ - typeDefs, - resolvers, + schema: makeExecutableSchema({ + typeDefs, + resolvers, + }), context: async ({ req, }: { diff --git a/src/resolvers/Form.ts b/src/resolvers/Form.ts index 8d1cdab..0a43189 100644 --- a/src/resolvers/Form.ts +++ b/src/resolvers/Form.ts @@ -1,4 +1,9 @@ -import { checkRightsAndResolve, getForm, getFormAuthor, getForms } from "../controllers" +import { + checkRightsAndResolve, + getForm, + getFormAuthor, + getForms, +} from "../controllers" import { Form, QueryFormArgs, @@ -18,11 +23,17 @@ const formQuery: Resolver = async ( const getFormById = () => getForm(db, id) - return await checkRightsAndResolve( - user!, - { id: authorId, admin: false }, - getFormById - ) + return await checkRightsAndResolve({ + user, + expected: { + id: { + n: 0, + self: false, + }, + admin: false, + }, + controller: getFormById, + }) } catch (err) { return err } @@ -31,10 +42,25 @@ const formQuery: Resolver = async ( const formsQuery: Resolver = async ( _, __, - { db } + { db, user } ) => { try { - return await getForms(db, 1) + const getFormsByUserId = (userId: number) => getForms(db, userId) + + return await checkRightsAndResolve< + Form[], + (userId: number) => Promise + >({ + user, + expected: { + id: { + n: 0, + self: true, + }, + admin: false, + }, + controller: getFormsByUserId, + }) } catch (err) { return err } diff --git a/src/resolvers/User.ts b/src/resolvers/User.ts index eef7a5b..64bc14f 100644 --- a/src/resolvers/User.ts +++ b/src/resolvers/User.ts @@ -1,5 +1,9 @@ import jwt from "jsonwebtoken" -import { MutationLoginArgs, Resolver, User } from "../typeDefs/typeDefs.gen" +import { + MutationLoginArgs, + Resolver, + User, +} from "../typeDefs/typeDefs.gen" import { ApolloContextType, JwtPayloadType } from "../types" const loginResolver: Resolver< diff --git a/src/typeDefs/typeDefs.gql b/src/typeDefs/typeDefs.gql index 46740db..d2813e0 100644 --- a/src/typeDefs/typeDefs.gql +++ b/src/typeDefs/typeDefs.gql @@ -13,6 +13,7 @@ type Form { questions: [Question!]! submissions: [FormSubmission!]! dateCreated: String! + author: User } interface Question { @@ -73,6 +74,6 @@ enum AnswerType { type User { name: String! id: Int! - forms: [Form!]! + forms: [Form!] token: String }