adolforeyna/EMI-Backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance session and profile handling with validation and error handling improvements

Browse Source
This commit is contained in:
Adolfo Reyna
2025-02-27 23:12:11 -05:00
parent 606db78529
commit 56cb8b4caa
4 changed files with 235 additions and 179 deletions
Download Patch File Download Diff File Expand all files Collapse all files

182
dbTools/profile.js
View File

@@ -15,7 +15,7 @@ userDB = (DB) => {
DB.removeProfile = (profileid) => {
const _id = DB.ObjectID(profileid);
if (userProfileCache[profileid]) delete userProfileCache[profileid];
return DB.profileCols.deleteOne({_id}).catch((err)=>{
return DB.profileCols.deleteOne({ _id }).catch((err) => {
console.log(err);
return false;
});
@@ -23,7 +23,7 @@ userDB = (DB) => {
DB.updateProfile = async (profileid, profileObj) => {
let tempProfile = profileObj.toObj();
const query = {_id: profileid};
const query = { _id: profileid };
const update = {
$set: {
profile: tempProfile.profile,
@@ -39,8 +39,8 @@ userDB = (DB) => {
DB.getProfile = async (profileId) => {
//if (userProfileCache[profileId] && !userProfileCache[profileId].isGroup) return userProfileCache[profileId];
if(!profileId) return false;
try{
if (!profileId) return false;
try {
const _id = DB.ObjectID(profileId);
let r = await DB.profileCols.findOne({ _id }).catch((err) => {
console.log(err);
@@ -48,7 +48,7 @@ userDB = (DB) => {
});
if (r) userProfileCache[profileId] = r;
return r;
}catch(_){
} catch (_) {
return {};
}
}
@@ -56,16 +56,16 @@ userDB = (DB) => {
DB.getPopularProfiles = async (limit = 10) => {
return DB.profileCols.aggregate([
{
$match: {isGroup: {$ne: true}}
$match: { isGroup: { $ne: true } }
},
{
$addFields: { subscribed_count: {$size: { "$ifNull": [ "$following", [] ] } } }
$addFields: { subscribed_count: { $size: { "$ifNull": ["$following", []] } } }
},
{
$sort: {"subscribed_count":-1}
$sort: { "subscribed_count": -1 }
},
{
$project: {_id: 1, "subscribed_count": 1}
$project: { _id: 1, "subscribed_count": 1 }
}
]).limit(limit).toArray().catch((err) => {
console.log(err);
@@ -76,16 +76,16 @@ userDB = (DB) => {
DB.getPopularGroups = async (limit = 10) => {
return DB.profileCols.aggregate([
{
$match: {isGroup: true, isPrivate: {$ne: true}, isCourse: {$ne: true}}
$match: { isGroup: true, isPrivate: { $ne: true }, isCourse: { $ne: true } }
},
{
$addFields: { subscribed_count: {$size: { "$ifNull": [ {"$objectToArray" : "$subscribed"}, [] ] } } }
$addFields: { subscribed_count: { $size: { "$ifNull": [{ "$objectToArray": "$subscribed" }, []] } } }
},
{
$sort: {"subscribed_count":-1}
$sort: { "subscribed_count": -1 }
},
{
$project: {_id: 1, "subscribed_count": 1}
$project: { _id: 1, "subscribed_count": 1 }
}
]).limit(limit).toArray().catch((err) => {
console.log(err);
@@ -95,19 +95,19 @@ userDB = (DB) => {
DB.getFriendsFriends = async (profileId, limit = 10) => {
const profile = await DB.getProfile(profileId);
if(!profile) return [];
let ids = profile.following.map((id)=>DB.ObjectID(id));
if (!profile) return [];
let ids = profile.following.map((id) => DB.ObjectID(id));
let alreadyFollowingMap = {};
alreadyFollowingMap[profileId] = 1; //skip that profile
profile.following.forEach(id => {
if(!alreadyFollowingMap[id]) alreadyFollowingMap[id] = 1;
if (!alreadyFollowingMap[id]) alreadyFollowingMap[id] = 1;
})
return DB.profileCols.find({_id:{$in: ids}}).project({following: 1}).limit(limit).toArray().then(profiles => {
return DB.profileCols.find({ _id: { $in: ids } }).project({ following: 1 }).limit(limit).toArray().then(profiles => {
let friendsOfFriendsMap = {};
profiles.forEach(p => {
p.following.forEach(followingId => {
if(alreadyFollowingMap[followingId]) return 0;
if(!friendsOfFriendsMap[followingId]) friendsOfFriendsMap[followingId] = 0;
if (alreadyFollowingMap[followingId]) return 0;
if (!friendsOfFriendsMap[followingId]) friendsOfFriendsMap[followingId] = 0;
friendsOfFriendsMap[followingId] = friendsOfFriendsMap[followingId] + 1;
});
});
@@ -124,24 +124,38 @@ userDB = (DB) => {
return DB.getProfile(profileId);
}
DB.getProfileCache = async (profileId) => {
const cachedProfile = userProfileCache[profileId];
if (cachedProfile?.isGroup === false) {
return cachedProfile;
}
return await DB.getProfile(profileId);
};
DB.searchProfile = async (queryStr) => {
let regEx = new RegExp(queryStr, 'i');
let query = {
isGroup: false,
isChat: {$ne: true},
isChat: { $ne: true },
$or: [
{"profile.firstName": {
{
"profile.firstName": {
$regex: regEx
}},
{"profile.lastName": {
}
},
{
"profile.lastName": {
$regex: regEx
}},
{"profile.description": {
}
},
{
"profile.description": {
$regex: regEx
}},
}
},
]
};
let r = await DB.profileCols.find(queryStr ? query : {isGroup: false, isChat: {$ne: true}})
let r = await DB.profileCols.find(queryStr ? query : { isGroup: false, isChat: { $ne: true } })
.sort({ lastUpdate: -1 }).limit(20)
.toArray().catch((err) => {
console.log(err);
@@ -154,7 +168,7 @@ userDB = (DB) => {
const userid = DB.ObjectID(userId);
return await DB.profileCols.find({ userid }).toArray().catch((err) => {
console.log(err);
return false;
return [];
});
}
@@ -167,32 +181,32 @@ userDB = (DB) => {
return false;
});
let index = 0;
while(r[index].isGroup || r[index].isChat) index += 1;
while (r[index].isGroup || r[index].isChat) index += 1;
if (r[index]) userProfileCache[r[index]._id] = r[index];
return r[index];
}
DB.followProfile = async (profileId, followProfileId)=>{
DB.followProfile = async (profileId, followProfileId) => {
const _id = DB.ObjectID(profileId);
let update = {
$addToSet:{
$addToSet: {
following: followProfileId + '' //converts to str
}
}
return DB.profileCols.updateOne({_id}, update).catch((err)=>{
return DB.profileCols.updateOne({ _id }, update).catch((err) => {
console.log(err);
return false;
});
}
DB.unfollowProfile = async (profileId, followProfileId)=>{
DB.unfollowProfile = async (profileId, followProfileId) => {
const _id = DB.ObjectID(profileId);
let update = {
$pull:{
$pull: {
following: followProfileId + '' //converts to str
}
}
return DB.profileCols.updateOne({_id}, update).catch((err)=>{
return DB.profileCols.updateOne({ _id }, update).catch((err) => {
console.log(err);
return false;
});
@@ -200,7 +214,7 @@ userDB = (DB) => {
DB.getFollowingTheProfile = async (profileId) => {
//const profile_id = DB.ObjectID(profileId);
let r = await DB.profileCols.find({ following: (profileId+'') })
let r = await DB.profileCols.find({ following: (profileId + '') })
.toArray().catch((err) => {
console.log(err);
return [];
@@ -216,40 +230,40 @@ userDB = (DB) => {
DB.setData = async (profileid, key, value) => {
const _id = DB.ObjectID(profileid);
let update = {
$set:{
$set: {
["data." + key]: value
}
}
return DB.profileCols.updateOne({_id}, update).catch((err)=>{
return DB.profileCols.updateOne({ _id }, update).catch((err) => {
console.log(err);
return false;
});
}
DB.setProfileToken = (profileid, token)=>{
if(!token) return false;
DB.setProfileToken = (profileid, token) => {
if (!token) return false;
const _id = DB.ObjectID(profileid);
let update = {
$addToSet:{
$addToSet: {
token
}
}
if (userProfileCache[profileid]) delete userProfileCache[profileid];
return DB.profileCols.updateOne({_id}, update).catch((err)=>{
return DB.profileCols.updateOne({ _id }, update).catch((err) => {
console.log(err);
return false;
});
}
DB.setWebSubscription = (profileid, webSubscription)=>{
DB.setWebSubscription = (profileid, webSubscription) => {
const _id = DB.ObjectID(profileid);
let update = {
$set:{
$set: {
webSubscription
}
}
if (userProfileCache[profileid]) delete userProfileCache[profileid];
return DB.profileCols.updateOne({_id}, update).catch((err)=>{
return DB.profileCols.updateOne({ _id }, update).catch((err) => {
console.log(err);
return false;
});
@@ -258,7 +272,7 @@ userDB = (DB) => {
DB.addNotification = async (profileid, message, postid, commentIndx, actorid) => {
const _id = DB.ObjectID(profileid);
let update = {
$push:{
$push: {
notifications: {
ts: new Date(),
body: message,
@@ -268,7 +282,7 @@ userDB = (DB) => {
}
}
}
return DB.profileCols.updateOne({_id}, update).catch((err)=>{
return DB.profileCols.updateOne({ _id }, update).catch((err) => {
console.log(err);
return false;
});
@@ -283,10 +297,10 @@ userDB = (DB) => {
DB.getGroups = async (excludePrivate = false) => {
let query = {
isGroup: true,
isCourse: {$ne: true},
isChat: {$ne: true},
isCourse: { $ne: true },
isChat: { $ne: true },
};
if(excludePrivate) query.isPrivate = false;
if (excludePrivate) query.isPrivate = false;
let r = await DB.profileCols.find(query).sort({ lastUpdate: -1 }).limit(10)
.toArray().catch((err) => {
console.log(err);
@@ -298,21 +312,21 @@ userDB = (DB) => {
DB.getFollowingGroups = async (profileid) => {
const profile = await DB.getProfile(profileid);
let ids = [];
for(id in profile.following){
try{
for (id in profile.following) {
try {
let oId = DB.ObjectID(profile.following[id]);
let checkProfile = await DB.getProfileCache(oId)
if(checkProfile && checkProfile.isGroup && !checkProfile.isChat){
if (checkProfile && checkProfile.isGroup && !checkProfile.isChat) {
ids.push(oId)
}
}catch{
} catch {
}
}
let query = {
isGroup: true,
isCourse: {$ne: true},
isChat: {$ne: true},
isCourse: { $ne: true },
isChat: { $ne: true },
_id: {
$in: ids
}
@@ -329,23 +343,31 @@ userDB = (DB) => {
let regEx = new RegExp(queryStr, 'i');
let query = queryStr ? {
isGroup: true,
isChat: {$ne: true},
isChat: { $ne: true },
isCourse: coursesB,
$or: [
{"profile.firstName": {
{
"profile.firstName": {
$regex: regEx
}},
{"profile.lastName": {
}
},
{
"profile.lastName": {
$regex: regEx
}},
{"profile.description": {
}
},
{
"profile.description": {
$regex: regEx
}},
{"data.author": {
}
},
{
"data.author": {
$regex: regEx
}}
}
}
]
} : {isGroup: true, isChat: {$ne: true}, isCourse: coursesB};
} : { isGroup: true, isChat: { $ne: true }, isCourse: coursesB };
let r = await DB.profileCols.find(query)
.sort({ lastUpdate: -1 }).limit(20)
.toArray().catch((err) => {
@@ -357,13 +379,13 @@ userDB = (DB) => {
let privateGroupsCache = {};
DB.isGroupPrivate = async (groupid) => {
if(userProfileCache[groupid]) return userProfileCache[groupid].isPrivate;
if (userProfileCache[groupid]) return userProfileCache[groupid].isPrivate;
let g = await DB.getGroup(groupid);
return g ? g.isPrivate : false;
}
DB.isGroupNewsOnly = async (groupid) => {
if(userProfileCache[groupid]) return userProfileCache[groupid].newsOnly;
if (userProfileCache[groupid]) return userProfileCache[groupid].newsOnly;
let g = await DB.getGroup(groupid);
return g ? g.newsOnly : false;
}
@@ -377,7 +399,7 @@ userDB = (DB) => {
DB.getGroup = async (groupid) => {
const _id = DB.ObjectID(groupid);
//if(userProfileCache[groupid]) return userProfileCache[groupid];
let r = await DB.profileCols.findOne({_id, isGroup: true, isChat: {$ne: true},}).catch((err) => {
let r = await DB.profileCols.findOne({ _id, isGroup: true, isChat: { $ne: true }, }).catch((err) => {
console.log(err);
return false;
});
@@ -389,13 +411,13 @@ userDB = (DB) => {
const _id = DB.ObjectID(groupid);
const subOrRequest = reqSubscription ? "pending." : "subscribed.";
let update = {
$set:{
$set: {
[subOrRequest + profileid]: new Date()
}
}
if(!reqSubscription) DB.followProfile(profileid, groupid);
if (!reqSubscription) DB.followProfile(profileid, groupid);
delete userProfileCache[groupid];
return DB.profileCols.updateOne({_id}, update).catch((err)=>{
return DB.profileCols.updateOne({ _id }, update).catch((err) => {
console.log(err);
return false;
});
@@ -404,16 +426,16 @@ userDB = (DB) => {
DB.acceptGroupJoinReq = async (profileid, groupid) => {
const _id = DB.ObjectID(groupid);
let update = {
$set:{
$set: {
["subscribed." + profileid]: new Date()
},
$unset:{
$unset: {
["pending." + profileid]: ""
}
}
DB.followProfile(profileid, groupid);
delete userProfileCache[groupid];
return DB.profileCols.updateOne({_id}, update).catch((err)=>{
return DB.profileCols.updateOne({ _id }, update).catch((err) => {
console.log(err);
return false;
});
@@ -422,12 +444,12 @@ userDB = (DB) => {
DB.rejectGroupJoinReq = async (profileid, groupid) => {
const _id = DB.ObjectID(groupid);
let update = {
$unset:{
$unset: {
["pending." + profileid]: ""
}
}
delete userProfileCache[groupid];
return DB.profileCols.updateOne({_id}, update).catch((err)=>{
return DB.profileCols.updateOne({ _id }, update).catch((err) => {
console.log(err);
return false;
});
@@ -436,12 +458,12 @@ userDB = (DB) => {
DB.unsubscribeToGroup = async (profileid, groupid) => {
const _id = DB.ObjectID(groupid);
let update = {
$unset:{
$unset: {
["subscribed." + profileid]: "",
}
}
DB.unfollowProfile(profileid, groupid)
return DB.profileCols.updateOne({_id}, update).catch((err)=>{
return DB.profileCols.updateOne({ _id }, update).catch((err) => {
console.log(err);
return false;
});
@@ -449,7 +471,7 @@ userDB = (DB) => {
//Courses
DB.getCourses = async () => {
let r = await DB.profileCols.find({isGroup: true, isCourse: true, isChat: {$ne: true}})
let r = await DB.profileCols.find({ isGroup: true, isCourse: true, isChat: { $ne: true } })
.sort({ lastUpdate: -1 }).limit(20)
.toArray().catch((err) => {
console.log(err);

20
def/profile.js
View File

@@ -1,15 +1,15 @@
class User {
constructor(info){
if(!info || !info.userid) throw "Can not construct empty profile";
if(!info || !info.userid) throw new Error("Cannot construct empty profile");
this.userid = info.userid;
this.profile = {
firstName: info.profile && info.profile.firstName || '',
lastName: info.profile && info.profile.lastName || '',
photo: info.profile && info.profile.photo || '',
location: info.profile && info.profile.location || 'USA',
language: info.profile && info.profile.language || 'en',
status: info.profile && info.profile.status || '',
description: info.profile && info.profile.description || '',
firstName: info.profile?.firstName || '',
lastName: info.profile?.lastName || '',
photo: info.profile?.photo || '',
location: info.profile?.location || 'USA',
language: info.profile?.language || 'en',
status: info.profile?.status || '',
description: info.profile?.description || '',
};
this.data = info.data || {};
this.username = info.username || '';
@@ -23,8 +23,8 @@ class User {
this.isCourse = info.isCourse || false;
this.isPrivate = info.isPrivate || false;
this.isChat = info.isChat || false;
this.subscribed = info.subscribed || {}; //Subscribed user to groups
this.pending = info.pending || {}; //Private groups require authorization
this.subscribed = JSON.parse(JSON.stringify(info.subscribed || {})); //Subscribed user to groups
this.pending = JSON.parse(JSON.stringify(info.pending || {})); //Private groups require authorization
}
toObj(){

97
routes/profile.js
View File

@@ -4,26 +4,18 @@ var router = express.Router()
const DB = require("../mongoDB.js");
const Profile = require("../def/profile.js");
const Notifications = require("./../notifications.js");
const { getSessionId, getUserId, getProfileId } = require("./../utils/sessionUtils.js");
DB.getDB.then((DB)=>{
const getUserId = function(req){
const user_sid = req.cookies.user_sid || req.query.user_sid || req.body.user_sid;
return DB.ObjectID(user_sid);
}
const getProfileId = (req)=>{
return DB.ObjectID(req.cookies.profile_id || req.query.profile_id || req.body.profile_id);
}
DB.getDB.then((DB) => {
const profileBelongsToUser = async (profileid, userid) => {
const profile = await DB.getProfileCache(profileid);
if(!profile) return false;
return profile.userid == (userid + '');
if (!profile) return false;
return profile.userid === String(userid);
}
router.get("/mine", async (req, res) => {
let userid = req.cookies.user_sid;
let userid = getUserId(req);
let profiles = await DB.getUserProfiles(userid);
return res.json({
status: "ok",
@@ -34,59 +26,84 @@ DB.getDB.then((DB)=>{
router.get("/new", async (req, res) => { //Deprecated please use route post("/")
let profile = {
userid: getUserId(req),
... req.query.content
...req.query.content
};
let profileObj = new Profile(profile);
let r = await DB.newProfile(profileObj);
return res.json({
status: "ok",
... profileObj.toObj()
...profileObj.toObj()
});
});
router.post("/", async (req, res) => {
let profile = {
userid: getUserId(req),
... req.body.content
...req.body.content
};
try {
let profileObj = new Profile(profile);
let r = await DB.newProfile(profileObj);
return res.json({
status: "ok",
... profileObj.toObj()
...profileObj.toObj()
});
} catch (error) {
console.error("Error creating profile", error);
return res.json({
status: error,
});
}
});
router.post("/invite", async (req, res) => {
try {
const userid = getUserId(req);
const name = req.body.name;
const email = req.body.email;
//validate email?
if(!name || !email) return res.json({status: "incomplete request"});
let { name, email } = req.body; // Destructuring for clarity
// Validate required fields
if (!name || !email) {
return res.status(400).json({ status: "Name and email are required" });
}
// Validate email format
email = email.trim().toLowerCase()
const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
if (!emailRegex.test(email)) {
return res.status(400).json({ status: "Invalid email format" });
}
// Create new invitation, this returns a string if failed
let r = await DB.newInvitation(userid, name, email);
if(!r.toLowerCase){
//send email invitation
let senderProfile = await DB.getProfile(getProfileId(req));
Notifications.youHaveAnInvitation(name, email, senderProfile);
return res.json({
status: "ok"
if (r instanceof String) {
// Handle failure response from DB.newInvitation
return res.status(400).json({
status: r,
message: `Failed to send invitation: ${r}`
});
}
return res.json({
status: r
// Handle response from DB.newInvitation
// Send email invitation
let senderProfile = await DB.getProfile(getProfileId(req));
Notifications.youHaveAnInvitation(name, email, senderProfile);
return res.status(200).json({
status: "ok",
message: `Invitation sent to ${name} (${email})`
});
} catch (error) {
console.error("Error during invitation process:", error);
return res.status(500).json({ status: "error", message: "Something went wrong, please try again later" });
}
});
router.get("/invite/:email", async (req, res) => {
const userid = getUserId(req);
const email = req.params.email;
//validate email?
if(!email) return res.json({status: "provide valid email"});
if (!email) return res.json({ status: "provide valid email" });
let r = await DB.getInvitation(email);
if(!r) return res.json({status: "no invitation found with that email"});
if (!r) return res.json({ status: "no invitation found with that email" });
let isUserAlreadyRegistered = await DB.getUser(email);
if(isUserAlreadyRegistered && isUserAlreadyRegistered._id) return res.json({status: "This user is already registered"});
return res.json({status: "ok", ... r});
if (isUserAlreadyRegistered && isUserAlreadyRegistered._id) return res.json({ status: "This user is already registered" });
return res.json({ status: "ok", ...r });
});
router.get("/groups", async (req, res) => {
@@ -110,13 +127,13 @@ DB.getDB.then((DB)=>{
let profile = {
userid: getUserId(req),
isGroup: true,
... req.body
...req.body
};
let profileObj = new Profile(profile);
DB.newProfile(profileObj)
return res.json({
status: "ok",
... profileObj.toObj()
...profileObj.toObj()
});
});
@@ -133,7 +150,7 @@ DB.getDB.then((DB)=>{
//of an user that attempt to join a private group.
const groupid = getProfileId(req); //It needs to have this profile context
const groupidBody = req.body.groupid ? DB.ObjectID(req.body.groupid) : undefined;
if(groupidBody && groupid != groupidBody && !DB.isOwnerOfGroup(groupid, groupidBody)){
if (groupidBody && groupid != groupidBody && !DB.isOwnerOfGroup(groupid, groupidBody)) {
return res.json({
status: "Only group owner can accept new subscribers"
});
@@ -152,7 +169,7 @@ DB.getDB.then((DB)=>{
//of an user that attempt to join a private group.
const groupid = getProfileId(req); //It needs to have this profile context
const groupidBody = req.body.groupid ? DB.ObjectID(req.body.groupid) : undefined;
if(groupidBody && groupid != groupidBody && !DB.isOwnerOfGroup(groupid, groupidBody)){
if (groupidBody && groupid != groupidBody && !DB.isOwnerOfGroup(groupid, groupidBody)) {
return res.json({
status: "Only group owner can reject new subscribers"
});
@@ -191,7 +208,7 @@ DB.getDB.then((DB)=>{
const isPrivate = await DB.isGroupPrivate(groupid);
DB.subscribeToGroup(profileid, groupid, isPrivate);
//Add notification to group owner
if(isPrivate) Notifications.yourGroupHasARequest(profileid, groupid)
if (isPrivate) Notifications.yourGroupHasARequest(profileid, groupid)
return res.json({
status: "ok"
});
@@ -244,14 +261,14 @@ DB.getDB.then((DB)=>{
let profile = await DB.getProfile(profileId);
return res.json({
status: "ok",
... profile
...profile
});
});
router.delete("/:id", async (req, res) => {
const profileId = req.params.id;
const userid = getUserId(req);
if(!await profileBelongsToUser(profileId, userid))
if (!await profileBelongsToUser(profileId, userid))
return res.json({
status: "This profile is not yours."
});

17
utils/sessionUtils.js
View File

@@ -1,14 +1,31 @@
const { ObjectId } = require("mongodb");
const isValidObjectId = (id) => ObjectId.isValid(id);
// Utilities
const getSessionId = function (req) {
const session_id = req.cookies.session_id || req.query.session_id || req.body.session_id;
if(isValidObjectId(session_id)) {
return session_id;
}
console.error("Invalid session_id format: ", session_id);
return session_id;
}
const getUserId = function (req) {
const user_sid = req.cookies.user_sid || req.query.user_sid || req.body.user_sid;
// validate user_sid
if(isValidObjectId(user_sid)) {
return user_sid;
}
console.error("Invalid user_sid format: ", user_sid);
return user_sid;
}
const getProfileId = function (req) {
const profile_id = req.cookies.profile_id || req.query.profile_id || req.body.profile_id;
if(isValidObjectId(profile_id)) {
return profile_id;
}
console.error("Invalid profile_id format: ", profile_id);
return profile_id;
}