mirror of
https://github.com/HabitRPG/habitica.git
synced 2025-12-14 21:27:23 +01:00
35b92f13a3
* refactor: Move translate test utility to helpers directory * Add kind property to webhooks * feat: Add options to create webhook route * refactor: Move webhook ops into single file * refactor: Create webhook objects for specific webhook behavior * chore(tests): Add default sleep helper value of 1 second * feat(api): Add method for groups to send out webhook * feat(api): Add taskCreated webhook task creation * feat(api): Send chat webhooks after a chat is sent * refactor: Move webhook routes to own controller * lint: Correct linting errors * fix(api): Correct taskCreated webhook method * fix(api): Fix webhook logging to only log when there is an error * fix: Update groupChatRecieved webhook creation * chore: Add integration tests for webhooks * fix: Set webhook creation response to 201 * fix: Correct how task scored webhook data is sent * Revert group chat recieved webhook to only support one group * Remove quest activity option for webhooks * feat: Send webhook for each task created * feat: Allow webhooks without a type to default to taskScored * feat: Add logic for adding ids to webhook * feat: optimize webhook url check by shortcircuiting if no url is passed * refactor: Use full name for webhook variable * feat: Add missing params to client webhook * lint: Add missing semicolon * chore(tests): Fix inccorect webhook tests * chore: Add migration to update task scored webhooks * feat: Allow default value of webhook add route to be enabled * chore: Update webhook documentation * chore: Remove special handling for v2 * refactor: adjust addComputedStatsToJSONObject to work for webhooks * refactor: combine taskScored and taskActivity webhooks * feat(api): Add task activity to task update and delete routes * chore: Change references to taskScored to taskActivity * fix: Correct stats object being passed in for transform * chore: Remove extra line break * fix: Pass in the language to use for the translations * refactor(api): Move webhooks from user.preferences.webhooks to user.webhooks * chore: Update migration to set webhook array * lint: Correct brace spacing * chore: convert webhook lib to use user.webhooks * refactor(api): Consolidate filters * chore: clarify migration instructions * fix(test): Correct user creation in user anonymized tests * chore: add test that webhooks cannot be updated via PUT /user * refactor: Simplify default webhook id value * refactor(client): Push newly created webhook instead of doing a sync * chore(test): Add test file for webhook model * refactor: Remove webhook validation * refactor: Remove need for watch on webhooks * refactor(client): Update webhooks object without syncing * chore: update webhook documentation * Fix migrations issues * chore: remove v2 test helper * fix(api): Provide webhook type in task scored webhook * fix(client): Fix webhook deletion appearing to delete all webhooks * feat(api): add optional label field for webhooks * feat: provide empty string as default for webhook label * chore: Update webhook migration * chore: update webhook migration name
414 lines
14 KiB
JavaScript
414 lines
14 KiB
JavaScript
import { authWithHeaders } from '../../middlewares/auth';
|
|
import {
|
|
model as User,
|
|
publicFields as memberFields,
|
|
nameFields,
|
|
} from '../../models/user';
|
|
import { model as Group } from '../../models/group';
|
|
import { model as Challenge } from '../../models/challenge';
|
|
import {
|
|
NotFound,
|
|
NotAuthorized,
|
|
} from '../../libs/errors';
|
|
import * as Tasks from '../../models/task';
|
|
import {
|
|
getUserInfo,
|
|
sendTxn as sendTxnEmail,
|
|
} from '../../libs/email';
|
|
import Bluebird from 'bluebird';
|
|
import { sendNotification as sendPushNotification } from '../../libs/pushNotifications';
|
|
|
|
let api = {};
|
|
|
|
/**
|
|
* @api {get} /api/v3/members/:memberId Get a member profile
|
|
* @apiVersion 3.0.0
|
|
* @apiName GetMember
|
|
* @apiGroup Member
|
|
*
|
|
* @apiParam {UUID} memberId The member's id
|
|
*
|
|
* @apiSuccess {Object} data The member object
|
|
*/
|
|
api.getMember = {
|
|
method: 'GET',
|
|
url: '/members/:memberId',
|
|
middlewares: [],
|
|
async handler (req, res) {
|
|
req.checkParams('memberId', res.t('memberIdRequired')).notEmpty().isUUID();
|
|
|
|
let validationErrors = req.validationErrors();
|
|
if (validationErrors) throw validationErrors;
|
|
|
|
let memberId = req.params.memberId;
|
|
|
|
let member = await User
|
|
.findById(memberId)
|
|
.select(memberFields)
|
|
.exec();
|
|
|
|
if (!member) throw new NotFound(res.t('userWithIDNotFound', {userId: memberId}));
|
|
|
|
// manually call toJSON with minimize: true so empty paths aren't returned
|
|
let memberToJSON = member.toJSON({minimize: true});
|
|
member.addComputedStatsToJSONObj(memberToJSON.stats);
|
|
|
|
res.respond(200, memberToJSON);
|
|
},
|
|
};
|
|
|
|
// Return a request handler for getMembersForGroup / getInvitesForGroup / getMembersForChallenge
|
|
// type is `invites` or `members`
|
|
function _getMembersForItem (type) {
|
|
if (['group-members', 'group-invites', 'challenge-members'].indexOf(type) === -1) {
|
|
throw new Error('Type must be one of "group-members", "group-invites", "challenge-members"');
|
|
}
|
|
|
|
return async function handleGetMembersForItem (req, res) {
|
|
if (type === 'challenge-members') {
|
|
req.checkParams('challengeId', res.t('challengeIdRequired')).notEmpty().isUUID();
|
|
} else {
|
|
req.checkParams('groupId', res.t('groupIdRequired')).notEmpty();
|
|
}
|
|
req.checkQuery('lastId').optional().notEmpty().isUUID();
|
|
|
|
let validationErrors = req.validationErrors();
|
|
if (validationErrors) throw validationErrors;
|
|
|
|
let groupId = req.params.groupId;
|
|
let challengeId = req.params.challengeId;
|
|
let lastId = req.query.lastId;
|
|
let user = res.locals.user;
|
|
let challenge;
|
|
let group;
|
|
|
|
if (type === 'challenge-members') {
|
|
challenge = await Challenge.findById(challengeId).select('_id type leader group').exec();
|
|
if (!challenge) throw new NotFound(res.t('challengeNotFound'));
|
|
|
|
// optionalMembership is set to true because even if you're not member of the group you may be able to access the challenge
|
|
// for example if you've been booted from it, are the leader or a site admin
|
|
group = await Group.getGroup({
|
|
user,
|
|
groupId: challenge.group,
|
|
fields: '_id type privacy',
|
|
optionalMembership: true,
|
|
});
|
|
|
|
if (!group || !challenge.canView(user, group)) throw new NotFound(res.t('challengeNotFound'));
|
|
} else {
|
|
group = await Group.getGroup({user, groupId, fields: '_id type'});
|
|
if (!group) throw new NotFound(res.t('groupNotFound'));
|
|
}
|
|
|
|
let query = {};
|
|
let fields = nameFields;
|
|
let addComputedStats = false; // add computes stats to the member info when items and stats are available
|
|
|
|
if (type === 'challenge-members') {
|
|
query.challenges = challenge._id;
|
|
} else if (type === 'group-members') {
|
|
if (group.type === 'guild') {
|
|
query.guilds = group._id;
|
|
} else {
|
|
query['party._id'] = group._id; // group._id and not groupId because groupId could be === 'party'
|
|
|
|
if (req.query.includeAllPublicFields === 'true') {
|
|
fields = memberFields;
|
|
addComputedStats = true;
|
|
}
|
|
}
|
|
} else if (type === 'group-invites') {
|
|
if (group.type === 'guild') { // eslint-disable-line no-lonely-if
|
|
query['invitations.guilds.id'] = group._id;
|
|
} else {
|
|
query['invitations.party.id'] = group._id; // group._id and not groupId because groupId could be === 'party'
|
|
}
|
|
}
|
|
|
|
if (lastId) query._id = {$gt: lastId};
|
|
|
|
let limit = 30;
|
|
|
|
// Allow for all challenges members to be returned
|
|
if (type === 'challenge-members' && req.query.includeAllMembers === 'true') {
|
|
limit = 0; // no limit
|
|
}
|
|
|
|
let members = await User
|
|
.find(query)
|
|
.sort({_id: 1})
|
|
.limit(limit)
|
|
.select(fields)
|
|
.exec();
|
|
|
|
// manually call toJSON with minimize: true so empty paths aren't returned
|
|
let membersToJSON = members.map(member => {
|
|
let memberToJSON = member.toJSON({minimize: true});
|
|
if (addComputedStats) member.addComputedStatsToJSONObj(memberToJSON.stats);
|
|
|
|
return memberToJSON;
|
|
});
|
|
res.respond(200, membersToJSON);
|
|
};
|
|
}
|
|
|
|
/**
|
|
* @api {get} /api/v3/groups/:groupId/members Get members for a group
|
|
* @apiDescription With a limit of 30 member per request. To get all members run requests against this routes (updating the lastId query parameter) until you get less than 30 results.
|
|
* @apiVersion 3.0.0
|
|
* @apiName GetMembersForGroup
|
|
* @apiGroup Member
|
|
*
|
|
* @apiParam {UUID} groupId The group id
|
|
* @apiParam {UUID} lastId Query parameter to specify the last member returned in a previous request to this route and get the next batch of results
|
|
* @apiParam {boolean} includeAllPublicFields Query parameter available only when fetching a party. If === `true` then all public fields for members will be returned (like when making a request for a single member)
|
|
*
|
|
* @apiSuccess {array} data An array of members, sorted by _id
|
|
*/
|
|
api.getMembersForGroup = {
|
|
method: 'GET',
|
|
url: '/groups/:groupId/members',
|
|
middlewares: [authWithHeaders()],
|
|
handler: _getMembersForItem('group-members'),
|
|
};
|
|
|
|
/**
|
|
* @api {get} /api/v3/groups/:groupId/invites Get invites for a group
|
|
* @apiDescription With a limit of 30 member per request. To get all invites run requests against this routes (updating the lastId query parameter) until you get less than 30 results.
|
|
* @apiVersion 3.0.0
|
|
* @apiName GetInvitesForGroup
|
|
* @apiGroup Member
|
|
*
|
|
* @apiParam {UUID} groupId The group id
|
|
* @apiParam {UUID} lastId Query parameter to specify the last invite returned in a previous request to this route and get the next batch of results
|
|
*
|
|
* @apiSuccess {array} data An array of invites, sorted by _id
|
|
*/
|
|
api.getInvitesForGroup = {
|
|
method: 'GET',
|
|
url: '/groups/:groupId/invites',
|
|
middlewares: [authWithHeaders()],
|
|
handler: _getMembersForItem('group-invites'),
|
|
};
|
|
|
|
/**
|
|
* @api {get} /api/v3/challenges/:challengeId/members Get members for a challenge
|
|
* @apiDescription With a limit of 30 member per request.
|
|
* To get all members run requests against this routes (updating the lastId query parameter) until you get less than 30 results.
|
|
* BETA You can also use ?includeAllMembers=true. This option is currently in BETA and may be removed in future.
|
|
* Its use is discouraged and its performaces are not optimized especially for large challenges.
|
|
*
|
|
* @apiVersion 3.0.0
|
|
* @apiName GetMembersForChallenge
|
|
* @apiGroup Member
|
|
*
|
|
* @apiParam {UUID} challengeId The challenge id
|
|
* @apiParam {UUID} lastId Query parameter to specify the last member returned in a previous request to this route and get the next batch of results
|
|
* @apiParam {String} includeAllMembers BETA Query parameter - If 'true' all challenge members are returned
|
|
|
|
* @apiSuccess {array} data An array of members, sorted by _id
|
|
*/
|
|
api.getMembersForChallenge = {
|
|
method: 'GET',
|
|
url: '/challenges/:challengeId/members',
|
|
middlewares: [authWithHeaders()],
|
|
handler: _getMembersForItem('challenge-members'),
|
|
};
|
|
|
|
/**
|
|
* @api {get} /api/v3/challenges/:challengeId/members/:memberId Get a challenge member progress
|
|
* @apiVersion 3.0.0
|
|
* @apiName GetChallengeMemberProgress
|
|
* @apiGroup Member
|
|
*
|
|
* @apiParam {UUID} challengeId The challenge _id
|
|
* @apiParam {UUID} member The member _id
|
|
*
|
|
* @apiSuccess {Object} data Return an object with member _id, profile.name and a tasks object with the challenge tasks for the member
|
|
*/
|
|
api.getChallengeMemberProgress = {
|
|
method: 'GET',
|
|
url: '/challenges/:challengeId/members/:memberId',
|
|
middlewares: [authWithHeaders()],
|
|
async handler (req, res) {
|
|
req.checkParams('challengeId', res.t('challengeIdRequired')).notEmpty().isUUID();
|
|
req.checkParams('memberId', res.t('memberIdRequired')).notEmpty().isUUID();
|
|
|
|
let validationErrors = req.validationErrors();
|
|
if (validationErrors) throw validationErrors;
|
|
|
|
let user = res.locals.user;
|
|
let challengeId = req.params.challengeId;
|
|
let memberId = req.params.memberId;
|
|
|
|
let member = await User.findById(memberId).select(`${nameFields} challenges`).exec();
|
|
if (!member) throw new NotFound(res.t('userWithIDNotFound', {userId: memberId}));
|
|
|
|
let challenge = await Challenge.findById(challengeId).exec();
|
|
if (!challenge) throw new NotFound(res.t('challengeNotFound'));
|
|
|
|
// optionalMembership is set to true because even if you're not member of the group you may be able to access the challenge
|
|
// for example if you've been booted from it, are the leader or a site admin
|
|
let group = await Group.getGroup({user, groupId: challenge.group, fields: '_id type privacy', optionalMembership: true});
|
|
if (!group || !challenge.canView(user, group)) throw new NotFound(res.t('challengeNotFound'));
|
|
if (!challenge.isMember(member)) throw new NotFound(res.t('challengeMemberNotFound'));
|
|
|
|
let chalTasks = await Tasks.Task.find({
|
|
userId: memberId,
|
|
'challenge.id': challengeId,
|
|
})
|
|
.select('-tags') // We don't want to return the tags publicly TODO same for other data?
|
|
.exec();
|
|
|
|
// manually call toJSON with minimize: true so empty paths aren't returned
|
|
let response = member.toJSON({minimize: true});
|
|
delete response.challenges;
|
|
response.tasks = chalTasks.map(chalTask => chalTask.toJSON({minimize: true}));
|
|
res.respond(200, response);
|
|
},
|
|
};
|
|
|
|
/**
|
|
* @api {posts} /api/v3/members/send-private-message Send a private message to a member
|
|
* @apiVersion 3.0.0
|
|
* @apiName SendPrivateMessage
|
|
* @apiGroup Member
|
|
*
|
|
* @apiParam {String} message Body parameter - The message
|
|
* @apiParam {UUID} toUserId Body parameter - The user to contact
|
|
*
|
|
* @apiSuccess {Object} data An empty Object
|
|
*/
|
|
api.sendPrivateMessage = {
|
|
method: 'POST',
|
|
url: '/members/send-private-message',
|
|
middlewares: [authWithHeaders()],
|
|
async handler (req, res) {
|
|
req.checkBody('message', res.t('messageRequired')).notEmpty();
|
|
req.checkBody('toUserId', res.t('toUserIDRequired')).notEmpty().isUUID();
|
|
|
|
let validationErrors = req.validationErrors();
|
|
if (validationErrors) throw validationErrors;
|
|
|
|
let sender = res.locals.user;
|
|
let message = req.body.message;
|
|
|
|
let receiver = await User.findById(req.body.toUserId).exec();
|
|
if (!receiver) throw new NotFound(res.t('userNotFound'));
|
|
|
|
let userBlockedSender = receiver.inbox.blocks.indexOf(sender._id) !== -1;
|
|
let userIsBlockBySender = sender.inbox.blocks.indexOf(receiver._id) !== -1;
|
|
let userOptedOutOfMessaging = receiver.inbox.optOut;
|
|
|
|
if (userBlockedSender || userIsBlockBySender || userOptedOutOfMessaging) {
|
|
throw new NotAuthorized(res.t('notAuthorizedToSendMessageToThisUser'));
|
|
}
|
|
|
|
await sender.sendMessage(receiver, message);
|
|
|
|
if (receiver.preferences.emailNotifications.newPM !== false) {
|
|
sendTxnEmail(receiver, 'new-pm', [
|
|
{name: 'SENDER', content: getUserInfo(sender, ['name']).name},
|
|
{name: 'PMS_INBOX_URL', content: '/#/options/groups/inbox'},
|
|
]);
|
|
}
|
|
if (receiver.preferences.pushNotifications.newPM !== false) {
|
|
sendPushNotification(
|
|
receiver,
|
|
{
|
|
title: res.t('newPM'),
|
|
message: res.t('newPMInfo', {name: getUserInfo(sender, ['name']).name, message}),
|
|
identifier: 'newPM',
|
|
category: 'newPM',
|
|
payload: {replyTo: sender._id},
|
|
}
|
|
);
|
|
}
|
|
|
|
res.respond(200, {});
|
|
},
|
|
};
|
|
|
|
/**
|
|
* @api {posts} /api/v3/members/transfer-gems Send a gem gift to a member
|
|
* @apiVersion 3.0.0
|
|
* @apiName TransferGems
|
|
* @apiGroup Member
|
|
*
|
|
* @apiParam {String} message Body parameter The message
|
|
* @apiParam {UUID} toUserId Body parameter The toUser _id
|
|
* @apiParam {Integer} gemAmount Body parameter The number of gems to send
|
|
*
|
|
* @apiSuccess {Object} data An empty Object
|
|
*/
|
|
api.transferGems = {
|
|
method: 'POST',
|
|
url: '/members/transfer-gems',
|
|
middlewares: [authWithHeaders()],
|
|
async handler (req, res) {
|
|
req.checkBody('toUserId', res.t('toUserIDRequired')).notEmpty().isUUID();
|
|
req.checkBody('gemAmount', res.t('gemAmountRequired')).notEmpty().isInt();
|
|
|
|
let validationErrors = req.validationErrors();
|
|
if (validationErrors) throw validationErrors;
|
|
|
|
let sender = res.locals.user;
|
|
|
|
let receiver = await User.findById(req.body.toUserId).exec();
|
|
if (!receiver) throw new NotFound(res.t('userNotFound'));
|
|
|
|
if (receiver._id === sender._id) {
|
|
throw new NotAuthorized(res.t('cannotSendGemsToYourself'));
|
|
}
|
|
|
|
let gemAmount = req.body.gemAmount;
|
|
let amount = gemAmount / 4;
|
|
|
|
if (amount <= 0 || sender.balance < amount) {
|
|
throw new NotAuthorized(res.t('badAmountOfGemsToSend'));
|
|
}
|
|
|
|
receiver.balance += amount;
|
|
sender.balance -= amount;
|
|
let promises = [receiver.save(), sender.save()];
|
|
await Bluebird.all(promises);
|
|
|
|
let message = res.t('privateMessageGiftIntro', {
|
|
receiverName: receiver.profile.name,
|
|
senderName: sender.profile.name,
|
|
});
|
|
message += res.t('privateMessageGiftGemsMessage', {gemAmount});
|
|
message = `\`${message}\` `;
|
|
|
|
if (req.body.message) {
|
|
message += req.body.message;
|
|
}
|
|
|
|
await sender.sendMessage(receiver, message);
|
|
|
|
let byUsername = getUserInfo(sender, ['name']).name;
|
|
|
|
if (receiver.preferences.emailNotifications.giftedGems !== false) {
|
|
sendTxnEmail(receiver, 'gifted-gems', [
|
|
{name: 'GIFTER', content: byUsername},
|
|
{name: 'X_GEMS_GIFTED', content: gemAmount},
|
|
]);
|
|
}
|
|
if (receiver.preferences.pushNotifications.giftedGems !== false) {
|
|
sendPushNotification(receiver,
|
|
{
|
|
title: res.t('giftedGems'),
|
|
message: res.t('giftedGemsInfo', {amount: gemAmount, name: byUsername}),
|
|
identifier: 'giftedGems',
|
|
payload: {replyTo: sender._id},
|
|
});
|
|
}
|
|
|
|
res.respond(200, {});
|
|
},
|
|
};
|
|
|
|
|
|
module.exports = api;
|