diff --git a/lib/group.js b/lib/group.js index 0fa4798..8e3f376 100644 --- a/lib/group.js +++ b/lib/group.js @@ -2,6 +2,7 @@ import Mysql from './mysql.js' import { mapToDbColumn } from './util.js' const groupDbMap = { id: 'nt_group_id', parent_gid: 'parent_group_id' } +const boolFields = ['deleted'] class Group { constructor() { @@ -20,7 +21,7 @@ class Group { } async get(args) { - return await Mysql.execute( + const rows = await Mysql.execute( ...Mysql.select( `SELECT nt_group_id AS id , parent_group_id AS parent_gid @@ -30,6 +31,12 @@ class Group { mapToDbColumn(args, groupDbMap), ), ) + for (const r of rows) { + for (const b of boolFields) { + r[b] = r[b] === 1 + } + } + return rows } async put(args) { diff --git a/lib/group.test.js b/lib/group.test.js index 1a68a0a..7ec9da1 100644 --- a/lib/group.test.js +++ b/lib/group.test.js @@ -20,7 +20,7 @@ describe('group', function () { id: testCase.id, name: testCase.name, parent_gid: 0, - deleted: 0, + deleted: false, }) }) @@ -30,7 +30,7 @@ describe('group', function () { id: testCase.id, name: testCase.name, parent_gid: 0, - deleted: 0, + deleted: false, }) }) @@ -41,7 +41,7 @@ describe('group', function () { id: testCase.id, name: 'example.net', parent_gid: 0, - deleted: 0, + deleted: false, }, ]) assert.ok(await Group.put({ id: testCase.id, name: testCase.name })) @@ -50,9 +50,9 @@ describe('group', function () { it('deletes a group', async () => { assert.ok(await Group.delete({ id: testCase.id })) let g = await Group.get({ id: testCase.id, deleted: 1 }) - assert.equal(g[0]?.deleted, 1) + assert.equal(g[0]?.deleted, true) await Group.delete({ id: testCase.id, deleted: 0 }) // restore g = await Group.get({ id: testCase.id }) - assert.equal(g[0].deleted, 0) + assert.equal(g[0].deleted, false) }) }) diff --git a/lib/permission.js b/lib/permission.js index 01fbf96..e868640 100644 --- a/lib/permission.js +++ b/lib/permission.js @@ -21,8 +21,8 @@ class Permission { } return await Mysql.execute( - ...Mysql.insert(`nt_perm`, mapToDbColumn(objectToDb(args), permDbMap) - )) + ...Mysql.insert(`nt_perm`, mapToDbColumn(objectToDb(args), permDbMap)), + ) } async get(args) { @@ -36,7 +36,10 @@ class Permission { FROM nt_perm p` // Mysql.debug(1) if (args.deleted === undefined) args.deleted = false - const rows = await Mysql.execute(...Mysql.select(query, mapToDbColumn(args, permDbMap))) + + const rows = await Mysql.execute( + ...Mysql.select(query, mapToDbColumn(args, permDbMap)), + ) if (rows.length === 0) return if (rows.length > 1) { throw new Error( @@ -68,11 +71,13 @@ class Permission { const id = args.id delete args.id // Mysql.debug(1) - const r = await Mysql.execute(...Mysql.update( - `nt_perm`, - `nt_perm_id=${id}`, - mapToDbColumn(args, permDbMap), - )) + const r = await Mysql.execute( + ...Mysql.update( + `nt_perm`, + `nt_perm_id=${id}`, + mapToDbColumn(args, permDbMap), + ), + ) return r.changedRows === 1 } @@ -85,9 +90,9 @@ class Permission { } async destroy(args) { - const p = await this.get(args) - if (!p) return false - return await Mysql.execute(...Mysql.delete(`nt_perm`, mapToDbColumn(args, permDbMap))) + return await Mysql.execute( + ...Mysql.delete(`nt_perm`, mapToDbColumn(args, permDbMap)), + ) } } diff --git a/lib/session.js b/lib/session.js index 36c5821..a5d189e 100644 --- a/lib/session.js +++ b/lib/session.js @@ -16,10 +16,9 @@ class Session { const r = await this.get(args) if (r) return r.id - const id = await Mysql.execute(...Mysql.insert( - `nt_user_session`, - mapToDbColumn(args, sessionDbMap), - )) + const id = await Mysql.execute( + ...Mysql.insert(`nt_user_session`, mapToDbColumn(args, sessionDbMap)), + ) return id } @@ -64,20 +63,21 @@ class Session { const id = args.id delete args.id - const r = await Mysql.execute(...Mysql.update( - `nt_user_session`, - `nt_user_session_id=${id}`, - mapToDbColumn(args, sessionDbMap), - )) + const r = await Mysql.execute( + ...Mysql.update( + `nt_user_session`, + `nt_user_session_id=${id}`, + mapToDbColumn(args, sessionDbMap), + ), + ) // console.log(r) return r.changedRows === 1 } async delete(args) { - const r = await Mysql.execute(...Mysql.delete( - `nt_user_session`, - mapToDbColumn(args, sessionDbMap), - )) + const r = await Mysql.execute( + ...Mysql.delete(`nt_user_session`, mapToDbColumn(args, sessionDbMap)), + ) return r.affectedRows === 1 } } diff --git a/lib/user.js b/lib/user.js index ad58d14..fe10ee4 100644 --- a/lib/user.js +++ b/lib/user.js @@ -5,7 +5,7 @@ import Config from './config.js' import { mapToDbColumn } from './util.js' const userDbMap = { id: 'nt_user_id', gid: 'nt_group_id' } -const boolFields = [ 'is_admin', 'deleted' ] +const boolFields = ['is_admin', 'deleted'] class User { constructor(args = {}) { @@ -71,14 +71,17 @@ class User { args.password = await this.hashAuthPbkdf2(args.password, args.pass_salt) } - const userId = await Mysql.execute(...Mysql.insert(`nt_user`, mapToDbColumn(args, userDbMap))) + const userId = await Mysql.execute( + ...Mysql.insert(`nt_user`, mapToDbColumn(args, userDbMap)), + ) return userId } async get(args) { if (args.deleted === undefined) args.deleted = false - const rows = await Mysql.execute(...Mysql.select( - `SELECT email + const rows = await Mysql.execute( + ...Mysql.select( + `SELECT email , first_name , last_name , nt_group_id AS gid @@ -87,8 +90,9 @@ class User { , email , deleted FROM nt_user`, - mapToDbColumn(args, userDbMap), - )) + mapToDbColumn(args, userDbMap), + ), + ) for (const r of rows) { for (const b of boolFields) { r[b] = r[b] === 1 @@ -101,11 +105,13 @@ class User { if (!args.id) return false const id = args.id delete args.id - const r = await Mysql.execute(...Mysql.update( - `nt_user`, - `nt_user_id=${id}`, - mapToDbColumn(args, userDbMap), - )) + const r = await Mysql.execute( + ...Mysql.update( + `nt_user`, + `nt_user_id=${id}`, + mapToDbColumn(args, userDbMap), + ), + ) return r.changedRows === 1 } @@ -118,7 +124,9 @@ class User { } async destroy(args) { - await Mysql.execute(...Mysql.delete(`nt_user`, mapToDbColumn({ id: u[0].id }, userDbMap))) + await Mysql.execute( + ...Mysql.delete(`nt_user`, mapToDbColumn({ id: args.id }, userDbMap)), + ) } generateSalt(length = 16) { diff --git a/routes/permission.js b/routes/permission.js index 81c44dc..78369d4 100644 --- a/routes/permission.js +++ b/routes/permission.js @@ -10,8 +10,7 @@ function PermissionRoutes(server) { path: '/permission/{id}', options: { validate: { - // params: ??, - query: validate.permission.GET, + query: validate.permission.v3, }, response: { schema: validate.permission.GET, @@ -19,12 +18,12 @@ function PermissionRoutes(server) { tags: ['api'], }, handler: async (request, h) => { - // console.log(request.params) - - const permission = await Permission.get({ - deleted: request.query.deleted ?? 0, + const getArgs = { + deleted: request.query.deleted === true ? 1 : 0, id: parseInt(request.params.id, 10), - }) + } + + const permission = await Permission.get(getArgs) return h .response({ @@ -72,14 +71,17 @@ function PermissionRoutes(server) { method: 'DELETE', path: '/permission/{id}', options: { - // response: { - // schema: validate.permission.GET, - // }, + validate: { + query: validate.permission.DELETE, + }, + response: { + schema: validate.permission.GET, + }, tags: ['api'], }, handler: async (request, h) => { const permission = await Permission.get({ - deleted: parseInt(request.query.deleted ?? 0), + deleted: request.query.deleted === true ? 1 : 0, id: parseInt(request.params.id, 10), }) @@ -94,13 +96,10 @@ function PermissionRoutes(server) { .code(404) } - const action = request.query.destroy === 'true' ? 'destroy' : 'delete' - // console.log(`action: ${action}`) - await Permission[action]({ + await Permission.delete({ id: permission.id, - deleted: permission.deleted, + deleted: 1, }) - delete permission.gid return h .response({ diff --git a/routes/permission.test.js b/routes/permission.test.js index 0b81794..f595b67 100644 --- a/routes/permission.test.js +++ b/routes/permission.test.js @@ -19,7 +19,10 @@ before(async () => { await Permission.create(permCase) }) +let case2Id = 4094 + after(async () => { + Permission.destroy({ id: case2Id }) await server.stop() }) @@ -53,13 +56,11 @@ describe('permission routes', () => { assert.equal(res.result.permission.nameserver.create, false) }) - let case2Id = 4094 - - it('POST /permission', async () => { + it(`POST /permission (${case2Id})`, async () => { const testCase = JSON.parse(JSON.stringify(permCase)) testCase.id = case2Id // make it unique - testCase.uid = case2Id - testCase.gid = case2Id + testCase.user.id = case2Id + testCase.group.id = case2Id testCase.name = `Route Test Permission 2` delete testCase.deleted // console.log(testCase) @@ -120,25 +121,14 @@ describe('permission routes', () => { it(`GET /permission/${case2Id} (deleted)`, async () => { const res = await server.inject({ method: 'GET', - url: `/permission/${case2Id}?deleted=1`, - headers: { - Cookie: sessionCookie, - }, - }) - // console.log(res.result) - assert.equal(res.statusCode, 200) - }) - - it(`DELETE /permission/${case2Id}`, async () => { - const res = await server.inject({ - method: 'DELETE', - url: `/permission/${case2Id}?deleted=1&destroy=true`, + url: `/permission/${case2Id}?deleted=true`, headers: { Cookie: sessionCookie, }, }) // console.log(res.result) assert.equal(res.statusCode, 200) + assert.ok(res.result.permission) }) it('DELETE /session', async () => { diff --git a/routes/session.js b/routes/session.js index f25add1..46a6a09 100644 --- a/routes/session.js +++ b/routes/session.js @@ -1,9 +1,8 @@ import validate from '@nictool/validate' -// import Group from '../lib/group.js' import User from '../lib/user.js' import Session from '../lib/session.js' -// import Permission from '../lib/permission.js' + import { meta } from '../lib/util.js' function SessionRoutes(server) { @@ -20,13 +19,6 @@ function SessionRoutes(server) { handler: async (request, h) => { const { user, group, session } = request.state['sid-nictool'] - // const users = await User.get({ id: user.id }) - // const groups = await Group.get({ id: users[0].gid }) - // delete users[0].gid - - // const userPerm = await Permission.get({ uid: user.id }) - // const groupPerm = await Permission.getGroup({ uid: user.id }) - Session.put({ id: session.id, last_access: true }) return h @@ -89,6 +81,15 @@ function SessionRoutes(server) { { method: 'DELETE', path: '/session', + options: { + validate: { + query: validate.session.DELETE, + }, + response: { + schema: validate.session.GET, + }, + tags: ['api'], + }, handler: (request, h) => { request.cookieAuth.clear() @@ -101,12 +102,6 @@ function SessionRoutes(server) { }) .code(200) }, - options: { - response: { - schema: validate.session.GET, - }, - tags: ['api'], - }, }, ]) } diff --git a/routes/test/permission.json b/routes/test/permission.json index 9a5dcd1..e9a58bc 100644 --- a/routes/test/permission.json +++ b/routes/test/permission.json @@ -1,27 +1,22 @@ { "id": 4095, - "uid": 4095, - "gid": 4095, "inherit": true, - "name": "Route Test Permission", - "group_write": false, - "group_create": false, - "group_delete": false, - "zone_write": true, - "zone_create": true, - "zone_delegate": true, - "zone_delete": true, - "zonerecord_write": false, - "zonerecord_create": false, - "zonerecord_delegate": false, - "zonerecord_delete": false, - "user_write": false, - "user_create": false, - "user_delete": false, - "nameserver_write": false, - "nameserver_create": false, - "nameserver_delete": false, - "self_write": true, - "usable_ns": "", - "deleted": false + "name": "Test Permission", + "self_write": false, + "deleted": false, + "group": { "id": 4095, "create": false, "write": false, "delete": false }, + "nameserver": { + "usable": [], + "create": false, + "write": false, + "delete": false + }, + "zone": { "create": true, "write": true, "delete": true, "delegate": true }, + "zonerecord": { + "create": false, + "write": false, + "delete": false, + "delegate": false + }, + "user": { "id": 4095, "create": false, "write": false, "delete": false } } diff --git a/routes/user.test.js b/routes/user.test.js index 2d5b298..32829a3 100644 --- a/routes/user.test.js +++ b/routes/user.test.js @@ -16,7 +16,10 @@ before(async () => { await User.create(userCase) }) +const userId2 = 4094 + after(async () => { + User.destroy({ id: userId2 }) await server.stop() }) @@ -62,8 +65,6 @@ describe('user routes', () => { assert.equal(res.statusCode, 200) }) - const userId2 = 4094 - it('POST /user', async () => { const testCase = JSON.parse(JSON.stringify(userCase)) testCase.id = userId2 // make it unique @@ -130,18 +131,6 @@ describe('user routes', () => { assert.equal(res.statusCode, 200) }) - it(`DELETE /user/${userId2}`, async () => { - const res = await server.inject({ - method: 'DELETE', - url: `/user/${userId2}?destroy=true`, - headers: { - Cookie: sessionCookie, - }, - }) - // console.log(res.result) - assert.equal(res.statusCode, 200) - }) - it('DELETE /session', async () => { const res = await server.inject({ method: 'DELETE', diff --git a/test.js b/test.js index 6ff6df0..27ab6a4 100644 --- a/test.js +++ b/test.js @@ -5,6 +5,7 @@ import path from 'node:path' import Group from './lib/group.js' import User from './lib/user.js' import Session from './lib/session.js' +import Permission from './lib/permission.js' import groupCase from './lib/test/group.json' with { type: 'json' } import userCase from './lib/test/user.json' with { type: 'json' } @@ -55,6 +56,7 @@ async function teardown() { await destroyTestSession() await destroyTestUser() await destroyTestGroup() + await destroyTestPermission() await User.mysql.disconnect() await Group.mysql.disconnect() process.exit(0) @@ -73,3 +75,8 @@ async function destroyTestUser() { async function destroyTestSession() { await Session.delete({ nt_user_id: userCase.id }) } + +async function destroyTestPermission() { + await Permission.destroy({ id: userCase.id }) + await Permission.destroy({ id: userCase.id - 1 }) +} diff --git a/test.sh b/test.sh index deb27f0..f3edafe 100755 --- a/test.sh +++ b/test.sh @@ -1,6 +1,7 @@ #!/bin/sh NODE="node --no-warnings=ExperimentalWarning" +$NODE test.js teardown $NODE test.js setup if [ "$1" = "watch" ]; then