Minor Fixes

code/client/src/contexts/auth/AuthContext.tsx

@@ -36,9 +36,8 @@ export function AuthProvider({ children }: AuthProviderProps) {
     try {
       auth.setPersistence(inMemoryPersistence); // for httpOnly cookies, do not persist any state client side
       const { user } = await signInWithPopup(auth, provider);
-      const userInfo = { name: user.displayName!, email: user.email! };
       const idToken = await user.getIdToken();
-      await sessionLogin(idToken, user.uid, userInfo);
+      await sessionLogin(idToken);
     } catch (e) {
       publishError(e as Error);
     }

code/client/src/domain/editor/connectors/input/connector.ts

@@ -11,7 +11,6 @@ import { InputConnector } from '@domain/editor/connectors/input/types';
 export default (fugue: Fugue, servicesConnector: ServiceConnector): InputConnector => {
   function insertCharacter(char: string, cursor: Cursor, styles: InlineStyle[] = []) {
     if (char.length !== 1) throw new Error('Invalid character');
-    cursor.column -= 1; // adjust column to insert character at the correct position
     const operations = fugue.insertLocal(cursor, nodeInsert(char, styles));
     servicesConnector.emitOperations(operations);
   }
@@ -29,7 +28,6 @@ export default (fugue: Fugue, servicesConnector: ServiceConnector): InputConnect
   function deleteCharacter(cursor: Cursor) {
     // don't delete line if it's not a paragraph - this is to prevent deleting the block style & line simultaneously
     if (cursor.column === 0 && fugue.getBlockStyle(cursor.line) !== 'paragraph') return;
-    cursor.column -= 1; // adjust column to delete character at the correct position
     const operations = fugue.deleteLocalByCursor(cursor);
     if (operations) {
       servicesConnector.emitOperations(operations);

code/client/src/domain/editor/slate/utils/selection.ts

@@ -43,10 +43,8 @@ const pointsToSelection = (editor: Editor, start: Point, end: Point): Selection
  */
 export function pointToCursor(editor: Editor, point: Point, absolutePosition: boolean = false): Cursor {
   const line = point.path[0];
-  const cursor: Cursor = { line, column: point.offset + (absolutePosition ? 0 : 1) };
-
+  const cursor: Cursor = { line, column: point.offset }; // + (absolutePosition ? 0 : 1)
   if (point.path[1] === 0) return cursor;
-
   const children = Array.from(Node.children(editor, [line]));
 
   for (const entry of children) {
@@ -61,7 +59,6 @@ export function pointToCursor(editor: Editor, point: Point, absolutePosition: bo
       cursor.column += text.text.length;
     }
   }
-
   return cursor;
 }
 

code/client/src/services/auth/authService.ts

@@ -2,8 +2,8 @@ import { User, UserData } from '@notespace/shared/src/users/types';
 import { HttpCommunication } from '@services/communication/http/httpCommunication';
 
 function authService(http: HttpCommunication) {
-  async function sessionLogin(idToken: string, id: string, data: UserData) {
-    await http.post('/users/login', { idToken, id, ...data });
+  async function sessionLogin(idToken: string) {
+    await http.post('/users/login', { idToken });
   }
 
   async function sessionLogout() {

code/server/src/controllers/http/handlers/resourcesHandlers.ts

@@ -1,13 +1,17 @@
 import PromiseRouter from 'express-promise-router';
 import { ResourceInputModel, Resource } from '@notespace/shared/src/workspace/types/resource';
 import { httpResponse } from '@controllers/http/utils/httpResponse';
-import { Request, Response } from 'express';
+import { NextFunction, Request, Response } from 'express';
 import { ResourcesService } from '@services/ResourcesService';
 import { InvalidParameterError } from '@domain/errors/errors';
 import { Server } from 'socket.io';
-import { enforceAuth } from '@controllers/http/middlewares/authMiddleware';
+import { enforceAuth } from '@controllers/http/middlewares/authMiddlewares';
 
-function resourcesHandlers(service: ResourcesService, io: Server) {
+function resourcesHandlers(
+  service: ResourcesService,
+  io: Server,
+  workspaceWritePermissions: (req: Request, res: Response, next: NextFunction) => void
+) {
   /**
    * Create a new resource in a workspace
    * @param req
@@ -84,10 +88,10 @@ function resourcesHandlers(service: ResourcesService, io: Server) {
   };
 
   const router = PromiseRouter({ mergeParams: true });
-  router.post('/', enforceAuth, createResource);
-  router.put('/:id', enforceAuth, updateResource);
-  router.delete('/:id', enforceAuth, deleteResource);
   router.get('/:id', getResource);
+  router.post('/', enforceAuth, workspaceWritePermissions, createResource);
+  router.put('/:id', enforceAuth, workspaceWritePermissions, updateResource);
+  router.delete('/:id', enforceAuth, workspaceWritePermissions, deleteResource);
 
   return router;
 }

code/server/src/controllers/http/handlers/usersHandlers.ts

@@ -3,14 +3,13 @@ import { CookieOptions, Request, Response } from 'express';
 import { UsersService } from '@services/UsersService';
 import { httpResponse } from '@controllers/http/utils/httpResponse';
 import { UserData } from '@notespace/shared/src/users/types';
-import { enforceAuth } from '@controllers/http/middlewares/authMiddleware';
+import { enforceAuth } from '@controllers/http/middlewares/authMiddlewares';
 import admin from 'firebase-admin';
 import { UnauthorizedError } from '@domain/errors/errors';
 
 function usersHandlers(service: UsersService) {
   const sessionLogin = async (req: Request, res: Response) => {
-    const { id, idToken, ...data } = req.body;
-
+    const { idToken } = req.body;
     // session login - create session cookie, verifying ID token in the process
     try {
       const expiresIn = 60 * 60 * 24 * 5 * 1000; // 5 days
@@ -22,16 +21,19 @@ function usersHandlers(service: UsersService) {
     }
 
     // register user in database if not already registered
+    const { uid } = await admin.auth().verifyIdToken(idToken);
     try {
-      const user = await service.getUser(id);
+      const user = await service.getUser(uid);
       if (user) {
         // user already registered
         httpResponse.noContent(res).send();
         return;
       }
     } catch (e) {
       // user not found, continue
-      await service.createUser(id, data);
+      const user = await admin.auth().getUser(uid);
+      const userData = { name: user.displayName!, email: user.email! };
+      await service.createUser(uid, userData);
       httpResponse.created(res).send();
     }
   };

code/server/src/controllers/http/handlers/workspacesHandlers.ts

@@ -6,7 +6,7 @@ import { WorkspaceInputModel, WorkspaceMeta } from '@notespace/shared/src/worksp
 import { Services } from '@services/Services';
 import { Server } from 'socket.io';
 import { ForbiddenError, InvalidParameterError } from '@domain/errors/errors';
-import { enforceAuth } from '@controllers/http/middlewares/authMiddleware';
+import { enforceAuth } from '@controllers/http/middlewares/authMiddlewares';
 
 function workspacesHandlers(services: Services, io: Server) {
   const createWorkspace = async (req: Request, res: Response) => {
@@ -84,29 +84,44 @@ function workspacesHandlers(services: Services, io: Server) {
     httpResponse.noContent(res).send();
   };
 
-  async function canAccessWorkspace(req: Request, res: Response, next: NextFunction) {
-    // is a workspace member or workspace is public
+  async function getWorkspacePermissions(id: string, userEmail: string) {
+    const workspace = await services.workspaces.getWorkspace(id);
+    if (!workspace) throw new InvalidParameterError('Workspace not found');
+    const isMember = workspace.members.includes(userEmail);
+    return { isMember, isPrivate: workspace.isPrivate };
+  }
+
+  async function workspaceReadPermission(req: Request, res: Response, next: NextFunction) {
     const { wid } = req.params;
     if (!wid) throw new InvalidParameterError('Workspace id is required');
-    const workspace = await services.workspaces.getWorkspace(wid);
-    if (!workspace) throw new InvalidParameterError('Workspace not found');
-    if (workspace.isPrivate && !workspace.members.find(m => m === req.user?.email)) {
-      throw new ForbiddenError('User is not a member of this workspace');
+    const { isMember, isPrivate } = await getWorkspacePermissions(wid, req.user!.email);
+    if (isPrivate && !isMember) {
+      throw new ForbiddenError('You are not a member of this workspace');
+    }
+    next();
+  }
+
+  async function workspaceWritePermission(req: Request, res: Response, next: NextFunction) {
+    const { wid } = req.params;
+    if (!wid) throw new InvalidParameterError('Workspace id is required');
+    const { isMember } = await getWorkspacePermissions(wid, req.user!.email);
+    if (!isMember) {
+      throw new ForbiddenError('You are not a member of this workspace');
     }
     next();
   }
 
   const router = PromiseRouter();
   router.post('/', enforceAuth, createWorkspace);
   router.get('/', getWorkspaces);
-  router.get('/:wid', canAccessWorkspace, getWorkspace);
-  router.put('/:wid', enforceAuth, canAccessWorkspace, updateWorkspace);
-  router.delete('/:wid', enforceAuth, canAccessWorkspace, deleteWorkspace);
-  router.post('/:wid/members', enforceAuth, canAccessWorkspace, addMemberToWorkspace);
-  router.delete('/:wid/members', enforceAuth, canAccessWorkspace, removeMemberFromWorkspace);
+  router.get('/:wid', workspaceReadPermission, getWorkspace);
+  router.put('/:wid', enforceAuth, workspaceWritePermission, updateWorkspace);
+  router.delete('/:wid', enforceAuth, workspaceWritePermission, deleteWorkspace);
+  router.post('/:wid/members', enforceAuth, workspaceWritePermission, addMemberToWorkspace);
+  router.delete('/:wid/members', enforceAuth, workspaceWritePermission, removeMemberFromWorkspace);
 
   // sub-routes for resources (documents and folders)
-  router.use('/:wid', canAccessWorkspace, resourcesHandlers(services.resources, io));
+  router.use('/:wid', workspaceReadPermission, resourcesHandlers(services.resources, io, workspaceWritePermission));
   return router;
 }
 

code/server/src/controllers/http/router.ts

@@ -5,7 +5,7 @@ import workspacesHandlers from '@controllers/http/handlers/workspacesHandlers';
 import errorMiddleware from '@controllers/http/middlewares/errorMiddleware';
 import usersHandlers from '@controllers/http/handlers/usersHandlers';
 import { Server } from 'socket.io';
-import { authMiddleware } from '@controllers/http/middlewares/authMiddleware';
+import { authMiddleware } from '@controllers/http/middlewares/authMiddlewares';
 import loggingMiddleware from '@controllers/http/middlewares/loggingMiddleware';
 
 export default function (services: Services, io: Server) {