Implement sending email notifications via POST /notification

Author: mrkvon

src/app.ts

@@ -10,11 +10,11 @@ import {
   finishIntegration,
   initializeIntegration,
 } from './controllers/integration'
+import { notification } from './controllers/notification'
 import { getStatus } from './controllers/status'
-import { webhookReceiver } from './controllers/webhookReceiver'
 import {
   authorizeGroups,
-  checkParamGroupMembership,
+  checkGroupMembership,
 } from './middlewares/authorizeGroup'
 import { solidAuth } from './middlewares/solidAuth'
 import { validateBody } from './middlewares/validate'
@@ -53,12 +53,55 @@ router
     initializeIntegration,
   )
   .get('/verify-email', checkVerificationLink, finishIntegration)
-  .post('/webhook-receiver', webhookReceiver)
+  .post(
+    '/notification',
+    solidAuth,
+    authorizeGroups(allowedGroups),
+    validateBody({
+      type: 'object',
+      properties: {
+        '@context': { const: 'https://www.w3.org/ns/activitystreams' },
+        id: { type: 'string' },
+        type: { const: 'Create' },
+        actor: {
+          type: 'object',
+          properties: {
+            type: { const: 'Person' },
+            id: { type: 'string', format: 'uri' },
+            name: { type: 'string' },
+          },
+          required: ['type', 'id'],
+        },
+        object: {
+          type: 'object',
+          properties: {
+            type: { const: 'Note' },
+            id: { type: 'string', format: 'uri' },
+            content: { type: 'string' },
+          },
+          required: ['type', 'id', 'content'],
+        },
+        target: {
+          type: 'object',
+          properties: {
+            type: { const: 'Person' },
+            id: { type: 'string', format: 'uri' },
+            name: { type: 'string' },
+          },
+          required: ['type', 'id'],
+        },
+      },
+      required: ['@context', 'type', 'actor', 'object', 'target'],
+      additionalProperties: false,
+    }),
+    checkGroupMembership(allowedGroups, 'request.body.target.id', 400),
+    notification,
+  )
   .get(
     '/status/:webId',
     solidAuth,
     authorizeGroups(allowedGroups),
-    checkParamGroupMembership(allowedGroups, 'webId' as const),
+    checkGroupMembership(allowedGroups, 'params.webId', 400),
     getStatus,
   )
 

src/controllers/notification.ts

@@ -0,0 +1,43 @@
+import { DefaultContext, Middleware } from 'koa'
+import { emailSender } from '../config'
+import { sendMail } from '../services/mailerService'
+import { getVerifiedEmails } from './status'
+
+export type GoodBody = {
+  '@context': 'https://www.w3.org/ns/activitystreams'
+  type: 'Create'
+  actor: { type: 'Person'; id: string; name?: string }
+  object: { type: 'Note'; id: string; content: string }
+  target: { type: 'Person'; id: string; name?: string }
+}
+
+export const notification: Middleware<
+  { user: string; client: string | undefined },
+  DefaultContext & { request: { body: GoodBody } }
+> = async ctx => {
+  const body: GoodBody = ctx.request.body
+
+  if (ctx.state.user !== body.actor.id)
+    return ctx.throw(403, "You can't send notification as somebody else")
+
+  // find email address
+  const emails = await getVerifiedEmails(body.target.id)
+
+  if (emails.length === 0)
+    return ctx.throw(
+      404,
+      "Receiving person doesn't have available email address",
+    )
+
+  for (const email of emails) {
+    await sendMail({
+      from: emailSender,
+      to: email,
+      subject: 'You have a new message from sleepy.bike!', // TODO generalize
+      html: body.object.content,
+      text: body.object.content,
+    })
+  }
+  ctx.response.status = 202
+  ctx.response.body = 'Accepted'
+}

src/controllers/webhookReceiver.ts

@@ -1,26 +1,17 @@
-import { DefaultContext, DefaultState, Middleware } from 'koa'
+import { Middleware } from 'koa'
+import { get } from 'lodash'
 import { Parser } from 'n3'
 import { vcard } from 'rdf-namespaces'
 
-export const authorizeGroups =
-  (groups: string[]): Middleware<{ user: string }> =>
-  async (ctx, next) => {
-    // if array of groups are empty, we allow everybody (default)
-    if (groups.length === 0) return await next()
-
-    const user = ctx.state.user
-
-    const isAllowed = await isSomeGroupMember(user, groups)
-
-    if (!isAllowed) {
-      return ctx.throw(
-        403,
-        'Authenticated user is not a member of any allowed group',
-      )
-    }
-
-    await next()
-  }
+export const authorizeGroups = (
+  groups: string[],
+): Middleware<{ user: string }> =>
+  checkGroupMembership(
+    groups,
+    'state.user',
+    403,
+    'Authenticated user is not a member of any allowed group',
+  )
 
 const isSomeGroupMember = async (user: string, groups: string[]) => {
   const memberships = await Promise.allSettled(
@@ -37,29 +28,24 @@ const isSomeGroupMember = async (user: string, groups: string[]) => {
 /**
  * Check whether a user specified in param is member of any of the given groups
  */
-export const checkParamGroupMembership =
-  <T extends string>(
+export const checkGroupMembership =
+  (
     groups: string[],
-    param: T,
-  ): Middleware<
-    DefaultState,
-    DefaultContext & { params: { [K in T]: string } }
-  > =>
+    path: string,
+    status: number,
+    error = 'Person is not a member of any allowed group',
+  ): Middleware =>
   async (ctx, next) => {
     // if array of groups are empty, we allow everybody (default)
     if (groups.length === 0) return await next()
-    const webId = ctx.params[param]
+    const webId = get(ctx, path)
+    if (typeof webId !== 'string')
+      throw new Error('Expected string, got ' + typeof webId)
     const isAllowed = await isSomeGroupMember(webId, groups)
 
     if (!isAllowed) {
-      return ctx.throw(400, {
-        error: 'Person is not a member of any allowed group',
-        person: webId,
-        groups,
-      })
-    }
-
-    await next()
+      return ctx.throw(status, error)
+    } else await next()
   }
 
 const isGroupMember = async (user: string, group: string) => {

src/middlewares/authorizeGroup.ts

@@ -1,7 +1,6 @@
 import { expect } from 'chai'
 import { foaf, ldp, solid, space } from 'rdf-namespaces'
 import * as config from '../../config'
-import { authenticatedFetch } from '../testSetup.spec'
 import { Person } from './types'
 
 const createFile = async ({
@@ -17,9 +16,10 @@ const createFile = async ({
 }) => {
   const response = await authenticatedFetch(url, {
     method: 'PUT',
-    body: body,
+    body,
     headers: { 'content-type': 'text/turtle' },
   })
+
   expect(response.ok).to.be.true
 
   if (acl && acl.read) {
@@ -63,10 +63,12 @@ export const setupEmailSettings = async ({
   person,
   email,
   emailVerificationToken,
+  authenticatedFetch,
 }: {
   person: Person
   email: string
   emailVerificationToken: string
+  authenticatedFetch: typeof fetch
 }) => {
   // add email settings, readable by mailer
   const settings = `