chore: Move to Typescript (#2783)

This PR moves the entire project to Typescript. Due to the ~1000 ignores this will lead to a messy codebase for a while, but the churn is worth it – all of those ignore comments are places that were never type-safe previously. closes #1282
2021-11-29 06:40:55 -08:00
parent 25ccfb5d04
commit 15b1069bcc
1017 changed files with 17410 additions and 54942 deletions
--- a/server/routes/api/attachments.test.ts
+++ b/server/routes/api/attachments.test.ts
@@ -0,0 +1,240 @@
+// @ts-expect-error ts-migrate(7016) FIXME: Could not find a declaration file for module 'fetc... Remove this comment to see the full error message
+import TestServer from "fetch-test-server";
+import { Attachment } from "@server/models";
+import webService from "@server/services/web";
+import {
+  buildUser,
+  buildAdmin,
+  buildCollection,
+  buildAttachment,
+  buildDocument,
+} from "@server/test/factories";
+import { flushdb } from "@server/test/support";
+
+const app = webService();
+const server = new TestServer(app.callback());
+jest.mock("aws-sdk", () => {
+  const mS3 = {
+    deleteObject: jest.fn().mockReturnThis(),
+    promise: jest.fn(),
+  };
+  return {
+    S3: jest.fn(() => mS3),
+    Endpoint: jest.fn(),
+  };
+});
+beforeEach(() => flushdb());
+afterAll(() => server.close());
+describe("#attachments.delete", () => {
+  it("should require authentication", async () => {
+    const res = await server.post("/api/attachments.delete");
+    expect(res.status).toEqual(401);
+  });
+
+  it("should allow deleting an attachment belonging to a document user has access to", async () => {
+    const user = await buildUser();
+    const attachment = await buildAttachment({
+      teamId: user.teamId,
+      userId: user.id,
+    });
+    const res = await server.post("/api/attachments.delete", {
+      body: {
+        token: user.getJwtToken(),
+        id: attachment.id,
+      },
+    });
+    expect(res.status).toEqual(200);
+    expect(await Attachment.count()).toEqual(0);
+  });
+
+  it("should allow deleting an attachment without a document created by user", async () => {
+    const user = await buildUser();
+    const attachment = await buildAttachment({
+      teamId: user.teamId,
+      userId: user.id,
+    });
+    attachment.documentId = null;
+    await attachment.save();
+    const res = await server.post("/api/attachments.delete", {
+      body: {
+        token: user.getJwtToken(),
+        id: attachment.id,
+      },
+    });
+    expect(res.status).toEqual(200);
+    expect(await Attachment.count()).toEqual(0);
+  });
+
+  it("should allow deleting an attachment without a document if admin", async () => {
+    const user = await buildAdmin();
+    const attachment = await buildAttachment({
+      teamId: user.teamId,
+    });
+    attachment.documentId = null;
+    await attachment.save();
+    const res = await server.post("/api/attachments.delete", {
+      body: {
+        token: user.getJwtToken(),
+        id: attachment.id,
+      },
+    });
+    expect(res.status).toEqual(200);
+    expect(await Attachment.count()).toEqual(0);
+  });
+
+  it("should not allow deleting an attachment in another team", async () => {
+    const user = await buildAdmin();
+    const attachment = await buildAttachment();
+    attachment.documentId = null;
+    await attachment.save();
+    const res = await server.post("/api/attachments.delete", {
+      body: {
+        token: user.getJwtToken(),
+        id: attachment.id,
+      },
+    });
+    expect(res.status).toEqual(403);
+  });
+
+  it("should not allow deleting an attachment without a document", async () => {
+    const user = await buildUser();
+    const attachment = await buildAttachment({
+      teamId: user.teamId,
+    });
+    attachment.documentId = null;
+    await attachment.save();
+    const res = await server.post("/api/attachments.delete", {
+      body: {
+        token: user.getJwtToken(),
+        id: attachment.id,
+      },
+    });
+    expect(res.status).toEqual(403);
+  });
+
+  it("should not allow deleting an attachment belonging to a document user does not have access to", async () => {
+    const user = await buildUser();
+    const collection = await buildCollection({
+      permission: null,
+    });
+    const document = await buildDocument({
+      teamId: collection.teamId,
+      userId: collection.userId,
+      collectionId: collection.id,
+    });
+    const attachment = await buildAttachment({
+      teamId: document.teamId,
+      userId: document.userId,
+      documentId: document.id,
+      acl: "private",
+    });
+    const res = await server.post("/api/attachments.delete", {
+      body: {
+        token: user.getJwtToken(),
+        id: attachment.id,
+      },
+    });
+    expect(res.status).toEqual(403);
+  });
+});
+describe("#attachments.redirect", () => {
+  it("should require authentication", async () => {
+    const res = await server.post("/api/attachments.redirect");
+    expect(res.status).toEqual(401);
+  });
+
+  it("should return a redirect for an attachment belonging to a document user has access to", async () => {
+    const user = await buildUser();
+    const attachment = await buildAttachment({
+      teamId: user.teamId,
+      userId: user.id,
+    });
+    const res = await server.post("/api/attachments.redirect", {
+      body: {
+        token: user.getJwtToken(),
+        id: attachment.id,
+      },
+      redirect: "manual",
+    });
+    expect(res.status).toEqual(302);
+  });
+
+  it("should return a redirect for an attachment belonging to a trashed document user has access to", async () => {
+    const user = await buildUser();
+    const collection = await buildCollection({
+      teamId: user.teamId,
+      userId: user.id,
+    });
+    const document = await buildDocument({
+      teamId: user.teamId,
+      userId: user.id,
+      collectionId: collection.id,
+      deletedAt: new Date(),
+    });
+    const attachment = await buildAttachment({
+      documentId: document.id,
+      teamId: user.teamId,
+      userId: user.id,
+    });
+    const res = await server.post("/api/attachments.redirect", {
+      body: {
+        token: user.getJwtToken(),
+        id: attachment.id,
+      },
+      redirect: "manual",
+    });
+    expect(res.status).toEqual(302);
+  });
+
+  it("should always return a redirect for a public attachment", async () => {
+    const user = await buildUser();
+    const collection = await buildCollection({
+      teamId: user.teamId,
+      userId: user.id,
+      permission: null,
+    });
+    const document = await buildDocument({
+      teamId: user.teamId,
+      userId: user.id,
+      collectionId: collection.id,
+    });
+    const attachment = await buildAttachment({
+      teamId: user.teamId,
+      userId: user.id,
+      documentId: document.id,
+    });
+    const res = await server.post("/api/attachments.redirect", {
+      body: {
+        token: user.getJwtToken(),
+        id: attachment.id,
+      },
+      redirect: "manual",
+    });
+    expect(res.status).toEqual(302);
+  });
+
+  it("should not return a redirect for a private attachment belonging to a document user does not have access to", async () => {
+    const user = await buildUser();
+    const collection = await buildCollection({
+      permission: null,
+    });
+    const document = await buildDocument({
+      teamId: collection.teamId,
+      userId: collection.userId,
+      collectionId: collection.id,
+    });
+    const attachment = await buildAttachment({
+      teamId: document.teamId,
+      userId: document.userId,
+      documentId: document.id,
+      acl: "private",
+    });
+    const res = await server.post("/api/attachments.redirect", {
+      body: {
+        token: user.getJwtToken(),
+        id: attachment.id,
+      },
+    });
+    expect(res.status).toEqual(403);
+  });
+});