yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: Document subscriptions (#3834)

Browse Source 
Co-authored-by: Tom Moor <tom.moor@gmail.com>
This commit is contained in:
CuriousCorrelation
2022-08-26 12:17:13 +05:30
committed by GitHub
parent 864f585e5b
commit 24c71c38a5
36 changed files with 2594 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/routes/api/index.ts
View File

@@ -27,6 +27,7 @@ import revisions from "./revisions";
import searches from "./searches";
import shares from "./shares";
import stars from "./stars";
import subscriptions from "./subscriptions";
import team from "./team";
import users from "./users";
import views from "./views";
@@ -64,6 +65,7 @@ router.use("/", apiKeys.routes());
router.use("/", searches.routes());
router.use("/", shares.routes());
router.use("/", stars.routes());
router.use("/", subscriptions.routes());
router.use("/", team.routes());
router.use("/", integrations.routes());
router.use("/", notificationSettings.routes());

702
server/routes/api/subscriptions.test.ts Normal file
View File

@@ -0,0 +1,702 @@
import { Event } from "@server/models";
import {
buildUser,
buildSubscription,
buildDocument,
} from "@server/test/factories";
import { getTestDatabase, getTestServer } from "@server/test/support";
const db = getTestDatabase();
const server = getTestServer();
afterAll(server.disconnect);
beforeEach(db.flush);
describe("#subscriptions.create", () => {
it("should create a subscription", async () => {
const user = await buildUser();
const document = await buildDocument({
userId: user.id,
teamId: user.teamId,
});
const res = await server.post("/api/subscriptions.create", {
body: {
token: user.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
});
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.id).toBeDefined();
expect(body.data.userId).toEqual(user.id);
expect(body.data.documentId).toEqual(document.id);
});
it("should emit event", async () => {
const user = await buildUser();
const document = await buildDocument({
userId: user.id,
teamId: user.teamId,
});
const res = await server.post("/api/subscriptions.create", {
body: {
token: user.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
});
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.ok).toEqual(true);
const events = await Event.findAll();
expect(events.length).toEqual(1);
expect(events[0].name).toEqual("subscriptions.create");
expect(events[0].actorId).toEqual(user.id);
expect(events[0].documentId).toEqual(document.id);
});
it("should not create duplicate subscriptions", async () => {
const user = await buildUser();
const document = await buildDocument({
userId: user.id,
teamId: user.teamId,
});
// First `subscriptions.create` request.
await server.post("/api/subscriptions.create", {
body: {
token: user.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
});
// Second `subscriptions.create` request.
await server.post("/api/subscriptions.create", {
body: {
token: user.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
});
// Third `subscriptions.create` request.
await server.post("/api/subscriptions.create", {
body: {
token: user.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
});
// List subscriptions associated with
// `document.id`
const res = await server.post("/api/subscriptions.list", {
body: {
token: user.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
});
const body = await res.json();
expect(res.status).toEqual(200);
// Database should only have 1 "enabled" subscription registered.
expect(body.data.length).toEqual(1);
expect(body.data[0].userId).toEqual(user.id);
expect(body.data[0].documentId).toEqual(document.id);
});
it("should not create a subscription on invalid events", async () => {
const user = await buildUser();
const document = await buildDocument({
userId: user.id,
teamId: user.teamId,
});
const res = await server.post("/api/subscriptions.create", {
body: {
token: user.getJwtToken(),
documentId: document.id,
// Subscription on event
// that cannot be subscribed to.
event: "documents.publish",
},
});
const body = await res.json();
expect(res.status).toEqual(400);
expect(body.ok).toEqual(false);
expect(body.error).toEqual("validation_error");
expect(body.message).toEqual(
"Not a valid subscription event for documents"
);
});
});
describe("#subscriptions.info", () => {
it("should provide info about a subscription", async () => {
const creator = await buildUser();
const subscriber = await buildUser({ teamId: creator.teamId });
// `creator` creates two documents
const document0 = await buildDocument({
userId: creator.id,
teamId: creator.teamId,
});
const document1 = await buildDocument({
userId: creator.id,
teamId: creator.teamId,
});
// `subscriber` subscribes to `document0`.
await server.post("/api/subscriptions.create", {
body: {
token: subscriber.getJwtToken(),
documentId: document0.id,
event: "documents.update",
},
});
// `subscriber` subscribes to `document1`.
await server.post("/api/subscriptions.create", {
body: {
token: subscriber.getJwtToken(),
documentId: document1.id,
event: "documents.update",
},
});
// `subscriber` wants info about
// their subscription on `document0`.
const subscription0 = await server.post("/api/subscriptions.info", {
body: {
token: subscriber.getJwtToken(),
documentId: document0.id,
event: "documents.update",
},
});
const response0 = await subscription0.json();
expect(subscription0.status).toEqual(200);
expect(response0.data.id).toBeDefined();
expect(response0.data.userId).toEqual(subscriber.id);
expect(response0.data.documentId).toEqual(document0.id);
});
it("should not allow outsiders to gain info about a subscription", async () => {
const creator = await buildUser();
const subscriber = await buildUser({ teamId: creator.teamId });
// `viewer` is not a part of `creator`'s team.
const viewer = await buildUser();
// `creator` creates two documents
const document0 = await buildDocument({
userId: creator.id,
teamId: creator.teamId,
});
const document1 = await buildDocument({
userId: creator.id,
teamId: creator.teamId,
});
// `subscriber` subscribes to `document0`.
await server.post("/api/subscriptions.create", {
body: {
token: subscriber.getJwtToken(),
documentId: document0.id,
event: "documents.update",
},
});
// `subscriber` subscribes to `document1`.
await server.post("/api/subscriptions.create", {
body: {
token: subscriber.getJwtToken(),
documentId: document1.id,
event: "documents.update",
},
});
// `viewer` wants info about `subscriber`'s
// subscription on `document0`.
const subscription0 = await server.post("/api/subscriptions.info", {
body: {
token: viewer.getJwtToken(),
documentId: document0.id,
event: "documents.update",
},
});
const response0 = await subscription0.json();
// `viewer` should be unauthorized.
expect(subscription0.status).toEqual(403);
expect(response0.ok).toEqual(false);
expect(response0.error).toEqual("authorization_error");
expect(response0.message).toEqual("Authorization error");
// `viewer` wants info about `subscriber`'s
// subscription on `document0`.
const subscription1 = await server.post("/api/subscriptions.info", {
body: {
token: viewer.getJwtToken(),
documentId: document1.id,
event: "documents.update",
},
});
const response1 = await subscription1.json();
// `viewer` should be unauthorized.
expect(subscription1.status).toEqual(403);
expect(response1.ok).toEqual(false);
expect(response1.error).toEqual("authorization_error");
expect(response1.message).toEqual("Authorization error");
});
it("should not provide infomation on invalid events", async () => {
const creator = await buildUser();
const subscriber = await buildUser({ teamId: creator.teamId });
// `viewer` is a part of `creator`'s team.
const viewer = await buildUser({ teamId: creator.teamId });
// `creator` creates two documents
const document0 = await buildDocument({
userId: creator.id,
teamId: creator.teamId,
});
const document1 = await buildDocument({
userId: creator.id,
teamId: creator.teamId,
});
// `subscriber` subscribes to `document0`.
await server.post("/api/subscriptions.create", {
body: {
token: subscriber.getJwtToken(),
documentId: document0.id,
event: "documents.update",
},
});
// `subscriber` subscribes to `document1`.
await server.post("/api/subscriptions.create", {
body: {
token: subscriber.getJwtToken(),
documentId: document1.id,
event: "documents.update",
},
});
// `viewer` wants info about `subscriber`'s
// subscription on `document0`.
// They have requested an invalid event.
const subscription0 = await server.post("/api/subscriptions.info", {
body: {
token: viewer.getJwtToken(),
documentId: document0.id,
event: "documents.changed",
},
});
const response0 = await subscription0.json();
expect(subscription0.status).toEqual(400);
expect(response0.ok).toEqual(false);
expect(response0.error).toEqual("validation_error");
expect(response0.message).toEqual(
"Not a valid subscription event for documents"
);
// `viewer` wants info about `subscriber`'s
// subscription on `document0`.
// They have requested an invalid event.
const subscription1 = await server.post("/api/subscriptions.info", {
body: {
token: viewer.getJwtToken(),
documentId: document1.id,
event: "doc.affected",
},
});
const response1 = await subscription1.json();
expect(subscription1.status).toEqual(400);
expect(response1.ok).toEqual(false);
expect(response1.error).toEqual("validation_error");
expect(response1.message).toEqual(
"Not a valid subscription event for documents"
);
});
});
describe("#subscriptions.list", () => {
it("should list user subscriptions", async () => {
const user = await buildUser();
const document = await buildDocument({
userId: user.id,
teamId: user.teamId,
});
await buildSubscription();
const subscription = await buildSubscription({
userId: user.id,
documentId: document.id,
event: "documents.update",
});
const res = await server.post("/api/subscriptions.list", {
body: {
token: user.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
});
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.length).toEqual(1);
expect(body.data[0].id).toEqual(subscription.id);
expect(body.data[0].userId).toEqual(user.id);
expect(body.data[0].documentId).toEqual(document.id);
});
it("user should be able to list subscriptions on document", async () => {
const subscriber0 = await buildUser();
// `subscriber1` belongs to `subscriber0`'s team.
const subscriber1 = await buildUser({ teamId: subscriber0.teamId });
// `viewer` belongs to `subscriber0`'s team.
const viewer = await buildUser({ teamId: subscriber0.teamId });
// `subscriber0` created a document.
const document = await buildDocument({
userId: subscriber0.id,
teamId: subscriber0.teamId,
});
// `subscriber0` wants to be notified about
// changes on this document.
await server.post("/api/subscriptions.create", {
body: {
token: subscriber0.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
});
// `subscriber1` wants to be notified about
// changes on this document.
await server.post("/api/subscriptions.create", {
body: {
token: subscriber1.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
});
// `viewer` just wants to know the subscribers
// for this document.
const res = await server.post("/api/subscriptions.list", {
body: {
token: viewer.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
});
const body = await res.json();
expect(res.status).toEqual(200);
// `viewer` doesn't have any subscriptions on `document`.
expect(body.data.length).toEqual(0);
// `subscriber0` wants to know the subscribers
// for this document.
const res0 = await server.post("/api/subscriptions.list", {
body: {
token: subscriber0.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
});
const body0 = await res0.json();
// `subscriber1` subscribed after `subscriber0`
expect(body0.data[0].userId).toEqual(subscriber0.id);
// Both subscribers subscribed to same `document`.
expect(body0.data[0].documentId).toEqual(document.id);
// `subscriber1` wants to know the subscribers
// for this document.
const res1 = await server.post("/api/subscriptions.list", {
body: {
token: subscriber1.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
});
const body1 = await res1.json();
// `subscriber1` subscribed after `subscriber1`
expect(body1.data[0].userId).toEqual(subscriber1.id);
// Both subscribers subscribed to same `document`.
expect(body1.data[0].documentId).toEqual(document.id);
});
it("user should not be able to list invalid subscriptions", async () => {
const subscriber0 = await buildUser();
// `subscriber1` belongs to `subscriber0`'s team.
const subscriber1 = await buildUser({ teamId: subscriber0.teamId });
// `viewer` belongs to `subscriber0`'s team.
const viewer = await buildUser({ teamId: subscriber0.teamId });
// `subscriber0` created a document.
const document = await buildDocument({
userId: subscriber0.id,
teamId: subscriber0.teamId,
});
// `subscriber0` wants to be notified about
// changes on this document.
await server.post("/api/subscriptions.create", {
body: {
token: subscriber0.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
});
// `subscriber1` wants to be notified about
// changes on this document.
await server.post("/api/subscriptions.create", {
body: {
token: subscriber1.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
});
// `viewer` just wants to know the subscribers
// for this document.
const res = await server.post("/api/subscriptions.list", {
body: {
token: viewer.getJwtToken(),
documentId: document.id,
event: "changes.on.documents",
},
});
const body = await res.json();
expect(res.status).toEqual(400);
expect(body.ok).toEqual(false);
expect(body.error).toEqual("validation_error");
expect(body.message).toEqual(
"Not a valid subscription event for documents"
);
});
it("user outside of the team should not be able to list subscriptions on internal document", async () => {
const subscriber0 = await buildUser();
// `subscriber1` belongs to `subscriber0`'s team.
const subscriber1 = await buildUser({ teamId: subscriber0.teamId });
// `viewer` belongs to a different team.
const viewer = await buildUser();
// `subscriber0` created a document.
const document = await buildDocument({
userId: subscriber0.id,
teamId: subscriber0.teamId,
});
// `subscriber0` wants to be notified about
// changes on this document.
await server.post("/api/subscriptions.create", {
body: {
token: subscriber0.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
});
// `subscriber1` wants to be notified about
// changes on this document.
await server.post("/api/subscriptions.create", {
body: {
token: subscriber1.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
});
// `viewer` wants to know the subscribers
// for this internal document.
const res = await server.post("/api/subscriptions.info", {
body: {
token: viewer.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
});
const body = await res.json();
// `viewer` should not be authorized
// to view subscriptions on this document.
expect(res.status).toEqual(403);
expect(body.ok).toEqual(false);
expect(body.error).toEqual("authorization_error");
expect(body.message).toEqual("Authorization error");
});
});
describe("#subscriptions.delete", () => {
it("should delete user's subscription", async () => {
const user = await buildUser();
const document = await buildDocument({
userId: user.id,
teamId: user.teamId,
});
const subscription = await buildSubscription({
userId: user.id,
documentId: document.id,
event: "documents.update",
});
const res = await server.post("/api/subscriptions.delete", {
body: {
userId: user.id,
id: subscription.id,
token: user.getJwtToken(),
},
});
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.ok).toEqual(true);
expect(body.success).toEqual(true);
});
it("should emit event", async () => {
const user = await buildUser();
const document = await buildDocument({
userId: user.id,
teamId: user.teamId,
});
const subscription = await buildSubscription({
userId: user.id,
documentId: document.id,
event: "documents.update",
});
const res = await server.post("/api/subscriptions.delete", {
body: {
userId: user.id,
id: subscription.id,
token: user.getJwtToken(),
},
});
const events = await Event.findAll();
expect(events.length).toEqual(1);
expect(events[0].name).toEqual("subscriptions.delete");
expect(events[0].modelId).toEqual(subscription.id);
expect(events[0].actorId).toEqual(user.id);
expect(events[0].documentId).toEqual(document.id);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.ok).toEqual(true);
expect(body.success).toEqual(true);
});
it("users should not be able to delete other's subscriptions on document", async () => {
const subscriber0 = await buildUser();
// `subscriber1` belongs to `subscriber0`'s team.
const subscriber1 = await buildUser({ teamId: subscriber0.teamId });
// `subscriber0` created a document.
const document = await buildDocument({
userId: subscriber0.id,
teamId: subscriber0.teamId,
});
// `subscriber0` wants to be notified about
// changes on this document.
await server.post("/api/subscriptions.create", {
body: {
token: subscriber0.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
});
// `subscriber1` wants to be notified about
// changes on this document.
const resp = await server.post("/api/subscriptions.create", {
body: {
token: subscriber1.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
});
const subscription1 = await resp.json();
const subscription1Id = subscription1.data.id;
// `subscriber0` wants to change `subscriber1`'s
// subscription for this document.
const res = await server.post("/api/subscriptions.delete", {
body: {
// `subscriber0`
userId: subscriber0.id,
// subscription id of `subscriber1`
id: subscription1Id,
token: subscriber0.getJwtToken(),
},
});
const body = await res.json();
// `subscriber0` should be unauthorized.
expect(res.status).toEqual(403);
expect(body.ok).toEqual(false);
expect(body.error).toEqual("authorization_error");
expect(body.message).toEqual("Authorization error");
});
});

141
server/routes/api/subscriptions.ts Normal file
View File

@@ -0,0 +1,141 @@
import Router from "koa-router";
import subscriptionCreator from "@server/commands/subscriptionCreator";
import subscriptionDestroyer from "@server/commands/subscriptionDestroyer";
import { sequelize } from "@server/database/sequelize";
import auth from "@server/middlewares/authentication";
import { Subscription, Document } from "@server/models";
import { authorize } from "@server/policies";
import { presentSubscription } from "@server/presenters";
import { assertIn, assertUuid } from "@server/validation";
import pagination from "./middlewares/pagination";
const router = new Router();
router.post("subscriptions.list", auth(), pagination(), async (ctx) => {
const { user } = ctx.state;
const { documentId, event } = ctx.body;
assertUuid(documentId, "documentId is required");
assertIn(
event,
["documents.update"],
`Not a valid subscription event for documents`
);
const document = await Document.findByPk(documentId, { userId: user.id });
authorize(user, "read", document);
const subscriptions = await Subscription.findAll({
where: {
documentId: document.id,
userId: user.id,
event,
},
order: [["createdAt", "DESC"]],
offset: ctx.state.pagination.offset,
limit: ctx.state.pagination.limit,
});
ctx.body = {
pagination: ctx.state.pagination,
data: subscriptions.map(presentSubscription),
};
});
router.post("subscriptions.info", auth(), async (ctx) => {
const { user } = ctx.state;
const { documentId, event } = ctx.body;
assertUuid(documentId, "documentId is required");
assertIn(
event,
["documents.update"],
"Not a valid subscription event for documents"
);
const document = await Document.findByPk(documentId, { userId: user.id });
authorize(user, "read", document);
// There can be only one subscription with these props.
const subscription = await Subscription.findOne({
where: {
userId: user.id,
documentId: document.id,
event,
},
rejectOnEmpty: true,
});
ctx.body = {
data: presentSubscription(subscription),
};
});
router.post("subscriptions.create", auth(), async (ctx) => {
const { user } = ctx.state;
const { documentId, event } = ctx.body;
assertUuid(documentId, "documentId is required");
assertIn(
event,
["documents.update"],
"Not a valid subscription event for documents"
);
const subscription = await sequelize.transaction(async (transaction) => {
const document = await Document.findByPk(documentId, {
userId: user.id,
transaction,
});
authorize(user, "subscribe", document);
return subscriptionCreator({
user,
documentId: document.id,
event,
ip: ctx.request.ip,
transaction,
});
});
ctx.body = {
data: presentSubscription(subscription),
};
});
router.post("subscriptions.delete", auth(), async (ctx) => {
const { user } = ctx.state;
const { id } = ctx.body;
assertUuid(id, "id is required");
await sequelize.transaction(async (transaction) => {
const subscription = await Subscription.findByPk(id, {
rejectOnEmpty: true,
transaction,
});
authorize(user, "delete", subscription);
await subscriptionDestroyer({
user,
subscription,
ip: ctx.request.ip,
transaction,
});
return subscription;
});
ctx.body = {
success: true,
};
});
export default router;