refactor: add server side validation schema for fileOperations (#4989)

* refactor: move files to subfolder

* refactor: schema for fileOperations.info

* refactor: schema for fileOperations.list

* refactor: schema for fileOperations.delete

* refactor: schema for fileOperations.redirect

server/routes/api/fileOperations/fileOperations.ts

@@ -0,0 +1,125 @@
+import Router from "koa-router";
+import { WhereOptions } from "sequelize";
+import fileOperationDeleter from "@server/commands/fileOperationDeleter";
+import { ValidationError } from "@server/errors";
+import auth from "@server/middlewares/authentication";
+import validate from "@server/middlewares/validate";
+import { FileOperation, Team } from "@server/models";
+import { authorize } from "@server/policies";
+import { presentFileOperation } from "@server/presenters";
+import { APIContext } from "@server/types";
+import { getSignedUrl } from "@server/utils/s3";
+import pagination from "../middlewares/pagination";
+import * as T from "./schema";
+
+const router = new Router();
+
+router.post(
+  "fileOperations.info",
+  auth({ admin: true }),
+  validate(T.FileOperationsInfoSchema),
+  async (ctx: APIContext<T.FileOperationsInfoReq>) => {
+    const { id } = ctx.input.body;
+    const { user } = ctx.state.auth;
+
+    const fileOperation = await FileOperation.findByPk(id, {
+      rejectOnEmpty: true,
+    });
+
+    authorize(user, "read", fileOperation);
+
+    ctx.body = {
+      data: presentFileOperation(fileOperation),
+    };
+  }
+);
+
+router.post(
+  "fileOperations.list",
+  auth({ admin: true }),
+  pagination(),
+  validate(T.FileOperationsListSchema),
+  async (ctx: APIContext<T.FileOperationsListReq>) => {
+    const { direction, sort, type } = ctx.input.body;
+    const { user } = ctx.state.auth;
+
+    const where: WhereOptions<FileOperation> = {
+      teamId: user.teamId,
+      type,
+    };
+    const team = await Team.findByPk(user.teamId);
+    authorize(user, "manage", team);
+
+    const [exports, total] = await Promise.all([
+      FileOperation.findAll({
+        where,
+        order: [[sort, direction]],
+        offset: ctx.state.pagination.offset,
+        limit: ctx.state.pagination.limit,
+      }),
+      FileOperation.count({
+        where,
+      }),
+    ]);
+
+    ctx.body = {
+      pagination: { ...ctx.state.pagination, total },
+      data: exports.map(presentFileOperation),
+    };
+  }
+);
+
+const handleFileOperationsRedirect = async (
+  ctx: APIContext<T.FileOperationsRedirectReq>
+) => {
+  const id = (ctx.input.body.id ?? ctx.input.query.id) as string;
+  const { user } = ctx.state.auth;
+
+  const fileOperation = await FileOperation.unscoped().findByPk(id, {
+    rejectOnEmpty: true,
+  });
+  authorize(user, "read", fileOperation);
+
+  if (fileOperation.state !== "complete") {
+    throw ValidationError(`${fileOperation.type} is not complete yet`);
+  }
+
+  const accessUrl = await getSignedUrl(fileOperation.key);
+  ctx.redirect(accessUrl);
+};
+
+router.get(
+  "fileOperations.redirect",
+  auth({ admin: true }),
+  validate(T.FileOperationsRedirectSchema),
+  handleFileOperationsRedirect
+);
+router.post(
+  "fileOperations.redirect",
+  auth({ admin: true }),
+  validate(T.FileOperationsRedirectSchema),
+  handleFileOperationsRedirect
+);
+
+router.post(
+  "fileOperations.delete",
+  auth({ admin: true }),
+  validate(T.FileOperationsDeleteSchema),
+  async (ctx: APIContext<T.FileOperationsDeleteReq>) => {
+    const { id } = ctx.input.body;
+    const { user } = ctx.state.auth;
+
+    const fileOperation = await FileOperation.unscoped().findByPk(id, {
+      rejectOnEmpty: true,
+    });
+    authorize(user, "delete", fileOperation);
+
+    await fileOperationDeleter(fileOperation, user, ctx.request.ip);
+
+    ctx.body = {
+      success: true,
+    };
+  }
+);
+
+export default router;