lecoffre-back/src/app/api/idnot/UserController.ts

import { Response, Request } from "express";
import { Controller, Post } from "@ControllerPattern/index";
import ApiController from "@Common/system/controller-pattern/ApiController";
import { Service } from "typedi";
import AuthService, { IUserJwtPayload, PROVIDER_OPENID } from "@Services/common/AuthService/AuthService";

import IdNotService from "@Services/common/IdNotService/IdNotService";
import User, { RulesGroup } from "le-coffre-resources/dist/Admin";
import UsersService from "@Services/super-admin/UsersService/UsersService";
import SubscriptionsService from "@Services/admin/SubscriptionsService/SubscriptionsService.ts";
import RulesGroupsService from "@Services/admin/RulesGroupsService/RulesGroupsService";

@Controller()
@Service()
export default class UserController extends ApiController {
	constructor(
		private authService: AuthService,
		private idNotService: IdNotService,
		private userService: UsersService,
		private subscriptionsService: SubscriptionsService,
		private rulesGroupsService: RulesGroupsService,
	) {
		super();
	}

	/**
	 * @description Get user created from IdNot authentification
	 * @todo Used for test, should be removed
	 * @returns User
	 */
	@Post("/api/v1/idnot/user/:code")
	protected async getUserInfosFromIdnot(req: Request, response: Response) {
		try {
			const code = req.params["code"];			
			if (!code) throw new Error("code is required");

			const idNotToken = await this.idNotService.getIdNotToken(code);

			if (!idNotToken) {
				this.httpValidationError(response, "IdNot token undefined");
				return;
			}

			const user = await this.idNotService.getOrCreateUser(idNotToken);			

			if (!user) {
				this.httpUnauthorized(response, "User not found");
				return;
			}

			await this.idNotService.updateUser(user.uid);

			//Whitelist feature
			//Get user with contact
			const prismaUser = await this.userService.getByUid(user.uid, { contact: true, role: true, office_membership: true });			

			if (!prismaUser) {
				this.httpNotFoundRequest(response, "user not found");
				return;
			}

			//Hydrate user to be able to use his contact
			const userHydrated = User.hydrate<User>(prismaUser, { strategy: "excludeAll" });			

			if (!userHydrated.contact?.email || userHydrated.contact?.email === "") {
				this.httpUnauthorized(response, "Email not found");
				return;
			}
			let isSubscribed = await this.subscriptionsService.isUserSubscribed(user.uid, userHydrated.office_membership?.uid!);			

			//Check if user is whitelisted
			// const isWhitelisted = await this.whitelistService.getByEmail(userHydrated.contact!.email);

			//When we'll switch to idNotId whitelisting
			// const isWhitelisted = await this.userWhitelistService.getByIdNotId(user.idNot);

			//If not whitelisted, return 409 Not whitelisted
			// if (!isWhitelisted || isWhitelisted.length === 0) {
			// 	this.httpNotWhitelisted(response);
			// 	return;
			// }

			await this.idNotService.updateOffice(user.office_uid);

			const payload = await this.authService.getUserJwtPayload(user.idNot);
			
			if (!payload) return;

			if (!isSubscribed && (userHydrated.role?.name === "admin" || userHydrated.role?.name === "super-admin")) {
				
				const manageSubscriptionRulesEntity = await this.rulesGroupsService.get({
					where: { uid: "94343601-04c8-44ef-afb9-3047597528a9" },
					include: { rules: true },
				});

				const manageSubscriptionRules = RulesGroup.hydrateArray<RulesGroup>(manageSubscriptionRulesEntity, {
					strategy: "excludeAll",
				});
				if (!manageSubscriptionRules[0]) return;

				payload.rules = manageSubscriptionRules[0].rules!.map((rule) => rule.name) || [];

				isSubscribed = true;
			}

			if (!isSubscribed) {				
				this.httpUnauthorized(response, "User not subscribed");
				return;
			}

			const accessToken = this.authService.generateAccessToken(payload);
			const refreshToken = this.authService.generateRefreshToken(payload);

			this.httpSuccess(response, { accessToken, refreshToken });
		} catch (error) {
			console.error(error);
			this.httpInternalError(response);
			return;
		}
	}

	@Post("/api/v1/idnot/user/auth/refresh-token")
	protected async refreshToken(req: Request, response: Response) {
		try {
			const authHeader = req.headers["authorization"];
			const token = authHeader && authHeader.split(" ")[1];

			if (!token) {
				this.httpBadRequest(response);
				return;
			}

			let accessToken;
			this.authService.verifyRefreshToken(token, async (err, userPayload) => {
				if (err) {
					console.error(err);
					this.httpUnauthorized(response);
					return;
				}

				const openId = (userPayload as IUserJwtPayload).openId.userId;
				if (!openId) return;
				const newUserPayload = (await this.authService.getUserJwtPayload(
					openId.toString(),
					PROVIDER_OPENID.idNot,
				)) as IUserJwtPayload;
				let isSubscribed = await this.subscriptionsService.isUserSubscribed(newUserPayload.userId, newUserPayload.office_Id);

				if (!isSubscribed && (newUserPayload.role === "admin" || newUserPayload.role === "super-admin")) {
					const manageSubscriptionRulesEntity = await this.rulesGroupsService.get({
						where: { uid: "94343601-04c8-44ef-afb9-3047597528a9" },
						include: { rules: true },
					});

					const manageSubscriptionRules = RulesGroup.hydrateArray<RulesGroup>(manageSubscriptionRulesEntity, {
						strategy: "excludeAll",
					});
					if (!manageSubscriptionRules[0]) return;

					newUserPayload.rules = manageSubscriptionRules[0].rules!.map((rule) => rule.name) || [];

					isSubscribed = true;
				}
				delete newUserPayload.iat;
				delete newUserPayload.exp;
				accessToken = this.authService.generateAccessToken(newUserPayload);
				this.httpSuccess(response, { accessToken });
			});

			//success
		} catch (error) {
			console.error(error);
			this.httpInternalError(response);
			return;
		}
	}
}