lecoffre-back/src/app/api/idnot/UserController.ts

import { Response, Request } from "express";
import { Controller, Post } from "@ControllerPattern/index";
import ApiController from "@Common/system/controller-pattern/ApiController";
import { Service } from "typedi";
import AuthService, { IUserJwtPayload } from "@Services/common/AuthService/AuthService";

import IdNotService from "@Services/common/IdNotService/IdNotService";
import User from "le-coffre-resources/dist/Admin";
import UsersService from "@Services/super-admin/UsersService/UsersService";
import SubscriptionsService from "@Services/admin/SubscriptionsService/SubscriptionsService.ts";
import { ESubscriptionStatus } from "@prisma/client";
import SeatsService from "@Services/admin/SeatsService/SeatsService";
import { EType } from "le-coffre-resources/dist/Admin/Subscription";

@Controller()
@Service()
export default class UserController extends ApiController {
	constructor(
		private authService: AuthService,
		private idNotService: IdNotService,
		private userService: UsersService,
		private subscriptionsService: SubscriptionsService,
		private seatsService: SeatsService,
	) {
		super();
	}

	/**
	 * @description Get user created from IdNot authentification
	 * @todo Used for test, should be removed
	 * @returns User
	 */
	@Post("/api/v1/idnot/user/:code")
	protected async getUserInfosFromIdnot(req: Request, response: Response) {
		try {
			const code = req.params["code"];

			if (!code) throw new Error("code is required");

			const idNotToken = await this.idNotService.getIdNotToken(code);

			if (!idNotToken) {
				this.httpValidationError(response, "IdNot token undefined");
				return;
			}

			const user = await this.idNotService.getOrCreateUser(idNotToken);

			if (!user) {
				this.httpUnauthorized(response, "User not found");
				return;
			}

			await this.idNotService.updateUser(user.uid);

			//Whitelist feature
			//Get user with contact
			const prismaUser = await this.userService.getByUid(user.uid, { contact: true, role: true });

			if (!prismaUser) {
				this.httpNotFoundRequest(response, "user not found");
				return;
			}

			//Hydrate user to be able to use his contact
			const userHydrated = User.hydrate<User>(prismaUser, { strategy: "excludeAll" });

			if (!userHydrated.contact?.email || userHydrated.contact?.email === "") {
				this.httpUnauthorized(response, "Email not found");
				return;
			}
			let isSubscribed = false;

			const subscriptions = await this.subscriptionsService.get({ where: { office_uid: userHydrated.office_membership?.uid } });

			if (!subscriptions || subscriptions.length === 0 || subscriptions[0]?.status === ESubscriptionStatus.INACTIVE) {
				isSubscribed = false;
				return;
			}

			if (subscriptions[0]?.type === EType.Unlimited) {
				isSubscribed = true;
			} else {
				const hasSeat = await this.subscriptionsService.get({
					where: { status: ESubscriptionStatus.ACTIVE, seats: { some: { user_uid: userHydrated.uid } } },
				});

				if (hasSeat && hasSeat.length > 0) {
					isSubscribed = true;
				} else {
					const nbMaxSeats = subscriptions[0]!.nb_seats;

					const nbCurrentSeats = await this.seatsService.get({ where: { subscription_uid: subscriptions[0]!.uid } });

					//if nbMaxSeats < nbCurrentSeats, create a new seat for the user
					if (nbMaxSeats > nbCurrentSeats.length) {
						const seatAdded = await this.seatsService.create(user.uid, subscriptions[0]!.uid);
						if (seatAdded) {
							isSubscribed = true;
						}
					}
				}
			}

			if (userHydrated.role?.name === "admin") {
				isSubscribed = true;
			}

			if (!isSubscribed) {
				this.httpUnauthorized(response, "User not subscribed");
				return;
			}

			//Check if user is whitelisted
			// const isWhitelisted = await this.whitelistService.getByEmail(userHydrated.contact!.email);

			//When we'll switch to idNotId whitelisting
			// const isWhitelisted = await this.userWhitelistService.getByIdNotId(user.idNot);

			//If not whitelisted, return 409 Not whitelisted
			// if (!isWhitelisted || isWhitelisted.length === 0) {
			// 	this.httpNotWhitelisted(response);
			// 	return;
			// }

			await this.idNotService.updateOffice(user.office_uid);

			const payload = await this.authService.getUserJwtPayload(user.idNot);
			const accessToken = this.authService.generateAccessToken(payload);
			const refreshToken = this.authService.generateRefreshToken(payload);

			this.httpSuccess(response, { accessToken, refreshToken });
		} catch (error) {
			console.log(error);
			this.httpInternalError(response);
			return;
		}
	}

	@Post("/api/v1/idnot/user/auth/refresh-token")
	protected async refreshToken(req: Request, response: Response) {
		try {
			const authHeader = req.headers["authorization"];
			const token = authHeader && authHeader.split(" ")[1];

			if (!token) {
				this.httpBadRequest(response);
				return;
			}

			let accessToken;
			this.authService.verifyRefreshToken(token, (err, userPayload) => {
				if (err) {
					console.log(err);
					this.httpUnauthorized(response);
					return;
				}

				const user = userPayload as IUserJwtPayload;
				delete user.iat;
				delete user.exp;
				accessToken = this.authService.generateAccessToken(user);
			});

			//success
			this.httpSuccess(response, { accessToken });
		} catch (error) {
			console.log(error);
			this.httpInternalError(response);
			return;
		}
	}
}