From 766cc33cc4a8c116880797b621518a5e9800b5f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20Kan=C4=9Bra?= <marti.kanera@gmail.com>
Date: Sat, 20 Feb 2021 12:37:28 +0100
Subject: [PATCH] feat: minor changes

---
 components/proposal-form/proposal-form.vue |  2 +-
 components/ui/snackbar/snackbar.sass       |  2 +-
 server/api/deadlines/update.ts             |  2 +-
 server/api/project/get.ts                  | 10 +++--
 server/api/project/student-update.ts       | 23 ++++++++--
 server/api/public-projects/get.ts          |  9 +++-
 server/api/review/list.ts                  |  7 +++-
 server/api/student/update.ts               |  2 -
 server/api/teacher/extern-teacher.ts       |  2 +-
 server/api/teacher/list.ts                 | 49 +++++++++++-----------
 10 files changed, 66 insertions(+), 42 deletions(-)

diff --git a/components/proposal-form/proposal-form.vue b/components/proposal-form/proposal-form.vue
index d78c066b..0b60e68f 100644
--- a/components/proposal-form/proposal-form.vue
+++ b/components/proposal-form/proposal-form.vue
@@ -38,7 +38,7 @@ export default defineComponent({
         // @ts-ignore
         const response = await ctx.root.$nuxt.$axios.get('/api/teachers/list', {
           headers: {
-            authorization: mainStore.state.user.id,
+            authorization: `Bearer ${mainStore.state.user.idToken}`,
           },
         });
 
diff --git a/components/ui/snackbar/snackbar.sass b/components/ui/snackbar/snackbar.sass
index 57539412..e84c7182 100644
--- a/components/ui/snackbar/snackbar.sass
+++ b/components/ui/snackbar/snackbar.sass
@@ -1,7 +1,7 @@
 .snackbar
   @apply w-screen h-auto py-3 px-6 text-ps-primary font-semibold
   @apply fixed bottom-0 bg-ps-linear-gradient rounded-t-lg shadow
-  @apply left-0
+  @apply left-0 z-999
 
   @screen md
     @apply w-8/12 left-1/2
diff --git a/server/api/deadlines/update.ts b/server/api/deadlines/update.ts
index ca18cfb0..265bfd49 100644
--- a/server/api/deadlines/update.ts
+++ b/server/api/deadlines/update.ts
@@ -42,7 +42,7 @@ export default async (req: Request, res: Response) => {
         case 'Error: 403':
           return res.status(403).send('Only admin can update deadlines');
         default:
-          return res.status(500).send();
+          return res.status(500).send(e);
       }
     }
   } catch (_) {
diff --git a/server/api/project/get.ts b/server/api/project/get.ts
index 7b7ead1c..c71db24a 100644
--- a/server/api/project/get.ts
+++ b/server/api/project/get.ts
@@ -40,11 +40,15 @@ export default async (req: Request, res: Response) => {
     if (!project?.exists) return res.status(404).send('Project does not exist');
 
     if (!projectData?.public) {
-      const userAuth = !idToken ? { uid: 'public' } : await admin.auth().verifyIdToken(idToken);
-      const user = await admin.firestore().collection('users').doc(userAuth.uid).get();
+      try {
+        const userAuth = await admin.auth().verifyIdToken(idToken);
+        const user = await admin.firestore().collection('users').doc(userAuth.uid).get();
 
-      if (!user.data()?.admin && !(projectData?.studentId === userAuth.uid) && !(projectData?.teacherId === userAuth.uid) && !(projectData?.opponentId === userAuth.uid))
+        if (!user.data()?.admin && !(projectData?.studentId === userAuth.uid) && !(projectData?.teacherId === userAuth.uid) && !(projectData?.opponentId === userAuth.uid))
+          return res.status(403).send();
+      } catch (_) {
         return res.status(403).send();
+      }
     }
 
     let deadlineDate = projectData?.deadlineDate;
diff --git a/server/api/project/student-update.ts b/server/api/project/student-update.ts
index 7b5295f2..2e5c6e6e 100644
--- a/server/api/project/student-update.ts
+++ b/server/api/project/student-update.ts
@@ -59,9 +59,19 @@ export default async (req: Request, res: Response) => {
 
   const body = JSON.parse(req.body.projectData);
 
-  // TODO check mandatory files match type
-
-  if (!(typeof body.description === 'string' && Array.isArray(body.links) && req.params.id && checkLinks(body.links) && Array.isArray(body.keywords))) return res.status(400).send();
+  if (
+    !(
+      typeof body.description === 'string' &&
+      body.description.length <= 250 &&
+      Array.isArray(body.links) &&
+      req.params.id &&
+      checkLinks(body.links) &&
+      Array.isArray(body.keywords) &&
+      Array.isArray(body.mandatoryOrder) &&
+      Array.isArray(body.optionalOrder)
+    )
+  )
+    return res.status(400).send();
 
   // @ts-ignore
   const mandatoryFiles = req.files.mandatory;
@@ -116,7 +126,12 @@ export default async (req: Request, res: Response) => {
 
         transaction.update(projectRef, {
           description: body.description.trim(),
-          links: body.links,
+          links: body.links.map((link: any) => {
+            return {
+              placeholder: link.placeholder,
+              url: link.url,
+            };
+          }),
           keywords: body.keywords,
         });
 
diff --git a/server/api/public-projects/get.ts b/server/api/public-projects/get.ts
index f4d37013..756b2fa2 100644
--- a/server/api/public-projects/get.ts
+++ b/server/api/public-projects/get.ts
@@ -43,6 +43,7 @@ export default async (req: Request, res: Response) => {
         return formatProjectsData(projects, transaction);
       } else if (typeof lastProjectId === 'string') {
         const lastDoc = await transaction.get(admin.firestore().collection('projects').doc(lastProjectId));
+        if (!lastDoc.exists) throw new Error('404');
         const projects = await transaction.get(admin.firestore().collection('projects').where('public', '==', true).orderBy('currentYear', 'desc').startAfter(lastDoc).limit(limit));
 
         if (!projects.docs.length) return [];
@@ -53,7 +54,11 @@ export default async (req: Request, res: Response) => {
 
     return res.send(projects);
   } catch (e) {
-    console.error(e);
-    return res.status(500).send();
+    switch (e.toString()) {
+      case 'Error: 404':
+        return res.status(404).send('Project with provided ID does not exist');
+      default:
+        return res.status(500).send(e);
+    }
   }
 };
diff --git a/server/api/review/list.ts b/server/api/review/list.ts
index c8c57937..3d2984a2 100644
--- a/server/api/review/list.ts
+++ b/server/api/review/list.ts
@@ -29,7 +29,7 @@ export default async (req: Request, res: Response) => {
   const idToken = req.headers.authorization?.split(' ')[1] ?? '';
   const projectId = req.params.id;
 
-  if (!projectId) return res.status(401).send('Missing params');
+  if (!projectId) return res.status(400).send('Missing params');
 
   try {
     const project = await admin.firestore().collection('projects').doc(projectId).get();
@@ -38,6 +38,9 @@ export default async (req: Request, res: Response) => {
 
     const projectData = project.data();
 
+    if (!projectData?.public && idToken === 'undefined') return res.status(403).send();
+    if (projectData?.public && idToken === 'undefined') return res.status(200).send(await getReviewsUrls(projectData?.reviews));
+
     try {
       // Check auth
       const userAuth = await admin.auth().verifyIdToken(idToken);
@@ -45,7 +48,7 @@ export default async (req: Request, res: Response) => {
 
       return res.send(await getReviewsUrls(projectData?.reviews, userData?.admin || projectData?.teacherId === userAuth.uid || projectData?.opponentId === userAuth.uid));
     } catch (_) {
-      return res.send(await getReviewsUrls(projectData?.reviews));
+      return res.status(401).send('Project is not public');
     }
   } catch (_) {
     return res.status(500).send();
diff --git a/server/api/student/update.ts b/server/api/student/update.ts
index f3c71fe3..ff6245e9 100644
--- a/server/api/student/update.ts
+++ b/server/api/student/update.ts
@@ -18,8 +18,6 @@ export default async (req: Request, res: Response) => {
     const user = await admin.auth().verifyIdToken(idToken);
 
     if (!(await admin.firestore().collection('users').doc(user.uid).get()).data()?.admin) return res.status(403).send('Only admin can update student');
-
-    // if (!(await admin.firestore().collection('users').doc(studentId).get()).data()?.student) return res.status(404).send('No student with this id found');
   } catch (_) {
     return res.status(401).send('Unauthorized');
   }
diff --git a/server/api/teacher/extern-teacher.ts b/server/api/teacher/extern-teacher.ts
index 91d7a84a..778313ab 100644
--- a/server/api/teacher/extern-teacher.ts
+++ b/server/api/teacher/extern-teacher.ts
@@ -45,6 +45,6 @@ export default async (req: Request, res: Response) => {
 
     return res.status(200).send();
   } catch (e) {
-    res.status(500).send(e);
+    return res.status(500).send(e);
   }
 };
diff --git a/server/api/teacher/list.ts b/server/api/teacher/list.ts
index 56a4259f..7e28c4fd 100644
--- a/server/api/teacher/list.ts
+++ b/server/api/teacher/list.ts
@@ -1,43 +1,42 @@
 import { Request, Response } from 'express';
 
 import admin from 'firebase-admin';
-import 'firebase/auth';
 
 export default async (req: Request, res: Response) => {
-  const userId = req.headers.authorization ?? '';
+  const idToken = req.headers.authorization?.split(' ')[1] ?? '';
 
   try {
-    await admin.auth().getUser(userId);
-  } catch (e) {
-    return res.status(401).send();
-  }
+    const userAuth = await admin.auth().verifyIdToken(idToken);
 
-  if ((await admin.firestore().collection('proposals').where('studentId', '==', userId).get()).docs[0]?.exists)
-    return res.status(202).send({ message: 'Proposal already submitted', status: 202 });
+    try {
+      if ((await admin.firestore().collection('proposals').where('studentId', '==', userAuth.uid).get()).docs[0]?.exists)
+        return res.status(202).send({ message: 'Proposal already submitted', status: 202 });
 
-  if ((await admin.firestore().collection('projects').where('studentId', '==', userId).get()).docs[0]?.exists)
-    return res.status(202).send({ message: 'You already have project', status: 202 });
+      if ((await admin.firestore().collection('projects').where('studentId', '==', userAuth.uid).get()).docs[0]?.exists)
+        return res.status(202).send({ message: 'You already have project', status: 202 });
 
-  const userData = (await admin.firestore().collection('users').doc(userId).get()).data();
+      const userData = (await admin.firestore().collection('users').doc(userAuth.uid).get()).data();
 
-  // User doesnt have current year set
-  if (!userData?.currentYear) return res.status(412).send();
+      // User doesnt have current year set
+      if (!userData?.currentYear) return res.status(412).send();
 
-  // Teacher cant submit proposal
-  if (userData?.teacher) return res.status(403).send('Teacher cannot submit proposal');
+      // Teacher cant submit proposal
+      if (userData?.teacher) return res.status(403).send('Teacher cannot submit proposal');
 
-  try {
-    const teachersData = (await admin.firestore().collection('users').where('teacher', '==', true).where('extern', '==', false).where('deleted', '==', false).get()).docs;
+      const teachersData = (await admin.firestore().collection('users').where('teacher', '==', true).where('extern', '==', false).where('deleted', '==', false).get()).docs;
 
-    const teachersList = teachersData.map((teacherDoc) => {
-      return {
-        placeholder: teacherDoc.data().displayName,
-        value: teacherDoc.id,
-      };
-    });
+      const teachersList = teachersData.map((teacherDoc) => {
+        return {
+          placeholder: teacherDoc.data().displayName,
+          value: teacherDoc.id,
+        };
+      });
 
-    return res.status(200).json(teachersList);
+      return res.status(200).json(teachersList);
+    } catch (e) {
+      return res.status(500).send(e);
+    }
   } catch (e) {
-    return res.status(500).send(e);
+    return res.status(401).send();
   }
 };