From 220bcc4c6608454bd1a9adb44b656e01db7ec60b Mon Sep 17 00:00:00 2001
From: emranemran <emran.mah@gmail.com>
Date: Sat, 23 Mar 2024 07:40:20 -0700
Subject: [PATCH] fixes

---
 packages/api/src/controllers/stream.test.ts | 31 +++++++++++++--------
 packages/api/src/controllers/stream.ts      |  3 +-
 2 files changed, 20 insertions(+), 14 deletions(-)

diff --git a/packages/api/src/controllers/stream.test.ts b/packages/api/src/controllers/stream.test.ts
index aaf2805b3d..a9f107ce3c 100644
--- a/packages/api/src/controllers/stream.test.ts
+++ b/packages/api/src/controllers/stream.test.ts
@@ -1076,6 +1076,7 @@ describe("controllers/stream", () => {
   describe("stream endpoint with api key", () => {
     let newApiKey;
     beforeEach(async () => {
+      // create streams without a projectId
       for (let i = 0; i < 5; i += 1) {
         const document = {
           id: uuid(),
@@ -1098,17 +1099,18 @@ describe("controllers/stream", () => {
       newApiKey = await createApiToken({
         client: client,
         projectId: projectId,
-        corsAccess: { allowedOrigins },
+        //corsAccess: { allowedOrigins },
         jwtAuthToken: nonAdminToken,
       });
       expect(newApiKey).toMatchObject({
         id: expect.any(String),
-        access: { cors: { allowedOrigins: ["http://localhost:3000"] } },
+        //access: { cors: { allowedOrigins: ["http://localhost:3000"] } },
       });
 
       client.jwtAuth = "";
       client.apiKey = newApiKey.id;
 
+      // create streams with a projectId
       for (let i = 0; i < 5; i += 1) {
         const document = {
           id: uuid(),
@@ -1120,26 +1122,31 @@ describe("controllers/stream", () => {
         const res = await client.get(`/stream/${document.id}`);
         expect(res.status).toBe(200);
       }
-
-      client.jwtAuth = "";
     });
 
-    it.only("should get own streams", async () => {
+    it("should get own streams", async () => {
       client.apiKey = nonAdminApiKey;
       let res = await client.get(`/stream/user/${nonAdminUser.id}`);
       expect(res.status).toBe(200);
       const streams = await res.json();
-      console.log("XXX: got nonAdminUser streams: ", streams);
       expect(streams.length).toEqual(8);
       expect(streams[0].userId).toEqual(nonAdminUser.id);
 
+      // ensure project associated with a new api-key is not enforced for this endpoint
       client.apiKey = newApiKey.id;
-      console.log("XXX: about to call", client.apiKey, newApiKey.id);
       let res2 = await client.get(`/stream/user/${nonAdminUser.id}`);
       expect(res2.status).toBe(200);
-      streams = await res2.json();
-      console.log("XXX: got newApiKey streams: ", streams);
-      expect(streams.length).toEqual(3);
+      const streams2 = await res2.json();
+      expect(streams2.length).toEqual(8);
+      expect(streams2[0].userId).toEqual(nonAdminUser.id);
+    });
+
+    it("should get streams owned by project when using api-key for project", async () => {
+      client.apiKey = newApiKey.id;
+      let res = await client.get(`/stream/`);
+      expect(res.status).toBe(200);
+      const streams = await res.json();
+      expect(streams.length).toEqual(5);
       expect(streams[0].userId).toEqual(nonAdminUser.id);
     });
 
@@ -1148,7 +1155,7 @@ describe("controllers/stream", () => {
       let res = await client.get(`/stream/user/${nonAdminUser.id}`);
       expect(res.status).toBe(200);
       const streams = await res.json();
-      expect(streams.length).toEqual(3);
+      expect(streams.length).toEqual(8);
       expect(streams[0].userId).toEqual(nonAdminUser.id);
       let dres = await client.delete(`/stream/${streams[0].id}`);
       expect(dres.status).toBe(204);
@@ -1157,7 +1164,7 @@ describe("controllers/stream", () => {
       let res2 = await client.get(`/stream/user/${nonAdminUser.id}`);
       expect(res2.status).toBe(200);
       const streams2 = await res2.json();
-      expect(streams2.length).toEqual(2);
+      expect(streams2.length).toEqual(7);
     });
 
     it("should not get others streams", async () => {
diff --git a/packages/api/src/controllers/stream.ts b/packages/api/src/controllers/stream.ts
index 56936c6a1e..2df3414a96 100644
--- a/packages/api/src/controllers/stream.ts
+++ b/packages/api/src/controllers/stream.ts
@@ -662,7 +662,6 @@ app.get("/sessions/:parentId", authorizer({}), async (req, res) => {
 });
 
 app.get("/user/:userId", authorizer({}), async (req, res) => {
-  console.log("YYY: ", req.user.id, req.params.userId);
   const { userId } = req.params;
   let { limit, cursor, streamsonly, sessionsonly } = toStringValues(req.query);
 
@@ -672,7 +671,6 @@ app.get("/user/:userId", authorizer({}), async (req, res) => {
       errors: ["user can only request information on their own streams"],
     });
   }
-  console.log("YYY im here");
   const query = [
     sql`data->>'deleted' IS NULL`,
     sql`data->>'userId' = ${userId}`,
@@ -711,6 +709,7 @@ app.get("/:id", authorizer({}), async (req, res) => {
   const raw = req.query.raw && req.user.admin;
   const { forceUrl } = req.query;
   let stream = await db.stream.get(req.params.id);
+  console.log("XXX: stream is", stream);
   if (
     !stream ||
     ((stream.userId !== req.user.id ||