diff --git a/package.json b/package.json index 7cd95fde..ccadad73 100644 --- a/package.json +++ b/package.json @@ -15,6 +15,7 @@ "watch:ts": "tsc -w", "dev": "yarn build:ts && concurrently -k -t \"HH:mm:ss.SSS\" -p \"[{time}]\" -c \"cyan,green,red\" \"yarn:watch:*\"", "test": "yarn build && nyc --skip-full ava", + "test:slim": "ava", "test:report": "nyc --skip-full --reporter=lcov ava", "commit": "git cz", "copy-static": "sh -c \"cpy 'server/**/*' '.rdeploy' '!**/*.ts' dist/ --no-overwrite --parents\"" diff --git a/server/api/index.js b/server/api/index.js index 7198e131..acaa50af 100644 --- a/server/api/index.js +++ b/server/api/index.js @@ -2,6 +2,7 @@ const express = require('express') const Ajv = require('ajv') const { responses, responseList } = require('../responses') const auth = require('../auth') +const db = require('../database') const router = express.Router() @@ -62,18 +63,26 @@ routes.forEach((route, i) => { } } - let uuid + let user if (route.requireAuth) { const authHeader = req.get('authorization') if (authHeader === undefined || !authHeader.startsWith('Bearer ')) { sendResponse(responses.badToken) return } - uuid = await auth.token.getData(auth.token.tokenKinds.auth, authHeader.slice('Bearer '.length)) + const uuid = await auth.token.getData(auth.token.tokenKinds.auth, authHeader.slice('Bearer '.length)) if (uuid === null) { sendResponse(responses.badToken) return } + + user = await db.auth.getUserById({ + id: uuid + }) + if (user == null) { + sendResponse(responses.badToken) + return + } } const validator = routeValidators[i] @@ -93,7 +102,7 @@ routes.forEach((route, i) => { try { response = await route.handler({ req, - uuid + user }) } catch (e) { sendResponse(responses.errorInternal) diff --git a/server/api/submitflag.js b/server/api/submitflag.js index 288ca6d0..c7fb9f5a 100644 --- a/server/api/submitflag.js +++ b/server/api/submitflag.js @@ -31,7 +31,9 @@ module.exports = { required: ['id'] } }, - handler: async ({ req, uuid }) => { + handler: async ({ req, user }) => { + const uuid = user.id + if (Date.now() < config.startTime) { return util.notStarted() } diff --git a/server/api/users/delete.js b/server/api/users/delete.js index 49d26121..bcdaaf08 100644 --- a/server/api/users/delete.js +++ b/server/api/users/delete.js @@ -5,7 +5,8 @@ module.exports = { method: 'delete', path: '/users/me', requireAuth: true, - handler: async ({ uuid }) => { + handler: async ({ user }) => { + const uuid = user.id await database.auth.removeUserById({ id: uuid }) diff --git a/server/api/users/index.js b/server/api/users/index.js index 5e8f7be4..b20b16be 100644 --- a/server/api/users/index.js +++ b/server/api/users/index.js @@ -2,7 +2,6 @@ module.exports = [ require('./me'), require('./id'), - require('./me-solves'), require('./delete'), require('./update') ] diff --git a/server/api/users/me-solves.js b/server/api/users/me-solves.js deleted file mode 100644 index 0d302fbf..00000000 --- a/server/api/users/me-solves.js +++ /dev/null @@ -1,17 +0,0 @@ -const db = require('../../database') -const { responses } = require('../../responses') - -module.exports = { - method: 'get', - path: '/users/me/solves', - requireAuth: true, - handler: async ({ uuid }) => { - const userSolves = await db.solves.getSolvesByUserId({ userid: uuid }) - - if (userSolves === null) return responses.badUserData - - const returnedSolves = userSolves.map(solve => { return { id: solve.challengeid } }) - - return [responses.goodUserData, returnedSolves] - } -} diff --git a/server/api/users/me.js b/server/api/users/me.js index 15c4af46..93bd7e7e 100644 --- a/server/api/users/me.js +++ b/server/api/users/me.js @@ -6,13 +6,12 @@ module.exports = { method: 'get', path: '/users/me', requireAuth: true, - handler: async ({ uuid }) => { + handler: async ({ user }) => { + const uuid = user.id const userData = await getGenericUserData({ id: uuid }) - if (userData === null) return responses.badUnknownUser - const teamToken = await auth.token.getToken(auth.token.tokenKinds.team, uuid) return [responses.goodUserData, { diff --git a/server/api/users/update.js b/server/api/users/update.js index 3b7dfda5..37dc0d12 100644 --- a/server/api/users/update.js +++ b/server/api/users/update.js @@ -21,7 +21,8 @@ module.exports = { } } }, - handler: async ({ uuid, req }) => { + handler: async ({ user, req }) => { + const uuid = user.id const { name, division } = req.body const passRateLimit = await timeouts.checkRateLimit({ @@ -37,7 +38,7 @@ module.exports = { }] } - const user = await database.auth.updateUser({ + const newUser = await database.auth.updateUser({ id: uuid, name, division @@ -45,9 +46,9 @@ module.exports = { return [responses.goodUserUpdate, { user: { - name: user.name, - email: user.email, - division: Number.parseInt(user.division) + name: newUser.name, + email: newUser.email, + division: Number.parseInt(newUser.division) } }] } diff --git a/test/_util.js b/test/_util.js index eed6a8cc..0de9b5b9 100644 --- a/test/_util.js +++ b/test/_util.js @@ -2,13 +2,31 @@ require('ava') const { v4: uuidv4 } = require('uuid') const config = require('../config/server') +const db = require('../dist/server/database') -module.exports = { +const ret = { + // Generate only valid parameters generateTestUser: () => { return { email: uuidv4() + '@test.com', name: uuidv4(), - division: Object.values(config.divisions)[0] + division: Object.values(config.divisions)[0], + perms: 0 + } + }, + // Generate a real user, adding to database + generateRealTestUser: async () => { + const id = uuidv4() + + const userData = ret.generateTestUser() + const user = await db.auth.makeUser({ + ...userData, + id + }) + + return { + user, + cleanup: () => db.auth.removeUserById({ id }) } }, getFirstLoadedChallenge: () => { @@ -38,3 +56,5 @@ module.exports = { }) } } + +module.exports = ret diff --git a/test/integration/challenges.js b/test/integration/challenges.js index f94ab43c..57b2a7ae 100644 --- a/test/integration/challenges.js +++ b/test/integration/challenges.js @@ -1,12 +1,23 @@ const test = require('ava') const request = require('supertest') const app = require('../../dist/server/app') -const { v4: uuidv4 } = require('uuid') +const util = require('../_util') const auth = require('../../dist/server/auth') const config = require('../../dist/config/server') const { responseList } = require('../../dist/server/responses') +let uuid, testUserData + +test.before(async () => { + testUserData = await util.generateRealTestUser() + uuid = testUserData.user.id +}) + +test.after.always('cleanup test user', async t => { + await testUserData.cleanup() +}) + test('fails with unauthorized', async t => { const resp = await request(app) .get(process.env.API_ENDPOINT + '/challs') @@ -15,8 +26,6 @@ test('fails with unauthorized', async t => { t.is(resp.body.kind, 'badToken') }) -const uuid = uuidv4() - test.serial('fails with badNotStarted', async t => { const oldTime = config.startTime // Choose a time 10 minutes in the future diff --git a/test/integration/submit.js b/test/integration/submit.js index 4029817b..eb8c96ac 100644 --- a/test/integration/submit.js +++ b/test/integration/submit.js @@ -8,18 +8,19 @@ const { responseList } = require('../../dist/server/responses') const auth = require('../../dist/server/auth') const util = require('../_util') -let chall +let chall, uuid, testUserData // Wait for challenges to load test.before(async () => { chall = await util.getFirstLoadedChallenge() + + testUserData = await util.generateRealTestUser() + uuid = testUserData.user.id }) -test.after.always('remove solves from test user', async t => { +test.after.always('cleanup test user', async t => { await db.solves.removeSolvesByUserId({ userid: uuid }) - await db.auth.removeUserById({ - id: testUser.id - }) + await testUserData.cleanup() }) test('fails with unauthorized', async t => { @@ -30,13 +31,6 @@ test('fails with unauthorized', async t => { t.is(resp.body.kind, 'badToken') }) -const uuid = uuidv4() -const testUser = { - ...util.generateTestUser(), - id: uuid, - perms: 0 -} - test('fails with badBody', async t => { const badChallenge = uuidv4() @@ -61,8 +55,6 @@ test.serial('fails with badFlag', async t => { }) test.serial('succeeds with goodFlag', async t => { - await db.auth.makeUser(testUser) - const authToken = await auth.token.getToken(auth.token.tokenKinds.auth, uuid) const resp = await request(app) .post(process.env.API_ENDPOINT + '/challs/' + encodeURIComponent(chall.id) + '/submit') diff --git a/test/integration/submitTiming.js b/test/integration/submitTiming.js index 2fa1e256..13cee1b0 100644 --- a/test/integration/submitTiming.js +++ b/test/integration/submitTiming.js @@ -2,20 +2,23 @@ const test = require('ava') const request = require('supertest') const app = require('../../dist/server/app') const config = require('../../dist/config/server') -const { v4: uuidv4 } = require('uuid') +const util = require('../_util') const { responseList } = require('../../dist/server/responses') const auth = require('../../dist/server/auth') const { getFirstLoadedChallenge } = require('../_util.js') -let chall +let chall, uuid, testUserData -// Wait for challenges to load test.before(async () => { chall = await getFirstLoadedChallenge() + testUserData = await util.generateRealTestUser() + uuid = testUserData.user.id }) -const uuid = uuidv4() +test.after.always('cleanup test user', async t => { + await testUserData.cleanup() +}) test.serial('fails with badNotStarted', async t => { const oldTime = config.startTime