✨ Recent events & GDPR export

Author: AnandChowdhary

src/crud/event.ts

@@ -11,8 +11,10 @@ export const createEvent = async (event: Event, locals?: Locals) => {
     event.ipAddress = locals.ipAddress;
     event.userAgent = locals.userAgent;
   }
-  if (event.userId)
+  if (event.userId) {
     deleteItemFromCache(CacheCategories.USER_EVENT, event.userId);
+    deleteItemFromCache(CacheCategories.USER_RECENT_EVENTS, event.userId);
+  }
   await query(`INSERT INTO events ${tableValues(event)}`, Object.values(event));
 };
 
@@ -26,3 +28,14 @@ export const getUserEvents = async (userId: number) => {
     )
   );
 };
+
+export const getUserRecentEvents = async (userId: number) => {
+  return <Event[]>(
+    await cachedQuery(
+      CacheCategories.USER_RECENT_EVENTS,
+      userId,
+      `SELECT * FROM events WHERE userId = ? ORDER BY id DESC LIMIT 10`,
+      [userId]
+    )
+  );
+};

src/helpers/authorization.ts

@@ -31,7 +31,11 @@ const canUserUser = async (
   if (
     userOrganizationId === targetOrganizationId &&
     user.role == UserRole.RESELLER &&
-    action != Authorizations.IMPERSONATE
+    [
+      Authorizations.READ,
+      Authorizations.UPDATE,
+      Authorizations.DELETE
+    ].includes(action)
   )
     return true;
 

src/helpers/mysql.ts

@@ -13,7 +13,7 @@ import { Membership } from "../interfaces/tables/memberships";
 import { Organization } from "../interfaces/tables/organization";
 import { Event } from "../interfaces/tables/events";
 import { KeyValue } from "../interfaces/general";
-import { boolValues, dateValues, readOnlyValues } from "./utils";
+import { boolValues, jsonValues, dateValues, readOnlyValues } from "./utils";
 
 export const pool = createPool({
   host: DB_HOST,
@@ -55,6 +55,11 @@ export const uncleanValues = (
   if (typeof data.map === "function") {
     data.map((item: KeyValue) => {
       Object.keys(item).forEach(key => {
+        try {
+          if (jsonValues.includes(key)) item[key] = JSON.parse(item[key]);
+        } catch (error) {
+          item[key] = {};
+        }
         if (boolValues.includes(key)) item[key] = !!item[key];
         if (dateValues.includes(key))
           item[key] = new Date(item[key]).toISOString();

src/helpers/utils.ts

@@ -42,4 +42,6 @@ export const boolValues = [
 
 export const dateValues = ["createdAt", "updatedAt"];
 
+export const jsonValues = ["data"];
+
 export const readOnlyValues = ["createdAt", "id"];

src/interfaces/enum.ts

@@ -76,6 +76,7 @@ export enum CacheCategories {
   USER_VERIFIED_EMAILS = "user-verified-emails",
   EMAIL = "email",
   USER_EVENT = "user-event",
+  USER_RECENT_EVENTS = "user-recent-events",
   ORGANIZATION_MEMBERSHIPS = "memberships",
   MEMBERSHIP = "membership",
   ORGANIZATION = "organization",
@@ -86,6 +87,7 @@ export enum CacheCategories {
 export enum Authorizations {
   CREATE = "create",
   READ = "read",
+  READ_SECURE = "read-secure",
   UPDATE = "update",
   DELETE = "delete",
   INVITE_MEMBER = "invite-member",

src/rest/user.ts

@@ -6,7 +6,7 @@ import {
 } from "../crud/membership";
 import { User } from "../interfaces/tables/user";
 import { Locals } from "../interfaces/general";
-import { createEvent, getUserEvents } from "../crud/event";
+import { createEvent, getUserEvents, getUserRecentEvents } from "../crud/event";
 import { getUserEmails } from "../crud/email";
 import { can } from "../helpers/authorization";
 
@@ -37,7 +37,21 @@ export const updateUserForUser = async (
   throw new Error(ErrorCode.INSUFFICIENT_PERMISSION);
 };
 
-export const getAllDataForUser = async (userId: number) => {
+export const getRecentEventsForUser = async (
+  tokenUserId: number,
+  dataUserId: number
+) => {
+  if (await can(tokenUserId, Authorizations.READ_SECURE, "user", dataUserId))
+    return await getUserRecentEvents(dataUserId);
+  throw new Error(ErrorCode.INSUFFICIENT_PERMISSION);
+};
+
+export const getAllDataForUser = async (
+  tokenUserId: number,
+  userId: number
+) => {
+  if (!(await can(tokenUserId, Authorizations.READ_SECURE, "user", userId)))
+    throw new Error(ErrorCode.INSUFFICIENT_PERMISSION);
   const user = await getUser(userId);
   const organization = await getUserOrganization(userId);
   const membership = await getUserMembershipObject(userId);

src/routes/index.ts

@@ -1,6 +1,11 @@
 import { Application } from "express";
 import asyncHandler from "express-async-handler";
-import { routeUserId, routeUserUpdate, routeUserAllData } from "./users";
+import {
+  routeUserId,
+  routeUserUpdate,
+  routeUserAllData,
+  routeUserRecentEvents
+} from "./users";
 import {
   routeEmailVerify,
   routeEmailAdd,
@@ -70,7 +75,12 @@ const routesUser = (app: Application) => {
   app.put("/users", asyncHandler(routeAuthRegister));
   app.get("/users/:id", authHandler, asyncHandler(routeUserId));
   app.patch("/users/:id", authHandler, asyncHandler(routeUserUpdate));
-  app.get("/gdpr/json", authHandler, asyncHandler(routeUserAllData));
+  app.get(
+    "/users/:id/events",
+    authHandler,
+    asyncHandler(routeUserRecentEvents)
+  );
+  app.get("/users/:id/data", authHandler, asyncHandler(routeUserAllData));
 };
 
 const routesEmail = (app: Application) => {

src/routes/users.ts

@@ -2,7 +2,8 @@ import { Request, Response } from "express";
 import {
   getUserFromId,
   updateUserForUser,
-  getAllDataForUser
+  getAllDataForUser,
+  getRecentEventsForUser
 } from "../rest/user";
 import { ErrorCode } from "../interfaces/enum";
 
@@ -21,6 +22,16 @@ export const routeUserUpdate = async (req: Request, res: Response) => {
   res.json({ success: true });
 };
 
+export const routeUserRecentEvents = async (req: Request, res: Response) => {
+  let id = req.params.id;
+  if (id === "me") id = res.locals.token.id;
+  if (!id) throw new Error(ErrorCode.MISSING_FIELD);
+  res.json(await getRecentEventsForUser(res.locals.token.id, id));
+};
+
 export const routeUserAllData = async (req: Request, res: Response) => {
-  res.json(await getAllDataForUser(res.locals.token.id));
+  let id = req.params.id;
+  if (id === "me") id = res.locals.token.id;
+  if (!id) throw new Error(ErrorCode.MISSING_FIELD);
+  res.json(await getAllDataForUser(res.locals.token.id, id));
 };