Merge branch 'travis/msc2140-tos'

package.json

@@ -63,14 +63,15 @@
     "@angular/compiler": "^8.0.3",
     "@angular/core": "^8.0.3",
     "@angular/forms": "^8.0.3",
-    "@angular/http": "^7.2.15",
     "@angular/platform-browser": "^8.0.3",
     "@angular/platform-browser-dynamic": "^8.0.3",
     "@angular/router": "^8.0.3",
     "@angularclass/hmr": "^2.1.3",
     "@angularclass/hmr-loader": "^3.0.4",
     "@babel/core": "^7.4.5",
     "@babel/preset-env": "^7.4.5",
+    "@ckeditor/ckeditor5-angular": "^1.1.0",
+    "@ckeditor/ckeditor5-build-classic": "^12.2.0",
     "@fortawesome/fontawesome": "^1.1.8",
     "@fortawesome/fontawesome-free-brands": "^5.0.13",
     "@fortawesome/fontawesome-free-regular": "^5.0.13",
@@ -93,6 +94,7 @@
     "goby": "^1.1.2",
     "html-loader": "^0.5.5",
     "html-webpack-plugin": "^3.2.0",
+    "iso-639-1": "^2.0.5",
     "jquery": "^3.4.1",
     "json-loader": "^0.5.7",
     "mini-css-extract-plugin": "^0.7.0",

src/MemoryCache.ts

@@ -54,4 +54,5 @@ export const CACHE_TELEGRAM_BRIDGE = "telegram-bridge";
 export const CACHE_WEBHOOKS_BRIDGE = "webhooks-bridge";
 export const CACHE_GITTER_BRIDGE = "gitter-bridge";
 export const CACHE_SIMPLE_BOTS = "simple-bots";
-export const CACHE_SLACK_BRIDGE = "slack-bridge";
+export const CACHE_SLACK_BRIDGE = "slack-bridge";
+export const CACHE_TERMS = "terms";

src/api/ApiError.ts

@@ -26,16 +26,19 @@ export class ApiError {
      * then converted to JSON as {message: "your_message"})
      * @param {string} errCode The internal error code to describe what went wrong
      */
-    constructor(statusCode: number, json: string | object, errCode = "D_UNKNOWN") {
+    constructor(statusCode: number, json: string | object, errCode = "M_UNKNOWN") {
         // Because typescript is just plain dumb
         // https://stackoverflow.com/questions/31626231/custom-error-class-in-typescript
         Error.apply(this, ["ApiError"]);
 
-        if (typeof(json) === "string") json = {message: json};
+        if (typeof (json) === "string") json = {message: json};
         this.jsonResponse = json;
         this.statusCode = statusCode;
         this.errorCode = errCode;
 
         this.jsonResponse["dim_errcode"] = this.errorCode;
+
+        if (!this.jsonResponse['error']) this.jsonResponse['error'] = this.jsonResponse['message'];
+        if (!this.jsonResponse['errcode']) this.jsonResponse['errcode'] = errCode;
     }
 }

src/api/Webserver.ts

@@ -7,7 +7,7 @@ import { Server } from "typescript-rest";
 import * as _ from "lodash";
 import config from "../config";
 import { ApiError } from "./ApiError";
-import MSCSecurity from "./security/MSCSecurity";
+import MatrixSecurity from "./security/MatrixSecurity";
 
 /**
  * Web server for Dimension. Handles the API routes for the admin, scalar, dimension, and matrix APIs.
@@ -26,10 +26,10 @@ export default class Webserver {
     private loadRoutes() {
         // TODO: Rename services to controllers, and controllers to services. They're backwards.
 
-        const apis = ["scalar", "dimension", "admin", "matrix", "msc"].map(a => path.join(__dirname, a, "*.js"));
+        const apis = ["scalar", "dimension", "admin", "matrix"].map(a => path.join(__dirname, a, "*.js"));
         const router = express.Router();
         Server.useIoC();
-        Server.registerAuthenticator(new MSCSecurity());
+        Server.registerAuthenticator(new MatrixSecurity());
         apis.forEach(a => Server.loadServices(router, [a]));
         const routes = _.uniq(router.stack.map(r => r.route.path));
         for (const route of routes) {
@@ -71,8 +71,13 @@ export default class Webserver {
             next();
         });
         this.app.use((_req, res, next) => {
+            if (res.headersSent) {
+                next();
+                return;
+            }
+
             res.setHeader("Access-Control-Allow-Origin", "*");
-            res.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
+            res.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization");
             next();
         });
     }

src/api/admin/AdminAppserviceService.ts

@@ -1,10 +1,10 @@
-import { GET, Path, PathParam, POST, QueryParam } from "typescript-rest";
-import { AdminService } from "./AdminService";
+import { Context, GET, Path, PathParam, POST, Security, ServiceContext } from "typescript-rest";
 import AppService from "../../db/models/AppService";
 import { AppserviceStore } from "../../db/AppserviceStore";
 import { ApiError } from "../ApiError";
 import { MatrixAppserviceClient } from "../../matrix/MatrixAppserviceClient";
 import { LogService } from "matrix-js-snippets";
+import { ROLE_ADMIN, ROLE_USER } from "../security/MatrixSecurity";
 
 interface AppserviceResponse {
     id: string;
@@ -23,18 +23,20 @@ interface AppserviceCreateRequest {
 @Path("/api/v1/dimension/admin/appservices")
 export class AdminAppserviceService {
 
+    @Context
+    private context: ServiceContext;
+
     @GET
     @Path("all")
-    public async getAppservices(@QueryParam("scalar_token") scalarToken: string): Promise<AppserviceResponse[]> {
-        await AdminService.validateAndGetAdminTokenOwner(scalarToken);
+    @Security([ROLE_USER, ROLE_ADMIN])
+    public async getAppservices(): Promise<AppserviceResponse[]> {
         return (await AppService.findAll()).map(a => this.mapAppservice(a));
     }
 
     @GET
     @Path(":appserviceId")
-    public async getAppservice(@QueryParam("scalar_token") scalarToken: string, @PathParam("appserviceId") asId: string): Promise<AppserviceResponse> {
-        await AdminService.validateAndGetAdminTokenOwner(scalarToken);
-
+    @Security([ROLE_USER, ROLE_ADMIN])
+    public async getAppservice(@PathParam("appserviceId") asId: string): Promise<AppserviceResponse> {
         try {
             const appservice = await AppserviceStore.getAppservice(asId);
             return this.mapAppservice(appservice);
@@ -46,8 +48,9 @@ export class AdminAppserviceService {
 
     @POST
     @Path("new")
-    public async createAppservice(@QueryParam("scalar_token") scalarToken: string, request: AppserviceCreateRequest): Promise<AppserviceResponse> {
-        const userId = await AdminService.validateAndGetAdminTokenOwner(scalarToken);
+    @Security([ROLE_USER, ROLE_ADMIN])
+    public async createAppservice(request: AppserviceCreateRequest): Promise<AppserviceResponse> {
+        const userId = this.context.request.user.userId;
 
         // Trim off the @ sign if it's on the prefix
         if (request.userPrefix[0] === "@") {
@@ -66,9 +69,8 @@ export class AdminAppserviceService {
 
     @POST
     @Path(":appserviceId/test")
-    public async test(@QueryParam("scalar_token") scalarToken: string, @PathParam("appserviceId") asId: string): Promise<any> {
-        await AdminService.validateAndGetAdminTokenOwner(scalarToken);
-
+    @Security([ROLE_USER, ROLE_ADMIN])
+    public async test(@PathParam("appserviceId") asId: string): Promise<any> {
         const appservice = await AppserviceStore.getAppservice(asId);
         const client = new MatrixAppserviceClient(appservice);
         const userId = await client.whoAmI();

src/api/admin/AdminCustomSimpleBotService.ts

@@ -1,9 +1,9 @@
-import { DELETE, GET, Path, PathParam, POST, QueryParam } from "typescript-rest";
-import { AdminService } from "./AdminService";
+import { Context, DELETE, GET, Path, PathParam, POST, Security, ServiceContext } from "typescript-rest";
 import { ApiError } from "../ApiError";
 import { LogService } from "matrix-js-snippets";
 import { BotStore } from "../../db/BotStore";
 import { Cache, CACHE_INTEGRATIONS } from "../../MemoryCache";
+import { ROLE_ADMIN, ROLE_USER } from "../security/MatrixSecurity";
 
 interface BotResponse extends BotRequest {
     id: number;
@@ -31,28 +31,30 @@ interface BotProfile {
 @Path("/api/v1/dimension/admin/bots/simple/custom")
 export class AdminCustomSimpleBotService {
 
+    @Context
+    private context: ServiceContext;
+
     @GET
     @Path("all")
-    public async getBots(@QueryParam("scalar_token") scalarToken: string): Promise<BotResponse[]> {
-        await AdminService.validateAndGetAdminTokenOwner(scalarToken);
+    @Security([ROLE_USER, ROLE_ADMIN])
+    public async getBots(): Promise<BotResponse[]> {
         return BotStore.getCustomBots();
     }
 
     @GET
     @Path(":botId")
-    public async getBot(@QueryParam("scalar_token") scalarToken: string, @PathParam("botId") botId: number): Promise<BotResponse> {
-        await AdminService.validateAndGetAdminTokenOwner(scalarToken);
-
+    @Security([ROLE_USER, ROLE_ADMIN])
+    public async getBot(@PathParam("botId") botId: number): Promise<BotResponse> {
         const bot = await BotStore.getCustomBot(botId);
         if (!bot) throw new ApiError(404, "Bot not found");
         return bot;
     }
 
     @POST
     @Path("new")
-    public async createBot(@QueryParam("scalar_token") scalarToken: string, request: BotRequest): Promise<BotResponse> {
-        const userId = await AdminService.validateAndGetAdminTokenOwner(scalarToken);
-
+    @Security([ROLE_USER, ROLE_ADMIN])
+    public async createBot(request: BotRequest): Promise<BotResponse> {
+        const userId = this.context.request.user.userId;
         const bot = await BotStore.createCustom(request);
         LogService.info("AdminCustomSimpleBotService", userId + " created a simple bot");
         Cache.for(CACHE_INTEGRATIONS).clear();
@@ -61,9 +63,9 @@ export class AdminCustomSimpleBotService {
 
     @POST
     @Path(":botId")
-    public async updateBot(@QueryParam("scalar_token") scalarToken: string, @PathParam("botId") botId: number, request: BotRequest): Promise<BotResponse> {
-        const userId = await AdminService.validateAndGetAdminTokenOwner(scalarToken);
-
+    @Security([ROLE_USER, ROLE_ADMIN])
+    public async updateBot(@PathParam("botId") botId: number, request: BotRequest): Promise<BotResponse> {
+        const userId = this.context.request.user.userId;
         const bot = await BotStore.updateCustom(botId, request);
         LogService.info("AdminCustomSimpleBotService", userId + " updated a simple bot");
         Cache.for(CACHE_INTEGRATIONS).clear();
@@ -72,9 +74,9 @@ export class AdminCustomSimpleBotService {
 
     @DELETE
     @Path(":botId")
-    public async deleteBot(@QueryParam("scalar_token") scalarToken: string, @PathParam("botId") botId: number): Promise<any> {
-        const userId = await AdminService.validateAndGetAdminTokenOwner(scalarToken);
-
+    @Security([ROLE_USER, ROLE_ADMIN])
+    public async deleteBot(@PathParam("botId") botId: number): Promise<any> {
+        const userId = this.context.request.user.userId;
         await BotStore.deleteCustom(botId);
         LogService.info("AdminCustomSimpleBotService", userId + " deleted a simple bot");
         Cache.for(CACHE_INTEGRATIONS).clear();
@@ -83,9 +85,8 @@ export class AdminCustomSimpleBotService {
 
     @GET
     @Path("profile/:userId")
-    public async getProfile(@QueryParam("scalar_token") scalarToken: string, @PathParam("userId") userId: string): Promise<BotProfile> {
-        await AdminService.validateAndGetAdminTokenOwner(scalarToken);
-
+    @Security([ROLE_USER, ROLE_ADMIN])
+    public async getProfile(@PathParam("userId") userId: string): Promise<BotProfile> {
         const profile = await BotStore.getProfile(userId);
         return {name: profile.displayName, avatarUrl: profile.avatarMxc};
     }

src/api/admin/AdminGitterService.ts

@@ -1,10 +1,10 @@
-import { GET, Path, PathParam, POST, QueryParam } from "typescript-rest";
-import { AdminService } from "./AdminService";
+import { Context, GET, Path, PathParam, POST, Security, ServiceContext } from "typescript-rest";
 import { Cache, CACHE_GITTER_BRIDGE, CACHE_INTEGRATIONS } from "../../MemoryCache";
 import { LogService } from "matrix-js-snippets";
 import { ApiError } from "../ApiError";
 import GitterBridgeRecord from "../../db/models/GitterBridgeRecord";
 import Upstream from "../../db/models/Upstream";
+import { ROLE_ADMIN, ROLE_USER } from "../security/MatrixSecurity";
 
 interface CreateWithUpstream {
     upstreamId: number;
@@ -27,11 +27,13 @@ interface BridgeResponse {
 @Path("/api/v1/dimension/admin/gitter")
 export class AdminGitterService {
 
+    @Context
+    private context: ServiceContext;
+
     @GET
     @Path("all")
-    public async getBridges(@QueryParam("scalar_token") scalarToken: string): Promise<BridgeResponse[]> {
-        await AdminService.validateAndGetAdminTokenOwner(scalarToken);
-
+    @Security([ROLE_USER, ROLE_ADMIN])
+    public async getBridges(): Promise<BridgeResponse[]> {
         const bridges = await GitterBridgeRecord.findAll();
         return Promise.all(bridges.map(async b => {
             return {
@@ -45,9 +47,8 @@ export class AdminGitterService {
 
     @GET
     @Path(":bridgeId")
-    public async getBridge(@QueryParam("scalar_token") scalarToken: string, @PathParam("bridgeId") bridgeId: number): Promise<BridgeResponse> {
-        await AdminService.validateAndGetAdminTokenOwner(scalarToken);
-
+    @Security([ROLE_USER, ROLE_ADMIN])
+    public async getBridge(@PathParam("bridgeId") bridgeId: number): Promise<BridgeResponse> {
         const telegramBridge = await GitterBridgeRecord.findByPk(bridgeId);
         if (!telegramBridge) throw new ApiError(404, "Gitter Bridge not found");
 
@@ -61,9 +62,9 @@ export class AdminGitterService {
 
     @POST
     @Path(":bridgeId")
-    public async updateBridge(@QueryParam("scalar_token") scalarToken: string, @PathParam("bridgeId") bridgeId: number, request: CreateSelfhosted): Promise<BridgeResponse> {
-        const userId = await AdminService.validateAndGetAdminTokenOwner(scalarToken);
-
+    @Security([ROLE_USER, ROLE_ADMIN])
+    public async updateBridge(@PathParam("bridgeId") bridgeId: number, request: CreateSelfhosted): Promise<BridgeResponse> {
+        const userId = this.context.request.user.userId;
         const bridge = await GitterBridgeRecord.findByPk(bridgeId);
         if (!bridge) throw new ApiError(404, "Bridge not found");
 
@@ -74,14 +75,14 @@ export class AdminGitterService {
 
         Cache.for(CACHE_GITTER_BRIDGE).clear();
         Cache.for(CACHE_INTEGRATIONS).clear();
-        return this.getBridge(scalarToken, bridge.id);
+        return this.getBridge(bridge.id);
     }
 
     @POST
     @Path("new/upstream")
-    public async newConfigForUpstream(@QueryParam("scalar_token") scalarToken: string, request: CreateWithUpstream): Promise<BridgeResponse> {
-        const userId = await AdminService.validateAndGetAdminTokenOwner(scalarToken);
-
+    @Security([ROLE_USER, ROLE_ADMIN])
+    public async newConfigForUpstream(request: CreateWithUpstream): Promise<BridgeResponse> {
+        const userId = this.context.request.user.userId;
         const upstream = await Upstream.findByPk(request.upstreamId);
         if (!upstream) throw new ApiError(400, "Upstream not found");
 
@@ -93,14 +94,14 @@ export class AdminGitterService {
 
         Cache.for(CACHE_GITTER_BRIDGE).clear();
         Cache.for(CACHE_INTEGRATIONS).clear();
-        return this.getBridge(scalarToken, bridge.id);
+        return this.getBridge(bridge.id);
     }
 
     @POST
     @Path("new/selfhosted")
-    public async newSelfhosted(@QueryParam("scalar_token") scalarToken: string, request: CreateSelfhosted): Promise<BridgeResponse> {
-        const userId = await AdminService.validateAndGetAdminTokenOwner(scalarToken);
-
+    @Security([ROLE_USER, ROLE_ADMIN])
+    public async newSelfhosted(request: CreateSelfhosted): Promise<BridgeResponse> {
+        const userId = this.context.request.user.userId;
         const bridge = await GitterBridgeRecord.create({
             provisionUrl: request.provisionUrl,
             isEnabled: true,
@@ -109,6 +110,6 @@ export class AdminGitterService {
 
         Cache.for(CACHE_GITTER_BRIDGE).clear();
         Cache.for(CACHE_INTEGRATIONS).clear();
-        return this.getBridge(scalarToken, bridge.id);
+        return this.getBridge(bridge.id);
     }
 }