cve-services/src/controller/conversation.controller/conversation.controller.js at abc50733c7e118a836faf20273798f4f1fb7b321 · CVEProject/cve-services · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
const mongoose = require('mongoose')
const logger = require('../../middleware/logger')
const getConstants = require('../../../src/constants').getConstants
const CONSTANTS = getConstants()
const errors = require('./error')
const error = new errors.ConversationControllerError()

async function getAllConversations (req, res, next) {
  const repo = req.ctx.repositories.getConversationRepository()

  // temporary measure to allow tests to work after fixing #920
  // tests required changing the global limit to force pagination
  if (req.TEST_PAGINATOR_LIMIT) {
    CONSTANTS.PAGINATOR_OPTIONS.limit = req.TEST_PAGINATOR_LIMIT
  }

  const options = CONSTANTS.PAGINATOR_OPTIONS
  options.sort = { posted_at: 'desc' }

  const response = await repo.getAll(options)
  return res.status(200).json(response)
}

async function getConversationsForTargetUUID (req, res, next) {
  const repo = req.ctx.repositories.getConversationRepository()
  const targetUUID = req.params.uuid

  const response = await repo.getAllByTargetUUID(targetUUID, true)
  return res.status(200).json(response)
}

async function createConversationForTargetUUID (req, res, next) {
  const session = await mongoose.startSession()

  try {
    session.startTransaction()

    const repo = req.ctx.repositories.getConversationRepository()
    const userRepo = req.ctx.repositories.getBaseUserRepository()
    const orgRepo = req.ctx.repositories.getBaseOrgRepository()
    const requesterOrg = req.ctx.org
    const requesterUsername = req.ctx.user
    const targetUUID = req.params.uuid
    const body = req.body

    const user = await userRepo.findOneByUsernameAndOrgShortname(requesterUsername, requesterOrg, { session })

    if (typeof body !== 'object' || !body.body || !repo.validateConversation(body)) {
      return res.status(400).json(error.invalidConversationObject())
    }

    const isSecretariat = await orgRepo.isSecretariatByShortName(req.ctx.org)

    if (!isSecretariat) {
      const orgUUID = await orgRepo.getOrgUUID(req.ctx.org)
      if (targetUUID !== orgUUID) {
        return res.status(403).json({ error: 'UNAUTHORIZED', message: 'Unauthorized' })
      }
    }

    const result = await repo.createConversation(targetUUID, body, user, isSecretariat, { session })
    await session.commitTransaction()
    if (!result) {
      return res.status(500).json({ message: 'Failed to create conversation' })
    }
    return res.status(200).json(result)
  } catch (err) {
    if (session && session.inTransaction()) {
      await session.abortTransaction()
    }
    next(err)
  } finally {
    if (session && session.id) {
      // Check if session is still valid before trying to end
      try {
        await session.endSession()
      } catch (sessionEndError) {
        logger.error({
          uuid: req.ctx.uuid,
          message: 'Error ending session in finally block',
          error: sessionEndError
        })
      }
    }
  }
}

async function updateConversationByUUID (req, res, next) {
  const session = await mongoose.startSession()

  try {
    session.startTransaction()

    const repo = req.ctx.repositories.getConversationRepository()
    const conversationUUID = req.params.uuid
    const body = req.body

    // Check if conversation exists
    const conversation = await repo.findOneByUUID(conversationUUID, { session })
    if (!conversation) {
      logger.info({ uuid: req.ctx.uuid, message: `No conversation found with UUID ${conversationUUID}` })
      return res.status(404).json(error.conversationDne(conversationUUID))
    }

    // Validate body
    if (typeof body !== 'object' || !(body.body || body.visibility) || !repo.validateConversation(body)) {
      logger.info({ uuid: req.ctx.uuid, message: 'The conversation could not be edited because the request body was invalid.' })
      return res.status(400).json(error.invalidConversationEditObject())
    }

    const result = await repo.editConversation(conversationUUID, body, { session })
    await session.commitTransaction()
    return res.status(200).json(result)
  } catch (err) {
    if (session && session.inTransaction()) {
      await session.abortTransaction()
    }
    next(err)
  } finally {
    if (session && session.id) {
      // Check if session is still valid before trying to end
      try {
        await session.endSession()
      } catch (sessionEndError) {
        logger.error({
          uuid: req.ctx.uuid,
          message: 'Error ending session in finally block',
          error: sessionEndError
        })
      }
    }
  }
}

module.exports = {
  getAllConversations,
  getConversationsForTargetUUID,
  createConversationForTargetUUID,
  updateConversationByUUID
}