|
| 1 | +import type { ValidatedEventAPIGatewayProxyEvent } from '@libs/api-gateway'; |
| 2 | +import { middyfy } from '@libs/lambda'; |
| 3 | + |
| 4 | +import schema from './schema'; |
| 5 | + |
| 6 | +import { ensureRoles, MongoDB, validateToken } from '../../../util'; |
| 7 | +import type { UserDocument, TeamDocument } from '../../../types'; |
| 8 | + |
| 9 | +import * as path from 'path'; |
| 10 | +import * as dotenv from 'dotenv'; |
| 11 | +dotenv.config({ path: path.resolve(process.cwd(), '.env') }); |
| 12 | + |
| 13 | +const teamsRead: ValidatedEventAPIGatewayProxyEvent<typeof schema> = async (event) => { |
| 14 | + try { |
| 15 | + // Validate auth token |
| 16 | + const isValidToken = validateToken(event.body.auth_token, process.env.JWT_SECRET, event.body.auth_email); |
| 17 | + if (!isValidToken) { |
| 18 | + return { |
| 19 | + statusCode: 401, |
| 20 | + body: JSON.stringify({ |
| 21 | + statusCode: 401, |
| 22 | + message: 'Unauthorized', |
| 23 | + }), |
| 24 | + }; |
| 25 | + } |
| 26 | + |
| 27 | + // Connect to database |
| 28 | + const db = MongoDB.getInstance(process.env.MONGO_URI); |
| 29 | + await db.connect(); |
| 30 | + const users = db.getCollection<UserDocument>('users'); |
| 31 | + const teams = db.getCollection<TeamDocument>('teams'); |
| 32 | + |
| 33 | + // Check if auth user exists |
| 34 | + const authUser = await users.findOne({ email: event.body.auth_email.toLowerCase() }); |
| 35 | + if (!authUser) { |
| 36 | + return { |
| 37 | + statusCode: 404, |
| 38 | + body: JSON.stringify({ |
| 39 | + statusCode: 404, |
| 40 | + message: 'Auth user not found', |
| 41 | + }), |
| 42 | + }; |
| 43 | + } |
| 44 | + |
| 45 | + let teamId = event.body.team_id; |
| 46 | + |
| 47 | + // Determine auth user permissions |
| 48 | + const isOrganizer = ensureRoles(authUser.role, ['director', 'organizer']); |
| 49 | + if ( |
| 50 | + ((teamId && authUser.team_info?.team_id !== teamId) || |
| 51 | + (!teamId && event.body.auth_email !== event.body.member_email)) && |
| 52 | + !isOrganizer |
| 53 | + ) { |
| 54 | + return { |
| 55 | + statusCode: 401, |
| 56 | + body: JSON.stringify({ |
| 57 | + statusCode: 401, |
| 58 | + message: 'Unauthorized', |
| 59 | + }), |
| 60 | + }; |
| 61 | + } |
| 62 | + |
| 63 | + // Fetch team id if member_email specified |
| 64 | + if (!teamId) { |
| 65 | + const teamUser = await users.findOne({ email: event.body.member_email.toLowerCase() }); |
| 66 | + if (!teamUser) { |
| 67 | + return { |
| 68 | + statusCode: 404, |
| 69 | + body: JSON.stringify({ |
| 70 | + statusCode: 404, |
| 71 | + message: 'Team user not found', |
| 72 | + }), |
| 73 | + }; |
| 74 | + } |
| 75 | + |
| 76 | + if (!teamUser.team_info?.team_id) { |
| 77 | + return { |
| 78 | + statusCode: 404, |
| 79 | + body: JSON.stringify({ |
| 80 | + statusCode: 404, |
| 81 | + message: `User (${event.body.member_email}) is not in an active team`, |
| 82 | + }), |
| 83 | + }; |
| 84 | + } |
| 85 | + |
| 86 | + teamId = teamUser.team_info.team_id; |
| 87 | + } |
| 88 | + |
| 89 | + // Fetch team and validate status |
| 90 | + const team = await teams.findOne({ team_id: teamId }); |
| 91 | + if (!team) { |
| 92 | + return { |
| 93 | + statusCode: 404, |
| 94 | + body: JSON.stringify({ |
| 95 | + statusCode: 404, |
| 96 | + message: 'Team not found', |
| 97 | + }), |
| 98 | + }; |
| 99 | + } |
| 100 | + |
| 101 | + if (team.status !== 'Active') { |
| 102 | + return { |
| 103 | + statusCode: 400, |
| 104 | + body: JSON.stringify({ |
| 105 | + statusCode: 400, |
| 106 | + message: 'Team is not active', |
| 107 | + }), |
| 108 | + }; |
| 109 | + } |
| 110 | + |
| 111 | + // Return team data |
| 112 | + return { |
| 113 | + statusCode: 200, |
| 114 | + body: JSON.stringify({ |
| 115 | + statusCode: 200, |
| 116 | + message: 'Successfully read team', |
| 117 | + team, |
| 118 | + }), |
| 119 | + }; |
| 120 | + } catch (error) { |
| 121 | + console.error('Error reading team:', error); |
| 122 | + |
| 123 | + return { |
| 124 | + statusCode: 500, |
| 125 | + body: JSON.stringify({ |
| 126 | + statusCode: 500, |
| 127 | + message: 'Internal Server Error', |
| 128 | + error: error.message, |
| 129 | + }), |
| 130 | + }; |
| 131 | + } |
| 132 | +}; |
| 133 | + |
| 134 | +export const main = middyfy(teamsRead); |
0 commit comments