From 7ec35bbfb238440caea2874b6aaf0b42de31b152 Mon Sep 17 00:00:00 2001 From: Moriz Wahl Date: Mon, 11 Apr 2022 15:50:02 +0200 Subject: [PATCH 01/16] define context interface --- backend/src/server/context.ts | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/backend/src/server/context.ts b/backend/src/server/context.ts index 6de2adce4..805be90c6 100644 --- a/backend/src/server/context.ts +++ b/backend/src/server/context.ts @@ -1,9 +1,18 @@ /* eslint-disable @typescript-eslint/no-explicit-any */ /* eslint-disable @typescript-eslint/explicit-module-boundary-types */ +import { Role } from '@/auth/Role' +import { User as dbUser } from '@entity/User' -const context = (args: any) => { +export interface Context { + token: string | null + setHeaders: { key: string, value: string }[] + role?: Role + user?: dbUser +} + +const context = (args: any): Context => { const authorization = args.req.headers.authorization - let token = null + let token: string | null = null if (authorization) { token = authorization.replace(/^Bearer /, '') } From 57298a4d3a77a5b9c4c7f1893cdfe8a96fd30de2 Mon Sep 17 00:00:00 2001 From: Moriz Wahl Date: Mon, 11 Apr 2022 15:50:46 +0200 Subject: [PATCH 02/16] use Context interface in user resolver --- backend/src/graphql/directive/isAuthorized.ts | 1 + backend/src/graphql/resolver/UserResolver.ts | 11 +++++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/backend/src/graphql/directive/isAuthorized.ts b/backend/src/graphql/directive/isAuthorized.ts index 84756c45a..5c6d6f6f0 100644 --- a/backend/src/graphql/directive/isAuthorized.ts +++ b/backend/src/graphql/directive/isAuthorized.ts @@ -9,6 +9,7 @@ import { getCustomRepository } from '@dbTools/typeorm' import { UserRepository } from '@repository/User' import { INALIENABLE_RIGHTS } from '@/auth/INALIENABLE_RIGHTS' import { ServerUser } from '@entity/ServerUser' +import { Context } from '@/server/context' const isAuthorized: AuthChecker = async ({ context }, rights) => { context.role = ROLE_UNAUTHORIZED // unauthorized user diff --git a/backend/src/graphql/resolver/UserResolver.ts b/backend/src/graphql/resolver/UserResolver.ts index cacee6fc8..84698fbca 100644 --- a/backend/src/graphql/resolver/UserResolver.ts +++ b/backend/src/graphql/resolver/UserResolver.ts @@ -2,6 +2,7 @@ /* eslint-disable @typescript-eslint/explicit-module-boundary-types */ import fs from 'fs' +import { Context } from '@/server/context' import { Resolver, Query, Args, Arg, Authorized, Ctx, UseMiddleware, Mutation } from 'type-graphql' import { getConnection, getCustomRepository } from '@dbTools/typeorm' import CONFIG from '@/config' @@ -192,9 +193,10 @@ export class UserResolver { @Authorized([RIGHTS.VERIFY_LOGIN]) @Query(() => User) @UseMiddleware(klicktippNewsletterStateMiddleware) - async verifyLogin(@Ctx() context: any): Promise { + async verifyLogin(@Ctx() context: Context): Promise { // TODO refactor and do not have duplicate code with login(see below) const userEntity = context.user + if (!userEntity) throw new Error('No user given!') const user = new User(userEntity) // user.pubkey = userEntity.pubKey.toString('hex') // Elopage Status & Stored PublisherId @@ -218,7 +220,7 @@ export class UserResolver { @UseMiddleware(klicktippNewsletterStateMiddleware) async login( @Args() { email, password, publisherId }: UnsecureLoginArgs, - @Ctx() context: any, + @Ctx() context: Context, ): Promise { email = email.trim().toLowerCase() const dbUser = await DbUser.findOneOrFail({ email }, { withDeleted: true }).catch(() => { @@ -540,9 +542,10 @@ export class UserResolver { passwordNew, coinanimation, }: UpdateUserInfosArgs, - @Ctx() context: any, + @Ctx() context: Context, ): Promise { const userEntity = context.user + if (!userEntity) throw new Error('No user given!') if (firstName) { userEntity.firstName = firstName @@ -619,7 +622,7 @@ export class UserResolver { @Authorized([RIGHTS.HAS_ELOPAGE]) @Query(() => Boolean) - async hasElopage(@Ctx() context: any): Promise { + async hasElopage(@Ctx() context: Context): Promise { const userEntity = context.user if (!userEntity) { return false From e183a9bde030e1f328ffd1f0dc2d95eb76c30d09 Mon Sep 17 00:00:00 2001 From: Moriz Wahl Date: Mon, 11 Apr 2022 15:53:00 +0200 Subject: [PATCH 03/16] remove unused modules --- backend/src/graphql/directive/isAuthorized.ts | 1 - backend/src/server/context.ts | 2 +- backend/src/server/plugins.ts | 3 +-- 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/backend/src/graphql/directive/isAuthorized.ts b/backend/src/graphql/directive/isAuthorized.ts index 5c6d6f6f0..84756c45a 100644 --- a/backend/src/graphql/directive/isAuthorized.ts +++ b/backend/src/graphql/directive/isAuthorized.ts @@ -9,7 +9,6 @@ import { getCustomRepository } from '@dbTools/typeorm' import { UserRepository } from '@repository/User' import { INALIENABLE_RIGHTS } from '@/auth/INALIENABLE_RIGHTS' import { ServerUser } from '@entity/ServerUser' -import { Context } from '@/server/context' const isAuthorized: AuthChecker = async ({ context }, rights) => { context.role = ROLE_UNAUTHORIZED // unauthorized user diff --git a/backend/src/server/context.ts b/backend/src/server/context.ts index 805be90c6..0958449a4 100644 --- a/backend/src/server/context.ts +++ b/backend/src/server/context.ts @@ -5,7 +5,7 @@ import { User as dbUser } from '@entity/User' export interface Context { token: string | null - setHeaders: { key: string, value: string }[] + setHeaders: { key: string; value: string }[] role?: Role user?: dbUser } diff --git a/backend/src/server/plugins.ts b/backend/src/server/plugins.ts index a407135ea..5902a415f 100644 --- a/backend/src/server/plugins.ts +++ b/backend/src/server/plugins.ts @@ -39,7 +39,6 @@ const apolloLogPlugin = ApolloLogPlugin({ }, }) -const plugins = - process.env.NODE_ENV === 'development' ? [setHeadersPlugin] : [setHeadersPlugin, apolloLogPlugin] +const plugins = process.env.NODE_ENV === 'development' ? [setHeadersPlugin] : [setHeadersPlugin] // , apolloLogPlugin export default plugins From 4d09123b0ee78ff7b3b0e9b0fe07724afd6f90d3 Mon Sep 17 00:00:00 2001 From: Moriz Wahl Date: Mon, 11 Apr 2022 15:55:05 +0200 Subject: [PATCH 04/16] remove global no explicit any lint rule --- backend/src/graphql/resolver/UserResolver.ts | 3 --- 1 file changed, 3 deletions(-) diff --git a/backend/src/graphql/resolver/UserResolver.ts b/backend/src/graphql/resolver/UserResolver.ts index ee7371739..05e7f09b8 100644 --- a/backend/src/graphql/resolver/UserResolver.ts +++ b/backend/src/graphql/resolver/UserResolver.ts @@ -1,6 +1,3 @@ -/* eslint-disable @typescript-eslint/no-explicit-any */ -/* eslint-disable @typescript-eslint/explicit-module-boundary-types */ - import fs from 'fs' import { Context } from '@/server/context' import { Resolver, Query, Args, Arg, Authorized, Ctx, UseMiddleware, Mutation } from 'type-graphql' From 9a390c11dbebbae759669d0de041386b298e030c Mon Sep 17 00:00:00 2001 From: Moriz Wahl Date: Mon, 11 Apr 2022 15:57:59 +0200 Subject: [PATCH 05/16] use Context interface in admin resolver --- backend/src/graphql/resolver/AdminResolver.ts | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/backend/src/graphql/resolver/AdminResolver.ts b/backend/src/graphql/resolver/AdminResolver.ts index 1ed0422ef..481fb9bda 100644 --- a/backend/src/graphql/resolver/AdminResolver.ts +++ b/backend/src/graphql/resolver/AdminResolver.ts @@ -1,6 +1,4 @@ -/* eslint-disable @typescript-eslint/no-explicit-any */ -/* eslint-disable @typescript-eslint/explicit-module-boundary-types */ - +import { Context } from '@/server/context' import { Resolver, Query, Arg, Args, Authorized, Mutation, Ctx, Int } from 'type-graphql' import { getCustomRepository, @@ -137,7 +135,7 @@ export class AdminResolver { @Mutation(() => Date, { nullable: true }) async deleteUser( @Arg('userId', () => Int) userId: number, - @Ctx() context: any, + @Ctx() context: Context, ): Promise { const user = await dbUser.findOne({ id: userId }) // user exists ? @@ -146,7 +144,7 @@ export class AdminResolver { } // moderator user disabled own account? const moderatorUser = context.user - if (moderatorUser.id === userId) { + if (moderatorUser && moderatorUser.id === userId) { throw new Error('Moderator can not delete his own account!') } // soft-delete user @@ -309,11 +307,11 @@ export class AdminResolver { @Mutation(() => Boolean) async confirmPendingCreation( @Arg('id', () => Int) id: number, - @Ctx() context: any, + @Ctx() context: Context, ): Promise { const pendingCreation = await AdminPendingCreation.findOneOrFail(id) const moderatorUser = context.user - if (moderatorUser.id === pendingCreation.userId) + if (moderatorUser && moderatorUser.id === pendingCreation.userId) throw new Error('Moderator can not confirm own pending creation') const user = await dbUser.findOneOrFail({ id: pendingCreation.userId }, { withDeleted: true }) From e430ceefa3b2bc51ec365c7f4605568394b7128d Mon Sep 17 00:00:00 2001 From: Moriz Wahl Date: Mon, 11 Apr 2022 15:59:23 +0200 Subject: [PATCH 06/16] remove unused lint rule --- backend/src/graphql/resolver/CommunityResolver.ts | 3 --- 1 file changed, 3 deletions(-) diff --git a/backend/src/graphql/resolver/CommunityResolver.ts b/backend/src/graphql/resolver/CommunityResolver.ts index 1693574cb..c194cdf1a 100644 --- a/backend/src/graphql/resolver/CommunityResolver.ts +++ b/backend/src/graphql/resolver/CommunityResolver.ts @@ -1,6 +1,3 @@ -/* eslint-disable @typescript-eslint/no-explicit-any */ -/* eslint-disable @typescript-eslint/explicit-module-boundary-types */ - import { Resolver, Query, Authorized } from 'type-graphql' import { RIGHTS } from '@/auth/RIGHTS' import CONFIG from '@/config' From 8900592b908c452511fa84db1623799b325f5650 Mon Sep 17 00:00:00 2001 From: Moriz Wahl Date: Mon, 11 Apr 2022 16:03:12 +0200 Subject: [PATCH 07/16] use Context interface in GDT resolver --- backend/src/graphql/resolver/GdtResolver.ts | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/backend/src/graphql/resolver/GdtResolver.ts b/backend/src/graphql/resolver/GdtResolver.ts index e2409160b..db3f2d286 100644 --- a/backend/src/graphql/resolver/GdtResolver.ts +++ b/backend/src/graphql/resolver/GdtResolver.ts @@ -1,6 +1,4 @@ -/* eslint-disable @typescript-eslint/no-explicit-any */ -/* eslint-disable @typescript-eslint/explicit-module-boundary-types */ - +import { Context } from '@/server/context' import { Resolver, Query, Args, Ctx, Authorized, Arg } from 'type-graphql' import CONFIG from '@/config' import { GdtEntryList } from '@model/GdtEntryList' @@ -16,9 +14,10 @@ export class GdtResolver { async listGDTEntries( @Args() { currentPage = 1, pageSize = 5, order = Order.DESC }: Paginated, - @Ctx() context: any, + @Ctx() context: Context, ): Promise { const userEntity = context.user + if (!userEntity) throw new Error('No user given!') try { const resultGDT = await apiGet( @@ -28,15 +27,16 @@ export class GdtResolver { throw new Error(resultGDT.data) } return new GdtEntryList(resultGDT.data) - } catch (err: any) { + } catch (err) { throw new Error('GDT Server is not reachable.') } } @Authorized([RIGHTS.GDT_BALANCE]) @Query(() => Number) - async gdtBalance(@Ctx() context: any): Promise { + async gdtBalance(@Ctx() context: Context): Promise { const { user } = context + if (!user) throw new Error('No user given!') try { const resultGDTSum = await apiPost(`${CONFIG.GDT_API_URL}/GdtEntries/sumPerEmailApi`, { email: user.email, @@ -45,9 +45,9 @@ export class GdtResolver { throw new Error('Call not successful') } return Number(resultGDTSum.data.sum) || 0 - } catch (err: any) { + } catch (err) { // eslint-disable-next-line no-console - console.log('Could not query GDT Server', err) + console.log('Could not query GDT Server') return null } } From 71cb56db0e2b830ba19a0886bd1f19904d11e402 Mon Sep 17 00:00:00 2001 From: Moriz Wahl Date: Mon, 11 Apr 2022 16:04:04 +0200 Subject: [PATCH 08/16] no unused lint instruction --- backend/src/graphql/resolver/KlicktippResolver.ts | 3 --- 1 file changed, 3 deletions(-) diff --git a/backend/src/graphql/resolver/KlicktippResolver.ts b/backend/src/graphql/resolver/KlicktippResolver.ts index d13f1dd8e..ce9a097e2 100644 --- a/backend/src/graphql/resolver/KlicktippResolver.ts +++ b/backend/src/graphql/resolver/KlicktippResolver.ts @@ -1,6 +1,3 @@ -/* eslint-disable @typescript-eslint/no-explicit-any */ -/* eslint-disable @typescript-eslint/explicit-module-boundary-types */ - import { Resolver, Query, Authorized, Arg, Mutation, Args } from 'type-graphql' import { getKlickTippUser, From b0606424d42b94ad9a14ccc4a4310abb6521175e Mon Sep 17 00:00:00 2001 From: Moriz Wahl Date: Mon, 11 Apr 2022 16:08:39 +0200 Subject: [PATCH 09/16] Context interface in transaction link resolver --- .../graphql/resolver/TransactionLinkResolver.ts | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/backend/src/graphql/resolver/TransactionLinkResolver.ts b/backend/src/graphql/resolver/TransactionLinkResolver.ts index 646a7c296..253e13ec6 100644 --- a/backend/src/graphql/resolver/TransactionLinkResolver.ts +++ b/backend/src/graphql/resolver/TransactionLinkResolver.ts @@ -1,6 +1,4 @@ -/* eslint-disable @typescript-eslint/no-explicit-any */ -/* eslint-disable @typescript-eslint/explicit-module-boundary-types */ - +import { Context } from '@/server/context' import { Resolver, Args, Arg, Authorized, Ctx, Mutation, Query, Int } from 'type-graphql' import { TransactionLink } from '@model/TransactionLink' import { TransactionLink as dbTransactionLink } from '@entity/TransactionLink' @@ -38,9 +36,10 @@ export class TransactionLinkResolver { @Mutation(() => TransactionLink) async createTransactionLink( @Args() { amount, memo }: TransactionLinkArgs, - @Ctx() context: any, + @Ctx() context: Context, ): Promise { const { user } = context + if (!user) throw new Error('No user given!') const createdDate = new Date() const validUntil = transactionLinkExpireDate(createdDate) @@ -72,9 +71,10 @@ export class TransactionLinkResolver { @Mutation(() => Boolean) async deleteTransactionLink( @Arg('id', () => Int) id: number, - @Ctx() context: any, + @Ctx() context: Context, ): Promise { const { user } = context + if (!user) throw new Error('No user given!') const transactionLink = await dbTransactionLink.findOne({ id }) if (!transactionLink) { @@ -113,9 +113,10 @@ export class TransactionLinkResolver { async listTransactionLinks( @Args() { currentPage = 1, pageSize = 5, order = Order.DESC }: Paginated, - @Ctx() context: any, + @Ctx() context: Context, ): Promise { const { user } = context + if (!user) throw new Error('No user given!') // const now = new Date() const transactionLinks = await dbTransactionLink.find({ where: { @@ -136,9 +137,10 @@ export class TransactionLinkResolver { @Mutation(() => Boolean) async redeemTransactionLink( @Arg('code', () => String) code: string, - @Ctx() context: any, + @Ctx() context: Context, ): Promise { const { user } = context + if (!user) throw new Error('No user given!') const transactionLink = await dbTransactionLink.findOneOrFail({ code }) const linkedUser = await dbUser.findOneOrFail({ id: transactionLink.userId }) From 6cc8410720eab480caae358469e188b4bd5702a6 Mon Sep 17 00:00:00 2001 From: Moriz Wahl Date: Mon, 11 Apr 2022 16:15:57 +0200 Subject: [PATCH 10/16] helper function to get user from context --- backend/src/graphql/resolver/GdtResolver.ts | 8 +++----- .../graphql/resolver/TransactionLinkResolver.ts | 14 +++++--------- backend/src/graphql/resolver/UserResolver.ts | 8 +++----- backend/src/server/context.ts | 5 +++++ 4 files changed, 16 insertions(+), 19 deletions(-) diff --git a/backend/src/graphql/resolver/GdtResolver.ts b/backend/src/graphql/resolver/GdtResolver.ts index db3f2d286..56a95c9f0 100644 --- a/backend/src/graphql/resolver/GdtResolver.ts +++ b/backend/src/graphql/resolver/GdtResolver.ts @@ -1,4 +1,4 @@ -import { Context } from '@/server/context' +import { Context, getUser } from '@/server/context' import { Resolver, Query, Args, Ctx, Authorized, Arg } from 'type-graphql' import CONFIG from '@/config' import { GdtEntryList } from '@model/GdtEntryList' @@ -16,8 +16,7 @@ export class GdtResolver { { currentPage = 1, pageSize = 5, order = Order.DESC }: Paginated, @Ctx() context: Context, ): Promise { - const userEntity = context.user - if (!userEntity) throw new Error('No user given!') + const userEntity = getUser(context) try { const resultGDT = await apiGet( @@ -35,8 +34,7 @@ export class GdtResolver { @Authorized([RIGHTS.GDT_BALANCE]) @Query(() => Number) async gdtBalance(@Ctx() context: Context): Promise { - const { user } = context - if (!user) throw new Error('No user given!') + const user = getUser(context) try { const resultGDTSum = await apiPost(`${CONFIG.GDT_API_URL}/GdtEntries/sumPerEmailApi`, { email: user.email, diff --git a/backend/src/graphql/resolver/TransactionLinkResolver.ts b/backend/src/graphql/resolver/TransactionLinkResolver.ts index 253e13ec6..733f1db28 100644 --- a/backend/src/graphql/resolver/TransactionLinkResolver.ts +++ b/backend/src/graphql/resolver/TransactionLinkResolver.ts @@ -1,4 +1,4 @@ -import { Context } from '@/server/context' +import { Context, getUser } from '@/server/context' import { Resolver, Args, Arg, Authorized, Ctx, Mutation, Query, Int } from 'type-graphql' import { TransactionLink } from '@model/TransactionLink' import { TransactionLink as dbTransactionLink } from '@entity/TransactionLink' @@ -38,8 +38,7 @@ export class TransactionLinkResolver { @Args() { amount, memo }: TransactionLinkArgs, @Ctx() context: Context, ): Promise { - const { user } = context - if (!user) throw new Error('No user given!') + const user = getUser(context) const createdDate = new Date() const validUntil = transactionLinkExpireDate(createdDate) @@ -73,8 +72,7 @@ export class TransactionLinkResolver { @Arg('id', () => Int) id: number, @Ctx() context: Context, ): Promise { - const { user } = context - if (!user) throw new Error('No user given!') + const user = getUser(context) const transactionLink = await dbTransactionLink.findOne({ id }) if (!transactionLink) { @@ -115,8 +113,7 @@ export class TransactionLinkResolver { { currentPage = 1, pageSize = 5, order = Order.DESC }: Paginated, @Ctx() context: Context, ): Promise { - const { user } = context - if (!user) throw new Error('No user given!') + const user = getUser(context) // const now = new Date() const transactionLinks = await dbTransactionLink.find({ where: { @@ -139,8 +136,7 @@ export class TransactionLinkResolver { @Arg('code', () => String) code: string, @Ctx() context: Context, ): Promise { - const { user } = context - if (!user) throw new Error('No user given!') + const user = getUser(context) const transactionLink = await dbTransactionLink.findOneOrFail({ code }) const linkedUser = await dbUser.findOneOrFail({ id: transactionLink.userId }) diff --git a/backend/src/graphql/resolver/UserResolver.ts b/backend/src/graphql/resolver/UserResolver.ts index 05e7f09b8..137c09622 100644 --- a/backend/src/graphql/resolver/UserResolver.ts +++ b/backend/src/graphql/resolver/UserResolver.ts @@ -1,5 +1,5 @@ import fs from 'fs' -import { Context } from '@/server/context' +import { Context, getUser } from '@/server/context' import { Resolver, Query, Args, Arg, Authorized, Ctx, UseMiddleware, Mutation } from 'type-graphql' import { getConnection, getCustomRepository } from '@dbTools/typeorm' import CONFIG from '@/config' @@ -192,8 +192,7 @@ export class UserResolver { @UseMiddleware(klicktippNewsletterStateMiddleware) async verifyLogin(@Ctx() context: Context): Promise { // TODO refactor and do not have duplicate code with login(see below) - const userEntity = context.user - if (!userEntity) throw new Error('No user given!') + const userEntity = getUser(context) const user = new User(userEntity) // user.pubkey = userEntity.pubKey.toString('hex') // Elopage Status & Stored PublisherId @@ -541,8 +540,7 @@ export class UserResolver { }: UpdateUserInfosArgs, @Ctx() context: Context, ): Promise { - const userEntity = context.user - if (!userEntity) throw new Error('No user given!') + const userEntity = getUser(context) if (firstName) { userEntity.firstName = firstName diff --git a/backend/src/server/context.ts b/backend/src/server/context.ts index 0958449a4..ffe90aca2 100644 --- a/backend/src/server/context.ts +++ b/backend/src/server/context.ts @@ -23,4 +23,9 @@ const context = (args: any): Context => { return context } +export const getUser = (context: Context): dbUser => { + if (context.user) return context.user + throw new Error('No user given in context!') +} + export default context From 00bba07b11c4de3cdd4ab7429373271f8a101d9e Mon Sep 17 00:00:00 2001 From: Moriz Wahl Date: Mon, 11 Apr 2022 16:22:09 +0200 Subject: [PATCH 11/16] define hack to pass already queried data to balance resolver --- backend/src/server/context.ts | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/backend/src/server/context.ts b/backend/src/server/context.ts index ffe90aca2..f764c2876 100644 --- a/backend/src/server/context.ts +++ b/backend/src/server/context.ts @@ -2,12 +2,19 @@ /* eslint-disable @typescript-eslint/explicit-module-boundary-types */ import { Role } from '@/auth/Role' import { User as dbUser } from '@entity/User' +import { Transaction as dbTransaction } from '@entity/Transaction' +import Decimal from 'decimal.js-light' export interface Context { token: string | null setHeaders: { key: string; value: string }[] role?: Role user?: dbUser + // hack to use less DB calls for Balance Resolver + lastTransaction?: dbTransaction + transactionCount?: number + linkCount?: number + sumHoldAvailableAmount?: Decimal } const context = (args: any): Context => { From d7bec83d25adf1d9bac1db8dcaa09522cb83f480 Mon Sep 17 00:00:00 2001 From: Moriz Wahl Date: Mon, 11 Apr 2022 16:22:32 +0200 Subject: [PATCH 12/16] use Context interface in Transaction resolver --- backend/src/graphql/resolver/TransactionResolver.ts | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/backend/src/graphql/resolver/TransactionResolver.ts b/backend/src/graphql/resolver/TransactionResolver.ts index 8747f14a3..540ab8fcf 100644 --- a/backend/src/graphql/resolver/TransactionResolver.ts +++ b/backend/src/graphql/resolver/TransactionResolver.ts @@ -1,8 +1,7 @@ /* eslint-disable new-cap */ -/* eslint-disable @typescript-eslint/no-explicit-any */ -/* eslint-disable @typescript-eslint/explicit-module-boundary-types */ /* eslint-disable @typescript-eslint/no-non-null-assertion */ +import { Context, getUser } from '@/server/context' import { Resolver, Query, Args, Authorized, Ctx, Mutation } from 'type-graphql' import { getCustomRepository, getConnection } from '@dbTools/typeorm' @@ -147,10 +146,10 @@ export class TransactionResolver { async transactionList( @Args() { currentPage = 1, pageSize = 25, order = Order.DESC }: Paginated, - @Ctx() context: any, + @Ctx() context: Context, ): Promise { const now = new Date() - const user = context.user + const user = getUser(context) // find current balance const lastTransaction = await dbTransaction.findOne( @@ -247,10 +246,10 @@ export class TransactionResolver { @Mutation(() => String) async sendCoins( @Args() { email, amount, memo }: TransactionSendArgs, - @Ctx() context: any, + @Ctx() context: Context, ): Promise { // TODO this is subject to replay attacks - const senderUser = context.user + const senderUser = getUser(context) if (senderUser.pubKey.length !== 32) { throw new Error('invalid sender public key') } From 902dce63905701bdd20a73bc3337c871c59673bb Mon Sep 17 00:00:00 2001 From: Moriz Wahl Date: Mon, 11 Apr 2022 16:24:38 +0200 Subject: [PATCH 13/16] Context interface in balance resolver --- backend/src/graphql/resolver/BalanceResolver.ts | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/backend/src/graphql/resolver/BalanceResolver.ts b/backend/src/graphql/resolver/BalanceResolver.ts index f30e779e5..7cbd455cb 100644 --- a/backend/src/graphql/resolver/BalanceResolver.ts +++ b/backend/src/graphql/resolver/BalanceResolver.ts @@ -1,6 +1,4 @@ -/* eslint-disable @typescript-eslint/no-explicit-any */ -/* eslint-disable @typescript-eslint/explicit-module-boundary-types */ - +import { Context, getUser } from '@/server/context' import { Resolver, Query, Ctx, Authorized } from 'type-graphql' import { Balance } from '@model/Balance' import { calculateDecay } from '@/util/decay' @@ -16,8 +14,8 @@ import { TransactionLinkRepository } from '@repository/TransactionLink' export class BalanceResolver { @Authorized([RIGHTS.BALANCE]) @Query(() => Balance) - async balance(@Ctx() context: any): Promise { - const { user } = context + async balance(@Ctx() context: Context): Promise { + const user = getUser(context) const now = new Date() const gdtResolver = new GdtResolver() From 71d170110259da8aba824fb571f2cacc6882031d Mon Sep 17 00:00:00 2001 From: Moriz Wahl Date: Mon, 11 Apr 2022 16:31:21 +0200 Subject: [PATCH 14/16] undo apollo log plugin hack --- backend/src/server/plugins.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/backend/src/server/plugins.ts b/backend/src/server/plugins.ts index 5902a415f..a407135ea 100644 --- a/backend/src/server/plugins.ts +++ b/backend/src/server/plugins.ts @@ -39,6 +39,7 @@ const apolloLogPlugin = ApolloLogPlugin({ }, }) -const plugins = process.env.NODE_ENV === 'development' ? [setHeadersPlugin] : [setHeadersPlugin] // , apolloLogPlugin +const plugins = + process.env.NODE_ENV === 'development' ? [setHeadersPlugin] : [setHeadersPlugin, apolloLogPlugin] export default plugins From f752d8d0450cb049daf091c43083c6aeaf67a3c0 Mon Sep 17 00:00:00 2001 From: Moriz Wahl Date: Mon, 11 Apr 2022 17:25:59 +0200 Subject: [PATCH 15/16] type ExpressContext --- backend/src/server/context.ts | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/backend/src/server/context.ts b/backend/src/server/context.ts index f764c2876..d9fd55fe4 100644 --- a/backend/src/server/context.ts +++ b/backend/src/server/context.ts @@ -1,9 +1,8 @@ -/* eslint-disable @typescript-eslint/no-explicit-any */ -/* eslint-disable @typescript-eslint/explicit-module-boundary-types */ import { Role } from '@/auth/Role' import { User as dbUser } from '@entity/User' import { Transaction as dbTransaction } from '@entity/Transaction' import Decimal from 'decimal.js-light' +import { ExpressContext } from 'apollo-server-express' export interface Context { token: string | null @@ -17,7 +16,7 @@ export interface Context { sumHoldAvailableAmount?: Decimal } -const context = (args: any): Context => { +const context = (args: ExpressContext): Context => { const authorization = args.req.headers.authorization let token: string | null = null if (authorization) { From de6421201dd593dd5815c16b10e8827770dc56b8 Mon Sep 17 00:00:00 2001 From: Moriz Wahl Date: Tue, 12 Apr 2022 19:04:29 +0200 Subject: [PATCH 16/16] use getUser helper to get moderator form context --- backend/src/graphql/resolver/AdminResolver.ts | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/backend/src/graphql/resolver/AdminResolver.ts b/backend/src/graphql/resolver/AdminResolver.ts index 481fb9bda..7ca3460ee 100644 --- a/backend/src/graphql/resolver/AdminResolver.ts +++ b/backend/src/graphql/resolver/AdminResolver.ts @@ -1,4 +1,4 @@ -import { Context } from '@/server/context' +import { Context, getUser } from '@/server/context' import { Resolver, Query, Arg, Args, Authorized, Mutation, Ctx, Int } from 'type-graphql' import { getCustomRepository, @@ -143,8 +143,8 @@ export class AdminResolver { throw new Error(`Could not find user with userId: ${userId}`) } // moderator user disabled own account? - const moderatorUser = context.user - if (moderatorUser && moderatorUser.id === userId) { + const moderatorUser = getUser(context) + if (moderatorUser.id === userId) { throw new Error('Moderator can not delete his own account!') } // soft-delete user @@ -310,8 +310,8 @@ export class AdminResolver { @Ctx() context: Context, ): Promise { const pendingCreation = await AdminPendingCreation.findOneOrFail(id) - const moderatorUser = context.user - if (moderatorUser && moderatorUser.id === pendingCreation.userId) + const moderatorUser = getUser(context) + if (moderatorUser.id === pendingCreation.userId) throw new Error('Moderator can not confirm own pending creation') const user = await dbUser.findOneOrFail({ id: pendingCreation.userId }, { withDeleted: true })