diff --git a/.editorconfig b/.editorconfig
new file mode 100644
index 0000000..8d43bbb
--- /dev/null
+++ b/.editorconfig
@@ -0,0 +1,12 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+end_of_line = lf
+# editorconfig-tools is unable to ignore longs strings or urls
+max_line_length = off
+
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..be30c8c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,85 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (http://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# Typescript v1 declaration files
+typings/
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# dotenv environment variables file
+.env
+.env.mcm
+
+# gatsby files
+.cache/
+
+# Mac files
+.DS_Store
+
+# Yarn
+yarn-error.log
+.pnp/
+.pnp.js
+# Yarn Integrity file
+.yarn-integrity
+/.idea/
+
+# MCM
+.secrets
+.scannerwork
+.env.bat
+
+### IDE ###
+.vscode/
+.terminals.json
+.launch.json
+.package-lock.json
+
+# test and debug file
+api-manifest.yml
+idp-manifest.yml
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..8acd150
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,63 @@
+#### WORKFLOW ####
+workflow:
+ rules:
+ - if: $CI_COMMIT_TAG
+ when: never
+ - if: $CI_PIPELINE_SOURCE == 'merge_request_event' && '$CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH'
+ when: never
+ - when: always
+
+#### STAGES ####
+stages:
+ # Prepare context for build stages: fetch thirdparty source code, compile build tools, etc.
+ - prepare
+ # Compile, generally turn source code into derived objects
+ - pre-image
+ # Build source code
+ - build
+ # Build, tag and push container images
+ - image
+ # # First level of testing e.g. unit tests
+ - test
+ # Prepare additional deployment descriptors e.g. K8s manifests, Helm charts, etc.
+ #- bundle
+ - verify
+ - verify-all
+ # Deploy to development environment, from feature branch, time-limited (24 hrs)
+ - deploy-preview
+ # Deploy to testing environment, from feature branch, time-limited (24 hrs)
+ - deploy-testing
+ - smoke-test
+ - integration-test
+ - functional-test
+ # Stage to clean data, sast, rollback version or play api documentation
+ - utils
+ # Remove not wanted files or directory for publication
+ - publication
+ # Push build images from RC
+ - helm-push-image
+ # Push gitlab source to cloud
+ - helm-gitlab
+ # Package the helm
+ - helm-package
+ # Publish to public repo
+ - cleanup
+
+#### INCLUDES ####
+include:
+ - local: "commons/.gitlab-ci.yml"
+ - local: "api/.gitlab-ci.yml"
+ - local: "idp/.gitlab-ci.yml"
+ - local: "administration/.gitlab-ci.yml"
+ - local: "s3/.gitlab-ci.yml"
+ - local: "vault/.gitlab-ci.yml"
+ - local: "analytics/.gitlab-ci.yml"
+ - local: "test/.gitlab-ci.yml"
+ - local: "website/.gitlab-ci.yml"
+ - local: "simulation-maas/.gitlab-ci.yml"
+ - local: "antivirus/.gitlab-ci.yml"
+ - local: "mailhog/.gitlab-ci.yml"
+ - local: "bus/.gitlab-ci.yml"
+ - local: "publication/.gitlab-ci.yml"
+ # rules:
+ # - if: $CI_COMMIT_BRANCH =~ /rc-.*/ && $CI_PIPELINE_SOURCE != "trigger" && $CI_PIPELINE_SOURCE != "schedule"
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 49fdee2..fed1747 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,26 +6,28 @@ Le versionning des releases suit le [semantic versioning](http://semver.org).
### 1.10.0
- [X] Version production octobre 2022
- #### Identification / Authentification
+ #### Identification / Authentification du Citoyen
- [X] Création de compte Citoyen
- [X] Authentification sur le site
- [X] Gestion du consentement (partage des données, demande de portabilité)
-- [X] Affiliations salariés / employeurs financeurs
-- [X] Gestion des communautés financeur
-- [X] Création de compte Financeur (gestionnaire / superviseur)
-- [X] ...
+- [X] Association du compte MaaS au compte moB
+- [X] Affiliation salarié à une entreprise financeur
#### Dispositifs d'incitation (i.e. Aides)
-- [X] Creation / Edition des aides
-- [X] Visualiser les aides disponibles (nationales / territoriales / employeur)
-- [X] ...
+- [X] Creation / Edition des aides du catalogue, qu'elles soient souscriptibles en externe ou directement dans moB
+- [X] Visualisation des aides disponibles (nationales / territoriales / employeur)
#### Souscriptions
-- [X] Réceptionner les données de souscription à une aide du citoyen
+- [X] Souscription à une aide à la mobilité en fournissant les justificatifs demandés ou communiqués
+- [X] Réception des données de souscription à une aide du citoyen
- [X] Traitement de pièces justificatives attachés à une souscription
- [X] Reconstitution de justificatifs à partir de données de facture de fournisseur de service de mobilités
-- [X] ...
- #### Reportings
-- [X] Tableau de bord financeur sur le nombre de souscriptions
-- [X] Tableau de bord citoyen
+- [X] Notification des différents états de traitement de la souscription par e-mail et sur le tableau de bord citoyen
+ #### Back-office Financeur
+- [X] Création de compte Financeur (gestionnaire / superviseur)
+- [X] Validation des demandes d'affiliations des citoyens salariés
+- [X] Consultation et traitement par le gestionnaire financeur des souscriptions
+- [X] Gestion des communautés
+- [X] Tableau de bord financeur sur le nombre de souscriptions validées et par aide, et d'autres indicateurs de suivi de pilotage de la politique de mobilité
+- [X] Intégration du Système d'Information Ressources Humaines pour permettre le traitement des souscriptions dans l'outil existant du financeur
#### Autres fonctionnalités
- [X] Publication Opensource
- [X] Audit du code et de l'infrastructure
diff --git a/README.md b/README.md
index c2e3402..066901b 100644
--- a/README.md
+++ b/README.md
@@ -1,14 +1,14 @@
> **Note** : La publication du code sera échelonnée en plusieurs parties et accompagné de documents permettant à l’usager d’appréhender facilement les éléments partagés. Basé un mode de fonctionnement agile, les éléments constitutifs du projet sont susceptibles d’évoluer au fil de l’eau, en amont de tout déploiement éventuel, du fait : des retours des tests, de la prise en compte de l'ensemble des exigences en matière d'accessibilité, de la précision des éléments légaux, de tout autre élément susceptible de conduire à des modifications.
# Rappel du contexte
-Le programme Mon Compte Mobilité, porté par Capgemini Invent et la Fabrique des Mobilité, est une plateforme de services neutre qui facilite les relations entre citoyens, employeurs, collectivités et opérateurs de mobilité autour d’un compte personnel de mobilité et d'une passerelle (i.e. Gateway) d'échanges de services standardisés à destination des MaaS. Son ambition est d’accélérer les mutations des mobilités pour réduire massivement l’autosolisme et encourager l’utilisation des mobilités douces.
+Le programme Mon Compte Mobilité, porté par Capgemini Invent et la Fabrique des Mobilité, est une plateforme de services neutre qui facilite les relations entre citoyens, employeurs, collectivités et opérateurs de mobilité autour d’un compte personnel de mobilité et d'une passerelle (i.e. Gateway) d'échanges de services standardisés à destination des MaaS. Son ambition est d’accélérer les mutations des mobilités pour réduire massivement l’autosolisme et encourager l’utilisation des mobilités douces.
Ce programme répond parfaitement à une des propositions de la convention citoyenne : mettre en place un portail unique permettant de savoir à tout moment, rapidement et simplement, quels sont les moyens et dispositifs existants sur un territoire pour se déplacer.
Le projet Mon Compte Mobilité est lauréat de l’appel à projet pour des programmes de Certificats d’économie d’énergie par l’arrêté du 27 février 2020, et publié au journal officiel le 8 mars 2020.
Mon Compte Mobilité (ou **moB**) est un compte unique pour chaque utilisateur qui permet :
-- A chaque citoyen de visualiser les dispositifs d’incitation nationaux, de sa collectivité ou son employeur pour en bénéficier comme il le souhaite auprès des différentes offres de mobilité et de gérer son consentement à la portabilité de ses données personnelles
-- A chaque entreprise de paramétrer et mettre en œuvre la politique de mobilité qu’elle souhaite pour ses collaborateurs
+- A chaque citoyen de visualiser les dispositifs d’incitation nationaux, de sa collectivité ou son employeur pour en bénéficier comme il le souhaite auprès des différentes offres de mobilité et de gérer son consentement à la portabilité de ses données personnelles
+- A chaque entreprise de paramétrer et mettre en œuvre la politique de mobilité qu’elle souhaite pour ses collaborateurs
- A chaque AOM (Autorité Organisatrice de la Mobilité) de créer et piloter ses politiques d’incitation pour encourager l’utilisation de modes de mobilité plus durables sur son territoire
- A chaque opérateur de mobilité (MSP, Mobility Service Provider) de mettre en visibilité ses offres et de faciliter l’utilisation des incitatifs sur celles-ci, et de contribuer à la politique incitative de mobilité durable des territoires
@@ -49,7 +49,7 @@ Merci de vous référer au fichier dédié : [LICENSE.txt](https://github.com/fa
# Périmètre de la publication
-La présente publication sera complétée le 18 novembre 2022. Seront alors publiées les fonctionnalités de Mon Compte Mobilité ayant pour vocation de
+La présente publication sera complétée le 18 novembre 2022. Seront alors publiées les fonctionnalités de Mon Compte Mobilité ayant pour vocation de
Permettre à l’Utilisateur non-authentifié :
- D’accéder au catalogue d’aides publiques proposées par les Territoires partenaires
diff --git a/administration/.eslintignore b/administration/.eslintignore
new file mode 100644
index 0000000..06d792d
--- /dev/null
+++ b/administration/.eslintignore
@@ -0,0 +1,2 @@
+*.css
+*.svg
diff --git a/administration/.eslintrc.js b/administration/.eslintrc.js
new file mode 100644
index 0000000..e62a310
--- /dev/null
+++ b/administration/.eslintrc.js
@@ -0,0 +1,86 @@
+module.exports = {
+ extends: [
+ 'airbnb-typescript',
+ 'airbnb/hooks',
+ 'plugin:@typescript-eslint/recommended',
+ 'plugin:jest/recommended',
+ 'prettier',
+ 'plugin:prettier/recommended',
+ ],
+ plugins: ['react', '@typescript-eslint', 'jest', 'react-hooks'],
+ env: {
+ browser: true,
+ es2021: true,
+ },
+ parser: '@typescript-eslint/parser',
+ parserOptions: {
+ ecmaFeatures: {
+ jsx: true,
+ },
+ ecmaVersion: 12,
+ sourceType: 'module',
+ project: ['./tsconfig.json'],
+ },
+ rules: {
+ "@typescript-eslint/no-explicit-any": "off",
+ "@typescript-eslint/no-non-null-asserted-optional-chain" : "off",
+ "@typescript-eslint/no-non-null-assertion" : "off",
+ 'max-len': 0,
+ 'react/prop-types': 0,
+ 'prettier/prettier': [
+ 'error',
+ { endOfLine: 'auto' },
+ { singleQuote: true },
+ ],
+ '@typescript-eslint/explicit-function-return-type': 'off',
+ 'react/jsx-filename-extension': [2, { extensions: ['.jsx', '.tsx'] }],
+ 'react/jsx-one-expression-per-line': 0,
+ '@typescript-eslint/ban-ts-comment': 'off',
+ 'react/jsx-props-no-spreading': 'off',
+ 'no-use-before-define': 'off',
+ '@typescript-eslint/no-use-before-define': ['error'],
+ 'react/jsx-filename-extension': [
+ 'warn',
+ {
+ extensions: ['.tsx'],
+ },
+ ],
+ 'import/extensions': [
+ 'error',
+ 'ignorePackages',
+ {
+ ts: 'never',
+ tsx: 'never',
+ },
+ ],
+ 'import/no-extraneous-dependencies': [
+ 'error',
+ {
+ devDependencies: ['**/*.test.tsx', '*/jest-configs/*'],
+ },
+ ],
+ 'no-shadow': 'off',
+ '@typescript-eslint/no-shadow': ['error'],
+ '@typescript-eslint/explicit-function-return-type': [
+ 'error',
+ {
+ allowExpressions: true,
+ },
+ ],
+ 'max-len': [
+ 'warn',
+ {
+ code: 80,
+ },
+ ],
+ 'react-hooks/rules-of-hooks': 'error',
+ 'react-hooks/exhaustive-deps': 'warn',
+ 'import/prefer-default-export': 'off',
+ 'react/prop-types': 'off',
+ },
+ settings: {
+ 'import/resolver': {
+ typescript: {},
+ },
+ },
+};
diff --git a/administration/.gitignore b/administration/.gitignore
new file mode 100644
index 0000000..48c9383
--- /dev/null
+++ b/administration/.gitignore
@@ -0,0 +1,24 @@
+# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
+
+# dependencies
+/node_modules
+/.pnp
+.pnp.js
+/public/keycloak.json
+
+# testing
+/coverage
+
+# production
+/build
+
+# misc
+.DS_Store
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
diff --git a/administration/.gitlab-ci.yml b/administration/.gitlab-ci.yml
new file mode 100644
index 0000000..32a193a
--- /dev/null
+++ b/administration/.gitlab-ci.yml
@@ -0,0 +1,58 @@
+include:
+ - local: 'administration/.gitlab-ci/preview.yml'
+ rules:
+ - if: $CI_COMMIT_BRANCH !~ /rc-.*/ && $CI_PIPELINE_SOURCE != "trigger" && $CI_PIPELINE_SOURCE != "schedule"
+ - local: 'administration/.gitlab-ci/testing.yml'
+ rules:
+ - if: $CI_COMMIT_BRANCH =~ /rc-.*/ && $CI_PIPELINE_SOURCE != "trigger"
+ - local: 'administration/.gitlab-ci/helm.yml'
+ rules:
+ - if: $CI_PIPELINE_SOURCE == "trigger"
+
+# Initialisation of specifique administration variable
+.admin-base:
+ variables:
+ MODULE_NAME: admin
+ MODULE_PATH: administration
+ ADMIN_BASE_IMAGE_NAME: ${NEXUS_DOCKER_REPOSITORY_URL}/nginx:1.21
+ ADMIN_IMAGE_NAME: ${REGISTRY_BASE_NAME}/${MODULE_NAME}:${IMAGE_TAG_NAME}
+ only:
+ changes:
+ - '*'
+ - 'commons/**/*'
+ - 'administration/**/*'
+
+# Build of testing environement image and creation of the cache
+.admin_build_script: &admin_build_script |
+ yarn install
+ export REACT_APP_ADMIN_ACCES_ROLE=${MCM_CMS_ACCESS_ROLE}
+ export REACT_APP_PACKAGE_VERSION=${PACKAGE_VERSION}
+ npm version ${PACKAGE_VERSION}
+ yarn build --production=true
+
+admin_build:
+ extends:
+ - .build-job
+ - .admin-base
+ script:
+ - *admin_build_script
+ cache:
+ key: ${MODULE_PATH}-${CI_COMMIT_REF_SLUG}
+ policy: push
+ paths:
+ - ${MODULE_PATH}/node_modules/
+ - ${MODULE_PATH}/yarn.lock
+ artifacts:
+ paths:
+ - ${MODULE_PATH}/build
+ - ${MODULE_PATH}/node_modules/
+ - ${MODULE_PATH}/yarn.lock
+ expire_in: 5 days
+
+# Static Application Security Testing for known vulnerabilities
+admin_sast:
+ extends:
+ - .sast-job
+ - .build-n-sast-job-tags
+ - .admin-base
+ needs: ['admin_build']
\ No newline at end of file
diff --git a/administration/.gitlab-ci/helm.yml b/administration/.gitlab-ci/helm.yml
new file mode 100644
index 0000000..3188851
--- /dev/null
+++ b/administration/.gitlab-ci/helm.yml
@@ -0,0 +1,4 @@
+admin_image_push:
+ extends:
+ - .helm-push-image-job
+ - .admin-base
diff --git a/administration/.gitlab-ci/preview.yml b/administration/.gitlab-ci/preview.yml
new file mode 100644
index 0000000..117f03a
--- /dev/null
+++ b/administration/.gitlab-ci/preview.yml
@@ -0,0 +1,18 @@
+admin_image_build:
+ extends:
+ - .preview-image-job
+ - .admin-base
+ needs: ['admin_build']
+
+admin_preview_deploy:
+ extends:
+ - .preview-deploy-job
+ - .admin-base
+ needs: ['admin_image_build']
+ environment:
+ on_stop: admin_preview_cleanup
+
+admin_preview_cleanup:
+ extends:
+ - .commons_preview_cleanup
+ - .admin-base
diff --git a/administration/.gitlab-ci/testing.yml b/administration/.gitlab-ci/testing.yml
new file mode 100644
index 0000000..79b7f56
--- /dev/null
+++ b/administration/.gitlab-ci/testing.yml
@@ -0,0 +1,11 @@
+admin_testing_image_build:
+ extends:
+ - .testing-image-job
+ - .admin-base
+ needs: ['admin_build']
+
+admin_testing_deploy:
+ extends:
+ - .testing-deploy-job
+ - .admin-base
+ needs: ['admin_testing_image_build']
diff --git a/administration/.prettierignore b/administration/.prettierignore
new file mode 100644
index 0000000..6012ab2
--- /dev/null
+++ b/administration/.prettierignore
@@ -0,0 +1,12 @@
+node_modules
+
+# Ignore artifacts:
+build
+coverage
+
+.cache
+.gitlab-ci.yml
+.scannerwork
+public/
+gatsby-config.js
+.eslintrc.js
diff --git a/administration/.prettierrc.json b/administration/.prettierrc.json
new file mode 100644
index 0000000..a574763
--- /dev/null
+++ b/administration/.prettierrc.json
@@ -0,0 +1,10 @@
+{
+ "trailingComma": "es5",
+ "tabWidth": 2,
+ "semi": true,
+ "singleQuote": true,
+ "bracketSpacing": true,
+ "jsxBracketSameLine": false,
+ "arrowParens": "always",
+ "endOfLine": "auto"
+}
diff --git a/administration/Chart.yaml b/administration/Chart.yaml
new file mode 100644
index 0000000..c3dcb0d
--- /dev/null
+++ b/administration/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+appVersion: 1.0.0
+description: A Helm chart for Kubernetes
+name: ${MODULE_PATH}
+type: application
+version: 1.0.0
diff --git a/administration/README.md b/administration/README.md
new file mode 100644
index 0000000..e6060f5
--- /dev/null
+++ b/administration/README.md
@@ -0,0 +1,57 @@
+# Description
+
+Le service administration se base sur le framework **[React-Admin](https://marmelab.com/react-admin/)**
+
+⚠ La version utilisée est la v3.19.11 de React-Admin
+
+Ce service permet, pour un administrateur fonctionnel, de gérer et de contribuer sur différents types de contenus (Aides, entreprises, collectivités, communautés ...) proposés et/ou à gérer dans la solution.
+
+# Installation en local
+
+Modifier le fichier json présent dans le dossier public avec les variables mentionnées ci-dessous
+
+```sh
+yarn install && yarn start
+```
+
+## Variables
+
+| Variables | Description | Obligatoire |
+| ----------------------- | ----------------------------------------- | ----------- |
+| IDP_FQDN | Url de l'IDP | Oui |
+| API_FQDN | Url de l'api | Oui |
+| IDP_MCM_REALM | Nom du realm mcm | Oui |
+| IDP_MCM_ADMIN_CLIENT_ID | Client id du client public administration | Oui |
+
+## URL / Port
+
+- URL : localhost
+- Port : 3001
+
+# Précisions pipelines
+
+L'image de l'administration est basée sur nginx.
+
+La variable PACKAGE_VERSION (voir commons) permet de repérer la dernière version publiée
+
+## Preview
+
+Pas de précisions nécéssaires pour ce service
+
+## Testing
+
+Pas de précisions nécéssaires pour ce service
+
+# Relation avec les autres services
+
+Comme présenté dans le schéma global de l'architecture ci-dessous
+
+
+
+React Admin est lié à l'api grâce à l'implémentation du dataProvider. Ainsi certains endpoints permettant la contribution sont ouverts à ce portail d'administration.
+
+Il est aussi lié à l'idp pour l'accès au portail soit par un compte dédié, soit par une liaison identity provider avec notre Azure AD.
+
+# Tests Unitaires
+
+Pas de tests unitaires nécéssaires pour ce service
diff --git a/administration/admin-dockerfile.yml b/administration/admin-dockerfile.yml
new file mode 100644
index 0000000..dba436f
--- /dev/null
+++ b/administration/admin-dockerfile.yml
@@ -0,0 +1,5 @@
+ARG ADMIN_BASE_IMAGE_NAME
+FROM ${ADMIN_BASE_IMAGE_NAME}
+
+COPY config-nginx/ /etc/nginx/conf.d
+COPY build/ /usr/share/nginx/html/
diff --git a/administration/administration-testing-values.yaml b/administration/administration-testing-values.yaml
new file mode 100644
index 0000000..e217b16
--- /dev/null
+++ b/administration/administration-testing-values.yaml
@@ -0,0 +1,122 @@
+configMaps:
+ - metadata:
+ annotations:
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ kubernetes.io/ingress.class: traefik
+ name: admin-keycloak-config
+ data:
+ keycloak.json: 'administration/keycloak.json'
+
+services:
+ - metadata:
+ annotations:
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ kompose.image-pull-secret: ${GITLAB_IMAGE_PULL_SECRET_NAME}
+ kompose.service.type: clusterip
+ kubernetes.io/ingress.class: traefik
+ creationTimestamp: null
+ labels:
+ io.kompose.service: admin
+ name: admin
+ spec:
+ ports:
+ - name: '8081'
+ port: 8081
+ targetPort: 8081
+ selector:
+ io.kompose.service: admin
+ type: ClusterIP
+ status:
+ loadBalancer: {}
+
+deployments:
+ - metadata:
+ annotations:
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ kompose.image-pull-secret: ${GITLAB_IMAGE_PULL_SECRET_NAME}
+ kompose.service.type: clusterip
+ kubernetes.io/ingress.class: traefik
+ labels:
+ io.kompose.service: admin
+ name: admin
+ spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ io.kompose.service: admin
+ strategy: {}
+ template:
+ metadata:
+ annotations:
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ kompose.image-pull-secret: ${GITLAB_IMAGE_PULL_SECRET_NAME}
+ kompose.service.type: clusterip
+ kubernetes.io/ingress.class: traefik
+ labels:
+ io.kompose.network/web-nw: 'true'
+ io.kompose.service: admin
+ spec:
+ containers:
+ env:
+ API_FQDN: ${API_FQDN}
+ IDP_FQDN: ${IDP_FQDN}
+ MCM_IDP_CLIENTID_ADMIN: ${IDP_MCM_ADMIN_CLIENT_ID}
+ MCM_IDP_REALM: ${IDP_MCM_REALM}
+ image: ${ADMIN_IMAGE_NAME}
+ name: admin
+ ports:
+ - containerPort: 8081
+ resources: {}
+ volumeMounts:
+ - mountPath: /usr/share/nginx/html/keycloak.json
+ name: keycloak-config
+ subPath: keycloak.json
+ imagePullSecrets:
+ - name: ${GITLAB_IMAGE_PULL_SECRET_NAME}
+ restartPolicy: Always
+ securityContext:
+ fsGroup: 1000
+ volumes:
+ - configMap:
+ name: admin-keycloak-config
+ name: keycloak-config
+ status: {}
+
+networkPolicies:
+ - metadata:
+ annotations:
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ kubernetes.io/ingress.class: traefik
+ name: web-nw
+ spec:
+ ingress:
+ - from:
+ - namespaceSelector:
+ matchLabels:
+ com.capgemini.mcm.ingress: 'true'
+ podSelector:
+ matchLabels:
+ io.kompose.network/web-nw: 'true'
+
+ingressRoutes:
+ - metadata:
+ annotations:
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ kubernetes.io/ingress.class: traefik
+ name: admin
+ spec:
+ entryPoints:
+ - web
+ routes:
+ - kind: Rule
+ match: Host(`${ADMIN_FQDN}`)
+ services:
+ - kind: Service
+ name: admin
+ port: 8081
diff --git a/administration/config-nginx/default.conf b/administration/config-nginx/default.conf
new file mode 100644
index 0000000..0555409
--- /dev/null
+++ b/administration/config-nginx/default.conf
@@ -0,0 +1,44 @@
+server {
+ listen 8081;
+ server_name localhost;
+
+ #charset koi8-r;
+ #access_log /var/log/nginx/host.access.log main;
+
+ location / {
+ root /usr/share/nginx/html;
+ index index.html index.htm;
+ }
+
+ #error_page 404 /404.html;
+
+ # redirect server error pages to the static page /50x.html
+ #
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+
+ # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+ #
+ #location ~ \.php$ {
+ # proxy_pass http://127.0.0.1;
+ #}
+
+ # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+ #
+ #location ~ \.php$ {
+ # root html;
+ # fastcgi_pass 127.0.0.1:9000;
+ # fastcgi_index index.php;
+ # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
+ # include fastcgi_params;
+ #}
+
+ # deny access to .htaccess files, if Apache's document root
+ # concurs with nginx's one
+ #
+ #location ~ /\.ht {
+ # deny all;
+ #}
+}
diff --git a/administration/kompose.yml b/administration/kompose.yml
new file mode 100644
index 0000000..7d41570
--- /dev/null
+++ b/administration/kompose.yml
@@ -0,0 +1,24 @@
+version: '3'
+
+services:
+ admin:
+ image: ${ADMIN_IMAGE_NAME}
+ build:
+ context: .
+ dockerfile: ./admin-dockerfile.yml
+ args:
+ ADMIN_BASE_IMAGE_NAME: ${ADMIN_BASE_IMAGE_NAME}
+ networks:
+ - web-nw
+ ports:
+ - '8081'
+ environment:
+ - API_FQDN
+ - IDP_FQDN
+ - IDP_MCM_REALM
+ - IDP_MCM_ADMIN_CLIENT_ID
+ labels:
+ - 'kompose.image-pull-secret=${GITLAB_IMAGE_PULL_SECRET_NAME}'
+ - 'kompose.service.type=clusterip'
+networks:
+ web-nw:
diff --git a/administration/overlays/admin-certificate.yml b/administration/overlays/admin-certificate.yml
new file mode 100644
index 0000000..f788ff5
--- /dev/null
+++ b/administration/overlays/admin-certificate.yml
@@ -0,0 +1,12 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: admin-cert
+spec:
+ dnsNames:
+ - '*.${landscape_subdomain}'
+ issuerRef:
+ group: cert-manager.io
+ kind: ClusterIssuer
+ name: ${CLUSTER_ISSUER}
+ secretName: ${SECRET_NAME}
diff --git a/administration/overlays/admin-deployment-namespace.yml b/administration/overlays/admin-deployment-namespace.yml
new file mode 100644
index 0000000..777cdd2
--- /dev/null
+++ b/administration/overlays/admin-deployment-namespace.yml
@@ -0,0 +1,4 @@
+apiVersion: apps/v1
+kind: Namespace
+metadata:
+ name: admin-test-override-namespace
diff --git a/administration/overlays/admin-ingressroute.yml b/administration/overlays/admin-ingressroute.yml
new file mode 100644
index 0000000..780f702
--- /dev/null
+++ b/administration/overlays/admin-ingressroute.yml
@@ -0,0 +1,22 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+ name: admin
+spec:
+ entryPoints:
+ - web
+ # - websecure
+ routes:
+ - match: Host(`${ADMIN_FQDN}`)
+ kind: Rule
+ services:
+ - kind: Service
+ name: admin
+ port: 8081
+ # tls:
+ # secretName: ${SECRET_NAME} # admin-tls # cert-dev
+ # domains:
+ # - main: ${BASE_DOMAIN}
+ # sans:
+ # - '*.preview.${BASE_DOMAIN}'
+ # - '*.testing.${BASE_DOMAIN}'
diff --git a/administration/overlays/admin_configmap_volumes.yml b/administration/overlays/admin_configmap_volumes.yml
new file mode 100644
index 0000000..6760208
--- /dev/null
+++ b/administration/overlays/admin_configmap_volumes.yml
@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: admin
+spec:
+ template:
+ spec:
+ containers:
+ - name: admin
+ volumeMounts:
+ - name: keycloak-config
+ mountPath: /usr/share/nginx/html/keycloak.json
+ subPath: keycloak.json
+ securityContext:
+ fsGroup: 1000
+ volumes:
+ - name: keycloak-config
+ configMap:
+ name: admin-keycloak-config
diff --git a/administration/overlays/config/keycloak.json b/administration/overlays/config/keycloak.json
new file mode 100644
index 0000000..5661125
--- /dev/null
+++ b/administration/overlays/config/keycloak.json
@@ -0,0 +1,8 @@
+{
+ "keycloakConfig": {
+ "url": "https://${IDP_FQDN}/auth",
+ "realm": "${IDP_MCM_REALM}",
+ "clientId": "${IDP_MCM_ADMIN_CLIENT_ID}"
+ },
+ "apiConfig": "https://${API_FQDN}/"
+}
diff --git a/administration/overlays/kustomization.yaml b/administration/overlays/kustomization.yaml
new file mode 100644
index 0000000..cba6e9b
--- /dev/null
+++ b/administration/overlays/kustomization.yaml
@@ -0,0 +1,17 @@
+commonAnnotations:
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ kubernetes.io/ingress.class: traefik
+
+resources:
+ - admin-ingressroute.yml
+ # - admin-certificate.yml
+
+patchesStrategicMerge:
+ - web_nw_networkpolicy_namespaceselector.yml
+ - admin_configmap_volumes.yml
+
+configMapGenerator:
+ - name: admin-keycloak-config
+ files:
+ - config/keycloak.json
diff --git a/administration/overlays/web_nw_networkpolicy_namespaceselector.yml b/administration/overlays/web_nw_networkpolicy_namespaceselector.yml
new file mode 100644
index 0000000..32da467
--- /dev/null
+++ b/administration/overlays/web_nw_networkpolicy_namespaceselector.yml
@@ -0,0 +1,10 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: web-nw
+spec:
+ ingress:
+ - from:
+ - namespaceSelector:
+ matchLabels:
+ com.capgemini.mcm.ingress: 'true'
diff --git a/administration/package.json b/administration/package.json
new file mode 100644
index 0000000..090cb5b
--- /dev/null
+++ b/administration/package.json
@@ -0,0 +1,73 @@
+{
+ "name": "administration",
+ "version": "1.10.1",
+ "author": "Mon Compte Mobilité",
+ "private": true,
+ "dependencies": {
+ "@material-ui/core": "4.12.4",
+ "@material-ui/icons": "4.11.3",
+ "@testing-library/jest-dom": "5.16.5",
+ "@testing-library/react": "11.2.7",
+ "@testing-library/user-event": "12.8.3",
+ "@types/jest": "26.0.24",
+ "@types/node": "12.20.55",
+ "@types/react": "17.0.2",
+ "@types/react-dom": "17.0.2",
+ "axios": "0.21.4",
+ "keycloak-js": "16.1.1",
+ "lodash": "4.17.21",
+ "ra-i18n-polyglot": "3.19.11",
+ "ra-language-french": "3.19.11",
+ "react": "17.0.2",
+ "react-admin": "3.19.11",
+ "react-admin-lb4": "1.0.3",
+ "react-dom": "17.0.2",
+ "react-final-form": "6.5.9",
+ "react-query": "3.39.2",
+ "typescript": "4.1.2"
+ },
+ "resolutions": {
+ "@types/react": "17.0.2",
+ "@types/react-dom": "17.0.2"
+ },
+ "scripts": {
+ "start": "set PORT=3001 && react-scripts start",
+ "build": "react-scripts build",
+ "test": "react-scripts test",
+ "eject": "react-scripts eject",
+ "format": "npm run prettier:fix && npm run lint:fix",
+ "lint": "eslint src/* --ext js,ts,tsx",
+ "lint:fix": "npm run lint -- --fix",
+ "prettier": "prettier -c",
+ "prettier:fix": "npm run prettier -- --write"
+ },
+ "browserslist": {
+ "production": [
+ ">0.2%",
+ "not dead",
+ "not op_mini all"
+ ],
+ "development": [
+ "last 1 chrome version",
+ "last 1 firefox version",
+ "last 1 safari version"
+ ]
+ },
+ "devDependencies": {
+ "@typescript-eslint/eslint-plugin": "4.33.0",
+ "@typescript-eslint/parser": "4.33.0",
+ "eslint": "7.32.0",
+ "eslint-config-airbnb": "18.2.1",
+ "eslint-config-airbnb-typescript": "12.3.1",
+ "eslint-config-prettier": "8.5.0",
+ "eslint-import-resolver-alias": "1.1.2",
+ "eslint-import-resolver-typescript": "2.7.1",
+ "eslint-plugin-import": "2.26.0",
+ "eslint-plugin-jsx-a11y": "6.6.1",
+ "eslint-plugin-prettier": "3.4.1",
+ "eslint-plugin-react": "7.31.10",
+ "eslint-plugin-react-hooks": "4.6.0",
+ "prettier": "2.7.1",
+ "react-scripts": "5.0.0"
+ }
+}
diff --git a/administration/public/index.html b/administration/public/index.html
new file mode 100644
index 0000000..cc49e05
--- /dev/null
+++ b/administration/public/index.html
@@ -0,0 +1,37 @@
+
+
+
+
+
+
+
+
+
+ Administration | Mon Compte Mobilité
+
+
+
+
+
+
+
diff --git a/administration/public/mob-favicon.svg b/administration/public/mob-favicon.svg
new file mode 100644
index 0000000..ce42712
--- /dev/null
+++ b/administration/public/mob-favicon.svg
@@ -0,0 +1 @@
+
diff --git a/administration/public/robots.txt b/administration/public/robots.txt
new file mode 100644
index 0000000..e9e57dc
--- /dev/null
+++ b/administration/public/robots.txt
@@ -0,0 +1,3 @@
+# https://www.robotstxt.org/robotstxt.html
+User-agent: *
+Disallow:
diff --git a/administration/src/App.tsx b/administration/src/App.tsx
new file mode 100644
index 0000000..b243cf8
--- /dev/null
+++ b/administration/src/App.tsx
@@ -0,0 +1,80 @@
+/* eslint-disable */
+import { Admin, Resource, resolveBrowserLocale } from 'react-admin';
+import polyglotI18nProvider from 'ra-i18n-polyglot';
+import frenchMessages from 'ra-language-french';
+import { QueryClient, QueryClientProvider } from 'react-query';
+
+import dataProvider from './api/provider/dataProvider';
+import AuthProvider from './modules/Auth/authProvider';
+import { KeycloakProviderInit } from './components/Keycloak/KeycloakProviderInit';
+import LogoutButton from './components/LoginForm/LogoutButton';
+import Dashboard from './components/Dashboard/Dashboard';
+import AccessRole from './components/Access/AccessRole';
+import EntrepriseForm from './components/Entreprises';
+import CollectiviteForm from './components/Collectivites/CollectiviteForm';
+import CollectiviteList from './components/Collectivites/CollectiviteList';
+import CommunateForm from './components/Communautes';
+import Aide from './components/Aide';
+import UtilisateurForm from './components/utilisateurs';
+import customTheme from './components/customTheme/customTheme';
+import TerritoryForm from './components/Territories';
+
+const queryClient = new QueryClient();
+
+const messages = {
+ fr: frenchMessages,
+};
+
+const i18nProvider = polyglotI18nProvider(
+ (locale) => (messages[locale] ? messages[locale] : messages.fr),
+ resolveBrowserLocale()
+);
+
+function App(): JSX.Element {
+ return (
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ );
+}
+
+export default App;
diff --git a/administration/src/api/communautes.ts b/administration/src/api/communautes.ts
new file mode 100644
index 0000000..f0406c4
--- /dev/null
+++ b/administration/src/api/communautes.ts
@@ -0,0 +1,15 @@
+import axios from 'axios';
+import { URL_API } from '../utils/constant';
+import { getAuthHeader } from '../utils/httpHeaders';
+
+export const getFunderCommunityList = async (
+ funderId: string
+): Promise<{ id: string; name: string; funderId: string }[]> => {
+ const { data } = await axios.get(
+ `${await URL_API()}/funders/${funderId}/communities`,
+ {
+ headers: getAuthHeader(),
+ }
+ );
+ return data;
+};
diff --git a/administration/src/api/financeurs.ts b/administration/src/api/financeurs.ts
new file mode 100644
index 0000000..e334e09
--- /dev/null
+++ b/administration/src/api/financeurs.ts
@@ -0,0 +1,27 @@
+import axios from 'axios';
+import { URL_API } from '../utils/constant';
+import { getAuthHeader } from '../utils/httpHeaders';
+
+export const getFunders = async (): Promise<
+ {
+ name: string;
+ id: string;
+ funderType: string;
+ emailFormat?: string[];
+ }[]
+> => {
+ const { data } = await axios.get(`${await URL_API()}/funders`, {
+ headers: getAuthHeader(),
+ });
+ return data;
+};
+
+export const getClients = async (): Promise<{
+ clientId: string;
+ id: string;
+}> => {
+ const { data } = await axios.get(`${await URL_API()}/funders/clients`, {
+ headers: getAuthHeader(),
+ });
+ return data;
+};
diff --git a/administration/src/api/provider/dataProvider.ts b/administration/src/api/provider/dataProvider.ts
new file mode 100644
index 0000000..be204c7
--- /dev/null
+++ b/administration/src/api/provider/dataProvider.ts
@@ -0,0 +1,42 @@
+/* eslint-disable */
+
+import lb4Provider from 'react-admin-lb4';
+import { GET_LIST } from 'react-admin';
+import { URL_API } from '../../utils/constant';
+
+import { getAuthHeader } from '../../utils/httpHeaders';
+
+/**
+ * @param {string} type Request type, e.g GET_LIST, GET_ONE, DELETE, POST..
+ * @param {string} resource Resource name, e.g. "communautes"
+ * @param {Object} params Request parameters. Depends on the request type
+ */
+
+export default async (type: string, resource: string, params: any) => {
+ const data = await URL_API();
+ const dataProvider = lb4Provider(data, getAuthHeader);
+ const url: string = resourceConverter(type, resource);
+ return dataProvider(type, url, params);
+};
+
+const resourceConverter = (type: string, resource: string): string => {
+ switch (resource) {
+ case 'collectivites':
+ return 'collectivities';
+ case 'entreprises':
+ return 'enterprises';
+ case 'aides':
+ return 'incentives';
+ case 'communautes':
+ return 'funders/communities';
+ case 'utilisateurs':
+ if (type === GET_LIST) {
+ return 'users/funders';
+ }
+ return 'users';
+ case 'territoires':
+ return 'territories';
+ default:
+ return resource;
+ }
+};
diff --git a/administration/src/api/roles.ts b/administration/src/api/roles.ts
new file mode 100644
index 0000000..a1c0bde
--- /dev/null
+++ b/administration/src/api/roles.ts
@@ -0,0 +1,10 @@
+import axios from 'axios';
+import { URL_API } from '../utils/constant';
+import { getAuthHeader } from '../utils/httpHeaders';
+
+export const getRoles = async (): Promise => {
+ const { data } = await axios.get(`${await URL_API()}/users/roles`, {
+ headers: getAuthHeader(),
+ });
+ return data;
+};
diff --git a/administration/src/api/territories.ts b/administration/src/api/territories.ts
new file mode 100644
index 0000000..72d198a
--- /dev/null
+++ b/administration/src/api/territories.ts
@@ -0,0 +1,13 @@
+import axios from 'axios';
+import { URL_API } from '../utils/constant';
+import { getAuthHeader } from '../utils/httpHeaders';
+
+export const getTerritories = async (): Promise<{
+ name: string;
+ id: string;
+}> => {
+ const { data } = await axios.get(`${await URL_API()}/territories`, {
+ headers: getAuthHeader(),
+ });
+ return data;
+};
diff --git a/administration/src/assets/svg/spinner.svg b/administration/src/assets/svg/spinner.svg
new file mode 100644
index 0000000..39fba0f
--- /dev/null
+++ b/administration/src/assets/svg/spinner.svg
@@ -0,0 +1,69 @@
+
diff --git a/administration/src/components/Access/AccessRole.css b/administration/src/components/Access/AccessRole.css
new file mode 100644
index 0000000..21247b5
--- /dev/null
+++ b/administration/src/components/Access/AccessRole.css
@@ -0,0 +1,5 @@
+.no-admin {
+ margin-top: 50px;
+ margin-left: 10%;
+ font-size: 30px;
+}
diff --git a/administration/src/components/Access/AccessRole.tsx b/administration/src/components/Access/AccessRole.tsx
new file mode 100644
index 0000000..1eb15b2
--- /dev/null
+++ b/administration/src/components/Access/AccessRole.tsx
@@ -0,0 +1,28 @@
+import React from 'react';
+import './AccessRole.css';
+import { useSession } from '../Keycloak/KeycloakProviderInit';
+
+/**
+ * Controle access role component
+ * @param props
+ * @constructor
+ */
+const AccessRole: React.FC = ({ children }) => {
+ const { keycloak } = useSession();
+
+ if (
+ keycloak &&
+ keycloak.realmAccess &&
+ keycloak.realmAccess.roles.includes(
+ `${process.env.REACT_APP_ADMIN_ACCES_ROLE || 'content_editor'}`
+ )
+ ) {
+ return <>{children};
+ }
+ keycloak.logout();
+ return (
+ Vous n êtes pas habilité.e à accéder à ce site
+ );
+};
+
+export default AccessRole;
diff --git a/administration/src/components/Aide/AideCreate.tsx b/administration/src/components/Aide/AideCreate.tsx
new file mode 100644
index 0000000..ceaa66b
--- /dev/null
+++ b/administration/src/components/Aide/AideCreate.tsx
@@ -0,0 +1,55 @@
+/* eslint-disable */
+import { FC } from 'react';
+import {
+ Create,
+ CreateProps,
+ SimpleForm,
+ useCreateContext,
+ useNotify,
+ useRedirect,
+ useRefresh,
+} from 'react-admin';
+
+import AideCreateForm from './AideCreateForm';
+import AidesMessages from '../../utils/Aide/fr.json';
+import { errorFetching } from '../../utils/constant';
+
+const AideCreate: FC = (props) => {
+ const { save, record } = useCreateContext();
+ const notify = useNotify();
+ const refresh = useRefresh();
+ const redirect = useRedirect();
+
+ const onSuccess = ({ data }) => {
+ notify(
+ AidesMessages['aides.create.success'].replace('{aidTitle}', data.title),
+ 'success'
+ );
+ redirect('/aides');
+ refresh();
+ };
+
+ const onFailure = ({ message }) => {
+ const result =
+ message !== errorFetching.messageApi
+ ? AidesMessages[message]
+ : errorFetching.messageToDisplay;
+
+ notify(result, 'error');
+ };
+
+ return (
+
+
+
+
+
+ );
+};
+
+export default AideCreate;
diff --git a/administration/src/components/Aide/AideCreateForm.tsx b/administration/src/components/Aide/AideCreateForm.tsx
new file mode 100644
index 0000000..cd845be
--- /dev/null
+++ b/administration/src/components/Aide/AideCreateForm.tsx
@@ -0,0 +1,302 @@
+/* eslint-disable */
+import React, { useEffect, useState } from 'react';
+import {
+ TextInput,
+ required,
+ DateInput,
+ SelectInput,
+ BooleanInput,
+ NumberInput,
+ AutocompleteArrayInput,
+ AutocompleteInput,
+ ArrayInput,
+ SimpleFormIterator,
+ FormDataConsumer,
+ useNotify,
+} from 'react-admin';
+import { useForm } from 'react-final-form';
+import { CardContent, Box } from '@material-ui/core';
+import { useQuery } from 'react-query';
+
+import {
+ TRANSPORT_CHOICE,
+ INCENTIVE_TYPE_CHOICE,
+ PROOF_CHOICE,
+ INPUT_FORMAT_CHOICE,
+} from '../../utils/constant';
+import { getDate } from '../../utils/convertDateToString';
+import {
+ startDateMin,
+ dateMinValidation,
+} from '../../utils/Aide/validityDateRules';
+import { validateUrl } from '../../utils/Aide/formHelper';
+import CustomAddButton from '../common/CustomAddButton';
+import { getFunders } from '../../api/financeurs';
+import FinanceurMessages from '../../utils/Financeur/fr.json';
+
+import '../styles/DynamicForm.css';
+import TerritoriesDropDown from '../common/TerritoriesDropDown';
+
+const AideCreateForm = (save, record) => {
+ const notify = useNotify();
+ const form = useForm();
+
+ const [FUNDER_CHOICE, setFunderChoice] = useState<
+ { name: string; label: string }[]
+ >([]);
+ const [isMobilityChecked, setIsMobilityChecked] = React.useState(false);
+
+ const { data: funders } = useQuery(
+ 'funders',
+ async (): Promise => {
+ return await getFunders();
+ },
+ {
+ onError: () => {
+ notify(FinanceurMessages['funders.error'], 'error');
+ },
+ enabled: true,
+ retry: false,
+ staleTime: Infinity,
+ }
+ );
+
+ useEffect(() => {
+ setFunderChoice(
+ funders &&
+ funders.map((elt) => {
+ elt.label = elt.funderType
+ ? `${elt.name} (${elt.funderType})`
+ : elt.name;
+ return elt;
+ })
+ );
+ }, [funders]);
+
+ const handleShowMobilityInputs = () => {
+ form.change('subscriptionLink', undefined);
+ form.change('specificFields', undefined);
+ setIsMobilityChecked(!isMobilityChecked);
+ };
+
+ return (
+
+
+
+
+
+
+
+
+
+
+ {
+ if (value) {
+ const newFunder = { name: value, label: value };
+ FUNDER_CHOICE.push(newFunder);
+ return newFunder;
+ }
+ }}
+ validate={[required()]}
+ choices={FUNDER_CHOICE}
+ optionText={(choice) =>
+ choice ?
+ (choice.label ? choice.label : choice.name ) :
+ null
+ }
+ optionValue="name"
+ translateChoice={false}
+ />
+
+
+
+
+
+ {
+ if (value) {
+ const newProof = { id: value, name: value };
+ PROOF_CHOICE.push(newProof);
+ return newProof;
+ }
+ }}
+ fullWidth
+ choices={PROOF_CHOICE}
+ />
+
+
+
+
+
+
+
+
+ {!isMobilityChecked ? (
+
+
+
+ ) : (
+
+
+
+ }
+ >
+
+
+
+ {({
+ formData, // The whole form data
+ scopedFormData, // The data for this item of the ArrayInput
+ getSource, // A function to get the valid source inside an ArrayInput
+ ...rest
+ }) =>
+ scopedFormData?.inputFormat === 'listeChoix' ? (
+ <>
+
+
+
+
+
+
+
+ ) : null
+ }
+
+
+
+
+ )}
+
+
+
+
+
+ );
+};
+
+export default AideCreateForm;
diff --git a/administration/src/components/Aide/AideEdit.tsx b/administration/src/components/Aide/AideEdit.tsx
new file mode 100644
index 0000000..b3d8d65
--- /dev/null
+++ b/administration/src/components/Aide/AideEdit.tsx
@@ -0,0 +1,59 @@
+import * as React from 'react';
+import { FC } from 'react';
+import {
+ Edit,
+ EditProps,
+ Record,
+ useNotify,
+ useRedirect,
+ useRefresh,
+} from 'react-admin';
+import { errorFetching } from '../../utils/constant';
+import AideForm from './AideEditForm';
+import AidesMessages from '../../utils/Aide/fr.json';
+
+const AideEdit: FC = (props) => {
+ const notify = useNotify();
+ const refresh = useRefresh();
+ const redirect = useRedirect();
+
+ const onSuccess = ({ data }): void => {
+ notify(
+ AidesMessages['aides.edit.success'].replace('{aidTitle}', data.title),
+ 'success'
+ );
+ redirect('/aides');
+ refresh();
+ };
+
+ const onFailure = ({ message }): void => {
+ const result =
+ message !== errorFetching.messageApi
+ ? AidesMessages[message]
+ : errorFetching.messageToDisplay;
+
+ notify(result, 'error');
+ };
+
+ const transform = (data): Record => {
+ if (data.isMCMStaff) {
+ return { ...data, subscriptionLink: undefined };
+ }
+ return { ...data, specificFields: undefined };
+ };
+
+ return (
+
+
+
+ );
+};
+
+export default AideEdit;
diff --git a/administration/src/components/Aide/AideEditForm.tsx b/administration/src/components/Aide/AideEditForm.tsx
new file mode 100644
index 0000000..db1552b
--- /dev/null
+++ b/administration/src/components/Aide/AideEditForm.tsx
@@ -0,0 +1,312 @@
+/* eslint-disable */
+import React, { useEffect, useState } from 'react';
+import { find } from 'lodash';
+import {
+ TextInput,
+ required,
+ DateInput,
+ SelectInput,
+ BooleanInput,
+ AutocompleteArrayInput,
+ ArrayInput,
+ SimpleFormIterator,
+ useRecordContext,
+ FormWithRedirect,
+ FormDataConsumer,
+ NumberInput,
+ useEditContext,
+ Toolbar,
+ EditProps,
+} from 'react-admin';
+import { CardContent, Box } from '@material-ui/core';
+import {
+ TRANSPORT_CHOICE,
+ INCENTIVE_TYPE_CHOICE,
+ PROOF_CHOICE,
+ INPUT_FORMAT_CHOICE,
+} from '../../utils/constant';
+import {
+ startDateMin,
+ dateMinValidation,
+} from '../../utils/Aide/validityDateRules';
+import { getDate } from '../../utils/convertDateToString';
+import { validateUrl } from '../../utils/Aide/formHelper';
+import CustomAddButton from '../common/CustomAddButton';
+import '../styles/DynamicForm.css';
+import TerritoriesDropDown from '../common/TerritoriesDropDown';
+
+const AideEditForm = (props: EditProps) => {
+ const { save, record } = useEditContext();
+ const recordContext = useRecordContext();
+ const [isMobilityChecked, setIsMobilityChecked] = useState(false);
+
+ // Check the isMobilityChecked at the willmount
+ useEffect(() => {
+ if (recordContext?.isMCMStaff) {
+ setIsMobilityChecked(true);
+ } else {
+ setIsMobilityChecked(false);
+ }
+ }, []);
+ // verify if each label Proof exist in options (PROOF_CHOICE) in this aides, else add option in Proof choice
+ if (recordContext?.attachments) {
+ recordContext.attachments.map((value) => {
+ if (!find(PROOF_CHOICE, ['id', value])) {
+ PROOF_CHOICE.push({ id: value, name: value });
+ }
+ });
+ }
+
+ // Toogle of isMobilityChecked
+ const handleShowMobilityInputs = () => {
+ setIsMobilityChecked(!isMobilityChecked);
+ };
+
+ return (
+ (
+
+
+
+
+
+
+
+ )}
+ />
+ );
+};
+
+export default AideEditForm;
diff --git a/administration/src/components/Aide/AideList.tsx b/administration/src/components/Aide/AideList.tsx
new file mode 100644
index 0000000..b1d8062
--- /dev/null
+++ b/administration/src/components/Aide/AideList.tsx
@@ -0,0 +1,35 @@
+/* eslint-disable */
+import React from 'react';
+import {
+ List,
+ Datagrid,
+ TextField,
+ EditButton,
+ DeleteButton,
+ FunctionField,
+} from 'react-admin';
+
+import { MAPPING_FUNDER_TYPE } from '../../utils/constant';
+
+const AideList = (props) => {
+ return (
+
+
+
+
+
+ `${record.funderName} (${
+ MAPPING_FUNDER_TYPE[record.incentiveType]
+ })`
+ }
+ />
+
+
+
+
+ );
+};
+
+export default AideList;
diff --git a/administration/src/components/Aide/index.tsx b/administration/src/components/Aide/index.tsx
new file mode 100644
index 0000000..06bb57c
--- /dev/null
+++ b/administration/src/components/Aide/index.tsx
@@ -0,0 +1,9 @@
+import AideCreate from './AideCreate';
+import AideList from './AideList';
+import AideEdit from './AideEdit';
+
+export default {
+ list: AideList,
+ create: AideCreate,
+ edit: AideEdit,
+};
diff --git a/administration/src/components/Collectivites/CollectiviteCreateForm.tsx b/administration/src/components/Collectivites/CollectiviteCreateForm.tsx
new file mode 100644
index 0000000..7d174f8
--- /dev/null
+++ b/administration/src/components/Collectivites/CollectiviteCreateForm.tsx
@@ -0,0 +1,43 @@
+/* eslint-disable */
+import { TextInput, required, NumberInput } from 'react-admin';
+import { CardContent, Box } from '@material-ui/core';
+
+const Spacer = () => ;
+
+const CollectiviteCreateForm = (save, record) => {
+ return (
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ );
+};
+
+export default CollectiviteCreateForm;
diff --git a/administration/src/components/Collectivites/CollectiviteForm.tsx b/administration/src/components/Collectivites/CollectiviteForm.tsx
new file mode 100644
index 0000000..2a83550
--- /dev/null
+++ b/administration/src/components/Collectivites/CollectiviteForm.tsx
@@ -0,0 +1,50 @@
+/* eslint-disable */
+import CollectiviteCreateForm from './CollectiviteCreateForm';
+import {
+ Create,
+ SimpleForm,
+ useCreateContext,
+ useNotify,
+ useRedirect,
+ useRefresh,
+} from 'react-admin';
+
+import CollectivitesMessages from '../../utils/Collectivite/fr.json';
+import { errorFetching } from '../../utils/constant';
+
+const CollectiviteForm = (props) => {
+ const { save, record } = useCreateContext();
+
+ const notify = useNotify();
+ const refresh = useRefresh();
+ const redirect = useRedirect();
+
+ const onSuccess = ({ data }) => {
+ notify(`Création de la collectivité "${data.name}" avec succès`, 'success');
+ redirect('/collectivites');
+ refresh();
+ };
+
+ const onFailure = ({ message }) => {
+ const result =
+ message !== errorFetching.messageApi
+ ? CollectivitesMessages[message]
+ : errorFetching.messageToDisplay;
+ notify(result, 'error');
+ };
+
+ return (
+
+
+
+
+
+ );
+};
+
+export default CollectiviteForm;
diff --git a/administration/src/components/Collectivites/CollectiviteList.tsx b/administration/src/components/Collectivites/CollectiviteList.tsx
new file mode 100644
index 0000000..fef12d5
--- /dev/null
+++ b/administration/src/components/Collectivites/CollectiviteList.tsx
@@ -0,0 +1,19 @@
+/* eslint-disable */
+import { List, Datagrid, TextField } from 'react-admin';
+
+const CollectiviteList = (props) => {
+ return (
+
+
+
+
+
+
+
+ );
+};
+
+export default CollectiviteList;
diff --git a/administration/src/components/Communautes/CommunauteCreateForm.tsx b/administration/src/components/Communautes/CommunauteCreateForm.tsx
new file mode 100644
index 0000000..969e351
--- /dev/null
+++ b/administration/src/components/Communautes/CommunauteCreateForm.tsx
@@ -0,0 +1,33 @@
+/* eslint-disable */
+import { TextInput, required } from 'react-admin';
+import { CardContent, Box } from '@material-ui/core';
+
+import FinanceurDropDown from '../common/FinanceurDropDown';
+
+const CommuniteCreateForm = (save, record) => {
+ return (
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ );
+};
+
+export default CommuniteCreateForm;
diff --git a/administration/src/components/Communautes/CommunauteForm.tsx b/administration/src/components/Communautes/CommunauteForm.tsx
new file mode 100644
index 0000000..3025015
--- /dev/null
+++ b/administration/src/components/Communautes/CommunauteForm.tsx
@@ -0,0 +1,55 @@
+/* eslint-disable */
+import {
+ Create,
+ SimpleForm,
+ useCreateContext,
+ useNotify,
+ useRedirect,
+ useRefresh,
+} from 'react-admin';
+
+import { errorFetching } from '../../utils/constant';
+import CommunauteCreateForm from './CommunauteCreateForm';
+import CommunauteMessages from '../../utils/Communaute/fr.json';
+
+const CommunauteForm = (props) => {
+ const { save, record } = useCreateContext();
+
+ const notify = useNotify();
+ const refresh = useRefresh();
+ const redirect = useRedirect();
+
+ const onSuccess = ({ data }) => {
+ notify(`Création de la communauté "${data.name}" avec succès`, 'success');
+ redirect('/communautes');
+ refresh();
+ };
+
+ const onFailure = ({ message }) => {
+ const result =
+ message !== errorFetching.messageApi
+ ? CommunauteMessages[message]
+ : errorFetching.messageToDisplay;
+ notify(result, 'error');
+ };
+
+ return (
+ {
+ delete data.emailFormat;
+ delete data.hasManualAffiliation;
+ return data;
+ }}
+ >
+
+
+
+
+ );
+};
+
+export default CommunauteForm;
diff --git a/administration/src/components/Communautes/CommunauteList.tsx b/administration/src/components/Communautes/CommunauteList.tsx
new file mode 100644
index 0000000..8bf36fc
--- /dev/null
+++ b/administration/src/components/Communautes/CommunauteList.tsx
@@ -0,0 +1,16 @@
+import React, { FC } from 'react';
+import { List, Datagrid, TextField } from 'react-admin';
+
+const CommunauteList: FC = (props) => {
+ return (
+
+
+
+
+
+
+
+ );
+};
+
+export default CommunauteList;
diff --git a/administration/src/components/Communautes/index.tsx b/administration/src/components/Communautes/index.tsx
new file mode 100644
index 0000000..6e10a9e
--- /dev/null
+++ b/administration/src/components/Communautes/index.tsx
@@ -0,0 +1,7 @@
+import CommunauteForm from './CommunauteForm';
+import CommunauteList from './CommunauteList';
+
+export default {
+ list: CommunauteList,
+ create: CommunauteForm,
+};
diff --git a/administration/src/components/Dashboard/Dashboard.tsx b/administration/src/components/Dashboard/Dashboard.tsx
new file mode 100644
index 0000000..a82a852
--- /dev/null
+++ b/administration/src/components/Dashboard/Dashboard.tsx
@@ -0,0 +1,17 @@
+import * as React from 'react';
+import Card from '@material-ui/core/Card';
+import CardContent from '@material-ui/core/CardContent';
+import CardHeader from '@material-ui/core/CardHeader';
+
+const Dashboard: React.FC = () => (
+
+
+
+ Version : {process.env.REACT_APP_PACKAGE_VERSION || '1.0.0'}
+
+
+);
+export default Dashboard;
diff --git a/administration/src/components/Entreprises/EntrepriseCreateForm.tsx b/administration/src/components/Entreprises/EntrepriseCreateForm.tsx
new file mode 100644
index 0000000..1be3571
--- /dev/null
+++ b/administration/src/components/Entreprises/EntrepriseCreateForm.tsx
@@ -0,0 +1,197 @@
+/* eslint-disable */
+import {
+ TextInput,
+ required,
+ NumberInput,
+ BooleanInput,
+ AutocompleteArrayInput,
+ useNotify,
+ SelectInput,
+} from 'react-admin';
+import { useForm } from 'react-final-form';
+import { Card, CardContent, Divider, Box } from '@material-ui/core';
+import { InfoRounded } from '@material-ui/icons';
+
+import { isEmailFormatValid } from '../../utils/helpers';
+
+import '../styles/DynamicForm.css';
+import { useEffect, useState } from 'react';
+import { useQuery } from 'react-query';
+import { getClients } from '../../api/financeurs';
+import FinanceurMessages from '../../utils/Financeur/fr.json';
+
+const EMAIL_TAB = [{ id: '@exemple.com', name: '@exemple.com' }];
+
+type checkboxParams = {
+ source: string;
+ label: string;
+};
+
+// eslint-disable-next-line @typescript-eslint/no-unused-vars
+const EntrepriseCreateForm = (save, record) => {
+ const notify = useNotify();
+ const form = useForm();
+ const [CLIENT_CHOICE, setClientChoice] = useState<
+ { clientId: string; id: string }[]
+ >([]);
+
+ const { data: clients } = useQuery(
+ 'clients',
+ async (): Promise => {
+ return await getClients();
+ },
+ {
+ onError: () => {
+ notify(FinanceurMessages['funders.error.clients.list'], 'error');
+ },
+ enabled: true,
+ retry: false,
+ staleTime: Infinity,
+ }
+ );
+ useEffect(() => {
+ setClientChoice(
+ clients &&
+ clients.map((elt) => {
+ elt.name = elt.clientId;
+ return elt;
+ })
+ );
+ }, [clients]);
+ const checkBoxOptions: checkboxParams[] = [
+ {
+ source: 'isHris',
+ label: 'SI RH',
+ },
+ {
+ source: 'hasManualAffiliation',
+ label: 'Validation affiliation par le gestionnaire',
+ },
+ ];
+
+ const uncheckOtherOptions = (checkedOption: string) => {
+ checkBoxOptions
+ .filter((el) => el.source !== checkedOption)
+ .forEach((option: checkboxParams) => form.change(option.source, false));
+ };
+
+ return (
+
+
+
+
+
+
+
+
+
+
+
+
+
+ {
+ if (isEmailFormatValid(value)) {
+ const newFormat = { id: value, name: value };
+ EMAIL_TAB.push(newFormat);
+ return newFormat;
+ }
+ EMAIL_TAB.push({ id: '', name: '' });
+ }}
+ fullWidth
+ choices={EMAIL_TAB}
+ validate={[required(), validateFormatEmail]}
+ />
+
+
+
+
+
+
+
+
+
+ {CLIENT_CHOICE && (
+
+
+
+ )}
+ {checkBoxOptions.map((checkBoxOption: checkboxParams) => (
+
+
+ uncheckOtherOptions(checkBoxOption.source)
+ }
+ defaultValue={false}
+ source={checkBoxOption.source}
+ label={checkBoxOption.label}
+ />
+
+ ))}
+
+
+
+
+ Vous ne pouvez pas activer les 2 options pour une
+ entreprise
+
+
+
+
+
+
+
+
+
+
+ );
+};
+const Spacer = () => ;
+
+const validateFormatEmail = (value) => {
+ return value.includes(undefined) || value.includes('@@ra-create')
+ ? 'Ne doit pas être nul'
+ : undefined;
+};
+
+export default EntrepriseCreateForm;
diff --git a/administration/src/components/Entreprises/EntrepriseForm.tsx b/administration/src/components/Entreprises/EntrepriseForm.tsx
new file mode 100644
index 0000000..d9846f8
--- /dev/null
+++ b/administration/src/components/Entreprises/EntrepriseForm.tsx
@@ -0,0 +1,54 @@
+/* eslint-disable react/jsx-props-no-spreading */
+/* eslint-disable */
+
+import {
+ Create,
+ SimpleForm,
+ useCreateContext,
+ useNotify,
+ useRedirect,
+ useRefresh,
+} from 'react-admin';
+
+import EntrepriseCreateForm from './EntrepriseCreateForm';
+import EntreprisesMessages from '../../utils/Entreprise/fr.json';
+import { errorFetching } from '../../utils/constant';
+
+const EntrepriseForm = (props) => {
+ const { save, record } = useCreateContext();
+
+ const notify = useNotify();
+ const refresh = useRefresh();
+ const redirect = useRedirect();
+
+ const onFailure = ({ message }) => {
+ const result =
+ message !== errorFetching.messageApi
+ ? EntreprisesMessages[message]
+ : errorFetching.messageToDisplay;
+ notify(result, 'error');
+ };
+
+ const onSuccess = ({ data }) => {
+ notify(
+ `Création du compte entreprise "${data.name}" avec succès`,
+ 'success'
+ );
+ redirect('/entreprises');
+ refresh();
+ };
+
+ return (
+
+
+
+
+
+ );
+};
+export default EntrepriseForm;
diff --git a/administration/src/components/Entreprises/EntrepriseList.tsx b/administration/src/components/Entreprises/EntrepriseList.tsx
new file mode 100644
index 0000000..7668fa7
--- /dev/null
+++ b/administration/src/components/Entreprises/EntrepriseList.tsx
@@ -0,0 +1,25 @@
+/* eslint-disable */
+import { List, Datagrid, TextField, BooleanField } from 'react-admin';
+
+const EntrepriseList = (props) => {
+ return (
+
+
+
+
+
+
+
+
+
+
+ );
+};
+
+export default EntrepriseList;
diff --git a/administration/src/components/Entreprises/index.tsx b/administration/src/components/Entreprises/index.tsx
new file mode 100644
index 0000000..b6f7db7
--- /dev/null
+++ b/administration/src/components/Entreprises/index.tsx
@@ -0,0 +1,8 @@
+/* eslint-disable import/no-anonymous-default-export */
+import EntrepriseForm from './EntrepriseForm';
+import EntrepriseList from './EntrepriseList';
+
+export default {
+ create: EntrepriseForm,
+ list: EntrepriseList,
+};
diff --git a/administration/src/components/Keycloak/KeycloakProviderInit.tsx b/administration/src/components/Keycloak/KeycloakProviderInit.tsx
new file mode 100644
index 0000000..cd0b3df
--- /dev/null
+++ b/administration/src/components/Keycloak/KeycloakProviderInit.tsx
@@ -0,0 +1,109 @@
+/* eslint-disable */
+import React, { useEffect, useState } from 'react';
+import Keycloak, { KeycloakConfig, KeycloakInstance } from 'keycloak-js';
+
+import Loading from '../Loading/Loading';
+
+interface IKeycloakContext {
+ keycloak?: KeycloakInstance;
+}
+
+/**
+ * Create Context
+ */
+export const KeycloakContext = React.createContext<
+ IKeycloakContext | undefined
+>(undefined);
+
+/**
+ * Keycloak wrapping component
+ * @param props
+ * @constructor
+ */
+const KeycloakProviderInit: React.FC = ({ children }) => {
+ // Keycloak config generated during CI/CD pipeline
+ const [keycloakInstance, setKeycloakInstance] = useState();
+ const [isKCInit, setIsKCInit] = useState(false);
+
+ /**
+ * Fetching of keycloak config (keycloak.json) generated during CI/CD pipeline
+ */
+ const fetchKeycloakConfig = async () => {
+ const response = await fetch('/keycloak.json');
+ const KeycloakConfig = await response.json();
+ const data: KeycloakConfig = await KeycloakConfig.keycloakConfig;
+ if (Object.keys(data).length !== 0) {
+ const keycloak = Keycloak(data);
+ setKeycloakInstance(keycloak);
+ }
+ };
+
+ /**
+ * Initializes Keycloak instance and set the variable state if successfully initialized.
+ */
+ const initKeycloak = async () => {
+ keycloakInstance
+ ?.init({
+ onLoad: 'login-required',
+ })
+ .then(() => {
+ window.localStorage.setItem('token', keycloakInstance?.token!);
+ setIsKCInit(true);
+ })
+ .catch((err) => console.error(err));
+ };
+
+ useEffect(() => {
+ fetchKeycloakConfig();
+ }, []);
+
+ useEffect(() => {
+ initKeycloak();
+ }, [keycloakInstance]);
+
+ useEffect(() => {
+ /**
+ * Call onTokenExpired when the access token is expired.
+ * If a refresh token is available, the token can be refreshed via the OAuth RefreshToken
+ * In order to transmit it on each call to the API.
+ * Otherwise logout the user.
+ */
+ if (keycloakInstance) {
+ keycloakInstance!.onTokenExpired = () => {
+ keycloakInstance
+ ?.updateToken(5)
+ .then(() => {
+ window.localStorage.setItem('token', keycloakInstance?.token!);
+ })
+ .catch(() => {
+ console.error('Failed to refresh token | the session is expired');
+ keycloakInstance.logout();
+ });
+ };
+ }
+ }, [keycloakInstance]);
+
+ return (
+
+ {isKCInit ? children : }
+
+ );
+};
+
+/**
+ * useSession custom hook to get the provided values from KeycloakContext
+ */
+const useSession = () => {
+ const keycloakContext = React.useContext(KeycloakContext);
+ if (keycloakContext === undefined) {
+ throw new Error('useSession must be used within a KeycloakProvider');
+ }
+
+ return keycloakContext;
+};
+
+export { KeycloakProviderInit, useSession };
diff --git a/administration/src/components/Loading/Loading.css b/administration/src/components/Loading/Loading.css
new file mode 100644
index 0000000..6278c96
--- /dev/null
+++ b/administration/src/components/Loading/Loading.css
@@ -0,0 +1,5 @@
+.loading {
+ position: fixed;
+ top: 50%;
+ left: 50%;
+}
diff --git a/administration/src/components/Loading/Loading.tsx b/administration/src/components/Loading/Loading.tsx
new file mode 100644
index 0000000..8e99613
--- /dev/null
+++ b/administration/src/components/Loading/Loading.tsx
@@ -0,0 +1,10 @@
+import React from 'react';
+import loadingSpinner from '../../assets/svg/spinner.svg';
+
+import './Loading.css';
+
+const Loading = (): React.ReactElement => {
+ return 
;
+};
+
+export default Loading;
diff --git a/administration/src/components/LoginForm/LogoutButton.tsx b/administration/src/components/LoginForm/LogoutButton.tsx
new file mode 100644
index 0000000..eaae409
--- /dev/null
+++ b/administration/src/components/LoginForm/LogoutButton.tsx
@@ -0,0 +1,23 @@
+/* eslint-disable */
+import * as React from 'react';
+import MenuItem from '@material-ui/core/MenuItem';
+import ExitIcon from '@material-ui/icons/PowerSettingsNew';
+
+import { useSession } from '../Keycloak/KeycloakProviderInit';
+
+const LogoutButton: React.FC = () => {
+ const { keycloak } = useSession();
+
+ // eslint-disable-next-line @typescript-eslint/explicit-function-return-type
+ const handleClick = () => {
+ keycloak.logout();
+ };
+
+ return (
+
+ );
+};
+
+export default LogoutButton;
diff --git a/administration/src/components/Territories/TerritoryCreateForm.tsx b/administration/src/components/Territories/TerritoryCreateForm.tsx
new file mode 100644
index 0000000..b051e46
--- /dev/null
+++ b/administration/src/components/Territories/TerritoryCreateForm.tsx
@@ -0,0 +1,23 @@
+/* eslint-disable */
+import { TextInput, required } from 'react-admin';
+import { CardContent, Box } from '@material-ui/core';
+import { checkNamesLength } from '../../utils/checkNamesLength';
+
+const TerritoryCreateForm = (save, record) => {
+ return (
+
+
+
+
+
+
+
+ );
+};
+
+export default TerritoryCreateForm;
diff --git a/administration/src/components/Territories/TerritoryEdit.tsx b/administration/src/components/Territories/TerritoryEdit.tsx
new file mode 100644
index 0000000..a147ffc
--- /dev/null
+++ b/administration/src/components/Territories/TerritoryEdit.tsx
@@ -0,0 +1,60 @@
+/* eslint-disable */
+import { FC } from 'react';
+import {
+ Edit,
+ EditProps,
+ SaveButton,
+ SimpleForm,
+ Toolbar,
+ ToolbarProps,
+ useNotify,
+ useRedirect,
+ useRefresh,
+} from 'react-admin';
+import TerritoryEditForm from './TerritoryEditForm';
+import { errorFetching } from '../../utils/constant';
+import TerritoryMessages from '../../utils/Territory/fr.json';
+
+const TerritoryEdit: FC = (props) => {
+ const notify = useNotify();
+ const refresh = useRefresh();
+ const redirect = useRedirect();
+
+ const onSuccess = (): void => {
+ notify(`Le terriotire a été modifié avec succes`, 'success');
+ redirect('/territoires');
+ refresh();
+ };
+
+ const onFailure = ({ message }): void => {
+ const result: string =
+ message !== errorFetching.messageApi
+ ? TerritoryMessages[message]
+ : errorFetching.messageToDisplay;
+ notify(result, 'error');
+ };
+
+ const EditToolbar = (props: ToolbarProps) => {
+ return (
+
+
+
+ );
+ };
+
+ return (
+
+ }>
+
+
+
+ );
+};
+
+export default TerritoryEdit;
diff --git a/administration/src/components/Territories/TerritoryEditForm.tsx b/administration/src/components/Territories/TerritoryEditForm.tsx
new file mode 100644
index 0000000..090d424
--- /dev/null
+++ b/administration/src/components/Territories/TerritoryEditForm.tsx
@@ -0,0 +1,26 @@
+/* eslint-disable */
+import { TextInput, required } from 'react-admin';
+import { CardContent, Box } from '@material-ui/core';
+import { checkNamesLength } from '../../utils/checkNamesLength';
+
+const TerritoryEditForm = () => {
+ return (
+
+
+
+
+
+
+
+
+
+
+ );
+};
+
+export default TerritoryEditForm;
diff --git a/administration/src/components/Territories/TerritoryForm.tsx b/administration/src/components/Territories/TerritoryForm.tsx
new file mode 100644
index 0000000..505043c
--- /dev/null
+++ b/administration/src/components/Territories/TerritoryForm.tsx
@@ -0,0 +1,49 @@
+/* eslint-disable */
+import {
+ Create,
+ SimpleForm,
+ useCreateContext,
+ useNotify,
+ useRedirect,
+ useRefresh,
+} from 'react-admin';
+
+import TerritoryCreateForm from './TerritoryCreateForm';
+import TerritoryMessages from '../../utils/Territory/fr.json';
+import { errorFetching } from '../../utils/constant';
+
+const TerritoryForm = (props) => {
+ const { save, record } = useCreateContext();
+
+ const notify = useNotify();
+ const refresh = useRefresh();
+ const redirect = useRedirect();
+
+ const onFailure = ({ message }): void => {
+ const result: string =
+ message !== errorFetching.messageApi
+ ? TerritoryMessages[message]
+ : errorFetching.messageToDisplay;
+ notify(result, 'error');
+ };
+
+ const onSuccess = ({ data }): void => {
+ notify(`Création du territoire ${data.name} avec succès`, 'success');
+ redirect('/territoires');
+ refresh();
+ };
+
+ return (
+
+
+
+
+
+ );
+};
+export default TerritoryForm;
diff --git a/administration/src/components/Territories/TerritoryList.tsx b/administration/src/components/Territories/TerritoryList.tsx
new file mode 100644
index 0000000..8f8e93a
--- /dev/null
+++ b/administration/src/components/Territories/TerritoryList.tsx
@@ -0,0 +1,44 @@
+/* eslint-disable */
+import { ListProps } from '@material-ui/core';
+import { FC } from 'react';
+import {
+ List,
+ Datagrid,
+ TextField,
+ Filter,
+ SearchInput,
+ EditButton,
+} from 'react-admin';
+
+const TerritoryFilter: FC = (props) => (
+
+
+
+);
+
+const TerritoryList: FC = (props) => {
+ return (
+
}
+ sort={{ field: 'name', order: 'ASC' }}
+ bulkActionButtons={false}
+ >
+
+
+
+
+
+ );
+};
+
+export default TerritoryList;
diff --git a/administration/src/components/Territories/index.tsx b/administration/src/components/Territories/index.tsx
new file mode 100644
index 0000000..f2d96d6
--- /dev/null
+++ b/administration/src/components/Territories/index.tsx
@@ -0,0 +1,10 @@
+/* eslint-disable */
+import TerritoryForm from './TerritoryForm';
+import TerritoryList from './TerritoryList';
+import TerritoryEdit from './TerritoryEdit';
+
+export default {
+ create: TerritoryForm,
+ list: TerritoryList,
+ edit: TerritoryEdit,
+};
diff --git a/administration/src/components/common/CustomAddButton.tsx b/administration/src/components/common/CustomAddButton.tsx
new file mode 100644
index 0000000..6dd2c27
--- /dev/null
+++ b/administration/src/components/common/CustomAddButton.tsx
@@ -0,0 +1,12 @@
+import React from 'react';
+import { Button } from '@material-ui/core';
+
+const CustomAddButton = (props: { label: string }): JSX.Element => {
+ const { label } = props;
+ return (
+
+ );
+};
+export default CustomAddButton;
diff --git a/administration/src/components/common/FinanceurDropDown.tsx b/administration/src/components/common/FinanceurDropDown.tsx
new file mode 100644
index 0000000..a4f51fc
--- /dev/null
+++ b/administration/src/components/common/FinanceurDropDown.tsx
@@ -0,0 +1,66 @@
+/* eslint-disable */
+import { required, useNotify, AutocompleteInput } from 'react-admin';
+import { useFormState } from 'react-final-form';
+import { useQuery } from 'react-query';
+import { getFunders } from '../../api/financeurs';
+
+import FinanceurMessages from '../../utils/Financeur/fr.json';
+
+interface FunderProps {
+ disabled?: boolean;
+}
+
+export interface Enterprise {
+ id?: string;
+ emailFormat?: string[];
+ funderType?: string;
+ name?: string;
+ hasManualAffiliation?: boolean;
+}
+
+const FinanceurDropDown = ({ disabled }: FunderProps) => {
+ const notify = useNotify();
+ const { values } = useFormState();
+
+ const { data: funders } = useQuery(
+ 'funders',
+ async (): Promise => {
+ return await getFunders();
+ },
+ {
+ onError: () => {
+ notify(FinanceurMessages['funders.error'], 'error');
+ },
+ enabled: true,
+ retry: false,
+ staleTime: Infinity,
+ }
+ );
+
+ return (
+ ({
+ id,
+ name: `${name} (${funderType})`,
+ emailFormat,
+ hasManualAffiliation,
+ })
+ )
+ }
+ onInputValueChange={(_, data) =>
+ (values.emailFormat = data?.selectedItem?.emailFormat) &&
+ (values.hasManualAffiliation = data?.selectedItem?.hasManualAffiliation)
+ }
+ />
+ );
+};
+
+export default FinanceurDropDown;
diff --git a/administration/src/components/common/TerritoriesDropDown.tsx b/administration/src/components/common/TerritoriesDropDown.tsx
new file mode 100644
index 0000000..d15225a
--- /dev/null
+++ b/administration/src/components/common/TerritoriesDropDown.tsx
@@ -0,0 +1,115 @@
+/* eslint-disable */
+import { useEffect, useState, FC } from 'react';
+import { required, useNotify, AutocompleteInput } from 'react-admin';
+import { useFormState } from 'react-final-form';
+import { useQuery } from 'react-query';
+import { getTerritories } from '../../api/territories';
+import { checkNamesLength } from '../../utils/checkNamesLength';
+import { removeWhiteSpace } from '../../utils/helpers';
+import TerritoryMessages from '../../utils/Territory/fr.json';
+
+interface TerritoryProps {
+ canCreate?: boolean;
+}
+
+interface TerritoryOption {
+ id?: string;
+ name: string;
+ label: string;
+}
+
+const TerritoriesDropDown: FC = ({ canCreate = true }) => {
+ const notify = useNotify();
+ const { values } = useFormState();
+
+ const [territoriesList, setTerritoriesList] = useState([]);
+ const [selectedOption, setSelectedOption] = useState(null);
+
+ const { data: territories } = useQuery(
+ 'territories',
+ async (): Promise => {
+ return await getTerritories();
+ },
+ {
+ onError: () => {
+ notify(TerritoryMessages['territory.error'], 'error');
+ },
+ enabled: true,
+ }
+ );
+
+ const checkExistingValue = (value: string): TerritoryOption | undefined =>
+ territoriesList.find(
+ (choice) => choice?.name?.toLowerCase() === value?.toLowerCase()
+ );
+
+ const handleInputChanged = (data: TerritoryOption): void => {
+ setSelectedOption(data);
+ };
+
+ const handleOptionChange = (choice: TerritoryOption): string =>
+ choice?.label ? choice.label : choice?.name;
+
+ const handleCreateOption = (value: string): TerritoryOption => {
+ if (value) {
+ value = removeWhiteSpace(value);
+ const foundValue = checkExistingValue(value);
+ if (!foundValue) {
+ const newTerritory = { name: value, label: value };
+ setTerritoriesList([...territoriesList, newTerritory]);
+ return newTerritory;
+ }
+ return foundValue;
+ }
+ };
+
+ let createProp = {};
+ if (canCreate) {
+ createProp['onCreate'] = handleCreateOption;
+ }
+
+ useEffect(() => {
+ setTerritoriesList(
+ territories &&
+ territories.map((elt: TerritoryOption) => {
+ elt.label = `${elt.name} (créé)`;
+ return elt;
+ })
+ );
+ }, [territories]);
+
+ useEffect(() => {
+ // ID GENERATED WHEN CREATING A NEW ITEM ON LIST CHOICES
+ if (selectedOption) {
+ if (selectedOption?.id === '@@ra-create') {
+ values.territoryName = values?.territory?.name; // TODO: REMOVING DEPRECATED territoryName.
+ const foundValue = checkExistingValue(values?.territory?.name);
+ if (foundValue) {
+ values.territory.id = foundValue?.id;
+ }
+ } else {
+ values.territory = {
+ id: selectedOption?.id,
+ name: selectedOption?.name,
+ };
+ values.territoryName = selectedOption?.name; // TODO: REMOVING DEPRECATED territoryName.
+ }
+ }
+ }, [selectedOption, values]);
+
+ return (
+
+ );
+};
+
+export default TerritoriesDropDown;
diff --git a/administration/src/components/customTheme/customTheme.tsx b/administration/src/components/customTheme/customTheme.tsx
new file mode 100644
index 0000000..f63d775
--- /dev/null
+++ b/administration/src/components/customTheme/customTheme.tsx
@@ -0,0 +1,18 @@
+import { createTheme } from '@material-ui/core/styles';
+import { defaultTheme } from 'react-admin';
+
+const customTheme = createTheme({
+ ...defaultTheme,
+ palette: {
+ primary: {
+ main: '#464cd0',
+ contrastText: '#FFFFFF',
+ },
+ secondary: {
+ main: '#01bf7d',
+ contrastText: '#FFFFFF',
+ },
+ },
+});
+
+export default customTheme;
diff --git a/administration/src/components/styles/DynamicForm.css b/administration/src/components/styles/DynamicForm.css
new file mode 100644
index 0000000..0ea219c
--- /dev/null
+++ b/administration/src/components/styles/DynamicForm.css
@@ -0,0 +1,60 @@
+.css-2b097c-container {
+ z-index: 1000;
+}
+
+.css-1hb7zxy-IndicatorsContainer {
+ display: none !important;
+}
+
+.css-yk16xz-control {
+ background-color: hsl(0deg 0% 96%) !important;
+}
+
+.css-g1d714-ValueContainer {
+ height: 48px !important;
+}
+
+.ra-input-mde {
+ margin: 8px 0px 4px 0px;
+}
+
+.simpleForm1 .MuiTypography-body1 {
+ visibility: hidden;
+}
+
+.simpleForm1 {
+ display: flex;
+ flex-wrap: wrap;
+ justify-content: space-between;
+}
+.simpleForm1 > * {
+ border: 1px solid rgba(0, 0, 0, 0.1);
+ border-radius: 10px;
+ padding: 1em !important;
+ margin: 5px;
+}
+
+.simpleForm1 > li:last-child {
+ min-width: 700px;
+ border: none;
+}
+
+.simpleForm1 li {
+ flex-direction: column;
+ max-width: 300px;
+ width: 100%;
+ height: fit-content;
+}
+
+.simpleForm2 li {
+ flex-direction: row;
+ justify-content: flex-start;
+}
+
+.simpleForm2 > li:first-child span {
+ width: auto;
+}
+
+.simpleForm1 p {
+ display: none;
+}
diff --git a/administration/src/components/utilisateurs/CommunauteCheckBox.tsx b/administration/src/components/utilisateurs/CommunauteCheckBox.tsx
new file mode 100644
index 0000000..69ba573
--- /dev/null
+++ b/administration/src/components/utilisateurs/CommunauteCheckBox.tsx
@@ -0,0 +1,64 @@
+/* eslint-disable */
+import { useNotify, CheckboxGroupInput } from 'react-admin';
+import { useFormState } from 'react-final-form';
+import { useQuery } from 'react-query';
+
+import CommunautesMessages from '../../utils/Communaute/fr.json';
+import { ROLES } from '../../utils/constant';
+import { getFunderCommunityList } from '../../api/communautes';
+
+const CommunauteCheckBox = () => {
+ const notify = useNotify();
+ const { values } = useFormState();
+
+ const enabled =
+ !!values &&
+ !!values.funderId &&
+ !!values.roles &&
+ (typeof values.roles === 'string'
+ ? values.roles.split(' ; ').some((role) => role === ROLES.gestionnaires)
+ : values.roles.some((role) => role === ROLES.gestionnaires));
+ const { data: communities } = useQuery(
+ `funders/${values.funderId}/communities`,
+ async (): Promise => {
+ return await getFunderCommunityList(values.funderId);
+ },
+ {
+ onError: () => {
+ notify(CommunautesMessages['communautés.error'], 'error');
+ },
+ enabled,
+ staleTime: 300000,
+ }
+ );
+
+ const validateCommunities = (communityIds) => {
+ const condition =
+ communityIds &&
+ communityIds.length > 0 &&
+ communities &&
+ communities.length > 0;
+
+ return condition ? undefined : 'Il faut cocher au moins une communauté';
+ };
+
+ if (enabled && communities && communities.length > 0)
+ return (
+
+ );
+ if (enabled && communities)
+ return (
+
+ Aucune communauté n'est créée pour ce financeur. Les droits seront
+ appliqués pour l'ensemble du périmètre financeur
+
+ );
+ return null;
+};
+
+export default CommunauteCheckBox;
diff --git a/administration/src/components/utilisateurs/RolesRadioButtons.tsx b/administration/src/components/utilisateurs/RolesRadioButtons.tsx
new file mode 100644
index 0000000..807c0ca
--- /dev/null
+++ b/administration/src/components/utilisateurs/RolesRadioButtons.tsx
@@ -0,0 +1,55 @@
+/* eslint-disable */
+import { useNotify, CheckboxGroupInput } from 'react-admin';
+import { RadioButtonChecked, RadioButtonUnchecked } from '@material-ui/icons';
+import { capitalize } from '@material-ui/core';
+import { useQuery } from 'react-query';
+
+import UtilisateursMessages from '../../utils/Utilisateur/fr.json';
+import { getRoles } from '../../api/roles';
+
+const RolesRadioButtons = () => {
+ const notify = useNotify();
+
+ const { data: roles } = useQuery(
+ 'roles',
+ async (): Promise => {
+ return await getRoles();
+ },
+ {
+ onError: () => {
+ notify(UtilisateursMessages['users.roles.error'], 'error');
+ },
+ enabled: true,
+ retry: false,
+ staleTime: Infinity,
+ }
+ );
+
+ const validateRoles = (roles) => {
+ return roles && roles.length > 0
+ ? undefined
+ : 'Il faut cocher au moins un rôle';
+ };
+
+ return (
+ (typeof v === 'string' ? v.split(' ; ') : v)}
+ choices={
+ roles &&
+ roles.map((role) => ({
+ id: role,
+ name: capitalize(role.replace(/s$/, '')),
+ }))
+ }
+ options={{
+ checkedIcon: ,
+ icon: ,
+ }}
+ validate={[validateRoles]}
+ />
+ );
+};
+
+export default RolesRadioButtons;
diff --git a/administration/src/components/utilisateurs/UtilisateurCreateForm.tsx b/administration/src/components/utilisateurs/UtilisateurCreateForm.tsx
new file mode 100644
index 0000000..7d0bacc
--- /dev/null
+++ b/administration/src/components/utilisateurs/UtilisateurCreateForm.tsx
@@ -0,0 +1,92 @@
+/* eslint-disable */
+import { useEffect } from 'react';
+import { TextInput, required, email, BooleanInput } from 'react-admin';
+import { CardContent, Box } from '@material-ui/core';
+import { useFormState } from 'react-final-form';
+
+import FinanceurDropDown from '../common/FinanceurDropDown';
+import CompteMessages from '../../utils/Compte/fr.json';
+import CommunauteCheckBox from './CommunauteCheckBox';
+import RolesRadioButtons from './RolesRadioButtons';
+import { checkNamesLength } from '../../utils/checkNamesLength';
+
+const UtilisateurCreateForm = (save, record) => {
+ const { values } = useFormState();
+
+ useEffect(() => {
+ !values.hasManualAffiliation
+ ? delete values?.canReceiveAffiliationMail
+ : null;
+ }, [values]);
+
+ const Spacer = () => ;
+
+ const checkPatternEmail = (email) => {
+ if (
+ email &&
+ values.emailFormat &&
+ values.emailFormat.some((elt: string) => email.endsWith(elt)) !== true
+ ) {
+ return CompteMessages['email.error.emailFormat'];
+ }
+ return undefined;
+ };
+
+ const validateEmail = email();
+
+ return (
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ {values?.hasManualAffiliation && (
+
+
+
+ )}
+
+
+
+
+
+
+
+
+
+
+
+ );
+};
+
+export default UtilisateurCreateForm;
diff --git a/administration/src/components/utilisateurs/UtilisateurEdit.tsx b/administration/src/components/utilisateurs/UtilisateurEdit.tsx
new file mode 100644
index 0000000..ceb702b
--- /dev/null
+++ b/administration/src/components/utilisateurs/UtilisateurEdit.tsx
@@ -0,0 +1,49 @@
+/* eslint-disable */
+import { FC } from 'react';
+import {
+ Edit,
+ EditProps,
+ SimpleForm,
+ useNotify,
+ useRedirect,
+ useRefresh,
+} from 'react-admin';
+import UtilisateurEditForm from './UtilisateurEditForm';
+import { errorFetching } from '../../utils/constant';
+
+const UtilisateurEdit: FC = (props) => {
+ const notify = useNotify();
+ const refresh = useRefresh();
+ const redirect = useRedirect();
+
+ const onSuccess = () => {
+ notify(`Le profil de l'utilisateur est modifié`, 'success');
+ redirect('/utilisateurs');
+ refresh();
+ };
+
+ const onFailure = () => {
+ notify(errorFetching.messageToDisplay, 'error');
+ };
+
+ return (
+ {
+ delete data.emailFormat;
+ delete data.hasManualAffiliation;
+ return data;
+ }}
+ {...props}
+ >
+
+
+
+
+ );
+};
+
+export default UtilisateurEdit;
diff --git a/administration/src/components/utilisateurs/UtilisateurEditForm.tsx b/administration/src/components/utilisateurs/UtilisateurEditForm.tsx
new file mode 100644
index 0000000..c9f5144
--- /dev/null
+++ b/administration/src/components/utilisateurs/UtilisateurEditForm.tsx
@@ -0,0 +1,71 @@
+/* eslint-disable */
+import { TextInput, required, BooleanInput } from 'react-admin';
+import { CardContent, Box } from '@material-ui/core';
+import { useFormState } from 'react-final-form';
+
+import FinanceurDropDown from '../common/FinanceurDropDown';
+import CommunauteCheckBox from './CommunauteCheckBox';
+import RolesRadioButtons from './RolesRadioButtons';
+import { checkNamesLength } from '../../utils/checkNamesLength';
+
+import '../styles/DynamicForm.css';
+
+const UtilisateurEditForm = () => {
+ const Spacer = () => ;
+
+ const { values } = useFormState();
+
+ return (
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ {values?.hasManualAffiliation && (
+
+
+
+ )}
+
+
+
+
+
+
+
+
+
+
+
+
+ );
+};
+
+export default UtilisateurEditForm;
diff --git a/administration/src/components/utilisateurs/UtilisateurForm.tsx b/administration/src/components/utilisateurs/UtilisateurForm.tsx
new file mode 100644
index 0000000..e9d7eb9
--- /dev/null
+++ b/administration/src/components/utilisateurs/UtilisateurForm.tsx
@@ -0,0 +1,57 @@
+/* eslint-disable */
+import {
+ Create,
+ SimpleForm,
+ useCreateContext,
+ useNotify,
+ useRedirect,
+ useRefresh,
+} from 'react-admin';
+
+import UtilisateurCreateForm from './UtilisateurCreateForm';
+import UtilisateurMessages from '../../utils/Utilisateur/fr.json';
+import CompteMessages from '../../utils/Compte/fr.json';
+import { errorFetching } from '../../utils/constant';
+
+const UtilisateurForm = (props) => {
+ const { save, record } = useCreateContext();
+
+ const notify = useNotify();
+ const refresh = useRefresh();
+ const redirect = useRedirect();
+
+ const onFailure = ({ message }) => {
+ const result =
+ message !== errorFetching.messageApi
+ ? UtilisateurMessages[message]
+ ? UtilisateurMessages[message]
+ : CompteMessages[message]
+ : errorFetching.messageToDisplay;
+ notify(result, 'error');
+ };
+
+ const onSuccess = ({ data }) => {
+ notify(`Création de l'utilisateur ${data.email} avec succès`, 'success');
+ redirect('/utilisateurs');
+ refresh();
+ };
+
+ return (
+ {
+ delete data.emailFormat;
+ delete data.hasManualAffiliation;
+ return data;
+ }}
+ >
+
+
+
+
+ );
+};
+export default UtilisateurForm;
diff --git a/administration/src/components/utilisateurs/UtilisateurList.tsx b/administration/src/components/utilisateurs/UtilisateurList.tsx
new file mode 100644
index 0000000..440f8b3
--- /dev/null
+++ b/administration/src/components/utilisateurs/UtilisateurList.tsx
@@ -0,0 +1,56 @@
+/* eslint-disable */
+import { FC } from 'react';
+import {
+ List,
+ Datagrid,
+ TextField,
+ Filter,
+ SearchInput,
+ EditButton,
+ DeleteButton,
+ BooleanField,
+} from 'react-admin';
+
+const UsersFilter = (props) => (
+
+
+
+);
+
+const UtilisateurList: FC = (props) => {
+ return (
+
}
+ sort={{ field: 'lastName', order: 'ASC' }}
+ exporter={false}
+ >
+
+
+
+
+
+
+
+
+
+
+
+
+
+ );
+};
+
+export default UtilisateurList;
diff --git a/administration/src/components/utilisateurs/index.tsx b/administration/src/components/utilisateurs/index.tsx
new file mode 100644
index 0000000..7925dbc
--- /dev/null
+++ b/administration/src/components/utilisateurs/index.tsx
@@ -0,0 +1,10 @@
+/* eslint-disable */
+import UtilisateurForm from './UtilisateurForm';
+import UtilisateurList from './UtilisateurList';
+import UtilisateurEdit from './UtilisateurEdit';
+
+export default {
+ create: UtilisateurForm,
+ list: UtilisateurList,
+ edit: UtilisateurEdit,
+};
diff --git a/administration/src/index.css b/administration/src/index.css
new file mode 100644
index 0000000..ec2585e
--- /dev/null
+++ b/administration/src/index.css
@@ -0,0 +1,13 @@
+body {
+ margin: 0;
+ font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Roboto', 'Oxygen',
+ 'Ubuntu', 'Cantarell', 'Fira Sans', 'Droid Sans', 'Helvetica Neue',
+ sans-serif;
+ -webkit-font-smoothing: antialiased;
+ -moz-osx-font-smoothing: grayscale;
+}
+
+code {
+ font-family: source-code-pro, Menlo, Monaco, Consolas, 'Courier New',
+ monospace;
+}
diff --git a/administration/src/index.tsx b/administration/src/index.tsx
new file mode 100644
index 0000000..395b749
--- /dev/null
+++ b/administration/src/index.tsx
@@ -0,0 +1,6 @@
+import React from 'react';
+import ReactDOM from 'react-dom';
+import './index.css';
+import App from './App';
+
+ReactDOM.render(, document.getElementById('root'));
diff --git a/administration/src/modules/Auth/authProvider.ts b/administration/src/modules/Auth/authProvider.ts
new file mode 100644
index 0000000..7162610
--- /dev/null
+++ b/administration/src/modules/Auth/authProvider.ts
@@ -0,0 +1,6 @@
+/* eslint-disable */
+const AuthProvider = async () => {
+ return Promise.resolve();
+};
+
+export default AuthProvider;
diff --git a/administration/src/react-app-env.d.ts b/administration/src/react-app-env.d.ts
new file mode 100644
index 0000000..6431bc5
--- /dev/null
+++ b/administration/src/react-app-env.d.ts
@@ -0,0 +1 @@
+///
diff --git a/administration/src/setupTests.ts b/administration/src/setupTests.ts
new file mode 100644
index 0000000..8f2609b
--- /dev/null
+++ b/administration/src/setupTests.ts
@@ -0,0 +1,5 @@
+// jest-dom adds custom jest matchers for asserting on DOM nodes.
+// allows you to do things like:
+// expect(element).toHaveTextContent(/react/i)
+// learn more: https://github.com/testing-library/jest-dom
+import '@testing-library/jest-dom';
diff --git a/administration/src/users.tsx b/administration/src/users.tsx
new file mode 100644
index 0000000..b3801d3
--- /dev/null
+++ b/administration/src/users.tsx
@@ -0,0 +1,29 @@
+/* eslint-disable */
+import * as React from 'react';
+import { Theme, useMediaQuery } from '@material-ui/core';
+import { SimpleList, List, Datagrid, EmailField, TextField } from 'react-admin';
+
+const UserList = (props) => {
+ const isSmall = useMediaQuery((theme: Theme) => theme.breakpoints.down('sm'));
+
+ return (
+
+ {isSmall ? (
+ record.name}
+ secondaryText={(record) => record.username}
+ tertiaryText={(record) => record.email}
+ />
+ ) : (
+
+
+
+
+
+
+ )}
+
+ );
+};
+
+export default UserList;
diff --git a/administration/src/utils/Aide/formHelper.ts b/administration/src/utils/Aide/formHelper.ts
new file mode 100644
index 0000000..28e3ad4
--- /dev/null
+++ b/administration/src/utils/Aide/formHelper.ts
@@ -0,0 +1,7 @@
+/* eslint-disable */
+import { regex } from 'react-admin';
+
+export const validateUrl = regex(
+ /^(?:http(s)?:\/\/)[\w.-]+(?:\.[\w\.-]+)+[\w\-\._~:%/?#[\]@!\$&'\(\)\*\+,;=.]+$/,
+ 'Entrez une url valide'
+);
diff --git a/administration/src/utils/Aide/fr.json b/administration/src/utils/Aide/fr.json
new file mode 100644
index 0000000..adb0658
--- /dev/null
+++ b/administration/src/utils/Aide/fr.json
@@ -0,0 +1,13 @@
+{
+ "incentives.error.required": "Attention, ce champ est obligatoire",
+ "incentives.error.title.minLength": "Le nom de l'aide doit faire plus de 3 caractères",
+ "incentives.error.validityDate.format": "La durée de validité doit être au format JJ/MM/AAAA",
+ "incentives.error.validityDate.minDate": "La durée de validité doit être supérieure à la date d'aujourd'hui",
+ "incentives.error.fundername.enterprise.notExist": "L'Entrepise renseignée n'existe pas",
+ "incentives.error.title.alreadyUsedForFunder": "Ce titre d'aide est déjà utilisé pour ce financeur",
+ "aides.edit.success": "L'aide \"{aidTitle}\" a été modifiée avec succès",
+ "aides.edit.title": "Modification d'une aide à la mobilité",
+ "aides.create.success": "L'aide \"{aidTitle}\" a été créée avec succès",
+ "aides.create.title": "Création d'une aide à la mobilité",
+ "territory.name.error.unique": "Attention, le nom de territoire est déjà utilisé. Veuillez le vérifier sur votre liste."
+}
diff --git a/administration/src/utils/Aide/fr.json.d.ts b/administration/src/utils/Aide/fr.json.d.ts
new file mode 100644
index 0000000..e643e33
--- /dev/null
+++ b/administration/src/utils/Aide/fr.json.d.ts
@@ -0,0 +1,14 @@
+interface Fr {
+ 'incentives.error.required': string;
+ 'incentives.error.title.minLength': string;
+ 'incentives.error.validityDate.format': string;
+ 'incentives.error.validityDate.minDate': string;
+ 'incentives.error.fundername.enterprise.notExist': string;
+ 'incentives.error.title.alreadyUsedForFunder': string;
+ 'aides.edit.success': string;
+ 'aides.edit.title': string;
+ 'aides.create.success': string;
+ 'aides.create.title': string;
+}
+declare const value: Fr;
+export = value;
diff --git a/administration/src/utils/Aide/validityDateRules.ts b/administration/src/utils/Aide/validityDateRules.ts
new file mode 100644
index 0000000..f3b32e8
--- /dev/null
+++ b/administration/src/utils/Aide/validityDateRules.ts
@@ -0,0 +1,19 @@
+/* eslint-disable */
+import { convertDateToString } from '../convertDateToString';
+import AidesMessages from './fr.json';
+
+// display only date to select to input validityDate
+export const startDateMin = () => {
+ var someDate = new Date();
+ return convertDateToString(
+ new Date(someDate.setDate(someDate.getDate() + 1))
+ );
+};
+
+// add validation to input validityDate
+export const dateMinValidation = (value) => {
+ if (value < startDateMin()) {
+ return AidesMessages['incentives.error.validityDate.minDate'];
+ }
+ return undefined;
+};
diff --git a/administration/src/utils/Collectivite/fr.json b/administration/src/utils/Collectivite/fr.json
new file mode 100644
index 0000000..e4cd29a
--- /dev/null
+++ b/administration/src/utils/Collectivite/fr.json
@@ -0,0 +1,5 @@
+{
+ "collectivities.error.required": "Attention, ce champ est obligatoire",
+ "collectivities.error.name.required": "Merci de renseigner le nom de la collectivité",
+ "collectivités.error.name.unique": "Attention, ce nom de collectivité est déjà utilisé"
+}
diff --git a/administration/src/utils/Collectivite/fr.json.d.ts b/administration/src/utils/Collectivite/fr.json.d.ts
new file mode 100644
index 0000000..ffe626e
--- /dev/null
+++ b/administration/src/utils/Collectivite/fr.json.d.ts
@@ -0,0 +1,12 @@
+interface Fr {
+ 'collectivities.error.required': string;
+ 'collectivities.error.name.required': string;
+ 'collectivités.error.name.unique': string;
+ 'collectivities.error.firstName': string;
+ 'collectivities.error.lastName': string;
+ 'collectivities.error.email': string;
+ 'collectivities.error.email.format': string;
+ 'collectivities.error.email.unique': string;
+}
+declare const value: Fr;
+export = value;
diff --git a/administration/src/utils/Communaute/fr.json b/administration/src/utils/Communaute/fr.json
new file mode 100644
index 0000000..cc4425f
--- /dev/null
+++ b/administration/src/utils/Communaute/fr.json
@@ -0,0 +1,5 @@
+{
+ "communautés.error": "Problème durant la récupération des communautés",
+ "communities.error.name.required": "Merci de renseigner le nom de la communauté",
+ "communities.error.name.unique": "Attention, ce nom de communauté est déjà utilisé"
+}
diff --git a/administration/src/utils/Compte/fr.json b/administration/src/utils/Compte/fr.json
new file mode 100644
index 0000000..8c1a7f2
--- /dev/null
+++ b/administration/src/utils/Compte/fr.json
@@ -0,0 +1,5 @@
+{
+ "email.error.unique": "Attention, cette adresse mail est déjà utilisée par une autre personne",
+ "email.error.format": "Attention, le format de votre email est incorrect",
+ "email.error.emailFormat": "Attention, le format de votre email n'est pas adéquat avec le format d'adresse de votre employeur"
+}
diff --git a/administration/src/utils/Entreprise/fr.json b/administration/src/utils/Entreprise/fr.json
new file mode 100644
index 0000000..cacb5f2
--- /dev/null
+++ b/administration/src/utils/Entreprise/fr.json
@@ -0,0 +1,6 @@
+{
+ "enterprises.error.required": "Attention, ce champ est obligatoire",
+ "enterprises.error.name.required": "Merci de renseigner le nom d'entreprise",
+ "enterprises.error.name.unique": "Attention, ce nom d'entreprise est déjà utilisé",
+ "enterprises.error.emailFormat.type": "Attention, un format d'email est invalide (@exemple.com)"
+}
diff --git a/administration/src/utils/Entreprise/fr.json.d.ts b/administration/src/utils/Entreprise/fr.json.d.ts
new file mode 100644
index 0000000..2e9222f
--- /dev/null
+++ b/administration/src/utils/Entreprise/fr.json.d.ts
@@ -0,0 +1,15 @@
+interface Fr {
+ 'enterprises.error.required': string;
+ 'enterprises.error.name.required': string;
+ 'enterprises.error.name.unique': string;
+ 'enterprises.error.email.required': string;
+ 'enterprises.error.firstName': string;
+ 'enterprises.error.lastName': string;
+ 'enterprises.error.email': string;
+ 'enterprises.error.email.format': string;
+ 'enterprises.error.emailFormat.type': string;
+ 'enterprises.error.email.unique': string;
+}
+
+declare const value: Fr;
+export = value;
diff --git a/administration/src/utils/Financeur/fr.json b/administration/src/utils/Financeur/fr.json
new file mode 100644
index 0000000..32c653e
--- /dev/null
+++ b/administration/src/utils/Financeur/fr.json
@@ -0,0 +1,4 @@
+{
+ "funders.error": "Problème durant la récupération des financeurs",
+ "funders.error.clients.list": "Problème durant la récupération des clients"
+}
diff --git a/administration/src/utils/Territory/fr.json b/administration/src/utils/Territory/fr.json
new file mode 100644
index 0000000..0dad841
--- /dev/null
+++ b/administration/src/utils/Territory/fr.json
@@ -0,0 +1,4 @@
+{
+ "territory.name.error.unique": "Attention, ce nom de territoire est déjà utilisé. Veuillez le vérifier sur votre liste.",
+ "territory.error": "Problème durant la récupération des territoires"
+}
diff --git a/administration/src/utils/Utilisateur/fr.json b/administration/src/utils/Utilisateur/fr.json
new file mode 100644
index 0000000..489b6e4
--- /dev/null
+++ b/administration/src/utils/Utilisateur/fr.json
@@ -0,0 +1,7 @@
+{
+ "citizens.error.required": "Attention, ce champ est obligatoire",
+ "users.roles.error": "Problème durant la récupération des roles",
+ "users.error.roles.mismatch": "Les roles selectionnés ne sont pas adéquats",
+ "users.error.communities.mismatch": "Les communautés selectionnées ne sont pas adéquates",
+ "email.error.emailFormat": "L'email ne respecte pas les formats de l'entreprise"
+}
diff --git a/administration/src/utils/checkNamesLength.ts b/administration/src/utils/checkNamesLength.ts
new file mode 100644
index 0000000..44f9b11
--- /dev/null
+++ b/administration/src/utils/checkNamesLength.ts
@@ -0,0 +1,6 @@
+/* eslint-disable */
+export const checkNamesLength = (name) => {
+ return name && name.length >= 2
+ ? undefined
+ : 'Ce champ doit faire au moins 2 caractères';
+};
diff --git a/administration/src/utils/constant.ts b/administration/src/utils/constant.ts
new file mode 100644
index 0000000..dc0d398
--- /dev/null
+++ b/administration/src/utils/constant.ts
@@ -0,0 +1,73 @@
+/* eslint-disable */
+
+export const API_VERSION = 'v1';
+
+export async function URL_API() {
+ const response = await (await fetch('/keycloak.json')).json();
+ let API_FQDN = response.apiConfig;
+ return API_FQDN + API_VERSION;
+}
+
+export const TRANSPORT_CHOICE = [
+ { id: 'transportsCommun', name: 'Transports en commun' },
+ { id: 'velo', name: 'Vélo' },
+ { id: 'voiture', name: 'Voiture' },
+ { id: 'libreService', name: '2 ou 3 roues en libre-service' },
+ { id: 'electrique', name: '2 ou 3 roues électrique' },
+ { id: 'autopartage', name: 'Autopartage' },
+ { id: 'covoiturage', name: 'Covoiturage' },
+];
+
+export const NATIONAL_INCENTIVE = 'AideNationale';
+export const TERRITORY_INCENTIVE = 'AideTerritoire';
+export const EMPLOYER_INCENTIVE = 'AideEmployeur';
+
+export const INCENTIVE_TYPE_CHOICE = [
+ { id: NATIONAL_INCENTIVE, name: 'Aide nationale' },
+ { id: TERRITORY_INCENTIVE, name: 'Aide de mon territoire' },
+ { id: EMPLOYER_INCENTIVE, name: 'Aide de mon employeur' },
+];
+
+export const MAPPING_FUNDER_TYPE = {
+ [NATIONAL_INCENTIVE]: 'nationale',
+ [TERRITORY_INCENTIVE]: 'collectivité',
+ [EMPLOYER_INCENTIVE]: 'entreprise',
+};
+
+export const PROOF_CHOICE = [
+ { id: 'identite', name: "Pièce d'Identité" },
+ {
+ id: 'justificatifDomicile',
+ name: 'Justificatif de domicile de moins de 3 mois',
+ },
+ { id: 'certificatMedical', name: 'Certificat médical' },
+ { id: 'rib', name: 'RIB' },
+ { id: 'attestationHonneur', name: "Attestation sur l'Honneur" },
+ { id: 'factureAchat', name: "Facture d'achat" },
+ { id: 'certificatImmatriculation', name: "Certificat d'immatriculation" },
+ { id: 'justificatifEmancipation', name: "Justificatif d'émancipation" },
+ { id: 'impositionRevenu', name: "Dernier avis d'imposition sur le revenu" },
+ {
+ id: 'situationPoleEmploi',
+ name: 'Dernier relevé de situation Pôle Emploi',
+ },
+ { id: 'certificatScolarite', name: 'Certificat de Scolarité' },
+];
+
+export const INPUT_FORMAT_CHOICE = [
+ { id: 'Texte', name: 'Texte' },
+ { id: 'Date', name: 'Date' },
+ { id: 'Numerique', name: 'Numérique' },
+ { id: 'listeChoix', name: 'Sélection parmi une liste de choix' },
+];
+
+export const errorFetching = {
+ messageApi: 'Failed to fetch',
+ messageToDisplay:
+ "Il semble qu'il y ait un problème, votre requête n'a pas pu aboutir. Merci de réessayer ultérieurement.",
+};
+
+export const ROLES = {
+ gestionnaires: 'gestionnaires',
+ superviseurs: 'superviseurs',
+};
diff --git a/administration/src/utils/convertDateToString.ts b/administration/src/utils/convertDateToString.ts
new file mode 100644
index 0000000..34f1056
--- /dev/null
+++ b/administration/src/utils/convertDateToString.ts
@@ -0,0 +1,40 @@
+/* eslint-disable */
+/**
+ * Convert Date object to String
+ *
+ * @param {Date} value value to convert
+ * @returns {String} A standardized date (yyyy-MM-dd), to be passed to an
+ */
+export const convertDateToString = (value: Date) => {
+ if (!(value instanceof Date) || isNaN(value.getDate())) return '';
+ const pad = '00';
+ const yyyy = value.getFullYear().toString();
+ const MM = (value.getMonth() + 1).toString();
+ const dd = value.getDate().toString();
+ return `${yyyy}-${(pad + MM).slice(-2)}-${(pad + dd).slice(-2)}`;
+};
+
+export const getDate = (value: string | Date) => {
+ const dateRegex = /^\d{4}-\d{2}-\d{2}$/;
+ // null, undefined and empty string values should not go through dateFormatter
+ // otherwise, it returns undefined and will make the input an uncontrolled one.
+ if (value == null || value === '') {
+ return undefined;
+ }
+
+ if (value instanceof Date) {
+ return convertDateToString(value);
+ }
+
+ // valid dates should not be converted
+ if (dateRegex.test(value)) {
+ return value;
+ }
+ return convertDateToString(new Date(value));
+};
+
+export const startDateMin = () => {
+ return convertDateToString(
+ new Date(new Date().setDate(new Date().getDate() + 1))
+ );
+};
diff --git a/administration/src/utils/helpers.ts b/administration/src/utils/helpers.ts
new file mode 100644
index 0000000..c89933d
--- /dev/null
+++ b/administration/src/utils/helpers.ts
@@ -0,0 +1,20 @@
+/* eslint-disable */
+export const isEmailFormatValid = (email) => {
+ const regex = new RegExp(
+ /^@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/
+ );
+ return email.match(regex);
+};
+
+/**
+ * Returns the string with white spaces removed
+ */
+export const removeWhiteSpace = (word: string): string => {
+ /**
+ * Regex for removing white spaces.
+ * Exemple : " Removing white spaces " returns "Removing white spaces".
+ */
+ const removeSpacesRegex: RegExp = new RegExp('^\\s+|\\s+$|\\s+(?=\\s)', 'g');
+ const newWord: string = word.replace(removeSpacesRegex, '');
+ return newWord;
+};
diff --git a/administration/src/utils/httpHeaders.ts b/administration/src/utils/httpHeaders.ts
new file mode 100644
index 0000000..50b39cf
--- /dev/null
+++ b/administration/src/utils/httpHeaders.ts
@@ -0,0 +1,14 @@
+/* eslint-disable */
+export const getAuthHeader = (): any => {
+ try {
+ let authHeader = null;
+ const token = localStorage.getItem('token');
+
+ if (token != null) {
+ authHeader = { Authorization: `Bearer ${token}` };
+ }
+ return authHeader;
+ } catch (error) {
+ throw new Error(error);
+ }
+};
diff --git a/administration/tsconfig.json b/administration/tsconfig.json
new file mode 100644
index 0000000..1785ea1
--- /dev/null
+++ b/administration/tsconfig.json
@@ -0,0 +1,20 @@
+{
+ "compilerOptions": {
+ "target": "es5",
+ "lib": ["dom", "dom.iterable", "esnext"],
+ "allowJs": true,
+ "skipLibCheck": true,
+ "esModuleInterop": true,
+ "allowSyntheticDefaultImports": true,
+ "strict": false,
+ "forceConsistentCasingInFileNames": true,
+ "noFallthroughCasesInSwitch": true,
+ "module": "esnext",
+ "moduleResolution": "node",
+ "resolveJsonModule": true,
+ "isolatedModules": true,
+ "noEmit": true,
+ "jsx": "react-jsx"
+ },
+ "include": ["./src/**/*"]
+}
diff --git a/analytics/.gitignore b/analytics/.gitignore
new file mode 100644
index 0000000..4cf73b6
--- /dev/null
+++ b/analytics/.gitignore
@@ -0,0 +1,2 @@
+# MCM temporary build assets
+init.sql
\ No newline at end of file
diff --git a/analytics/.gitlab-ci.yml b/analytics/.gitlab-ci.yml
new file mode 100644
index 0000000..310455e
--- /dev/null
+++ b/analytics/.gitlab-ci.yml
@@ -0,0 +1,19 @@
+include:
+ - local: "analytics/.gitlab-ci/preview.yml"
+ rules:
+ - if: $CI_COMMIT_BRANCH !~ /rc-.*/ && $CI_PIPELINE_SOURCE != "trigger" && $CI_PIPELINE_SOURCE != "schedule"
+ - local: "analytics/.gitlab-ci/testing.yml"
+ rules:
+ - if: $CI_COMMIT_BRANCH =~ /rc-.*/ && $CI_PIPELINE_SOURCE != "trigger"
+
+.analytics-base:
+ variables:
+ MODULE_NAME: analytics
+ MODULE_PATH: ${MODULE_NAME}
+ MATOMO_IMAGE_NAME: ${NEXUS_DOCKER_REPOSITORY_URL}/bitnami/matomo:4.8.0
+ NEXUS_IMAGE_MARIADB: ${NEXUS_DOCKER_REPOSITORY_URL}/mariadb:10.6
+ only:
+ changes:
+ - "*"
+ - "commons/**/*"
+ - "analytics/**/*"
diff --git a/analytics/.gitlab-ci/preview.yml b/analytics/.gitlab-ci/preview.yml
new file mode 100644
index 0000000..b53146e
--- /dev/null
+++ b/analytics/.gitlab-ci/preview.yml
@@ -0,0 +1,12 @@
+analytics_preview_deploy:
+ extends:
+ - .preview-deploy-job
+ - .analytics-base
+ - .manual
+ environment:
+ on_stop: analytics_preview_cleanup
+
+analytics_preview_cleanup:
+ extends:
+ - .commons_preview_cleanup
+ - .analytics-base
diff --git a/analytics/.gitlab-ci/testing.yml b/analytics/.gitlab-ci/testing.yml
new file mode 100644
index 0000000..31acfb6
--- /dev/null
+++ b/analytics/.gitlab-ci/testing.yml
@@ -0,0 +1,4 @@
+analytics_testing_deploy:
+ extends:
+ - .testing-deploy-job
+ - .analytics-base
diff --git a/analytics/Chart.yaml b/analytics/Chart.yaml
new file mode 100644
index 0000000..c3dcb0d
--- /dev/null
+++ b/analytics/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+appVersion: 1.0.0
+description: A Helm chart for Kubernetes
+name: ${MODULE_PATH}
+type: application
+version: 1.0.0
diff --git a/analytics/README.md b/analytics/README.md
new file mode 100644
index 0000000..09ad9f0
--- /dev/null
+++ b/analytics/README.md
@@ -0,0 +1,33 @@
+# Description
+
+Le service analytics se base sur la brique logicielle **[Matomo](https://matomo.org/matomo-analytics-the-google-analytics-alternative-that-protects-your-data-variation/)**
+
+Elle nous permet de collecter les données utilisateur sur certaines pages tout en étant RGPD-compliant et ainsi de remonter des métriques d'audiences à des administrateurs fonctionnels.
+
+# Installation en local
+
+Pas d'installation prévue en local pour ce service
+
+## URL / Port
+
+Pas d'installation prévue en local pour ce service
+
+# Précisions pipelines
+
+## Preview
+
+Pas de précisions nécéssaires pour ce service
+
+## Testing
+
+Sur cet environnement, la bdd maria est hébergée sur Azure. Le paramétrage de la bdd est donc à faire en amont.
+
+# Relation avec les autres services
+
+Comme présenté dans le [schéma d'architecture détaillée](docs/assets/MOB-CME_Archi_technique_detaillee.png), les informations désignées pour le tracking sont envoyées à analytics en continu suite à la fréquentation et l'utilisation des services _website_ de la plateforme.
+
+Seulement certaines actions & pages sont trackées au niveau de website et KC.
+
+# Tests Unitaires
+
+Pas de tests unitaires nécéssaires pour ce service
diff --git a/analytics/analytics-testing-values.yaml b/analytics/analytics-testing-values.yaml
new file mode 100644
index 0000000..772906c
--- /dev/null
+++ b/analytics/analytics-testing-values.yaml
@@ -0,0 +1,151 @@
+services:
+ - metadata:
+ annotations:
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ kompose.image-pull-secret: ${PROXY_IMAGE_PULL_SECRET_NAME}
+ kompose.service.type: clusterip
+ kubernetes.io/ingress.class: traefik
+ creationTimestamp: null
+ labels:
+ io.kompose.service: analytics
+ name: analytics
+ spec:
+ ports:
+ - name: "8082"
+ port: 8082
+ targetPort: 8080
+ selector:
+ io.kompose.service: analytics
+ type: ClusterIP
+ status:
+ loadBalancer: {}
+
+persistentVolumeClaim:
+ - metadata:
+ annotations:
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ kubernetes.io/ingress.class: traefik
+ creationTimestamp: null
+ labels:
+ io.kompose.service: matomo-data
+ name: matomo-data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 100Mi
+ status: {}
+
+deployments:
+ - metadata:
+ annotations:
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ kompose.image-pull-secret: ${PROXY_IMAGE_PULL_SECRET_NAME}
+ kompose.service.type: clusterip
+ kubernetes.io/ingress.class: traefik
+ labels:
+ io.kompose.service: analytics
+ name: analytics
+ spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ io.kompose.service: analytics
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ annotations:
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ kompose.image-pull-secret: ${PROXY_IMAGE_PULL_SECRET_NAME}
+ kompose.service.type: clusterip
+ kubernetes.io/ingress.class: traefik
+ labels:
+ io.kompose.network/maria-matomo-nw: "true"
+ io.kompose.network/web-nw: "true"
+ io.kompose.service: analytics
+ spec:
+ containers:
+ env:
+ MATOMO_DATABASE_HOST: ${TESTING_MARIADB_SERVICE_NAME}
+ MATOMO_DATABASE_NAME: matomo_db
+ MATOMO_DATABASE_PASSWORD: ${TESTING_ANALYTICS_DB_DEV_PASSWORD}
+ MATOMO_DATABASE_PORT_NUMBER: 3306
+ MATOMO_DATABASE_USER: ${TESTING_ANALYTICS_DB_DEV_USER}
+ MATOMO_EMAIL: ${TESTING_ANALYTICS_SUPER_EMAIL}
+ MATOMO_PASSWORD: ${TESTING_ANALYTICS_SUPER_PASSWORD}
+ MATOMO_USERNAME: ${TESTING_ANALYTICS_SUPER_USER}
+ MATOMO_WEBSITE_HOST: ${WEBSITE_FQDN}
+ MATOMO_WEBSITE_NAME: ${WEBSITE_FQDN}
+ image: ${MATOMO_IMAGE_NAME}
+ name: analytics
+ ports:
+ - containerPort: 8080
+ resources: {}
+ volumeMounts:
+ - mountPath: /bitnami/matomo
+ name: matomo-data
+ imagePullSecrets:
+ - name: ${PROXY_IMAGE_PULL_SECRET_NAME}
+ restartPolicy: Always
+ securityContext:
+ fsGroup: 1000
+ volumes:
+ - name: matomo-data
+ persistentVolumeClaim:
+ claimName: matomo-data
+ status: {}
+
+networkPolicies:
+ - metadata:
+ annotations:
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ kubernetes.io/ingress.class: traefik
+ name: web-nw
+ spec:
+ ingress:
+ - from:
+ - namespaceSelector:
+ matchLabels:
+ com.capgemini.mcm.ingress: "true"
+ podSelector:
+ matchLabels:
+ io.kompose.network/web-nw: "true"
+
+ingressRoutes:
+ - metadata:
+ annotations:
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ kubernetes.io/ingress.class: traefik
+ name: analytics
+ spec:
+ entryPoints:
+ - web
+ routes:
+ - kind: Rule
+ match: Host(`${MATOMO_FQDN}`)
+ middlewares:
+ - name: analytics-headers
+ services:
+ - kind: Service
+ name: analytics
+ port: 8082
+
+middlewares:
+ - metadata:
+ annotations:
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ kubernetes.io/ingress.class: traefik
+ name: analytics-headers
+ spec:
+ headers:
+ customRequestHeaders:
+ X-Forwarded-Proto: https
diff --git a/analytics/kompose.yml b/analytics/kompose.yml
new file mode 100644
index 0000000..54be8c8
--- /dev/null
+++ b/analytics/kompose.yml
@@ -0,0 +1,56 @@
+version: "3"
+
+services:
+ mariadb:
+ image: ${NEXUS_IMAGE_MARIADB}
+ command: --max_allowed_packet=67108864 # Set max_allowed_packet to 64MB (default value is 16MB and Matomo need of 64MB min for performed)
+ environment:
+ - MYSQL_USER=${ANALYTICS_DB_DEV_USER}
+ - MYSQL_PASSWORD=${ANALYTICS_DB_DEV_PASSWORD}
+ - MYSQL_DATABASE=matomo_db
+ - MYSQL_ROOT_PASSWORD=${ANALYTICS_DB_ROOT_PASSWORD}
+ volumes:
+ - mariadb_data:/var/lib/mysql
+ networks:
+ - maria-matomo-nw
+ ports:
+ - "3006:3306"
+ labels:
+ - "kompose.image-pull-secret=${PROXY_IMAGE_PULL_SECRET_NAME}"
+ - "kompose.service.type=clusterip"
+ - "traefik.enable=false"
+ # - "kompose.volume.size=500Mi"
+
+ analytics:
+ image: ${MATOMO_IMAGE_NAME}
+ environment:
+ - MATOMO_USERNAME=${ANALYTICS_SUPER_USER}
+ - MATOMO_PASSWORD=${ANALYTICS_SUPER_PASSWORD}
+ - MATOMO_EMAIL=${ANALYTICS_SUPER_EMAIL}
+ - MATOMO_DATABASE_PORT_NUMBER=3006
+ - MATOMO_DATABASE_HOST=mariadb
+ - MATOMO_DATABASE_USER=${ANALYTICS_DB_DEV_USER}
+ - MATOMO_DATABASE_PASSWORD=${ANALYTICS_DB_DEV_PASSWORD}
+ - MATOMO_DATABASE_NAME=matomo_db
+ - MATOMO_WEBSITE_NAME=${WEBSITE_FQDN}
+ - MATOMO_WEBSITE_HOST=${WEBSITE_FQDN}
+ volumes:
+ - matomo_data:/bitnami/matomo
+ depends_on:
+ - mariadb
+ networks:
+ - maria-matomo-nw
+ - web-nw
+ ports:
+ - "8082:8080"
+ labels:
+ - "kompose.image-pull-secret=${PROXY_IMAGE_PULL_SECRET_NAME}"
+ - "kompose.service.type=clusterip"
+
+volumes:
+ mariadb_data:
+ matomo_data:
+
+networks:
+ web-nw:
+ maria-matomo-nw:
diff --git a/analytics/overlays/analytics-certificate.yml b/analytics/overlays/analytics-certificate.yml
new file mode 100644
index 0000000..7777315
--- /dev/null
+++ b/analytics/overlays/analytics-certificate.yml
@@ -0,0 +1,12 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: analytics-cert
+spec:
+ dnsNames:
+ - "*.${landscape_subdomain}"
+ issuerRef:
+ group: cert-manager.io
+ kind: ClusterIssuer
+ name: ${CLUSTER_ISSUER}
+ secretName: ${SECRET_NAME}
diff --git a/analytics/overlays/analytics-ingressroute.yml b/analytics/overlays/analytics-ingressroute.yml
new file mode 100644
index 0000000..5829e7e
--- /dev/null
+++ b/analytics/overlays/analytics-ingressroute.yml
@@ -0,0 +1,26 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+ name: analytics
+ annotations:
+ kubernetes.io/ingress.class: traefik
+spec:
+ entryPoints:
+ - web
+ # - websecure
+ routes:
+ - match: Host(`${MATOMO_FQDN}`)
+ kind: Rule
+ middlewares:
+ - name: analytics-headers
+ services:
+ - kind: Service
+ name: analytics
+ port: 8082
+ # tls:
+ # secretName: ${SECRET_NAME} # analytics-tls # cert-dev
+ # domains:
+ # - main: ${BASE_DOMAIN}
+ # sans:
+ # - "*.preview.${BASE_DOMAIN}"
+ # - "*.testing.${BASE_DOMAIN}"
diff --git a/analytics/overlays/analytics-middleware.yml b/analytics/overlays/analytics-middleware.yml
new file mode 100644
index 0000000..5bcb66e
--- /dev/null
+++ b/analytics/overlays/analytics-middleware.yml
@@ -0,0 +1,8 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: analytics-headers
+spec:
+ headers:
+ customRequestHeaders:
+ X-Forwarded-Proto: "https"
diff --git a/analytics/overlays/analytics_configmap.yml b/analytics/overlays/analytics_configmap.yml
new file mode 100644
index 0000000..0281745
--- /dev/null
+++ b/analytics/overlays/analytics_configmap.yml
@@ -0,0 +1,18 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: mariadb
+spec:
+ template:
+ spec:
+ containers:
+ - name: mariadb
+ volumeMounts:
+ - name: dump-db
+ mountPath: /docker-entrypoint-initdb.d/mcm-matomo-dump.sql
+ securityContext:
+ fsGroup: 1000
+ volumes:
+ - name: dump-db
+ configMap:
+ name: analytics-dump-db
diff --git a/analytics/overlays/analytics_deployment_set_fsgroup.yml b/analytics/overlays/analytics_deployment_set_fsgroup.yml
new file mode 100644
index 0000000..10b471b
--- /dev/null
+++ b/analytics/overlays/analytics_deployment_set_fsgroup.yml
@@ -0,0 +1,9 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: analytics
+spec:
+ template:
+ spec:
+ securityContext:
+ fsGroup: 1000
diff --git a/analytics/overlays/kustomization.yaml b/analytics/overlays/kustomization.yaml
new file mode 100644
index 0000000..9066fb4
--- /dev/null
+++ b/analytics/overlays/kustomization.yaml
@@ -0,0 +1,19 @@
+commonAnnotations:
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ kubernetes.io/ingress.class: traefik
+
+resources:
+ - analytics-ingressroute.yml
+ - analytics-middleware.yml
+ # - analytics-certificate.yml
+
+patchesStrategicMerge:
+ - analytics_deployment_set_fsgroup.yml
+ - web_nw_networkpolicy_namespaceselector.yml
+# - analytics_configmap.yml
+
+# configMapGenerator:
+# - name: analytics-dump-db
+# files:
+# - config/mcm-matomo-dump.sql
diff --git a/analytics/overlays/web_nw_networkpolicy_namespaceselector.yml b/analytics/overlays/web_nw_networkpolicy_namespaceselector.yml
new file mode 100644
index 0000000..53e6193
--- /dev/null
+++ b/analytics/overlays/web_nw_networkpolicy_namespaceselector.yml
@@ -0,0 +1,10 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: web-nw
+spec:
+ ingress:
+ - from:
+ - namespaceSelector:
+ matchLabels:
+ com.capgemini.mcm.ingress: "true"
diff --git a/antivirus/.gitlab-ci.yml b/antivirus/.gitlab-ci.yml
new file mode 100644
index 0000000..12f5cad
--- /dev/null
+++ b/antivirus/.gitlab-ci.yml
@@ -0,0 +1,18 @@
+include:
+ - local: "antivirus/.gitlab-ci/preview.yml"
+ rules:
+ - if: $CI_COMMIT_BRANCH !~ /rc-.*/ && $CI_PIPELINE_SOURCE != "trigger" && $CI_PIPELINE_SOURCE != "schedule"
+ - local: "antivirus/.gitlab-ci/testing.yml"
+ rules:
+ - if: $CI_COMMIT_BRANCH =~ /rc-.*/ && $CI_PIPELINE_SOURCE != "trigger"
+
+.antivirus-base:
+ variables:
+ MODULE_NAME: antivirus
+ MODULE_PATH: ${MODULE_NAME}
+ ANTIVIRUS_IMAGE_NAME: ${NEXUS_DOCKER_REGISTRY_URL}/clamav/clamav:stable
+ only:
+ changes:
+ - "*"
+ - "commons/**/*"
+ - "antivirus/**/*"
diff --git a/antivirus/.gitlab-ci/preview.yml b/antivirus/.gitlab-ci/preview.yml
new file mode 100644
index 0000000..59ba008
--- /dev/null
+++ b/antivirus/.gitlab-ci/preview.yml
@@ -0,0 +1,13 @@
+antivirus_preview_deploy:
+ extends:
+ - .preview-deploy-job
+ - .antivirus-base
+ - .only-master
+ environment:
+ on_stop: antivirus_preview_cleanup
+
+antivirus_preview_cleanup:
+ extends:
+ - .commons_preview_cleanup
+ - .antivirus-base
+ - .only-master
diff --git a/antivirus/.gitlab-ci/testing.yml b/antivirus/.gitlab-ci/testing.yml
new file mode 100644
index 0000000..0df42ab
--- /dev/null
+++ b/antivirus/.gitlab-ci/testing.yml
@@ -0,0 +1,4 @@
+antivirus_testing_deploy:
+ extends:
+ - .testing-deploy-job
+ - .antivirus-base
diff --git a/antivirus/Chart.yaml b/antivirus/Chart.yaml
new file mode 100644
index 0000000..c3dcb0d
--- /dev/null
+++ b/antivirus/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+appVersion: 1.0.0
+description: A Helm chart for Kubernetes
+name: ${MODULE_PATH}
+type: application
+version: 1.0.0
diff --git a/antivirus/README.md b/antivirus/README.md
new file mode 100644
index 0000000..06bfa0e
--- /dev/null
+++ b/antivirus/README.md
@@ -0,0 +1,41 @@
+# Description
+
+Le service antivirus se base sur la brique logicielle **[Clamav](https://www.clamav.net/)**
+
+Elle permet de scanner les fichiers que moB peut recevoir lors de la souscription à une aide et ainsi de ne pas autoriser l'upload de fichiers vérolés dans le service de stockage.
+
+C'est la fonctionnalité INSTREAM de Clamav qui est utilisée pour scanner les fichiers.
+
+# Installation en local
+```sh
+docker run -d --name clamav -p 3310:3310 clamav/clamav:stable
+```
+## URL / Port
+- URL : localhost
+- Port : 3310
+
+# Précisions pipelines
+
+## Preview
+
+Pas de précisions nécéssaires pour ce service
+
+## Testing
+
+Pas de précisions nécéssaires pour ce service
+
+# Relation avec les autres services
+
+Comme présenté dans le [schéma d'architecture détaillée](docs/assets/MOB-CME_Archi_technique_detaillee.png), l'api effectue une requête TCP vers l'antivirus pour chaque fichier uploadé pour les souscriptions.
+
+L'api effectue une requête TCP via une fonction de scanStream permettant d'analyser le stream binaire des fichiers envoyés. Ainsi, ils ne sont pas stockés (vérolé ou non) dans l'antivirus.
+
+L'antivirus renvoie alors une réponse à l'api en précisant si le fichier est vérolé ou non.
+
+**Bilan des relations:**
+
+- Requête TCP de l'api vers l'antivirus
+
+# Tests Unitaires
+
+Pas de tests unitaires nécéssaires pour ce service
diff --git a/antivirus/antivirus-testing-values.yaml b/antivirus/antivirus-testing-values.yaml
new file mode 100644
index 0000000..8c95542
--- /dev/null
+++ b/antivirus/antivirus-testing-values.yaml
@@ -0,0 +1,65 @@
+services:
+ - metadata:
+ annotations:
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ kompose.image-pull-secret: ${PROXY_IMAGE_PULL_SECRET_NAME}
+ kompose.service.type: clusterip
+ kompose.volume.size: 200Mi
+ creationTimestamp: null
+ labels:
+ io.kompose.service: clamav
+ name: clamav
+ spec:
+ ports:
+ - name: "3310"
+ port: 3310
+ targetPort: 3310
+ selector:
+ io.kompose.service: clamav
+ type: ClusterIP
+ status:
+ loadBalancer: {}
+
+deployments:
+ - metadata:
+ annotations:
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ kompose.image-pull-secret: ${PROXY_IMAGE_PULL_SECRET_NAME}
+ kompose.service.type: clusterip
+ kompose.volume.size: 200Mi
+ creationTimestamp: null
+ labels:
+ io.kompose.service: clamav
+ name: clamav
+ spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ io.kompose.service: clamav
+ strategy: {}
+ template:
+ metadata:
+ annotations:
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ kompose.image-pull-secret: ${PROXY_IMAGE_PULL_SECRET_NAME}
+ kompose.volume.size: 200Mi
+ kompose.service.type: clusterip
+ creationTimestamp: null
+ labels:
+ io.kompose.service: clamav
+ spec:
+ containers:
+ image: ${ANTIVIRUS_IMAGE_NAME}
+ name: clamav
+ ports:
+ - containerPort: 3310
+ resources:
+ requests:
+ memory: 4Gi
+ imagePullSecrets:
+ - name: ${PROXY_IMAGE_PULL_SECRET_NAME}
+ restartPolicy: Always
+ status: {}
\ No newline at end of file
diff --git a/antivirus/kompose.yml b/antivirus/kompose.yml
new file mode 100644
index 0000000..2783332
--- /dev/null
+++ b/antivirus/kompose.yml
@@ -0,0 +1,10 @@
+version: "3"
+
+services:
+ clamav:
+ image: ${ANTIVIRUS_IMAGE_NAME}
+ ports:
+ - "3310"
+ labels:
+ - "kompose.image-pull-secret=${PROXY_IMAGE_PULL_SECRET_NAME}"
+ - "kompose.service.type=clusterip"
diff --git a/api/.dockerignore b/api/.dockerignore
new file mode 100644
index 0000000..eb357c0
--- /dev/null
+++ b/api/.dockerignore
@@ -0,0 +1,6 @@
+node_modules
+npm-debug.log
+/dist
+# Cache used by TypeScript's incremental build
+*.tsbuildinfo
+// fix
\ No newline at end of file
diff --git a/api/.eslintignore b/api/.eslintignore
new file mode 100644
index 0000000..7b22c4a
--- /dev/null
+++ b/api/.eslintignore
@@ -0,0 +1,7 @@
+mongo/
+node_modules/
+dist/
+coverage/
+.eslintrc.js
+databaseConfig/*.js
+openapi-maas.js
diff --git a/api/.eslintrc.js b/api/.eslintrc.js
new file mode 100644
index 0000000..b4ae679
--- /dev/null
+++ b/api/.eslintrc.js
@@ -0,0 +1,103 @@
+module.exports = {
+ extends: '@loopback/eslint-config',
+ env: {
+ node: true,
+ mocha: true,
+ es6: true,
+ },
+ plugins: ['mocha'],
+ parserOptions: {
+ ecmaVersion: 2018,
+ sourceType: 'module', // fix
+ },
+ overrides: [
+ {
+ files: ['**/*.js', '**/*.ts'],
+ rules: {
+ '@typescript-eslint/no-unused-vars': 'off',
+ '@typescript-eslint/no-misused-promises': 'off',
+ '@typescript-eslint/no-explicit-any': 'off',
+ '@typescript-eslint/prefer-optional-chain': 'off',
+ '@typescript-eslint/prefer-nullish-coalescing': 'off',
+ },
+ },
+ ],
+ rules: {
+ 'comma-dangle': ['error', 'always-multiline'],
+ 'no-cond-assign': 'error',
+ 'no-console': 'off',
+ 'no-unused-expressions': 'error',
+ 'no-const-assign': 'error',
+ 'array-bracket-spacing': ['error', 'never'],
+ 'block-spacing': ['error', 'always'],
+ 'brace-style': ['error', '1tbs', {allowSingleLine: true}],
+ camelcase: 'off',
+ 'no-unused-expressions': 'off',
+ '@typescript-eslint/naming-convention': 'off',
+ '@typescript-eslint/no-shadow': 'off',
+ '@typescript-eslint/no-inferrable-types': 'off',
+ 'comma-spacing': ['error', {before: false, after: true}],
+ 'comma-style': ['error', 'last'],
+ 'computed-property-spacing': ['error', 'never'],
+ 'eol-last': ['error', 'unix'],
+ 'func-names': 0,
+ 'func-call-spacing': ['error', 'never'],
+ 'function-paren-newline': 'off',
+ 'key-spacing': ['error', {beforeColon: false, afterColon: true, mode: 'strict'}],
+ 'max-len': [
+ 'error',
+ 110,
+ 8,
+ {
+ ignoreComments: true,
+ ignoreUrls: true,
+ ignorePattern: '^\\s*var\\s.+=\\s*require\\s*\\(',
+ },
+ ],
+ 'mocha/handle-done-callback': 'error',
+ 'mocha/no-exclusive-tests': 'error',
+ 'mocha/no-identical-title': 'error',
+ 'mocha/no-nested-tests': 'error',
+ 'no-array-constructor': 2,
+ 'no-extra-semi': 'error',
+ 'no-multi-spaces': 'error',
+ 'no-multiple-empty-lines': ['error', {max: 1}],
+ 'no-redeclare': ['error'],
+ 'no-trailing-spaces': 2,
+ 'no-undef': 'error',
+ 'no-var': 'error',
+ 'object-curly-spacing': ['error', 'never'],
+ 'one-var': [
+ 'error',
+ {
+ initialized: 'never',
+ uninitialized: 'always',
+ },
+ ],
+ 'operator-linebreak': 'off',
+ 'padded-blocks': ['error', 'never'],
+ 'prefer-const': 'error',
+ 'semi-spacing': ['error', {before: false, after: true}],
+ semi: ['error', 'always'],
+ 'space-before-blocks': ['error', 'always'],
+ 'space-before-function-paren': 'off',
+ 'space-in-parens': ['error', 'never'],
+ 'space-infix-ops': ['error', {int32Hint: false}],
+ 'spaced-comment': [
+ 'error',
+ 'always',
+ {
+ line: {
+ markers: ['/'],
+ exceptions: ['-'],
+ },
+ block: {
+ balanced: true,
+ markers: ['!'],
+ exceptions: ['*'],
+ },
+ },
+ ],
+ strict: ['error', 'global'],
+ },
+};
diff --git a/api/.gitignore b/api/.gitignore
new file mode 100644
index 0000000..33ca215
--- /dev/null
+++ b/api/.gitignore
@@ -0,0 +1,68 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (http://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# Typescript v1 declaration files
+typings/
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+.env.bat
+.env.mcm
+
+# Transpiled JavaScript files from Typescript
+/dist
+
+# Cache used by TypeScript's incremental build
+*.tsbuildinfo
+
+.scannerwork
\ No newline at end of file
diff --git a/api/.gitlab-ci.yml b/api/.gitlab-ci.yml
new file mode 100644
index 0000000..1f3651f
--- /dev/null
+++ b/api/.gitlab-ci.yml
@@ -0,0 +1,79 @@
+include:
+ - local: 'api/.gitlab-ci/preview.yml'
+ rules:
+ - if: $CI_COMMIT_BRANCH !~ /rc-.*/ && $CI_PIPELINE_SOURCE != "trigger" && $CI_PIPELINE_SOURCE != "schedule"
+ - local: 'api/.gitlab-ci/testing.yml'
+ rules:
+ - if: $CI_COMMIT_BRANCH =~ /rc-.*/ && $CI_PIPELINE_SOURCE != "trigger"
+ - local: 'api/.gitlab-ci/helm.yml'
+ rules:
+ - if: $CI_PIPELINE_SOURCE == "trigger"
+
+# Initialisation of specifique api variable
+.api-base:
+ variables:
+ MODULE_NAME: api
+ MODULE_PATH: ${MODULE_NAME}
+ MONGO_SERVICE_NAME: mongo
+ NEXUS_IMAGE_MONGO: ${NEXUS_DOCKER_REPOSITORY_URL}/mongo:5.0.7
+ API_IMAGE_NAME: ${REGISTRY_BASE_NAME}/${MODULE_NAME}:${IMAGE_TAG_NAME}
+ MONGO_IMAGE_NAME: ${REGISTRY_BASE_NAME}/mongo:${IMAGE_TAG_NAME}
+ only:
+ changes:
+ - '*'
+ - 'commons/**/*'
+ - 'api/**/*'
+
+api_build:
+ extends:
+ - .build-job
+ - .api-base
+ script:
+ - |
+ yarn install
+ cache:
+ key: ${MODULE_NAME}-${CI_COMMIT_REF_SLUG}
+ paths:
+ - ${MODULE_PATH}/node_modules/
+ - ${MODULE_PATH}/yarn.lock
+ artifacts:
+ paths:
+ - ${MODULE_PATH}/node_modules/
+ - ${MODULE_PATH}/yarn.lock
+ expire_in: 5 days
+
+.api_documentation_script:
+ script:
+ - |
+ yarn add curl
+ echo "this is api fqdn = https://${API_FQDN}"
+ export OPENAPI_MAAS=https://${API_FQDN}/openapi.json
+ echo "$(curl --insecure $OPENAPI_MAAS)" > openapi.json
+ chmod u+x api/openapi-maas.js
+ node ./api/openapi-maas.js
+
+.api-documentation-job:
+ extends:
+ - .api-base
+ - .except-all
+ - .manual
+ - .only-branches
+ - .no-dependencies
+ stage: utils
+ image: ${NEXUS_DOCKER_REPOSITORY_URL}/node:16.14.2-stretch
+ script:
+ - !reference [.api_documentation_script, script]
+ artifacts:
+ when: always
+ paths:
+ - openapi-maas.json
+ expire_in: 5 days
+
+
+# Static Application Security Testing for known vulnerabilities
+api_sast:
+ extends:
+ - .sast-job
+ - .build-n-sast-job-tags
+ - .api-base
+ needs: ['api_build']
\ No newline at end of file
diff --git a/api/.gitlab-ci/helm.yml b/api/.gitlab-ci/helm.yml
new file mode 100644
index 0000000..dd3fb3a
--- /dev/null
+++ b/api/.gitlab-ci/helm.yml
@@ -0,0 +1,4 @@
+api_image_push:
+ extends:
+ - .helm-push-image-job
+ - .api-base
\ No newline at end of file
diff --git a/api/.gitlab-ci/preview.yml b/api/.gitlab-ci/preview.yml
new file mode 100644
index 0000000..61f8067
--- /dev/null
+++ b/api/.gitlab-ci/preview.yml
@@ -0,0 +1,58 @@
+api_image_build:
+ extends:
+ - .preview-image-job
+ - .api-base
+ needs: ['api_build']
+
+# Unit test of api with the yarn cache
+.api_test_script: &api_test_script |
+ yarn test --reporter mocha-junit-reporter --reporter-options mochaFile=./junit.xml
+ yarn coverage
+
+api_test:
+ image: ${TEST_IMAGE_NAME}
+ extends:
+ - .test-job
+ - .api-base
+ script:
+ - *api_test_script
+ artifacts:
+ when: always
+ paths:
+ - ${MODULE_PATH}/coverage/lcov.info
+ expire_in: 5 days
+ needs: ['api_build']
+
+# Quality of code test in sonarqube with verify-job from common
+api_verify:
+ extends:
+ - .verify-job
+ - .api-base
+ variables:
+ SONAR_SOURCES: .
+ SONAR_EXCLUSIONS: 'sonar.exclusions=**/node_modules/**, dist/**, databaseConfig/**, public/**, coverage/**, **/__tests__/**, **.yml, **.json, **.md, eslintrc.js'
+ SONAR_CPD_EXCLUSIONS: '**/__tests__/**, src/datasources/**, src/models/**, src/repositories/**'
+ needs: ['sonarqube-verify-image-build', 'api_test']
+
+api_preview_deploy:
+ extends:
+ - .preview-deploy-job
+ - .api-base
+ script:
+ - |
+ deploy
+ wait_pod mongo
+ config_volume mongo
+ needs: ['api_image_build']
+ environment:
+ on_stop: api_preview_cleanup
+
+api_preview_documentation:
+ extends:
+ - .preview-env-vars
+ - .api-documentation-job
+
+api_preview_cleanup:
+ extends:
+ - .commons_preview_cleanup
+ - .api-base
diff --git a/api/.gitlab-ci/testing.yml b/api/.gitlab-ci/testing.yml
new file mode 100644
index 0000000..d8722c5
--- /dev/null
+++ b/api/.gitlab-ci/testing.yml
@@ -0,0 +1,17 @@
+api_testing_image_build:
+ extends:
+ - .testing-image-job
+ - .api-base
+ needs: ['api_build']
+
+api_testing_deploy:
+ extends:
+ - .testing-deploy-job
+ - .api-base
+ needs: ['api_testing_image_build']
+
+#UTILS
+api_testing_documentation:
+ extends:
+ - .testing-env-vars
+ - .api-documentation-job
diff --git a/api/.husky/pre-commit b/api/.husky/pre-commit
new file mode 100644
index 0000000..4c2ca6a
--- /dev/null
+++ b/api/.husky/pre-commit
@@ -0,0 +1,46 @@
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
+
+declare API_STAGED_FILES=$(git diff --name-only --cached | grep 'api/')
+declare WEBSITE_STAGED_FILES=$(git diff --name-only --cached | grep 'website/')
+declare ADMINISTRATION_STAGED_FILES=$(git diff --name-only --cached | grep 'administration/')
+cd api && export $(grep -v '^#' .secrets | xargs) && export $(grep '^export CI_PROJECT_ID' .env.mcm | xargs) && cd ..;
+
+if [[ $API_STAGED_FILES ]];
+then
+ echo "API_STAGED_FILES :"
+ echo "$API_STAGED_FILES"
+ echo "Pre commit api"
+ cd api && yarn lint:fix && cd ..;
+ if [ $? -ne 0 ]
+ then
+ echo "API pre-commit hook failed"
+ exit 1
+ fi
+fi
+
+if [[ $WEBSITE_STAGED_FILES ]];
+then
+ echo "WEBSITE_STAGED_FILES :"
+ echo "$WEBSITE_STAGED_FILES"
+ echo "Pre commit website"
+ cd website && yarn lint:fix && cd ..;
+ if [ $? -ne 0 ]
+ then
+ echo "Website pre-commit hook failed"
+ exit 1
+ fi
+fi
+
+if [[ $ADMINISTRATION_STAGED_FILES ]];
+then
+ echo "ADMINISTRATION_STAGED_FILES :"
+ echo "$ADMINISTRATION_STAGED_FILES"
+ echo "Pre commit administration"
+ cd administration && yarn lint:fix && cd ..;
+ if [ $? -ne 0 ]
+ then
+ echo "Administration pre-commit hook failed"
+ exit 1
+ fi
+fi
\ No newline at end of file
diff --git a/api/.mocharc.json b/api/.mocharc.json
new file mode 100644
index 0000000..7b523c3
--- /dev/null
+++ b/api/.mocharc.json
@@ -0,0 +1,5 @@
+{
+ "exit": true,
+ "recursive": true,
+ "require": "source-map-support/register"
+}
diff --git a/api/.prettierignore b/api/.prettierignore
new file mode 100644
index 0000000..46b020a
--- /dev/null
+++ b/api/.prettierignore
@@ -0,0 +1,3 @@
+dist
+*.json
+mongo/databaseConfig/*.js
diff --git a/api/.prettierrc b/api/.prettierrc
new file mode 100644
index 0000000..95a8e60
--- /dev/null
+++ b/api/.prettierrc
@@ -0,0 +1,7 @@
+{
+ "bracketSpacing": false,
+ "singleQuote": true,
+ "printWidth": 90,
+ "trailingComma": "all",
+ "arrowParens": "avoid"
+}
diff --git a/api/.yo-rc.json b/api/.yo-rc.json
new file mode 100644
index 0000000..54319a3
--- /dev/null
+++ b/api/.yo-rc.json
@@ -0,0 +1,6 @@
+{
+ "@loopback/cli": {
+ "packageManager": "npm",
+ "version": "2.21.0"
+ }
+}
diff --git a/api/Chart.yaml b/api/Chart.yaml
new file mode 100644
index 0000000..c3dcb0d
--- /dev/null
+++ b/api/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+appVersion: 1.0.0
+description: A Helm chart for Kubernetes
+name: ${MODULE_PATH}
+type: application
+version: 1.0.0
diff --git a/api/Dockerfile b/api/Dockerfile
new file mode 100644
index 0000000..4c537d1
--- /dev/null
+++ b/api/Dockerfile
@@ -0,0 +1,33 @@
+FROM node:16.14.2-alpine
+
+ENV PHANTOMJS_VERSION=2.1.1
+ENV PHANTOMJS_PATH=/usr/local/bin/phantomjs
+RUN apk update && apk add --no-cache fontconfig ghostscript-fonts curl curl-dev && \
+ cd /tmp && curl -Ls https://github.com/dustinblackman/phantomized/releases/download/${PHANTOMJS_VERSION}/dockerized-phantomjs.tar.gz | tar xz && \
+ cp -R lib lib64 / && \
+ cp -R usr/lib/x86_64-linux-gnu /usr/lib && \
+ cp -R usr/share /usr/share && \
+ cp -R etc/fonts /etc && \
+ curl -k -Ls https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-${PHANTOMJS_VERSION}-linux-x86_64.tar.bz2 | tar -jxf - && \
+ cp phantomjs-2.1.1-linux-x86_64/bin/phantomjs /usr/local/bin/phantomjs
+
+# Set to a non-root built-in user `node`
+USER node
+
+# Create app directory (with user `node`)
+RUN mkdir -p /home/node/app
+
+WORKDIR /home/node/app
+
+# Install app dependencies
+COPY --chown=node package.json ./
+
+RUN yarn install
+
+COPY --chown=node . .
+
+RUN rm .npmrc | true
+RUN yarn run build
+
+EXPOSE 3000
+CMD [ "yarn", "start:watch" ]
diff --git a/api/README.md b/api/README.md
new file mode 100644
index 0000000..94ad5d7
--- /dev/null
+++ b/api/README.md
@@ -0,0 +1,136 @@
+# Description
+
+Le service api se base sur le framework **[Loopback 4](https://loopback.io/doc/en/lb4/)**
+
+Ce service contient la logique métier backend. Il est essentiel au reste de l'applicatif et permet de relier tous les services entre eux.
+Il s'appuie sur une base de données orientée documents **[MongoDB](https://www.mongodb.com/docs/v5.0/)**.
+
+# Installation en local
+
+## MongoDB
+
+```sh
+docker run -d --name mcm-mongo -p 27017:27017 -e MONGO_INITDB_ROOT_USERNAME=${MONGO_ROOT_USER} -e MONGO_INITDB_ROOT_PASSWORD=${MONGO_ROOT_PASSWORD} mongo
+```
+
+## LB4
+
+Si vous voulez avoir plus de contrôle sur les variables de l'api, créez un fichier d'environnement à la racine (ex: .env) avec les variables mentionnées ci-dessous. Il faudra alors l'exécuter avant de lancer l'api.
+
+```sh
+yarn install && yarn start:watch
+```
+
+ou
+
+`yarn install && yarn start`
+
+## Variables
+
+| Variables | Description | Obligatoire |
+| ------------------------------ | ---------------------------------------------------------------------------- | ----------- |
+| API_KEY | Api Key en header des requêtes pour l'api | Non |
+| AFFILIATION_JWS_KEY | Clé jws utilisée pour signer le token d'affiliation citoyen à une entreprise | Non |
+| WEBSITE_FQDN | Url du website | Non |
+| LANDSCAPE | Nom de l'environnement (preview, testing ..) | Non |
+| BASE_DOMAIN | Base domaine url | Non |
+| IDP_FQDN | Url de l'idp | Non |
+| API_FQDN | Url de l'api | Non |
+| CLIENT_SECRET_KEY_KEYCLOAK_API | Secret key du client API | Non |
+| PORT | Port de l'api | Non |
+| HOST | Host de l'api | Non |
+| CLAMAV_HOST | Host de l'antivirus | Non |
+| CLAMAV_PORT | Port de l'antivirus | Non |
+| MAILHOG_HOST | Host de mailhog | Non |
+| MAILHOG_EMAIL_FROM | Email from 'mon compte mobilite' | Non |
+| SENDGRID_HOST | Host sendgrid | Non |
+| SENDGRID_USER | User sendgrid | Non |
+| SENDGRID_API_KEY | Api key sendgrid | Non |
+| SENDGRID_EMAIL_FROM | Email from 'mon compte mobilite' | Non |
+| BUS_HOST | Host Rabbitmq | Non |
+| BUS_MCM_CONSUME_USER | Username pour la réception des messages | Non |
+| BUS_MCM_CONSUME_PASSWORD | Password pour la réception des messages | Non |
+| BUS_MCM_HEADERS | Header d'échange de publication | Non |
+| BUS_MCM_MESSAGE_TYPE | Message type d'échange de la publication | Non |
+| BUS_CONSUMER_QUEUE | Nom de la queue pour le consumer | Non |
+| S3_SERVICE_USER | User compte de service | Non |
+| S3_SERVICE_PASSWORD | Password compte de service | Non |
+| S3_HOST | Host minio | Non |
+| S3_PORT | Port minio | Non |
+| IDP_DB_HOST | Host bdd pgsql | Non |
+| IDP_DB_PORT | Port bdd pgsql | Non |
+| IDP_DB_SERVICE_USER | Username de service pgsql (readaccess) | Non |
+| IDP_DB_SERVICE_PASSWORD | Password de service pgsql (readaccess) | Non |
+| IDP_DB_DATABASE | Nom bdd pgsql | Non |
+| PGSQL_FLEX_SSL_CERT | Certificat de connexion à la bdd pgsql en base 64 | Non |
+| MONGO_SERVICE_USER | User service bdd mongo | Non |
+| MONGO_SERVICE_PASSWORD | Password service bdd mongo | Non |
+| MONGO_HOST | Host mongo | Non |
+| MONGO_DATABASE | Nom de la bdd mongo | Non |
+| MONGO_PORT | Port mongo | Non |
+| MONGO_AUTH_SOURCE | Nom de la source d'authentification bdd mongo | Non |
+| SENDGRID_EMAIL_CONTACT | Email contact | Non |
+| LOG_LEVEL | Niveau de logs pour l'api | Non |
+
+## URL / Port
+
+- URL : localhost
+- Port : 3000
+
+# Précisions pipelines
+
+L'image de l'api est basée sur celle de nginx.
+
+La variable PACKAGE_VERSION (voir commons) permet de repérer la dernière version publiée.
+
+## Preview
+
+Deux scripts sont lancés au déploiement de la bdd mongo permettant de créer les collections et les index nécessaires et de créer l'utilisateur de service ayant seulement l'accès en lecture et écriture sur la bdd. (mongo/databaseConfig/createServiceUser.js & setup.js)
+
+## Testing
+
+Sur cet environnement, la bdd mongo est hébergée sur Azure. Le paramétrage de la bdd et des collections sont donc à faire en amont.
+
+# Relation avec les autres services
+
+Comme présenté dans le schéma global de l'architecture ci-dessous
+
+
+
+L'api est reliée à tous les services que nous avons mis en place.
+
+A son démarrage :
+
+- Elle peut exécuter des scripts de migrations de la bdd mongo.
+- Elle lance un child process étant responsable de l'écoute et de la consommation des événements amqp sur la queue de dépôt
+- Elle se connecte aux bdd configurées (mongo & pgsql)
+
+Comme mentionné, notre api a accès à la bdd pgsql de l'[idp](idp) en lecture seule permettant de requêter des informations plus rapidement & facilement que par appel API de l'IDP.
+
+L'api est reliée à :
+
+- _idp_ pour renforcer la sécurité et vérifier l'accès aux endpoints.
+- _administration_ pour permettre la contribution de certains contenus.
+- website pour la récupération des données permettant le bon fonctionnement de moB.
+- _s3_ pour le download/upload des justificatifs
+- simulation-maas pour la simulation de l'envoie des metadonnées. En effet, nos développements sont orientés open API et nos partenaires peuvent donc s'orienter sur une approche Full API de moB.
+- _antivirus_ pour scanner les justificatifs qui nous sont envoyés.
+- _bus_ pour l'échange de messages entre les SIRH et nous.
+
+* Requêtes HTTP avec l'administration
+* Requêtes HTTP avec l'idp
+* Requêtes HTTP avec website
+* Requêtes HTTP avec s3
+* Requêtes HTTP avec simulation-maas
+* Requêtes TCP avec antivirus
+* Requêtes AMQP avec le bus
+
+# Tests Unitaires
+
+Les TU sont fait avec le framework de test Mocha.
+
+Pour lancer les tests unitaires
+
+```sh
+yarn test
+```
diff --git a/api/api-docker-compose.yml b/api/api-docker-compose.yml
new file mode 100644
index 0000000..21a3df8
--- /dev/null
+++ b/api/api-docker-compose.yml
@@ -0,0 +1,31 @@
+version: '3.4'
+
+services:
+ api:
+ build:
+ context: .
+ network: host
+ container_name: api
+ environment:
+ IDP_URL: ${IDP_URL}
+ S3_URL: ${S3_URL}
+ IDP_DB_HOST: ${IDP_DB_HOST}
+ MONGO_HOST: ${MONGO_HOST}
+ BUS_HOST: ${BUS_HOST}
+ CLIENT_SECRET_KEY_KEYCLOAK_API: ${CLIENT_SECRET_KEY_KEYCLOAK_API}
+ ANTIVIRUS: ${ANTIVIRUS}
+ API_KEY: ${API_KEY}
+ PORT: ${PORT}
+ network_mode: host
+ volumes:
+ - ./src:/home/node/app/src
+ - node_modules:/home/node/app/node_modules
+ ports:
+ - 3000:3000
+
+volumes:
+ node_modules:
+
+networks:
+ dev_web-nw:
+ external: true
diff --git a/api/api-dockerfile.yml b/api/api-dockerfile.yml
new file mode 100644
index 0000000..53181ce
--- /dev/null
+++ b/api/api-dockerfile.yml
@@ -0,0 +1,57 @@
+ARG NODE_IMAGE_NAME
+FROM ${NODE_IMAGE_NAME}
+
+RUN apk add curl
+
+ENV PHANTOMJS_VERSION=2.1.1
+ENV PHANTOMJS_PATH=/usr/local/bin/phantomjs
+RUN apk update && apk add --no-cache fontconfig ghostscript-fonts curl curl-dev && \
+ cd /tmp && curl -Ls https://github.com/dustinblackman/phantomized/releases/download/${PHANTOMJS_VERSION}/dockerized-phantomjs.tar.gz | tar xz && \
+ cp -R lib lib64 / && \
+ cp -R usr/lib/x86_64-linux-gnu /usr/lib && \
+ cp -R usr/share /usr/share && \
+ cp -R etc/fonts /etc && \
+ curl -k -Ls https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-${PHANTOMJS_VERSION}-linux-x86_64.tar.bz2 | tar -jxf - && \
+ cp phantomjs-2.1.1-linux-x86_64/bin/phantomjs /usr/local/bin/phantomjs
+
+# Set to a non-root built-in user `node`
+USER node
+
+# Create app directory (with user `node`)
+RUN mkdir -p /home/node/app
+
+WORKDIR /home/node/app
+
+# Install and build are supposed to be yet done
+ARG CI_PROJECT_ID
+ENV CI_PROJECT_ID=${CI_PROJECT_ID}
+ARG GITLAB_REGISTRY_NPM_TOKEN
+ENV GITLAB_REGISTRY_NPM_TOKEN=${GITLAB_REGISTRY_NPM_TOKEN}
+ARG NEXUS_NPM_PROXY_TOKEN
+ENV NEXUS_NPM_PROXY_TOKEN=${NEXUS_NPM_PROXY_TOKEN}
+ARG PACKAGE_VERSION
+ENV PACKAGE_VERSION=${PACKAGE_VERSION}
+
+# Install app dependencies
+# A wildcard is used to ensure both package.json AND package-lock.json are copied
+# where available (npm@5+)
+COPY --chown=node package.json ./
+COPY --chown=node yarn.lock ./
+COPY --chown=node .npmrc ./
+
+RUN yarn install
+#COPY --chown=node node_modules ./node_modules
+
+# Bundle app source code
+#COPY --chown=node src/ src
+#COPY --chown=node tsconfig.json ./
+COPY --chown=node . .
+
+RUN npm version ${PACKAGE_VERSION}
+RUN yarn run build
+
+# Bind to all network interfaces so that it can be mapped to the host OS
+ENV HOST=0.0.0.0 PORT=3000
+
+EXPOSE ${PORT}
+CMD [ "node", "." ]
diff --git a/api/api-testing-values.yaml b/api/api-testing-values.yaml
new file mode 100644
index 0000000..2305fe6
--- /dev/null
+++ b/api/api-testing-values.yaml
@@ -0,0 +1,174 @@
+services:
+ - metadata:
+ annotations:
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ kompose.image-pull-secret: ${GITLAB_IMAGE_PULL_SECRET_NAME}
+ kompose.service.type: clusterip
+ kubernetes.io/ingress.class: traefik
+ labels:
+ io.kompose.service: api
+ name: api
+ spec:
+ ports:
+ - name: '3000'
+ port: 3000
+ targetPort: 3000
+ selector:
+ io.kompose.service: api
+ type: ClusterIP
+ status:
+ loadBalancer: {}
+
+networkPolicies:
+ - metadata:
+ annotations:
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ kubernetes.io/ingress.class: traefik
+ name: web-nw
+ spec:
+ ingress:
+ - from:
+ - namespaceSelector:
+ matchLabels:
+ com.capgemini.mcm.ingress: 'true'
+ podSelector:
+ matchLabels:
+ io.kompose.network/web-nw: 'true'
+
+deployments:
+ - metadata:
+ annotations:
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ kompose.image-pull-secret: ${GITLAB_IMAGE_PULL_SECRET_NAME}
+ kompose.service.type: clusterip
+ kubernetes.io/ingress.class: traefik
+ labels:
+ io.kompose.service: api
+ name: api
+ spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ io.kompose.service: api
+ strategy: {}
+ template:
+ metadata:
+ annotations:
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ kompose.image-pull-secret: ${GITLAB_IMAGE_PULL_SECRET_NAME}
+ kompose.service.type: clusterip
+ kubernetes.io/ingress.class: traefik
+ labels:
+ io.kompose.network/storage-nw: 'true'
+ io.kompose.network/web-nw: 'true'
+ io.kompose.service: api
+ spec:
+ containers:
+ env:
+ AFFILIATION_JWS_KEY: ${TESTING_AFFILIATION_JWS_KEY}
+ API_FQDN: ${API_FQDN}
+ API_KEY: ${TESTING_API_KEY}
+ BUS_HOST: bus.bus-${LANDSCAPE}.svc.cluster.local
+ BUS_MCM_HEADERS: ${BUS_MCM_HEADERS}
+ BUS_MCM_MESSAGE_TYPE: ${BUS_MCM_MESSAGE_TYPE}
+ BUS_CONSUMER_QUEUE: mob.subscriptions.status
+ BUS_MCM_CONSUME_PASSWORD: ${TESTING_BUS_MCM_CONSUME_PASSWORD}
+ BUS_MCM_CONSUME_USER: ${TESTING_BUS_MCM_CONSUME_USER}
+ CLIENT_SECRET_KEY_KEYCLOAK_API: ${TESTING_IDP_API_CLIENT_SECRET}
+ CLAMAV_HOST: clamav.antivirus-${LANDSCAPE}.svc.cluster.local
+ CLAMAV_PORT: '3310'
+ IDP_FQDN: ${IDP_FQDN}
+ IDP_DB_HOST: ${TESTING_PGSQL_FLEX_ADDRESS}
+ IDP_DB_PORT: 5432
+ IDP_DB_AUTH_SOURCE: ${TESTING_PGSQL_NAME}
+ IDP_DB_DATABASE: ${TESTING_PGSQL_NAME}
+ IDP_DB_SERVICE_USER: ${TESTING_PGSQL_SERVICE_USER}
+ IDP_DB_SERVICE_PASSWORD: ${TESTING_PGSQL_SERVICE_PASSWORD}
+ LANDSCAPE: ${LANDSCAPE}
+ MONGO_AUTH_SOURCE: ${TESTING_MONGO_DB_NAME}
+ MONGO_HOST: ${TESTING_MONGO_HOST}
+ MONGO_PORT: 27017
+ MONGO_SERVICE_USER: ${TESTING_MONGO_SERVICE_USER}
+ MONGO_SERVICE_PASSWORD: ${TESTING_MONGO_SERVICE_PASSWORD}
+ MONGO_DATABASE: ${TESTING_MONGO_DB_NAME}
+ S3_HOST: s3.s3-${LANDSCAPE}.svc.cluster.local
+ S3_PORT: '9000'
+ S3_SERVICE_PASSWORD: ${TESTING_S3_SERVICE_PASSWORD}
+ S3_SERVICE_USER: ${TESTING_S3_SERVICE_USER}
+ MAILHOG_EMAIL_FROM: ${MAILHOG_EMAIL_FROM}
+ MAILHOG_HOST: mailhog.mailhog-${LANDSCAPE}.svc.cluster.local
+ WEBSITE_FQDN: ${WEBSITE_FQDN}
+ PGSQL_FLEX_SSL_CERT: ${PGSQL_FLEX_SSL_CERT}
+ image: ${API_IMAGE_NAME}
+ name: api
+ ports:
+ - containerPort: 3000
+ resources: {}
+ imagePullSecrets:
+ - name: ${GITLAB_IMAGE_PULL_SECRET_NAME}
+ restartPolicy: Always
+ status: {}
+
+middlewares:
+ - metadata:
+ annotations:
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ kubernetes.io/ingress.class: traefik
+ name: api-headers-middleware
+ spec:
+ headers:
+ customRequestHeaders:
+ X-Forwarded-Port: '443'
+ X-Forwarded-Proto: https
+
+ - metadata:
+ annotations:
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ kubernetes.io/ingress.class: traefik
+ name: api-inflightreq-middleware
+ spec:
+ inFlightReq:
+ amount: 100
+
+ # - metadata:
+ # annotations:
+ # app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ # app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ # kubernetes.io/ingress.class: traefik
+ # name: api-ratelimit-middleware
+ # spec:
+ # rateLimit:
+ # average: 30
+ # burst: 50
+ # period: 1s
+ # sourceCriterion:
+ # ipStrategy:
+ # depth: 2
+
+ingressRoutes:
+ - metadata:
+ annotations:
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ kubernetes.io/ingress.class: traefik
+ name: api
+ spec:
+ entryPoints:
+ - web
+ routes:
+ - kind: Rule
+ match: Host(`${API_FQDN}`)
+ middlewares:
+ - name: api-headers-middleware
+ # - name: api-ratelimit-middleware
+ - name: api-inflightreq-middleware
+ services:
+ - kind: Service
+ name: api
+ port: 3000
diff --git a/api/explorer/index.html.ejs b/api/explorer/index.html.ejs
new file mode 100644
index 0000000..0d27e9b
--- /dev/null
+++ b/api/explorer/index.html.ejs
@@ -0,0 +1,63 @@
+
+
+
+
+
+
+ <%- indexTemplateTitle %>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/api/kompose.yml b/api/kompose.yml
new file mode 100644
index 0000000..37777c8
--- /dev/null
+++ b/api/kompose.yml
@@ -0,0 +1,90 @@
+version: '3'
+
+services:
+ mongo:
+ image: ${MONGO_IMAGE_NAME}
+ build:
+ context: .
+ dockerfile: ./mongo-dockerfile.yml
+ args:
+ BASE_IMAGE_MONGO: ${NEXUS_IMAGE_MONGO}
+ environment:
+ - MONGO_INITDB_ROOT_USERNAME=${MONGO_ROOT_USER}
+ - MONGO_INITDB_ROOT_PASSWORD=${MONGO_ROOT_PASSWORD}
+ - MONGO_INITDB_DATABASE=${MONGO_DB_NAME}
+ - MONGO_INITDB_NON_ROOT_USERNAME=${MONGO_SERVICE_USER}
+ - MONGO_INITDB_NON_ROOT_PASSWORD=${MONGO_SERVICE_PASSWORD}
+ volumes:
+ - mongo-data:/data/db
+ networks:
+ - storage-nw
+ ports:
+ - '27017'
+ labels:
+ - 'kompose.image-pull-secret=${GITLAB_IMAGE_PULL_SECRET_NAME}'
+ - 'kompose.service.type=clusterip'
+ - 'traefik.enable=false'
+
+ api:
+ depends_on:
+ - mongo
+ image: ${API_IMAGE_NAME}
+ build:
+ context: .
+ dockerfile: ./api-dockerfile.yml
+ args:
+ NODE_IMAGE_NAME: ${BUILD_IMAGE_NAME}
+ CI_PROJECT_ID: ${CI_PROJECT_ID}
+ MCM_GITLAB_DEPLOY_NPM_TOKEN: ${GITLAB_REGISTRY_NPM_TOKEN}
+ NEXUS_NPM_PROXY_TOKEN: ${NEXUS_NPM_PROXY_TOKEN}
+ PACKAGE_VERSION: ${PACKAGE_VERSION}
+ environment:
+ - MONGO_AUTH_SOURCE=${MONGO_DB_NAME}
+ - MONGO_HOST=mongo
+ - MONGO_PORT=27017
+ - MONGO_SERVICE_USER
+ - MONGO_SERVICE_PASSWORD
+ - MONGO_DATABASE=${MONGO_DB_NAME}
+ - IDP_DB_HOST=postgres-keycloak.idp-${CI_COMMIT_REF_SLUG}-${LANDSCAPE}.svc.cluster.local
+ - IDP_DB_PORT=5432
+ - IDP_DB_AUTH_SOURCE=idp_db
+ - IDP_DB_SERVICE_USER=${PGSQL_SERVICE_USER}
+ - IDP_DB_SERVICE_PASSWORD=${PGSQL_SERVICE_PASSWORD}
+ - IDP_DB_DATABASE=idp_db
+ - CLIENT_SECRET_KEY_KEYCLOAK_API=${IDP_API_CLIENT_SECRET}
+ - IDP_FQDN
+ - API_FQDN
+ - S3_SERVICE_USER
+ - S3_SERVICE_PASSWORD
+ - S3_HOST=s3.s3-master-preview.svc.cluster.local
+ - S3_PORT=9000
+ - AFFILIATION_JWS_KEY
+ - WEBSITE_FQDN
+ - CLAMAV_HOST=clamav.antivirus-master-preview.svc.cluster.local
+ - CLAMAV_PORT=3310
+ - LANDSCAPE
+ - BASE_DOMAIN
+ - MAILHOG_EMAIL_FROM
+ - MAILHOG_HOST=mailhog.mailhog-${CI_COMMIT_REF_SLUG}-${LANDSCAPE}.svc.cluster.local
+ - BUS_HOST=bus.bus-${CI_COMMIT_REF_SLUG}-${LANDSCAPE}.svc.cluster.local
+ - BUS_CONSUMER_QUEUE
+ - BUS_MCM_CONSUME_USER
+ - BUS_MCM_CONSUME_PASSWORD
+ - BUS_MCM_HEADERS
+ - BUS_MCM_MESSAGE_TYPE
+ - API_KEY
+ networks:
+ - web-nw
+ - storage-nw
+ ports:
+ - '3000'
+ labels:
+ - 'kompose.image-pull-secret=${GITLAB_IMAGE_PULL_SECRET_NAME}'
+ - 'kompose.service.type=clusterip'
+
+volumes:
+ mongo-data:
+
+networks:
+ web-nw:
+ storage-nw:
diff --git a/api/mongo-dockerfile.yml b/api/mongo-dockerfile.yml
new file mode 100644
index 0000000..56d798f
--- /dev/null
+++ b/api/mongo-dockerfile.yml
@@ -0,0 +1,5 @@
+# Check out https://hub.docker.com/_/mongo to select a new base image
+ARG BASE_IMAGE_MONGO
+FROM ${BASE_IMAGE_MONGO}
+
+COPY ./mongo/databaseConfig/*.js /docker-entrypoint-initdb.d/
diff --git a/api/mongo/databaseConfig/createServiceUser.js b/api/mongo/databaseConfig/createServiceUser.js
new file mode 100644
index 0000000..0b1b1d2
--- /dev/null
+++ b/api/mongo/databaseConfig/createServiceUser.js
@@ -0,0 +1,12 @@
+/* eslint-disable */
+const username = _getEnv('MONGO_INITDB_NON_ROOT_USERNAME');
+const password = _getEnv('MONGO_INITDB_NON_ROOT_PASSWORD');
+const dbname = _getEnv('MONGO_INITDB_DATABASE');
+
+db.createUser(
+ {
+ user: username,
+ pwd: password,
+ roles: [{ role: "readWrite", db: dbname }]
+ }
+);
\ No newline at end of file
diff --git a/api/mongo/databaseConfig/setup.js b/api/mongo/databaseConfig/setup.js
new file mode 100644
index 0000000..9decf09
--- /dev/null
+++ b/api/mongo/databaseConfig/setup.js
@@ -0,0 +1,27 @@
+/* eslint-disable */
+const res = [
+ db.createCollection('Incentive'),
+ db.Incentive.createIndex(
+ {
+ '$**': 'text',
+ },
+ {
+ unique: false,
+ name: 'fullText',
+ default_language: 'french',
+ },
+ ),
+ db.Incentive.createIndex({funderId: 1}),
+ db.createCollection('Subscription'),
+ db.Subscription.createIndex({lastName: 1}),
+ db.Subscription.createIndex({funderId: 1}),
+ db.Subscription.createIndex({incentiveId: 1}),
+ db.Subscription.createIndex({incentiveType: 1}),
+ db.Subscription.createIndex({status: 1}),
+ db.createCollection('Citizen'),
+ db.Citizen.createIndex({'identity.lastName.value': 1}),
+ db.createCollection('CronJob'),
+ db.CronJob.createIndex({ "type": 1 }, { unique: true }),
+ db.Territory.createIndex({ "name": 1 }, { unique: true })
+];
+printjson(res);
diff --git a/api/openapi-maas.js b/api/openapi-maas.js
new file mode 100644
index 0000000..9217305
--- /dev/null
+++ b/api/openapi-maas.js
@@ -0,0 +1,91 @@
+const fs = require('fs');
+
+const OPENAPI_FILEPATH = `./openapi.json`;
+const OPENAPI_MAAS_FILENAME = `openapi-maas.json`;
+const TAG_MAAS = 'MaaS';
+
+function findAllByKey(obj, keyToFind) {
+ return Object.entries(obj).reduce(
+ (acc, [key, value]) =>
+ key === keyToFind
+ ? acc.concat(value)
+ : typeof value === 'object'
+ ? acc.concat(findAllByKey(value, keyToFind))
+ : acc,
+ [],
+ );
+}
+
+fs.readFile(OPENAPI_FILEPATH, 'utf8', (err, data) => {
+ if (err) {
+ console.error(err);
+ return;
+ }
+
+ const parsedData = JSON.parse(data);
+ const maasPaths = Object.fromEntries(
+ Object.entries(parsedData.paths)
+ .map(([key, value]) => [
+ key,
+ Object.fromEntries(
+ Object.entries(value)
+ .map(([key, value]) => [key, value])
+ .filter(([key, value]) => {
+ return value.tags.includes(TAG_MAAS);
+ })
+ .map(([key, value]) => {
+ value.tags = [TAG_MAAS];
+ return [key, value];
+ }),
+ ),
+ ])
+ .filter(([key, value]) => Object.keys(value).length !== 0),
+ );
+
+ let finished = false;
+ let schemasList = findAllByKey(maasPaths, '$ref');
+ let schemaNames = [...new Set(schemasList)].map(
+ value => value.split('#/components/schemas/')[1],
+ );
+ let schemasCount = schemaNames.length;
+ let maasSchemas = {};
+
+ while (!finished) {
+ maasSchemas = Object.fromEntries(
+ Object.entries(parsedData.components.schemas).filter(([key]) =>
+ schemaNames.includes(key),
+ ),
+ );
+
+ let nestedSchemas = findAllByKey(maasSchemas, '$ref');
+ nestedSchemas = [...new Set(nestedSchemas)].map(
+ value => value.split('#/components/schemas/')[1],
+ );
+
+ schemaNames.push(...nestedSchemas);
+ schemaNames = [...new Set(schemaNames)];
+ if (schemaNames.length === schemasCount) {
+ finished = true;
+ } else {
+ schemasCount = schemaNames.length;
+ }
+ }
+
+ const openapiMaas = {
+ openapi: parsedData.openapi,
+ info: parsedData.info,
+ paths: maasPaths,
+ servers: parsedData.servers,
+ components: {
+ securitySchemes: parsedData.components.securitySchemes,
+ schemas: maasSchemas,
+ },
+ };
+
+ fs.writeFile(OPENAPI_MAAS_FILENAME, JSON.stringify(openapiMaas), err => {
+ if (err) console.log(err);
+ else {
+ console.log('File written successfully\n');
+ }
+ });
+});
diff --git a/api/overlays/api-certificate.yml b/api/overlays/api-certificate.yml
new file mode 100644
index 0000000..933f69f
--- /dev/null
+++ b/api/overlays/api-certificate.yml
@@ -0,0 +1,12 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: api-cert
+spec:
+ dnsNames:
+ - '*.${landscape_subdomain}'
+ issuerRef:
+ group: cert-manager.io
+ kind: ClusterIssuer
+ name: ${CLUSTER_ISSUER}
+ secretName: ${SECRET_NAME}
diff --git a/api/overlays/api-headers-middleware.yml b/api/overlays/api-headers-middleware.yml
new file mode 100644
index 0000000..c7d05ce
--- /dev/null
+++ b/api/overlays/api-headers-middleware.yml
@@ -0,0 +1,9 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: api-headers-middleware
+spec:
+ headers:
+ customRequestHeaders:
+ X-Forwarded-Proto: 'https'
+ X-Forwarded-Port: '443'
diff --git a/api/overlays/api-inflightreq-middleware.yml b/api/overlays/api-inflightreq-middleware.yml
new file mode 100644
index 0000000..5854881
--- /dev/null
+++ b/api/overlays/api-inflightreq-middleware.yml
@@ -0,0 +1,7 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: api-inflightreq-middleware
+spec:
+ inFlightReq:
+ amount: 100
diff --git a/api/overlays/api-ingressroute.yml b/api/overlays/api-ingressroute.yml
new file mode 100644
index 0000000..b6c90ba
--- /dev/null
+++ b/api/overlays/api-ingressroute.yml
@@ -0,0 +1,26 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+ name: api
+spec:
+ entryPoints:
+ - web
+ # - websecure
+ routes:
+ - match: Host(`${API_FQDN}`)
+ middlewares:
+ - name: api-headers-middleware
+ # - name: api-ratelimit-middleware
+ - name: api-inflightreq-middleware
+ kind: Rule
+ services:
+ - kind: Service
+ name: api
+ port: 3000
+ # tls:
+ # secretName: ${SECRET_NAME} # api-tls # cert-dev
+ # domains:
+ # - main: ${BASE_DOMAIN}
+ # sans:
+ # - '*.preview.${BASE_DOMAIN}'
+ # - '*.testing.${BASE_DOMAIN}'
diff --git a/api/overlays/api-ipwhitelist-middleware.yml b/api/overlays/api-ipwhitelist-middleware.yml
new file mode 100644
index 0000000..abeda1a
--- /dev/null
+++ b/api/overlays/api-ipwhitelist-middleware.yml
@@ -0,0 +1,10 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: test-ipwhitelist
+spec:
+ ipWhiteList:
+ sourceRange:
+ - 127.0.0.1/32
+ # TO DO limite accès to FRONT ip
+ # and limite accès to
diff --git a/api/overlays/api-ratelimit-middleware.yml b/api/overlays/api-ratelimit-middleware.yml
new file mode 100644
index 0000000..e9ce427
--- /dev/null
+++ b/api/overlays/api-ratelimit-middleware.yml
@@ -0,0 +1,12 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: api-ratelimit-middleware
+spec:
+ rateLimit:
+ period: 1s
+ average: 30
+ burst: 50
+ sourceCriterion:
+ ipStrategy:
+ depth: 2
diff --git a/api/overlays/kustomization.yaml b/api/overlays/kustomization.yaml
new file mode 100644
index 0000000..8c07eee
--- /dev/null
+++ b/api/overlays/kustomization.yaml
@@ -0,0 +1,14 @@
+commonAnnotations:
+ app.gitlab.com/env: ${CI_ENVIRONMENT_SLUG}
+ app.gitlab.com/app: ${CI_PROJECT_PATH_SLUG}
+ kubernetes.io/ingress.class: traefik
+
+resources:
+ - api-ingressroute.yml
+ # - api-certificate.yml
+ - api-headers-middleware.yml
+ # - api-ratelimit-middleware.yml
+ - api-inflightreq-middleware.yml
+
+patchesStrategicMerge:
+ - web_nw_networkpolicy_namespaceselector.yml
diff --git a/api/overlays/web_nw_networkpolicy_namespaceselector.yml b/api/overlays/web_nw_networkpolicy_namespaceselector.yml
new file mode 100644
index 0000000..53e6193
--- /dev/null
+++ b/api/overlays/web_nw_networkpolicy_namespaceselector.yml
@@ -0,0 +1,10 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: web-nw
+spec:
+ ingress:
+ - from:
+ - namespaceSelector:
+ matchLabels:
+ com.capgemini.mcm.ingress: "true"
diff --git a/api/package.json b/api/package.json
new file mode 100644
index 0000000..9cca1d8
--- /dev/null
+++ b/api/package.json
@@ -0,0 +1,115 @@
+{
+ "name": "@mcm/mcm-api",
+ "version": "1.10.1",
+ "description": "",
+ "keywords": [
+ "loopback-application",
+ "loopback"
+ ],
+ "main": "dist/index.js",
+ "types": "dist/index.d.ts",
+ "engines": {
+ "node": ">=10.16"
+ },
+ "scripts": {
+ "build": "lb-tsc",
+ "postbuild": "npm run copy-ejs-files",
+ "build:watch": "lb-tsc --watch",
+ "lint": "npm run eslint && npm run prettier:check",
+ "lint:fix": "npm run eslint:fix && npm run prettier:fix",
+ "prettier:cli": "lb-prettier \"**/*.ts\" \"**/*.js\"",
+ "prettier:check": "npm run prettier:cli -- -l",
+ "prettier:fix": "npm run prettier:cli -- --write",
+ "eslint": "lb-eslint --report-unused-disable-directives .",
+ "eslint:fix": "npm run eslint -- --fix",
+ "pretest": "npm run rebuild",
+ "test": "nyc lb-mocha --allow-console-logs \"dist/__tests__\"",
+ "posttest": "npm run lint",
+ "test:dev": "lb-mocha --allow-console-logs dist/__tests__/**/*.js && npm run posttest",
+ "docker:build": "docker build -t api .",
+ "docker:run": "docker run -p 3000:3000 -d api",
+ "premigrate": "npm run build",
+ "migrate": "node ./dist/migrate",
+ "preopenapi-spec": "npm run build",
+ "openapi-spec": "node ./dist/openapi-spec",
+ "prestart": "npm run rebuild",
+ "start": "node -r source-map-support/register .",
+ "clean": "lb-clean dist *.tsbuildinfo .eslintcache",
+ "start:watch": "tsc-watch --target es2017 --outDir ./dist --onSuccess \"node .\"",
+ "rebuild": "npm run clean && npm run build",
+ "verify": "sonarqube-verify",
+ "coverage": "nyc report --reporter=lcovonly",
+ "copy-ejs-files": "copyfiles -u 1 src/**/**.ejs dist/",
+ "prepare": "cd .. && husky install api/.husky"
+ },
+ "repository": {
+ "type": "git",
+ "url": ""
+ },
+ "author": "Mon Compte Mobilité",
+ "license": "",
+ "files": [
+ "README.md",
+ "dist",
+ "src",
+ "!*/__tests__"
+ ],
+ "dependencies": {
+ "@aws-sdk/client-s3": "3.24.0",
+ "@loopback/authentication": "9.0.4",
+ "@loopback/authorization": "0.12.4",
+ "@loopback/boot": "5.0.4",
+ "@loopback/build": "9.0.4",
+ "@loopback/core": "4.0.4",
+ "@loopback/cron": "0.9.4",
+ "@loopback/repository": "5.0.4",
+ "@loopback/rest": "12.0.4",
+ "@loopback/rest-explorer": "5.0.4",
+ "@loopback/service-proxy": "5.0.4",
+ "@types/amqplib": "0.8.2",
+ "@types/clamscan": "2.0.2",
+ "@types/ejs": "3.1.1",
+ "@types/express": "4.17.13",
+ "@types/jsonwebtoken": "8.5.8",
+ "@types/mocha": "10.0.0",
+ "@types/multer": "1.4.7",
+ "@types/node": "16.11.36",
+ "@types/nodemailer": "6.4.4",
+ "amqplib": "0.8.0",
+ "clamscan": "2.1.2",
+ "copyfiles": "2.4.1",
+ "date-fns": "2.28.0",
+ "ejs": "3.1.8",
+ "exceljs": "4.3.0",
+ "html-pdf": "3.0.1",
+ "jsonschema": "1.4.1",
+ "jsonwebtoken": "8.5.1",
+ "jwk-to-pem": "2.0.5",
+ "keycloak-admin": "1.14.22",
+ "loopback-connector-mongodb": "6.2.0",
+ "loopback-connector-postgresql": "5.5.1",
+ "loopback4-migration": "1.3.0",
+ "multer": "1.4.5-lts.1",
+ "nodemailer": "6.7.5",
+ "strong-error-handler": "4.0.0",
+ "tsc-watch": "4.6.2",
+ "tslib": "2.4.0",
+ "winston": "3.7.2"
+ },
+ "devDependencies": {
+ "@loopback/eslint-config": "13.0.4",
+ "@loopback/testlab": "5.0.4",
+ "@types/html-pdf": "3.0.0",
+ "@types/jwk-to-pem": "2.0.1",
+ "date-fns-tz": "1.3.4",
+ "eslint": "8.25.0",
+ "husky": "7.0.4",
+ "mocha": "10.1.0",
+ "mocha-junit-reporter": "2.0.2",
+ "nyc": "15.1.0",
+ "regenerator-runtime": "0.13.9",
+ "sonarqube-verify": "1.0.2",
+ "source-map-support": "0.5.21",
+ "typescript": "4.8.4"
+ }
+}
diff --git a/api/public/images/logo-with-baseline.svg b/api/public/images/logo-with-baseline.svg
new file mode 100644
index 0000000..b2ada22
--- /dev/null
+++ b/api/public/images/logo-with-baseline.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/api/public/images/mob-footer.svg b/api/public/images/mob-footer.svg
new file mode 100644
index 0000000..364a607
--- /dev/null
+++ b/api/public/images/mob-footer.svg
@@ -0,0 +1 @@
+
diff --git a/api/public/img/mob-favicon.svg b/api/public/img/mob-favicon.svg
new file mode 100644
index 0000000..ce42712
--- /dev/null
+++ b/api/public/img/mob-favicon.svg
@@ -0,0 +1 @@
+
diff --git a/api/public/index.html b/api/public/index.html
new file mode 100644
index 0000000..8ac88e9
--- /dev/null
+++ b/api/public/index.html
@@ -0,0 +1,88 @@
+
+
+
+
+ API | Mon Compte Mobilité
+
+
+
+
+
+
+
+
+
+
+
+
moB
+
Version 1
+
+
+
+
Text Content
`;
+const mockBuffer: Buffer = Buffer.from(mockHtml);
+
+describe('File conversion functions', () => {
+ it('generateTemplateAsHtml success', async () => {
+ const html = await generateTemplateAsHtml('invoice', {
+ invoice: mockInvoice,
+ formatDate: formatDateInTimezone,
+ });
+ expect(html).to.containEql(mockInvoice.customer.customerName);
+ expect(html).to.containEql(mockInvoice.customer.customerSurname);
+ expect(html).to.containEql(mockInvoice.enterprise.enterpriseName);
+ expect(html).to.containEql(mockInvoice.enterprise.siretNumber);
+ expect(html).to.containEql(
+ (mockInvoice.transaction.amountInclTaxes / 100).toFixed(2),
+ );
+ expect(html).to.containEql(mockInvoice.transaction.orderId);
+ expect(html).to.containEql(
+ formatDateInTimezone(mockInvoice.transaction.purchaseDate, 'dd/MM/yyyy'),
+ );
+ expect(html).to.containEql(mockInvoice.products[0].productName);
+ });
+
+ it('generateTemplateAsHtml should throw error', async () => {
+ const ejsStub = sinon.stub(ejs, 'renderFile').rejects('HtmlTemplateError');
+ try {
+ await generateTemplateAsHtml('invoice');
+ } catch (error) {
+ expect(error.message).to.equal('HtmlTemplateError');
+ }
+ ejsStub.restore();
+ });
+
+ it('generatePdfBufferFromHtml success', async () => {
+ const pdfStub = sinon.stub(pdf, 'create').returns({
+ toBuffer: sinon.stub().yields(null, Buffer.from(mockHtml)),
+ toFile: sinon.stub().returnsThis(),
+ toStream: sinon.stub().returnsThis(),
+ });
+ const pdfBuffer = await generatePdfBufferFromHtml(mockHtml);
+ expect(pdfBuffer).to.eql(mockBuffer);
+ pdfStub.restore();
+ });
+
+ it('generatePdfBufferFromHtml should throw error', async () => {
+ const pdfStub = sinon.stub(pdf, 'create').returns({
+ toBuffer: sinon.stub().yields('generatePdfError', null),
+ toFile: sinon.stub().returnsThis(),
+ toStream: sinon.stub().returnsThis(),
+ });
+ try {
+ await generatePdfBufferFromHtml(mockHtml);
+ } catch (error) {
+ expect(error).to.equal('generatePdfError');
+ }
+ pdfStub.restore();
+ });
+});
diff --git a/api/src/__tests__/utils/invoice.test.ts b/api/src/__tests__/utils/invoice.test.ts
new file mode 100644
index 0000000..8a6588a
--- /dev/null
+++ b/api/src/__tests__/utils/invoice.test.ts
@@ -0,0 +1,116 @@
+import {expect, sinon} from '@loopback/testlab';
+import ejs from 'ejs';
+import {generatePdfInvoices} from '../../utils/invoice';
+import * as fileConversion from '../../utils/file-conversion';
+import {Invoice} from '../../models';
+
+const invoice1: Invoice = Object.assign(new Invoice(), {
+ enterprise: {
+ enterpriseName: 'IDF Mobilités',
+ sirenNumber: '362521879',
+ siretNumber: '36252187900034',
+ apeCode: '4711D',
+ enterpriseAddress: {
+ zipCode: 75018,
+ city: 'Paris',
+ street: '6 rue Lepic',
+ },
+ },
+ customer: {
+ customerId: '123789',
+ customerName: 'NEYMAR',
+ customerSurname: 'Jean',
+ customerAddress: {
+ zipCode: 75018,
+ city: 'Paris',
+ street: '15 rue Veron',
+ },
+ },
+ transaction: {
+ orderId: '30723',
+ purchaseDate: new Date('2021-03-03T14:54:18+01:00'),
+ amountInclTaxes: 7520,
+ amountExclTaxes: 7520,
+ },
+ products: [
+ {
+ productName: 'Forfait Navigo Mois',
+ quantity: 1,
+ amountInclTaxes: 7520,
+ amountExclTaxes: 7520,
+ percentTaxes: 10,
+ productDetails: {
+ periodicity: 'Mensuel',
+ zoneMin: 1,
+ zoneMax: 5,
+ validityStart: new Date('2021-03-01T00:00:00+01:00'),
+ validityEnd: new Date('2021-03-31T00:00:00+01:00'),
+ },
+ },
+ ],
+});
+
+const invoice2: Invoice = Object.assign(new Invoice(), {
+ enterprise: {
+ enterpriseName: 'IDF Mobilités',
+ sirenNumber: '362521879',
+ siretNumber: '36252187900034',
+ apeCode: '4711D',
+ enterpriseAddress: {
+ zipCode: 75018,
+ city: 'Paris',
+ street: '6 rue Lepic',
+ },
+ },
+ customer: {
+ customerId: '123789',
+ customerName: 'DELOIN',
+ customerSurname: 'Alain',
+ },
+ transaction: {
+ orderId: '30723',
+ purchaseDate: new Date('2021-03-03T14:54:18+01:00'),
+ amountInclTaxes: 7520,
+ amountExclTaxes: 7520,
+ },
+ products: [
+ {
+ productName: 'Forfait Navigo Mois',
+ quantity: 1,
+ amountInclTaxes: 7520,
+ amountExclTaxes: 7520,
+ percentTaxes: 10,
+ productDetails: {
+ periodicity: 'Mensuel',
+ zoneMin: 1,
+ zoneMax: 5,
+ },
+ },
+ ],
+});
+
+const mockInvoices: Invoice[] = [invoice1, invoice2];
+const files: Record[] = [
+ {key: 'file.txt'},
+ {key: 'file.txt'},
+ {key: 'file.txt'},
+];
+const mockHtml: string = `Text Content
`;
+const mockBuffer: Buffer = Buffer.from(mockHtml);
+describe('Invoice', () => {
+ it('generatePdfInvoices success', async () => {
+ const ejsStub = sinon.stub(ejs, 'renderFile').resolves(mockHtml);
+ sinon
+ .stub(fileConversion, 'generatePdfBufferFromHtml')
+ .resolves(Buffer.from(await ejsStub('')));
+ const invoicesPdf = await generatePdfInvoices(mockInvoices);
+ expect(invoicesPdf.length).to.equal(2);
+ expect(invoicesPdf[0].originalname).to.equal(
+ '03-03-2021_Forfait_Navigo_Mois_Jean_NEYMAR.pdf',
+ );
+ expect(invoicesPdf[1].originalname).to.equal(
+ '03-03-2021_Forfait_Navigo_Mois_Alain_DELOIN.pdf',
+ );
+ expect(invoicesPdf[0].buffer).to.eql(mockBuffer);
+ });
+});
diff --git a/api/src/application.ts b/api/src/application.ts
new file mode 100644
index 0000000..57437e8
--- /dev/null
+++ b/api/src/application.ts
@@ -0,0 +1,115 @@
+import {BootMixin} from '@loopback/boot';
+import {ApplicationConfig, createBindingFromClass} from '@loopback/core';
+import {RestExplorerBindings, RestExplorerComponent} from '@loopback/rest-explorer';
+import {RepositoryMixin} from '@loopback/repository';
+import {RestApplication, RestBindings} from '@loopback/rest';
+import {ServiceMixin} from '@loopback/service-proxy';
+import path from 'path';
+import {MySequence} from './sequence';
+import {
+ AuthenticationComponent,
+ registerAuthenticationStrategy,
+} from '@loopback/authentication';
+import {AuthorizationComponent, AuthorizationTags} from '@loopback/authorization';
+export {ApplicationConfig};
+import {InfoObject, mergeOpenAPISpec} from '@loopback/openapi-v3';
+import {CronComponent} from '@loopback/cron';
+import {MigrationBindings, MigrationComponent} from 'loopback4-migration';
+
+import {SECURITY_SCHEME_SPEC} from './utils/security-spec';
+import {OPENAPI_CONFIG} from './constants';
+import {ApiKeyAuthenticationStrategy} from './strategies';
+import {KeycloakAuthenticationStrategy} from './strategies/keycloak.strategy';
+import {AuthorizationProvider} from './providers/authorization.provider';
+import {RabbitmqCronJob} from './cronjob/rabbitmqCronJob';
+import {SubscriptionCronJob} from './cronjob/subscriptionCronJob';
+import {NonActivatedAccountDeletionCronJob} from './cronjob/nonActivatedAccountDeletionCronJob';
+import {ParentProcessService} from './services';
+import {MongoDsDataSource} from './datasources';
+import {MigrationScript111} from './migrations/1.11.0.migration';
+
+export class App extends BootMixin(ServiceMixin(RepositoryMixin(RestApplication))) {
+ constructor(options: ApplicationConfig = {}) {
+ super(options);
+ this.bind(RestBindings.REQUEST_BODY_PARSER_OPTIONS).to({
+ $data: true,
+ validation: {
+ keywords: ['example'],
+ },
+ });
+
+ const infoObject: InfoObject = {
+ title: OPENAPI_CONFIG.title,
+ version: OPENAPI_CONFIG.version,
+ contact: OPENAPI_CONFIG.contact,
+ };
+
+ this.api(
+ mergeOpenAPISpec(this.getSync(RestBindings.API_SPEC), {
+ info: infoObject,
+ components: {
+ securitySchemes: SECURITY_SCHEME_SPEC,
+ },
+ }),
+ );
+
+ // Set up the custom sequence
+ this.sequence(MySequence);
+
+ // Set up default home page
+ this.static('/', path.join(__dirname, '../public'));
+ // Configure migration component
+ this.bind(MigrationBindings.CONFIG).to({
+ appVersion: '1.11.0',
+ dataSourceName: MongoDsDataSource.dataSourceName,
+ modelName: 'Migration',
+ migrationScripts: [MigrationScript111],
+ });
+ // Bind migration component related elements
+ this.component(MigrationComponent);
+
+ // Customize @loopback/rest-explorer configuration here
+ this.configure(RestExplorerBindings.COMPONENT).to({
+ path: '/explorer',
+ indexTemplatePath: path.resolve(__dirname, '../explorer/index.html.ejs'),
+ indexTitle: 'API Explorer | Mon Compte Mobilité',
+ });
+
+ this.component(RestExplorerComponent);
+
+ this.bind(RestBindings.ERROR_WRITER_OPTIONS).to({
+ debug: false,
+ safeFields: ['path', 'resourceName'],
+ });
+ this.component(AuthenticationComponent);
+ this.component(AuthorizationComponent);
+ this.bind('authorizationProviders.authorization-provider')
+ .toProvider(AuthorizationProvider)
+ .tag(AuthorizationTags.AUTHORIZER);
+
+ registerAuthenticationStrategy(this, KeycloakAuthenticationStrategy);
+ registerAuthenticationStrategy(this, ApiKeyAuthenticationStrategy);
+
+ // Create binding for ParentProcessService to be used as unique instance
+ // Please use @inject('services.ParentProcessService') if injection is needed in other classes
+ this.add(createBindingFromClass(ParentProcessService));
+
+ // Init cron component and RabbitmqCronJob
+ this.component(CronComponent);
+ this.add(createBindingFromClass(RabbitmqCronJob));
+ // clean subscription collection
+ this.add(createBindingFromClass(SubscriptionCronJob));
+ this.add(createBindingFromClass(NonActivatedAccountDeletionCronJob));
+
+ this.projectRoot = __dirname;
+ // Customize @loopback/boot Booter Conventions here
+ this.bootOptions = {
+ controllers: {
+ // Customize ControllerBooter Conventions here
+ dirs: ['controllers'],
+ extensions: ['.controller.js', '.controller.ts'],
+ nested: true,
+ },
+ };
+ }
+}
diff --git a/api/src/busError.ts b/api/src/busError.ts
new file mode 100644
index 0000000..16fd343
--- /dev/null
+++ b/api/src/busError.ts
@@ -0,0 +1,18 @@
+import {logger} from './utils';
+import {ValidationError} from './validationError';
+
+export class BusError extends ValidationError {
+ property?: string;
+
+ constructor(
+ message: string,
+ property: string,
+ path: string,
+ statusCode = 500,
+ resourceName = '',
+ ) {
+ super(message, path, statusCode, resourceName);
+ this.property = property;
+ logger.error(message);
+ }
+}
diff --git a/api/src/config/clamAvConfig.ts b/api/src/config/clamAvConfig.ts
new file mode 100644
index 0000000..132e113
--- /dev/null
+++ b/api/src/config/clamAvConfig.ts
@@ -0,0 +1,25 @@
+export class ClamAvConfig {
+ private host: string = process.env.CLAMAV_HOST
+ ? `${process.env.CLAMAV_HOST}`
+ : `localhost`;
+
+ private port: number | undefined = process.env.CLAMAV_PORT
+ ? Number(process.env.CLAMAV_PORT)
+ : 3310;
+
+ /**
+ * Get ClamAv configuration to init
+ * @returns clamav configuration
+ */
+ getClamAvConfiguration() {
+ return {
+ debugMode: false, // This will put some debug info in your js console
+ clamdscan: {
+ host: this.host, // IP of host to connect to TCP interface
+ port: this.port, // Port of host to use when connecting via TCP interface
+ multiscan: true, // Scan using all available cores! Yay!
+ },
+ preference: 'clamdscan', // If clamdscan is found and active, it will be used by default
+ };
+ }
+}
diff --git a/api/src/config/index.ts b/api/src/config/index.ts
new file mode 100644
index 0000000..bee3ceb
--- /dev/null
+++ b/api/src/config/index.ts
@@ -0,0 +1,4 @@
+export * from './clamAvConfig';
+export * from './mailConfig';
+export * from './s3Config';
+export * from './rabbitmqConfig';
diff --git a/api/src/config/mailConfig.ts b/api/src/config/mailConfig.ts
new file mode 100644
index 0000000..40e7bda
--- /dev/null
+++ b/api/src/config/mailConfig.ts
@@ -0,0 +1,40 @@
+import nodemailer from 'nodemailer';
+export class MailConfig {
+ /**
+ * Check env before sending the email.
+ */
+ configMailer() {
+ let mailer, from;
+ const mailHog = {
+ host: process.env.MAILHOG_HOST,
+ port: 1025,
+ };
+ const sendGrid = {
+ host: process.env.SENDGRID_HOST,
+ port: 587,
+ auth: {
+ user: process.env.SENDGRID_USER,
+ pass: process.env.SENDGRID_API_KEY,
+ },
+ };
+ const fromLocal = 'Mon Compte Mobilité ';
+
+ // check is FQDN is set
+ if (process.env.IDP_FQDN) {
+ // check landscape
+ if (process.env.LANDSCAPE === 'preview' || process.env.LANDSCAPE === 'testing') {
+ mailer = nodemailer.createTransport(mailHog);
+ from = process.env.MAILHOG_EMAIL_FROM;
+ } else {
+ mailer = nodemailer.createTransport(sendGrid);
+ from = process.env.SENDGRID_EMAIL_FROM;
+ }
+ } else {
+ mailer = nodemailer.createTransport({
+ port: 1025,
+ });
+ from = fromLocal;
+ }
+ return {mailer, from};
+ }
+}
diff --git a/api/src/config/rabbitmqConfig.ts b/api/src/config/rabbitmqConfig.ts
new file mode 100644
index 0000000..7f8ffe3
--- /dev/null
+++ b/api/src/config/rabbitmqConfig.ts
@@ -0,0 +1,74 @@
+import {BindingScope, injectable} from '@loopback/core';
+import {credentials} from 'amqplib';
+@injectable({scope: BindingScope.TRANSIENT})
+export class RabbitmqConfig {
+ private amqpUrl = 'amqp://' + (process.env.BUS_HOST ?? 'localhost');
+ private apiKey = process.env.CLIENT_SECRET_KEY_KEYCLOAK_API ?? 'MOB_SECRET_KEY';
+
+ private user = process.env.BUS_MCM_CONSUME_USER ?? 'mob';
+ private password = process.env.BUS_MCM_CONSUME_PASSWORD ?? 'mob';
+
+ private exchangeValue = process.env.BUS_MCM_HEADERS ?? 'mob.headers';
+ private publishMessageType = process.env.BUS_MCM_MESSAGE_TYPE ?? 'subscriptions.put';
+
+ private consumerMessageType =
+ process.env.BUS_CONSUMER_QUEUE ?? 'mob.subscriptions.status';
+
+ /**
+ * Return the message type (put) and the secret key of the client
+ * @param enterpriseName
+ */
+ getPublishQueue(enterpriseName: string): {
+ headers: {message_type: string; secret_key: string};
+ } {
+ const publishQueue = {
+ headers: {
+ message_type: `${this.publishMessageType}.${enterpriseName}`,
+ secret_key: this.apiKey,
+ },
+ };
+ return publishQueue;
+ }
+
+ /**
+ * Generate login credentials with KC token from api service account
+ * @returns { credentials: any }
+ */
+ public getLogin(accessToken: string): {credentials: any} {
+ return {
+ credentials: credentials.plain('client_id', accessToken),
+ };
+ }
+
+ /**
+ * Get login with user/password
+ * @returns { credentials: any }
+ */
+ public getUserLogin(): {credentials: any} {
+ return {
+ credentials: credentials.plain(this.user, this.password),
+ };
+ }
+
+ /**
+ * Return the message type (status) for the consumer
+ * @param enterpriseName
+ */
+ getConsumerQueue(enterpriseName: string): string {
+ return `${this.consumerMessageType}.${enterpriseName}`;
+ }
+
+ /**
+ * Return the url to connect to
+ */
+ getAmqpUrl(): string {
+ return this.amqpUrl;
+ }
+
+ /**
+ * Return the exchange headers to publish
+ */
+ getExchange(): string {
+ return this.exchangeValue;
+ }
+}
diff --git a/api/src/config/s3Config.ts b/api/src/config/s3Config.ts
new file mode 100644
index 0000000..179267e
--- /dev/null
+++ b/api/src/config/s3Config.ts
@@ -0,0 +1,18 @@
+import {S3ClientConfig} from '@aws-sdk/client-s3';
+
+export class S3Config {
+ protected getConfiguration(): S3ClientConfig {
+ return {
+ credentials: {
+ accessKeyId: process.env.S3_SERVICE_USER ?? 'minioadmin',
+ secretAccessKey: process.env.S3_SERVICE_PASSWORD ?? 'minioadmin',
+ },
+ region: 'us-east-1',
+ endpoint:
+ process.env.S3_HOST && process.env.S3_PORT
+ ? `http://${process.env.S3_HOST}:${process.env.S3_PORT}`
+ : 'http://localhost:9001',
+ forcePathStyle: true,
+ };
+ }
+}
diff --git a/api/src/constants.ts b/api/src/constants.ts
new file mode 100644
index 0000000..415fc64
--- /dev/null
+++ b/api/src/constants.ts
@@ -0,0 +1,51 @@
+import {Credentials} from 'keycloak-admin/lib/utils/auth';
+import {InfoObject} from '@loopback/openapi-v3';
+
+export const OPENAPI_CONFIG: InfoObject = {
+ title: 'moB - Mon Compte Mobilité',
+ version: `${process.env.PACKAGE_VERSION || '1.0.0'}`,
+ contact: {
+ email: 'mcm_admin@moncomptemobilite.org',
+ name: 'Support technique',
+ },
+};
+
+export const emailRegexp = '^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9-.]+$';
+
+export const IDP_FQDN = process.env.IDP_FQDN
+ ? `https://${process.env.IDP_FQDN}`
+ : process.env.IDP_URL
+ ? `${process.env.IDP_URL}`
+ : `http://localhost:9000`;
+
+export const WEBSITE_FQDN = process.env.WEBSITE_FQDN
+ ? `https://${process.env.WEBSITE_FQDN}`
+ : process.env.WEBSITE_URL
+ ? `${process.env.WEBSITE_URL}`
+ : 'http://localhost:8000';
+
+export const API_FQDN = process.env.API_FQDN
+ ? `https://${process.env.API_FQDN}`
+ : process.env.API_URL
+ ? `${process.env.API_URL}`
+ : 'http://localhost:3000';
+
+export const baseUrl = `${IDP_FQDN}/auth`;
+
+export const realmName = 'mcm';
+
+export const IDP_SUFFIX_CLIENT = 'client';
+
+export const IDP_SUFFIX_BACKEND = 'backend';
+
+export const IDP_SUFFIX = [IDP_SUFFIX_CLIENT, IDP_SUFFIX_BACKEND];
+
+export const TAG_MAAS = 'MaaS';
+
+export const credentials: Credentials = {
+ grantType: 'client_credentials',
+ clientId: 'api',
+ clientSecret: process.env.CLIENT_SECRET_KEY_KEYCLOAK_API
+ ? `${process.env.CLIENT_SECRET_KEY_KEYCLOAK_API}`
+ : '${IDP_API_CLIENT_SECRET}',
+};
diff --git a/api/src/controllers/README.md b/api/src/controllers/README.md
new file mode 100644
index 0000000..ad4c4cc
--- /dev/null
+++ b/api/src/controllers/README.md
@@ -0,0 +1,9 @@
+# Controllers
+
+This directory contains source files for the controllers exported by this app.
+
+To add a new empty controller, type in `lb4 controller []` from the
+command-line of your application's root directory.
+
+For more information, please visit
+[Controller generator](http://loopback.io/doc/en/lb4/Controller-generator.html).
diff --git a/api/src/controllers/citizen.controller.ts b/api/src/controllers/citizen.controller.ts
new file mode 100644
index 0000000..33e4bd7
--- /dev/null
+++ b/api/src/controllers/citizen.controller.ts
@@ -0,0 +1,1025 @@
+import * as Excel from 'exceljs';
+import {inject, intercept, service} from '@loopback/core';
+import {FilterExcludingWhere, repository, AnyObject} from '@loopback/repository';
+import {
+ post,
+ param,
+ get,
+ getModelSchemaRef,
+ put,
+ patch,
+ requestBody,
+ Response,
+ RestBindings,
+ del,
+} from '@loopback/rest';
+import {SecurityBindings} from '@loopback/security';
+import {authenticate} from '@loopback/authentication';
+import {authorize} from '@loopback/authorization';
+import {
+ CitizenRepository,
+ EnterpriseRepository,
+ CommunityRepository,
+ UserRepository,
+ SubscriptionRepository,
+ IncentiveRepository,
+} from '../repositories';
+import {
+ CitizenService,
+ KeycloakService,
+ MailService,
+ JwtService,
+ FunderService,
+ SubscriptionService,
+} from '../services';
+import {CitizenInterceptor} from '../interceptors';
+import {
+ CitizenUpdate,
+ Affiliation,
+ Incentive,
+ Citizen,
+ Subscription,
+ Enterprise,
+ Error,
+} from '../models';
+import {ValidationError} from '../validationError';
+import {
+ ResourceName,
+ StatusCode,
+ AFFILIATION_STATUS,
+ Roles,
+ SUBSCRIPTION_STATUS,
+ SECURITY_SPEC_API_KEY,
+ SECURITY_SPEC_KC_PASSWORD,
+ SECURITY_SPEC_JWT_KC_PASSWORD,
+ SECURITY_SPEC_JWT,
+ AUTH_STRATEGY,
+ Consent,
+ ClientOfConsent,
+ CITIZEN_STATUS,
+ IUser,
+ GENDER,
+} from '../utils';
+import {emailRegexp} from '../constants';
+
+import {canAccessHisOwnData} from '../services/user.authorizor';
+import {formatDateInTimezone} from '../utils/date';
+@intercept(CitizenInterceptor.BINDING_KEY)
+export class CitizenController {
+ constructor(
+ @inject('services.MailService')
+ public mailService: MailService,
+ @repository(CitizenRepository)
+ public citizenRepository: CitizenRepository,
+ @repository(CommunityRepository)
+ public communityRepository: CommunityRepository,
+ @inject('services.KeycloakService')
+ public kcService: KeycloakService,
+ @inject('services.FunderService')
+ public funderService: FunderService,
+ @repository(EnterpriseRepository)
+ public enterpriseRepository: EnterpriseRepository,
+ @inject('services.CitizenService')
+ public citizenService: CitizenService,
+ @inject('services.SubscriptionService')
+ public subscriptionService: SubscriptionService,
+ @inject('services.JwtService')
+ public jwtService: JwtService,
+ @service(UserRepository)
+ private userRepository: UserRepository,
+ @inject(SecurityBindings.USER, {optional: true})
+ private currentUser: IUser,
+ @repository(SubscriptionRepository)
+ public subscriptionRepository: SubscriptionRepository,
+ @repository(IncentiveRepository)
+ public incentiveRepository: IncentiveRepository,
+ ) {}
+
+ /**
+ * Create a new user
+ * @param register the form or user object
+ * @returns an object with new user id + firstName + lastName
+ */
+ @authenticate(AUTH_STRATEGY.API_KEY)
+ @authorize({allowedRoles: [Roles.API_KEY]})
+ @post('v1/citizens', {
+ 'x-controller-name': 'Citizens',
+ summary: 'Crée un citoyen',
+ security: SECURITY_SPEC_API_KEY,
+ responses: {
+ [StatusCode.Created]: {
+ description: 'Le citoyen est enregistré',
+ content: {
+ 'application/json': {
+ schema: {
+ type: 'object',
+ properties: {
+ id: {
+ type: 'string',
+ example: '',
+ },
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.NotFound]: {
+ description: "L'entreprise du salarié est inconnue",
+ },
+ [StatusCode.PreconditionFailed]: {
+ description:
+ "L'email professionnel du salarié n'est pas du domaine de son entreprise",
+ },
+ [StatusCode.Conflict]: {
+ description: "L'email personnel du salarié existe déjà",
+ },
+ [StatusCode.UnprocessableEntity]: {
+ description: "L'email professionnel du salarié existe déjà",
+ },
+ },
+ })
+ async create(
+ @requestBody({
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Citizen),
+ },
+ },
+ })
+ register: Omit,
+ ): Promise<{id: string} | undefined> {
+ const result: {id: string} | undefined = await this.citizenService.createCitizen(
+ register,
+ );
+ return result;
+ }
+
+ /**
+ * @param [status] status in `status`
+ * @param [lastName] Search in `lastName`
+ * @param [skip] records.
+ * @returns {Citizen[], number} List of salaries sorted by `lastName` and the total
+ * number of employees based on their status or lastName
+ */
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({
+ allowedRoles: [Roles.SUPERVISORS, Roles.MANAGERS],
+ })
+ @get('/v1/citizens', {
+ 'x-controller-name': 'Citizens',
+ summary: "Retourne les salariés d'une entreprise",
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Search filter employees ',
+ content: {
+ 'application/json': {
+ schema: {
+ type: 'array',
+ items: getModelSchemaRef(Citizen),
+ },
+ },
+ },
+ },
+ },
+ })
+ async findSalaries(
+ @param.query.string('status', {
+ description: `Filtre sur le statut de l'aide: AFFILIE | DESAFFILIE | A_AFFILIER`,
+ })
+ status?: string,
+ @param.query.string('lastName', {
+ description: `Filtre sur le nom de famille du citoyen`,
+ })
+ lastName?: string,
+ @param.query.number('skip', {
+ description: `Nombre d'éléments à sauter lors de la pagination`,
+ })
+ skip?: number,
+ ): Promise<{employees: Citizen[] | undefined; employeesCount: number}> {
+ const result = await this.citizenService.findEmployees({
+ status,
+ lastName,
+ skip,
+ limit: 10,
+ });
+
+ return result;
+ }
+
+ /**
+ * get citizens with at least one subscription
+ * @param lastName search params
+ * @param skip number of element to skip
+ */
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({
+ allowedRoles: [Roles.FUNDERS],
+ })
+ @get('/v1/collectivitiesCitizens', {
+ 'x-controller-name': 'Citizens',
+ summary: 'Récupère la liste des citoyens ayant au moins une demande',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Array of subscriptions model instance',
+ content: {
+ 'application/json': {
+ schema: {
+ type: 'object',
+ },
+ },
+ },
+ },
+ },
+ })
+ async getCitizensWithSubscriptions(
+ @param.query.string('lastName', {description: 'Nom de famille du citoyen'})
+ lastName?: string,
+ @param.query.number('skip', {
+ description: "Nombre d'éléments à sauter lors de la pagination",
+ })
+ skip?: number | undefined,
+ ): Promise {
+ const {incentiveType, funderName} = this.currentUser;
+
+ const match: object[] = [
+ {incentiveType: incentiveType},
+ {funderName: funderName},
+ {status: {$ne: SUBSCRIPTION_STATUS.DRAFT}},
+ ];
+
+ if (lastName) {
+ match.push({
+ lastName: new RegExp('.*' + lastName + '.*', 'i'),
+ });
+ }
+
+ return this.subscriptionService.getCitizensWithSubscription(match, skip);
+ }
+
+ /**
+ * get citizen profile by id
+ * @param citizenId id of citizen
+ * @param filter the citizen filter
+ * @returns the profile of citizen
+ */
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({voters: [canAccessHisOwnData]})
+ @get('v1/citizens/profile/{citizenId}', {
+ 'x-controller-name': 'Citizens',
+ summary: "Retourne les informations d'un citoyen",
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Citizen model instance',
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Citizen),
+ },
+ },
+ },
+ },
+ })
+ async findById(
+ @param.path.string('citizenId', {
+ description: `L'identifiant du citoyen`,
+ })
+ citizenId: string,
+ @param.filter(Citizen, {exclude: 'where'})
+ filter?: FilterExcludingWhere,
+ ): Promise {
+ return this.citizenRepository.findById(citizenId, filter);
+ }
+
+ /**
+ * get citizen by id
+ * @param citizenId id of citizen
+ * @param filter the citizen filter
+ * @returns one citizen object
+ */
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @get('/v1/citizens/{citizenId}', {
+ 'x-controller-name': 'Citizens',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ summary: "Retourne les informations d'un citoyen",
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Citizen model instance',
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Citizen),
+ },
+ },
+ },
+ [StatusCode.NotFound]: {
+ description: "Ce citoyen n'existe pas",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 404,
+ name: 'Error',
+ message: 'Citizen not found',
+ path: '/citizenNotFound',
+ resourceName: 'Citizen',
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async findCitizenId(
+ @param.path.string('citizenId', {
+ description: `L'identifiant du citoyen`,
+ })
+ citizenId: string,
+ ): Promise> {
+ const user = await this.userRepository.findById(this.currentUser?.id);
+ const citizenData = await this.citizenRepository.findById(citizenId);
+ if (
+ user &&
+ this.currentUser?.roles?.includes('gestionnaires') &&
+ user.funderId === citizenData?.affiliation?.enterpriseId
+ ) {
+ return {
+ lastName: citizenData?.identity?.lastName?.value,
+ firstName: citizenData?.identity?.firstName?.value,
+ };
+ } else {
+ throw new ValidationError('Access denied', '/authorization', StatusCode.Forbidden);
+ }
+ }
+
+ /**
+ * affiliate connected citizen
+ * @param data has token needed to affiliate connected citizen
+ */
+ @authenticate(AUTH_STRATEGY.KEYCLOAK, AUTH_STRATEGY.API_KEY)
+ @authorize({
+ allowedRoles: [Roles.SUPERVISORS, Roles.MANAGERS, Roles.API_KEY, Roles.CITIZENS],
+ })
+ @put('/v1/citizens/{citizenId}/affiliate', {
+ 'x-controller-name': 'Citizens',
+ summary: 'Affilie un citoyen à une entreprise',
+ security: SECURITY_SPEC_JWT_KC_PASSWORD,
+ responses: {
+ [StatusCode.NoContent]: {
+ description: "L'affiliation est validée",
+ },
+ [StatusCode.NotFound]: {
+ description: "L'affiliation n'existe pas",
+ },
+ [StatusCode.PreconditionFailed]: {
+ description: "L'affiliation n'est pas au bon status",
+ },
+ [StatusCode.UnprocessableEntity]: {
+ description: "L'affiliation n'est pas valide",
+ },
+ },
+ })
+ async validateAffiliation(
+ @param.path.string('citizenId', {
+ description: `L'identifiant du citoyen`,
+ })
+ citizenId: string,
+ @requestBody({
+ content: {
+ 'application/json': {
+ schema: {
+ type: 'object',
+ properties: {
+ token: {
+ type: 'string',
+ example: `Un token d'affiliation`,
+ },
+ },
+ },
+ },
+ },
+ })
+ data: {
+ token: string;
+ },
+ ): Promise {
+ const user = this.currentUser;
+
+ let citizen: Citizen | null;
+
+ if (user.id) {
+ citizen = await this.citizenRepository.findOne({
+ where: {id: citizenId},
+ });
+ citizen!.affiliation!.affiliationStatus = AFFILIATION_STATUS.AFFILIATED;
+ } else {
+ citizen = await this.citizenService.checkAffiliation(data.token);
+ citizen.affiliation!.affiliationStatus = AFFILIATION_STATUS.AFFILIATED;
+ }
+
+ await this.citizenRepository.updateById(citizenId, {
+ affiliation: {...citizen!.affiliation},
+ });
+ if (user.id && user.funderName && citizen) {
+ await this.citizenService.sendValidatedAffiliation(citizen, user.funderName);
+ }
+ }
+
+ /**
+ * disaffiliate citizen by id
+ * @param citizenId id citizen
+ */
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({
+ allowedRoles: [Roles.MANAGERS, Roles.SUPERVISORS],
+ })
+ @put('/v1/citizens/{citizenId}/disaffiliate', {
+ 'x-controller-name': 'Citizens',
+ summary: "Désaffilie un citoyen d'une entreprise",
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.NoContent]: {
+ description: 'La désaffiliation est validée',
+ },
+ [StatusCode.NotFound]: {
+ description: "Ce citoyen n'existe pas",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 404,
+ name: 'Error',
+ message: 'Citizen not found',
+ path: '/citizenNotFound',
+ resourceName: 'Citizen',
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.PreconditionFailed]: {
+ description: 'La désaffiliation est impossible',
+ },
+ [StatusCode.UnprocessableEntity]: {
+ description: "La désaffiliation n'est pas valide",
+ },
+ },
+ })
+ async disaffiliation(
+ @param.path.string('citizenId', {
+ description: `L'identifiant du citoyen`,
+ })
+ citizenId: string,
+ ): Promise {
+ const user = this.currentUser;
+ const citizen: Citizen = await this.citizenRepository.findById(citizenId);
+ const citizenInitialStatus: string = citizen.affiliation!.affiliationStatus;
+ citizen.affiliation!.affiliationStatus = AFFILIATION_STATUS.DISAFFILIATED;
+
+ await this.citizenRepository.updateById(citizen.id, {
+ affiliation: {...citizen.affiliation},
+ });
+
+ if (
+ user &&
+ user?.funderName &&
+ citizenInitialStatus === AFFILIATION_STATUS.TO_AFFILIATE
+ ) {
+ await this.citizenService.sendRejectedAffiliation(citizen, user?.funderName);
+ } else {
+ await this.citizenService.sendDisaffiliationMail(this.mailService, citizen);
+ }
+ }
+
+ /**
+ * Update citizen by id
+ * @param citizenId id of citizen
+ * @param citizen schema
+ */
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({voters: [canAccessHisOwnData]})
+ @patch('/v1/citizens/{citizenId}', {
+ 'x-controller-name': 'Citizens',
+ summary: "Modifie des informations d'un citoyen",
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Citizen PATCH success',
+ content: {
+ 'application/json': {
+ schema: {
+ type: 'object',
+ properties: {
+ id: {
+ type: 'string',
+ example: '',
+ },
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.UnprocessableEntity]: {
+ description: "L'email professionnel du salarié existe déjà",
+ },
+ },
+ })
+ async updateById(
+ @param.path.string('citizenId', {
+ description: `L'identifiant du citoyen`,
+ })
+ citizenId: string,
+ @requestBody({
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(CitizenUpdate),
+ },
+ },
+ })
+ citizen: CitizenUpdate,
+ ): Promise<{id: string}> {
+ /**
+ * init a new citizen data for handling
+ */
+ let affiliationEnterprise = new Enterprise();
+ const newCitizen: {
+ id?: string;
+ city: string;
+ postcode: string;
+ status: CITIZEN_STATUS;
+ affiliation: Affiliation;
+ } = {
+ ...citizen,
+ };
+
+ // Enterprise Verification
+ if (citizen.affiliation?.enterpriseId) {
+ affiliationEnterprise = await this.enterpriseRepository.findById(
+ citizen.affiliation.enterpriseId,
+ );
+ }
+ /**
+ * set a new affiliation object state depending on enterpriseId and enterpriseEmail existence and not empty strings
+ */
+ if (
+ newCitizen?.affiliation?.enterpriseId &&
+ newCitizen?.affiliation?.enterpriseEmail
+ ) {
+ newCitizen.affiliation.affiliationStatus = AFFILIATION_STATUS.TO_AFFILIATE;
+ }
+
+ /**
+ * set or not the new affiliation object state depending on what the form returns
+ */
+ if (
+ (newCitizen?.affiliation &&
+ !newCitizen?.affiliation?.enterpriseId &&
+ newCitizen?.affiliation?.enterpriseEmail) ||
+ (newCitizen?.affiliation &&
+ newCitizen?.affiliation?.enterpriseId &&
+ !newCitizen?.affiliation?.enterpriseEmail &&
+ !affiliationEnterprise?.hasManualAffiliation) ||
+ (newCitizen?.affiliation &&
+ !newCitizen?.affiliation?.enterpriseId &&
+ !newCitizen?.affiliation?.enterpriseEmail)
+ ) {
+ newCitizen.affiliation.enterpriseId || null;
+ newCitizen.affiliation.enterpriseEmail || null;
+ newCitizen.affiliation.affiliationStatus = AFFILIATION_STATUS.UNKNOWN;
+ }
+
+ if (
+ (newCitizen?.affiliation &&
+ newCitizen?.affiliation?.enterpriseId &&
+ newCitizen?.affiliation?.enterpriseEmail) ||
+ (newCitizen?.affiliation &&
+ newCitizen?.affiliation?.enterpriseId &&
+ !newCitizen?.affiliation?.enterpriseEmail &&
+ affiliationEnterprise?.hasManualAffiliation)
+ ) {
+ newCitizen.affiliation.affiliationStatus = AFFILIATION_STATUS.TO_AFFILIATE;
+ }
+ let enterprise: Enterprise;
+
+ /**
+ * get citizen data
+ */
+ const oldCitizen: Citizen = await this.citizenRepository.findById(citizenId);
+
+ if (newCitizen?.affiliation?.enterpriseId) {
+ /**
+ * get the related company by id
+ */
+ enterprise = await this.enterpriseRepository.findById(
+ newCitizen.affiliation.enterpriseId,
+ );
+
+ /**
+ * pre-check and validation of the enterprise data
+ */
+ if (newCitizen?.affiliation?.enterpriseEmail) {
+ /**
+ * Check if the professional email is unique
+ */
+ if (
+ newCitizen?.affiliation?.enterpriseEmail !==
+ oldCitizen?.affiliation?.enterpriseEmail
+ ) {
+ await this.citizenService.checkProEmailExistence(
+ newCitizen?.affiliation?.enterpriseEmail,
+ );
+ }
+
+ /**
+ * validate the professional email pattern
+ */
+ const companyEmail = newCitizen.affiliation.enterpriseEmail;
+ this.citizenService.validateEmailPattern(companyEmail, enterprise?.emailFormat);
+ }
+
+ /**
+ * Send a manual affiliaton mail to the company's funders accepting the manual affiliation
+ */
+ if (!newCitizen?.affiliation.enterpriseEmail && enterprise.hasManualAffiliation) {
+ await this.citizenService.sendManualAffiliationMail(oldCitizen, enterprise);
+ }
+ }
+
+ /**
+ * update the citizen data
+ */
+ await this.citizenRepository.updateById(citizenId, newCitizen);
+
+ /**
+ * proceed to send the affiliation email to the citizen's professional email
+ */
+ if (
+ newCitizen?.affiliation?.affiliationStatus === AFFILIATION_STATUS.TO_AFFILIATE &&
+ newCitizen?.affiliation.enterpriseEmail
+ ) {
+ /**
+ * init the affiliation email payload
+ */
+ const affiliationEmailData: any = {
+ ...newCitizen,
+ id: citizenId,
+ identity: {...oldCitizen.identity},
+ };
+
+ /**
+ * send the affiliation email
+ */
+ await this.citizenService.sendAffiliationMail(
+ this.mailService,
+ affiliationEmailData,
+ enterprise!.name,
+ );
+ }
+
+ return {id: citizenId};
+ }
+
+ /**
+ * Update citizen linked to FC by id
+ * @param citizenId id of citizen
+ * @param citizen schema
+ */
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({allowedRoles: [Roles.CITIZENS_FC], voters: [canAccessHisOwnData]})
+ @post('/v1/citizens/{citizenId}/complete', {
+ 'x-controller-name': 'Citizens',
+ summary: "Complète le profil d'un citoyen lié à France Connect",
+ security: SECURITY_SPEC_JWT,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Citizen POST success',
+ content: {
+ 'application/json': {
+ schema: {
+ type: 'object',
+ properties: {
+ id: {
+ type: 'string',
+ example: '',
+ },
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.NotFound]: {
+ description: "L'entreprise du salarié est inconnue",
+ },
+ [StatusCode.PreconditionFailed]: {
+ description:
+ "L'email professionnel du salarié n'est pas du domaine de son entreprise",
+ },
+ [StatusCode.Conflict]: {
+ description: "L'email personnel du salarié existe déjà",
+ },
+ [StatusCode.UnprocessableEntity]: {
+ description: "L'email professionnel du salarié existe déjà",
+ },
+ },
+ })
+ async createCitizenFc(
+ @param.path.string('citizenId', {
+ description: `L'identifiant du citoyen`,
+ })
+ citizenId: string,
+ @requestBody({
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Citizen, {
+ title: 'CompleteProfile',
+ exclude: ['password', 'id'],
+ }),
+ },
+ },
+ })
+ register: Omit,
+ ): Promise<{id: string} | undefined> {
+ const result: {id: string} | undefined = await this.citizenService.createCitizen(
+ register,
+ citizenId,
+ );
+ return result;
+ }
+
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({voters: [canAccessHisOwnData]})
+ @get('/v1/citizens/{citizenId}/export', {
+ 'x-controller-name': 'Citizens',
+ summary: 'Exporte les données personnelles du citoyen connecté',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Downloadable .xlsx file with validated aides list',
+ content: {
+ 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet': {
+ schema: {type: 'string', format: 'base64'},
+ },
+ },
+ },
+ },
+ })
+ async generateUserRGPDExcelFile(
+ @param.path.string('citizenId', {
+ description: `L'identifiant du citoyen`,
+ })
+ citizenId: string,
+ @inject(RestBindings.Http.RESPONSE) resp: Response,
+ ): Promise> {
+ try {
+ const citizen: Citizen = await this.citizenRepository.findById(citizenId);
+
+ const listMaas: string[] = await this.citizenService.getListMaasNames(
+ citizen?.email,
+ );
+
+ // get company name & company email from user affiliation
+ let companyName: string = '';
+ if (citizen?.affiliation?.enterpriseId) {
+ const enterprise: Enterprise = await this.enterpriseRepository.findById(
+ citizen?.affiliation?.enterpriseId,
+ );
+ companyName = enterprise.name;
+ }
+
+ // get all user subscriptions
+ const subscriptions: Subscription[] = await this.subscriptionRepository.find({
+ order: ['updatedAT ASC'],
+ where: {citizenId: this.currentUser.id, status: {neq: SUBSCRIPTION_STATUS.DRAFT}},
+ });
+
+ // get all aides {id, title, specificFields}
+ const incentives: Incentive[] = await this.incentiveRepository.find({
+ fields: {id: true, title: true, specificFields: true},
+ });
+
+ // generate Excel RGPD file that contains all user private data
+ const excelBufferRGPD: Excel.Buffer = await this.citizenService.generateExcelRGPD(
+ citizen,
+ companyName,
+ subscriptions,
+ incentives,
+ listMaas,
+ );
+
+ // send the file to user
+ return resp
+ .status(200)
+ .contentType('application/vnd.openxmlformats-officedocument.spreadsheetml.sheet')
+ .send(excelBufferRGPD);
+ } catch (error) {
+ throw new ValidationError(
+ 'Le téléchargement a échoué, veuillez réessayer',
+ '/downloadXlsx',
+ StatusCode.UnprocessableEntity,
+ ResourceName.Subscription,
+ );
+ }
+ }
+
+ /**
+ * Delete citizen account
+ * @param citizenId id citizen
+ */
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({voters: [canAccessHisOwnData]})
+ @put('/v1/citizens/{citizenId}/delete', {
+ 'x-controller-name': 'Citizens',
+ summary: "Supprimer le compte d'un citoyen",
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.NoContent]: {
+ description: 'La suppression est effectuée',
+ },
+ [StatusCode.Unauthorized]: {
+ description: "L'utilisateur n'est pas connecté",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 401,
+ name: 'Error',
+ message: 'Authorization header not found',
+ path: '/authorization',
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.Forbidden]: {
+ description:
+ "Vous n'avez pas les droits pour supprimer le compte de cet utilisateur",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 403,
+ name: 'Error',
+ message: 'Access denied',
+ path: '/authorization',
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async deleteCitizenAccount(
+ @param.path.string('citizenId', {
+ description: `L'identifiant du citoyen`,
+ })
+ citizenId: string,
+ ): Promise {
+ const citizen: Citizen = await this.citizenRepository.findById(citizenId);
+
+ // Delete citizen from MongoDB
+ await this.citizenRepository.deleteById(citizen.id);
+
+ // Delete citizen from Keycloak
+ await this.kcService.deleteUserKc(citizen.id);
+
+ // ADD Flag "Compte Supprimé" to citizen Subscription
+ const citizenSubscriptions = await this.subscriptionRepository.find({
+ where: {citizenId: citizen.id},
+ });
+
+ citizenSubscriptions?.forEach(async citizenSubscription => {
+ citizenSubscription.isCitizenDeleted = true;
+ await this.subscriptionRepository.updateById(
+ citizenSubscription.id,
+ citizenSubscription,
+ );
+ });
+
+ const date = formatDateInTimezone(new Date(), "dd/MM/yyyy à H'h'mm");
+ await this.citizenService.sendDeletionMail(this.mailService, citizen, date);
+ }
+
+ /**
+ * get consents by citizen id
+ * @param citizenId id of citizen
+ * @returns liste des clients en consentement avec le citoyen
+ */
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({voters: [canAccessHisOwnData]})
+ @get('/v1/citizens/{citizenId}/linkedAccounts', {
+ 'x-controller-name': 'Citizens',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ summary: "Retourne le nom et l'ID des clients en consentement avec le citoyen",
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Modèle des informations du consentement',
+ content: {
+ 'application/json': {
+ example: {
+ clientInfo: {
+ clientName: 'Mulhouse',
+ clientId: 'mulhouse-maas-client',
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.Forbidden]: {
+ description: "Vous n'êtes autorisé à consulter que vos propres consentements",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 403,
+ name: 'Error',
+ message: 'Access denied',
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async findConsentsById(
+ @param.path.string('citizenId', {
+ description: `L'identifiant du citoyen`,
+ })
+ citizenId: string,
+ ): Promise<(ClientOfConsent | undefined)[]> {
+ const citizenConsentsList = await this.kcService.listConsents(citizenId);
+ const clientsList = await this.citizenService.getClientList();
+
+ const consentListData = citizenConsentsList.map((element: Consent) =>
+ clientsList.find(clt => element.clientId === clt.clientId),
+ );
+
+ return consentListData;
+ }
+
+ /**
+ * delete consent by id
+ * @param citizenId id of citizen
+ * @param clientId id du client en consentement avec le citoyen
+ */
+
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({voters: [canAccessHisOwnData]})
+ @del('/v1/citizens/{citizenId}/linkedAccounts/{clientId}', {
+ 'x-controller-name': 'Citizens',
+ summary: 'Supprime un consentement',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.NoContent]: {
+ description: 'Consentement supprimé',
+ },
+ [StatusCode.Forbidden]: {
+ description: 'Vous ne pouvez supprimer que vos propres consentements',
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 403,
+ name: 'Error',
+ message: 'Access denied',
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.NotFound]: {
+ description: 'Consentement introuvable',
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 404,
+ name: 'Error',
+ message: 'consent not found',
+ path: '/consentNotFound',
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async deleteConsentById(
+ @param.path.string('citizenId', {
+ description: `L'identifiant du citoyen`,
+ })
+ citizenId: string,
+ @param.path.string('clientId', {
+ description: `L'identifiant du client en consentement avec le citoyen`,
+ })
+ clientId: string,
+ ): Promise {
+ await this.kcService.deleteConsent(citizenId, clientId);
+ }
+}
diff --git a/api/src/controllers/collectivity.controller.ts b/api/src/controllers/collectivity.controller.ts
new file mode 100644
index 0000000..5a849ba
--- /dev/null
+++ b/api/src/controllers/collectivity.controller.ts
@@ -0,0 +1,135 @@
+import {inject} from '@loopback/core';
+import {Count, CountSchema, repository, Where} from '@loopback/repository';
+import {post, param, get, getModelSchemaRef, requestBody} from '@loopback/rest';
+import {pick} from 'lodash';
+import {authorize} from '@loopback/authorization';
+import {authenticate} from '@loopback/authentication';
+
+import {Collectivity} from '../models';
+import {CollectivityRepository} from '../repositories';
+import {KeycloakService} from '../services';
+import {
+ GROUPS,
+ Roles,
+ StatusCode,
+ SECURITY_SPEC_KC_PASSWORD,
+ AUTH_STRATEGY,
+} from '../utils';
+
+@authenticate(AUTH_STRATEGY.KEYCLOAK)
+@authorize({allowedRoles: [Roles.CONTENT_EDITOR]})
+export class CollectivityController {
+ constructor(
+ @repository(CollectivityRepository)
+ public collectivityRepository: CollectivityRepository,
+ @inject('services.KeycloakService')
+ public kcService: KeycloakService,
+ ) {}
+
+ /**
+ * Create one collectivity
+ * @param collectivity schema
+ */
+ @post('/v1/collectivities', {
+ 'x-controller-name': 'Collectivities',
+ summary: 'Crée une collectivité',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Nouvelle collectivité',
+ content: {'application/json': {schema: getModelSchemaRef(Collectivity)}},
+ },
+ },
+ })
+ async create(
+ @requestBody({
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Collectivity),
+ },
+ },
+ })
+ collectivity: Collectivity,
+ ): Promise {
+ let keycloakGroupCreationResult;
+
+ try {
+ const {name} = collectivity;
+ keycloakGroupCreationResult = await this.kcService.createGroupKc(
+ name,
+ GROUPS.collectivities,
+ );
+
+ if (keycloakGroupCreationResult && keycloakGroupCreationResult.id) {
+ const collectivityModel = pick(collectivity, [
+ 'name',
+ 'citizensCount',
+ 'mobilityBudget',
+ 'encryptionKey',
+ ]);
+
+ const RepositoryCollectivityCreationResult =
+ await this.collectivityRepository.create({
+ ...collectivityModel,
+ ...keycloakGroupCreationResult,
+ });
+
+ return RepositoryCollectivityCreationResult;
+ }
+ } catch (error) {
+ if (keycloakGroupCreationResult && keycloakGroupCreationResult.id)
+ await this.kcService.deleteGroupKc(keycloakGroupCreationResult.id);
+ throw error;
+ }
+ }
+
+ /**
+ * Count the collectivities
+ * @param where the collectivity where filter
+ * @returns the number the collectivities
+ */
+ @get('/v1/collectivities/count', {
+ 'x-controller-name': 'Collectivities',
+ summary: 'Retourne le nombre de collectivités',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Collectivity model count',
+ content: {
+ 'application/json': {
+ schema: {...CountSchema, ...{title: 'Count'}},
+ },
+ },
+ },
+ },
+ })
+ async count(@param.where(Collectivity) where?: Where): Promise {
+ return this.collectivityRepository.count(where);
+ }
+
+ /**
+ * Get all collectivities
+ * @returns all collectivities
+ */
+ @get('/v1/collectivities', {
+ 'x-controller-name': 'Collectivities',
+ summary: 'Retourne les collectivités',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Array of Collectivity model instances',
+ content: {
+ 'application/json': {
+ schema: {
+ type: 'array',
+ items: getModelSchemaRef(Collectivity),
+ },
+ },
+ },
+ },
+ },
+ })
+ async find(): Promise {
+ return this.collectivityRepository.find();
+ }
+}
diff --git a/api/src/controllers/contact.controller.ts b/api/src/controllers/contact.controller.ts
new file mode 100644
index 0000000..d7c50d6
--- /dev/null
+++ b/api/src/controllers/contact.controller.ts
@@ -0,0 +1,72 @@
+import {inject} from '@loopback/core';
+import {getModelSchemaRef, post, requestBody} from '@loopback/rest';
+import {authenticate} from '@loopback/authentication';
+import {authorize} from '@loopback/authorization';
+
+import {Contact} from '../models';
+import {ContactService, MailService} from '../services';
+import {formatDateInTimezone} from '../utils/date';
+import {
+ AUTH_STRATEGY,
+ ResourceName,
+ Roles,
+ SECURITY_SPEC_API_KEY,
+ StatusCode,
+} from '../utils';
+import {ValidationError} from '../validationError';
+
+export class ContactController {
+ constructor(
+ @inject('services.ContactService')
+ public contactService: ContactService,
+ @inject('services.MailService')
+ public mailService: MailService,
+ ) {}
+
+ /**
+ * Send contact form
+ * @param contact object from contact form
+ */
+ @authenticate(AUTH_STRATEGY.API_KEY)
+ @authorize({allowedRoles: [Roles.API_KEY]})
+ @post('v1/contact', {
+ 'x-controller-name': 'Contact',
+ summary: "Envoi d'un formulaire de contact",
+ security: SECURITY_SPEC_API_KEY,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Formulaire de contact',
+ content: {'application/json': {schema: getModelSchemaRef(Contact)}},
+ },
+ },
+ })
+ async create(
+ @requestBody({
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Contact),
+ },
+ },
+ })
+ contact: Contact,
+ ): Promise {
+ if (!contact.tos) {
+ throw new ValidationError(
+ `User must agree to terms of services`,
+ '/tos',
+ StatusCode.UnprocessableEntity,
+ ResourceName.Contact,
+ );
+ }
+ try {
+ const contactDate = formatDateInTimezone(new Date(), 'dd/MM/yyyy');
+ return await this.contactService.sendMailClient(
+ this.mailService,
+ contact,
+ contactDate,
+ );
+ } catch (error) {
+ return error;
+ }
+ }
+}
diff --git a/api/src/controllers/dashboard.controller.ts b/api/src/controllers/dashboard.controller.ts
new file mode 100644
index 0000000..0c53763
--- /dev/null
+++ b/api/src/controllers/dashboard.controller.ts
@@ -0,0 +1,438 @@
+import {AnyObject, repository} from '@loopback/repository';
+import {param, get} from '@loopback/rest';
+import {authenticate} from '@loopback/authentication';
+import {authorize} from '@loopback/authorization';
+import {SecurityBindings} from '@loopback/security';
+import {inject} from '@loopback/core';
+
+import {SubscriptionRepository, UserRepository} from '../repositories';
+import {calculatePercentage, setValidDate, isFirstElementGreater} from './utils/helpers';
+import {
+ SECURITY_SPEC_KC_PASSWORD,
+ Roles,
+ SUBSCRIPTION_STATUS,
+ IDashboardCitizen,
+ IDashboardCitizenIncentiveList,
+ IDashboardSubscription,
+ IDashboardSubscriptionResult,
+ StatusCode,
+ AUTH_STRATEGY,
+ IUser,
+} from '../utils';
+import {Subscription, SubscriptionRelations} from '../models';
+
+/**
+ * CONTROLLERS
+ *
+ *
+ * dashboard controller function and api endpoints
+ */
+@authenticate(AUTH_STRATEGY.KEYCLOAK)
+@authorize({allowedRoles: [Roles.FUNDERS]})
+export class DashboardController {
+ constructor(
+ @repository(SubscriptionRepository)
+ public subscriptionRepository: SubscriptionRepository,
+ @repository(UserRepository)
+ public userRepository: UserRepository,
+ @inject(SecurityBindings.USER)
+ private currentUser: IUser,
+ ) {}
+
+ /**
+ * get the citizens for dashboard
+ * @param year the filter year value
+ * @param semester the filter semester value
+ * @returns an object with the incentive list + citizens statistics
+ */
+ @get('/v1/dashboards/citizens', {
+ 'x-controller-name': 'Dashboards',
+ summary:
+ 'Retourne le nombre de citoyens ayant une souscription' +
+ ' validée concernant le financeur connecté',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Count of citizen with at least one validated subscription',
+ content: {
+ 'application/json': {
+ schema: {
+ type: 'object',
+ properties: {
+ incentiveList: {
+ type: 'array',
+ items: {
+ type: 'object',
+ properties: {
+ incentiveId: {
+ description: `Identifiant de l'aide`,
+ type: 'string',
+ example: '',
+ },
+ incentiveTitle: {
+ description: `Titre de l'aide`,
+ type: 'string',
+ example: 'Le vélo électrique arrive à Mulhouse !',
+ },
+ totalSubscriptionsCount: {
+ description: `Nombre de souscriptions validées selon l'aide`,
+ type: 'number',
+ example: 1,
+ },
+ validatedSubscriptionPercentage: {
+ description: `Pourcentage de souscriptions validées par citoyen`,
+ type: 'number',
+ example: 25,
+ },
+ },
+ },
+ },
+ totalCitizensCount: {
+ description: `Nombre de citoyens ayant réalisé au moins une demande`,
+ type: 'number',
+ example: 4,
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async findCitizen(
+ @param.query.string('year', {
+ description: `Filtre sur l'année de validation des demandes d'aide`,
+ })
+ year: string,
+ @param.query.string('semester', {
+ description: `Filtre sur le semestre de validation des demandes d'aide`,
+ })
+ semester: string,
+ ): Promise {
+ /**
+ * get he user community ids list
+ */
+ const {id, roles, funderName, incentiveType} = this.currentUser;
+ const user = await this.userRepository.findOne({where: {id}});
+ const communityIds = user?.communityIds;
+
+ /**
+ * set the search query start and end dates value
+ */
+ const searchQueryDate = setValidDate(year, semester);
+ const {startDate, endDate} = searchQueryDate;
+
+ /**
+ * define the user role persona
+ */
+ const isSupervisor = roles?.includes(Roles.SUPERVISORS);
+ const isManager = roles?.includes(Roles.MANAGERS);
+
+ /**
+ * init a basic query search params
+ */
+ let withParams: object = {
+ incentiveType: incentiveType,
+ funderName: funderName,
+ status: SUBSCRIPTION_STATUS.VALIDATED,
+ updatedAt: {between: [startDate, endDate]},
+ };
+
+ /**
+ * inject the communityId param when checking if the user is belonging
+ * to any funder communities, for now only the user with Gestionnaire role
+ * can belong to a funder community.
+ * for this condition communityId with values means it's a Gestionnaire Role
+ * or if communityId returns undefined that means it's a Supervisor
+ */
+ if (communityIds && communityIds.length > 0 && !isSupervisor && isManager) {
+ withParams = {
+ ...withParams,
+ communityId: {inq: communityIds},
+ };
+ }
+
+ /**
+ * query the subscription repository
+ */
+ const querySubscription = await this.subscriptionRepository.find({
+ where: withParams,
+ fields: {
+ id: true,
+ incentiveId: true,
+ incentiveTitle: true,
+ citizenId: true,
+ },
+ });
+
+ /**
+ * group the subscription list by incentive id
+ */
+ const groupSubscriptionsByIncentive = querySubscription.reduce(
+ (groups: AnyObject, item: Subscription & SubscriptionRelations) => {
+ const group = groups[item.incentiveId] || [];
+
+ const found = group.some(
+ (el: {citizenId: string}) => el.citizenId === item.citizenId,
+ );
+
+ if (!found) group.push(item);
+ groups[item.incentiveId] = group;
+
+ return groups;
+ },
+ {},
+ );
+
+ /**
+ * merge all the subscriptions grouped by incentive result in one list
+ */
+ const newQuerySubscription: AnyObject = Object.values(
+ groupSubscriptionsByIncentive,
+ ).flat();
+
+ /**
+ * init new subscriptions list
+ */
+ const uniqueCitizensList: string[] = [];
+ let incentiveList: IDashboardCitizenIncentiveList[] = [];
+
+ /**
+ * crete the subscriptions list and count unique subscriptions by citizen id
+ */
+ newQuerySubscription.forEach(
+ (
+ item: {citizenId: string; incentiveId: string; incentiveTitle: string},
+ index: number,
+ ) => {
+ /**
+ * set the new unique citizen list
+ */
+ const citizenIdFound = uniqueCitizensList.some(
+ el => el === newQuerySubscription[index].citizenId,
+ );
+
+ if (!citizenIdFound) uniqueCitizensList.push(item.citizenId);
+
+ /**
+ * create a new demand element
+ */
+ const elementIndex = incentiveList.findIndex(
+ (element: {incentiveId: string}) =>
+ element.incentiveId.toString() === item.incentiveId.toString(),
+ );
+
+ if (elementIndex >= 0) {
+ incentiveList[elementIndex].totalSubscriptionsCount =
+ incentiveList[elementIndex].totalSubscriptionsCount + 1;
+ } else {
+ incentiveList.push({
+ incentiveId: item.incentiveId,
+ incentiveTitle: item.incentiveTitle,
+ totalSubscriptionsCount: 1,
+ } as IDashboardCitizenIncentiveList);
+ }
+ },
+ );
+
+ /**
+ * sort the subscription list by total subscription count
+ */
+ incentiveList.sort(isFirstElementGreater);
+
+ /**
+ * set the percentage of validated subscription by group
+ */
+ incentiveList = calculatePercentage(incentiveList, uniqueCitizensList.length);
+
+ /**
+ * return subscription statistic by incentive group
+ */
+ return {
+ incentiveList: incentiveList,
+ totalCitizensCount: uniqueCitizensList.length,
+ } as IDashboardCitizen;
+ }
+
+ /**
+ * get the subscriptions for the dashboard
+ * @param year the selected year value
+ * @param semester the selected semester value
+ * @returns an object with the query result + subscriptions statistics
+ */
+ @get('/v1/dashboards/subscriptions', {
+ 'x-controller-name': 'Dashboards',
+ summary:
+ 'Retourne le nombre de souscriptions par statut concernant le financeur connecté',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Count of subscription per status',
+ content: {
+ 'application/json': {
+ schema: {
+ type: 'object',
+ properties: {
+ result: {
+ type: 'array',
+ items: {
+ type: 'object',
+ properties: {
+ status: {
+ description: `Statut de la souscription`,
+ type: 'string',
+ example: SUBSCRIPTION_STATUS.TO_PROCESS,
+ },
+ count: {
+ description: `Nombre de souscriptions pour le statut`,
+ type: 'number',
+ example: 5,
+ },
+ },
+ },
+ },
+ totalCount: {
+ description: `Nombre de total de souscriptions tous status confondus`,
+ type: 'number',
+ example: 25,
+ },
+ totalPending: {
+ type: 'object',
+ properties: {
+ count: {
+ description: `Nombre de demande sur le périmètre de l'utilisateur connecté`,
+ type: 'number',
+ example: 3,
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async find(
+ @param.query.string('year') year: string,
+ @param.query.string('semester') semester: string,
+ ): Promise {
+ /**
+ * get he user community ids list
+ */
+ const {id, roles, funderName, incentiveType} = this.currentUser;
+ const user = await this.userRepository.findOne({where: {id}});
+ const communityIds = user?.communityIds;
+
+ /**
+ * set the search query start and end dates value
+ */
+ const searchQueryDate = setValidDate(year, semester);
+ const {startDate, endDate} = searchQueryDate;
+
+ /**
+ * define the user role persona
+ */
+ const isSupervisor = roles?.includes(Roles.SUPERVISORS);
+ const isManager = roles?.includes(Roles.MANAGERS);
+
+ /**
+ * init a basic query search params
+ */
+ let queryParams: object = {
+ incentiveType: incentiveType,
+ funderName: funderName,
+ status: {neq: SUBSCRIPTION_STATUS.DRAFT},
+ updatedAt: {between: [startDate, endDate]},
+ };
+
+ /**
+ * inject the communityId param when checking if the user is belonging
+ * to any funder communities, for now only the user with Gestionnaire role
+ * can belong to a funder community.
+ * for this condition communityId with values means it's a Gestionnaire Role
+ * or if communityId returns undefined that means it's a Supervisor
+ */
+ if (communityIds && communityIds.length > 0 && !isSupervisor && isManager) {
+ queryParams = {
+ ...queryParams,
+ communityId: {inq: communityIds},
+ };
+ }
+
+ /**
+ * query the subscription repository
+ */
+ const querySubscription = await this.subscriptionRepository.find({
+ where: queryParams,
+ fields: {
+ status: true,
+ },
+ });
+
+ if (communityIds && communityIds.length > 0 && isManager) {
+ queryParams = {
+ ...queryParams,
+ status: SUBSCRIPTION_STATUS.TO_PROCESS,
+ communityId: {inq: communityIds},
+ };
+ }
+
+ /**
+ * If user has no communities, inject the status param so that the returned "totalPending" handles only the total of pending subscriptions
+ */
+ if (!communityIds) {
+ queryParams = {
+ ...queryParams,
+ status: SUBSCRIPTION_STATUS.TO_PROCESS,
+ };
+ }
+
+ /**
+ * set the pending subscriptions count to be managed by the manager depending on his community
+ */
+ let totalPending = {count: 0};
+ if (isManager) {
+ totalPending = await this.subscriptionRepository.count(queryParams);
+ }
+
+ /**
+ * group the demands query result by status and set the count of it
+ */
+ const newDemandsGroupList: IDashboardSubscriptionResult[] = [];
+ querySubscription.map((groupEl: {status: SUBSCRIPTION_STATUS}) => {
+ const elementIndex = newDemandsGroupList.findIndex(
+ (element: IDashboardSubscriptionResult) => element.status === groupEl.status,
+ );
+
+ if (elementIndex >= 0) {
+ newDemandsGroupList[elementIndex].count =
+ newDemandsGroupList[elementIndex].count + 1;
+ } else {
+ newDemandsGroupList.push({
+ status: groupEl.status,
+ count: 1,
+ });
+ }
+ });
+
+ /**
+ * set the global count by auditioning all the demands status count
+ */
+ const totalCount: number = newDemandsGroupList.reduce(
+ (sum: number, currentValue: {count: number}) => {
+ return sum + currentValue.count;
+ },
+ 0,
+ );
+
+ /**
+ * final result return
+ */
+ return {
+ result: newDemandsGroupList,
+ totalPending,
+ totalCount,
+ };
+ }
+}
diff --git a/api/src/controllers/enterprise.controller.ts b/api/src/controllers/enterprise.controller.ts
new file mode 100644
index 0000000..f8ab48c
--- /dev/null
+++ b/api/src/controllers/enterprise.controller.ts
@@ -0,0 +1,262 @@
+import {inject, intercept} from '@loopback/core';
+import {Count, CountSchema, repository, Where} from '@loopback/repository';
+import {post, param, get, getModelSchemaRef, requestBody} from '@loopback/rest';
+import {pick} from 'lodash';
+import {authenticate} from '@loopback/authentication';
+import {authorize} from '@loopback/authorization';
+
+import {KeycloakService} from '../services';
+import {
+ SECURITY_SPEC_KC_PASSWORD,
+ GROUPS,
+ Roles,
+ StatusCode,
+ SECURITY_SPEC_API_KEY,
+ AUTH_STRATEGY,
+ ResourceName,
+} from '../utils';
+import {ValidationError} from '../validationError';
+import {Enterprise} from '../models/enterprise';
+import {EnterpriseRepository} from '../repositories/enterprise.repository';
+import {EnterpriseInterceptor} from '../interceptors';
+import {UserEntityRepository} from '../repositories';
+
+export class EnterpriseController {
+ constructor(
+ @repository(EnterpriseRepository)
+ public enterpriseRepository: EnterpriseRepository,
+ @repository(UserEntityRepository)
+ public userEntityRepository: UserEntityRepository,
+ @inject('services.KeycloakService')
+ public kcService: KeycloakService,
+ ) {}
+
+ /**
+ * Create one enterprise
+ * @param enterprise the object to create
+ */
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({allowedRoles: [Roles.CONTENT_EDITOR]})
+ @intercept(EnterpriseInterceptor.BINDING_KEY)
+ @post('/v1/enterprises', {
+ 'x-controller-name': 'Enterprises',
+ summary: 'Crée une entreprise',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Nouveau compte entreprise',
+ content: {'application/json': {schema: getModelSchemaRef(Enterprise)}},
+ },
+ [StatusCode.UnprocessableEntity]: {
+ description:
+ "Les formats des adresses email de l'entreprise ne sont pas valides.",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 422,
+ name: 'Error',
+ message: 'Enterprise email formats are not valid',
+ path: '/enterpriseEmailBadFormat',
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.PreconditionFailed]: {
+ description:
+ 'Vous nous pouvez pas activez les 2 options SI RH et Affiliation Manuelle',
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 412,
+ name: 'Error',
+ message: 'enterprise.options.invalid',
+ path: '/enterpriseInvalidOptions',
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async create(
+ @requestBody({
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Enterprise),
+ },
+ },
+ })
+ enterprise: Enterprise,
+ ): Promise {
+ let keycloakGroupCreationResult: {id: string} | undefined;
+
+ /**
+ * Throw an error if the two options are true
+ */
+ if (enterprise.hasManualAffiliation && enterprise.isHris) {
+ throw new ValidationError(
+ `enterprise.options.invalid`,
+ `/enterpriseInvalidOptions`,
+ StatusCode.PreconditionFailed,
+ ResourceName.Enterprise,
+ );
+ }
+
+ try {
+ const {name} = enterprise;
+ keycloakGroupCreationResult = await this.kcService.createGroupKc(
+ name,
+ GROUPS.enterprises,
+ );
+
+ if (keycloakGroupCreationResult && keycloakGroupCreationResult.id) {
+ const enterpriseModel = pick(enterprise, [
+ 'name',
+ 'siretNumber',
+ 'emailFormat',
+ 'employeesCount',
+ 'budgetAmount',
+ 'isHris',
+ 'hasManualAffiliation',
+ 'encryptionKey',
+ 'clientId',
+ ]);
+ if (enterprise.clientId) {
+ const serviceUser = await this.userEntityRepository.getServiceUser(
+ enterprise.clientId,
+ );
+ await this.kcService.addUserGroupMembership(
+ serviceUser!.id,
+ keycloakGroupCreationResult.id,
+ );
+ }
+ const RepositoryEnterpriseCreationResult = await this.enterpriseRepository.create(
+ {
+ ...enterpriseModel,
+ ...keycloakGroupCreationResult,
+ },
+ );
+ return RepositoryEnterpriseCreationResult;
+ }
+ } catch (error) {
+ if (keycloakGroupCreationResult && keycloakGroupCreationResult.id)
+ await this.kcService.deleteGroupKc(keycloakGroupCreationResult.id);
+ throw error;
+ }
+ }
+
+ /**
+ * Count the enterprises
+ * @param where the enterprise where filter
+ * @returns the number of enterprises
+ */
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({allowedRoles: [Roles.CONTENT_EDITOR]})
+ @get('/v1/enterprises/count', {
+ 'x-controller-name': 'Enterprises',
+ summary: "Retourne le nombre d'entreprises",
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Enterprise model count',
+ content: {
+ 'application/json': {
+ schema: {...CountSchema, ...{title: 'Count'}},
+ },
+ },
+ },
+ },
+ })
+ async count(@param.where(Enterprise) where?: Where): Promise {
+ return this.enterpriseRepository.count(where);
+ }
+
+ /**
+ * Get all enterprises
+ * @returns All enterprises
+ */
+ @authenticate(AUTH_STRATEGY.KEYCLOAK, AUTH_STRATEGY.API_KEY)
+ @authorize({
+ allowedRoles: [Roles.SUPERVISORS, Roles.MANAGERS, Roles.CONTENT_EDITOR],
+ })
+ @get('/v1/enterprises', {
+ 'x-controller-name': 'Enterprises',
+ summary: 'Retourne les entreprises',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Array of entreprises model instances',
+ content: {
+ 'application/json': {
+ schema: {
+ type: 'array',
+ items: getModelSchemaRef(Enterprise),
+ },
+ },
+ },
+ },
+ },
+ })
+ async find(): Promise {
+ return this.enterpriseRepository.find();
+ }
+
+ /**
+ * Check the email format
+ * @returns if the email format is ok
+ */
+ @authenticate(AUTH_STRATEGY.API_KEY)
+ @authorize({allowedRoles: [Roles.API_KEY]})
+ @get('/v1/enterprises/email_format_list', {
+ 'x-controller-name': 'Enterprises',
+ summary: 'Retourne les informations détaillées des entreprises',
+ security: SECURITY_SPEC_API_KEY,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Array of entreprises model instances',
+ content: {
+ 'application/json': {
+ schema: {
+ type: 'array',
+ items: {
+ type: 'object',
+ properties: {
+ name: {
+ description: `Nom de l'entreprise`,
+ type: 'string',
+ example: 'Capgemini',
+ },
+ id: {
+ description: `Identifiant du l'entreprise`,
+ type: 'string',
+ example: '',
+ },
+ emailFormat: {
+ description: `Modèles d'email de l'entreprise`,
+ type: 'array',
+ items: {
+ type: 'string',
+ example: '@professional.com',
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async findEmailFormat(): Promise[]> {
+ const result: Pick[] =
+ await this.enterpriseRepository.find({
+ fields: {name: true, id: true, emailFormat: true},
+ });
+ return result;
+ }
+}
diff --git a/api/src/controllers/external/funderV1.controller.ts b/api/src/controllers/external/funderV1.controller.ts
new file mode 100644
index 0000000..8ec587a
--- /dev/null
+++ b/api/src/controllers/external/funderV1.controller.ts
@@ -0,0 +1,62 @@
+import {authenticate} from '@loopback/authentication';
+import {authorize} from '@loopback/authorization';
+import {repository} from '@loopback/repository';
+import {param, get} from '@loopback/rest';
+import {intercept} from '@loopback/core';
+
+import {Community} from '../../models';
+import {CommunityRepository} from '../../repositories';
+import {checkMaas} from '../../services';
+import {AffiliationInterceptor} from '../../interceptors';
+import {StatusCode, SECURITY_SPEC_JWT, AUTH_STRATEGY} from '../../utils';
+
+export class FunderV1Controller {
+ constructor(
+ @repository(CommunityRepository)
+ public communityRepository: CommunityRepository,
+ ) {}
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({allowedRoles: ['maas'], voters: [checkMaas]})
+ @intercept(AffiliationInterceptor.BINDING_KEY)
+ @get('v1/maas/funders/{funderId}/communities', {
+ 'x-controller-name': 'Funders',
+ summary: "Retourne les communautés d'un financeur",
+ security: SECURITY_SPEC_JWT,
+ responses: {
+ [StatusCode.Success]: {
+ description: "La liste des communautés d'un financeur.",
+ content: {
+ 'application/json': {
+ schema: {
+ type: 'array',
+ items: {
+ type: 'object',
+ properties: {
+ id: {
+ type: 'string',
+ description: 'Identifiant de la communauté',
+ },
+ name: {
+ type: 'string',
+ description: 'Nom de la communauté',
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async findCommunitiesByFunderId(
+ @param.path.string('funderId', {
+ description: `L'identifiant du financeur`,
+ })
+ funderId: string,
+ ): Promise<{id: string | undefined; name: string}[]> {
+ const communities: Community[] = await this.communityRepository.findByFunderId(
+ funderId,
+ );
+ return communities.map(({id, name}) => ({id, name}));
+ }
+}
diff --git a/api/src/controllers/external/index.ts b/api/src/controllers/external/index.ts
new file mode 100644
index 0000000..6f7d8ec
--- /dev/null
+++ b/api/src/controllers/external/index.ts
@@ -0,0 +1,2 @@
+export * from './subscriptionV1.controller';
+export * from './funderV1.controller';
diff --git a/api/src/controllers/external/subscriptionV1.controller.ts b/api/src/controllers/external/subscriptionV1.controller.ts
new file mode 100644
index 0000000..ba96f7e
--- /dev/null
+++ b/api/src/controllers/external/subscriptionV1.controller.ts
@@ -0,0 +1,592 @@
+import {HttpErrors, param, toInterceptor} from '@loopback/rest';
+import {inject, intercept, service} from '@loopback/core';
+import {repository} from '@loopback/repository';
+import {get, post, getModelSchemaRef, requestBody} from '@loopback/rest';
+import {authorize} from '@loopback/authorization';
+import {authenticate} from '@loopback/authentication';
+import {SecurityBindings} from '@loopback/security';
+import multer from 'multer';
+import {Express} from 'express';
+import {capitalize} from 'lodash';
+import {WEBSITE_FQDN} from '../../constants';
+
+import {
+ AffiliationInterceptor,
+ SubscriptionV1Interceptor,
+ SubscriptionV1AttachmentsInterceptor,
+ SubscriptionV1FinalizeInterceptor,
+} from '../../interceptors';
+import {
+ Subscription,
+ AttachmentType,
+ Incentive,
+ CreateSubscription,
+ ValidationMultiplePayment,
+ ValidationSinglePayment,
+ ValidationNoPayment,
+ NoReason,
+ OtherReason,
+ Metadata,
+ Citizen,
+ EncryptionKey,
+ Collectivity,
+ Enterprise,
+} from '../../models';
+import {
+ IncentiveRepository,
+ CitizenRepository,
+ SubscriptionRepository,
+ CommunityRepository,
+ EnterpriseRepository,
+ MetadataRepository,
+ CollectivityRepository,
+} from '../../repositories';
+import {
+ checkMaas,
+ MailService,
+ S3Service,
+ RabbitmqService,
+ SubscriptionService,
+} from '../../services';
+import {validationErrorExternalHandler} from '../../validationErrorExternal';
+import {
+ StatusCode,
+ SECURITY_SPEC_JWT,
+ SECURITY_SPEC_JWT_KC_PASSWORD,
+ SUBSCRIPTION_STATUS,
+ Roles,
+ AUTH_STRATEGY,
+ MaasSubscriptionList,
+ IUser,
+} from '../../utils';
+import {generatePdfInvoices} from '../../utils/invoice';
+import {INCENTIVE_TYPE} from '../../utils/enum';
+import {encryptFileHybrid, generateAESKey, encryptAESKey} from '../../utils/encryption';
+
+const multerInterceptor = toInterceptor(multer({storage: multer.memoryStorage()}).any());
+@authenticate(AUTH_STRATEGY.KEYCLOAK)
+export class SubscriptionV1Controller {
+ constructor(
+ @repository(SubscriptionRepository)
+ public subscriptionRepository: SubscriptionRepository,
+ @repository(IncentiveRepository)
+ public incentiveRepository: IncentiveRepository,
+ @repository(CitizenRepository)
+ public citizenRepository: CitizenRepository,
+ @repository(MetadataRepository)
+ public metadataRepository: MetadataRepository,
+ @repository(EnterpriseRepository)
+ public enterpriseRepository: EnterpriseRepository,
+ @repository(CommunityRepository)
+ public communityRepository: CommunityRepository,
+ @service(RabbitmqService)
+ public rabbitmqService: RabbitmqService,
+ @service(S3Service)
+ private s3Service: S3Service,
+ @service(MailService)
+ public mailService: MailService,
+ @inject(SecurityBindings.USER)
+ private currentUser: IUser,
+ @service(SubscriptionService)
+ public subscriptionService: SubscriptionService,
+ @repository(CollectivityRepository)
+ public collectivityRepository: CollectivityRepository,
+ ) {}
+
+ @authorize({allowedRoles: [Roles.MAAS, Roles.PLATFORM], voters: [checkMaas]})
+ @intercept(AffiliationInterceptor.BINDING_KEY)
+ @intercept(SubscriptionV1Interceptor.BINDING_KEY)
+ @post('v1/maas/subscriptions', {
+ 'x-controller-name': 'Subscriptions',
+ summary: 'Crée une souscription',
+ security: SECURITY_SPEC_JWT_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description:
+ "Création initiale d'une demande d'aide où additionalProp correspond aux champs spécifiques",
+ content: {
+ 'application/json': {
+ schema: {
+ type: 'object',
+ properties: {
+ id: {
+ type: 'string',
+ example: '',
+ },
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.Unauthorized]: {
+ description: "L'utilisateur est non connecté",
+ },
+ [StatusCode.Forbidden]: {
+ description: "L'utilisateur n'a pas les droits pour souscrire à cette aide",
+ },
+ [StatusCode.UnprocessableEntity]: {
+ description: 'La demande ne peut pas être traitée',
+ },
+ },
+ })
+ async createSubscription(
+ @requestBody({
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(CreateSubscription),
+ },
+ },
+ })
+ subscription: CreateSubscription,
+ ): Promise<{id: string} | HttpErrors.HttpError> {
+ try {
+ const incentive = await this.incentiveRepository.findById(subscription.incentiveId);
+ const citizen = await this.citizenRepository.findById(this.currentUser.id);
+ const newSubscription = new Subscription({
+ ...subscription,
+ incentiveTitle: incentive.title,
+ incentiveTransportList: incentive.transportList,
+ citizenId: citizen.id,
+ lastName: citizen.identity.lastName.value,
+ firstName: citizen.identity.firstName.value,
+ email: citizen.email,
+ city: citizen.city,
+ postcode: citizen.postcode,
+ birthdate: citizen.identity.birthDate.value,
+ status: SUBSCRIPTION_STATUS.DRAFT,
+ funderName: incentive.funderName,
+ incentiveType: incentive.incentiveType,
+ funderId: incentive.funderId,
+ isCitizenDeleted: false,
+ });
+
+ // Add company email to subscription object if exists
+ if (citizen.affiliation?.enterpriseEmail) {
+ newSubscription.enterpriseEmail = citizen.affiliation.enterpriseEmail;
+ }
+
+ const result = await this.subscriptionRepository.create(newSubscription);
+ return {id: result.id};
+ } catch (error) {
+ return validationErrorExternalHandler(error);
+ }
+ }
+
+ @authorize({allowedRoles: [Roles.MAAS, Roles.PLATFORM], voters: [checkMaas]})
+ @intercept(multerInterceptor)
+ @intercept(AffiliationInterceptor.BINDING_KEY)
+ @intercept(SubscriptionV1AttachmentsInterceptor.BINDING_KEY)
+ @post('v1/maas/subscriptions/{subscriptionId}/attachments', {
+ 'x-controller-name': 'Subscriptions',
+ summary: 'Ajoute des justificatifs à une souscription',
+ security: SECURITY_SPEC_JWT_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description:
+ "Ajouter les justificatifs pour une demande d'aide avec un status brouillon",
+ content: {
+ 'application/json': {
+ schema: {
+ type: 'object',
+ properties: {
+ id: {
+ type: 'string',
+ example: '',
+ },
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.Unauthorized]: {
+ description: "L'utilisateur est non connecté",
+ },
+ [StatusCode.Forbidden]: {
+ description:
+ "L'utilisateur n'a pas les droits pour ajouter des justificatifs à la demande",
+ },
+ [StatusCode.NotFound]: {
+ description: "Cette demande n'existe pas",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 404,
+ name: 'Error',
+ message: 'Subscription not found',
+ path: '/subscriptionNotFound',
+ resourceName: 'Subscription',
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.PreconditionFailed]: {
+ description:
+ 'La demande ou les justificatifs ne rencontrent pas les bonnes conditions',
+ },
+ [StatusCode.UnprocessableEntity]: {
+ description: 'Les justificatifs ne peuvent pas être traités',
+ },
+ },
+ })
+ async addAttachments(
+ @param.path.string('subscriptionId', {description: `L'identifiant de la demande`})
+ subscriptionId: string,
+ @requestBody({
+ description: `Multipart/form-data pour la creation d'une demande`,
+ content: {
+ 'multipart/form-data': {
+ // Skip body parsing
+ 'x-parser': 'stream',
+ schema: {
+ type: 'object',
+ properties: {
+ attachmentExample: {
+ description: `Exemple d'ajout d'un document justificatif`,
+ type: 'array',
+ items: {
+ format: 'binary',
+ type: 'string',
+ },
+ },
+ data: {
+ type: 'object',
+ description: `Ajout des metadataId`,
+ properties: {
+ metadataId: {
+ type: 'string',
+ },
+ },
+ example: {
+ metadataId: '',
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ attachmentData?: any,
+ ): Promise<{id: string} | HttpErrors.HttpError> {
+ try {
+ const subscription: Subscription = await this.subscriptionRepository.findById(
+ subscriptionId,
+ );
+ let encryptionKey: EncryptionKey | undefined = undefined;
+ const collectivity: Collectivity | null = await this.collectivityRepository.findOne(
+ {
+ where: {id: subscription.funderId},
+ },
+ );
+ const enterprise: Enterprise | null = await this.enterpriseRepository.findOne({
+ where: {id: subscription.funderId},
+ });
+
+ encryptionKey = collectivity
+ ? collectivity.encryptionKey
+ : enterprise
+ ? enterprise.encryptionKey
+ : undefined;
+
+ const metadataId: string | undefined = attachmentData.body.data
+ ? JSON.parse(attachmentData.body.data)?.metadataId
+ : undefined;
+ const citizen: Citizen = await this.citizenRepository.findById(this.currentUser.id);
+ let formattedSubscriptionAttachments: AttachmentType[] = [];
+ let invoicesPdf: Express.Multer.File[] = [];
+ let createSubscriptionAttachments: Express.Multer.File[] = [];
+ let attachments: Express.Multer.File[] = [];
+
+ const {key, iv}: {key: Buffer; iv: Buffer} = generateAESKey();
+ const {encryptKey, encryptIV}: {encryptKey: Buffer; encryptIV: Buffer} =
+ encryptAESKey(encryptionKey!.publicKey, key, iv);
+
+ if (attachmentData) {
+ createSubscriptionAttachments = attachmentData.files as Express.Multer.File[];
+ createSubscriptionAttachments.forEach((attachment: Express.Multer.File) => {
+ attachment.buffer = encryptFileHybrid(attachment.buffer, key, iv);
+ });
+ }
+
+ if (metadataId) {
+ const metadata: Metadata = await this.metadataRepository.findById(metadataId);
+ invoicesPdf = await generatePdfInvoices(metadata.attachmentMetadata.invoices);
+ invoicesPdf.forEach((invoicePdf: Express.Multer.File) => {
+ invoicePdf.buffer = encryptFileHybrid(invoicePdf.buffer, key, iv);
+ });
+ }
+
+ attachments = [...createSubscriptionAttachments, ...invoicesPdf];
+ const formattedAttachments: Express.Multer.File[] =
+ this.subscriptionService.formatAttachments(attachments);
+ formattedSubscriptionAttachments = formattedAttachments?.map(
+ (file: Express.Multer.File) => {
+ return {
+ originalName: file.originalname,
+ uploadDate: new Date(),
+ proofType: file.fieldname,
+ mimeType: file.mimetype,
+ };
+ },
+ );
+
+ if (attachments.length > 0) {
+ await this.s3Service.uploadFileListIntoBucket(
+ citizen.id,
+ subscriptionId,
+ formattedAttachments,
+ );
+ await this.subscriptionRepository.updateById(subscriptionId, {
+ attachments: formattedSubscriptionAttachments,
+ encryptedAESKey: encryptKey.toString('base64'),
+ encryptedIV: encryptIV.toString('base64'),
+ encryptionKeyId: encryptionKey!.id,
+ encryptionKeyVersion: encryptionKey!.version,
+ privateKeyAccess: encryptionKey!.privateKeyAccess
+ ? encryptionKey!.privateKeyAccess
+ : undefined,
+ });
+ }
+
+ // Delete metadata once subscription is updated with files
+ if (metadataId) {
+ await this.metadataRepository.deleteById(metadataId);
+ }
+ return {id: subscriptionId};
+ } catch (error) {
+ return validationErrorExternalHandler(error);
+ }
+ }
+
+ @authorize({allowedRoles: [Roles.MAAS, Roles.PLATFORM], voters: [checkMaas]})
+ @intercept(AffiliationInterceptor.BINDING_KEY)
+ @intercept(SubscriptionV1FinalizeInterceptor.BINDING_KEY)
+ @post('v1/maas/subscriptions/{subscriptionId}/verify', {
+ 'x-controller-name': 'Subscriptions',
+ summary: 'Finalise une souscription',
+ security: SECURITY_SPEC_JWT_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Finalisation de la demande',
+ content: {
+ 'application/json': {
+ schema: {
+ type: 'object',
+ properties: {
+ id: {
+ type: 'string',
+ example: '',
+ },
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.Unauthorized]: {
+ description: "L'utilisateur est non connecté",
+ },
+ [StatusCode.Forbidden]: {
+ description: "L'utilisateur n'a pas les droits pour finaliser la demande",
+ },
+ [StatusCode.NotFound]: {
+ description: "Cette demande n'existe pas",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 404,
+ name: 'Error',
+ message: 'Subscription not found',
+ path: '/subscriptionNotFound',
+ resourceName: 'Subscription',
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.PreconditionFailed]: {
+ description: "La demande n'est pas au bon statut",
+ },
+ },
+ })
+ async finalizeSubscription(
+ @param.path.string('subscriptionId', {description: `L'identifiant de la demande`})
+ subscriptionId: string,
+ ): Promise<{id: string} | HttpErrors.HttpError> {
+ try {
+ const subscription = await this.subscriptionRepository.findById(subscriptionId);
+ // Change subscription status
+ await this.subscriptionRepository.updateById(subscriptionId, {
+ status: SUBSCRIPTION_STATUS.TO_PROCESS,
+ });
+ // check if the funder is entreprise and if its HRIS to publish msg to rabbitmq
+ if (subscription?.incentiveType === INCENTIVE_TYPE.EMPLOYER_INCENTIVE) {
+ const enterprise = await this.enterpriseRepository.findById(
+ subscription?.funderId,
+ );
+ if (enterprise?.isHris) {
+ const payload = await this.subscriptionService.preparePayLoad(subscription);
+ // Publish to rabbitmq
+ await this.rabbitmqService.publishMessage(payload, enterprise?.name);
+ }
+ }
+ // Send a notification as an email
+ const dashboardLink = `${WEBSITE_FQDN}/mon-dashboard`;
+ await this.mailService.sendMailAsHtml(
+ subscription.email,
+ 'Confirmation d’envoi de la demande',
+ 'requests-to-process',
+ {
+ username: capitalize(subscription.firstName),
+ funderName: subscription.funderName,
+ dashboardLink: dashboardLink,
+ },
+ );
+ return {id: subscriptionId};
+ } catch (error) {
+ return validationErrorExternalHandler(error);
+ }
+ }
+
+ @authorize({allowedRoles: [Roles.MAAS], voters: [checkMaas]})
+ @get('v1/maas/subscriptions', {
+ 'x-controller-name': 'Subscriptions',
+ summary: 'Retourne les souscriptions',
+ security: SECURITY_SPEC_JWT,
+ responses: {
+ [StatusCode.Success]: {
+ description:
+ "Ce service permet au citoyen de consulter l'ensemble de ses demandes réalisées",
+ content: {
+ 'application/json': {
+ schema: {
+ title: 'MaasSubscriptionList',
+ type: 'array',
+ items: {
+ allOf: [
+ getModelSchemaRef(Subscription, {
+ title: 'MaasSubscriptionItem',
+ exclude: [
+ 'attachments',
+ 'incentiveType',
+ 'citizenId',
+ 'lastName',
+ 'firstName',
+ 'email',
+ 'communityId',
+ 'consent',
+ 'specificFields',
+ 'status',
+ 'subscriptionRejection',
+ 'subscriptionValidation',
+ ],
+ }),
+ {
+ anyOf: [
+ {
+ properties: {
+ status: {
+ type: 'string',
+ example: SUBSCRIPTION_STATUS.TO_PROCESS,
+ },
+ },
+ },
+ {
+ type: 'object',
+ properties: {
+ subscriptionValidation: {
+ oneOf: [
+ {'x-ts-type': ValidationMultiplePayment},
+ {'x-ts-type': ValidationSinglePayment},
+ {'x-ts-type': ValidationNoPayment},
+ ],
+ },
+ status: {
+ type: 'string',
+ example: SUBSCRIPTION_STATUS.VALIDATED,
+ },
+ },
+ },
+ {
+ type: 'object',
+ properties: {
+ subscriptionRejection: {
+ oneOf: [{'x-ts-type': NoReason}, {'x-ts-type': OtherReason}],
+ },
+ status: {
+ type: 'string',
+ example: SUBSCRIPTION_STATUS.REJECTED,
+ },
+ },
+ },
+ ],
+ },
+ {
+ type: 'object',
+ properties: {
+ contact: {
+ type: 'string',
+ example: 'contact@mcm.com',
+ },
+ },
+ },
+ ],
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async findMaasSubscription(): Promise {
+ // get current user id
+ const userId: string = this.currentUser.id;
+
+ // get incentives
+ const incentiveList: Incentive[] = await this.incentiveRepository.find({
+ fields: {id: true, contact: true},
+ });
+
+ // get current users subscriptions
+ const userSubcriptionList: Subscription[] = await this.subscriptionRepository.find({
+ where: {citizenId: userId, status: {neq: SUBSCRIPTION_STATUS.DRAFT}},
+ fields: {
+ id: true,
+ incentiveId: true,
+ incentiveTitle: true,
+ funderName: true,
+ status: true,
+ createdAt: true,
+ updatedAt: true,
+ subscriptionValidation: true,
+ subscriptionRejection: true,
+ },
+ });
+
+ // add help contact info to subscriptions
+ const response: MaasSubscriptionList[] =
+ userSubcriptionList &&
+ userSubcriptionList.map((subscription: Subscription) => {
+ const newSubscription: Subscription = subscription;
+ const incentive =
+ incentiveList &&
+ incentiveList.find(
+ (incentive: Incentive) =>
+ newSubscription.incentiveId.toString() === incentive.id,
+ );
+ newSubscription.status === SUBSCRIPTION_STATUS.VALIDATED &&
+ delete newSubscription.subscriptionRejection;
+ newSubscription.status === SUBSCRIPTION_STATUS.REJECTED &&
+ delete newSubscription.subscriptionValidation;
+ return {
+ ...newSubscription,
+ contact: incentive?.contact,
+ };
+ });
+
+ return response;
+ }
+}
diff --git a/api/src/controllers/funder.controller.ts b/api/src/controllers/funder.controller.ts
new file mode 100644
index 0000000..a603bf5
--- /dev/null
+++ b/api/src/controllers/funder.controller.ts
@@ -0,0 +1,480 @@
+import {post, param, get, getModelSchemaRef, requestBody, put} from '@loopback/rest';
+import {repository, Count, CountSchema, Where} from '@loopback/repository';
+import {inject, intercept, service} from '@loopback/core';
+import {authenticate} from '@loopback/authentication';
+import {authorize} from '@loopback/authorization';
+
+import {orderBy, capitalize} from 'lodash';
+
+import {
+ Collectivity,
+ Community,
+ Enterprise,
+ FunderCommunity,
+ EncryptionKey,
+ Error,
+ Client,
+} from '../models';
+import {
+ CommunityRepository,
+ EnterpriseRepository,
+ CollectivityRepository,
+ ClientScopeRepository,
+} from '../repositories';
+import {FunderService} from '../services';
+import {
+ ResourceName,
+ StatusCode,
+ SECURITY_SPEC_KC_PASSWORD,
+ Roles,
+ AUTH_STRATEGY,
+ IFunder,
+ IFindCommunities,
+ SECURITY_SPEC_KC_CREDENTIALS,
+ SECURITY_SPEC_KC_CREDENTIALS_KC_PASSWORD,
+} from '../utils';
+import {ValidationError} from '../validationError';
+import {FunderInterceptor} from '../interceptors';
+import {canAccessHisOwnData} from '../services';
+import _ from 'lodash';
+
+@authenticate(AUTH_STRATEGY.KEYCLOAK)
+export class FunderController {
+ constructor(
+ @repository(CommunityRepository)
+ public communityRepository: CommunityRepository,
+ @repository(EnterpriseRepository)
+ public enterpriseRepository: EnterpriseRepository,
+ @repository(CollectivityRepository)
+ public collectivityRepository: CollectivityRepository,
+ @inject('services.FunderService')
+ public funderService: FunderService,
+ @repository(ClientScopeRepository)
+ private clientScopeRepository: ClientScopeRepository,
+ ) {}
+
+ /**
+ * Get all funders
+ * @returns all funders
+ */
+ @authorize({allowedRoles: [Roles.CONTENT_EDITOR]})
+ @get('/v1/funders', {
+ 'x-controller-name': 'Funders',
+ summary: 'Retourne les financeurs',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Array of funders',
+ content: {
+ 'application/json': {
+ schema: {
+ title: 'Funders',
+ type: 'array',
+ items: {
+ allOf: [
+ {
+ anyOf: [{'x-ts-type': Enterprise}, {'x-ts-type': Collectivity}],
+ },
+ {
+ type: 'object',
+ properties: {
+ funderType: {
+ type: 'string',
+ },
+ },
+ required: ['funderType'],
+ },
+ ],
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ find(): Promise {
+ return this.funderService.getFunders();
+ }
+
+ /**
+ * Get the number of communities
+ */
+ @authorize({allowedRoles: [Roles.CONTENT_EDITOR]})
+ @get('/v1/funders/communities/count', {
+ 'x-controller-name': 'Funders',
+ summary: 'Retourne le nombre de communautés',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Community model count',
+ content: {
+ 'application/json': {
+ schema: {...CountSchema, ...{title: 'Count'}},
+ },
+ },
+ },
+ },
+ })
+ async count(@param.where(Community) where?: Where): Promise {
+ return this.communityRepository.count(where);
+ }
+
+ /**
+ * Get all communities with associated funders
+ * @returns all communities with associated funders
+ */
+ @authorize({allowedRoles: [Roles.CONTENT_EDITOR]})
+ @get('/v1/funders/communities', {
+ 'x-controller-name': 'Funders',
+ summary: 'Retourne les communautés et leurs financeurs associés',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Array of Community model instances',
+ content: {
+ 'application/json': {
+ schema: {
+ type: 'array',
+ items: getModelSchemaRef(FunderCommunity),
+ },
+ },
+ },
+ },
+ },
+ })
+ async findCommunities(): Promise {
+ const funders = await this.funderService.getFunders();
+
+ const community: Community[] = await this.communityRepository.find({
+ fields: {name: true, id: true, funderId: true},
+ });
+ const allCommunities =
+ community &&
+ community.map((elt: Community) => {
+ const funder =
+ funders && funders.find((elt1: IFunder) => elt.funderId === elt1.id);
+
+ return {
+ ...elt,
+ funderType: capitalize(funder?.funderType),
+ funderName: funder?.name,
+ };
+ });
+
+ return orderBy(allCommunities, ['funderName', 'funderType', 'name'], ['asc']);
+ }
+
+ /**
+ * Post funder's public encryption key
+ * @returns funder's public encryption key
+ */
+ @authorize({allowedRoles: [Roles.SIRH_BACKEND, Roles.VAULT_BACKEND]})
+ @intercept(FunderInterceptor.BINDING_KEY)
+ @put('/v1/funders/{funderId}/encryption_key', {
+ 'x-controller-name': 'Funders',
+ summary: 'Enregistre les paramètres de clé de chiffrement',
+ security: SECURITY_SPEC_KC_CREDENTIALS,
+ responses: {
+ [StatusCode.NoContent]: {
+ description: `Les paramètres de clé de chiffrement ont bien été enregistrés`,
+ },
+ [StatusCode.Unauthorized]: {
+ description: "L'utilisateur est non connecté",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 401,
+ name: 'Error',
+ message: 'Authorization header not found',
+ path: '/authorization',
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.Forbidden]: {
+ description:
+ "L'utilisateur n'a pas les droits pour enregistrer les paramètres de clé de chiffrement",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 403,
+ name: 'Error',
+ message: 'Access denied',
+ path: '/authorization',
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.NotFound]: {
+ description: "Ce financeur n'existe pas",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 404,
+ name: 'Error',
+ message: 'Funder not found',
+ path: '/Funder',
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.UnprocessableEntity]: {
+ description: 'Les informations sur la clé de chiffrement ne sont pas valides',
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 422,
+ name: 'Error',
+ message: `encryptionKey.error.privateKeyAccess.missing`,
+ path: '/EncryptionKey',
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async storeEncryptionKey(
+ @param.path.string('funderId', {description: `L'identifiant du financeur`})
+ funderId: string,
+ @requestBody({
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(EncryptionKey),
+ },
+ },
+ })
+ encryptionKey: EncryptionKey,
+ ): Promise {
+ const enterprise: Enterprise | null = await this.enterpriseRepository.findOne({
+ where: {id: funderId},
+ });
+ const collectivity: Collectivity | null = await this.collectivityRepository.findOne({
+ where: {id: funderId},
+ });
+
+ if (enterprise) {
+ await this.enterpriseRepository.updateById(enterprise.id, {encryptionKey});
+ }
+
+ if (collectivity) {
+ await this.collectivityRepository.updateById(collectivity.id, {
+ encryptionKey,
+ });
+ }
+ }
+
+ @authorize({allowedRoles: [Roles.CONTENT_EDITOR]})
+ @post('/v1/funders/communities', {
+ 'x-controller-name': 'Funders',
+ summary: 'Crée une communauté pour un financeur',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Community model instance',
+ content: {'application/json': {schema: getModelSchemaRef(Community)}},
+ },
+ },
+ })
+ async create(
+ @requestBody({
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Community),
+ },
+ },
+ })
+ community: Omit,
+ ): Promise {
+ const {name, funderId} = community;
+
+ const communitiesByFunderId = await this.communityRepository.find({
+ where: {funderId, name},
+ fields: {id: true},
+ });
+ if (communitiesByFunderId.length === 0) {
+ const enterprises = await this.enterpriseRepository.find({
+ where: {id: funderId},
+ fields: {id: true},
+ });
+ let collectivities = [];
+
+ if (enterprises.length === 0) {
+ collectivities = await this.collectivityRepository.find({
+ where: {id: funderId},
+ fields: {id: true},
+ });
+ }
+
+ if (collectivities.length > 0 || enterprises.length > 0)
+ return this.communityRepository.create(community);
+
+ throw new ValidationError(
+ `communities.error.funders.missed`,
+ `/communities`,
+ StatusCode.UnprocessableEntity,
+ ResourceName.Community,
+ );
+ }
+ throw new ValidationError(
+ `communities.error.name.unique`,
+ `/communities`,
+ StatusCode.UnprocessableEntity,
+ ResourceName.Community,
+ );
+ }
+
+ @authorize({allowedRoles: [Roles.CONTENT_EDITOR, Roles.PLATFORM]})
+ @get('/v1/funders/{funderId}/communities', {
+ 'x-controller-name': 'Funders',
+ summary: "Retourne les communautés d'un financeur",
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: `Réponse si les communautés d'au moins\
+ un financeur sont trouvées.`,
+ content: {
+ 'application/json': {
+ schema: {
+ type: 'array',
+ items: getModelSchemaRef(Community),
+ },
+ },
+ },
+ },
+ },
+ })
+ async findByFunderId(
+ @param.path.string('funderId', {description: `L'identifiant du financeur`})
+ funderId: string,
+ ): Promise {
+ return this.communityRepository.findByFunderId(funderId);
+ }
+
+ @authorize({voters: [canAccessHisOwnData]})
+ @get('/v1/funders/{funderId}', {
+ 'x-controller-name': 'Funders',
+ summary: 'Retourne la clé privée du financeur',
+ security: SECURITY_SPEC_KC_CREDENTIALS_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: `Funder`,
+ content: {
+ 'application/json': {
+ schema: {
+ oneOf: [getModelSchemaRef(Community), getModelSchemaRef(Enterprise)],
+ },
+ },
+ },
+ },
+ [StatusCode.Unauthorized]: {
+ description: 'The user is not logged in',
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 401,
+ name: 'Error',
+ message: 'Authorization header not found',
+ path: '/authorization',
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.Forbidden]: {
+ description: 'The user does not have access rights',
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 403,
+ name: 'Error',
+ message: 'Access denied',
+ path: '/authorization',
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async findFunderById(
+ @param.path.string('funderId', {description: `L'identifiant du financeur`})
+ funderId: string,
+ ): Promise {
+ let funder: Collectivity | Enterprise | undefined = undefined;
+ const collectivity = await this.collectivityRepository.findOne({
+ where: {id: funderId},
+ });
+ const enterprise = await this.enterpriseRepository.findOne({
+ where: {id: funderId},
+ });
+ funder = collectivity ? collectivity : enterprise ? enterprise : undefined;
+ if (!funder) {
+ throw new ValidationError(
+ `Funder not found`,
+ `/Funder`,
+ StatusCode.NotFound,
+ ResourceName.Funder,
+ );
+ }
+ return funder;
+ }
+
+ /**
+ * Get all clients with a specific scope
+ * @returns all clients
+ */
+ @authorize({allowedRoles: [Roles.CONTENT_EDITOR]})
+ @get('/v1/funders/clients', {
+ 'x-controller-name': 'Funders',
+ summary: 'Retourne les financeurs',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Array of clients',
+ content: {
+ 'application/json': {
+ schema: {
+ title: 'clients',
+ type: 'array',
+ items: {
+ type: 'object',
+ properties: {
+ clientId: {
+ description: `Identifiant du client`,
+ type: 'string',
+ example: '',
+ },
+ id: {
+ description: `Identifiant`,
+ type: 'string',
+ example: '',
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async findClients(): Promise {
+ const clients = await this.clientScopeRepository.getClients();
+ return clients!;
+ }
+}
diff --git a/api/src/controllers/idfm_invoice.ts b/api/src/controllers/idfm_invoice.ts
new file mode 100644
index 0000000..7ecbb2c
--- /dev/null
+++ b/api/src/controllers/idfm_invoice.ts
@@ -0,0 +1,53 @@
+export const idfm_invoice = {
+ invoices: [
+ {
+ enterprise: {
+ enterpriseName: 'IDF Mobilités', // Obligatoire
+ sirenNumber: '362521879', // Facultatif
+ siretNumber: '36252187900034', // Obligatoire
+ apeCode: '4711D', // Facultatif
+ enterpriseAddress: {
+ // Facultatif
+ zipCode: 75018, // Facultatif
+ city: 'Paris', // Facultatif
+ street: '6 rue Lepic', // Facultatif
+ },
+ },
+ customer: {
+ customerId: '123789', // Obligatoire - Vérifier par IDFM si cette information peut être diffusable
+ customerName: 'NABLI', // Obligatoire
+ customerSurname: 'Samy', // Obligatoire
+ customerAddress: {
+ // Facultatif
+ zipCode: 75018, // Facultatif
+ city: 'Paris', // Facultatif
+ street: '15 rue Veron', // Facultatif
+ },
+ },
+ transaction: {
+ orderId: '30723', // Obligatoire
+ purchaseDate: '2021-03-03T14:54:18+01:00', // Obligatoire
+ amountInclTaxes: 7520, // Obligatoire
+ amountExclTaxes: 7520, // Facultatif
+ },
+ products: [
+ {
+ productName: 'Forfait Navigo Mois', // Obligatoire
+ quantity: 1, // Obligatoire
+ amountInclTaxes: 7520, // Obligatoire
+ amountExclTaxes: 7520, // Facultatif
+ percentTaxes: 10, // Facultatif
+ productDetails: {
+ // Facultatif
+ periodicity: 'Mensuel', // Facultatif
+ zoneMin: 1, // Facultatif
+ zoneMax: 5, // Facultatif
+ validityStart: '2021-03-01T00:00:00+01:00', // Facultatif
+ validityEnd: '2021-03-31T00:00:00+01:00', // Facultatif
+ },
+ },
+ ],
+ },
+ ],
+ totalElements: 1,
+};
diff --git a/api/src/controllers/incentive.controller.ts b/api/src/controllers/incentive.controller.ts
new file mode 100644
index 0000000..f29e0a6
--- /dev/null
+++ b/api/src/controllers/incentive.controller.ts
@@ -0,0 +1,770 @@
+import {inject, intercept, service} from '@loopback/core';
+import {
+ AnyObject,
+ Count,
+ CountSchema,
+ Filter,
+ PredicateComparison,
+ repository,
+ Where,
+} from '@loopback/repository';
+import {
+ post,
+ param,
+ get,
+ getModelSchemaRef,
+ patch,
+ del,
+ requestBody,
+ Response,
+ RestBindings,
+} from '@loopback/rest';
+import {authenticate} from '@loopback/authentication';
+import {authorize} from '@loopback/authorization';
+import {SecurityBindings} from '@loopback/security';
+
+import {Incentive, Link, SpecificField, Error, Citizen, Territory} from '../models';
+import {
+ IncentiveRepository,
+ CollectivityRepository,
+ EnterpriseRepository,
+ CitizenRepository,
+ TerritoryRepository,
+} from '../repositories';
+import {
+ IncentiveInterceptor,
+ AffiliationInterceptor,
+ AffiliationPublicInterceptor,
+} from '../interceptors';
+import {FunderService, IncentiveService} from '../services';
+import {ValidationError} from '../validationError';
+import {
+ INCENTIVE_TYPE,
+ ResourceName,
+ Roles,
+ StatusCode,
+ SECURITY_SPEC_KC_PASSWORD,
+ AFFILIATION_STATUS,
+ SECURITY_SPEC_ALL,
+ HTTP_METHOD,
+ SECURITY_SPEC_JWT_KC_PASSWORD_KC_CREDENTIALS,
+ SECURITY_SPEC_API_KEY,
+ GET_INCENTIVES_INFORMATION_MESSAGES,
+ AUTH_STRATEGY,
+ IScore,
+ IUpdateAt,
+ IUser,
+} from '../utils';
+import {TAG_MAAS, WEBSITE_FQDN} from '../constants';
+import {
+ incentiveExample,
+ incentiveContentDifferentExample,
+} from './utils/incentiveExample';
+import {TerritoryService} from '../services/territory.service';
+
+@intercept(IncentiveInterceptor.BINDING_KEY)
+export class IncentiveController {
+ constructor(
+ @repository(IncentiveRepository)
+ public incentiveRepository: IncentiveRepository,
+ @repository(CollectivityRepository)
+ public collectivityRepository: CollectivityRepository,
+ @repository(EnterpriseRepository)
+ public enterpriseRepository: EnterpriseRepository,
+ @repository(CitizenRepository)
+ public citizenRepository: CitizenRepository,
+ @repository(TerritoryRepository)
+ public territoryRepository: TerritoryRepository,
+ @inject('services.IncentiveService')
+ public incentiveService: IncentiveService,
+ @service(FunderService)
+ public funderService: FunderService,
+ @service(TerritoryService)
+ public territoryService: TerritoryService,
+ @inject(SecurityBindings.USER, {optional: true})
+ private currentUser?: IUser,
+ ) {}
+
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({allowedRoles: [Roles.CONTENT_EDITOR]})
+ @post('/v1/incentives', {
+ 'x-controller-name': 'Incentives',
+ summary: 'Crée une aide',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Incentives model instance',
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Incentive),
+ },
+ },
+ },
+ },
+ })
+ async create(
+ @requestBody({
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Incentive),
+ },
+ },
+ })
+ incentive: Incentive,
+ ): Promise {
+ let createdTerritory: Territory;
+ try {
+ /**
+ * Check if the territory ID is provided.
+ */
+ if (incentive.territory.id) {
+ /**
+ * Check if the provided ID exists in the territoy collection.
+ */
+ const territoryResult: Territory = await this.territoryRepository.findById(
+ incentive.territory.id,
+ );
+
+ /**
+ * Check if the name provided matches the territory name.
+ */
+ if (
+ territoryResult.name !== incentive.territory.name ||
+ (incentive.territoryName && incentive?.territoryName !== territoryResult.name) // TODO: REMOVING DEPRECATED territoryName.
+ ) {
+ throw new ValidationError(
+ 'territory.name.mismatch',
+ '/territory',
+ StatusCode.UnprocessableEntity,
+ ResourceName.Territory,
+ );
+ }
+ } else {
+ /**
+ * Create Territory
+ */
+ createdTerritory = await this.territoryService.createTerritory({
+ name: incentive.territory.name,
+ } as Territory);
+
+ incentive.territory = createdTerritory;
+ }
+
+ if (incentive.incentiveType === INCENTIVE_TYPE.TERRITORY_INCENTIVE) {
+ const collectivity = await this.collectivityRepository.find({
+ where: {name: incentive.funderName},
+ });
+ if (collectivity.length > 0) {
+ incentive.funderId = collectivity[0].id;
+ }
+ } else if (incentive.incentiveType === INCENTIVE_TYPE.EMPLOYER_INCENTIVE) {
+ const enterprise = await this.enterpriseRepository.find({
+ where: {name: incentive.funderName},
+ });
+ if (enterprise.length > 0) {
+ incentive.funderId = enterprise[0].id;
+ } else {
+ throw new ValidationError(
+ `incentives.error.fundername.enterprise.notExist`,
+ '/enterpriseNotExist',
+ StatusCode.NotFound,
+ ResourceName.Enterprise,
+ );
+ }
+ }
+ if (incentive.specificFields) {
+ incentive.jsonSchema = this.incentiveService.convertSpecificFields(
+ incentive.title,
+ incentive.specificFields,
+ );
+ }
+ return await this.incentiveRepository.create(incentive);
+ } catch (error) {
+ if (createdTerritory!) {
+ await this.territoryRepository.deleteById(createdTerritory.id);
+ }
+ throw error;
+ }
+ }
+
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({
+ allowedRoles: [Roles.MANAGERS, Roles.CONTENT_EDITOR, Roles.MAAS, Roles.MAAS_BACKEND],
+ })
+ @get('/v1/incentives', {
+ 'x-controller-name': 'Incentives',
+ summary: 'Retourne les aides',
+ security: SECURITY_SPEC_JWT_KC_PASSWORD_KC_CREDENTIALS,
+ tags: ['Incentives', TAG_MAAS],
+ responses: {
+ [StatusCode.Success]: {
+ description: 'La liste des aides',
+ content: {
+ 'application/json': {
+ schema: {
+ title: 'Incentive',
+ type: 'array',
+ items: {
+ title: 'Incentive',
+ allOf: [
+ getModelSchemaRef(Incentive, {
+ exclude: ['specificFields', 'links'],
+ }),
+ {
+ type: 'object',
+ properties: {
+ specificFields: {
+ type: 'array',
+ items: getModelSchemaRef(SpecificField),
+ },
+ },
+ },
+ ],
+ },
+ example: incentiveExample,
+ },
+ },
+ },
+ },
+ [StatusCode.ContentDifferent]: {
+ description: 'La liste des aides nationales et du territoire concerné',
+ content: {
+ 'application/json': {
+ schema: {
+ type: 'object',
+ properties: {
+ response: {
+ type: 'array',
+ items: {
+ title: 'Incentive',
+ allOf: [
+ getModelSchemaRef(Incentive, {
+ exclude: [
+ 'attachments',
+ 'additionalInfos',
+ 'contact',
+ 'jsonSchema',
+ 'subscriptionLink',
+ 'specificFields',
+ 'links',
+ ],
+ }),
+ {
+ type: 'object',
+ properties: {
+ specificFields: {
+ type: 'array',
+ items: getModelSchemaRef(SpecificField),
+ },
+ },
+ },
+ ],
+ },
+ },
+ message: {
+ type: 'string',
+ enum: Object.values(GET_INCENTIVES_INFORMATION_MESSAGES),
+ example:
+ GET_INCENTIVES_INFORMATION_MESSAGES.CITIZEN_AFFILIATED_WITHOUT_INCENTIVES,
+ },
+ },
+ example: incentiveContentDifferentExample,
+ },
+ },
+ },
+ },
+ [StatusCode.Unauthorized]: {
+ description: "L'utilisateur est non connecté",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 401,
+ name: 'Error',
+ message: 'Authorization header not found',
+ path: '/authorization',
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.Forbidden]: {
+ description:
+ "L'utilisateur n'a pas les droits pour accéder au catalogue des aides",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 403,
+ name: 'Error',
+ message: 'Access denied',
+ path: '/authorization',
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async find(
+ @inject(RestBindings.Http.RESPONSE) resp: Response,
+ ): Promise> {
+ const {id, roles} = this.currentUser!;
+ if (roles && roles.includes(Roles.CONTENT_EDITOR)) {
+ return this.incentiveRepository.find({
+ order: ['updatedAt DESC'],
+ });
+ }
+
+ if (roles && roles.includes(Roles.MANAGERS)) {
+ const withParams: AnyObject[] = [
+ {funderName: this.currentUser!.funderName},
+ {incentiveType: this.currentUser!.incentiveType},
+ ];
+ return this.incentiveRepository.find({
+ where: {
+ and: withParams,
+ },
+ fields: {
+ id: true,
+ title: true,
+ },
+ });
+ }
+
+ const commonFilter: Filter = {
+ order: ['updatedAt DESC'],
+ fields: {
+ id: true,
+ funderId: true,
+ title: true,
+ incentiveType: true,
+ conditions: true,
+ paymentMethod: true,
+ allocatedAmount: true,
+ funderName: true,
+ minAmount: true,
+ transportList: true,
+ validityDate: true,
+ createdAt: true,
+ updatedAt: true,
+ description: true,
+ isMCMStaff: true,
+ territory: true,
+ },
+ };
+ const incentiveList: Incentive[] = await this.incentiveRepository.find({
+ where: {
+ or: [
+ {
+ incentiveType:
+ INCENTIVE_TYPE.TERRITORY_INCENTIVE as PredicateComparison,
+ },
+ {
+ incentiveType:
+ INCENTIVE_TYPE.NATIONAL_INCENTIVE as PredicateComparison,
+ },
+ ],
+ },
+ ...commonFilter,
+ });
+
+ if (roles && roles.includes(Roles.MAAS_BACKEND)) {
+ return incentiveList;
+ }
+
+ if (roles && roles.includes(Roles.MAAS)) {
+ const citizen: Citizen | null = await this.citizenRepository.findOne({where: {id}});
+ const citizenFunderId: string | null | undefined =
+ citizen?.affiliation?.enterpriseId;
+ const citizenStatus: string | null | undefined =
+ citizen?.affiliation?.affiliationStatus;
+
+ if (citizenFunderId && citizenStatus === AFFILIATION_STATUS.AFFILIATED) {
+ const incentiveEnterpriseList: Incentive[] = await this.incentiveRepository.find({
+ where: {funderId: citizenFunderId},
+ ...commonFilter,
+ });
+
+ if (incentiveEnterpriseList.length === 0)
+ return resp.status(210).send({
+ response: incentiveList,
+ message:
+ GET_INCENTIVES_INFORMATION_MESSAGES.CITIZEN_AFFILIATED_WITHOUT_INCENTIVES,
+ });
+ return [...incentiveList, ...incentiveEnterpriseList];
+ }
+
+ if (
+ citizenStatus ===
+ (AFFILIATION_STATUS.TO_AFFILIATE || AFFILIATION_STATUS.DISAFFILIATED)
+ ) {
+ return resp.status(210).send({
+ response: incentiveList,
+ message: GET_INCENTIVES_INFORMATION_MESSAGES.CITIZEN_NOT_AFFILIATED,
+ });
+ }
+ return incentiveList;
+ }
+ return [];
+ }
+ @authenticate(AUTH_STRATEGY.API_KEY)
+ @authorize({allowedRoles: [Roles.API_KEY]})
+ @get('/v1/incentives/search', {
+ 'x-controller-name': 'Incentives',
+ summary: 'Recherche les aides correspondantes',
+ security: SECURITY_SPEC_API_KEY,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Array of Incentive model instances',
+ content: {
+ 'application/json': {
+ schema: {
+ type: 'array',
+ items: getModelSchemaRef(Incentive),
+ },
+ },
+ },
+ },
+ },
+ })
+ async search(
+ @param.query.string('_q') textSearch?: string,
+ @param.query.string('incentiveType') incentiveType?: string,
+ @param.query.string('enterpriseId') enterpriseId?: string,
+ ): Promise {
+ const sort: IScore | IUpdateAt = textSearch
+ ? {score: {$meta: 'textScore'}}
+ : {updatedAt: -1};
+ const match: any = textSearch ? {$text: {$search: textSearch, $language: 'fr'}} : {};
+
+ if (incentiveType) {
+ match['$or'] = [];
+ const incentiveTypeList = incentiveType.split(',');
+ for (const row of incentiveTypeList) {
+ match['$or'].push({incentiveType: row});
+ }
+ }
+
+ if (enterpriseId) {
+ match['$or'].push({
+ incentiveType: INCENTIVE_TYPE.EMPLOYER_INCENTIVE,
+ funderId: enterpriseId,
+ });
+ }
+
+ return this.incentiveRepository
+ .execute('Incentive', 'aggregate', [
+ {$match: match},
+ {$sort: sort},
+ {$addFields: {id: '$_id'}},
+ {$project: {_id: 0}},
+ ])
+ .then(res => res.get())
+ .catch(err => err);
+ }
+
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({allowedRoles: [Roles.CONTENT_EDITOR]})
+ @get('/v1/incentives/count', {
+ 'x-controller-name': 'Incentives',
+ summary: "Retourne le nombre d'aides",
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Incentives model count',
+ content: {
+ 'application/json': {
+ schema: {...CountSchema, ...{title: 'Count'}},
+ },
+ },
+ },
+ },
+ })
+ async count(@param.where(Incentive) where?: Where): Promise {
+ return this.incentiveRepository.count(where);
+ }
+
+ /**
+ * get incentive by id
+ * @param incentiveId the incentive id
+ * @returns incentive object details
+ */
+ @authenticate(AUTH_STRATEGY.KEYCLOAK, AUTH_STRATEGY.API_KEY)
+ @authorize({
+ allowedRoles: [
+ Roles.API_KEY,
+ Roles.CONTENT_EDITOR,
+ Roles.MAAS,
+ Roles.MAAS_BACKEND,
+ Roles.PLATFORM,
+ ],
+ })
+ @intercept(AffiliationPublicInterceptor.BINDING_KEY)
+ @intercept(AffiliationInterceptor.BINDING_KEY)
+ @get('/v1/incentives/{incentiveId}', {
+ 'x-controller-name': 'Incentives',
+ summary: "Retourne le détail d'une aide",
+ security: SECURITY_SPEC_ALL,
+ tags: ['Incentives', TAG_MAAS],
+ responses: {
+ [StatusCode.Success]: {
+ description: "Le détail de l'aide",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Incentive),
+ },
+ },
+ },
+ [StatusCode.Unauthorized]: {
+ description: "L'utilisateur est non connecté",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 401,
+ name: 'Error',
+ message: 'Authorization header not found',
+ path: '/authorization',
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.Forbidden]: {
+ description:
+ "L'utilisateur n'a pas les droits pour accéder au détail de cette aide",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 403,
+ name: 'Error',
+ message: 'Access denied',
+ path: '/authorization',
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.NotFound]: {
+ description: "Cette aide n'existe pas",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 404,
+ name: 'Error',
+ message: 'Incentive not found',
+ path: '/incentiveNotFound',
+ resourceName: 'Incentive',
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async findIncentiveById(
+ @param.path.string('incentiveId', {description: `L'identifiant de l'aide`})
+ incentiveId: string,
+ ): Promise {
+ const incentive: Incentive = await this.incentiveRepository.findById(incentiveId);
+
+ if (incentive?.isMCMStaff) {
+ const links: Link[] = [
+ new Link({
+ href: `${WEBSITE_FQDN}/subscriptions/new?incentiveId=${incentive.id}`,
+ rel: 'subscribe',
+ method: HTTP_METHOD.GET,
+ }),
+ ];
+ incentive.links = links;
+ }
+
+ return incentive;
+ }
+
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({allowedRoles: [Roles.CONTENT_EDITOR]})
+ @patch('/v1/incentives/{incentiveId}', {
+ 'x-controller-name': 'Incentives',
+ summary: 'Modifie une aide',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.NoContent]: {
+ description: 'Incentives put success',
+ },
+ [StatusCode.NotFound]: {
+ description: "Cette aide n'existe pas",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 404,
+ name: 'Error',
+ message: 'Incentive not found',
+ path: '/incentiveNotFound',
+ resourceName: 'Incentive',
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async updateById(
+ @param.path.string('incentiveId', {description: `L'identifiant de l'aide`})
+ incentiveId: string,
+ @requestBody({
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Incentive, {
+ title: 'IncentiveUpdate',
+ partial: true,
+ }),
+ },
+ },
+ })
+ incentive: Incentive,
+ ): Promise {
+ // Remove contact from incentive object
+ if (!incentive.contact) {
+ delete incentive.contact;
+ await this.incentiveRepository.updateById(incentiveId, {
+ $unset: {contact: ''},
+ } as any);
+ }
+ // Remove validityDuration from incentive object
+ if (!incentive.validityDuration) {
+ delete incentive.validityDuration;
+ await this.incentiveRepository.updateById(incentiveId, {
+ $unset: {validityDuration: ''},
+ } as any);
+ }
+ // Remove additionalInfos from incentive object
+ if (!incentive.additionalInfos) {
+ delete incentive.additionalInfos;
+ await this.incentiveRepository.updateById(incentiveId, {
+ $unset: {additionalInfos: ''},
+ } as any);
+ }
+ // Remove validityDate from incentive object
+ if (!incentive.validityDate) {
+ delete incentive.validityDate;
+ await this.incentiveRepository.updateById(incentiveId, {
+ $unset: {validityDate: ''},
+ } as any);
+ }
+
+ if (incentive.territory) {
+ if (!incentive.territory.id) {
+ throw new ValidationError(
+ 'territory.id.undefined',
+ '/territory',
+ StatusCode.PreconditionFailed,
+ ResourceName.Territory,
+ );
+ }
+ /**
+ * Check if the provided ID exists in the territoy collection.
+ */
+ const territoryResult: Territory = await this.territoryRepository.findById(
+ incentive.territory.id,
+ );
+
+ /**
+ * Check if the name provided matches the territory name.
+ */
+ if (
+ territoryResult.name !== incentive.territory.name ||
+ (incentive.territoryName && incentive?.territoryName !== territoryResult.name) // TODO: REMOVING DEPRECATED territoryName.
+ ) {
+ throw new ValidationError(
+ 'territory.name.mismatch',
+ '/territory',
+ StatusCode.UnprocessableEntity,
+ ResourceName.Territory,
+ );
+ }
+ }
+
+ // Add new specificFields and unset subscription link
+ if (
+ incentive.isMCMStaff &&
+ incentive.specificFields &&
+ incentive.specificFields.length
+ ) {
+ // Add json schema from specific fields
+ incentive.jsonSchema = this.incentiveService.convertSpecificFields(
+ incentive.title,
+ incentive.specificFields,
+ );
+ // Remove subscription from incentive object
+ delete incentive.subscriptionLink;
+ // Unset subscription
+ await this.incentiveRepository.updateById(incentiveId, {
+ $unset: {subscriptionLink: ''},
+ } as any);
+ }
+
+ // Add subscription link and unset specificFields and jsonSchema
+ if (
+ (!incentive.isMCMStaff && incentive.subscriptionLink) ||
+ (incentive?.specificFields && !incentive.specificFields.length)
+ ) {
+ // Remove specific field && jsonSchema from incentive object
+ delete incentive.specificFields;
+ delete incentive.jsonSchema;
+ // Unset specificFields && jsonSchema
+ await this.incentiveRepository.updateById(incentiveId, {
+ $unset: {specificFields: '', jsonSchema: ''},
+ } as any);
+ }
+ await this.incentiveRepository.updateById(incentiveId, incentive);
+ incentive.id = incentiveId;
+ return incentive;
+ }
+
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({allowedRoles: [Roles.CONTENT_EDITOR]})
+ @del('/v1/incentives/{incentiveId}', {
+ 'x-controller-name': 'Incentives',
+ summary: 'Supprime une aide',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.NoContent]: {
+ description: 'Incentives DELETE success',
+ },
+ [StatusCode.NotFound]: {
+ description: "Cette aide n'existe pas",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 404,
+ name: 'Error',
+ message: 'Incentive not found',
+ path: '/incentiveNotFound',
+ resourceName: 'Incentive',
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async deleteById(
+ @param.path.string('incentiveId', {description: `L'identifiant de l'aide`})
+ incentiveId: string,
+ ): Promise {
+ await this.incentiveRepository.deleteById(incentiveId);
+ }
+}
diff --git a/api/src/controllers/index.ts b/api/src/controllers/index.ts
new file mode 100644
index 0000000..4a6cfe2
--- /dev/null
+++ b/api/src/controllers/index.ts
@@ -0,0 +1,10 @@
+export * from './incentive.controller';
+export * from './citizen.controller';
+export * from './contact.controller';
+export * from './collectivity.controller';
+export * from './enterprise.controller';
+export * from './subscription.controller';
+export * from './funder.controller';
+export * from './dashboard.controller';
+export * from './user.controller';
+export * from './territory.controller';
diff --git a/api/src/controllers/subscription.controller.ts b/api/src/controllers/subscription.controller.ts
new file mode 100644
index 0000000..2ff29da
--- /dev/null
+++ b/api/src/controllers/subscription.controller.ts
@@ -0,0 +1,917 @@
+import {AnyObject, repository, Count} from '@loopback/repository';
+import {inject, service, intercept} from '@loopback/core';
+import {
+ param,
+ get,
+ getModelSchemaRef,
+ put,
+ requestBody,
+ Response,
+ RestBindings,
+ post,
+ HttpErrors,
+} from '@loopback/rest';
+import {authorize} from '@loopback/authorization';
+import {authenticate} from '@loopback/authentication';
+import {SecurityBindings} from '@loopback/security';
+
+import {isEqual, intersection} from 'lodash';
+
+import {AttachmentMetadata, Error, Invoice, Metadata, Subscription} from '../models';
+import {
+ CommunityRepository,
+ SubscriptionRepository,
+ UserRepository,
+ MetadataRepository,
+ CitizenRepository,
+} from '../repositories';
+import {
+ SubscriptionService,
+ FunderService,
+ S3Service,
+ checkMaas,
+ MailService,
+} from '../services';
+import {validationErrorExternalHandler} from '../validationErrorExternal';
+import {ValidationError} from '../validationError';
+import {
+ ResourceName,
+ StatusCode,
+ SECURITY_SPEC_KC_PASSWORD,
+ SECURITY_SPEC_KC_CREDENTIALS_KC_PASSWORD,
+ FUNDER_TYPE,
+ INCENTIVE_TYPE,
+ Roles,
+ SUBSCRIPTION_STATUS,
+ AUTH_STRATEGY,
+ SECURITY_SPEC_JWT,
+ IUser,
+} from '../utils';
+import {
+ AffiliationInterceptor,
+ SubscriptionInterceptor,
+ SubscriptionMetadataInterceptor,
+} from '../interceptors';
+import {getInvoiceFilename} from '../utils/invoice';
+import {TAG_MAAS, WEBSITE_FQDN} from '../constants';
+import {endOfYear, startOfYear} from 'date-fns';
+import {
+ ValidationMultiplePayment,
+ SubscriptionValidation,
+ ValidationSinglePayment,
+ ValidationNoPayment,
+ NoReason,
+ OtherReason,
+ SubscriptionRejection,
+} from '../models';
+
+/**
+ * set the list pagination value
+ */
+const PAGINATION_LIMIT = 200;
+
+interface SubscriptionsWithCount {
+ subscriptions: Subscription[];
+ count: number;
+}
+
+@authenticate(AUTH_STRATEGY.KEYCLOAK)
+export class SubscriptionController {
+ constructor(
+ @repository(SubscriptionRepository)
+ public subscriptionRepository: SubscriptionRepository,
+ @service(S3Service)
+ private s3Service: S3Service,
+ @service(SubscriptionService)
+ private subscriptionService: SubscriptionService,
+ @service(FunderService)
+ private funderService: FunderService,
+ @service(CommunityRepository)
+ private communityRepository: CommunityRepository,
+ @service(MetadataRepository)
+ private metadataRepository: MetadataRepository,
+ @service(UserRepository)
+ private userRepository: UserRepository,
+ @service(CitizenRepository)
+ private citizenRepository: CitizenRepository,
+ @inject(SecurityBindings.USER)
+ private currentUser: IUser,
+ @inject(RestBindings.Http.RESPONSE) private response: Response,
+ @inject('services.MailService')
+ public mailService: MailService,
+ ) {}
+
+ /**
+ * get the subscriptions list
+ * @param status that subscription status (VALIDATED or REJECTED)
+ * @param incentiveId the incentive id
+ * @param lastName the last name related to the subscription
+ * @param citizenId the citizen id
+ * @returns subscription list
+ */
+ @authorize({allowedRoles: [Roles.MANAGERS, Roles.CITIZENS]})
+ @get('/v1/subscriptions', {
+ 'x-controller-name': 'Subscriptions',
+ summary: 'Retourne les souscriptions',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Array of Subscriptions model instances',
+ content: {
+ 'application/json': {
+ schema: {
+ oneOf: [
+ {
+ type: 'array',
+ items: getModelSchemaRef(Subscription),
+ },
+ {
+ type: 'object',
+ properties: {
+ subscriptions: getModelSchemaRef(Subscription),
+ count: {
+ type: 'number',
+ },
+ },
+ },
+ ],
+ },
+ },
+ },
+ },
+ },
+ })
+ async find(
+ @param.query.string('status') status: string,
+ @param.query.string('incentiveId') incentiveId?: string,
+ @param.query.string('incentiveType') incentiveType?: string,
+ @param.query.string('idCommunities') idCommunities?: string,
+ @param.query.string('lastName') lastName?: string,
+ @param.query.string('citizenId') citizenId?: string,
+ @param.query.string('year') year?: string,
+ @param.query.string('skip') skip?: number | undefined,
+ ): Promise {
+ const withParams: AnyObject[] = [
+ {
+ funderName: this.currentUser.funderName!,
+ incentiveType: this.currentUser.incentiveType!,
+ },
+ ];
+
+ const userId = this.currentUser.id;
+
+ let communityIds: '' | string[] | null | undefined = null;
+
+ communityIds =
+ userId && (await this.userRepository.findOne({where: {id: userId}}))?.communityIds;
+
+ if (communityIds && communityIds?.length > 0) {
+ withParams.push({communityId: {inq: communityIds}});
+ }
+
+ if (idCommunities) {
+ const match: AnyObject[] = [];
+ const idCommunitiesList = idCommunities.split(',');
+ const mapping: AnyObject = {};
+ mapping[INCENTIVE_TYPE['TERRITORY_INCENTIVE']] = FUNDER_TYPE.collectivity;
+ mapping[INCENTIVE_TYPE['EMPLOYER_INCENTIVE']] = FUNDER_TYPE.enterprise;
+
+ const funders = await this.funderService.getFunderByName(
+ this.currentUser.funderName!,
+ mapping[this.currentUser.incentiveType!],
+ );
+
+ if (funders?.id && idCommunitiesList && idCommunitiesList.length > 0) {
+ const communities = await this.communityRepository.findByFunderId(funders.id);
+
+ if (
+ communities &&
+ communities.length > 0 &&
+ isEqual(
+ intersection(
+ communities.map(({id}) => id),
+ idCommunitiesList,
+ ).sort(),
+ idCommunitiesList.sort(),
+ )
+ ) {
+ for (const row of idCommunitiesList) {
+ match.push({communityId: row});
+ }
+ withParams.push({or: match});
+ }
+ }
+ if (match.length === 0)
+ throw new ValidationError(
+ `subscriptions.error.communities.mismatch`,
+ `/subscriptions`,
+ StatusCode.UnprocessableEntity,
+ ResourceName.Subscription,
+ );
+ }
+
+ if (incentiveId) {
+ const match: AnyObject[] = [];
+ const incentiveIdList = incentiveId.split(',');
+ for (const row of incentiveIdList) {
+ match.push({incentiveId: row});
+ }
+ withParams.push({or: match});
+ }
+
+ if (incentiveType) {
+ const match: AnyObject[] = [];
+ const incentiveTypeList = incentiveType.split(',');
+ for (const row of incentiveTypeList) {
+ match.push({incentiveType: row});
+ }
+ withParams.push({or: match});
+ }
+
+ if (lastName) {
+ withParams.push({lastName: lastName});
+ }
+
+ if (citizenId) {
+ withParams.push({citizenId: citizenId});
+ }
+
+ if (year) {
+ const yearMatch: AnyObject[] = [];
+ const yearList = year.split(',');
+ for (const yearItem of yearList) {
+ const match: AnyObject[] = [];
+ match.push({
+ updatedAt: {
+ gte: startOfYear(new Date(parseInt(yearItem), 0)),
+ },
+ });
+ match.push({
+ updatedAt: {
+ lte: endOfYear(new Date(parseInt(yearItem), 0)),
+ },
+ });
+ yearMatch.push({and: match});
+ }
+ withParams.push({or: yearMatch});
+ }
+
+ if (status) {
+ const match: AnyObject[] = [];
+ const statusList = status.split(',');
+ if (status.includes(SUBSCRIPTION_STATUS.DRAFT)) {
+ // ticket 1827 should not return subscription with statut BROUILLON
+ return {
+ subscriptions: [],
+ count: 0,
+ };
+ }
+ for (const row of statusList) {
+ match.push({status: row});
+ }
+ withParams.push({or: match});
+ } else {
+ withParams.push({status: {neq: SUBSCRIPTION_STATUS.DRAFT}});
+ }
+
+ if (citizenId) {
+ // get citizen's subscription
+ const subscriptionsResponse = await this.subscriptionRepository.find({
+ limit: 10,
+ skip,
+ order: ['createdAt DESC'],
+ where: {
+ and: withParams,
+ },
+ });
+
+ // params to get count of citizen's subscription
+ const queryParams: object = {
+ funderName: this.currentUser.funderName!,
+ incentiveType: this.currentUser.incentiveType!,
+ citizenId: citizenId,
+ communityId: communityIds ? {inq: communityIds} : undefined,
+ status: {neq: SUBSCRIPTION_STATUS.DRAFT},
+ updatedAt: year
+ ? {
+ gte: startOfYear(new Date(parseInt(year), 0)),
+ lte: endOfYear(new Date(parseInt(year), 0)),
+ }
+ : undefined,
+ };
+ const subscriptionCount: Count = await this.subscriptionRepository.count(
+ queryParams,
+ );
+
+ return {
+ subscriptions: subscriptionsResponse,
+ ...subscriptionCount,
+ };
+ } else {
+ return this.subscriptionRepository.find({
+ limit: PAGINATION_LIMIT,
+ where: {
+ and: withParams,
+ },
+ });
+ }
+ }
+
+ /**
+ * download the validated demands
+ * @param funderName is the funder name as collectivity or enterprise
+ * @param funderType is the funder type or nature
+ * @param Response the validated subscriptions from founder name and funder type
+ */
+ @authorize({allowedRoles: [Roles.MANAGERS]})
+ @get('/v1/subscriptions/export', {
+ 'x-controller-name': 'Subscriptions',
+ summary: 'Exporte les souscriptions validées du financeur connecté',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Downloadable .xlsx file with validated incentive list',
+ content: {
+ 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet': {
+ schema: {type: 'string', format: 'base64'},
+ },
+ },
+ },
+ },
+ })
+ async generateExcel(
+ @inject(RestBindings.Http.RESPONSE) Response: Response,
+ ): Promise {
+ const withParams: AnyObject[] = [
+ {funderName: this.currentUser.funderName},
+ {incentiveType: this.currentUser.incentiveType},
+ {status: SUBSCRIPTION_STATUS.VALIDATED},
+ ];
+
+ const userId = this.currentUser.id;
+
+ let communityIds: '' | string[] | null | undefined = null;
+
+ communityIds =
+ userId && (await this.userRepository.findOne({where: {id: userId}}))?.communityIds;
+ if (communityIds && communityIds?.length > 0) {
+ withParams.push({communityId: {inq: communityIds}});
+ }
+
+ const subscriptionList = await this.subscriptionRepository.find({
+ order: ['updatedAT ASC'],
+ where: {
+ and: withParams,
+ },
+ });
+ if (subscriptionList && subscriptionList.length > 0) {
+ const buffer = await this.subscriptionService.generateExcelValidatedIncentives(
+ subscriptionList,
+ );
+ Response.status(200)
+ .contentType('application/vnd.openxmlformats-officedocument.spreadsheetml.sheet')
+ .send(buffer);
+ } else if (subscriptionList && subscriptionList.length === 0) {
+ throw new ValidationError(
+ 'Aucune demande validée à télécharger',
+ '/downloadXlsx',
+ StatusCode.UnprocessableEntity,
+ ResourceName.Subscription,
+ );
+ } else {
+ throw new ValidationError(
+ 'Le téléchargement a échoué, veuillez réessayer',
+ '/downloadXlsx',
+ StatusCode.UnprocessableEntity,
+ ResourceName.Subscription,
+ );
+ }
+ }
+
+ /**
+ * download file by id
+ * @param subscriptionId the requested subscription id
+ * @param filename the given name of the downloaded file
+ * @returns the response object for file download
+ */
+ @authorize({allowedRoles: [Roles.MANAGERS, Roles.SIRH_BACKEND]})
+ @intercept(SubscriptionInterceptor.BINDING_KEY)
+ @get('/v1/subscriptions/{subscriptionId}/attachments/{filename}', {
+ 'x-controller-name': 'Subscriptions',
+ summary: "Récupère le justificatif d'une souscription",
+ security: SECURITY_SPEC_KC_CREDENTIALS_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Le fichier du justificatif associé à la demande',
+ content: {
+ 'application/octet-stream': {
+ schema: {
+ type: 'string',
+ format: 'binary',
+ },
+ },
+ },
+ },
+ [StatusCode.Unauthorized]: {
+ description: "L'utilisateur est non connecté",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 401,
+ name: 'Error',
+ message: 'Authorization header not found',
+ path: '/authorization',
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.Forbidden]: {
+ description: "L'utilisateur n'a pas les droits pour accéder au fichier",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 403,
+ name: 'Error',
+ message: 'Access denied',
+ path: '/authorization',
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.NotFound]: {
+ description: "La demande ou le fichier n'existe pas",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 404,
+ name: 'Error',
+ message: 'Not Found',
+ path: '/subscription',
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async getSubscriptionFileByName(
+ @param.path.string('subscriptionId', {description: `L'identifiant de la demande`})
+ subscriptionId: string,
+ @param.path.string('filename', {
+ description: `Le nom de fichier du justificatif à récupérer`,
+ })
+ filename: string,
+ ): Promise {
+ try {
+ const subscription = await this.subscriptionRepository.findById(subscriptionId);
+ const downloadBucket = await this.s3Service.downloadFileBuffer(
+ subscription.citizenId,
+ subscriptionId,
+ filename,
+ );
+ this.response
+ .status(200)
+ .contentType('application/octet-stream')
+ .send(downloadBucket);
+ return downloadBucket;
+ } catch (error) {
+ return validationErrorExternalHandler(error);
+ }
+ }
+
+ /**
+ * get the subscription by id
+ * @param subscriptionId the subscription id
+ * @param filter the subscriptions search filter
+ * @returns the subscriptions objects
+ */
+ @authorize({allowedRoles: [Roles.MANAGERS]})
+ @intercept(SubscriptionInterceptor.BINDING_KEY)
+ @get('/v1/subscriptions/{subscriptionId}', {
+ 'x-controller-name': 'Subscriptions',
+ summary: "Retourne le détail d'une souscription",
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Subscriptions model instance',
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Subscription),
+ },
+ },
+ },
+ [StatusCode.NotFound]: {
+ description: "Cette demande n'existe pas",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 404,
+ name: 'Error',
+ message: 'Subscription not found',
+ path: '/subscriptionNotFound',
+ resourceName: 'Subscription',
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async findById(
+ @param.path.string('subscriptionId', {description: `L'identifiant de la demande`})
+ subscriptionId: string,
+ ): Promise {
+ return this.subscriptionRepository.findById(subscriptionId);
+ }
+
+ /**
+ * subscriptions validation by subscription id
+ * @param subscriptionId the subscription id
+ */
+ @authorize({allowedRoles: [Roles.MANAGERS]})
+ @intercept(SubscriptionInterceptor.BINDING_KEY)
+ @put('/v1/subscriptions/{subscriptionId}/validate', {
+ 'x-controller-name': 'Subscriptions',
+ summary: 'Valide une souscription',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.NoContent]: {
+ description: 'La demande est validée',
+ },
+ [StatusCode.NotFound]: {
+ description: "Cette demande n'existe pas",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 404,
+ name: 'Error',
+ message: 'Subscription not found',
+ path: '/subscriptionNotFound',
+ resourceName: 'Subscription',
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.PreconditionFailed]: {
+ description: "La demande n'est pas au bon status",
+ },
+ [StatusCode.UnprocessableEntity]: {
+ description: "La demande n'est pas au bon format",
+ },
+ },
+ })
+ async validate(
+ @param.path.string('subscriptionId', {description: `L'identifiant de la demande`})
+ subscriptionId: string,
+ @requestBody({
+ content: {
+ 'application/json': {
+ schema: {
+ anyOf: [
+ getModelSchemaRef(ValidationMultiplePayment),
+ getModelSchemaRef(ValidationSinglePayment),
+ getModelSchemaRef(ValidationNoPayment),
+ ],
+ },
+ },
+ },
+ })
+ payment: SubscriptionValidation,
+ ): Promise {
+ // Vérification de l'existence de la subscription
+ const subscription = await this.subscriptionRepository.findById(subscriptionId);
+ if (subscription.status === SUBSCRIPTION_STATUS.TO_PROCESS) {
+ const result = this.subscriptionService.checkPayment(payment);
+ await this.subscriptionService.validateSubscription(result, subscription);
+ } else {
+ throw new ValidationError(
+ 'subscriptions.error.bad.status',
+ '/subscriptionBadStatus',
+ StatusCode.PreconditionFailed,
+ ResourceName.Subscription,
+ );
+ }
+ }
+
+ /**
+ * Subscriptions rejection by subscription id
+ * @param subscriptionId the subscription id
+ * @param reason the property to update
+ */
+ @authorize({allowedRoles: [Roles.MANAGERS]})
+ @intercept(SubscriptionInterceptor.BINDING_KEY)
+ @put('/v1/subscriptions/{subscriptionId}/reject', {
+ 'x-controller-name': 'Subscriptions',
+ summary: 'Rejette une souscription',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.NoContent]: {
+ description: 'La demande est rejetée',
+ },
+ [StatusCode.NotFound]: {
+ description: "Cette demande n'existe pas",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 404,
+ name: 'Error',
+ message: 'Subscription not found',
+ path: '/subscriptionNotFound',
+ resourceName: 'Subscription',
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.PreconditionFailed]: {
+ description: "La demande n'est pas au bon status",
+ },
+ [StatusCode.UnprocessableEntity]: {
+ description: "La demande n'est pas au bon format",
+ },
+ },
+ })
+ async reject(
+ @param.path.string('subscriptionId', {description: `L'identifiant de la demande`})
+ subscriptionId: string,
+ @requestBody({
+ content: {
+ 'application/json': {
+ schema: {
+ oneOf: [getModelSchemaRef(NoReason), getModelSchemaRef(OtherReason)],
+ },
+ },
+ },
+ })
+ reason: SubscriptionRejection,
+ ): Promise {
+ // Vérification de l'existence de la subscription
+ const subscription = await this.subscriptionRepository.findById(subscriptionId);
+ if (subscription.status === SUBSCRIPTION_STATUS.TO_PROCESS) {
+ const result = this.subscriptionService.checkRefusMotif(reason);
+ await this.subscriptionService.rejectSubscription(result, subscription);
+ } else {
+ throw new ValidationError(
+ 'subscriptions.error.bad.status',
+ '/subscriptionBadStatus',
+ StatusCode.PreconditionFailed,
+ ResourceName.Subscription,
+ );
+ }
+ }
+
+ @authorize({allowedRoles: [Roles.PLATFORM]})
+ @intercept(SubscriptionMetadataInterceptor.BINDING_KEY)
+ @get('v1/subscriptions/metadata/{metadataId}', {
+ 'x-controller-name': 'Subscriptions',
+ summary: "Récupère les métadonnées d'une souscription",
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: "Métadonnées d'un utilisateur",
+ content: {
+ 'application/json': {
+ schema: {
+ type: 'object',
+ properties: {
+ incentiveId: {
+ description: `Identifiant de l'aide`,
+ type: 'string',
+ example: '',
+ },
+ citizenId: {
+ description: `Identifiant du citoyen`,
+ type: 'string',
+ example: '',
+ },
+ attachmentMetadata: {
+ type: 'array',
+ items: {
+ type: 'object',
+ properties: {
+ fileName: {
+ description: `Nom du fichier de la preuve d'achat`,
+ type: 'string',
+ example: '03-03-2021_Forfait_Navigo_Mois_Bob_RASOVSKY.pdf',
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.Unauthorized]: {
+ description: "L'utilisateur est non connecté",
+ },
+ [StatusCode.Forbidden]: {
+ description: "L'utilisateur n'a pas les droits pour récupérer les métadonnées",
+ },
+ [StatusCode.NotFound]: {
+ description: "Ces métadonnées n'existent pas",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 404,
+ name: 'Error',
+ message: 'Metadata not found',
+ path: '/metadataNotFound',
+ resourceName: 'Metadata',
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async getMetadata(
+ @param.path.string('metadataId', {
+ description: `L'identifiant des métadonnées à envoyer \
+ lors de la souscription d'une aide pour un citoyen`,
+ })
+ metadataId: string,
+ ): Promise<
+ | {
+ incentiveId: string;
+ citizenId: string;
+ attachmentMetadata: {fileName: string}[];
+ }
+ | HttpErrors.HttpError
+ > {
+ try {
+ const metadata: Metadata = await this.metadataRepository.findById(metadataId);
+
+ // Get fileName for each invoices
+ const fileNameList = metadata.attachmentMetadata.invoices.map(
+ (invoice: Invoice) => {
+ return {fileName: getInvoiceFilename(invoice)};
+ },
+ );
+
+ return {
+ incentiveId: metadata.incentiveId,
+ citizenId: metadata.citizenId,
+ attachmentMetadata: fileNameList,
+ };
+ } catch (error) {
+ return validationErrorExternalHandler(error);
+ }
+ }
+
+ @authorize({allowedRoles: [Roles.MAAS], voters: [checkMaas]})
+ @intercept(AffiliationInterceptor.BINDING_KEY)
+ @intercept(SubscriptionMetadataInterceptor.BINDING_KEY)
+ @post('v1/subscriptions/metadata', {
+ 'x-controller-name': 'Subscriptions',
+ summary: "Crée des métadonnées de justificatifs d'achat liées à une souscription",
+ security: SECURITY_SPEC_JWT,
+ tags: ['Subscriptions', TAG_MAAS],
+ responses: {
+ [StatusCode.Created]: {
+ description: 'Les métadonnées sont enregistrées',
+ content: {
+ 'application/json': {
+ schema: {
+ type: 'object',
+ properties: {
+ subscriptionURL: {
+ description: `URL de redirection pour initier la souscription à l'aide`,
+ type: 'string',
+ example:
+ 'https://website.${env}.moncomptemobilite.fr/subscriptions/new?incentiveId=6d0efef1-4dc9-422e-a17d-40c1bf1c37c4&metadataId=6d0efef1-4dc9-422e-a17d-40c1bf1c37c4',
+ },
+ metadataId: {
+ description: `Identifiant des metadonnées`,
+ type: 'string',
+ example: '6d0efef1-4dc9-422e-a17d-40c1bf1c37c4',
+ },
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.Unauthorized]: {
+ description: "L'utilisateur est non connecté",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 401,
+ name: 'Error',
+ message: 'Authorization header not found',
+ path: '/authorization',
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.Forbidden]: {
+ description:
+ "L'utilisateur n'a pas les droits pour envoyer les métadonnées pour cette aide",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 403,
+ name: 'Error',
+ message: 'Access denied',
+ path: '/authorization',
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.UnprocessableEntity]: {
+ description: "Les métadonnées ne sont pas conformes au contrat d'interface",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 422,
+ name: 'UnprocessableEntityError',
+ message:
+ 'The request body is invalid. See error object `details` property for more info.',
+ code: 'VALIDATION_FAILED',
+ details: [
+ {
+ path: '/attachmentMetadata/invoices/0/enterprise',
+ code: 'required',
+ message: "should have required property 'enterpriseName'",
+ info: {
+ missingProperty: 'enterpriseName',
+ },
+ },
+ ],
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async createMetadata(
+ @requestBody({
+ content: {
+ 'application/json': {
+ schema: {
+ title: 'MetadataPost',
+ allOf: [
+ {
+ type: 'object',
+ properties: {
+ incentiveId: {
+ type: 'string',
+ example: '',
+ },
+ },
+ required: ['incentiveId'],
+ },
+ {
+ type: 'object',
+ properties: {
+ attachmentMetadata: {'x-ts-type': AttachmentMetadata},
+ },
+ required: ['attachmentMetadata'],
+ },
+ ],
+ },
+ },
+ },
+ })
+ metadata: Omit,
+ ): Promise<
+ Response<{subscriptionURL: string; metadataId: string}> | HttpErrors.HttpError
+ > {
+ try {
+ const result = await this.metadataRepository.create(metadata);
+ return this.response.status(201).send({
+ // eslint-disable-next-line
+ subscriptionURL: `${WEBSITE_FQDN}/subscriptions/new?incentiveId=${result.incentiveId}&metadataId=${result.id}`,
+ metadataId: result.id,
+ });
+ } catch (error) {
+ return validationErrorExternalHandler(error);
+ }
+ }
+}
diff --git a/api/src/controllers/territory.controller.ts b/api/src/controllers/territory.controller.ts
new file mode 100644
index 0000000..1950da5
--- /dev/null
+++ b/api/src/controllers/territory.controller.ts
@@ -0,0 +1,301 @@
+import {
+ AnyObject,
+ Count,
+ CountSchema,
+ Filter,
+ repository,
+ Where,
+} from '@loopback/repository';
+import {service} from '@loopback/core';
+import {post, param, get, getModelSchemaRef, patch, requestBody} from '@loopback/rest';
+import {authenticate} from '@loopback/authentication';
+import {authorize} from '@loopback/authorization';
+import {Incentive, Territory} from '../models';
+import {IncentiveRepository, TerritoryRepository} from '../repositories';
+import {
+ AUTH_STRATEGY,
+ SECURITY_SPEC_KC_PASSWORD,
+ StatusCode,
+ Roles,
+ ResourceName,
+ SECURITY_SPEC_API_KEY,
+} from '../utils';
+import {ValidationError} from '../validationError';
+import {TerritoryService} from '../services/territory.service';
+import {removeWhiteSpace} from './utils/helpers';
+
+const ObjectId = require('mongodb').ObjectId;
+
+export class TerritoryController {
+ constructor(
+ @repository(TerritoryRepository)
+ public territoryRepository: TerritoryRepository,
+ @repository(IncentiveRepository)
+ public incentiveRepository: IncentiveRepository,
+ @service(TerritoryService)
+ public territoryService: TerritoryService,
+ ) {}
+
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({allowedRoles: [Roles.CONTENT_EDITOR]})
+ @post('/v1/territories', {
+ 'x-controller-name': 'Territories',
+ summary: 'Crée un territoire',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Le territoire est créé',
+ content: {},
+ },
+ [StatusCode.Forbidden]: {
+ description: "L'utilisateur n'a pas les droits pour gérer les territoires",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 403,
+ name: 'Error',
+ message: 'Access denied',
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.UnprocessableEntity]: {
+ description: 'Le nom de territoire que vous avez fourni existe déjà',
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 422,
+ name: 'Error',
+ message: 'territory.name.error.unique',
+ path: '/territoryName',
+ resourceName: 'Territoire',
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async create(
+ @requestBody({
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Territory, {
+ title: 'TerritoryCreation',
+ exclude: ['id'],
+ }),
+ },
+ },
+ })
+ territory: Omit,
+ ): Promise {
+ return this.territoryService.createTerritory(territory);
+ }
+
+ @authenticate(AUTH_STRATEGY.KEYCLOAK, AUTH_STRATEGY.API_KEY)
+ @authorize({
+ allowedRoles: [
+ Roles.CONTENT_EDITOR,
+ Roles.API_KEY,
+ Roles.CITIZENS,
+ Roles.CITIZENS_FC,
+ ],
+ })
+ @get('/v1/territories', {
+ 'x-controller-name': 'Territories',
+ summary: 'Retourne la liste des territoires',
+ security: SECURITY_SPEC_API_KEY,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'La liste des territoires est retournée',
+ },
+ },
+ })
+ async find(@param.filter(Territory) filter?: Filter): Promise {
+ return this.territoryRepository.find(filter);
+ }
+
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({allowedRoles: [Roles.CONTENT_EDITOR]})
+ @get('/v1/territories/count', {
+ 'x-controller-name': 'Territories',
+ summary: 'Récupère le nombre de territoires',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Le nombre de territoires est retourné',
+ content: {
+ 'application/json': {
+ schema: {...CountSchema, ...{title: 'Count'}},
+ },
+ },
+ },
+ },
+ })
+ async count(@param.where(Territory) where?: Where): Promise {
+ return this.territoryRepository.count(where);
+ }
+
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({allowedRoles: [Roles.CONTENT_EDITOR]})
+ @patch('/v1/territories/{id}', {
+ 'x-controller-name': 'Territories',
+ summary: 'Modifie un territoire',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.NoContent]: {
+ description: 'La modification est faite',
+ },
+ [StatusCode.NotFound]: {
+ description: "Le territoire que vous voulez modifier n'existe pas",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 404,
+ name: 'Error',
+ message: 'Entity not found: Territory',
+ code: 'ENTITY_NOT_FOUND',
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.Forbidden]: {
+ description: "L'utilisateur n'a pas les droits pour gérer les territoires",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 403,
+ name: 'Error',
+ message: 'Access denied',
+ },
+ },
+ },
+ },
+ },
+ [StatusCode.UnprocessableEntity]: {
+ description: 'Le nom de territoire que vous avez fourni existe déjà',
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 422,
+ name: 'Error',
+ message: 'territory.name.error.unique',
+ path: '/territoryName',
+ resourceName: 'Territoire',
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async updateById(
+ @param.path.string('id') id: string,
+ @requestBody({
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Territory, {
+ title: 'TerritoryUpdate',
+ exclude: ['id'],
+ partial: true,
+ }),
+ },
+ },
+ })
+ newTerritory: Omit,
+ ): Promise {
+ /**
+ * Removing white spaces.
+ * Exemple : " Mulhouse aglo " returns "Mulhouse aglo".
+ */
+ newTerritory.name = removeWhiteSpace(newTerritory.name);
+
+ /**
+ * Perform a case-insensitive search excluding the territory that will be updated.
+ */
+ const result: Territory | null = await this.territoryRepository.findOne({
+ where: {id: {neq: new ObjectId(id)}, name: {regexp: `/^${newTerritory.name}$/i`}},
+ });
+
+ /**
+ * Throw an error if the territory name is duplicated.
+ */
+ if (result) {
+ throw new ValidationError(
+ 'territory.name.error.unique',
+ '/territoryName',
+ StatusCode.UnprocessableEntity,
+ ResourceName.Territory,
+ );
+ }
+
+ /**
+ * Get all incentives related to the territory.
+ */
+ const incentiveWithTerritory: Incentive[] = await this.incentiveRepository.find({
+ where: {
+ 'territory.id': id,
+ } as AnyObject,
+ });
+
+ /**
+ * Loop throught the incentives and change the territory name.
+ */
+ await Promise.all(
+ incentiveWithTerritory.map((incentive: Incentive) => {
+ const queryParams = {
+ 'territory.name': newTerritory.name,
+ } as AnyObject;
+ if (incentive.territoryName) {
+ queryParams.territoryName = newTerritory.name; // TODO: REMOVING DEPRECATED territoryName.
+ }
+ return this.incentiveRepository.updateById(incentive.id, queryParams);
+ }),
+ );
+ await this.territoryRepository.updateById(id, newTerritory);
+ }
+
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({allowedRoles: [Roles.CONTENT_EDITOR]})
+ @get('/v1/territories/{id}', {
+ 'x-controller-name': 'Territories',
+ summary: `Retoune les informations d'un territoire`,
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Le territoire est retourné',
+ },
+ [StatusCode.NotFound]: {
+ description: "Le territoire n'existe pas",
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 404,
+ name: 'Error',
+ message: 'Entity not found: Territory',
+ code: 'ENTITY_NOT_FOUND',
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async findById(@param.path.string('id') id: string): Promise {
+ return this.territoryRepository.findById(id);
+ }
+}
diff --git a/api/src/controllers/user.controller.ts b/api/src/controllers/user.controller.ts
new file mode 100644
index 0000000..bc35c2b
--- /dev/null
+++ b/api/src/controllers/user.controller.ts
@@ -0,0 +1,514 @@
+import {inject} from '@loopback/core';
+import {
+ Count,
+ CountSchema,
+ repository,
+ Where,
+ AnyObject,
+ Filter,
+} from '@loopback/repository';
+import {
+ post,
+ patch,
+ param,
+ get,
+ del,
+ getModelSchemaRef,
+ requestBody,
+} from '@loopback/rest';
+import {SecurityBindings} from '@loopback/security';
+import {authenticate} from '@loopback/authentication';
+import {authorize} from '@loopback/authorization';
+
+import {head, omit, orderBy, capitalize, isEqual, intersection} from 'lodash';
+
+import {
+ UserRepository,
+ CommunityRepository,
+ UserEntityRepository,
+ KeycloakGroupRepository,
+} from '../repositories';
+import {FunderService, KeycloakService} from '../services';
+import {Community, CommunityRelations, KeycloakRole, User} from '../models';
+import {
+ ResourceName,
+ StatusCode,
+ SECURITY_SPEC_KC_PASSWORD,
+ Roles,
+ FUNDER_TYPE,
+ GROUPS,
+ AUTH_STRATEGY,
+ IUsersResult,
+ IFunder,
+ ICreate,
+ IUser,
+} from '../utils';
+import {ValidationError} from '../validationError';
+import {RequiredActionAlias} from 'keycloak-admin/lib/defs/requiredActionProviderRepresentation';
+export class UserController {
+ constructor(
+ @repository(UserRepository)
+ public userRepository: UserRepository,
+ @repository(KeycloakGroupRepository)
+ public keycloakGroupRepository: KeycloakGroupRepository,
+ @repository(UserEntityRepository)
+ public userEntityRepository: UserEntityRepository,
+ @repository(CommunityRepository)
+ public communityRepository: CommunityRepository,
+ @inject('services.KeycloakService')
+ public kcService: KeycloakService,
+ @inject('services.FunderService')
+ public funderService: FunderService,
+ @inject(SecurityBindings.USER)
+ private currentUser: IUser,
+ ) {}
+
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({allowedRoles: [Roles.CONTENT_EDITOR]})
+ @get('/v1/users/funders/count', {
+ 'x-controller-name': 'Users',
+ summary: "Récupère le nombre d'utilisateurs financeurs",
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'User model count',
+ content: {
+ 'application/json': {
+ schema: {...CountSchema, ...{title: 'Count'}},
+ },
+ },
+ },
+ },
+ })
+ async count(@param.where(User) where?: Where): Promise {
+ return this.userRepository.count(where);
+ }
+
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({allowedRoles: [Roles.CONTENT_EDITOR]})
+ @get('/v1/users/funders', {
+ 'x-controller-name': 'Users',
+ summary: 'Retourne les utilisateurs financeurs',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Array of User model instances',
+ content: {
+ 'application/json': {
+ schema: {
+ type: 'array',
+ items: getModelSchemaRef(User),
+ },
+ },
+ },
+ },
+ },
+ })
+ async find(@param.filter(User) filter?: Filter): Promise {
+ const funders = await this.funderService.getFunders();
+ const users: User[] = await this.userRepository.find(filter);
+
+ const usersResult: Promise[] =
+ users &&
+ users.map(async (user: User) => {
+ const funder: IFunder | undefined =
+ funders && funders.find((fnd: IFunder) => fnd.id === user.funderId);
+
+ let communities = undefined;
+ if (user.communityIds && user.communityIds.length >= 0) {
+ communities = await Promise.all(
+ user.communityIds?.map((id: string) =>
+ this.communityRepository.find({
+ where: {id},
+ fields: {name: true},
+ }),
+ ),
+ );
+ }
+
+ const community: string[] | undefined = communities?.map(
+ (res: (Community & CommunityRelations)[]) => res[0].name,
+ );
+
+ const roles: KeycloakRole[] = await this.userEntityRepository.getUserRoles(
+ user.id,
+ );
+
+ const rolesFormatted: string[] = roles.map(({name}) => name);
+
+ const funderRoles: string[] =
+ await this.keycloakGroupRepository.getSubGroupFunderRoles();
+
+ const funderRolesUser: string[] = intersection(
+ rolesFormatted,
+ funderRoles,
+ ).filter(x => x);
+
+ const rolesMatchedAndMapped =
+ funderRolesUser &&
+ funderRolesUser
+ .map((elt: string) => capitalize(elt.replace(/s$/, '')))
+ .join(' ; ');
+
+ return {
+ ...user,
+ funderType: capitalize(funder?.funderType),
+ communityName: community
+ ? community.join(' ; ')
+ : rolesMatchedAndMapped === 'Superviseur'
+ ? ''
+ : funderRolesUser
+ ? 'Ensemble du périmètre financeur'
+ : null,
+ funderName: funder?.name,
+ roles: rolesMatchedAndMapped,
+ };
+ });
+
+ const resolved = await Promise.all(
+ orderBy(usersResult, ['funderName', 'lastName'], ['asc']),
+ );
+
+ return resolved;
+ }
+
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({allowedRoles: [Roles.CONTENT_EDITOR]})
+ @post('/v1/users', {
+ 'x-controller-name': 'Users',
+ summary: 'Crée un utilisateur financeur',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'User financeur model instance',
+ content: {'application/json': {schema: getModelSchemaRef(User)}},
+ },
+ [StatusCode.PreconditionFailed]: {
+ description: `Votre entreprise n'accepte pas l'affiliation manuelle`,
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 412,
+ name: 'Error',
+ message: 'users.funder.manualAffiliation.refuse',
+ path: '/users',
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async create(
+ @requestBody({
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(User),
+ },
+ },
+ })
+ user: User,
+ ): Promise {
+ let keycloakResult: ICreate = {id: ''};
+ try {
+ const funders = await this.funderService.getFunders();
+ const fundersFiltered = head(funders.filter(({id}) => id === user.funderId));
+
+ /**
+ * Check if this user's company accepts manual affiliation
+ */
+ if (!fundersFiltered?.hasManualAffiliation && user.canReceiveAffiliationMail) {
+ throw new ValidationError(
+ `users.funder.manualAffiliation.refuse`,
+ `/users`,
+ StatusCode.PreconditionFailed,
+ ResourceName.User,
+ );
+ }
+
+ if (fundersFiltered) {
+ const {name, funderType, emailFormat} = fundersFiltered;
+ if (
+ funderType === FUNDER_TYPE.collectivity ||
+ emailFormat?.some((format: string) => user.email.endsWith(format))
+ ) {
+ const availableRoles =
+ await this.keycloakGroupRepository.getSubGroupFunderRoles();
+ const {roles, funderId, communityIds} = user;
+
+ if (isEqual(intersection(availableRoles, roles).sort(), roles.sort())) {
+ const availableCommunities: Community[] =
+ await this.communityRepository.findByFunderId(funderId);
+ const conditionNoCommunities =
+ (!communityIds || communityIds.length === 0) &&
+ availableCommunities &&
+ availableCommunities.length === 0;
+
+ const conditionMismatch =
+ !conditionNoCommunities &&
+ communityIds &&
+ isEqual(
+ intersection(
+ availableCommunities.map(({id}) => id),
+ communityIds,
+ ).sort(),
+ communityIds.sort(),
+ );
+
+ if (
+ !roles.includes(Roles.MANAGERS) ||
+ (roles.includes(Roles.MANAGERS) &&
+ (conditionNoCommunities || conditionMismatch))
+ ) {
+ const actions: RequiredActionAlias[] = [
+ RequiredActionAlias.VERIFY_EMAIL,
+ RequiredActionAlias.UPDATE_PASSWORD,
+ ];
+ keycloakResult = await this.kcService.createUserKc(
+ {
+ ...user,
+ funderName: name,
+ group: [
+ `/${
+ funderType === FUNDER_TYPE.collectivity
+ ? GROUPS.collectivities
+ : GROUPS.enterprises
+ }/${name}`,
+ ...user.roles.map(role => `${GROUPS.funders}/${role}`),
+ ],
+ },
+ actions,
+ );
+ if (keycloakResult && keycloakResult.id) {
+ user.id = keycloakResult.id;
+ const propertiesToOmit = roles.includes(Roles.MANAGERS)
+ ? ['password', 'roles']
+ : ['password', 'roles', 'communityIds'];
+ const userRepo = omit(user, propertiesToOmit);
+
+ await this.userRepository.create(userRepo);
+
+ // Send mail to set password and activate account.
+ await this.kcService.sendExecuteActionsEmailUserKc(
+ keycloakResult.id,
+ actions,
+ );
+
+ // returning id because of react-admin specifications
+ return {
+ id: userRepo.id,
+ email: userRepo.email,
+ lastName: userRepo.lastName,
+ firstName: userRepo.firstName,
+ };
+ }
+ return keycloakResult;
+ }
+ throw new ValidationError(
+ `users.error.communities.mismatch`,
+ `/users`,
+ StatusCode.UnprocessableEntity,
+ ResourceName.User,
+ );
+ }
+ throw new ValidationError(
+ `users.error.roles.mismatch`,
+ `/users`,
+ StatusCode.UnprocessableEntity,
+ ResourceName.User,
+ );
+ }
+
+ throw new ValidationError(
+ `email.error.emailFormat`,
+ `/users`,
+ StatusCode.UnprocessableEntity,
+ ResourceName.User,
+ );
+ }
+ throw new ValidationError(
+ `users.error.funders.missed`,
+ `/users`,
+ StatusCode.UnprocessableEntity,
+ ResourceName.User,
+ );
+ } catch (error) {
+ if (keycloakResult && keycloakResult.id) {
+ await this.kcService.deleteUserKc(keycloakResult.id);
+ }
+ throw error;
+ }
+ }
+
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({allowedRoles: [Roles.CONTENT_EDITOR]})
+ @get('/v1/users/roles', {
+ 'x-controller-name': 'Users',
+ summary: 'Retourne les rôles des utilisateurs financeurs',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Array of roles',
+ content: {
+ 'application/json': {
+ schema: {
+ type: 'array',
+ items: {
+ type: 'string',
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async getRolesForUsers(): Promise {
+ return this.keycloakGroupRepository.getSubGroupFunderRoles();
+ }
+
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({
+ allowedRoles: [Roles.CONTENT_EDITOR, Roles.FUNDERS],
+ })
+ @get('/v1/users/{userId}', {
+ 'x-controller-name': 'Users',
+ summary: "Retourne les informations de l'utilisateur financeur",
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'User model instance',
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(User),
+ },
+ },
+ },
+ },
+ })
+ async findUserById(
+ @param.path.string('userId', {
+ description: `L'identifiant de l'utilisateur financeur`,
+ })
+ userId: string,
+ ): Promise {
+ const isContentEditor = this.currentUser?.roles?.includes(Roles.CONTENT_EDITOR);
+
+ if (this.currentUser?.id !== userId && !isContentEditor) {
+ throw new ValidationError(`Access Denied`, `/authorization`, StatusCode.Forbidden);
+ }
+
+ const rolesQuery: KeycloakRole[] = await this.userEntityRepository.getUserRoles(
+ userId,
+ );
+ const rolesFormatted: string[] = rolesQuery.map(({name}) => name);
+ const user: User = await this.userRepository.findById(userId);
+
+ const res: any = {
+ ...user,
+ roles: rolesFormatted,
+ };
+
+ return res;
+ }
+
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({allowedRoles: [Roles.CONTENT_EDITOR]})
+ @patch('/v1/users/{userId}', {
+ 'x-controller-name': 'Users',
+ summary: 'Modifie un utilisateur financeur',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'Utilisateur patch success',
+ },
+ [StatusCode.PreconditionFailed]: {
+ description: `Votre entreprise n'accepte pas l'affiliation manuelle`,
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(Error),
+ example: {
+ error: {
+ statusCode: 412,
+ name: 'Error',
+ message: 'users.funder.manualAffiliation.refuse',
+ path: '/users',
+ },
+ },
+ },
+ },
+ },
+ },
+ })
+ async updateById(
+ @param.path.string('userId', {
+ description: `L'identifiant de l'utilisateur financeur`,
+ })
+ userId: string,
+ @requestBody({
+ content: {
+ 'application/json': {
+ schema: getModelSchemaRef(User, {title: 'UserUpdate', partial: true}),
+ },
+ },
+ })
+ user: User,
+ ): Promise<{id: string}> {
+ /**
+ * Check if this user's company accepts manual affiliation
+ */
+ if (user?.canReceiveAffiliationMail) {
+ const funders = await this.funderService.getFunders();
+ const filteredFunder = head(funders.filter(({id}) => id === user.funderId));
+
+ if (!filteredFunder?.hasManualAffiliation) {
+ throw new ValidationError(
+ `users.funder.manualAffiliation.refuse`,
+ `/users`,
+ StatusCode.PreconditionFailed,
+ ResourceName.User,
+ );
+ }
+ }
+
+ const userRepo: User = await this.userRepository.findById(userId);
+ if (userRepo) {
+ const {roles} = user;
+ const propertiesToOmit = ['roles'];
+
+ if (user.communityIds) {
+ user.communityIds = roles.includes(Roles.MANAGERS) ? user.communityIds : [];
+ }
+
+ const userOmit = omit(user, propertiesToOmit);
+ await this.kcService.updateUserGroupsKc(userId, roles);
+ await this.kcService.updateUser(userId, userOmit);
+ await this.userRepository.updateById(userId, userOmit);
+ }
+ return {id: userId};
+ }
+
+ @authenticate(AUTH_STRATEGY.KEYCLOAK)
+ @authorize({allowedRoles: [Roles.CONTENT_EDITOR]})
+ @del('/v1/users/{userId}', {
+ 'x-controller-name': 'Users',
+ summary: 'Supprime un utilisateur financeur',
+ security: SECURITY_SPEC_KC_PASSWORD,
+ responses: {
+ [StatusCode.Success]: {
+ description: 'utilisateur DELETE success',
+ },
+ },
+ })
+ async deleteById(
+ @param.path.string('userId', {
+ description: `L'identifiant de l'utilisateur financeur`,
+ })
+ userId: string,
+ ): Promise<{id: string}> {
+ await this.kcService.deleteUserKc(userId);
+ await this.userRepository.deleteById(userId);
+ return {id: userId};
+ }
+}
diff --git a/api/src/controllers/utils/helpers.ts b/api/src/controllers/utils/helpers.ts
new file mode 100644
index 0000000..4a1addc
--- /dev/null
+++ b/api/src/controllers/utils/helpers.ts
@@ -0,0 +1,127 @@
+import {Subscription} from '../../models';
+import {FUNDER_TYPE, IDashboardCitizenIncentiveList, INCENTIVE_TYPE} from '../../utils';
+
+/**
+ * INTERFACES
+ *
+ *
+ *
+ *
+ */
+interface SearchQueryDate {
+ startDate: Date;
+ endDate: Date;
+}
+
+/**
+ * get the percentage of the validated subscription
+ */
+export const calculatePercentage = (
+ incentiveList: Array,
+ totalCitizensCount: number,
+): Array => {
+ incentiveList.forEach((incentive: IDashboardCitizenIncentiveList) => {
+ incentive.validatedSubscriptionPercentage = Math.round(
+ (100 * incentive.totalSubscriptionsCount) / totalCitizensCount,
+ );
+ });
+
+ return incentiveList;
+};
+
+/**
+ * get valid date depending on the year and semester values
+ */
+export const setValidDate = (year: string, semester: string) => {
+ const newValidDate: SearchQueryDate = {
+ startDate: new Date(),
+ endDate: new Date(),
+ };
+
+ /**
+ * determine start and end Date for year
+ */
+ newValidDate.startDate = new Date(year);
+ newValidDate.endDate = new Date(
+ newValidDate.startDate.getFullYear() + 1,
+ newValidDate.startDate.getMonth(),
+ newValidDate.startDate.getDate(),
+ );
+
+ /**
+ * determine start and end Date for semester additional filter
+ * set the first semester
+ */
+ if (Number(semester) === 1) {
+ newValidDate.endDate = new Date(
+ newValidDate.startDate.getFullYear(),
+ newValidDate.startDate.getMonth() + 6,
+ newValidDate.startDate.getDate(),
+ );
+ }
+
+ /**
+ * set the second semester
+ */
+ if (Number(semester) === 2) {
+ newValidDate.endDate = new Date(
+ newValidDate.startDate.getFullYear() + 1,
+ newValidDate.startDate.getMonth(),
+ newValidDate.startDate.getDate(),
+ );
+
+ newValidDate.startDate = new Date(
+ newValidDate.startDate.getFullYear(),
+ newValidDate.startDate.getMonth() + 6,
+ newValidDate.startDate.getDate(),
+ );
+ }
+
+ return newValidDate;
+};
+
+/**
+ * sort the demands list by the total subscriptions count
+ * @returns sorted list
+ */
+export const isFirstElementGreater = (
+ a: {totalSubscriptionsCount: number},
+ b: {totalSubscriptionsCount: number},
+) => {
+ if (a.totalSubscriptionsCount > b.totalSubscriptionsCount) {
+ return -1;
+ }
+ return 0;
+};
+
+/**
+ * Returns list of emails and funderType based on incentive type
+ */
+export const getFunderTypeAndListEmails = (subscription: Subscription) => {
+ const listEmails: string[] = [subscription.email];
+
+ let funderType: FUNDER_TYPE;
+
+ if (subscription.incentiveType === INCENTIVE_TYPE.EMPLOYER_INCENTIVE) {
+ funderType = FUNDER_TYPE.enterprise;
+ if (subscription.enterpriseEmail) {
+ listEmails.push(subscription.enterpriseEmail);
+ }
+ } else if (subscription.incentiveType === INCENTIVE_TYPE.TERRITORY_INCENTIVE) {
+ funderType = FUNDER_TYPE.collectivity;
+ }
+ return {listEmails: listEmails, funderType: funderType!};
+};
+
+/**
+ * Returns the string with white spaces removed
+ */
+export const removeWhiteSpace = (word: string): string => {
+ /**
+ * Regex for removing white spaces.
+ * Exemple : " Removing white spaces " returns "Removing white spaces".
+ */
+ const removeSpacesRegex: RegExp = new RegExp('^\\s+|\\s+$|\\s+(?=\\s)', 'g');
+ const newWord: string = word.replace(removeSpacesRegex, '');
+ return newWord;
+};
diff --git a/api/src/controllers/utils/incentiveExample.ts b/api/src/controllers/utils/incentiveExample.ts
new file mode 100644
index 0000000..431d760
--- /dev/null
+++ b/api/src/controllers/utils/incentiveExample.ts
@@ -0,0 +1,210 @@
+export const incentiveExample = [
+ {
+ id: '',
+ title: 'Aide pour acheter vélo électrique',
+ description: `Sous conditions d'éligibilité,\
+ Mulhouse met à disposition une aide au financement d'un vélo électrique`,
+ territory: {name: 'Mulhouse', id: 'randomTerritoryId'},
+ funderName: 'Mulhouse',
+ incentiveType: 'AideTerritoire',
+ conditions: "Fournir une preuve d'achat d'un vélo électrique",
+ paymentMethod: 'Remboursement par virement',
+ allocatedAmount: '500 €',
+ minAmount: '50 €',
+ transportList: ['electrique'],
+ attachments: ['Justificatif de domicile'],
+ additionalInfos: 'Aide mise à disposition uniquement pour les habitants de Mulhouse',
+ contact: 'Contactez le numéro vert au 05 206 308',
+ validityDuration: '12 mois',
+ validityDate: '2024-07-31',
+ isMCMStaff: false,
+ subscriptionLink: 'https://www.mulhouse.com',
+ createdAt: '2022-01-01 00:00:00.000Z',
+ updatedAt: '2022-01-02 00:00:00.000Z',
+ funderId: '25eb2670-7984-4ff8-b43c-515a694edfe0',
+ },
+ {
+ id: '',
+ title: 'Aide pour acheter scooter électrique',
+ description: `Sous conditions d'éligibilité,\
+ Capgemini Toulouse met à disposition une aide au financement d'un scooter électrique`,
+ territory: {name: 'Toulouse', id: 'randomTerritoryId'},
+ funderName: 'Capgemini',
+ incentiveType: 'AideEmployeur',
+ conditions: "Fournir une preuve d'achat d'un scooter électrique",
+ paymentMethod: 'Remboursement par virement',
+ allocatedAmount: '500 €',
+ minAmount: '50 €',
+ transportList: ['electrique'],
+ attachments: ['identite', 'factureAchat'],
+ additionalInfos: 'Aide mise à disposition uniquement pour les habitants de Toulouse',
+ contact: 'Contactez le numéro vert au 05 206 308',
+ validityDuration: '12 mois',
+ validityDate: '2024-07-31',
+ isMCMStaff: false,
+ subscriptionLink: 'https://www.capgemini.com',
+ createdAt: '2022-01-01 00:00:00.000Z',
+ updatedAt: '2022-01-02 00:00:00.000Z',
+ funderId: '93a294b9-4ac3-483d-9831-ebe6e3609c29',
+ },
+ {
+ id: '',
+ title: 'Bonus écologique',
+ description: `Profiter d'un bonus écologique pour les personnes,\
+ qui souhaitent acquérir une voiture électrique ou hybride`,
+ territory: {name: 'France entière', id: 'randomTerritoryId'},
+ funderName: 'État français',
+ incentiveType: 'AideNationale',
+ conditions: 'Acheter une voiture hybride ou électrique à compter du 1er janvier 2022',
+ paymentMethod: `Aide de l'état`,
+ allocatedAmount: '500 €',
+ minAmount: '1000 €',
+ transportList: ['voiture'],
+ attachments: ['identite', 'factureAchat'],
+ additionalInfos: 'Aide mise à disposition uniquement pour les habitants de Toulouse',
+ contact: 'Contactez le numéro vert au 05 206 308',
+ validityDuration: '12 mois',
+ validityDate: '2024-07-31',
+ isMCMStaff: false,
+ subscriptionLink: 'www.primealaconversion.gouv.fr',
+ createdAt: '2022-01-01 00:00:00.000Z',
+ updatedAt: '2022-01-02 00:00:00.000Z',
+ },
+ {
+ id: '',
+ title: 'Le vélo électrique arrive à Mulhouse !',
+ description: `Sous conditions d'éligibilité,\
+ Mulhouse met à disposition une aide au financement d'un vélo électrique`,
+ territory: {name: 'Mulhouse', id: 'randomTerritoryId'},
+ funderName: 'Mulhouse',
+ incentiveType: 'AideTerritoire',
+ conditions: "Fournir une preuve d'achat d'un vélo électrique",
+ paymentMethod: 'Remboursement par virement',
+ allocatedAmount: '500 €',
+ minAmount: '50 €',
+ transportList: ['electrique'],
+ attachments: ['Justificatif de domicile'],
+ additionalInfos: 'Aide mise à disposition uniquement pour les habitants de Mulhouse',
+ contact: 'Contactez le numéro vert au 05 206 308',
+ validityDuration: '12 mois',
+ validityDate: '2024-07-31',
+ isMCMStaff: true,
+ specificFields: [
+ {
+ title: 'Statut marital',
+ inputFormat: 'listeChoix',
+ choiceList: {
+ possibleChoicesNumber: 1,
+ inputChoiceList: [
+ {
+ inputChoice: 'Marié',
+ },
+ ],
+ },
+ },
+ ],
+ jsonSchema: {
+ properties: {
+ 'Statut marital': {
+ type: 'array',
+ maxItems: 1,
+ items: {
+ enum: ['Marié', 'Célibataire'],
+ },
+ },
+ },
+ type: 'object',
+ required: ['Statut marital'],
+ additionalProperties: false,
+ },
+ createdAt: '2022-01-01 00:00:00.000Z',
+ updatedAt: '2022-01-02 00:00:00.000Z',
+ funderId: 'e13c5de9-d695-4c03-b7b7-9efdd13d937c',
+ },
+];
+
+export const incentiveContentDifferentExample = {
+ response: [
+ {
+ id: '',
+ title: 'Aide pour acheter vélo électrique',
+ description: `Sous conditions d'éligibilité,\
+ Mulhouse met à disposition une aide au financement d'un vélo électrique`,
+ territory: {name: 'Mulhouse', id: 'randomTerritoryId'},
+ funderName: 'Mulhouse',
+ incentiveType: 'AideTerritoire',
+ conditions: "Fournir une preuve d'achat d'un vélo électrique",
+ paymentMethod: 'Remboursement par virement',
+ allocatedAmount: '500 €',
+ minAmount: '50 €',
+ transportList: ['electrique'],
+ validityDuration: '12 mois',
+ validityDate: '2024-07-31',
+ isMCMStaff: false,
+ createdAt: '2022-01-01 00:00:00.000Z',
+ updatedAt: '2022-01-02 00:00:00.000Z',
+ funderId: '25eb2670-7984-4ff8-b43c-515a694edfe0',
+ },
+ {
+ id: '',
+ title: 'Aide pour acheter scooter électrique',
+ description: `Sous conditions d'éligibilité,\
+ Capgemini Toulouse met à disposition une aide au financement d'un scooter électrique`,
+ territory: {name: 'Toulouse', id: 'randomTerritoryId'},
+ funderName: 'Capgemini',
+ incentiveType: 'AideEmployeur',
+ conditions: "Fournir une preuve d'achat d'un scooter électrique",
+ paymentMethod: 'Remboursement par virement',
+ allocatedAmount: '500 €',
+ minAmount: '50 €',
+ transportList: ['electrique'],
+ validityDuration: '12 mois',
+ validityDate: '2024-07-31',
+ isMCMStaff: false,
+ createdAt: '2022-01-01 00:00:00.000Z',
+ updatedAt: '2022-01-02 00:00:00.000Z',
+ funderId: '93a294b9-4ac3-483d-9831-ebe6e3609c29',
+ },
+ {
+ id: '',
+ title: 'Bonus écologique',
+ description: `Profiter d'un bonus écologique pour les personnes,\
+ qui souhaitent acquérir une voiture électrique ou hybride`,
+ territory: {name: 'France entière', id: 'randomTerritoryId'},
+ funderName: 'État français',
+ incentiveType: 'AideNationale',
+ conditions:
+ 'Acheter une voiture hybride ou électrique à compter du 1er janvier 2022',
+ paymentMethod: `Aide de l'état`,
+ allocatedAmount: '500 €',
+ minAmount: '1000 €',
+ transportList: ['voiture'],
+ validityDuration: '12 mois',
+ validityDate: '2024-07-31',
+ isMCMStaff: false,
+ createdAt: '2022-01-01 00:00:00.000Z',
+ updatedAt: '2022-01-02 00:00:00.000Z',
+ },
+ {
+ id: '',
+ title: 'Le vélo électrique arrive à Mulhouse !',
+ description: `Sous conditions d'éligibilité,\
+ Mulhouse met à disposition une aide au financement d'un vélo électrique`,
+ territory: {name: 'Mulhouse', id: 'randomTerritoryId'},
+ funderName: 'Mulhouse',
+ incentiveType: 'AideTerritoire',
+ conditions: "Fournir une preuve d'achat d'un vélo électrique",
+ paymentMethod: 'Remboursement par virement',
+ allocatedAmount: '500 €',
+ minAmount: '50 €',
+ transportList: ['electrique'],
+ validityDuration: '12 mois',
+ validityDate: '2024-07-31',
+ isMCMStaff: true,
+ createdAt: '2022-01-01 00:00:00.000Z',
+ updatedAt: '2022-01-02 00:00:00.000Z',
+ funderId: 'e13c5de9-d695-4c03-b7b7-9efdd13d937c',
+ },
+ ],
+ message: "Le Citoyen est bien affilié à son employeur, mais il ne dispose pas d'aides.",
+};
diff --git a/api/src/cronjob/index.ts b/api/src/cronjob/index.ts
new file mode 100644
index 0000000..4526765
--- /dev/null
+++ b/api/src/cronjob/index.ts
@@ -0,0 +1,3 @@
+export * from './rabbitmqCronJob';
+export * from './subscriptionCronJob';
+export * from './nonActivatedAccountDeletionCronJob';
diff --git a/api/src/cronjob/nonActivatedAccountDeletionCronJob.ts b/api/src/cronjob/nonActivatedAccountDeletionCronJob.ts
new file mode 100644
index 0000000..ccdec26
--- /dev/null
+++ b/api/src/cronjob/nonActivatedAccountDeletionCronJob.ts
@@ -0,0 +1,74 @@
+import {service} from '@loopback/core';
+import {CronJob, cronJob} from '@loopback/cron';
+
+import {CronJobService, CitizenService} from '../services';
+import {CronJob as CronJobModel} from '../models';
+
+import {CRON_TYPES, logger} from '../utils';
+import {isAfterDate} from '../utils/date';
+
+@cronJob()
+export class NonActivatedAccountDeletionCronJob extends CronJob {
+ // Cron's type
+ private cronType: string = CRON_TYPES.DELETE_SUBSCRIPTION;
+
+ constructor(
+ @service(CronJobService)
+ public cronJobService: CronJobService,
+ @service(CitizenService)
+ public citizenService: CitizenService,
+ ) {
+ super({
+ name: 'nonActivatedAccountDeletion-job',
+ onTick: async () => {
+ logger.info(`${NonActivatedAccountDeletionCronJob.name} - ticked`);
+ await this.performJob();
+ },
+ cronTime: '0 3 * * *',
+ start: false,
+ });
+ }
+
+ // cron process
+ private async createCron(): Promise {
+ let createdCronId: CronJobModel | null = null;
+ try {
+ createdCronId = await this.cronJobService.createCronLog(this.cronType);
+ logger.info(`${NonActivatedAccountDeletionCronJob.name} created`);
+ await this.citizenService.accountDeletionService();
+ await this.cronJobService.delCronLog(this.cronType);
+ logger.info(`${NonActivatedAccountDeletionCronJob.name} finished`);
+ } catch (error) {
+ if (createdCronId && createdCronId.id) {
+ await this.cronJobService.delCronLogById(createdCronId.id);
+ }
+ throw new Error(`${error}`);
+ }
+ }
+
+ /**
+ * Perform cron job
+ */
+ private async performJob(): Promise {
+ try {
+ // Get active crons jobs
+ const activeCronList: CronJobModel[] = await this.cronJobService.getCronsLog();
+
+ // Check if this cron is already in use
+ const cronAlreadyInUse: CronJobModel[] | [] = activeCronList.filter(
+ (cron: CronJobModel) => cron.type === this.cronType,
+ );
+ if (
+ cronAlreadyInUse?.[0]?.createdAt &&
+ isAfterDate(cronAlreadyInUse?.[0]?.createdAt, 2)
+ ) {
+ // Delete old log
+ await this.cronJobService.delCronLog(this.cronType);
+ }
+
+ await this.createCron();
+ } catch (err) {
+ logger.error(`${NonActivatedAccountDeletionCronJob.name}: ${err}`);
+ }
+ }
+}
diff --git a/api/src/cronjob/rabbitmqCronJob.ts b/api/src/cronjob/rabbitmqCronJob.ts
new file mode 100644
index 0000000..e5da0b2
--- /dev/null
+++ b/api/src/cronjob/rabbitmqCronJob.ts
@@ -0,0 +1,62 @@
+import {inject, service} from '@loopback/core';
+import {CronJob, cronJob} from '@loopback/cron';
+
+import {isEqual, difference} from 'lodash';
+
+import {ParentProcessService, RabbitmqService} from '../services';
+import {EVENT_MESSAGE, UPDATE_MODE, logger} from '../utils';
+
+@cronJob()
+export class RabbitmqCronJob extends CronJob {
+ private enterpriseHRISNameList: string[] = [];
+
+ constructor(
+ @service(RabbitmqService)
+ public rabbitmqService: RabbitmqService,
+ @inject('services.ParentProcessService')
+ public parentProcessService: ParentProcessService,
+ ) {
+ super({
+ name: 'rabbitmq-job',
+ onTick: async () => {
+ logger.info(`${RabbitmqCronJob.name} - ticked`);
+ await this.performJob();
+ },
+ cronTime: '0 2 * * *',
+ start: false,
+ });
+
+ // Start cronjob once process is ready
+ this.parentProcessService.on(
+ EVENT_MESSAGE.READY,
+ () => this.fireOnTick() && this.start(),
+ );
+ }
+
+ /**
+ * Perform cron job
+ */
+ private async performJob(): Promise {
+ try {
+ const repositoryList: string[] =
+ await this.rabbitmqService.getHRISEnterpriseNameList();
+
+ // If arrays are the same, no need to send updated list
+ if (!isEqual(repositoryList, this.enterpriseHRISNameList)) {
+ // Find added HRIS enterprise
+ const added = difference(repositoryList, this.enterpriseHRISNameList);
+
+ // Find deleted HRIS enterprise
+ const deleted = difference(this.enterpriseHRISNameList, repositoryList);
+
+ this.enterpriseHRISNameList = repositoryList;
+ this.parentProcessService.emit(EVENT_MESSAGE.UPDATE, {
+ type: EVENT_MESSAGE.UPDATE,
+ data: {[UPDATE_MODE.ADD]: added, [UPDATE_MODE.DELETE]: deleted},
+ });
+ }
+ } catch (err) {
+ throw new Error('An error occurred');
+ }
+ }
+}
diff --git a/api/src/cronjob/subscriptionCronJob.ts b/api/src/cronjob/subscriptionCronJob.ts
new file mode 100644
index 0000000..3bda382
--- /dev/null
+++ b/api/src/cronjob/subscriptionCronJob.ts
@@ -0,0 +1,74 @@
+import {service} from '@loopback/core';
+import {CronJob, cronJob} from '@loopback/cron';
+
+import {CronJobService, SubscriptionService} from '../services';
+import {CronJob as CronJobModel} from '../models';
+
+import {logger, CRON_TYPES} from '../utils';
+import {isAfterDate} from '../utils/date';
+
+@cronJob()
+export class SubscriptionCronJob extends CronJob {
+ // Cron's type
+ private cronType: string = CRON_TYPES.DELETE_SUBSCRIPTION;
+
+ constructor(
+ @service(CronJobService)
+ public cronJobService: CronJobService,
+ @service(SubscriptionService)
+ public subscriptionService: SubscriptionService,
+ ) {
+ super({
+ name: 'subscription-job',
+ onTick: async () => {
+ logger.info(`${SubscriptionCronJob.name} - ticked`);
+ await this.performJob();
+ },
+ cronTime: '0 2 * * *',
+ start: false,
+ });
+ }
+
+ // cron process
+ private async createCron(): Promise {
+ let createdCronId: CronJobModel | null = null;
+ try {
+ createdCronId = await this.cronJobService.createCronLog(this.cronType);
+ logger.info(`${SubscriptionCronJob.name} created`);
+ await this.subscriptionService.deleteSubscription();
+ await this.cronJobService.delCronLog(this.cronType);
+ logger.info(`${SubscriptionCronJob.name} finished`);
+ } catch (error) {
+ if (createdCronId && createdCronId.id) {
+ await this.cronJobService.delCronLogById(createdCronId.id);
+ }
+ throw new Error(`${error}`);
+ }
+ }
+
+ /**
+ * Perform cron job
+ */
+ private async performJob(): Promise {
+ try {
+ // Get active crons jobs
+ const activeCronList: CronJobModel[] = await this.cronJobService.getCronsLog();
+
+ // Check if this cron is already in use
+ const cronAlreadyInUse: CronJobModel[] | [] = activeCronList.filter(
+ (cron: CronJobModel) => cron.type === this.cronType,
+ );
+ if (
+ cronAlreadyInUse?.[0]?.createdAt &&
+ isAfterDate(cronAlreadyInUse?.[0]?.createdAt, 2)
+ ) {
+ // Delete old log
+ await this.cronJobService.delCronLog(this.cronType);
+ }
+
+ await this.createCron();
+ } catch (err) {
+ logger.error(`${SubscriptionCronJob.name}: ${err}`);
+ }
+ }
+}
diff --git a/api/src/datasources/README.md b/api/src/datasources/README.md
new file mode 100644
index 0000000..57ae382
--- /dev/null
+++ b/api/src/datasources/README.md
@@ -0,0 +1,3 @@
+# Datasources
+
+This directory contains config for datasources used by this app.
diff --git a/api/src/datasources/idpdb-ds.datasource.ts b/api/src/datasources/idpdb-ds.datasource.ts
new file mode 100644
index 0000000..e240fa5
--- /dev/null
+++ b/api/src/datasources/idpdb-ds.datasource.ts
@@ -0,0 +1,32 @@
+import {inject, lifeCycleObserver, LifeCycleObserver} from '@loopback/core';
+import {juggler} from '@loopback/repository';
+
+const config = {
+ name: 'idpdbDS',
+ connector: 'postgresql',
+ host: process.env.IDP_DB_HOST ?? 'localhost',
+ port: process.env.IDP_DB_PORT ?? 5432,
+ user: process.env.IDP_DB_SERVICE_USER ?? 'admin',
+ password: process.env.IDP_DB_SERVICE_PASSWORD ?? 'pass',
+ database: process.env.IDP_DB_DATABASE ?? 'idp_db',
+ ssl:
+ process.env.LANDSCAPE && process.env.LANDSCAPE !== 'preview'
+ ? {
+ rejectUnauthorized: true,
+ ca: Buffer.from(process.env.PGSQL_FLEX_SSL_CERT!, 'base64').toString('utf-8'),
+ }
+ : null,
+};
+
+@lifeCycleObserver('datasource')
+export class IdpDbDataSource extends juggler.DataSource implements LifeCycleObserver {
+ static dataSourceName = 'idpdbDS';
+ static readonly defaultConfig = config;
+
+ constructor(
+ @inject('datasources.config.idpdbDS', {optional: true})
+ dsConfig: object = config,
+ ) {
+ super(dsConfig);
+ }
+}
diff --git a/api/src/datasources/index.ts b/api/src/datasources/index.ts
new file mode 100644
index 0000000..4dd6aeb
--- /dev/null
+++ b/api/src/datasources/index.ts
@@ -0,0 +1,2 @@
+export * from './mongo-ds.datasource';
+export * from './idpdb-ds.datasource';
diff --git a/api/src/datasources/mongo-ds.datasource.ts b/api/src/datasources/mongo-ds.datasource.ts
new file mode 100644
index 0000000..95a3892
--- /dev/null
+++ b/api/src/datasources/mongo-ds.datasource.ts
@@ -0,0 +1,43 @@
+import {inject, lifeCycleObserver, LifeCycleObserver} from '@loopback/core';
+import {juggler} from '@loopback/repository';
+
+const configProd = {
+ name: 'mongoDS',
+ connector: 'mongodb',
+ url: `mongodb+srv://${process.env.MONGO_SERVICE_USER}:${process.env.MONGO_SERVICE_PASSWORD}@${process.env.MONGO_HOST}/${process.env.MONGO_DATABASE}?retryWrites=true&w=majority`,
+};
+
+const configPreview = {
+ name: 'mongoDS',
+ connector: 'mongodb',
+ host: process.env.MONGO_HOST ?? 'localhost',
+ port: process.env.MONGO_PORT ?? 27017,
+ user: process.env.MONGO_SERVICE_USER ?? 'admin',
+ password: process.env.MONGO_SERVICE_PASSWORD ?? 'pass',
+ database: process.env.MONGO_DATABASE ?? 'mcm',
+ authSource: process.env.MONGO_AUTH_SOURCE ?? 'admin',
+ useNewUrlParser: true,
+ allowExtendedOperators: true,
+};
+
+const config =
+ process.env.LANDSCAPE && process.env.LANDSCAPE !== 'preview'
+ ? configProd
+ : configPreview;
+
+// Observe application's life cycle to disconnect the datasource when
+// application is stopped. This allows the application to be shut down
+// gracefully. The `stop()` method is inherited from `juggler.DataSource`.
+// Learn more at https://loopback.io/doc/en/lb4/Life-cycle.html
+@lifeCycleObserver('datasource')
+export class MongoDsDataSource extends juggler.DataSource implements LifeCycleObserver {
+ static dataSourceName = 'mongoDS';
+ static readonly defaultConfig = config;
+
+ constructor(
+ @inject('datasources.config.mongoDS', {optional: true})
+ dsConfig: object = config,
+ ) {
+ super(dsConfig);
+ }
+}
diff --git a/api/src/index.ts b/api/src/index.ts
new file mode 100644
index 0000000..b737578
--- /dev/null
+++ b/api/src/index.ts
@@ -0,0 +1,39 @@
+import {ApplicationConfig, App} from './application';
+import {logger} from './utils';
+
+export async function main(options: ApplicationConfig = {}) {
+ const app = new App(options);
+ await app.boot();
+ await app.start();
+
+ const url = app.restServer.url;
+ logger.info(`Server is running at ${url}`);
+ return app;
+}
+
+if (require.main === module) {
+ // Run the application
+ const config = {
+ rest: {
+ expressSettings: {
+ 'x-powered-by': false,
+ },
+ port: +(process.env.PORT ?? 3000),
+ host: process.env.HOST,
+ // The `gracePeriodForClose` provides a graceful close for http/https
+ // servers with keep-alive clients. The default value is `Infinity`
+ // (don't force-close). If you want to immediately destroy all sockets
+ // upon stop, set its value to `0`.
+ // See https://www.npmjs.com/package/stoppable
+ gracePeriodForClose: 5000, // 5 seconds
+ openApiSpec: {
+ // useful when used with OpenAPI-to-GraphQL to locate your application
+ setServersFromRequest: true,
+ },
+ },
+ };
+ main(config).catch(err => {
+ logger.error(`Cannot start the application: ${err}`);
+ process.exit(1);
+ });
+}
diff --git a/api/src/interceptors/citizen.interceptor.ts b/api/src/interceptors/citizen.interceptor.ts
new file mode 100644
index 0000000..7975285
--- /dev/null
+++ b/api/src/interceptors/citizen.interceptor.ts
@@ -0,0 +1,229 @@
+import {
+ inject,
+ injectable,
+ Interceptor,
+ InvocationContext,
+ InvocationResult,
+ Provider,
+ ValueOrPromise,
+} from '@loopback/core';
+import {repository} from '@loopback/repository';
+import {SecurityBindings} from '@loopback/security';
+
+import {CitizenService} from '../services';
+import {Citizen} from '../models/citizen/citizen.model';
+import {CitizenRepository, UserRepository} from '../repositories';
+import {isAgeValid} from './utils';
+import {ValidationError} from '../validationError';
+import {
+ ResourceName,
+ StatusCode,
+ logger,
+ AFFILIATION_STATUS,
+ IUser,
+ Roles,
+} from '../utils';
+
+/**
+ * This class will be bound to the application as an `Interceptor` during
+ * `boot`
+ */
+
+@injectable({tags: {key: CitizenInterceptor.BINDING_KEY}})
+export class CitizenInterceptor implements Provider {
+ static readonly BINDING_KEY = `interceptors.${CitizenInterceptor.name}`;
+
+ /*
+ * constructor
+ */
+ constructor(
+ @inject('services.CitizenService')
+ public citizenService: CitizenService,
+ @repository(CitizenRepository)
+ public citizenRepository: CitizenRepository,
+ @repository(UserRepository)
+ private userRepository: UserRepository,
+ @inject(SecurityBindings.USER)
+ private currentUser: IUser,
+ ) {}
+
+ /**
+ * This method is used by LoopBack context to produce an interceptor function
+ * for the binding.
+ *
+ * @returns An interceptor function
+ */
+ value() {
+ return this.intercept.bind(this);
+ }
+
+ /**
+ * The logic to intercept an invocation
+ * @param invocationCtx - Invocation context
+ * @param next - A function to invoke next interceptor or the target method
+ */
+ async intercept(
+ invocationCtx: InvocationContext,
+ next: () => ValueOrPromise,
+ ) {
+ let citizen: Citizen | undefined;
+ if (invocationCtx.methodName === 'create') {
+ citizen = invocationCtx.args[0];
+ if (!citizen?.tos1 || !citizen?.tos2) {
+ throw new ValidationError(
+ `Citizen must agree to terms of services`,
+ '/tos',
+ StatusCode.UnprocessableEntity,
+ ResourceName.Account,
+ );
+ }
+
+ if (!citizen?.password) {
+ throw new ValidationError(
+ `Password cannot be empty`,
+ '/password',
+ StatusCode.PreconditionFailed,
+ ResourceName.Account,
+ );
+ }
+ }
+
+ if (invocationCtx.methodName === 'replaceById') citizen = invocationCtx.args[1];
+
+ if (invocationCtx.methodName === 'findCitizenId') {
+ const citizenId = invocationCtx.args[0];
+ const citizen = await this.citizenRepository.findOne({
+ where: {id: citizenId},
+ });
+ if (!citizen) {
+ throw new ValidationError(
+ `Citizen not found`,
+ '/citizenNotFound',
+ StatusCode.NotFound,
+ ResourceName.Citizen,
+ );
+ }
+ }
+
+ if (citizen && !isAgeValid(citizen.identity.birthDate.value)) {
+ throw new ValidationError(
+ `citizens.error.birthdate.age`,
+ '/birthdate',
+ StatusCode.PreconditionFailed,
+ ResourceName.Account,
+ );
+ }
+ if (invocationCtx.methodName === 'validateAffiliation') {
+ const user = this.currentUser;
+ if (user.id && !user.roles?.includes(Roles.CITIZENS)) {
+ const userData = await this.userRepository.findById(this.currentUser?.id);
+ const citizenId = invocationCtx.args[0];
+ const citizen = await this.citizenRepository.findOne({
+ where: {id: citizenId},
+ });
+ if (
+ userData?.funderId !== citizen?.affiliation.enterpriseId ||
+ citizen!.affiliation!.affiliationStatus !== AFFILIATION_STATUS.TO_AFFILIATE
+ ) {
+ throw new ValidationError(
+ 'citizen.affiliation.impossible',
+ '/citizenAffiliationImpossible',
+ StatusCode.PreconditionFailed,
+ ResourceName.Affiliation,
+ );
+ }
+ } else if (user.id && user.roles?.includes(Roles.CITIZENS)) {
+ if (user?.id !== invocationCtx.args[0]) {
+ throw new ValidationError(
+ 'citizen.affiliation.impossible',
+ '/citizenAffiliationImpossible',
+ StatusCode.PreconditionFailed,
+ ResourceName.Affiliation,
+ );
+ }
+ } else if (!invocationCtx.args[1].token) {
+ throw new ValidationError(
+ 'citizens.affiliation.not.found',
+ '/citizensAffiliationNotFound',
+ StatusCode.NotFound,
+ ResourceName.Affiliation,
+ );
+ }
+ }
+
+ if (invocationCtx.methodName === 'disaffiliation') {
+ const citizenId = invocationCtx.args[0];
+ let newAffiliatedEmployees: Citizen | undefined,
+ newManuelAffiliatedEmployees: Citizen | undefined;
+
+ const citizenToDisaffiliate = await this.citizenRepository.findOne({
+ where: {id: citizenId},
+ });
+ if (!citizenToDisaffiliate) {
+ throw new ValidationError(
+ `Citizen not found`,
+ '/citizenNotFound',
+ StatusCode.NotFound,
+ ResourceName.Citizen,
+ );
+ }
+ if (
+ citizenToDisaffiliate.affiliation.affiliationStatus ===
+ AFFILIATION_STATUS.AFFILIATED
+ ) {
+ const affiliatedEmployees = await this.citizenService.findEmployees({
+ status: AFFILIATION_STATUS.AFFILIATED,
+ lastName: undefined,
+ skip: 0,
+ });
+ newAffiliatedEmployees = affiliatedEmployees?.employees?.find(
+ (elt: Citizen) => elt.id === citizenId,
+ );
+ }
+
+ if (
+ citizenToDisaffiliate.affiliation.affiliationStatus ===
+ AFFILIATION_STATUS.TO_AFFILIATE
+ ) {
+ const manuelAffiliatedEmployees = await this.citizenService.findEmployees({
+ status: AFFILIATION_STATUS.TO_AFFILIATE,
+ lastName: undefined,
+ skip: 0,
+ limit: 0,
+ });
+
+ newManuelAffiliatedEmployees = manuelAffiliatedEmployees?.employees?.find(
+ (elt: Citizen) => elt.id === citizenId,
+ );
+ }
+
+ if (!newAffiliatedEmployees && !newManuelAffiliatedEmployees) {
+ throw new ValidationError(
+ 'Access denied',
+ '/authorization',
+ StatusCode.Forbidden,
+ );
+ } else {
+ const checkDisaffiliation = await this.citizenService.checkDisaffiliation(
+ citizenId,
+ );
+
+ if (!checkDisaffiliation) {
+ throw new ValidationError(
+ 'citizen.disaffiliation.impossible',
+ '/citizenDisaffiliationImpossible',
+ StatusCode.PreconditionFailed,
+ ResourceName.Disaffiliation,
+ );
+ }
+ }
+ }
+
+ const result = await next();
+ return result;
+ }
+ catch(err: string) {
+ logger.error(err);
+ throw err;
+ }
+}
diff --git a/api/src/interceptors/enterprise.interceptor.ts b/api/src/interceptors/enterprise.interceptor.ts
new file mode 100644
index 0000000..82357d6
--- /dev/null
+++ b/api/src/interceptors/enterprise.interceptor.ts
@@ -0,0 +1,60 @@
+import {
+ injectable,
+ Interceptor,
+ InvocationContext,
+ InvocationResult,
+ Provider,
+ ValueOrPromise,
+} from '@loopback/core';
+import {StatusCode} from '../utils';
+import {ValidationError} from '../validationError';
+import {isEmailFormatValid} from './utils';
+
+/**
+ * This class will be bound to the application as an `Interceptor` during
+ * `boot`
+ */
+@injectable({tags: {key: EnterpriseInterceptor.BINDING_KEY}})
+export class EnterpriseInterceptor implements Provider {
+ static readonly BINDING_KEY = `interceptors.${EnterpriseInterceptor.name}`;
+
+ constructor() {}
+
+ /**
+ * This method is used by LoopBack context to produce an interceptor function
+ * for the binding.
+ *
+ * @returns An interceptor function
+ */
+ value() {
+ return this.intercept.bind(this);
+ }
+
+ /**
+ * The logic to intercept an invocation
+ * @param invocationCtx - Invocation context
+ * @param next - A function to invoke next interceptor or the target method
+ */
+ async intercept(
+ invocationCtx: InvocationContext,
+ next: () => ValueOrPromise,
+ ) {
+ const {methodName, args} = invocationCtx;
+ const {emailFormat} = args[0];
+ if (methodName === 'create') {
+ const allEmailFormatsValid: boolean = emailFormat.every(
+ (emailFormatString: string) => isEmailFormatValid(emailFormatString),
+ );
+ if (!allEmailFormatsValid) {
+ throw new ValidationError(
+ 'Enterprise email formats are not valid',
+ '/enterpriseEmailBadFormat',
+ StatusCode.UnprocessableEntity,
+ );
+ }
+ }
+
+ const result = await next();
+ return result;
+ }
+}
diff --git a/api/src/interceptors/external/affiliation.interceptor.ts b/api/src/interceptors/external/affiliation.interceptor.ts
new file mode 100644
index 0000000..72b82ee
--- /dev/null
+++ b/api/src/interceptors/external/affiliation.interceptor.ts
@@ -0,0 +1,152 @@
+import {
+ inject,
+ injectable,
+ Interceptor,
+ InvocationContext,
+ InvocationResult,
+ Provider,
+ service,
+ ValueOrPromise,
+} from '@loopback/core';
+import {repository} from '@loopback/repository';
+import {SecurityBindings} from '@loopback/security';
+
+import {
+ IncentiveRepository,
+ CitizenRepository,
+ SubscriptionRepository,
+} from '../../repositories';
+import {FunderService} from '../../services';
+import {
+ FUNDER_TYPE,
+ INCENTIVE_TYPE,
+ isEnterpriseAffilitation,
+ IUser,
+ ResourceName,
+ Roles,
+ StatusCode,
+} from '../../utils';
+import {ValidationError} from '../../validationError';
+
+@injectable({tags: {key: AffiliationInterceptor.BINDING_KEY}})
+export class AffiliationInterceptor implements Provider {
+ static readonly BINDING_KEY = `interceptors.${AffiliationInterceptor.name}`;
+
+ constructor(
+ @repository(CitizenRepository)
+ public citizenRepository: CitizenRepository,
+ @repository(IncentiveRepository)
+ public incentiveRepository: IncentiveRepository,
+ @repository(SubscriptionRepository)
+ public subscriptionRepository: SubscriptionRepository,
+ @service(FunderService)
+ public funderService: FunderService,
+ @inject(SecurityBindings.USER)
+ private currentUserProfile: IUser,
+ ) {}
+
+ /**
+ * This method is used by LoopBack context to produce an interceptor function
+ * for the binding.
+ *
+ * @returns An interceptor function
+ */
+ value() {
+ return this.intercept.bind(this);
+ }
+
+ /**
+ * The logic to intercept an invocation
+ * @param invocationCtx - Invocation context
+ * @param next - A function to invoke next interceptor or the target method
+ */
+ async intercept(
+ invocationCtx: InvocationContext,
+ next: () => ValueOrPromise,
+ ) {
+ const {methodName, args} = invocationCtx;
+ const {id, clientName, roles} = this.currentUserProfile;
+ if (!roles?.includes(Roles.MAAS_BACKEND)) {
+ let inputFunderId: string | undefined = undefined;
+ if (methodName === 'findCommunitiesByFunderId') {
+ inputFunderId = args[0];
+ }
+
+ if (
+ methodName === 'createSubscription' ||
+ methodName === 'createMetadata' ||
+ methodName === 'getMetadata'
+ ) {
+ const {incentiveId} = args[0];
+ inputFunderId =
+ incentiveId &&
+ (await this.incentiveRepository.findOne({where: {id: incentiveId}}))?.funderId;
+ }
+
+ if (methodName === 'addAttachments' || methodName === 'finalizeSubscription') {
+ const subscriptionId = args[0];
+ const subscription = await this.subscriptionRepository.findOne({
+ where: {id: subscriptionId},
+ });
+ if (!subscription) {
+ throw new ValidationError(
+ `Subscription not found`,
+ '/subscriptionNotFound',
+ StatusCode.NotFound,
+ ResourceName.Subscription,
+ );
+ }
+
+ const incentiveId = subscription.incentiveId;
+ inputFunderId =
+ incentiveId &&
+ (await this.incentiveRepository.findOne({where: {id: incentiveId}}))?.funderId;
+ }
+
+ // Find IncentiveMaasById
+ if (methodName === 'findIncentiveById') {
+ const incentiveId = args[0];
+
+ const incentive = await this.incentiveRepository.findOne({
+ where: {id: incentiveId},
+ });
+ if (!incentive) {
+ throw new ValidationError(
+ `Incentive not found`,
+ '/incentiveNotFound',
+ StatusCode.NotFound,
+ ResourceName.Incentive,
+ );
+ }
+ if (
+ incentive?.incentiveType === INCENTIVE_TYPE.EMPLOYER_INCENTIVE &&
+ !roles?.includes(Roles.CONTENT_EDITOR)
+ ) {
+ inputFunderId = incentiveId && incentive?.funderId;
+ } else {
+ return next();
+ }
+ }
+
+ const funders: any = inputFunderId && (await this.funderService.getFunders());
+ const funderMatch = funders && funders.find(({id}: any) => inputFunderId === id);
+ const citizen = await this.citizenRepository.findOne({where: {id}});
+
+ // Users from platform can subscribe to all collectivity aid
+ // Users from MaaS can subscribe to all collectivity aid
+ // Users from platform needs to be affiliated to a company to subscribe
+ if (
+ (roles?.includes(Roles.PLATFORM) || roles?.includes(Roles.MAAS)) &&
+ (funderMatch?.funderType === FUNDER_TYPE.collectivity ||
+ isEnterpriseAffilitation({citizen, funderMatch, inputFunderId}))
+ ) {
+ const result = await next();
+ return result;
+ }
+
+ throw new ValidationError('Access denied', '/authorization', StatusCode.Forbidden);
+ }
+ const result = await next();
+ return result;
+ }
+}
diff --git a/api/src/interceptors/external/affiliationPublic.interceptor.ts b/api/src/interceptors/external/affiliationPublic.interceptor.ts
new file mode 100644
index 0000000..f54a7e9
--- /dev/null
+++ b/api/src/interceptors/external/affiliationPublic.interceptor.ts
@@ -0,0 +1,76 @@
+import {
+ inject,
+ injectable,
+ Interceptor,
+ InvocationContext,
+ InvocationResult,
+ Provider,
+ ValueOrPromise,
+} from '@loopback/core';
+import {repository} from '@loopback/repository';
+import {SecurityBindings} from '@loopback/security';
+
+import {IncentiveRepository} from '../../repositories';
+import {INCENTIVE_TYPE, StatusCode, ResourceName, IUser} from '../../utils';
+import {ValidationError} from '../../validationError';
+
+@injectable({tags: {key: AffiliationPublicInterceptor.BINDING_KEY}})
+export class AffiliationPublicInterceptor implements Provider {
+ static readonly BINDING_KEY = `interceptors.${AffiliationPublicInterceptor.name}`;
+
+ constructor(
+ @repository(IncentiveRepository)
+ public incentiveRepository: IncentiveRepository,
+ @inject(SecurityBindings.USER)
+ private currentUserProfile: IUser,
+ ) {}
+
+ /**
+ * This method is used by LoopBack context to produce an interceptor function
+ * for the binding.
+ *
+ * @returns An interceptor function
+ */
+ value() {
+ return this.intercept.bind(this);
+ }
+
+ /**
+ * The logic to intercept an invocation
+ * @param invocationCtx - Invocation context
+ * @param next - A function to invoke next interceptor or the target method
+ */
+ async intercept(
+ invocationCtx: InvocationContext,
+ next: () => ValueOrPromise,
+ ) {
+ const {methodName, args} = invocationCtx;
+ const {roles} = this.currentUserProfile;
+
+ if (roles && roles.includes('service_maas')) {
+ // Find IncentiveById
+ if (methodName === 'findIncentiveById') {
+ const incentiveId = args[0];
+ const incentive = await this.incentiveRepository.findOne({
+ where: {id: incentiveId},
+ });
+ if (!incentive) {
+ throw new ValidationError(
+ `Incentive not found`,
+ '/incentiveNotFound',
+ StatusCode.NotFound,
+ ResourceName.Incentive,
+ );
+ }
+ if (incentive?.incentiveType === INCENTIVE_TYPE.EMPLOYER_INCENTIVE) {
+ throw new ValidationError(
+ 'Access denied',
+ '/authorization',
+ StatusCode.Forbidden,
+ );
+ }
+ }
+ }
+ return next();
+ }
+}
diff --git a/api/src/interceptors/external/index.ts b/api/src/interceptors/external/index.ts
new file mode 100644
index 0000000..a2aca30
--- /dev/null
+++ b/api/src/interceptors/external/index.ts
@@ -0,0 +1,5 @@
+export * from './affiliation.interceptor';
+export * from './subscriptionV1.interceptor';
+export * from './affiliationPublic.interceptor';
+export * from './subscriptionV1Attachments.interceptor';
+export * from './subscriptionV1Finalize.interceptor';
diff --git a/api/src/interceptors/external/subscriptionV1.interceptor.ts b/api/src/interceptors/external/subscriptionV1.interceptor.ts
new file mode 100644
index 0000000..68402c2
--- /dev/null
+++ b/api/src/interceptors/external/subscriptionV1.interceptor.ts
@@ -0,0 +1,116 @@
+import {
+ injectable,
+ Interceptor,
+ InvocationContext,
+ InvocationResult,
+ Provider,
+ ValueOrPromise,
+} from '@loopback/core';
+import {getJsonSchema} from '@loopback/rest';
+import {repository} from '@loopback/repository';
+import {Validator} from 'jsonschema';
+import {format} from 'date-fns';
+import {SecurityBindings} from '@loopback/security';
+
+import {IncentiveRepository, CommunityRepository} from '../../repositories';
+import {ResourceName, StatusCode} from '../../utils';
+import {ValidationError} from '../../validationError';
+import {Community, CreateSubscription} from '../../models';
+
+/**
+ * This class will be bound to the application as an `Interceptor` during
+ * `boot`
+ */
+@injectable({tags: {key: SubscriptionV1Interceptor.BINDING_KEY}})
+export class SubscriptionV1Interceptor implements Provider {
+ static readonly BINDING_KEY = `interceptors.${SubscriptionV1Interceptor.name}`;
+
+ constructor(
+ @repository(IncentiveRepository)
+ public incentiveRepository: IncentiveRepository,
+ @repository(CommunityRepository)
+ public communityRepository: CommunityRepository,
+ ) {}
+
+ /**
+ * This method is used by LoopBack context to produce an interceptor function
+ * for the binding.
+ *
+ * @returns An interceptor function
+ */
+ value() {
+ return this.intercept.bind(this);
+ }
+
+ /**
+ * The logic to intercept an invocation
+ * @param invocationCtx - Invocation context
+ * @param next - A function to invoke next interceptor or the target method
+ */
+ async intercept(
+ invocationCtx: InvocationContext,
+ next: () => ValueOrPromise,
+ ) {
+ let subscriptionIncentiveData: CreateSubscription | undefined = invocationCtx.args[0];
+ subscriptionIncentiveData = subscriptionIncentiveData as CreateSubscription;
+ const {jsonSchema, funderId, isMCMStaff} = await this.incentiveRepository.findById(
+ subscriptionIncentiveData?.incentiveId,
+ );
+ if (!isMCMStaff)
+ throw new ValidationError('Access denied', '/authorization', StatusCode.Forbidden);
+
+ if (funderId) {
+ const communities: Community[] = await this.communityRepository.findByFunderId(
+ funderId,
+ );
+ const communityId = subscriptionIncentiveData?.communityId;
+
+ const conditionWithCommunity =
+ communityId && !communities.map(({id}) => id).some(elt => elt === communityId);
+ const conditionWOCommunity = !communityId && communities.length > 0;
+
+ if (conditionWithCommunity || conditionWOCommunity) {
+ throw new ValidationError(
+ `subscriptions.error.communities.mismatch`,
+ `/subscriptions`,
+ StatusCode.UnprocessableEntity,
+ ResourceName.Subscription,
+ );
+ }
+ }
+ const validator = new Validator();
+ const {incentiveId, consent, communityId, ...specificFieldsToCompare} =
+ subscriptionIncentiveData;
+
+ // If no incentive.json schema, compare with createSubscription model and no additional properties
+ const resultCompare = validator.validate(
+ jsonSchema ? specificFieldsToCompare : subscriptionIncentiveData,
+ jsonSchema ?? {...getJsonSchema(CreateSubscription), additionalProperties: false},
+ );
+ if (resultCompare.errors.length > 0) {
+ throw new ValidationError(
+ resultCompare.errors[0].message,
+ resultCompare.errors[0].path.toString(),
+ StatusCode.UnprocessableEntity,
+ ResourceName.Subscription,
+ );
+ }
+ // Extract specific fields if incentive.jsonSchema (meaning specificFields)
+ if (jsonSchema) {
+ const specificFields: Object = {};
+ Object.keys(resultCompare.schema.properties as Object).forEach(element => {
+ let value = subscriptionIncentiveData?.[element];
+ // Format date
+ if (resultCompare.schema.properties?.[element]?.format === 'date') {
+ value = format(new Date(value), 'dd/MM/yyyy');
+ }
+ Object.assign(specificFields, {[element]: value});
+ delete subscriptionIncentiveData?.[element];
+ });
+ subscriptionIncentiveData!.specificFields = specificFields;
+ }
+ invocationCtx.args[0] = {...subscriptionIncentiveData};
+ const result = await next();
+ return result;
+ }
+}
diff --git a/api/src/interceptors/external/subscriptionV1Attachments.interceptor.ts b/api/src/interceptors/external/subscriptionV1Attachments.interceptor.ts
new file mode 100644
index 0000000..b91c824
--- /dev/null
+++ b/api/src/interceptors/external/subscriptionV1Attachments.interceptor.ts
@@ -0,0 +1,239 @@
+import {
+ inject,
+ injectable,
+ Interceptor,
+ InvocationContext,
+ InvocationResult,
+ Provider,
+ service,
+ ValueOrPromise,
+} from '@loopback/core';
+import {repository} from '@loopback/repository';
+import {SecurityBindings} from '@loopback/security';
+
+import {Express} from 'express';
+import {EncryptionKey} from '../../models';
+
+import {
+ SubscriptionRepository,
+ MetadataRepository,
+ EnterpriseRepository,
+ CollectivityRepository,
+} from '../../repositories';
+import {ClamavService, S3Service} from '../../services';
+import {
+ ResourceName,
+ StatusCode,
+ canAccessHisSubscriptionData,
+ SUBSCRIPTION_STATUS,
+ IUser,
+} from '../../utils';
+import {isExpired} from '../../utils/date';
+import {ValidationError} from '../../validationError';
+
+/**
+ * This class will be bound to the application as an `Interceptor` during
+ * `boot`
+ */
+@injectable({tags: {key: SubscriptionV1AttachmentsInterceptor.BINDING_KEY}})
+export class SubscriptionV1AttachmentsInterceptor implements Provider {
+ static readonly BINDING_KEY = `interceptors.${SubscriptionV1AttachmentsInterceptor.name}`;
+
+ constructor(
+ @inject('services.S3Service')
+ private s3Service: S3Service,
+ @repository(SubscriptionRepository)
+ public subscriptionRepository: SubscriptionRepository,
+ @repository(MetadataRepository)
+ public metadataRepository: MetadataRepository,
+ @repository(EnterpriseRepository)
+ public enterpriseRepository: EnterpriseRepository,
+ @repository(CollectivityRepository)
+ public collectivityRepository: CollectivityRepository,
+ @inject(SecurityBindings.USER)
+ private currentUser: IUser,
+ @service(ClamavService)
+ public clamavService: ClamavService,
+ ) {}
+
+ /**
+ * This method is used by LoopBack context to produce an interceptor function
+ * for the binding.
+ *
+ * @returns An interceptor function
+ */
+ value() {
+ return this.intercept.bind(this);
+ }
+
+ /**
+ * The logic to intercept an invocation
+ * @param invocationCtx - Invocation context
+ * @param next - A function to invoke next interceptor or the target method
+ */
+ async intercept(
+ invocationCtx: InvocationContext,
+ next: () => ValueOrPromise,
+ ) {
+ const subscriptionDetails = await this.subscriptionRepository.findOne({
+ where: {id: invocationCtx.args[0]},
+ });
+
+ // Check if subscription exists
+ if (!subscriptionDetails) {
+ throw new ValidationError(
+ 'Subscription does not exist',
+ '/subscription',
+ StatusCode.NotFound,
+ ResourceName.Subscription,
+ );
+ }
+
+ // Check if user has access to his own data
+ if (
+ !canAccessHisSubscriptionData(this.currentUser.id, subscriptionDetails?.citizenId)
+ ) {
+ throw new ValidationError('Access denied', '/authorization', StatusCode.Forbidden);
+ }
+
+ // Check subscription status
+ if (subscriptionDetails?.status !== SUBSCRIPTION_STATUS.DRAFT) {
+ throw new ValidationError(
+ `Only subscriptions with Draft status are allowed`,
+ '/status',
+ StatusCode.PreconditionFailed,
+ ResourceName.Subscription,
+ );
+ }
+
+ // Check encryptionKey Exists
+ let encryptionKey: EncryptionKey | undefined = undefined;
+ const collectivity = await this.collectivityRepository.findOne({
+ where: {id: subscriptionDetails.funderId},
+ });
+ const enterprise = await this.enterpriseRepository.findOne({
+ where: {id: subscriptionDetails.funderId},
+ });
+ if (!collectivity && !enterprise) {
+ throw new ValidationError(
+ `Funder not found`,
+ '/Funder',
+ StatusCode.NotFound,
+ ResourceName.EncryptionKey,
+ );
+ }
+
+ if (collectivity) encryptionKey = collectivity.encryptionKey;
+ if (enterprise) encryptionKey = enterprise.encryptionKey;
+ if (!encryptionKey) {
+ throw new ValidationError(
+ `Encryption Key not found`,
+ '/EncryptionKey',
+ StatusCode.NotFound,
+ ResourceName.EncryptionKey,
+ );
+ }
+
+ // check if public key is expired
+ if (isExpired(encryptionKey.expirationDate, new Date())) {
+ throw new ValidationError(
+ `Encryption Key Expired`,
+ '/EncryptionKey',
+ StatusCode.UnprocessableEntity,
+ ResourceName.EncryptionKey,
+ );
+ }
+
+ // Check if there is already files in db
+ if (
+ subscriptionDetails!.attachments &&
+ subscriptionDetails!.attachments?.length > 0
+ ) {
+ throw new ValidationError(
+ `You already provided files to this subscription`,
+ '/attachments',
+ StatusCode.UnprocessableEntity,
+ ResourceName.Attachments,
+ );
+ }
+
+ const attachments = invocationCtx.args[1].files;
+ const idMetadata = invocationCtx.args[1].body.data
+ ? JSON.parse(invocationCtx.args[1].body.data)?.metadataId
+ : undefined;
+
+ const subscriptionMetadata = idMetadata
+ ? await this.metadataRepository.findById(idMetadata)
+ : undefined;
+
+ // Check at least one of attachments and idMetadata
+ if (!subscriptionMetadata && (!attachments || !(attachments.length > 0))) {
+ throw new ValidationError(
+ `You need the provide at least one file or valid metadata`,
+ '/attachments',
+ StatusCode.UnprocessableEntity,
+ ResourceName.Attachments,
+ );
+ }
+
+ // Check if incentiveId in metadata is the same than the one from the subscription
+ if (
+ subscriptionMetadata &&
+ subscriptionDetails!.incentiveId?.toString() !==
+ subscriptionMetadata?.incentiveId?.toString()
+ ) {
+ throw new ValidationError(
+ `Metadata does not match this subscription`,
+ '/attachments',
+ StatusCode.UnprocessableEntity,
+ ResourceName.Attachments,
+ );
+ }
+
+ // Check number of file to upload
+ if (
+ !this.s3Service.hasCorrectNumberOfFiles([
+ ...attachments,
+ ...(subscriptionMetadata?.attachmentMetadata?.invoices ?? []),
+ ])
+ ) {
+ throw new ValidationError(
+ `Too many files to upload`,
+ '/attachments',
+ StatusCode.UnprocessableEntity,
+ ResourceName.Attachments,
+ );
+ }
+ // Check attachments valid mime type
+ if (!this.s3Service.hasValidMimeType(attachments)) {
+ throw new ValidationError(
+ `Uploaded files do not have valid content type`,
+ '/attachments',
+ StatusCode.PreconditionFailed,
+ ResourceName.AttachmentsType,
+ );
+ }
+ // Check attachments valid mime size
+ if (!this.s3Service.hasValidFileSize(attachments)) {
+ throw new ValidationError(
+ `Uploaded files do not have a valid file size`,
+ '/attachments',
+ StatusCode.PreconditionFailed,
+ ResourceName.Attachments,
+ );
+ }
+
+ // Check if a file is corrupted using ClamAV
+ if (!(await this.clamavService.checkCorruptedFiles(attachments))) {
+ throw new ValidationError(
+ 'A corrupted file has been found',
+ '/antivirus',
+ StatusCode.UnprocessableEntity,
+ ResourceName.Antivirus,
+ );
+ }
+
+ const result = await next();
+ return result;
+ }
+}
diff --git a/api/src/interceptors/external/subscriptionV1Finalize.interceptor.ts b/api/src/interceptors/external/subscriptionV1Finalize.interceptor.ts
new file mode 100644
index 0000000..82a0908
--- /dev/null
+++ b/api/src/interceptors/external/subscriptionV1Finalize.interceptor.ts
@@ -0,0 +1,88 @@
+import {
+ inject,
+ injectable,
+ Interceptor,
+ InvocationContext,
+ InvocationResult,
+ Provider,
+ ValueOrPromise,
+} from '@loopback/core';
+import {repository} from '@loopback/repository';
+import {SecurityBindings} from '@loopback/security';
+
+import {SubscriptionRepository} from '../../repositories';
+import {
+ ResourceName,
+ StatusCode,
+ canAccessHisSubscriptionData,
+ SUBSCRIPTION_STATUS,
+ IUser,
+} from '../../utils';
+import {ValidationError} from '../../validationError';
+
+/**
+ * This class will be bound to the application as an `Interceptor` during
+ * `boot`
+ */
+@injectable({tags: {key: SubscriptionV1FinalizeInterceptor.BINDING_KEY}})
+export class SubscriptionV1FinalizeInterceptor implements Provider {
+ static readonly BINDING_KEY = `interceptors.${SubscriptionV1FinalizeInterceptor.name}`;
+
+ constructor(
+ @repository(SubscriptionRepository)
+ public subscriptionRepository: SubscriptionRepository,
+ @inject(SecurityBindings.USER)
+ private currentUser: IUser,
+ ) {}
+
+ /**
+ * This method is used by LoopBack context to produce an interceptor function
+ * for the binding.
+ *
+ * @returns An interceptor function
+ */
+ value() {
+ return this.intercept.bind(this);
+ }
+
+ /**
+ * The logic to intercept an invocation
+ * @param invocationCtx - Invocation context
+ * @param next - A function to invoke next interceptor or the target method
+ */
+ async intercept(
+ invocationCtx: InvocationContext,
+ next: () => ValueOrPromise,
+ ) {
+ const subscription = await this.subscriptionRepository.findById(
+ invocationCtx.args[0],
+ );
+
+ // Check if subscription exists
+ if (!subscription) {
+ throw new ValidationError(
+ 'Subscription does not exist',
+ '/subscription',
+ StatusCode.NotFound,
+ ResourceName.Subscription,
+ );
+ }
+
+ // Check if user has access to his own data
+ if (!canAccessHisSubscriptionData(this.currentUser.id, subscription?.citizenId)) {
+ throw new ValidationError('Access denied', '/authorization', StatusCode.Forbidden);
+ }
+
+ // Check subscription status
+ if (subscription?.status !== SUBSCRIPTION_STATUS.DRAFT) {
+ throw new ValidationError(
+ `Only subscriptions with Draft status are allowed`,
+ '/status',
+ StatusCode.PreconditionFailed,
+ ResourceName.Subscription,
+ );
+ }
+ const result = await next();
+ return result;
+ }
+}
diff --git a/api/src/interceptors/funder.interceptor.ts b/api/src/interceptors/funder.interceptor.ts
new file mode 100644
index 0000000..fc4b161
--- /dev/null
+++ b/api/src/interceptors/funder.interceptor.ts
@@ -0,0 +1,99 @@
+import {
+ inject,
+ injectable,
+ Interceptor,
+ InvocationContext,
+ InvocationResult,
+ Provider,
+ ValueOrPromise,
+} from '@loopback/core';
+import {repository} from '@loopback/repository';
+import {SecurityBindings} from '@loopback/security';
+
+import {CollectivityRepository, EnterpriseRepository} from '../repositories';
+import {ValidationError} from '../validationError';
+import {ResourceName, StatusCode, IUser} from '../utils';
+import {Collectivity, EncryptionKey, Enterprise} from '../models';
+/**
+ * This class will be bound to the application as an `Interceptor` during
+ * `boot`
+ */
+
+@injectable({tags: {key: FunderInterceptor.BINDING_KEY}})
+export class FunderInterceptor implements Provider {
+ static readonly BINDING_KEY = `interceptors.${FunderInterceptor.name}`;
+
+ /*
+ * constructor
+ */
+ constructor(
+ @repository(CollectivityRepository)
+ public collectivityRepository: CollectivityRepository,
+ @repository(EnterpriseRepository)
+ public enterpriseRepository: EnterpriseRepository,
+ @inject(SecurityBindings.USER)
+ private currentUser: IUser,
+ ) {}
+
+ /**
+ * This method is used by LoopBack context to produce an interceptor function
+ * for the binding.
+ *
+ * @returns An interceptor function
+ */
+ value() {
+ return this.intercept.bind(this);
+ }
+
+ /**
+ * The logic to intercept an invocation
+ * @param invocationCtx - Invocation context
+ * @param next - A function to invoke next interceptor or the target method
+ */
+ async intercept(
+ invocationCtx: InvocationContext,
+ next: () => ValueOrPromise,
+ ) {
+ const encryptionKey: EncryptionKey = invocationCtx.args[1];
+ const funderId = invocationCtx.args[0];
+ let funder: Collectivity | Enterprise | undefined = undefined;
+
+ const collectivity: Collectivity | null = await this.collectivityRepository.findOne({
+ where: {id: funderId},
+ });
+ const enterprise: Enterprise | null = await this.enterpriseRepository.findOne({
+ where: {id: funderId},
+ });
+
+ funder = collectivity ? collectivity : enterprise ? enterprise : undefined;
+ if (!funder) {
+ throw new ValidationError(
+ `Funder not found`,
+ `/Funder`,
+ StatusCode.NotFound,
+ ResourceName.Funder,
+ );
+ }
+
+ // Will not anymore if we stop using ${funderName}-backend convention when creating KC backend clients
+ if (
+ funder &&
+ this.currentUser?.clientName &&
+ !this.currentUser?.groups?.includes(funder.name)
+ ) {
+ throw new ValidationError('Access denied', '/authorization', StatusCode.Forbidden);
+ }
+ if (
+ (collectivity || (enterprise && !enterprise.isHris)) &&
+ !encryptionKey.privateKeyAccess
+ ) {
+ throw new ValidationError(
+ `encryptionKey.error.privateKeyAccess.missing`,
+ '/EncryptionKey',
+ StatusCode.UnprocessableEntity,
+ );
+ }
+ const result = await next();
+ return result;
+ }
+}
diff --git a/api/src/interceptors/incentive.interceptor.ts b/api/src/interceptors/incentive.interceptor.ts
new file mode 100644
index 0000000..0abfa14
--- /dev/null
+++ b/api/src/interceptors/incentive.interceptor.ts
@@ -0,0 +1,158 @@
+import {
+ /* inject, */
+ injectable,
+ Interceptor,
+ InvocationContext,
+ InvocationResult,
+ Provider,
+ ValueOrPromise,
+} from '@loopback/core';
+import {repository} from '@loopback/repository';
+
+import {Incentive} from '../models/incentive/incentive.model';
+import {IncentiveRepository} from '../repositories';
+import {ResourceName, StatusCode} from '../utils';
+import {ValidationError} from '../validationError';
+import {isValidityDateValid} from './utils';
+
+/**
+ * This class will be bound to the application as an `Interceptor` during
+ * `boot`
+ */
+@injectable({tags: {key: IncentiveInterceptor.BINDING_KEY}})
+export class IncentiveInterceptor implements Provider {
+ static readonly BINDING_KEY = `interceptors.${IncentiveInterceptor.name}`;
+
+ constructor(
+ @repository(IncentiveRepository)
+ public incentiveRepository: IncentiveRepository,
+ ) {}
+
+ /**
+ * This method is used by LoopBack context to produce an interceptor function
+ * for the binding.
+ *
+ * @returns An interceptor function
+ */
+ value() {
+ return this.intercept.bind(this);
+ }
+
+ /**
+ * The logic to intercept an invocation
+ * @param invocationCtx - Invocation context
+ * @param next - A function to invoke next interceptor or the target method
+ */
+ async intercept(
+ invocationCtx: InvocationContext,
+ next: () => ValueOrPromise,
+ ) {
+ let incentives: Incentive | undefined;
+ if (invocationCtx.methodName === 'create') {
+ incentives = invocationCtx.args[0];
+ if (incentives && incentives.title && incentives.funderName) {
+ const incentive = await this.incentiveRepository.findOne({
+ where: {title: incentives.title, funderName: incentives.funderName},
+ });
+ if (incentive) {
+ throw new ValidationError(
+ `incentives.error.title.alreadyUsedForFunder`,
+ '/incentiveTitleAlreadyUsed',
+ StatusCode.Conflict,
+ ResourceName.Incentive,
+ );
+ }
+ }
+ }
+
+ if (invocationCtx.methodName === 'replaceById') incentives = invocationCtx.args[1];
+
+ if (invocationCtx.methodName === 'updateById') {
+ const incentiveId = invocationCtx.args[0];
+ incentives = invocationCtx.args[1];
+
+ const incentiveToUpdate = await this.incentiveRepository.findOne({
+ where: {id: incentiveId},
+ });
+ if (!incentiveToUpdate) {
+ throw new ValidationError(
+ `Incentive not found`,
+ '/incentiveNotFound',
+ StatusCode.NotFound,
+ ResourceName.Incentive,
+ );
+ }
+ if (incentives && incentives.title && incentives.funderName) {
+ const incentive = await this.incentiveRepository.findOne({
+ where: {
+ id: {nin: [incentiveId]},
+ title: incentives.title,
+ funderName: incentives.funderName,
+ },
+ });
+ if (incentive) {
+ throw new ValidationError(
+ `incentives.error.title.alreadyUsedForFunder`,
+ '/incentiveTitleAlreadyUsed',
+ StatusCode.Conflict,
+ ResourceName.Incentive,
+ );
+ }
+ }
+ }
+
+ if (invocationCtx.methodName === 'deleteById') {
+ const incentiveId = invocationCtx.args[0];
+ const incentiveToDelete = await this.incentiveRepository.findOne({
+ where: {id: incentiveId},
+ });
+ if (!incentiveToDelete) {
+ throw new ValidationError(
+ `Incentive not found`,
+ '/incentiveNotFound',
+ StatusCode.NotFound,
+ ResourceName.Incentive,
+ );
+ }
+ }
+
+ if (
+ incentives &&
+ incentives.validityDate &&
+ !isValidityDateValid(incentives.validityDate)
+ ) {
+ throw new ValidationError(
+ `incentives.error.validityDate.minDate`,
+ '/validityDate',
+ StatusCode.PreconditionFailed,
+ ResourceName.Incentive,
+ );
+ }
+
+ // If isMCMStaff === true , should not have a subscription link
+ if (incentives && incentives.isMCMStaff && incentives.subscriptionLink) {
+ throw new ValidationError(
+ `incentives.error.isMCMStaff.subscriptionLink`,
+ '/isMCMStaff',
+ StatusCode.PreconditionFailed,
+ ResourceName.Incentive,
+ );
+ }
+ // If isMCMStaff === false , should not have a specific fields but subscription is required
+ if (
+ incentives &&
+ !incentives.isMCMStaff &&
+ (incentives.specificFields?.length || !incentives.subscriptionLink)
+ ) {
+ throw new ValidationError(
+ `incentives.error.isMCMStaff.specificFieldOrSubscriptionLink`,
+ '/isMCMStaff',
+ StatusCode.PreconditionFailed,
+ ResourceName.Incentive,
+ );
+ }
+
+ const result = await next();
+ return result;
+ }
+}
diff --git a/api/src/interceptors/index.ts b/api/src/interceptors/index.ts
new file mode 100644
index 0000000..5964951
--- /dev/null
+++ b/api/src/interceptors/index.ts
@@ -0,0 +1,7 @@
+export * from './incentive.interceptor';
+export * from './citizen.interceptor';
+export * from './subscription.interceptor';
+export * from './subscriptionMetadata.interceptor';
+export * from './enterprise.interceptor';
+export * from './funder.interceptor';
+export * from './external';
diff --git a/api/src/interceptors/subscription.interceptor.ts b/api/src/interceptors/subscription.interceptor.ts
new file mode 100644
index 0000000..03d17c1
--- /dev/null
+++ b/api/src/interceptors/subscription.interceptor.ts
@@ -0,0 +1,130 @@
+import {
+ inject,
+ injectable,
+ Interceptor,
+ InvocationContext,
+ InvocationResult,
+ Provider,
+ ValueOrPromise,
+} from '@loopback/core';
+import {repository} from '@loopback/repository';
+import {SecurityBindings} from '@loopback/security';
+
+import {UserRepository, SubscriptionRepository} from '../repositories';
+import {IUser, ResourceName, StatusCode, SUBSCRIPTION_STATUS} from '../utils';
+import {ValidationError} from '../validationError';
+import {Subscription} from '../models';
+import {IDP_SUFFIX_BACKEND} from '../constants';
+
+/**
+ * This class will be bound to the application as an `Interceptor` during
+ * `boot`
+ */
+@injectable({tags: {key: SubscriptionInterceptor.BINDING_KEY}})
+export class SubscriptionInterceptor implements Provider {
+ static readonly BINDING_KEY = `interceptors.${SubscriptionInterceptor.name}`;
+
+ constructor(
+ @repository(UserRepository)
+ private userRepository: UserRepository,
+ @repository(SubscriptionRepository)
+ public subscriptionRepository: SubscriptionRepository,
+ @inject(SecurityBindings.USER)
+ private currentUser: IUser,
+ ) {}
+
+ /**
+ * This method is used by LoopBack context to produce an interceptor function
+ * for the binding.
+ *
+ * @returns An interceptor function
+ */
+ value() {
+ return this.intercept.bind(this);
+ }
+
+ /**
+ * The logic to intercept an invocation
+ * @param invocationCtx - Invocation context
+ * @param next - A function to invoke next interceptor or the target method
+ */
+ async intercept(
+ invocationCtx: InvocationContext,
+ next: () => ValueOrPromise,
+ ) {
+ const {methodName, args} = invocationCtx;
+ const {id} = this.currentUser;
+
+ let communityIds: '' | string[] | undefined = [];
+
+ const subscriptionId = args[0];
+ const subscription: Subscription = await this.subscriptionRepository.findById(
+ subscriptionId,
+ );
+
+ if (!subscription) {
+ throw new ValidationError(
+ `Subscription not found`,
+ '/subscriptionNotFound',
+ StatusCode.NotFound,
+ ResourceName.Subscription,
+ );
+ }
+
+ if (methodName === 'findById') {
+ if (subscription?.status === SUBSCRIPTION_STATUS.DRAFT) {
+ throw new ValidationError(
+ 'Access denied',
+ '/authorization',
+ StatusCode.Forbidden,
+ );
+ }
+ }
+
+ if (methodName === 'getSubscriptionFileByName') {
+ if (this.currentUser?.clientName) {
+ const clientName = this.currentUser?.clientName;
+ if (`${subscription.funderName}-${IDP_SUFFIX_BACKEND}` !== clientName) {
+ throw new ValidationError(
+ 'Access denied',
+ '/authorization',
+ StatusCode.Forbidden,
+ );
+ }
+ }
+ if (subscription.status !== SUBSCRIPTION_STATUS.TO_PROCESS) {
+ throw new ValidationError(
+ 'Access denied',
+ '/authorization',
+ StatusCode.Forbidden,
+ );
+ }
+ }
+
+ if (
+ ['findById', 'validate', 'reject', 'getSubscriptionFileByName'].includes(methodName)
+ ) {
+ // get current user communities
+ communityIds =
+ id && (await this.userRepository.findOne({where: {id}}))?.communityIds;
+
+ if (communityIds) {
+ if (
+ subscription &&
+ subscription.communityId &&
+ communityIds?.includes(subscription.communityId.toString())
+ ) {
+ return next();
+ } else {
+ throw new ValidationError(
+ 'Access denied',
+ '/authorization',
+ StatusCode.Forbidden,
+ );
+ }
+ } else {
+ return next();
+ }
+ }
+ }
+}
diff --git a/api/src/interceptors/subscriptionMetadata.interceptor.ts b/api/src/interceptors/subscriptionMetadata.interceptor.ts
new file mode 100644
index 0000000..40502f7
--- /dev/null
+++ b/api/src/interceptors/subscriptionMetadata.interceptor.ts
@@ -0,0 +1,123 @@
+import {
+ inject,
+ injectable,
+ Interceptor,
+ InvocationContext,
+ InvocationResult,
+ Provider,
+ ValueOrPromise,
+} from '@loopback/core';
+import {repository} from '@loopback/repository';
+import {SecurityBindings} from '@loopback/security';
+
+import {IncentiveRepository, MetadataRepository} from '../repositories';
+import {canAccessHisSubscriptionData, IUser, ResourceName, StatusCode} from '../utils';
+import {ValidationError} from '../validationError';
+import {Invoice, Metadata} from '../models';
+
+/**
+ * This class will be bound to the application as an `Interceptor` during
+ * `boot`
+ */
+@injectable({tags: {key: SubscriptionMetadataInterceptor.BINDING_KEY}})
+export class SubscriptionMetadataInterceptor implements Provider {
+ static readonly BINDING_KEY = `interceptors.${SubscriptionMetadataInterceptor.name}`;
+
+ constructor(
+ @repository(IncentiveRepository)
+ public incentiveRepository: IncentiveRepository,
+ @repository(MetadataRepository)
+ public metadataRepository: MetadataRepository,
+ @inject(SecurityBindings.USER)
+ private currentUser: IUser,
+ ) {}
+
+ /**
+ * This method is used by LoopBack context to produce an interceptor function
+ * for the binding.
+ *
+ * @returns An interceptor function
+ */
+ value() {
+ return this.intercept.bind(this);
+ }
+
+ /**
+ * The logic to intercept an invocation
+ * @param invocationCtx - Invocation context
+ * @param next - A function to invoke next interceptor or the target method
+ */
+ async intercept(
+ invocationCtx: InvocationContext,
+ next: () => ValueOrPromise,
+ ) {
+ const {methodName, args} = invocationCtx;
+ const {incentiveId, attachmentMetadata} = new Metadata(args[0]);
+ const {id} = this.currentUser;
+ if (methodName === 'createMetadata') {
+ // Get incentive to see if it exists
+ // Check isMCMStaff
+ const {isMCMStaff} = await this.incentiveRepository.findById(incentiveId);
+ if (!isMCMStaff) {
+ throw new ValidationError(
+ 'Access denied',
+ '/authorization',
+ StatusCode.Forbidden,
+ );
+ }
+
+ // Check empty invoices or empty products
+ if (
+ attachmentMetadata.invoices.length === 0 ||
+ attachmentMetadata.invoices.find(
+ (invoice: Invoice) => invoice.products.length === 0,
+ )
+ ) {
+ throw new ValidationError(
+ 'Metadata invoices or products length invalid',
+ '/metadata',
+ StatusCode.UnprocessableEntity,
+ ResourceName.Metadata,
+ );
+ }
+
+ // Check totalElements && nb invoices
+ if (attachmentMetadata.invoices.length !== attachmentMetadata.totalElements) {
+ throw new ValidationError(
+ 'Metadata invoices length must be equal to totalElements',
+ '/metadata',
+ StatusCode.UnprocessableEntity,
+ ResourceName.Metadata,
+ );
+ }
+
+ // Attach citizenId and token to metadata
+ args[0].citizenId = id;
+ }
+
+ if (methodName === 'getMetadata') {
+ const metadataId = args[0];
+ const metadata = await this.metadataRepository.findOne({where: {id: metadataId}});
+ if (!metadata) {
+ throw new ValidationError(
+ `Metadata not found`,
+ '/metadataNotFound',
+ StatusCode.NotFound,
+ ResourceName.Metadata,
+ );
+ }
+
+ // Check if user has access to his own data
+ if (!canAccessHisSubscriptionData(this.currentUser.id, metadata.citizenId)) {
+ throw new ValidationError(
+ 'Access denied',
+ '/authorization',
+ StatusCode.Forbidden,
+ );
+ }
+ }
+
+ const result = await next();
+ return result;
+ }
+}
diff --git a/api/src/interceptors/utils.ts b/api/src/interceptors/utils.ts
new file mode 100644
index 0000000..5fd10b6
--- /dev/null
+++ b/api/src/interceptors/utils.ts
@@ -0,0 +1,44 @@
+const isValidityDateValid = (validityDate: string) => {
+ return new Date(validityDate) >= new Date();
+};
+
+const formatDate = (date: Date) => {
+ return [date.getFullYear(), date.getMonth() + 1, date.getDate()].join('-');
+};
+
+const isAgeValid = (birthdate: string) => {
+ const currentDate = new Date();
+
+ const lowelLimitDate = [
+ currentDate.getFullYear() - 16,
+ currentDate.getMonth() + 1,
+ currentDate.getDate(),
+ ].join('-');
+
+ return formatDate(new Date(birthdate)) <= lowelLimitDate;
+};
+
+/**
+ * Format Date as Day/Month/Year
+ */
+const formatDateInFrenchNotation = (date: Date) => {
+ const dd = String(date.getDate()).padStart(2, '0');
+ const mm = String(date.getMonth() + 1).padStart(2, '0');
+ const yyyy = date.getFullYear();
+ return `${dd}/${mm}/${yyyy}`;
+};
+
+const isEmailFormatValid = (email: string) => {
+ const regex = new RegExp(
+ /^@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/,
+ );
+ return email.match(regex);
+};
+
+export {
+ isValidityDateValid,
+ formatDate,
+ isAgeValid,
+ formatDateInFrenchNotation,
+ isEmailFormatValid,
+};
diff --git a/api/src/migrate.ts b/api/src/migrate.ts
new file mode 100644
index 0000000..5f97929
--- /dev/null
+++ b/api/src/migrate.ts
@@ -0,0 +1,21 @@
+import {App} from './application';
+import {logger} from './utils';
+
+export async function migrate(args: string[]) {
+ const existingSchema = args.includes('--rebuild') ? 'drop' : 'alter';
+ logger.info(`Migrating schemas (%s existing schema): ${existingSchema}`);
+
+ const app = new App();
+ await app.boot();
+ await app.migrateSchema({existingSchema});
+
+ // Connectors usually keep a pool of opened connections,
+ // this keeps the process running even after all work is done.
+ // We need to exit explicitly.
+ process.exit(0);
+}
+
+migrate(process.argv).catch(err => {
+ logger.error(`Cannot migrate database schema: ${err}`);
+ process.exit(1);
+});
diff --git a/api/src/migrations/1.10.0.migration.ts b/api/src/migrations/1.10.0.migration.ts
new file mode 100644
index 0000000..9a40396
--- /dev/null
+++ b/api/src/migrations/1.10.0.migration.ts
@@ -0,0 +1,127 @@
+import {service} from '@loopback/core';
+import {repository} from '@loopback/repository';
+import {MigrationScript, migrationScript} from 'loopback4-migration';
+import {removeWhiteSpace} from '../controllers/utils/helpers';
+import {Incentive, Territory} from '../models';
+import {IncentiveRepository, TerritoryRepository} from '../repositories';
+import {TerritoryService} from '../services/territory.service';
+import {logger} from '../utils';
+
+@migrationScript()
+export class MigrationScript110 implements MigrationScript {
+ version = '1.10.0';
+ scriptName = MigrationScript110.name;
+ description = 'Add Territory Model';
+
+ constructor(
+ @repository(IncentiveRepository) private incentiveRepository: IncentiveRepository,
+ @repository(TerritoryRepository) private territoryRepository: TerritoryRepository,
+ @service(TerritoryService) public territoryService: TerritoryService,
+ ) {}
+
+ async up(): Promise {
+ logger.info(`${MigrationScript110.name} - Started`);
+
+ const territoriesToCreate: string[] = [];
+ let count: number = 0;
+
+ const incentivesList: Incentive[] = await this.incentiveRepository.find({
+ where: {territory: {exists: false}},
+ fields: {id: true, territoryName: true},
+ });
+
+ const createdTerritories: Territory[] = await this.territoryRepository.find();
+ logger.info(
+ `${MigrationScript110.name} - {${createdTerritories.length}} Territories from database`,
+ );
+ logger.info(
+ `${MigrationScript110.name} - Initial Created Territories from database : \
+ ${
+ createdTerritories.length ? JSON.stringify(createdTerritories, null, 2) : 'None'
+ }`,
+ );
+
+ incentivesList.map((incentive: Incentive) => {
+ const name: string = removeWhiteSpace(incentive.territoryName);
+
+ const foundInIncentive: string | undefined = territoriesToCreate.find(
+ (territoryName: string) =>
+ territoryName.toLowerCase() === incentive.territoryName.toLowerCase(),
+ );
+
+ const foundInTerritory: Territory | undefined = createdTerritories.find(
+ (territory: Territory) => territory.name.toLowerCase() === name.toLowerCase(),
+ );
+
+ if (!foundInTerritory && !foundInIncentive) {
+ territoriesToCreate.push(incentive.territoryName);
+ }
+ });
+
+ logger.info(
+ `${MigrationScript110.name} - {${territoriesToCreate.length}} Territories will be created`,
+ );
+ logger.info(
+ `${MigrationScript110.name} - Territories that will be Created : \
+ ${
+ territoriesToCreate.length
+ ? JSON.stringify(territoriesToCreate, null, 2)
+ : 'None'
+ }`,
+ );
+
+ await Promise.all(
+ territoriesToCreate.map(async (territoy: string) => {
+ const createdTerritory: Territory = await this.territoryService.createTerritory({
+ name: territoy,
+ } as Territory);
+ createdTerritories.push(createdTerritory);
+
+ logger.info(
+ `${MigrationScript110.name} - Territory ${createdTerritory.name} with ID \
+ ${createdTerritory.id} is Created`,
+ );
+ }),
+ );
+
+ logger.info(
+ `${MigrationScript110.name} - {${incentivesList.length}} Incentives to Update`,
+ );
+ await Promise.all(
+ incentivesList.map(async (incentive: Incentive) => {
+ const name: string = removeWhiteSpace(incentive.territoryName);
+
+ const foundTerritory: Territory | undefined = createdTerritories.find(
+ (territory: Territory) => territory.name.toLowerCase() === name.toLowerCase(),
+ );
+
+ if (foundTerritory) {
+ await this.incentiveRepository.updateById(incentive.id, {
+ territory: {
+ id: foundTerritory?.id,
+ name: foundTerritory?.name,
+ },
+ territoryName: foundTerritory?.name,
+ });
+
+ logger.info(
+ `${MigrationScript110.name} - Incentive with ID \ ${
+ incentive.id
+ } is updated with territory : ${JSON.stringify(foundTerritory, null, 2)}`,
+ );
+ count++;
+ } else {
+ logger.error(
+ `${MigrationScript110.name} - Incentive with ID ${incentive.id} is not updating`,
+ );
+ }
+ }),
+ );
+
+ logger.info(`${MigrationScript110.name} - {${count}} Incentives are updated`);
+ if (count !== incentivesList.length) {
+ logger.error(`${MigrationScript110.name} - Error in updating incentives`);
+ }
+ logger.info(`${MigrationScript110.name} - Completed`);
+ }
+}
diff --git a/api/src/migrations/1.11.0.migration.ts b/api/src/migrations/1.11.0.migration.ts
new file mode 100644
index 0000000..6b7490c
--- /dev/null
+++ b/api/src/migrations/1.11.0.migration.ts
@@ -0,0 +1,104 @@
+import {AnyObject, repository} from '@loopback/repository';
+import {inject} from '@loopback/core';
+import {MigrationScript, migrationScript} from 'loopback4-migration';
+
+import {KeycloakService} from '../services';
+import {CitizenMigrationRepository, CitizenRepository} from '../repositories';
+import {logger, GENDER, IUser} from '../utils';
+
+@migrationScript()
+export class MigrationScript111 implements MigrationScript {
+ version = '1.11.0';
+ scriptName = MigrationScript111.name;
+ description = 'add identity object to citizen';
+
+ constructor(
+ @repository(CitizenRepository)
+ private citizenRepository: CitizenRepository,
+ @repository(CitizenMigrationRepository)
+ private citizenMigrationRepository: CitizenMigrationRepository,
+ @inject('services.KeycloakService')
+ public kcService: KeycloakService,
+ ) {}
+
+ async up(): Promise {
+ logger.info(`${MigrationScript111.name} - Started`);
+
+ // Update all citizens to add identity object
+ const citizens: Array = await this.citizenMigrationRepository.find({
+ where: {identity: {exists: false}},
+ });
+
+ const updateCitizens: Promise