hpi-schul-cloud · Metauriel · Mar 5, 2020 · Mar 6, 2020 · Mar 9, 2020 · Mar 9, 2020
diff --git a/config/default.json b/config/default.json
@@ -1,18 +1,18 @@
-{
-	"host": "localhost",
-	"port": 4001,
-	"protocol": "http",
-	"mongodb": "mongodb://localhost:27017/schulcloud-editor",
-	"routes": {
-		"server": {
-			"baseURL": "http://localhost:3030",
-			"coursePermissionsUri": "/courses/:courseId/userPermissions",
-			"meUri": "/me",
-			"courseMembersUri": "/courses/:courseId/members"
-		},
-		"timeout": "30000"
-	},
-	"testsecret": "secret",
-	"redis": "REDIS_URI",
-	"redis_key": "REDIS_KEY"
-}
+{
+	"host": "api.edtr.l",
+	"port": 4001,
+	"protocol": "http",
+	"mongodb": "mongodb://mongodb:27017/schulcloud-editor",
+	"routes": {
+		"server": {
+			"baseURL": "http://server:3030",
+			"coursePermissionsUri": "/courses/:courseId/userPermissions",
+			"meUri": "/me",
+			"courseMembersUri": "/courses/:courseId/members"
+		},
+		"timeout": "30000"
+	},
+	"testsecret": "secret",
+	"redis": "REDIS_URI",
+	"redis_key": "REDIS_KEY"
+}
diff --git a/src/global/index.js b/src/global/index.js
@@ -77,7 +77,7 @@ exports.before = {
 const after = {
 	// todo select is better but need more stable implementations
 	all: [iff(isProvider('external'),
-		filterOutResults('__v', 'createdAt', 'updatedAt')),
+		filterOutResults('__v', 'createdBy', 'updatedBy')),
 	],
 	find: [],
 	get: [],

diff --git a/src/middleware/socket.js b/src/middleware/socket.js
@@ -5,7 +5,7 @@ module.exports = app => app.configure(
 	socketio((io) => {
 		io.on('connection', (socket) => {
 		// do some authorization things
-			app.channel('anonymous').join(socket.feathers);
+			// app.channel('anonymous').join(socket.feathers);
 
 			socket.on('authorization', (data) => {
 				const { token } = data;
@@ -14,6 +14,7 @@ module.exports = app => app.configure(
 			});
 		});
 
+
 		// socketJwtHandler(io);
 
 		io.use((socket, next) => {

diff --git a/src/routes/ServiceRoutes.js b/src/routes/ServiceRoutes.js
@@ -1,3 +1,5 @@
+/* eslint-disable max-classes-per-file */
+
 const axios = require('axios');
 const queryString = require('query-string');
 

diff --git a/src/services/lessons/models/index.js b/src/services/lessons/models/index.js
@@ -13,6 +13,7 @@ const lessonSchema = new Schema({
 	deletedAt: { type: Date, expires: (60 * 60 * 24 * 30) },
 	createdBy: { type: Schema.Types.ObjectId },
 	updatedBy: { type: Schema.Types.ObjectId },
+	hash: { type: String },
 	position: { type: Number, default: Date.now },
 	fork: { type: Schema.Types.ObjectId }, // is forked from
 }, {

diff --git a/src/services/lessons/schemes/lessons.create.schema.json b/src/services/lessons/schemes/lessons.create.schema.json
@@ -33,6 +33,11 @@
 			"$id": "#/properties/fork",
 			"type": "string",
 			"pattern": "[a-f0-9]{24}"
+		},
+		"hash": {
+			"$id": "#/properties/hash",
+			"type": "string",
+			"pattern": "[a-f0-9]{24}"
 		}
 	},
 	"additionalProperties": false

diff --git a/src/services/lessons/schemes/lessons.patch.schema.json b/src/services/lessons/schemes/lessons.patch.schema.json
@@ -22,6 +22,11 @@
       "position": {
         "$id": "#/properties/position",
         "type": "number"
+      },
+      "hash": {
+        "$id": "#/properties/hash",
+        "type": "string",
+        "pattern": "[a-f0-9]{24}"
       }
     },
     "additionalProperties": false

diff --git a/src/services/sections/models/index.js b/src/services/sections/models/index.js
@@ -37,6 +37,7 @@ const sectionSchema = new Schema({
 	title: { type: String, default: '' },
 	state: { type: Object, default: {} },
 	permissions: [{ type: permissionSchema }],
+	hash: { type: String },
 	deletedAt: { type: Date, expires: (60 * 60 * 24 * 30) },
 	createdBy: { type: Schema.Types.ObjectId, immutable: true },
 	updatedBy: { type: Schema.Types.ObjectId },

diff --git a/src/services/sections/schemas/section.create.schema.json b/src/services/sections/schemas/section.create.schema.json
@@ -12,6 +12,9 @@
 		"state": {
  			"type": "object"
 		},
+		"hash": {
+			"type": "string"
+		},
 		"createdBy": {
 			"type": "string",
 			"pattern": "[a-f0-9]{24}"

diff --git a/src/services/sections/schemas/section.patch.schema.json b/src/services/sections/schemas/section.patch.schema.json
@@ -14,7 +14,10 @@
 		},
 		"stateDiff": {
 			"type": "object"
-	   	},
+		},
+		"hash": {
+			"type": "string"
+		},
 		"updatedBy": {
 			"type": "string",
 			"pattern": "[a-f0-9]{24}"

diff --git a/src/services/sections/section.service.js b/src/services/sections/section.service.js
@@ -17,6 +17,8 @@ const {
 } = require('../../utils');
 const {
 	diffToMongo,
+	filterManyByHashes,
+	filterStateByHash,
 } = require('./utils');
 const {
 	create: createSchema,
@@ -82,9 +84,9 @@ class SectionService {
 		const internParams = this.setScope(prepareParams(params));
 		const sections = await this.app.service(this.baseService)
 			.find(internParams);
-		const filtered = permissions.filterHasRead(sections.data, params.user);
-
-		filtered.map((section) => {
+		let filtered = permissions.filterHasRead(sections.data, params.user);
+		filtered = filterManyByHashes(filtered, params.query.hashes);
+		filtered.forEach((section) => {
 			section.visible = !permissions.couldAnyoneOnlyRead(section.permissions);
 			return section;
 		});
@@ -93,16 +95,16 @@ class SectionService {
 		return setUserScopePermissionForFindRequests(sections, params.user);
 	}
 
-	get(id, params) {
+	async get(id, params) {
 		const internParams = this.setScope(prepareParams(params));
-		return this.app.service(this.baseService)
-			.get(id, internParams)
-			.then((section) => {
-				if (!permissions.hasRead(section.permissions, params.user)) {
-					throw new Forbidden(this.err.noAccess);
-				}
-				return setUserScopePermission(section, section.permissions, params.user);
-			});
+		const section = await this.app.service(this.baseService).get(id, internParams);
+		if (!permissions.hasRead(section.permissions, params.user)) {
+			throw new Forbidden(this.err.noAccess);
+		}
+		section.timestamp = section.updatedAt;
+		const filteredSection = filterStateByHash(section, params.query.hash);
+		const result = await setUserScopePermission(filteredSection, filteredSection.permissions, params.user);
+		return result;
 	}
 
 	async remove(_id, params) {

diff --git a/src/services/sections/section.service.test.js b/src/services/sections/section.service.test.js
@@ -184,6 +184,48 @@ describe('sections/section.service.js', () => {
 		expect(status).to.equal(403);
 	});
 
+	it('get with hash only sends state if hashes dont match', async () => {
+		const { _id: lessonId } = await lessonService.createWithDefaultData({ courseId }, readPermission);
+		const state = { abc: 123, x: [] };
+		const ref = {
+			target: lessonId,
+			targetModel: 'lesson',
+		};
+		const hash = 'thisisthecurrenthash';
+		const section = await sectionService.createWithDefaultData({ state, ref, hash }, readPermission);
+
+		expect(lessonId.toString()).to.equal(section.ref.target.toString());
+
+		const {
+			status: matchingHashStatus, data: matchingHashData,
+		} = await sectionService.sendRequestToThisService('get', {
+			id: section._id, userId, lessonId, query: { hash: 'thisisthecurrenthash' },
+		});
+
+		expect(matchingHashStatus).to.equal(200);
+		expect(matchingHashData).to.an('object');
+		expect(matchingHashData).to.have.property('hash');
+		expect(matchingHashData).to.not.have.property('ref');
+		expect(matchingHashData).to.not.have.property('state');
+		expect(matchingHashData).to.not.have.property('permissions');
+		expect(matchingHashData).to.have.property(userScopePermissionKey);
+
+		const {
+			status: otherHashStatus, data: otherHashData,
+		} = await sectionService.sendRequestToThisService('get', {
+			id: section._id, userId, lessonId, query: { hash: 'someotherhash' },
+		});
+
+		expect(otherHashStatus).to.equal(200);
+		expect(otherHashData).to.an('object');
+		expect(otherHashData.ref.target.toString()).to.equal(lessonId.toString());
+		expect(otherHashData.state).to.deep.equal(state);
+		expect(otherHashData).to.not.have.property('permissions');
+		expect(otherHashData).to.have.property(userScopePermissionKey);
+		expect(otherHashData).to.have.property('timestamp');
+		expect(otherHashData).to.have.property('hash');
+	});
+
 	it('find with read permissions should work', async () => {
 		const { _id: lessonId } = await lessonService.createWithDefaultData({ courseId }, writePermission);
 		const ref = {
@@ -206,6 +248,33 @@ describe('sections/section.service.js', () => {
 		expect(data.data).all.have.property(userScopePermissionKey);
 	});
 
+	it('find should filter states if hashes match', async () => {
+		const { _id: lessonId } = await lessonService.createWithDefaultData({ courseId }, writePermission);
+		const ref = {
+			target: lessonId,
+			targetModel: 'lesson',
+		};
+		const sections = await Promise.all([
+			sectionService.createWithDefaultData({ ref, hash: 'firsthash' }, writePermission),
+			sectionService.createWithDefaultData({ ref, hash: 'secondhash' }, readPermission),
+			sectionService.createWithDefaultData({ ref, hash: undefined }, readPermission),
+		]);
+
+		const query = { hashes: {} };
+		query.hashes[sections[0]._id] = 'firsthash';
+		query.hashes[sections[1]._id] = 'wronghash';
+		query.hashes = JSON.stringify(query.hashes);
+		const result = await sectionService.sendRequestToThisService('find', {
+			userId, lessonId, query,
+		});
+		expect(result.status).to.equal(200);
+		expect(result.data.data).to.have.lengthOf(3);
+		expect(result.data.data).all.have.property(userScopePermissionKey);
+		expect(result.data.data[0]).to.not.have.property('state');
+		expect(result.data.data[1]).to.have.property('state');
+		expect(result.data.data[2]).to.have.property('state');
+	});
+
 
 	it('patch with write permissions should work', async () => {
 		const { _id: lessonId } = await lessonService.createWithDefaultData({ courseId }, writePermission);

diff --git a/src/services/sections/utils/index.js b/src/services/sections/utils/index.js
@@ -1 +1,4 @@
-exports.diffToMongo = require('./diffToMongo');
+const { filterManyByHashes, filterStateByHash } = require('./versionHashes');
+const diffToMongo = require('./diffToMongo');
+
+module.exports = { diffToMongo, filterManyByHashes, filterStateByHash };
diff --git a/src/services/sections/utils/versionHashes.js b/src/services/sections/utils/versionHashes.js
@@ -0,0 +1,40 @@
+const { BadRequest } = require('@feathersjs/errors');
+
+/**
+ * if the hash matches the hash of the section, this function filters any data that is not required by the client
+ * (since he already has the most recent version of the section)
+ * @param {Object} section a section
+ * @param {String} hash string, representing a hash of a version of the section
+ */
+const filterStateByHash = (section, hash) => {
+	const clientAlreadyHasNewestState = hash && hash === section.hash;
+	if (clientAlreadyHasNewestState) {
+		return {
+			_id: section._id,
+			permissions: section.permissions,
+			title: section.title,
+			hash: section.hash,
+		};
+	}
+	return section;
+};
+
+/**
+ * applies filterStateByHash on an array of sections, using a map of hashes
+ * @param {Array} sections an array of sections.
+ * @param {stringified JSON} hashes Object with sectionIds as keys, and hashes as values.
+ */
+const filterManyByHashes = (sections, hashes) => {
+	if (hashes) {
+		try {
+			// eslint-disable-next-line no-param-reassign
+			hashes = JSON.parse(hashes);
+		} catch (err) {
+			throw new BadRequest('hashes should be valid stringified JSON');
+		}
+		return sections.map((section) => filterStateByHash(section, hashes[section._id.toString()]));
+	}
+	return sections;
+};
+
+module.exports = { filterManyByHashes, filterStateByHash };
diff --git a/src/testHelpers/testHelper.js b/src/testHelpers/testHelper.js
@@ -1,4 +1,4 @@
-/* eslint-disable arrow-body-style */
+/* eslint-disable arrow-body-style, max-classes-per-file */
 const mongoose = require('mongoose');
 const axios = require('axios');
 const queryString = require('query-string');