From cf7c431a9fab560bb602464280655c7515ea3870 Mon Sep 17 00:00:00 2001 From: Slavcho Ivanov Date: Mon, 18 Dec 2023 22:11:02 +0200 Subject: [PATCH 1/6] Fix a bug with the files upload for the campaign expenses (#587) * Reduce the cache ttl for public donations and total money collected. The idea of the cache is to help in extreme scenarios when many requests are being fired. One request every 2 seconds should be easy to handle by the backend. * The expense original filenames are encoded in base64. This allows us to upload files with cyrilic names. But it adds a bit of complexity in the backend. --- apps/api/src/common/files.ts | 10 ++++++++-- apps/api/src/expenses/expenses.controller.ts | 10 +++++++++- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/apps/api/src/common/files.ts b/apps/api/src/common/files.ts index e4c429452..6f95900db 100644 --- a/apps/api/src/common/files.ts +++ b/apps/api/src/common/files.ts @@ -39,9 +39,15 @@ export function validateFileType( const allowedExtensions = /txt|json|pdf|jpeg|jpg|png|xml|xlsx|xls|docx/ - const isExtensionSupported = allowedExtensions.test(path.extname(file.originalname).toLowerCase()) + const filename = file.originalname + let ext = path.extname(filename).toLowerCase() + if (ext == '') { + // for the expense files, the original filename is encoded in base64 + ext = path.extname(file.filename).toLowerCase() + } + const isExtensionSupported = allowedExtensions.test(ext) if (!isExtensionSupported) { - return cb(new Error('File extension is not allowed'), false) + return cb(new Error('File extension is not allowed: ' + file.filename), false) } cb(null, true) diff --git a/apps/api/src/expenses/expenses.controller.ts b/apps/api/src/expenses/expenses.controller.ts index 227eb3362..0dd74dc56 100644 --- a/apps/api/src/expenses/expenses.controller.ts +++ b/apps/api/src/expenses/expenses.controller.ts @@ -10,6 +10,7 @@ import { StreamableFile, NotFoundException, UnauthorizedException, + Logger, } from '@nestjs/common' import { AuthenticatedUser, Public, RoleMatchingMode, Roles } from 'nest-keycloak-connect' @@ -71,8 +72,15 @@ export class ExpensesController { @Post(':expenseId/files') @UseInterceptors( FilesInterceptor('file', 5, { - limits: { fileSize: 1024 * 1024 * 10 }, //limit uploaded files to 5 at once and 10MB each + limits: { fileSize: 1024 * 1024 * 30 }, //limit uploaded files to 5 at once and 30MB each fileFilter: (_req: Request, file, cb) => { + try { + // decode the name from base64 + file.filename = Buffer.from(file.originalname, 'base64').toString('utf-8') + } catch { + Logger.error('Error decoding filename from base64: ', file.originalname) + } + validateFileType(file, cb) }, }), From 5e1bc83b6f2f7c123433ce405fbcccc451f84051 Mon Sep 17 00:00:00 2001 From: Aleksandar Petkov Date: Mon, 18 Dec 2023 22:13:21 +0200 Subject: [PATCH 2/6] src/donations: Remove unnecessary relations from query response (#588) * src/auth: Add companyName as keycloak attribute * src/donations: Remove person relation from user/:id response Donor's names will be claimed by the session token. --- apps/api/src/auth/auth.service.ts | 4 ++-- apps/api/src/donations/donations.controller.ts | 8 +------- apps/api/src/donations/donations.service.ts | 13 +------------ 3 files changed, 4 insertions(+), 21 deletions(-) diff --git a/apps/api/src/auth/auth.service.ts b/apps/api/src/auth/auth.service.ts index 2f058e8e6..90e53760e 100644 --- a/apps/api/src/auth/auth.service.ts +++ b/apps/api/src/auth/auth.service.ts @@ -252,7 +252,7 @@ export class AuthService { emailVerified: true, groups: [], requiredActions: verifyEmail ? [RequiredActionAlias.VERIFY_EMAIL] : [], - attributes: { selfReg: true }, + attributes: { selfReg: true, companyName: registerDto.companyName }, credentials: [ { type: 'password', @@ -433,7 +433,7 @@ export class AuthService { const user = await this.personService.findOneByKeycloakId(keycloakId) //Check and throw if user is a beneficiary, organizer or corporate profile - if (!!user && user.beneficiaries.length > 0 || user?.organizer || user?.companyId) { + if ((!!user && user.beneficiaries.length > 0) || user?.organizer || user?.companyId) { throw new InternalServerErrorException( 'Cannot delete a beneficiary, organizer or corporate profile', ) diff --git a/apps/api/src/donations/donations.controller.ts b/apps/api/src/donations/donations.controller.ts index 90e004cee..6ad0c7efd 100644 --- a/apps/api/src/donations/donations.controller.ts +++ b/apps/api/src/donations/donations.controller.ts @@ -178,13 +178,7 @@ export class DonationsController { @Get('user/:id') async userDonationById(@Param('id') id: string, @AuthenticatedUser() user: KeycloakTokenParsed) { const donation = await this.donationsService.getUserDonationById(id, user.sub, user.email) - return { - ...donation, - person: { - firstName: user.given_name, - lastName: user.family_name, - }, - } + return donation } @Post('payment-intent') diff --git a/apps/api/src/donations/donations.service.ts b/apps/api/src/donations/donations.service.ts index 6160f51de..ab2328245 100644 --- a/apps/api/src/donations/donations.service.ts +++ b/apps/api/src/donations/donations.service.ts @@ -461,7 +461,7 @@ export class DonationsService { id: string, keycloakId: string, email?: string, - ): Promise<(Donation & { person: Person | null }) | null> { + ): Promise { return await this.prisma.donation.findFirst({ where: { id, @@ -469,17 +469,6 @@ export class DonationsService { OR: [{ billingEmail: email }, { person: { keycloakId } }], }, include: { - person: { - select: { - id: true, - firstName: true, - lastName: true, - company: { select: { companyName: true } }, - }, - }, - affiliate: { - select: { company: { select: { companyName: true } } }, - }, targetVault: { select: { id: true, From 8ec0b8210c33c725a6d041ecca8626e5ba463928 Mon Sep 17 00:00:00 2001 From: Aleksandar Petkov Date: Thu, 21 Dec 2023 10:33:11 +0200 Subject: [PATCH 3/6] src/donations: Allow status update from status declined (#589) --- apps/api/src/donations/helpers/donation-status-updates.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/api/src/donations/helpers/donation-status-updates.ts b/apps/api/src/donations/helpers/donation-status-updates.ts index c757e89ec..532c14974 100644 --- a/apps/api/src/donations/helpers/donation-status-updates.ts +++ b/apps/api/src/donations/helpers/donation-status-updates.ts @@ -5,13 +5,13 @@ const changeable: DonationStatus[] = [ DonationStatus.incomplete, DonationStatus.paymentRequested, DonationStatus.waiting, + DonationStatus.declined, DonationStatus.guaranteed, ] const final: DonationStatus[] = [ DonationStatus.succeeded, DonationStatus.cancelled, DonationStatus.deleted, - DonationStatus.declined, DonationStatus.invalid, DonationStatus.refund, ] From ab80507fc93618dff5f1321dbb8133f80ffd773b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 6 Jan 2024 12:08:41 +0200 Subject: [PATCH 4/6] build(deps): bump actions/upload-artifact from 3 to 4 (#592) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index f47080b8b..2ff2d0485 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -45,7 +45,7 @@ jobs: - name: Run tests run: yarn test:ci - name: Upload test results artifact - uses: actions/upload-artifact@v3 # upload test results + uses: actions/upload-artifact@v4 # upload test results if: success() || failure() # run this step even if previous step failed with: # upload a combined archive with unit and integration test results name: test-results From 33a084598dcf6ecce5e8e5b6a9d9877a57150a13 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 6 Jan 2024 12:09:30 +0200 Subject: [PATCH 5/6] build(deps): bump github/codeql-action from 2 to 3 (#593) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index f87f26732..092892545 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -45,7 +45,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -56,7 +56,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@v3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -70,4 +70,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 From 97adc1f03dfa014a60d5e59151ba1859788085f4 Mon Sep 17 00:00:00 2001 From: Aleksandar Petkov Date: Wed, 10 Jan 2024 14:34:37 +0200 Subject: [PATCH 6/6] src/config: Set sentry's logLevels correctly (#596) * src/config: Set sentry's logLevels correctly logLevel has been deprecated in nestjs-sentry package, in favor of logLevels, which expects an array of Sentry LogLevels * src/config: Allow logging only for errors and warns --- apps/api/src/config/configuration.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/apps/api/src/config/configuration.ts b/apps/api/src/config/configuration.ts index 6dee37d3a..e2afe5afa 100644 --- a/apps/api/src/config/configuration.ts +++ b/apps/api/src/config/configuration.ts @@ -1,3 +1,5 @@ +import { SeverityLevel } from '@sentry/node' + /** * Be sure to add `process.env` vars in validation schema at ./validation.config.ts */ @@ -13,7 +15,7 @@ export default () => ({ environment: process.env.APP_ENV, debug: false, enabled: process.env.APP_ENV !== 'development', - logLevel: 'debug', + logLevels: ['error', 'warn'] as SeverityLevel[], tracesSampleRate: 1.0, }, sendgrid: {