Merge branch 'master' into dependabot/go_modules/backend/github.com/buger/jsonparser-1.1.1

Author: scottmai

README.md

@@ -120,7 +120,8 @@ While we still have the waitlist in place (until October 7th), these are the ste
 Follow these steps, and you should see what a new user to General Task would see when signing up.
 
 ## Deploying backend
-Our backend is currently on AWS EKS in us-west-1 region. These are the steps to setup access
+Our backend is currently on AWS EKS in us-west-1 region. These are the steps to setup access.
+
 We currently perform backend deploys using the Heroku CLI. Assuming you have the heroku credentials, you can deploy with the following steps:
 
 ### One-time Kubernetes setup
@@ -178,7 +179,7 @@ core-service   NodePort   172.19.64.51   <none>        8080:31254/TCP   21d
 ```
 
 #### Common Commands
-Here's a list of nice k8s commands to add to your shell file:
+Here's a list of nice k8s commands to add to your shell startup file:
 ```
 alias kp="kubectl config use-context prod --namespace prd-gtsk-uswest1"
 alias kgp="kubectl get pods"

backend/.env

@@ -31,4 +31,6 @@ JIRA_OAUTH_CLIENT_ID=y86GV794HPeNmsyIodonW9wFvKK4MaOK
 JIRA_OAUTH_CLIENT_SECRET=dummy_value
 # Client ID here is for local App, should be different for prod app
 ASANA_OAUTH_CLIENT_ID=1203537986844495
-ASANA_OAUTH_CLIENT_SECRET=dummy_value
+ASANA_OAUTH_CLIENT_SECRET=dummy_value
+# Open AI only requires secret
+OPEN_AI_CLIENT_SECRET=dummy_value

backend/api/calendar_list.go

@@ -0,0 +1,58 @@
+package api
+
+import (
+	"context"
+	"github.com/GeneralTask/task-manager/backend/database"
+	"github.com/gin-gonic/gin"
+	"go.mongodb.org/mongo-driver/bson"
+)
+
+type CalendarResult struct {
+	CalendarID string `json:"calendar_id,omitempty"`
+	ColorID    string `json:"color_id,omitempty"`
+}
+
+type CalendarAccountResult struct {
+	AccountID        string           `json:"account_id"`
+	Calendars        []CalendarResult `json:"calendars"`
+	HasMulticalScope bool             `json:"needs_multical_scopes"`
+}
+
+func (api *API) CalendarsList(c *gin.Context) {
+	userID := getUserIDFromContext(c)
+	var userObject database.User
+	userCollection := database.GetUserCollection(api.DB)
+	err := userCollection.FindOne(context.Background(), bson.M{"_id": userID}).Decode(&userObject)
+	if err != nil {
+		api.Logger.Error().Err(err).Msg("failed to find user")
+		Handle500(c)
+		return
+	}
+
+	calendarAccounts, err := database.GetCalendarAccounts(api.DB, userID)
+	if err != nil {
+		Handle500(c)
+		return
+	}
+	results := []*CalendarAccountResult{}
+	for _, account := range *calendarAccounts {
+		// for implicit memory aliasing
+		calendars := []CalendarResult{}
+		for _, calendar := range account.Calendars {
+			calendarResult := CalendarResult{
+				CalendarID: calendar.CalendarID,
+				ColorID:    calendar.ColorID,
+			}
+			calendars = append(calendars, calendarResult)
+
+		}
+		result := CalendarAccountResult{
+			AccountID:        account.IDExternal,
+			Calendars:        calendars,
+			HasMulticalScope: database.HasUserGrantedMultiCalendarScope(account.Scopes),
+		}
+		results = append(results, &result)
+	}
+
+	c.JSON(200, results)
+}

backend/api/calendar_list_test.go

@@ -0,0 +1,97 @@
+package api
+
+import (
+	"encoding/json"
+	"github.com/GeneralTask/task-manager/backend/database"
+	"github.com/stretchr/testify/assert"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+	"net/http"
+	"testing"
+)
+
+func TestCalendarList(t *testing.T) {
+	authToken := login("[email protected]", "")
+	db, dbCleanup, err := database.GetDBConnection()
+	assert.NoError(t, err)
+	defer dbCleanup()
+	userID := getUserIDFromAuthToken(t, db, authToken)
+	notUserID := primitive.NewObjectID()
+	_, err = database.UpdateOrCreateCalendarAccount(
+		db,
+		userID,
+		"123abc",
+		"foobar_source",
+		&database.CalendarAccount{
+			UserID:     userID,
+			IDExternal: "account1",
+			Calendars: []database.Calendar{
+				{
+					CalendarID: "cal1",
+					ColorID:    "col1",
+				},
+			},
+			Scopes: []string{"https://www.googleapis.com/auth/calendar"},
+		},
+		nil,
+	)
+	assert.NoError(t, err)
+	_, err = database.UpdateOrCreateCalendarAccount(
+		db,
+		userID,
+		"123def",
+		"foobar_source",
+		&database.CalendarAccount{
+			UserID:     userID,
+			IDExternal: "account2",
+			Calendars: []database.Calendar{
+				{
+					CalendarID: "cal2",
+					ColorID:    "col2",
+				},
+				{
+					CalendarID: "cal3",
+					ColorID:    "col3",
+				},
+			},
+		},
+		nil,
+	)
+	assert.NoError(t, err)
+	_, err = database.UpdateOrCreateCalendarAccount(
+		db,
+		userID,
+		"123abc",
+		"foobar_source",
+		&database.CalendarAccount{
+			UserID:     notUserID,
+			IDExternal: "account3",
+			Calendars: []database.Calendar{
+				{
+					CalendarID: "cal4",
+					ColorID:    "col4",
+				},
+			},
+		},
+		nil,
+	)
+	assert.NoError(t, err)
+
+	UnauthorizedTest(t, "GET", "/calendars/", nil)
+	t.Run("Success", func(t *testing.T) {
+		api, dbCleanup := GetAPIWithDBCleanup()
+		defer dbCleanup()
+
+		response := ServeRequest(t, authToken, "GET", "/calendars/?", nil, http.StatusOK, api)
+		var result []CalendarAccountResult
+		err = json.Unmarshal(response, &result)
+
+		assert.NoError(t, err)
+		assert.Equal(t, 2, len(result))
+
+		assert.Equal(t, []CalendarAccountResult{
+			{AccountID: "account1", Calendars: []CalendarResult{{CalendarID: "cal1", ColorID: "col1"}}, HasMulticalScope: true},
+			{AccountID: "account2", Calendars: []CalendarResult{{CalendarID: "cal2", ColorID: "col2"}, {CalendarID: "cal3", ColorID: "col3"}}, HasMulticalScope: false},
+		},
+			result)
+	})
+}

backend/api/helpers.go

@@ -2,7 +2,9 @@ package api
 
 import (
 	"errors"
+	"fmt"
 	"regexp"
+	"strconv"
 	"strings"
 	"time"
 
@@ -58,7 +60,16 @@ func GetTimezoneOffsetFromHeader(c *gin.Context) (time.Duration, error) {
 	if len(timezoneOffsetHeader) == 0 {
 		return time.Duration(0), errors.New("Timezone-Offset header is required")
 	}
-	duration, err := time.ParseDuration(timezoneOffsetHeader[0] + "m")
+
+	timezoneOffsetInt, err := strconv.Atoi(timezoneOffsetHeader[0])
+	if err != nil {
+		return 0, errors.New("Timezone-Offset header is invalid")
+	}
+
+	// mod timezone to limit to minutes in a day (for security)
+	modTimezone := timezoneOffsetInt % 1440
+
+	duration, err := time.ParseDuration(fmt.Sprint(modTimezone) + "m")
 	if err != nil {
 		return duration, errors.New("Timezone-Offset header is invalid")
 	}

backend/api/login.go

@@ -82,7 +82,7 @@ func (api *API) Login(c *gin.Context) {
 func (api *API) LoginCallback(c *gin.Context) {
 	var redirectParams GoogleRedirectParams
 	if c.ShouldBind(&redirectParams) != nil || redirectParams.State == "" || redirectParams.Code == "" || redirectParams.Scope == "" {
-		c.JSON(400, gin.H{"detail": "missing query params"})
+		c.Redirect(302, config.GetConfigValue("HOME_URL"))
 		return
 	}
 
@@ -177,7 +177,7 @@ func createNewUserTasks(userID primitive.ObjectID, db *mongo.Database) error {
 			SourceAccountID:   external.GeneralTaskDefaultAccountID,
 			IsCompleted:       &completed,
 			IsDeleted:         &deleted,
-			NUXNumber:         index + 1,
+			NUXNumber:         constants.StarterTasksNuxIDs[index],
 			CreatedAtExternal: primitive.NewDateTimeFromTime(time.Now()),
 		}
 		_, err := taskCollection.InsertOne(context.Background(), newTask)

backend/api/login_test.go

@@ -10,6 +10,7 @@ import (
 	"go.mongodb.org/mongo-driver/bson"
 	"go.mongodb.org/mongo-driver/bson/primitive"
 
+	"github.com/GeneralTask/task-manager/backend/config"
 	"github.com/GeneralTask/task-manager/backend/database"
 	"github.com/GeneralTask/task-manager/backend/external"
 	"github.com/stretchr/testify/assert"
@@ -120,10 +121,9 @@ func TestLoginCallback(t *testing.T) {
 		request, _ := http.NewRequest("GET", "/login/callback/", nil)
 		recorder := httptest.NewRecorder()
 		router.ServeHTTP(recorder, request)
-		assert.Equal(t, http.StatusBadRequest, recorder.Code)
-		body, err := io.ReadAll(recorder.Body)
-		assert.NoError(t, err)
-		assert.Equal(t, "{\"detail\":\"missing query params\"}", string(body))
+		assert.Equal(t, http.StatusFound, recorder.Code)
+		// check that we redirect to the home page
+		assert.Equal(t, config.GetConfigValue("HOME_URL"), recorder.Result().Header.Get("Location"))
 	})
 
 	t.Run("Idempotent", func(t *testing.T) {

backend/api/overview.go

@@ -583,8 +583,8 @@ func reorderTaskResultsByDueDate(taskResults []*TaskResult) []*TaskResult {
 	sort.SliceStable(taskResults, func(i, j int) bool {
 		a := taskResults[i]
 		b := taskResults[j]
-		aTime, _ := time.Parse("2006-01-02", a.DueDate)
-		bTime, _ := time.Parse("2006-01-02", b.DueDate)
+		aTime, _ := time.Parse(time.RFC3339, a.DueDate)
+		bTime, _ := time.Parse(time.RFC3339, b.DueDate)
 		return aTime.Unix() < bTime.Unix()
 	})
 	for idx, result := range taskResults {
@@ -807,6 +807,53 @@ func (api *API) ViewDoesExist(db *mongo.Database, userID primitive.ObjectID, par
 	return count > 0, nil
 }
 
+type ViewBulkModifyParams struct {
+	OrderedViewIDs []string `json:"ordered_view_ids" binding:"required"`
+}
+
+// NOTE: this endpoint ONLY updates the view IDs provided, so a complete list of view IDs should be provided
+func (api *API) OverviewViewBulkModify(c *gin.Context) {
+	userID := getUserIDFromContext(c)
+	var viewModifyParams ViewBulkModifyParams
+	err := c.BindJSON(&viewModifyParams)
+	if err != nil {
+		c.JSON(400, gin.H{"detail": "invalid or missing parameter"})
+		return
+	}
+
+	var operations []mongo.WriteModel
+	for index, viewIDHex := range viewModifyParams.OrderedViewIDs {
+		viewID, err := primitive.ObjectIDFromHex(viewIDHex)
+		if err != nil {
+			c.JSON(400, gin.H{"detail": "malformatted view ID"})
+			return
+		}
+		newIDOrdering := index + 1
+		operation := mongo.NewUpdateOneModel()
+		operation.SetFilter(bson.M{
+			"$and": []bson.M{
+				{"user_id": userID},
+				{"_id": viewID},
+			},
+		})
+		operation.SetUpdate(bson.M{"$set": bson.M{"id_ordering": newIDOrdering}})
+		operations = append(operations, operation)
+	}
+
+	viewCollection := database.GetViewCollection(api.DB)
+	result, err := viewCollection.BulkWrite(context.Background(), operations)
+	if err != nil {
+		api.Logger.Error().Err(err).Msg("failed to bulk modify view ordering")
+		Handle500(c)
+		return
+	}
+	if result.MatchedCount != int64(len(operations)) {
+		c.JSON(400, gin.H{"detail": "invalid or duplicate view IDs provided"})
+		return
+	}
+	c.JSON(200, gin.H{})
+}
+
 type ViewModifyParams struct {
 	IDOrdering int `json:"id_ordering" binding:"required"`
 }