Merge remote-tracking branch 'origin/main' into feature/spectator

sliit-foss · Sep 15, 2024 · 80cc7cb · 80cc7cb
2 parents fd97043 + f15a6f8
commit 80cc7cb
Show file tree

Hide file tree

Showing 8 changed files with 24 additions and 11 deletions.
diff --git a/.env.example b/.env.example
@@ -19,4 +19,6 @@ SCOREKEEPER_REPO_OWNER=
 SCOREKEEPER_REPO_NAME=
 
 AZURE_CHALLENGE_UPLOAD_SAS_TOKEN=
-AZURE_SOLUTION_DOWNLOAD_SAS_TOKEN=
+AZURE_SOLUTION_DOWNLOAD_SAS_TOKEN=
+AZURE_SOLUTION_UPLOAD_STORAGE_ACCOUNT=
+AZURE_STORAGE_CONTAINER=
diff --git a/src/.DS_Store b/src/.DS_Store
diff --git a/src/controllers/auth.js b/src/controllers/auth.js
@@ -43,7 +43,8 @@ export const verifyUser = async (req, res) => {
     res.end(
       template({
         login_link: `${process.env.FRONTEND_DOMAIN}/login`,
-        verified: !!user
+        verified: !!user,
+        year: new Date().getFullYear()
       })
     );
   } catch (e) {

diff --git a/src/html/verification.html b/src/html/verification.html
@@ -4,7 +4,7 @@
     <meta charset="utf-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
     <link rel="icon" type="image/svg+xml" href="https://bashaway.sliitfoss.org/assets/icons/favicon.svg" />
-    <title>Bashaway | 2023</title>
+    <title>Bashaway | {{year}}</title>
     <link href="https://fonts.googleapis.com/css?family=Inter" rel="stylesheet" />
     <style>
       body,

diff --git a/src/repository/question/index.js b/src/repository/question/index.js
@@ -14,7 +14,7 @@ export const findAllQuestions = (user, query = {}) => {
   const filter = questionFilters(user, query.filter);
 
   const options = {
-    select: '-creator -creator_lock',
+    select: '-creator',
     lean: true,
     sort: query.sort
   };
@@ -38,16 +38,15 @@ export const findQuestion = (filters) => {
   return Question.findOne(filters).lean();
 };
 
-export const getQuestionById = (id, user, filterFields = true) => {
+export const getQuestionById = (id, user) => {
   const filters = {
     _id: { $eq: new ObjectId(id) },
     $or: [{ creator_lock: false }, { creator_lock: true, creator: user._id }]
   };
   if (user.role !== ROLE.ADMIN) {
     filters.enabled = true;
   }
-  let query = Question.findOne(filters).lean();
-  if (filterFields) query = query.select('-creator_lock');
+  const query = Question.findOne(filters).lean();
   return query.exec();
 };
 

diff --git a/src/services/auth.js b/src/services/auth.js
@@ -30,13 +30,15 @@ export const authLogin = async ({ email, password }) => {
 };
 
 export const verifyMailTemplate = async (email, verification_code) => {
+  const year = new Date().getFullYear();
   const replacements = {
     header: 'Welcome To Bashaway!',
     text: `We are excited to have you here. To get started, you need to confirm your account. Just press the
     button below.`,
     action_link: `${process.env.APP_DOMAIN}/api/auth/verify/${verification_code}`,
     action_text: 'Confirm',
-    disclaimer_text: "You've received this email because you have opted to participate in Bashaway 2023."
+    disclaimer_text: `You've received this email because you have opted to participate in Bashaway ${year}.`,
+    year
   };
   const subject = 'Bashaway - Account Verification';
   await sendMail(email, 'call_to_action', replacements, subject);
@@ -68,7 +70,7 @@ export const resetPasswordMailTemplate = async (email, verification_code) => {
       isFromAdmin() ? process.env.ADMIN_FRONTEND_DOMAIN : process.env.FRONTEND_DOMAIN
     }/reset-password/${verification_code}`,
     action_text: 'Reset Password',
-    disclaimer_text: "You've received this email because you have opted to participate in Bashaway 2023."
+    disclaimer_text: `You've received this email because you have opted to participate in Bashaway ${new Date().getFullYear()}.`
   };
   const subject = 'Bashaway - Reset Account Password';
   await sendMail(email, 'call_to_action', replacements, subject);

diff --git a/src/services/submission.js b/src/services/submission.js
@@ -2,12 +2,20 @@ import createError from 'http-errors';
 import { ROLE } from '@/constants';
 import { findQuestion, getMaxScore } from '@/repository/question';
 import { getSubmissionById, getSubmissions, insertGrade, insertSubmission } from '@/repository/submission';
+import { isFromAdmin } from '@/utils';
 import { triggerScorekeeper as initiateTesting } from './github';
 
 export const createSubmission = async ({ question: questionId, link }, user) => {
   const question = await findQuestion({ _id: questionId });
   if (!question) throw new createError(422, 'Invalid question ID');
   if (!question.enabled) throw new createError(400, 'You cannot make a submission for a disabled question');
+
+  const checkUrl = `https://${process.env.AZURE_SOLUTION_UPLOAD_STORAGE_ACCOUNT}.blob.core.windows.net/${
+    process.env.AZURE_STORAGE_CONTAINER
+  }/${encodeURIComponent(user.name)}`;
+
+  if (!link.startsWith(checkUrl)) throw new createError(422, 'Invalid submission link');
+
   const submission = await insertSubmission(user._id, questionId, link);
   initiateTesting(
     user.name,
@@ -21,7 +29,7 @@ export const createSubmission = async ({ question: questionId, link }, user) =>
 };
 
 export const viewSubmissions = (query, user) => {
-  if (user.role != ROLE.ADMIN) {
+  if (user.role != ROLE.ADMIN || !isFromAdmin()) {
     if (!query.filter) query.filter = {};
     query.filter.user = user._id;
   }

diff --git a/src/services/user.js b/src/services/user.js
@@ -36,6 +36,7 @@ export const updateUserdetails = async (userId, user, payload) => {
     }
     delete payload.is_active;
     delete payload.eliminated;
+    delete payload.name;
   }
   if (payload.name) {
     const existingUser = await getOneUser({ name: payload.name, _id: { $ne: userId } });
@@ -71,7 +72,7 @@ const sendAdminPassword = (email, password) => {
     highlight_text: password,
     action_link: `${process.env.ADMIN_FRONTEND_DOMAIN || 'https://admin.bashaway.sliitfoss.org'}/login`,
     action_text: 'Login',
-    disclaimer_text: "You've received this email because you have been chosen as a member of Bashaway 2023."
+    disclaimer_text: `You've received this email because you have been chosen as a member of Bashaway ${new Date().getFullYear()}.`
   };
   const subject = 'Bashaway - Admin Account Password';
   return sendMail(email, 'call_to_action', replacements, subject);