Merge branch 'main' into fix/identity-issue-CM-1054

Author: themarolt

backend/src/api/index.ts

@@ -7,6 +7,7 @@ import * as http from 'http'
 import os from 'os'
 import { QueryTypes } from 'sequelize'
 
+import { BadRequestError } from '@crowd/common'
 import { getDbConnection } from '@crowd/data-access-layer/src/database'
 import { getServiceLogger } from '@crowd/logging'
 import { getOpensearchClient } from '@crowd/opensearch'
@@ -147,6 +148,14 @@ setImmediate(async () => {
 
   app.use(bodyParser.urlencoded({ limit: '5mb', extended: true }))
 
+  app.use((err: any, req: any, res: any, next: any) => {
+    if (err.type === 'entity.parse.failed') {
+      next(new BadRequestError('Invalid JSON body'))
+      return
+    }
+    next(err)
+  })
+
   app.use((req, res, next) => {
     // @ts-ignore
     req.userData = {

backend/src/api/public/index.ts

@@ -1,18 +1,12 @@
 import { Router } from 'express'
 
-import { AUTH0_CONFIG } from '../../conf'
-
 import { errorHandler } from './middlewares/errorHandler'
-import { oauth2Middleware } from './middlewares/oauth2Middleware'
-import { staticApiKeyMiddleware } from './middlewares/staticApiKeyMiddleware'
 import { v1Router } from './v1'
-import { devStatsRouter } from './v1/dev-stats'
 
 export function publicRouter(): Router {
   const router = Router()
 
-  router.use('/v1/dev-stats', staticApiKeyMiddleware(), devStatsRouter())
-  router.use('/v1', oauth2Middleware(AUTH0_CONFIG), v1Router())
+  router.use('/v1', v1Router())
   router.use(errorHandler)
 
   return router

backend/src/api/public/middlewares/errorHandler.ts

@@ -35,7 +35,13 @@ export const errorHandler: ErrorRequestHandler = (
   }
 
   req.log.error(
-    { error, url: req.url, method: req.method, query: req.query, body: req.body },
+    {
+      error: { name: error?.name, message: error?.message, stack: error?.stack },
+      url: req.url,
+      method: req.method,
+      query: req.query,
+      body: req.body,
+    },
     'Unhandled error in public API',
   )
 

backend/src/api/public/v1/affiliations/getAffiliationByHandle.ts

@@ -0,0 +1,36 @@
+import type { Request, Response } from 'express'
+
+import { NotFoundError } from '@crowd/common'
+import {
+  findMembersByGithubHandles,
+  findVerifiedEmailsByMemberIds,
+  optionsQx,
+  resolveAffiliationsByMemberIds,
+} from '@crowd/data-access-layer'
+
+import { ok } from '@/utils/api'
+
+export async function getAffiliationByHandle(req: Request, res: Response): Promise<void> {
+  const handle = req.params.githubHandle.toLowerCase()
+  const qx = optionsQx(req)
+
+  const members = await findMembersByGithubHandles(qx, [handle])
+  if (members.length === 0) {
+    throw new NotFoundError(`No LFX profile found for GitHub login '${req.params.githubHandle}'.`)
+  }
+
+  const member = members[0]
+  const memberIds = [member.memberId]
+
+  const [emailRows, affiliationsByMember] = await Promise.all([
+    findVerifiedEmailsByMemberIds(qx, memberIds),
+    resolveAffiliationsByMemberIds(qx, memberIds),
+  ])
+
+  ok(res, {
+    githubHandle: member.githubHandle,
+    name: member.displayName,
+    emails: emailRows.map((r) => r.email),
+    affiliations: affiliationsByMember.get(member.memberId) ?? [],
+  })
+}

backend/src/api/public/v1/affiliations/getAffiliations.ts

@@ -0,0 +1,89 @@
+import type { Request, Response } from 'express'
+import { z } from 'zod'
+
+import {
+  findMembersByGithubHandles,
+  findVerifiedEmailsByMemberIds,
+  optionsQx,
+  resolveAffiliationsByMemberIds,
+} from '@crowd/data-access-layer'
+
+import { ok } from '@/utils/api'
+import { validateOrThrow } from '@/utils/validation'
+
+const MAX_HANDLES = 100
+const DEFAULT_PAGE_SIZE = 20
+
+const bodySchema = z.object({
+  githubHandles: z
+    .array(z.string().trim().min(1).toLowerCase())
+    .min(1)
+    .max(MAX_HANDLES, `Maximum ${MAX_HANDLES} handles per request`),
+})
+
+const querySchema = z.object({
+  page: z.coerce.number().int().min(1).default(1),
+  pageSize: z.coerce.number().int().min(1).max(MAX_HANDLES).default(DEFAULT_PAGE_SIZE),
+})
+
+export async function getAffiliations(req: Request, res: Response): Promise<void> {
+  const { githubHandles } = validateOrThrow(bodySchema, req.body)
+  const { page, pageSize } = validateOrThrow(querySchema, req.query)
+  const qx = optionsQx(req)
+
+  const offset = (page - 1) * pageSize
+
+  // Step 1: find all verified members across all handles
+  const allMemberRows = await findMembersByGithubHandles(qx, githubHandles)
+
+  const foundHandles = new Set(allMemberRows.map((r) => r.githubHandle.toLowerCase()))
+  const notFound = githubHandles.filter((h) => !foundHandles.has(h))
+
+  const pageMemberRows = allMemberRows.slice(offset, offset + pageSize)
+
+  if (pageMemberRows.length === 0) {
+    ok(res, {
+      total: githubHandles.length,
+      totalFound: allMemberRows.length,
+      page,
+      pageSize,
+      contributorsInPage: 0,
+      contributors: [],
+      notFound,
+    })
+    return
+  }
+
+  const memberIds = pageMemberRows.map((r) => r.memberId)
+
+  // Step 2: fetch verified emails for current page
+  const emailRows = await findVerifiedEmailsByMemberIds(qx, memberIds)
+
+  const emailsByMember = new Map<string, string[]>()
+  for (const row of emailRows) {
+    const list = emailsByMember.get(row.memberId) ?? []
+    list.push(row.email)
+    emailsByMember.set(row.memberId, list)
+  }
+
+  // Step 3: resolve affiliations for current page only
+  const affiliationsByMember = await resolveAffiliationsByMemberIds(qx, memberIds)
+
+  // Step 4: build response
+  const contributors = pageMemberRows.map((member) => ({
+    githubHandle: member.githubHandle,
+    name: member.displayName,
+    emails: emailsByMember.get(member.memberId) ?? [],
+    affiliations: affiliationsByMember.get(member.memberId) ?? [],
+  }))
+
+  ok(res, {
+    total: githubHandles.length,
+    totalFound: allMemberRows.length,
+    page,
+    pageSize,
+    contributorsInPage: contributors.length,
+    contributors,
+    notFound,
+  })
+}

backend/src/api/public/v1/affiliations/index.ts

@@ -0,0 +1,26 @@
+import { Router } from 'express'
+
+import { createRateLimiter } from '@/api/apiRateLimiter'
+import { requireScopes } from '@/api/public/middlewares/requireScopes'
+import { safeWrap } from '@/middlewares/errorMiddleware'
+import { SCOPES } from '@/security/scopes'
+
+import { getAffiliationByHandle } from './getAffiliationByHandle'
+import { getAffiliations } from './getAffiliations'
+
+const rateLimiter = createRateLimiter({ max: 60, windowMs: 60 * 1000 })
+
+export function memberOrganizationAffiliationsRouter(): Router {
+  const router = Router()
+
+  router.use(rateLimiter)
+
+  router.post('/', requireScopes([SCOPES.READ_AFFILIATIONS]), safeWrap(getAffiliations))
+  router.get(
+    '/:githubHandle',
+    requireScopes([SCOPES.READ_AFFILIATIONS]),
+    safeWrap(getAffiliationByHandle),
+  )
+
+  return router
+}

backend/src/api/public/v1/dev-stats/index.ts

@@ -1,13 +1,25 @@
 import { Router } from 'express'
 
+import { NotFoundError } from '@crowd/common'
+
+import { AUTH0_CONFIG } from '../../../conf'
+import { oauth2Middleware } from '../middlewares/oauth2Middleware'
+import { staticApiKeyMiddleware } from '../middlewares/staticApiKeyMiddleware'
+
+import { memberOrganizationAffiliationsRouter } from './affiliations'
 import { membersRouter } from './members'
 import { organizationsRouter } from './organizations'
 
 export function v1Router(): Router {
   const router = Router()
 
-  router.use('/members', membersRouter())
-  router.use('/organizations', organizationsRouter())
+  router.use('/members', oauth2Middleware(AUTH0_CONFIG), membersRouter())
+  router.use('/organizations', oauth2Middleware(AUTH0_CONFIG), organizationsRouter())
+  router.use('/affiliations', staticApiKeyMiddleware(), memberOrganizationAffiliationsRouter())
+
+  router.use(() => {
+    throw new NotFoundError()
+  })
 
   return router
 }

backend/src/api/public/v1/index.ts

@@ -0,0 +1,106 @@
+import type { Request, Response } from 'express'
+import { z } from 'zod'
+
+import { captureApiChange, memberEditIdentitiesAction } from '@crowd/audit-logs'
+import { ConflictError, NotFoundError } from '@crowd/common'
+import {
+  MemberField,
+  checkMemberIdentityExistence,
+  findMemberById,
+  createMemberIdentity as insertMemberIdentity,
+  optionsQx,
+  touchMemberUpdatedAt,
+} from '@crowd/data-access-layer'
+import { IMemberIdentity, MemberIdentityType } from '@crowd/types'
+
+import { created } from '@/utils/api'
+import { validateOrThrow } from '@/utils/validation'
+
+const paramsSchema = z.object({
+  memberId: z.uuid(),
+})
+
+const bodySchema = z
+  .object({
+    value: z.string().min(1),
+    platform: z.string().min(1),
+    type: z.enum(MemberIdentityType),
+    source: z.string().min(1),
+    verified: z.boolean(),
+    verifiedBy: z.string().optional(),
+  })
+  .refine((data) => !data.verified || data.verifiedBy, {
+    message: 'verifiedBy is required when verified is true',
+    path: ['verifiedBy'],
+  })
+
+export async function createMemberIdentity(req: Request, res: Response): Promise<void> {
+  const { memberId } = validateOrThrow(paramsSchema, req.params)
+  const data = validateOrThrow(bodySchema, req.body)
+
+  const qx = optionsQx(req)
+
+  const member = await findMemberById(qx, memberId, [MemberField.ID])
+  if (!member) {
+    throw new NotFoundError('Member not found')
+  }
+
+  let result!: IMemberIdentity
+
+  await captureApiChange(
+    req,
+    memberEditIdentitiesAction(memberId, async (captureOldState, captureNewState) => {
+      captureOldState({})
+
+      await qx.tx(async (tx) => {
+        const existing = await checkMemberIdentityExistence(
+          tx,
+          data.value,
+          data.platform,
+          data.type,
+        )
+
+        for (const identity of existing) {
+          if (identity.memberId === memberId) {
+            throw new ConflictError('Identity already exists on this member')
+          }
+
+          if (identity.verified) {
+            throw new ConflictError('Identity already verified on another member')
+          }
+        }
+
+        result = await insertMemberIdentity(
+          tx,
+          {
+            memberId,
+            platform: data.platform,
+            value: data.value,
+            type: data.type,
+            source: data.source,
+            verified: data.verified,
+            verifiedBy: data.verifiedBy,
+          },
+          true,
+          true,
+        )
+
+        // touch member updated at to trigger merge suggestion
+        await touchMemberUpdatedAt(tx, memberId)
+      })
+
+      captureNewState(result)
+    }),
+  )
+
+  created(res, {
+    id: result.id,
+    value: result.value,
+    platform: result.platform,
+    verified: result.verified,
+    verifiedBy: result.verifiedBy ?? null,
+    source: result.source ?? null,
+    createdAt: result.createdAt,
+    updatedAt: result.updatedAt,
+  })
+}

backend/src/api/public/v1/members/identities/createMemberIdentity.ts

@@ -4,6 +4,7 @@ import { requireScopes } from '@/api/public/middlewares/requireScopes'
 import { safeWrap } from '@/middlewares/errorMiddleware'
 import { SCOPES } from '@/security/scopes'
 
+import { createMemberIdentity } from './identities/createMemberIdentity'
 import { getMemberIdentities } from './identities/getMemberIdentities'
 import { verifyMemberIdentity } from './identities/verifyMemberIdentity'
 import { getMemberMaintainerRoles } from './maintainer-roles/getMemberMaintainerRoles'
@@ -27,6 +28,12 @@ export function membersRouter(): Router {
     safeWrap(getMemberIdentities),
   )
 
+  router.post(
+    '/:memberId/identities',
+    requireScopes([SCOPES.WRITE_MEMBER_IDENTITIES]),
+    safeWrap(createMemberIdentity),
+  )
+
   router.patch(
     '/:memberId/identities/:identityId',
     requireScopes([SCOPES.WRITE_MEMBER_IDENTITIES]),