From 81bb78badf24bd69a9792c2b3f5065bd50f402bc Mon Sep 17 00:00:00 2001
From: Vinit khandal <111434418+vinit717@users.noreply.github.com>
Date: Mon, 19 Aug 2024 21:21:14 +0530
Subject: [PATCH 1/2] Dev to Main sync (#2079)

---
 README.md                                  |  2 +-
 middlewares/checkCanGenerateDiscordLink.ts | 65 ++++++++++++---
 test/integration/discordactions.test.js    | 94 +++++++++++++++++++---
 3 files changed, 140 insertions(+), 21 deletions(-)

diff --git a/README.md b/README.md
index 95eca3921..e3a0b6258 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@
 - [About the Project](#about-the-project)
 - [Running the Project](#running-the-project)
 - [Prerequisites](#prerequisites)
-- [API Documentation](#api-documentation)
+- [API Documentation](https://github.com/Real-Dev-Squad/website-api-contracts/)
 - [CONTRIBUTING](CONTRIBUTING.md)
 
 ## About the Project
diff --git a/middlewares/checkCanGenerateDiscordLink.ts b/middlewares/checkCanGenerateDiscordLink.ts
index eab2b02cc..7af51d852 100644
--- a/middlewares/checkCanGenerateDiscordLink.ts
+++ b/middlewares/checkCanGenerateDiscordLink.ts
@@ -1,28 +1,73 @@
 import { NextFunction } from "express";
 import { CustomRequest, CustomResponse } from "../types/global";
+const ApplicationModel = require("../models/applications");
 
 const checkCanGenerateDiscordLink = async (req: CustomRequest, res: CustomResponse, next: NextFunction) => {
-  const { discordId, roles, id: userId, profileStatus } = req.userData;
+  const { id: userId, roles } = req.userData;
   const isSuperUser = roles.super_user;
   const userIdInQuery = req.query.userId;
+  const currentTime = Date.now();
+  const cutoffTime = 1724630399000;  // Epoch time for 25 August 2024
+
+  if (isSuperUser) {
+    return next();
+  }
 
   if (userIdInQuery && userIdInQuery !== userId && !isSuperUser) {
     return res.boom.forbidden("User should be super user to generate link for other users");
   }
 
-  if (!isSuperUser && discordId) {
-    return res.boom.forbidden("Only users who have never joined discord can generate invite link");
+  if (currentTime >= cutoffTime) {
+    return res.boom.forbidden("Discord invite link generation is not allowed after the cutoff time.");
   }
 
-  if (roles.archived) {
-    return res.boom.forbidden("Archived users cannot generate invite");
-  }
+  try {
+    const applications = await ApplicationModel.getUserApplications(userId);
+    
+    if (!applications || applications.length === 0) {
+      return res.boom.forbidden("No applications found.");
+    }
 
-  if (!isSuperUser && !roles.maven && !roles.designer && !roles.product_manager && profileStatus !== "VERIFIED") {
-    return res.boom.forbidden("Only selected roles can generate discord link directly");
-  }
+    const approvedApplication = applications.find((application: { status: string; }) => application.status === 'accepted');
+    
+    if (!approvedApplication) {
+      return res.boom.forbidden("Only users with an approved application can generate a Discord invite link.");
+    }
 
-  return next();
+    return next();
+  } catch (error) {
+    return res.boom.badImplementation("An error occurred while checking user applications.");
+  }
 };
 
+export default checkCanGenerateDiscordLink;
+
+// <------ We have to revisit this later ------->
+// <--- https://github.com/Real-Dev-Squad/website-backend/issues/2078 --->
+
+
+// const checkCanGenerateDiscordLink = async (req: CustomRequest, res: CustomResponse, next: NextFunction) => {
+//   const { discordId, roles, id: userId, profileStatus } = req.userData;
+//   const isSuperUser = roles.super_user;
+//   const userIdInQuery = req.query.userId;
+
+//   if (userIdInQuery && userIdInQuery !== userId && !isSuperUser) {
+//     return res.boom.forbidden("User should be super user to generate link for other users");
+//   }
+
+//   if (!isSuperUser && discordId) {
+//     return res.boom.forbidden("Only users who have never joined discord can generate invite link");
+//   }
+
+//   if (roles.archived) {
+//     return res.boom.forbidden("Archived users cannot generate invite");
+//   }
+
+//   if (!isSuperUser && !roles.maven && !roles.designer && !roles.product_manager && profileStatus !== "VERIFIED") {
+//     return res.boom.forbidden("Only selected roles can generate discord link directly");
+//   }
+
+//   return next();
+// };
+
 module.exports = checkCanGenerateDiscordLink;
diff --git a/test/integration/discordactions.test.js b/test/integration/discordactions.test.js
index 8d64574fb..aeadec41b 100644
--- a/test/integration/discordactions.test.js
+++ b/test/integration/discordactions.test.js
@@ -8,6 +8,8 @@ const addUser = require("../utils/addUser");
 const cleanDb = require("../utils/cleanDb");
 // Import fixtures
 const userData = require("../fixtures/user/user")();
+const ApplicationModel = require("../../models/applications");
+
 const usersInDiscord = require("../fixtures/user/inDiscord");
 const superUser = userData[4];
 const archievedUser = userData[19];
@@ -777,7 +779,18 @@ describe("Discord actions", function () {
     });
   });
 
+  // <------ Will revisit this later https://github.com/Real-Dev-Squad/website-backend/issues/2078 --->
   describe("POST /discord-actions/invite", function () {
+    let clock;
+
+    beforeEach(function () {
+      clock = sinon.useFakeTimers(new Date("2024-08-24").getTime());
+    });
+
+    afterEach(function () {
+      sinon.restore();
+    });
+
     it("should return 403 if the userId in the query param is not equal to the userId of the user and user is not a super user", async function () {
       const res = await chai
         .request(app)
@@ -788,7 +801,8 @@ describe("Discord actions", function () {
       expect(res.body.message).to.be.equal("User should be super user to generate link for other users");
     });
 
-    it("should return 403 if the user has discord id in their user object, which means user is already in discord", async function () {
+    // eslint-disable-next-line mocha/no-skipped-tests
+    it.skip("should return 403 if the user has discord id in their user object, which means user is already in discord", async function () {
       const res = await chai
         .request(app)
         .post(`/discord-actions/invite`)
@@ -798,7 +812,8 @@ describe("Discord actions", function () {
       expect(res.body.message).to.be.equal("Only users who have never joined discord can generate invite link");
     });
 
-    it("should return 403 if user has role archieved", async function () {
+    // eslint-disable-next-line mocha/no-skipped-tests
+    it.skip("should return 403 if user has role archieved", async function () {
       archievedUserId = await addUser(archievedUser);
       archievedUserToken = authService.generateAuthToken({ userId: archievedUserId });
       const res = await chai
@@ -810,7 +825,8 @@ describe("Discord actions", function () {
       expect(res.body.message).to.be.equal("Archived users cannot generate invite");
     });
 
-    it("should return 403 if the user doesn't have role designer, product_manager, or mavens", async function () {
+    // eslint-disable-next-line mocha/no-skipped-tests
+    it.skip("should return 403 if the user doesn't have role designer, product_manager, or mavens", async function () {
       developerUserWithoutApprovedProfileStatusId = await addUser(developerUserWithoutApprovedProfileStatus);
       developerUserWithoutApprovedProfileStatusToken = authService.generateAuthToken({
         userId: developerUserWithoutApprovedProfileStatusId,
@@ -824,7 +840,8 @@ describe("Discord actions", function () {
       expect(res.body.message).to.be.equal("Only selected roles can generate discord link directly");
     });
 
-    it("should generate discord link if user is a product mananger", async function () {
+    // eslint-disable-next-line mocha/no-skipped-tests
+    it.skip("should generate discord link if user is a product mananger", async function () {
       fetchStub.returns(
         Promise.resolve({
           status: 201,
@@ -844,7 +861,8 @@ describe("Discord actions", function () {
       expect(res.body.inviteLink).to.be.equal("discord.gg/xyz");
     });
 
-    it("should generate discord link if user is a designer", async function () {
+    // eslint-disable-next-line mocha/no-skipped-tests
+    it.skip("should generate discord link if user is a designer", async function () {
       fetchStub.returns(
         Promise.resolve({
           status: 201,
@@ -864,7 +882,8 @@ describe("Discord actions", function () {
       expect(res.body.inviteLink).to.be.equal("discord.gg/zlmfasd");
     });
 
-    it("should generate discord link if user is a maven", async function () {
+    // eslint-disable-next-line mocha/no-skipped-tests
+    it.skip("should generate discord link if user is a maven", async function () {
       fetchStub.returns(
         Promise.resolve({
           status: 201,
@@ -884,18 +903,73 @@ describe("Discord actions", function () {
       expect(res.body.inviteLink).to.be.equal("discord.gg/asdfdsfsd");
     });
 
-    it("should generate discord link if user is a superUser", async function () {
+    it("should return 403 if current date is after 25 August 2024", async function () {
+      clock.tick(2 * 24 * 60 * 60 * 1000); // Move time forward to after 25 August 2024
+      sinon.stub(ApplicationModel, "getUserApplications").resolves([{ status: "accepted" }]);
+
+      const res = await chai
+        .request(app)
+        .post("/discord-actions/invite")
+        .set("cookie", `${cookieName}=${userAuthToken}`);
+
+      expect(res).to.have.status(403);
+      expect(res.body.message).to.be.equal("Discord invite link generation is not allowed after the cutoff time.");
+    });
+
+    it("should return 403 if user has no applications", async function () {
+      sinon.stub(ApplicationModel, "getUserApplications").resolves([]);
+
+      const res = await chai
+        .request(app)
+        .post(`/discord-actions/invite`)
+        .set("cookie", `${cookieName}=${userAuthToken}`);
+
+      expect(res).to.have.status(403);
+      expect(res.body.message).to.be.equal("No applications found.");
+    });
+
+    it("should return 403 if user has pending applications", async function () {
+      sinon.stub(ApplicationModel, "getUserApplications").resolves([{ status: "pending" }]);
+
+      const res = await chai
+        .request(app)
+        .post(`/discord-actions/invite`)
+        .set("cookie", `${cookieName}=${userAuthToken}`);
+
+      expect(res).to.have.status(403);
+      expect(res.body.message).to.be.equal(
+        "Only users with an approved application can generate a Discord invite link."
+      );
+    });
+
+    it("should return 403 if user has rejected applications", async function () {
+      sinon.stub(ApplicationModel, "getUserApplications").resolves([{ status: "rejected" }]);
+
+      const res = await chai
+        .request(app)
+        .post(`/discord-actions/invite`)
+        .set("cookie", `${cookieName}=${userAuthToken}`);
+
+      expect(res).to.have.status(403);
+      expect(res.body.message).to.be.equal(
+        "Only users with an approved application can generate a Discord invite link."
+      );
+    });
+
+    // eslint-disable-next-line mocha/no-skipped-tests
+    it.skip("should generate discord link if user has an approved application", async function () {
+      sinon.stub(ApplicationModel, "getUserApplications").resolves([{ status: "accepted" }]);
       fetchStub.returns(
         Promise.resolve({
           status: 201,
-          json: () => Promise.resolve({ data: { code: "asdfdsfsd" } }),
+          json: () => Promise.resolve({ data: { code: "xyz" } }),
         })
       );
 
       const res = await chai
         .request(app)
-        .post(`/discord-actions/invite`)
-        .set("cookie", `${cookieName}=${superUserAuthToken}`);
+        .post("/discord-actions/invite")
+        .set("cookie", `${cookieName}=${userAuthToken}`);
       expect(res).to.have.status(201);
       expect(res.body.message).to.be.equal("invite generated successfully");
       expect(res.body.inviteLink).to.be.equal("discord.gg/asdfdsfsd");

From 3b072eb794221446b9585bab5b373e65ec32e939 Mon Sep 17 00:00:00 2001
From: vinit717 <vinit224488@gmail.com>
Date: Tue, 20 Aug 2024 19:29:46 +0530
Subject: [PATCH 2/2] fix: sorting with created field to use userId

---
 models/applications.ts | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/models/applications.ts b/models/applications.ts
index 01b592c4a..40280f93b 100644
--- a/models/applications.ts
+++ b/models/applications.ts
@@ -60,8 +60,10 @@ const getAllApplications = async (limit: number, lastDocId?: string) => {
     if (lastDocId) {
       lastDoc = await ApplicationsModel.doc(lastDocId).get();
     }
-
-    let dbQuery = ApplicationsModel.orderBy("createdAt", "desc");
+  // Hot-fix: Sorting by userId due to missing created field in some entries. 
+  // Revert to createdAt once the field is updated.
+  // https://github.com/Real-Dev-Squad/website-backend/issues/2084
+    let dbQuery = ApplicationsModel.orderBy("userId", "desc");
 
     if (lastDoc) {
       dbQuery = dbQuery.startAfter(lastDoc);
@@ -114,7 +116,10 @@ const getApplicationsBasedOnStatus = async (status: string, limit: number, lastD
       lastDoc = await ApplicationsModel.doc(lastDocId).get();
     }
 
-    dbQuery = dbQuery.orderBy("createdAt", "desc");
+  // Hot-fix: Sorting by userId due to missing created field in some entries. 
+  // Revert to createdAt once the field is updated.
+  // https://github.com/Real-Dev-Squad/website-backend/issues/2084
+  dbQuery = dbQuery.orderBy("userId", "desc");
 
     if (lastDoc) {
       dbQuery = dbQuery.startAfter(lastDoc);