Update more API endpoints to use new user model

2025-06-24 01:39:24 +02:00 · 2024-08-11 15:15:34 -05:00 · 2024-08-11 15:15:34 -05:00 · afc16358ca
commit afc16358ca
parent 9facf77ff1
23 changed files with 856 additions and 404 deletions
--- a/server/controllers/SessionController.js
+++ b/server/controllers/SessionController.js
@ -1,26 +1,32 @@
+const { Request, Response, NextFunction } = require('express')
 const Logger = require('../Logger')
 const Database = require('../Database')
 const { toNumber, isUUID } = require('../utils/index')

 const ShareManager = require('../managers/ShareManager')

+/**
+ * @typedef RequestUserObjects
+ * @property {import('../models/User')} userNew
+ * @property {import('../objects/user/User')} user
+ *
+ * @typedef {Request & RequestUserObjects} RequestWithUser
+ */
+
 class SessionController {
  constructor() {}

-  async findOne(req, res) {
-    return res.json(req.playbackSession)
-  }
-
  /**
   * GET: /api/sessions
+   *
   * @this import('../routers/ApiRouter')
   *
-   * @param {import('express').Request} req
-   * @param {import('express').Response} res
+   * @param {RequestWithUser} req
+   * @param {Response} res
   */
  async getAllWithUserData(req, res) {
-    if (!req.user.isAdminOrUp) {
-      Logger.error(`[SessionController] getAllWithUserData: Non-admin user requested all session data ${req.user.id}/"${req.user.username}"`)
+    if (!req.userNew.isAdminOrUp) {
+      Logger.error(`[SessionController] getAllWithUserData: Non-admin user "${req.userNew.username}" requested all session data`)
      return res.sendStatus(404)
    }
    // Validate "user" query
@ -105,9 +111,17 @@ class SessionController {
    res.json(payload)
  }

+  /**
+   * GET: /api/sessions/open
+   *
+   * @this {import('../routers/ApiRouter')}
+   *
+   * @param {RequestWithUser} req
+   * @param {Response} res
+   */
  async getOpenSessions(req, res) {
-    if (!req.user.isAdminOrUp) {
-      Logger.error(`[SessionController] getOpenSessions: Non-admin user requested open session data ${req.user.id}/"${req.user.username}"`)
+    if (!req.userNew.isAdminOrUp) {
+      Logger.error(`[SessionController] getOpenSessions: Non-admin user "${req.userNew.username}" requested open session data`)
      return res.sendStatus(404)
    }

@ -127,25 +141,54 @@ class SessionController {
    })
  }

+  /**
+   * GET: /api/session/:id
+   *
+   * @this {import('../routers/ApiRouter')}
+   *
+   * @param {RequestWithUser} req
+   * @param {Response} res
+   */
  async getOpenSession(req, res) {
    const libraryItem = await Database.libraryItemModel.getOldById(req.playbackSession.libraryItemId)
    const sessionForClient = req.playbackSession.toJSONForClient(libraryItem)
    res.json(sessionForClient)
  }

-  // POST: api/session/:id/sync
+  /**
+   * POST: /api/session/:id/sync
+   *
+   * @this {import('../routers/ApiRouter')}
+   *
+   * @param {RequestWithUser} req
+   * @param {Response} res
+   */
  sync(req, res) {
-    this.playbackSessionManager.syncSessionRequest(req.user, req.playbackSession, req.body, res)
+    this.playbackSessionManager.syncSessionRequest(req.userNew, req.playbackSession, req.body, res)
  }

-  // POST: api/session/:id/close
+  /**
+   * POST: /api/session/:id/close
+   *
+   * @this {import('../routers/ApiRouter')}
+   *
+   * @param {RequestWithUser} req
+   * @param {Response} res
+   */
  close(req, res) {
    let syncData = req.body
    if (syncData && !Object.keys(syncData).length) syncData = null
-    this.playbackSessionManager.closeSessionRequest(req.user, req.playbackSession, syncData, res)
+    this.playbackSessionManager.closeSessionRequest(req.userNew, req.playbackSession, syncData, res)
  }

-  // DELETE: api/session/:id
+  /**
+   * DELETE: /api/session/:id
+   *
+   * @this {import('../routers/ApiRouter')}
+   *
+   * @param {RequestWithUser} req
+   * @param {Response} res
+   */
  async delete(req, res) {
    // if session is open then remove it
    const openSession = this.playbackSessionManager.getSession(req.playbackSession.id)
@ -164,12 +207,12 @@ class SessionController {
   * @typedef batchDeleteReqBody
   * @property {string[]} sessions
   *
-   * @param {import('express').Request<{}, {}, batchDeleteReqBody, {}>} req
-   * @param {import('express').Response} res
+   * @param {Request<{}, {}, batchDeleteReqBody, {}> & RequestUserObjects} req
+   * @param {Response} res
   */
  async batchDelete(req, res) {
-    if (!req.user.isAdminOrUp) {
-      Logger.error(`[SessionController] Non-admin user attempted to batch delete sessions "${req.user.username}"`)
+    if (!req.userNew.isAdminOrUp) {
+      Logger.error(`[SessionController] Non-admin user "${req.userNew.username}" attempted to batch delete sessions`)
      return res.sendStatus(403)
    }
    // Validate session ids
@ -192,7 +235,7 @@ class SessionController {
          id: req.body.sessions
        }
      })
-      Logger.info(`[SessionController] ${sessionsRemoved} playback sessions removed by "${req.user.username}"`)
+      Logger.info(`[SessionController] ${sessionsRemoved} playback sessions removed by "${req.userNew.username}"`)
      res.sendStatus(200)
    } catch (error) {
      Logger.error(`[SessionController] Failed to remove playback sessions`, error)
@ -200,22 +243,42 @@ class SessionController {
    }
  }

-  // POST: api/session/local
+  /**
+   * POST: /api/session/local
+   *
+   * @this {import('../routers/ApiRouter')}
+   *
+   * @param {RequestWithUser} req
+   * @param {Response} res
+   */
  syncLocal(req, res) {
    this.playbackSessionManager.syncLocalSessionRequest(req, res)
  }

-  // POST: api/session/local-all
+  /**
+   * POST: /api/session/local-all
+   *
+   * @this {import('../routers/ApiRouter')}
+   *
+   * @param {RequestWithUser} req
+   * @param {Response} res
+   */
  syncLocalSessions(req, res) {
    this.playbackSessionManager.syncLocalSessionsRequest(req, res)
  }

+  /**
+   *
+   * @param {RequestWithUser} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
  openSessionMiddleware(req, res, next) {
    var playbackSession = this.playbackSessionManager.getSession(req.params.id)
    if (!playbackSession) return res.sendStatus(404)

-    if (playbackSession.userId !== req.user.id) {
-      Logger.error(`[SessionController] User "${req.user.username}" attempting to access session belonging to another user "${req.params.id}"`)
+    if (playbackSession.userId !== req.userNew.id) {
+      Logger.error(`[SessionController] User "${req.userNew.username}" attempting to access session belonging to another user "${req.params.id}"`)
      return res.sendStatus(404)
    }

@ -223,6 +286,12 @@ class SessionController {
    next()
  }

+  /**
+   *
+   * @param {RequestWithUser} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
  async middleware(req, res, next) {
    const playbackSession = await Database.getPlaybackSession(req.params.id)
    if (!playbackSession) {
@ -230,11 +299,11 @@ class SessionController {
      return res.sendStatus(404)
    }

-    if (req.method == 'DELETE' && !req.user.canDelete) {
-      Logger.warn(`[SessionController] User attempted to delete without permission`, req.user)
+    if (req.method == 'DELETE' && !req.userNew.canDelete) {
+      Logger.warn(`[SessionController] User "${req.userNew.username}" attempted to delete without permission`)
      return res.sendStatus(403)
-    } else if ((req.method == 'PATCH' || req.method == 'POST') && !req.user.canUpdate) {
-      Logger.warn('[SessionController] User attempted to update without permission', req.user.username)
+    } else if ((req.method == 'PATCH' || req.method == 'POST') && !req.userNew.canUpdate) {
+      Logger.warn(`[SessionController] User "${req.userNew.username}" attempted to update without permission`)
      return res.sendStatus(403)
    }