Merge branch 'fix-issue-1928' of https://github.com/Aaradhy-Sharma/ta…

…lawa-api into fix-issue-1928
PalisadoesFoundation · Jul 27, 2024 · f3b4372 · f3b4372
2 parents e382af5 + f00dbca
commit f3b4372
Show file tree

Hide file tree

Showing 267 changed files with 4,371 additions and 1,272 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -47,7 +47,7 @@
     "@faker-js/faker": "^8.2.0",
     "@graphql-inspector/cli": "^5.0.6",
     "@graphql-tools/resolvers-composition": "^7.0.1",
-    "@graphql-tools/schema": "^10.0.0",
+    "@graphql-tools/schema": "^10.0.4",
     "@graphql-tools/utils": "^10.3.2",
     "@parcel/watcher": "^2.4.1",
     "@types/graphql-upload": "^16.0.5",
@@ -93,14 +93,14 @@
     "uuid": "^10.0.0",
     "validator": "^13.12.0",
     "winston": "^3.13.0",
-    "ws": "^8.17.0",
+    "ws": "^8.18.0",
     "yargs": "^17.7.2",
     "zod": "^3.23.8",
     "zod-error": "^1.5.0"
   },
   "devDependencies": {
     "@graphql-codegen/cli": "^5.0.2",
-    "@graphql-codegen/typescript": "^4.0.7",
+    "@graphql-codegen/typescript": "^4.0.9",
     "@graphql-codegen/typescript-resolvers": "^4.2.0",
     "@graphql-eslint/eslint-plugin": "^3.20.1",
     "@parcel/watcher": "^2.4.1",
@@ -120,7 +120,7 @@
     "@types/node": "^20.14.9",
     "@types/nodemailer": "^6.4.15",
     "@types/uuid": "^9.0.7",
-    "@types/validator": "^13.11.10",
+    "@types/validator": "^13.12.0",
     "@typescript-eslint/eslint-plugin": "^7.14.1",
     "@typescript-eslint/parser": "^7.16.0",
     "@vitest/coverage-v8": "^1.6.0",
@@ -132,7 +132,7 @@
     "eslint-plugin-tsdoc": "^0.3.0",
     "get-graphql-schema": "^2.1.2",
     "graphql-markdown": "^7.0.0",
-    "husky": "^9.0.11",
+    "husky": "^9.1.1",
     "lint-staged": "^15.2.7",
     "prettier": "^3.2.5",
     "rimraf": "^6.0.1",

diff --git a/schema.graphql b/schema.graphql
@@ -539,7 +539,7 @@ type DirectChat {
   createdAt: DateTime!
   creator: User
   messages: [DirectChatMessage]
-  organization: Organization!
+  organization: Organization
   updatedAt: DateTime!
   users: [User!]!
 }
@@ -915,6 +915,7 @@ type GroupChat {
   creator: User
   messages: [GroupChatMessage]
   organization: Organization!
+  title: String!
   updatedAt: DateTime!
   users: [User!]!
 }
@@ -1467,6 +1468,7 @@ type Query {
   checkAuth: User!
   customDataByOrganization(organizationId: ID!): [UserCustomData!]!
   customFieldsByOrganization(id: ID!): [OrganizationCustomField]
+  directChatById(id: ID!): DirectChat
   directChatsByUserID(id: ID!): [DirectChat]
   directChatsMessagesByChatID(id: ID!): [DirectChatMessage]
   event(id: ID!): Event
@@ -1492,6 +1494,8 @@ type Query {
   getPlugins: [Plugin]
   getVenueByOrgId(first: Int, orderBy: VenueOrderByInput, orgId: ID!, skip: Int, where: VenueWhereInput): [Venue]
   getlanguage(lang_code: String!): [Translation]
+  groupChatById(id: ID!): GroupChat
+  groupChatsByUserId(id: ID!): [GroupChat]
   hasSubmittedFeedback(eventId: ID!, userId: ID!): Boolean
   isSampleOrganization(id: ID!): Boolean!
   joinedOrganizations(id: ID): [Organization]
@@ -1593,8 +1597,8 @@ enum Status {
 
 type Subscription {
   directMessageChat: MessageChat
-  messageSentToDirectChat: DirectChatMessage
-  messageSentToGroupChat: GroupChatMessage
+  messageSentToDirectChat(userId: ID!): DirectChatMessage
+  messageSentToGroupChat(userId: ID!): GroupChatMessage
   onPluginUpdate: Plugin
 }
 
@@ -2009,7 +2013,7 @@ enum WeekDays {
 }
 
 input createChatInput {
-  organizationId: ID!
+  organizationId: ID
   userIds: [ID!]!
 }
 

diff --git a/src/app.ts b/src/app.ts
@@ -10,35 +10,41 @@ import path from "path";
 import { appConfig } from "./config";
 import { requestContext, requestTracing, stream } from "./libraries";
 import graphqlUploadExpress from "graphql-upload/graphqlUploadExpress.mjs";
+
 const app = express();
 
+// Middleware for tracing requests
 app.use(requestTracing.middleware());
+
+// Initialize i18n for internationalization
 app.use(i18n.init);
 
+// Rate limiting middleware to prevent abuse
 const apiLimiter = rateLimit({
-  windowMs: 60 * 60 * 1000,
-  max: 50000,
+  windowMs: 60 * 60 * 1000, // 1 hour window
+  max: 50000, // limit each IP to 50000 requests per windowMs
   message: "Too many requests from this IP, please try again after 15 minutes",
 });
+app.use(apiLimiter);
 
 // eslint-disable-next-line @typescript-eslint/no-unused-vars
 const corsOptions: cors.CorsOptions = {
   origin: (origin, next) => {
     if (process.env.NODE_ENV === "development") {
-      next(null, true);
+      next(null, true); // Allow all origins in development
       return;
     } else if (process.env.NODE_ENV === "production") {
       const talawaAdmin = process.env.TALAWA_ADMIN_URL;
       if (origin === talawaAdmin) {
-        next(null, true);
+        next(null, true); // Allow only specific origin in production
         return;
       }
     }
-
-    next(new Error("Unauthorized"));
+    next(new Error("Unauthorized")); // Reject other origins
   },
 };
 
+// Configure i18n settings
 i18n.configure({
   directory: `${__dirname}/../locales`,
   staticCatalog: {
@@ -55,45 +61,58 @@ i18n.configure({
   updateFiles: process.env.NODE_ENV !== "production",
   syncFiles: process.env.NODE_ENV !== "production",
 });
-
 app.use(i18n.init);
-app.use(apiLimiter);
+
+// Helmet middleware for security headers
 app.use(
   helmet({
     contentSecurityPolicy:
-      process.env.NODE_ENV === "production" ? undefined : false,
+      process.env.NODE_ENV === "production" ? undefined : false, // Disable CSP in development
   }),
 );
+
+// Sanitize data to prevent MongoDB operator injection
 app.use(mongoSanitize());
 app.use(cors());
 
+// Serve static files with Cross-Origin-Resource-Policy header set
 app.use("/images", (req, res, next) => {
   res.setHeader("Cross-Origin-Resource-Policy", "cross-origin");
   next();
 });
 
+// Parse JSON requests with a size limit of 50mb
 app.use(express.json({ limit: "50mb" }));
+
+// Handle file uploads using graphql-upload
 app.use(graphqlUploadExpress());
+
+// Parse URL-encoded requests with a size limit of 50mb
 app.use(express.urlencoded({ limit: "50mb", extended: true }));
 
-// Fix added to stream
+// Request logging middleware using Morgan
 app.use(
   requestLogger(
     ':remote-addr - :remote-user [:date[clf]] ":method :url HTTP/:http-version" :status :res[content-length] :response-time ms',
     {
-      stream: stream,
+      stream: stream, // Stream logs to a defined stream (e.g., file, console)
     },
   ),
 );
 
+// Serve static files for images and videos
 app.use("/images", express.static(path.join(__dirname, "./../images")));
 app.use("/videos", express.static(path.join(__dirname, "./../videos")));
 
+// Middleware for managing request context (e.g., user session)
 app.use(requestContext.middleware());
 
-if (process.env.NODE_ENV !== "production")
+// Enable GraphQL Voyager visualization in development
+if (process.env.NODE_ENV !== "production") {
   app.use("/voyager", voyagerMiddleware({ endpointUrl: "/graphql" }));
+}
 
+// Endpoint to check the health status of the application
 app.get("/", (req, res) =>
   res.json({
     "talawa-version": "v1",