Merge branch 'master' of github.com:codecon-dev/codecodes-api

Author: gabrnunes

.gitignore

@@ -2,4 +2,5 @@ node_modules
 .env
 dist
 swagger.json
-uploads
+uploads
+.DS_Store

package.json

@@ -18,6 +18,7 @@
     "csv-parser": "^3.0.0",
     "dotenv": "^10.0.0",
     "express": "^4.17.1",
+    "express-rate-limit": "^7.4.0",
     "luxon": "^3.3.0",
     "mongoose": "^5.13.7",
     "morgan": "^1.10.0",

scripts/tokens.js

@@ -0,0 +1,88 @@
+require('dotenv').config()
+const mongoose = require('mongoose')
+const fs = require('fs').promises
+const path = require('path')
+const { Schema, model } = mongoose
+
+// Define schemas
+const UserSchema = new Schema({
+  userId: String,
+  tag: String,
+  username: String,
+  score: Number,
+  tokens: Array,
+  softDeleted: Boolean
+})
+
+const TokenSchema = new Schema({
+  code: String,
+  description: String,
+  value: Number,
+  decreaseValue: Number,
+  minimumValue: Number,
+  totalClaims: Number,
+  remainingClaims: Number,
+  claimedBy: Array,
+  createdBy: String,
+  createdAt: String,
+  expireAt: String
+})
+
+// Define models
+const UserModel = model('User', UserSchema)
+const TokenModel = model('Token', TokenSchema)
+
+// List of target users
+const targetUsers = []
+
+// Flag to determine whether to delete the tokens
+const shouldDeleteTokens = false // Set this to true if you want to delete the tokens
+
+async function connectToDatabase() {
+  const mongoAddress = `${process.env.MONGODB_URI}?retryWrites=true&w=majority`
+  await mongoose.connect(mongoAddress, {
+    useNewUrlParser: true,
+    useUnifiedTopology: true,
+    useFindAndModify: false
+  })
+}
+
+async function getExclusiveTokens() {
+  try {
+    await connectToDatabase()
+
+    const targetDate = new Date('2024-09-06T16:00:00.000Z')
+
+    // Get all tokens
+    const allTokens = await TokenModel.find({}).lean()
+
+    // Filter tokens that were only claimed by target users and created after the target date
+    const exclusiveTokens = allTokens.filter((token) => {
+      if (token.claimedBy.length === 0) return false
+      if (new Date(token.createdAt) <= targetDate) return false
+      return token.claimedBy.every((claim) => targetUsers.includes(claim.id))
+    })
+
+    // Extract only the token codes
+    const exclusiveTokenCodes = exclusiveTokens.map((token) => token.code)
+
+    // Save the JSON stringified array of token codes to a file
+    const filePath = path.join(__dirname, 'exclusive_tokens.json')
+    await fs.writeFile(filePath, JSON.stringify(exclusiveTokenCodes, null, 2))
+
+    console.log(`Exclusive tokens saved to ${filePath}`)
+
+    // Delete tokens if the flag is set to true
+    if (shouldDeleteTokens) {
+      console.log('Deleting tokens...')
+      await TokenModel.deleteMany({ code: { $in: exclusiveTokenCodes } })
+      console.log(`${exclusiveTokenCodes.length} tokens have been deleted.`)
+    }
+  } catch (error) {
+    console.error('Error:', error)
+  } finally {
+    await mongoose.connection.close()
+  }
+}
+
+getExclusiveTokens()

src/config.ts

@@ -1,6 +1,6 @@
 export default {
   claim: {
-    enabled: true,
+    enabled: false,
     disabledMessage: 'Resgates estão desabilitados. Obrigado por participar!'
   }
 }

src/controllers/token.ts

@@ -1,35 +1,36 @@
 import { Request as ExpressRequest } from 'express'
 import {
+  Body,
   Controller,
-  Post,
   Get,
-  Route,
-  Body,
-  Security,
-  Response,
-  Request,
+  Path,
+  Post,
   Put,
-  Path
+  Request,
+  Response,
+  Route,
+  Security
 } from 'tsoa'
+import claimService from '../services/claim'
 import {
+  batchCreate,
+  createDatabaseToken,
+  getDatabaseTokenByCode,
+  getDatabaseTokens,
+  getNonClaimedTokensByUser,
+  importTokens,
+  revertUserTokenClaims,
+  updateDatabaseToken
+} from '../services/token'
+import {
+  ClaimRequestResult,
   ErrorResponseModel,
   ITokenClaimPayload,
   ITokenPayload,
-  RequestResult,
-  ClaimRequestResult,
   NonClaimedTokensRequestResult,
+  RequestResult,
   Token
 } from '../types'
-import {
-  getNonClaimedTokensByUser,
-  getDatabaseTokenByCode,
-  getDatabaseTokens,
-  createDatabaseToken,
-  updateDatabaseToken,
-  importTokens,
-  batchCreate
-} from '../services/token'
-import claimService from '../services/claim'
 
 export interface MulterRequest extends ExpressRequest {
   file: Express.Multer.File
@@ -174,4 +175,21 @@ export class TokenController extends Controller {
       console.log(error)
     }
   }
+
+  @Security('api_key')
+  @Post('/revert-user-claims')
+  public async revertUserClaims(@Body() body: { userId: string }): Promise<RequestResult> {
+    try {
+      const { userId } = body
+      const result = await revertUserTokenClaims(userId)
+      return result
+    } catch (error) {
+      console.log(error)
+      return {
+        status: 'error',
+        message: 'An error occurred while reverting user claims',
+        statusCode: 500
+      }
+    }
+  }
 }

src/controllers/user.ts

@@ -1,12 +1,13 @@
+import { Body, Controller, Get, Post, Response, Route, Security } from 'tsoa'
+import { getRankService } from '../services/rank'
+import { checkForSuspiciousActivity, getDatabaseUserById, getDatabaseUsers, softDeleteUserById } from '../services/user'
 import {
   ErrorResponseModel,
   RankRequestResult,
   RequestResult,
+  SoftDeleteResult,
   User
 } from '../types'
-import { Controller, Get, Route, Security, Response } from 'tsoa'
-import { getRankService } from '../services/rank'
-import { getDatabaseUsers, getDatabaseUserById } from '../services/user'
 
 @Route('/user')
 @Security('api_key')
@@ -43,4 +44,38 @@ export class UserController extends Controller {
       console.log(error)
     }
   }
+
+  @Response<ErrorResponseModel>('500', 'Internal Server Error', {
+    statusCode: 500,
+    message: 'An error occurred while processing the request'
+  })
+  @Security('api_key')
+  @Get('/susp/check')
+  public async getSuspiciousActivity(): Promise<any[]> {
+    try {
+      const suspiciousUsers = await checkForSuspiciousActivity()
+      return suspiciousUsers
+    } catch (error) {
+      console.log(error)
+      this.setStatus(500)
+      return []
+    }
+  }
+
+  @Response<ErrorResponseModel>('404', 'Not Found', {
+    statusCode: 404,
+    message: 'Usuário não encontrado'
+  })
+  @Security('api_key')
+  @Post('/susp/softdelete')
+  public async softDeleteUser(@Body() body: { userId: string }): Promise<SoftDeleteResult> {
+    try {
+      const { userId } = body
+      const result = await softDeleteUserById(userId)
+      return result
+    } catch (error) {
+      console.log(error)
+      return { success: false, message: 'An error occurred while soft deleting the user' }
+    }
+  }
 }

src/models/user.ts

@@ -20,6 +20,10 @@ const UserSchema = new Schema<User>({
   tokens: {
     type: Array,
     required: true
+  },
+  softDeleted: {
+    type: Boolean,
+    default: false
   }
 })
 

src/routes/token.ts

@@ -1,14 +1,77 @@
-import { NextFunction, Request, Response, Router } from 'express'
+import { Router } from 'express'
+import rateLimit from 'express-rate-limit'
 import multer from 'multer'
+import { parseResponseResult } from '../common/parseResponseResult'
 import { MulterRequest, TokenController } from '../controllers/token'
 import middlewares from '../middlewares'
+import { ITokenClaimPayload } from '../types'
 
 const router = Router()
 const upload = multer({ dest: 'uploads/' })
 
+// Custom store for rate limiting based on email
+class EmailStore {
+  private store: any
+
+  constructor() {
+    this.store = new Map()
+  }
+
+  incr(key: string, cb: any): void {
+    const now = Date.now()
+    const record = this.store.get(key) || { count: 0, resetTime: now + 60000 }
+
+    if (now > record.resetTime) {
+      record.count = 1
+      record.resetTime = now + 60000
+    } else {
+      record.count++
+    }
+
+    this.store.set(key, record)
+    cb(null, record.count)
+  }
+
+  decrement(key: string): void {
+    const record = this.store.get(key)
+    if (record) {
+      record.count = Math.max(0, record.count - 1)
+    }
+  }
+
+  resetKey(key: string): void {
+    this.store.delete(key)
+  }
+
+  resetAll(): void {
+    this.store.clear()
+  }
+}
+
+const emailStore = new EmailStore()
+
+const claimLimiter = rateLimit({
+  windowMs: 1 * 60 * 1000, // 1 minute
+  max: 10, // Limit each email to 20 requests per windowMs
+  handler: (req: any, res: any) => {
+    const email = req.body.email || 'Unknown'
+    console.log(`[RATE-LIMIT] User ${email} hit the rate limit`)
+    const result = parseResponseResult('error', 'Too many attempts, please try again later.', 429)
+    res.status(result.statusCode).json(result)
+  },
+  standardHeaders: true,
+  legacyHeaders: false,
+  keyGenerator: (req: any) => {
+    const body = req.body as ITokenClaimPayload
+    return body.email || req.ip // Fallback to IP if email is not provided
+  },
+  store: emailStore as any
+})
+
 router.post(
   '/claim',
   middlewares.authentication,
+  claimLimiter,
   async (request, response, next) => {
     try {
       const controller = new TokenController()
@@ -120,16 +183,30 @@ router.post(
   }
 )
 
+// router.post(
+//   '/partner',
+//   [middlewares.setHasPartnerAuth, middlewares.authentication],
+//   async (_request: Request, response: Response, next: NextFunction) => {
+//     try {
+//       const controller = new TokenController()
+//       const requestResult = await controller.createByPartner()
+//       return response
+//         .status(requestResult.statusCode || 200)
+//         .send(requestResult)
+//     } catch (error) {
+//       next(error)
+//     }
+//   }
+// )
+
 router.post(
-  '/partner',
-  [middlewares.setHasPartnerAuth, middlewares.authentication],
-  async (_request: Request, response: Response, next: NextFunction) => {
+  '/revert-user-claims',
+  middlewares.authentication,
+  async (request, response, next) => {
     try {
       const controller = new TokenController()
-      const requestResult = await controller.createByPartner()
-      return response
-        .status(requestResult.statusCode || 200)
-        .send(requestResult)
+      const result = await controller.revertUserClaims(request.body)
+      return response.status(result.statusCode || 200).send(result)
     } catch (error) {
       next(error)
     }