From 126d7cefd087f89b0c08979925880c252edb625e Mon Sep 17 00:00:00 2001
From: hugogogo <hulamy@e3r2p8.clusters.42paris.fr>
Date: Fri, 13 Jan 2023 13:47:14 +0100
Subject: [PATCH] protection against viewing or joining private rooms

---
 .../api_back/src/chat/chat.controller.ts      | 28 ++++++++++++---
 .../nestjs/api_back/src/chat/chat.service.ts  | 35 ++++++++++++-------
 .../nestjs/api_back/src/chat/dto/room.dto.ts  |  8 ++++-
 3 files changed, 53 insertions(+), 18 deletions(-)

diff --git a/srcs/requirements/nestjs/api_back/src/chat/chat.controller.ts b/srcs/requirements/nestjs/api_back/src/chat/chat.controller.ts
index 447cf073..7aec84c6 100644
--- a/srcs/requirements/nestjs/api_back/src/chat/chat.controller.ts
+++ b/srcs/requirements/nestjs/api_back/src/chat/chat.controller.ts
@@ -111,9 +111,7 @@ export class ChatController {
 		console.log("- in joinRoom controller");
 
 		let response = "";
-		if (room.type === 'direct')
-			throw new HttpException(`cannot join a direct messages room`, HttpStatus.CONFLICT);
-		else if (room.type === 'user')
+		if (room.type === 'user')
 		{
 			room.type = 'direct';
 			room.users = [room.name, req.user.username];
@@ -122,7 +120,26 @@ export class ChatController {
 			await this.chatService.addUserToNewRoom(req.user.username, room);
 		}
 		else
-			room = await this.chatService.addUserToRoom(req.user.username, room.name);
+		{
+			let fields = ["name", "type", "users", "messages"];
+			const room_db = await this.chatService.getRoomByName(room.name, fields);
+			if (room_db.type === 'direct')
+			{
+				console.log("throw error: cannot join a direct messages room");
+				throw new HttpException(`cannot join a direct messages room`, HttpStatus.CONFLICT);
+			}
+			if (room_db.type === 'private')
+			{
+				console.log("throw error: cannot join a private room");
+				throw new HttpException(`cannot join a private room`, HttpStatus.CONFLICT);
+			}
+			if (room_db.users.includes(req.user.username))
+			{
+				console.log("throw error: your have already joined this room");
+				throw new HttpException(`your have already joined this room`, HttpStatus.CONFLICT);
+			}
+			room = await this.chatService.addUserToRoom(req.user.username, room_db);
+		}
 
 		let socket: socketDto = this.chatGateway.sockets.get(req.user.username);
 		await this.chatService.socketJoinRoom(socket, room.name);
@@ -155,7 +172,8 @@ export class ChatController {
 		console.log("- in inviteUser controller");
 
 		let current_room_name = await this.chatService.getCurrentRoomName(req.user.username);
-		let room = await this.chatService.addUserToRoom(username, current_room_name);
+		const room_db = await this.chatService.getRoomByName(current_room_name);
+		let room = await this.chatService.addUserToRoom(username, room_db);
 
 		res.status(HttpStatus.OK).json({ room: room });
 
diff --git a/srcs/requirements/nestjs/api_back/src/chat/chat.service.ts b/srcs/requirements/nestjs/api_back/src/chat/chat.service.ts
index db27d8b0..8c91098e 100644
--- a/srcs/requirements/nestjs/api_back/src/chat/chat.service.ts
+++ b/srcs/requirements/nestjs/api_back/src/chat/chat.service.ts
@@ -93,8 +93,7 @@ export class ChatService {
 		const user_db = await this.getUserByName(username);
 		const rooms = await this.chatroomRepository
 			.createQueryBuilder('chatroom')
-			.where('chatroom.type != :type', { type: 'private' })
-			.andWhere('chatroom.type != :type', { type: 'direct' })
+			.where('chatroom.type NOT IN (:...type)', { type: ['private', 'direct'] })
 			.andWhere('chatroom.users NOT LIKE :user_name', { user_name: `%${username}%` })
 			.getMany();
 		console.log("--- rooms:", rooms);
@@ -155,15 +154,22 @@ export class ChatService {
 		return user_db.currentRoom;
 	}
 
-	async getRoomByName(room_name: string): Promise<Chatroom>
+	async getRoomByName(room_name: string, fieldsToReturn: string[] = null): Promise<Chatroom>
 	{
 		console.log("-- in getRoomByName service");
 
 		console.log("room_name:", room_name);
-		const room = await this.chatroomRepository
+		const queryBuilder = this.chatroomRepository
 			.createQueryBuilder('chatroom')
-			.where('chatroom.name = :name', { name: room_name })
-			.getOne();
+			.where('chatroom.name = :name', { name: room_name });
+
+		if (fieldsToReturn)
+		{
+			let fields = fieldsToReturn.map(field => `chatroom.${field}`);
+			queryBuilder.select(fields);
+		}
+
+		const room = await queryBuilder.getOne();
 		console.log("room:", room);
 
 		console.log("-- out getRoomByName service");
@@ -209,7 +215,10 @@ export class ChatService {
 
 		const find_room = await this.getRoomByName(room.name);
 		if (find_room)
+		{
+			console.log("throw error: This room name already exist");
 			throw new HttpException(`This room name already exist`, HttpStatus.CONFLICT);
+		}
 
 		// create chatroom
 		let newChatroom = new Chatroom();
@@ -226,21 +235,17 @@ export class ChatService {
 		console.log("-- out addUserToNewRoom service");
 	}
 
-	async addUserToRoom(username: string, room_name: string): Promise<roomDto>
+	async addUserToRoom(username: string, room: roomDto): Promise<roomDto>
 	{
 		console.log("-- in addUserToRoom service");
 
-		const room = await this.getRoomByName(room_name);
-		if (room.users.includes(username))
-			throw new HttpException(`your have already joined this room`, HttpStatus.CONFLICT);
-
 		// update room with new user
 		room.users.push(username);
 		room.messages.push({ name: "SERVER", message: `${username} joined the room`});
 		await this.chatroomRepository.save(room);
 
 		console.log("-- out addUserToRoom service");
-		return this.format_room(room);
+		return room;
 	}
 
 	async addMessageToRoom(room_name: string, username: string, message: string): Promise<void>
@@ -268,9 +273,15 @@ export class ChatService {
 
 		const room = await this.getRoomByName(room_name);
 		if (!room.users.includes(username))
+		{
+			console.log("throw error: your are not in this room");
 			throw new HttpException(`your are not in this room`, HttpStatus.CONFLICT);
+		}
 		if (room.type === "direct")
+		{
+			console.log("throw error: you cannot leave a direct messages conversation");
 			throw new HttpException(`you cannot leave a direct messages conversation`, HttpStatus.CONFLICT);
+		}
 
 		// delete user from room
 		room.users.push(username);
diff --git a/srcs/requirements/nestjs/api_back/src/chat/dto/room.dto.ts b/srcs/requirements/nestjs/api_back/src/chat/dto/room.dto.ts
index ff21768e..39c53b1e 100644
--- a/srcs/requirements/nestjs/api_back/src/chat/dto/room.dto.ts
+++ b/srcs/requirements/nestjs/api_back/src/chat/dto/room.dto.ts
@@ -1,4 +1,5 @@
-import { IsBoolean, IsEmpty, IsInt, IsIn, IsNotEmpty, IsNumber, IsArray, IsString, IsOptional, IsEnum } from "class-validator";
+import { IsBoolean, IsEmpty, IsInt, IsIn, IsNotEmpty, IsNumber, IsArray, IsString, IsInstance, IsOptional, IsEnum } from "class-validator";
+import { messagesDto } from 'src/chat/dto/messages.dto';
 
 export class roomDto
 {
@@ -23,5 +24,10 @@ export class roomDto
 	@IsString({ each: true })
 	@IsOptional()
 	users?: string[]; // usernames
+
+	@IsArray()
+	@IsInstance(messagesDto, { each: true })
+	@IsOptional()
+	messages?: messagesDto[];
 }