diff --git a/notes/oskey.md b/notes/oskey.md index e69de29..fa186d8 100644 --- a/notes/oskey.md +++ b/notes/oskey.md @@ -0,0 +1,323 @@ +--- + +- guest user service created +- call the service from createAccess +- create tests to check if it works +- fix tests for quickcodes + +--- + +- [/] update my branch with develop +- [ ] add dates to guests and permanent-guests +- [ ] user can delete its quickcodes +- [ ] front needs to get invitations and quickcodes + - [ ] update callable to get invitations : fix database call, and add get-quickcode + - [ ] create service to get quickcodes +- [ ] front needs to get pincode informations (id only ?) when click on an access + - [ ] create callable for that ? or better : plug into the callable used to get the access informations (if exists) +- [ ] **add v2 task :** delete pincodes +- [ ] **add v2 task :** should we put pincodes documents in inviter collection ? also adding a field 'inviter' in pincode documents +- [ ] test callable create-quickcodes +- [ ] test pubsub messages +- [ ] update access type in iot node +- [ ] add security rules for pincodes +- [ ] test security rules +- [ ] delete current callable function to get-pincodes ? or keep it ? it has not been well tested + +-- + +- inhabitantUser +- inhabitantGuestUser -> time +- inhabitantPermanentGuestUser -> time +- get pincode of the invitation -> the guest can see the pincode on the invitation +- getQuickcodes +- add jira issue for the enum import +- getAllinvitesBasedOnVisibility + +-- + +- inhabitantGuestUser && inhabitantPermanentGuestUser : + - add dates + - put documents in invited collection + - add jira : put documents in inviter collection +- add jira : delete pincodes +- delete quickcodes + +-- + +- test callable create quickcodes +- test callable get quickcodes by user +- check on figma what other functions are necessary for v1 + - callable get quickcodes by pincodes ? + - callable delete quickcodes ? +- test pubsub messages +- test errors + +--- + +1. create jira epic : "add helpers for repetitive tasks" +2. create 2 topic : + - "security checks in callable functions" + - "logging and throwing errors" +3. rebase branch `security_and_errors` into current develop : + - git checkout `develop` + - git pull `develop` + - git checkout `security_and_errors` + - git rebase --onto develop 4af5282cf6c23be9b86a59a3772337a1a8fe36ae + - git checkout `develop` + - git rebase `security_and_errors` +4. create jira issue in debt for todo in createAccess about return null instead of throwing errors (/workspace/functions/src/modules/core/modules/access/services/access.service.ts) +5. + +**questions:** +- how access documents and pincodes and devices documents are linked ? + - user have access documents, that only contains 'user' and 'building' infos + - they do not say 'access with device' or 'pincode' + +``` +/users/{userId}/accesses/ + - accessId: string + - accesses: + [ + { + - accessId: string + - accessRights: [{validity: 'permanent'}, ] + - authorizedDoors: + [ + { + + }, + { + - accessControlDevices: + [ + { + }, + { + }, + ] + - doorId: string + - doorName: string + - doorStreetAddress: {} + }, + ] + - creationDate: Timestamp + - inviterId: string + - inveterName: string + - type: OSKUserAccessType + - unitId: string + }, + ] + - buildingId: string + - buildingImageFilename: string + - bulidingName: string + - buildingStreetAddress: {} + - creationDate: Timestamp + - userFirstName: string + - userId: string + - userLastName: string + +``` + +--- + +1. why not adding buildingId in the user pincode document ? and start and end time ? + - we add buildingId because it will help find the associated building document, but the other infos are not relevant unless front need it +2. why having a request.userId parameter if we can identify the userId with the auth ? + - not sure, but might be for security +3. check permissions ? how do they work ? are they always related to organizations ? What is an organization anyway ? + - permissions are for organization users, which are either oskey admin user or client admin user, because they can have different roles and permissions. But not for normal users +4. why is there no user document in buildings collection ? + - the user document in building collection is not actually a user document, but something else (i dont remember) +5. how to change iot + - this is another project that i have to clone + +--- + +- [/] generate pincodes with constraints +- [/] create services and controllers to add pincode documents +- [/] create pincode documents when users are added +- [/] add pincode to access +- [/] add doors to pincodes documents + - [/] test if pincodes documents are created and contains all fields +- [ ] add pincode access to iot +- [/] create services and controllers to get pincode + - [ ] test get pincode service +- [ ] create pincode for guest users + - [ ] test pincode creation for guest users +- [-] write pincode security rules + - [ ] test pincode creation -> test pincode rules +- [-] add callable functions to create anonymous pincodes + - [ ] test pincode callable functions to create anonymous pincodes +- [ ] add callable functions to get user pincodes + - [ ] test pincode callable functions to get user pincodes + - [ ] test pincode accesses +- [ ] add callable function to delete pincodes + - [ ] test pincode deletion + +--- +15/10/24 + +- console.log vs logger function ? +- + +--- +10/10/24 + +pincodes child issues : +old : +- create pincode controller structure +- generate pincode with constraints +- generate docs when pincode created +- get pincodes by user, building, and both +- pincode firestore rules +- update OSKAccessMethod +- add pincode to access +- update pincode accessMethod in iot endpoint +- tests + +new: +- [s] generate pincodes with constraints +- [s] create services and controller to add pincodes documents +- [s] create pincodes documents when users are added +- [s] add doors to pincodes documents +- [t] tests if pincodes documents are created and contains all fields +- [s] create services and controller to get pincodes +- [s] add pincode to access + - update OSKAccessMethod + - update pincode accessMethod in iot endpoint +- [t] write pincodes security rules +- [t] test pincodes creation + + +--- +09/10/24 + +- what is the difference between `._set()` and `._create()` : + - why `._set()` needs a creationDate timestamp and not `._create()` ? + - what happens if we use `._create()` and then `._set()` to override ? will the creationDate be there ? + - when to use which one ? + +--- +07/10/24 + +- in `/workspace/functions/src/modules/core/modules/access/controllers/access_pincode.controller.ts` + is it ok to have `export class OSKPincodeController extends OSKDocumentController {` + with a controller in core build on a controller in building ? + - **yes** +- the function to check if code is uniq cannot prevent collisions, in its actual form + - **ticket oppened, to do it with redis (FIR1-469)** +- should i use "this" instead of refering the class itself ? +- i didnt get the .default very well so far +- i didnt get exactly the distinction btwn controller and service for a document + - **controller will directly call the database** +- i didnt get also the organization in modules, do they correspond to a collection in the database ? + +--- +20/09/24 + +#### documents non detruits quand les users sont detruits : +- accesses +- organizations +- organizationInvitations +- sentInvitations +- invitations + +#### documents detruits avec les users : +- devices + +--- +19/09/24 + +questions pour greg: +- dans quel cas utiliser le "retries(500)" ? +- les rules ne semblent pas proteger quand on est admin, c'est normal ? +- je ne pense pas avoir besoin de rajouter des indexes, puisque je n'utilise que le champ "accountDeletionDate" +- scheduled functions not supported in emulator : https://github.com/firebase/firebase-tools/issues/2034 + +--- +17/09/24 + +- scheduler +- tester rules +- indexe + +--- +12/09/24 + +utiliser "confluence" de attlassian, une sorte de wiki +utiliser le drive et les docs de google +utiliser les app slacks pour recevoir les notifications + +questions pour greg: +- conventions de nommage et organisations des tests +- tests update document beosins d'etre plus complets ? +- pourquoi 2 types de timestamp differents, ex in : + - `functions/src/modules/user/models/documents/user_document.model.ts` + - `test/src/specs/user/user_deletion.specs.ts` +- où se trouvent les dossiers sur le drive / docs ? + +--- +10/09/24 +reu dev + +framework auth fournit par google : +- reauth , valider nouvel email , + +pour pouvoir customizer les emails il faudrait le faire soi-meme en backend, pas prioritaire pour l'instant + +--- +09/09/24 +1rst day + +- installer slack +- installer vscode (ou vscodium en open source) +- regarder les firmware iot : le sdk est uniquement disponible sur les versions LTS + +- dev container : les repository vscode contiennent tous un dev container pour les dependances (genre image-magik) +- apigee : api gateway (!= proxy) -> security +- service account : gestion de token interne a google, entre les containers +- gestion git : gitkraken ou source tree +- utiliser chrome plutot que chromium ou firefox + +- install nerd font + + +1. creer un projet firebase en suivant tuto firestore et cloud functions +2. voir tuto sur codelab "local development with firebase" + +- test-firebase-6fe21 +- session id : 7D583 + + +--- + +# devcontainer ownership + +- inside the dev container, the user is vscode (1001), so outside the container the local user (asususus) cannot modify files, nor push or pull or anything +- the solution is to give the user rights on the files, without changing them, by using ACL : + - **sudo setfacl -R -m u:asususus:rwx ./firebase-oskey-dev** : give recursive read+write+execute access to user asususus + - **sudo setfacl -R -d -m u:asususus:rwx ./firebase-oskey-dev** : set default acl access for all futur changes in the folder + - to remove : **sudo setfacl -Rb ./firebase-oskey-dev** + +### ! previous method didn't worked very well +- so instead, outside the container, i added my user `asususus` to the group 1001 `piavpn` : + - **sudo usermod -aG piavpn asususus** + +# github ssh + +- to connect to ssh from local machine, need to tell ssh to not use the ssh key it uses for personnal account github.com +- to do that, create a config file and tells it to use another key when remote is 'github.com.oskey' + - in ~/.ssh/config file: + ``` + # gitHub personal account + Host github.com + HostName github.com + User git + IdentityFile ~/.ssh/id_ed25519_github + IdentitiesOnly yes + + # For GitHub work account + Match host github.com exec "basename $(pwd)" == "firebase-oskey-dev" + IdentityFile ~/.ssh/id_ed25519_hugo_oskeys + ``` +