perso/huhuhu_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
master
huhuhu_config/notes/oskey.md
Hugo LAMY c57c9f44ad some changes and fixes
2025-02-24 09:22:12 +01:00

455 lines
15 KiB
Markdown
Raw Permalink Blame History

---
19/11/24
# reu ux/ui
- travail moins sur l'app, plus sur la presentation sur les stores
- on oublis la meteo sur l'interphone, mais a la place on va implementer un panneau d'informations pour l'immeuble (ex: fete de l'immeuble semaine prochaine, nouveau local velo...)
- pour l'instant ben va l'implementer en static
- differents cas de figures d'invitations
- deja inscrit sur l'app
- deja inscrit mais avec un autre mail
- pas de compte ni app
# PBM :
- anonymous pincode is associated to inhabitant access
---
- update all users pincodes
- iot ajouter api qui regroupe tous les pincodes par intercom (ACD)
## access and pincode creation :
- new access creation :
- create access document in building -> only contains userID -> each time we add a new access for the user, it erase the last one in database
- create pincodes documents in building and user
- create access document in user -> access name is buildingId, and it contains array of accesses -> each time we add a new access for the user, it replace the last one with a new one with the array increased by the new access
- publish to ACD
## delete pincodes :
- quickcode ?
- delete the pincode documents
- delete the access
- pincode ?
- delete the pincode documents
-
## todo v1 :
- **documents :**
- [/] types for inhabitant pincode building
- [/] types for anonymous pincode building
- [/] types for guest pincode building
- [/] types for inhabitant pincode user
- [/] types for anonymous pincode user
- [/] types for guest pincode user
- [/] controllers for inhabitant pincode building
- [/] controllers for anonymous pincode building
- [/] controllers for guest pincode building
- [/] controllers for inhabitant pincode user
- [/] controllers for anonymous pincode user
- [/] controllers for guest pincode user
- [/] services for inhabitant pincode building
- [/] services for anonymous pincode building
- [/] services for guest pincode building
- [/] services for inhabitant pincode user
- [/] services for anonymous pincode user
- [/] services for guest pincode user
- [/] generate unique pincodes with pattern
- **create pincode :**
- [/] create inhabitant user pincodes
- [/] create inhabitant building pincodes
- [/] create anonymous user pincodes
- [/] create anonymous building pincodes
- [/] create guest user pincodes
- [/] create guest building pincodes
- [/] create quickcodes
- **delete pincode :**
- [/] delete quickcodes and access
- **get pincodes:**
- [/] get all user pincode documents
- [/] get all building pincode documents
- [/] get specific user pincode document
- [/] get specific building pincode document
- [/] get user by accessId
- [/] get user pincode id
- [/] get building pincode id
- [/] get all quickcodes for a user
- [ ] a user needs to see the quickcodes in the invitations granted : is it under a building, and when you click on the building in the list you see the quickcode in addition to other accesses ? or in the same arrays as the building invitations ?
- [ ] a user needs to see its pincode to access its own building, is it on the invitations screen ?
- **iot :**
- [ ] update access type in iot node
- **callables :**
- [/] create quickcode
- [/] delete quickcode
- [ ] remove get all pincodes for user ?
- **tests :**
- [/] handle existing documents
- [/] associate created documents with expected ones
- [/] create inhabitants pincodes
- [/] create quickcodes
- [/] check all inhabitant documents created
- [/] check all quickcode documents created
- [/] check inhabitant documents ok
- [/] check quickcode documents ok
- [/] delete quickcodes
- [-] create guest inhabitants
- [ ] pubsub messages for all docs are valid
- [ ] check errors in quickcode creation
- [ ] check errors in quickcode deletion
- **security rules:**
- [-] add security rules for pincodes
- **confluence :**
- [/] documentation on pincode v1
- [/] documentation on pincode callable functions
## todo v2 :
- **delete pincode :**
- delete pincodes ?
- **update pincode :**
- refresh (automatic and manual)
- change informations ? (ex: dates)
- update all pincodes (for example if we upgrade the pincode behavior, to reflect on existing ones)
- **iot :**
- iot needs to have a list of the pincodes for an ACD
- **additional :**
- createAccess returns pincode id in a clean way (or, add pincodeId to access docs, so we can retrieve it ?) (CLD1-559)
- each quickcode (and pincode ?) creation does not trigger a replacement of the database access document in building and user (CLD1-560)
- clean pincodes : pincodes documents may have been partially deleted, only in user or in building, or forgotten when access or invitation has been deleted
- should we put pincodes documents in inviter collection ? also adding a field 'inviter' in pincode documents
---
- `test_checks` : 553
- `pincode_test_match_helper_function` : 595
- `utility_error_log` : 542
- `utility_parameter` : 541
---
- guest user service created
- call the service from createAccess
- create tests to check if it works
- fix tests for quickcodes
---
- [/] update my branch with develop
- [/] add dates to guests and permanent-guests
- [/] user can delete its quickcodes
- [ ] front needs to get invitations and quickcodes
- [ ] update callable to get invitations : fix database call, and add get-quickcode
- [ ] create service to get quickcodes
- [ ] front needs to get pincode informations (id only ?) when click on an access
- [ ] create callable for that ? or better : plug into the callable used to get the access informations (if exists)
- [ ] **add v2 task :** delete pincodes
- [ ] **add v2 task :** should we put pincodes documents in inviter collection ? also adding a field 'inviter' in pincode documents
- [ ] test callable create-quickcodes
- [ ] test pubsub messages
- [ ] test access creation for quickcodes
- [ ] test guest pincodes
- [ ] update access type in iot node
- [ ] add security rules for pincodes
- [ ] test security rules
- [ ] delete current callable function to get-pincodes ? or keep it ? it has not been well tested
--
- inhabitantUser
- inhabitantGuestUser -> time
- inhabitantPermanentGuestUser -> time
- get pincode of the invitation -> the guest can see the pincode on the invitation
- getQuickcodes
- add jira issue for the enum import
- getAllinvitesBasedOnVisibility
--
- inhabitantGuestUser && inhabitantPermanentGuestUser :
- add dates
- put documents in invited collection
- add jira : put documents in inviter collection
- add jira : delete pincodes
- delete quickcodes
--
- test callable create quickcodes
- test callable get quickcodes by user
- check on figma what other functions are necessary for v1
- callable get quickcodes by pincodes ?
- callable delete quickcodes ?
- test pubsub messages
- test errors
---
1. create jira epic : "add helpers for repetitive tasks"
2. create 2 topic :
- "security checks in callable functions"
- "logging and throwing errors"
3. rebase branch `security_and_errors` into current develop :
- git checkout `develop`
- git pull `develop`
- git checkout `security_and_errors`
- git rebase --onto develop 4af5282cf6c23be9b86a59a3772337a1a8fe36ae
- git checkout `develop`
- git rebase `security_and_errors`
4. create jira issue in debt for todo in createAccess about return null instead of throwing errors (/workspace/functions/src/modules/core/modules/access/services/access.service.ts)
5.
**questions:**
- how access documents and pincodes and devices documents are linked ?
- user have access documents, that only contains 'user' and 'building' infos
- they do not say 'access with device' or 'pincode'
```
/users/{userId}/accesses/
- accessId: string
- accesses:
[
{
- accessId: string
- accessRights: [{validity: 'permanent'}, ]
- authorizedDoors:
[
{
},
{
- accessControlDevices:
[
{
},
{
},
]
- doorId: string
- doorName: string
- doorStreetAddress: {}
},
]
- creationDate: Timestamp
- inviterId: string
- inveterName: string
- type: OSKUserAccessType
- unitId: string
},
]
- buildingId: string
- buildingImageFilename: string
- bulidingName: string
- buildingStreetAddress: {}
- creationDate: Timestamp
- userFirstName: string
- userId: string
- userLastName: string
```
---
1. why not adding buildingId in the user pincode document ? and start and end time ?
- we add buildingId because it will help find the associated building document, but the other infos are not relevant unless front need it
2. why having a request.userId parameter if we can identify the userId with the auth ?
- not sure, but might be for security
3. check permissions ? how do they work ? are they always related to organizations ? What is an organization anyway ?
- permissions are for organization users, which are either oskey admin user or client admin user, because they can have different roles and permissions. But not for normal users
4. why is there no user document in buildings collection ?
- the user document in building collection is not actually a user document, but something else (i dont remember)
5. how to change iot
- this is another project that i have to clone
---
- [/] generate pincodes with constraints
- [/] create services and controllers to add pincode documents
- [/] create pincode documents when users are added
- [/] add pincode to access
- [/] add doors to pincodes documents
- [/] test if pincodes documents are created and contains all fields
- [ ] add pincode access to iot
- [/] create services and controllers to get pincode
- [ ] test get pincode service
- [ ] create pincode for guest users
- [ ] test pincode creation for guest users
- [-] write pincode security rules
- [ ] test pincode creation -> test pincode rules
- [-] add callable functions to create anonymous pincodes
- [ ] test pincode callable functions to create anonymous pincodes
- [ ] add callable functions to get user pincodes
- [ ] test pincode callable functions to get user pincodes
- [ ] test pincode accesses
- [ ] add callable function to delete pincodes
- [ ] test pincode deletion
---
15/10/24
- console.log vs logger function ?
-
---
10/10/24
pincodes child issues :
old :
- create pincode controller structure
- generate pincode with constraints
- generate docs when pincode created
- get pincodes by user, building, and both
- pincode firestore rules
- update OSKAccessMethod
- add pincode to access
- update pincode accessMethod in iot endpoint
- tests
new:
- [s] generate pincodes with constraints
- [s] create services and controller to add pincodes documents
- [s] create pincodes documents when users are added
- [s] add doors to pincodes documents
- [t] tests if pincodes documents are created and contains all fields
- [s] create services and controller to get pincodes
- [s] add pincode to access
- update OSKAccessMethod
- update pincode accessMethod in iot endpoint
- [t] write pincodes security rules
- [t] test pincodes creation
---
09/10/24
- what is the difference between `._set()` and `._create()` :
- why `._set()` needs a creationDate timestamp and not `._create()` ?
- what happens if we use `._create()` and then `._set()` to override ? will the creationDate be there ?
- when to use which one ?
---
07/10/24
- in `/workspace/functions/src/modules/core/modules/access/controllers/access_pincode.controller.ts`
is it ok to have `export class OSKPincodeController extends OSKDocumentController<OSKBuildingPincodeDocument> {`
with a controller in core build on a controller in building ?
- **yes**
- the function to check if code is uniq cannot prevent collisions, in its actual form
- **ticket oppened, to do it with redis (FIR1-469)**
- should i use "this" instead of refering the class itself ?
- i didnt get the .default very well so far
- i didnt get exactly the distinction btwn controller and service for a document
- **controller will directly call the database**
- i didnt get also the organization in modules, do they correspond to a collection in the database ?
---
20/09/24
#### documents non detruits quand les users sont detruits :
- accesses
- organizations
- organizationInvitations
- sentInvitations
- invitations
#### documents detruits avec les users :
- devices
---
19/09/24
questions pour greg:
- dans quel cas utiliser le "retries(500)" ?
- les rules ne semblent pas proteger quand on est admin, c'est normal ?
- je ne pense pas avoir besoin de rajouter des indexes, puisque je n'utilise que le champ "accountDeletionDate"
- scheduled functions not supported in emulator : https://github.com/firebase/firebase-tools/issues/2034
---
17/09/24
- scheduler
- tester rules
- indexe
---
12/09/24
utiliser "confluence" de attlassian, une sorte de wiki
utiliser le drive et les docs de google
utiliser les app slacks pour recevoir les notifications
questions pour greg:
- conventions de nommage et organisations des tests
- tests update document beosins d'etre plus complets ?
- pourquoi 2 types de timestamp differents, ex in :
- `functions/src/modules/user/models/documents/user_document.model.ts`
- `test/src/specs/user/user_deletion.specs.ts`
- où se trouvent les dossiers sur le drive / docs ?
---
10/09/24
reu dev
framework auth fournit par google :
- reauth , valider nouvel email ,
pour pouvoir customizer les emails il faudrait le faire soi-meme en backend, pas prioritaire pour l'instant
---
09/09/24
1rst day
- installer slack
- installer vscode (ou vscodium en open source)
- regarder les firmware iot : le sdk est uniquement disponible sur les versions LTS
- dev container : les repository vscode contiennent tous un dev container pour les dependances (genre image-magik)
- apigee : api gateway (!= proxy) -> security
- service account : gestion de token interne a google, entre les containers
- gestion git : gitkraken ou source tree
- utiliser chrome plutot que chromium ou firefox
- install nerd font
1. creer un projet firebase en suivant tuto firestore et cloud functions
2. voir tuto sur codelab "local development with firebase"
- test-firebase-6fe21
- session id : 7D583
---
# devcontainer ownership
- inside the dev container, the user is vscode (1001), so outside the container the local user (asususus) cannot modify files, nor push or pull or anything
- the solution is to give the user rights on the files, without changing them, by using ACL :
- **sudo setfacl -R -m u:asususus:rwx ./firebase-oskey-dev** : give recursive read+write+execute access to user asususus
- **sudo setfacl -R -d -m u:asususus:rwx ./firebase-oskey-dev** : set default acl access for all futur changes in the folder
- to remove : **sudo setfacl -Rb ./firebase-oskey-dev**
### ! previous method didn't worked very well
- so instead, outside the container, i added my user `asususus` to the group 1001 `piavpn` :
- **sudo usermod -aG piavpn asususus**
# github ssh
- to connect to ssh from local machine, need to tell ssh to not use the ssh key it uses for personnal account github.com
- to do that, create a config file and tells it to use another key when remote is 'github.com.oskey'
- in ~/.ssh/config file:
```
# gitHub personal account
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/id_ed25519_github
IdentitiesOnly yes
# For GitHub work account
Match host github.com exec "basename $(pwd)" == "firebase-oskey-dev"
IdentityFile ~/.ssh/id_ed25519_hugo_oskeys
```
Reference in New Issue View Git Blame Copy Permalink