✨ invitation API (#157)

* ✨ feat: added invitation service

* ✨ feat: added invitation route

* ✨ feat: added invitation middleware

* ✨ feat: added invitation controller

* 🏷️ chore: added invitation related types

* ✨ feat: add invitation api

* 🎨 feat: added invitations table

* ➕ chore: added uuid dep

* ✨ feat: update invitation service

* ✨ feat: update invitation API router

* ✨ feat: add invitation API middleware

* ✨ feat: upadte invitation API controller

* 🏷️ chore: update invitation interface

* 🔧 chore: add redirect url config

* 📝 chore: update swagger docs

* 🧪 chore: add middleware tests

* 🧪 chore: add route tests

* 🎨 chore: update middleware strcture

* 🎨 chore: update the invitation service

change invite method: store invite and matrix call order

* 🐛 fix: generateInvitationLink missing sender

* 🧪 chore: added controller unit tests

* 🐛 fix: extra slash in invitation link

* 🧪 chore: added service unit test

* 🧪 chore: fix unit tests

* 🎨 chore: add room_id to invitation table

* 🐛 fix: create a room when a user uses a link to accept the invitation

* 🏷️ chore: add room creation related types

* 🧪 chore: update tests

Author: rezk2ll

docs/openapi.json

@@ -25,6 +25,7 @@ export type Collections =
   | 'userPolicies'
   | 'userQuotas'
   | 'activeContacts'
+  | 'invitations'
 
 const cleanByExpires: Collections[] = ['oneTimeTokens', 'attempts']
 
@@ -49,7 +50,9 @@ const tables: Record<Collections, string> = {
     'keyID varchar(64) PRIMARY KEY, public text, private text, active integer',
   userHistory: 'address text PRIMARY KEY, active integer, timestamp integer',
   userPolicies: 'user_id text, policy_name text, accepted integer',
-  userQuotas: 'user_id varchar(64) PRIMARY KEY, size int'
+  userQuotas: 'user_id varchar(64) PRIMARY KEY, size int',
+  invitations:
+    'id varchar(64) PRIMARY KEY, sender varchar(64), recepient varchar(64), medium varchar(64), expiration int, accessed int, room_id varchar(64)'
 }
 
 const indexes: Partial<Record<Collections, string[]>> = {

package-lock.json

@@ -47,6 +47,7 @@
     "lodash": "^4.17.21",
     "qrcode": "^1.5.4",
     "redis": "^4.6.6",
+    "uuid": "^11.0.3",
     "validator": "^13.11.0"
   },
   "optionalDependencies": {

packages/matrix-identity-server/src/db/index.ts

@@ -90,5 +90,6 @@
   "sms_api_login": "",
   "sms_api_key": "",
   "trust_x_forwarded_for": false,
-  "qr_code_url": "twake.chat://login"
+  "qr_code_url": "twake.chat://login",
+  "invitation_redirect_url": "https://sign-up.twake.app/download/chat"
 }

packages/tom-server/package.json

@@ -0,0 +1,162 @@
+import { type TwakeLogger } from '@twake/logger'
+import { AuthRequest, Config, type TwakeDB } from '../../types'
+import { type NextFunction, type Request, type Response } from 'express'
+import { IInvitationService, InvitationRequestPayload } from '../types'
+import InvitationService from '../services'
+
+export default class InvitationApiController {
+  private readonly invitationService: IInvitationService
+
+  constructor(
+    db: TwakeDB,
+    private readonly logger: TwakeLogger,
+    private readonly config: Config
+  ) {
+    this.invitationService = new InvitationService(db, logger, config)
+  }
+
+  /**
+   * Sends an invitation to a user
+   *
+   * @param {Request} req - the request object.
+   * @param {Response} res - the response object.
+   * @param {NextFunction} next - the next hundler
+   */
+  sendInvitation = async (
+    req: AuthRequest,
+    res: Response,
+    next: NextFunction
+  ): Promise<void> => {
+    try {
+      const {
+        body: { contact: recepient, medium },
+        userId: sender
+      }: { body: InvitationRequestPayload; userId?: string } = req
+
+      if (!sender) {
+        res.status(400).json({ message: 'Sender is required' })
+        return
+      }
+
+      const { authorization } = req.headers
+
+      if (!authorization) {
+        res.status(400).json({ message: 'Authorization header is required' })
+        return
+      }
+
+      await this.invitationService.invite(
+        { recepient, medium, sender },
+        authorization
+      )
+
+      res.status(200).json({ message: 'Invitation sent' })
+    } catch (err) {
+      this.logger.error(`Failed to send invitation`, { err })
+
+      next(err)
+    }
+  }
+
+  /**
+   * Accepts an invitation
+   *
+   * @param {Request} req - the request object.
+   * @param {Response} res - the response object.
+   * @param {NextFunction} next - the next hundler
+   */
+  acceptInvitation = async (
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<void> => {
+    try {
+      const { id } = req.params
+
+      if (id.length === 0) {
+        res.status(400).json({ message: 'Invitation id is required' })
+        return
+      }
+
+      const { authorization } = req.headers
+
+      if (!authorization) {
+        res.status(400).json({ message: 'Authorization header is required' })
+        return
+      }
+
+      await this.invitationService.accept(id, authorization)
+
+      res.redirect(
+        301,
+        this.config.invitation_redirect_url ?? this.config.base_url
+      )
+    } catch (err) {
+      this.logger.error(`Failed to accept invitation`, { err })
+
+      next(err)
+    }
+  }
+
+  /**
+   * lists the invitations of the currently connected user.
+   *
+   * @param {Request} req - the request object.
+   * @param {Response} res - the response object.
+   * @param {NextFunction} next - the next hundler
+   */
+  listInvitations = async (
+    req: AuthRequest,
+    res: Response,
+    next: NextFunction
+  ): Promise<void> => {
+    try {
+      const { userId } = req
+
+      if (!userId) {
+        res.status(400).json({ message: 'User id is required' })
+        return
+      }
+
+      const invitations = await this.invitationService.list(userId)
+
+      res.status(200).json({ invitations })
+    } catch (err) {
+      next(err)
+    }
+  }
+
+  /**
+   * Generates an invitation link
+   *
+   * @param {Request} req - the request object.
+   * @param {Response} res - the response object.
+   * @param {NextFunction} next - the next hundler
+   */
+  generateInvitationLink = async (
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<void> => {
+    try {
+      const {
+        body: { contact: recepient, medium },
+        userId: sender
+      }: { body: InvitationRequestPayload; userId?: string } = req
+
+      if (!sender) {
+        throw Error('Sender is required')
+      }
+
+      const link = await this.invitationService.generateLink({
+        sender,
+        recepient,
+        medium
+      })
+
+      res.status(200).json({ link })
+    } catch (err) {
+      next(err)
+    }
+  }
+}

packages/tom-server/src/config.json

@@ -0,0 +1 @@
+export { default } from './routes'

packages/tom-server/src/invitation-api/controllers/index.ts

@@ -0,0 +1,159 @@
+import { TwakeLogger } from '@twake/logger'
+import { TwakeDB } from '../../types'
+import type { NextFunction, Request, Response } from 'express'
+import { InvitationRequestPayload } from '../types'
+import { isEmail, isMobilePhone } from 'validator'
+
+export default class invitationApiMiddleware {
+  private readonly ONE_HOUR = 60 * 60 * 1000
+
+  constructor(
+    private readonly db: TwakeDB,
+    private readonly logger: TwakeLogger
+  ) {}
+
+  /**
+   * Checks the invitation payload
+   *
+   * @param {Request} req - the request object.
+   * @param {Response} res - the response object.
+   * @param {NextFunction} next - the next hundler
+   */
+  checkInvitationPayload = (
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): void => {
+    try {
+      const {
+        body: { contact, medium }
+      }: { body: InvitationRequestPayload } = req
+
+      if (!contact) {
+        res.status(400).json({ message: 'Recepient is required' })
+        return
+      }
+
+      if (!medium) {
+        res.status(400).json({ message: 'Medium is required' })
+        return
+      }
+
+      if (medium !== 'email' && medium !== 'phone') {
+        res.status(400).json({ message: 'Invalid medium' })
+        return
+      }
+
+      if (medium === 'email' && !isEmail(contact)) {
+        res.status(400).json({ message: 'Invalid email' })
+        return
+      }
+
+      if (medium === 'phone' && !isMobilePhone(contact)) {
+        res.status(400).json({ message: 'Invalid phone number' })
+        return
+      }
+
+      next()
+    } catch (error) {
+      this.logger.error(`Failed to check invitation payload`, { error })
+
+      res.status(400).json({ message: 'Invalid invitation payload' })
+    }
+  }
+
+  /**
+   * Checks if the invitation exists and not expired
+   *
+   * @param {Request} req - the request object.
+   * @param {Response} res - the response object.
+   * @param {NextFunction} next - the next hundler
+   */
+  checkInvitation = async (
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<void> => {
+    try {
+      const {
+        params: { id }
+      } = req
+
+      if (!id) {
+        res.status(400).json({ message: 'Invitation id is required' })
+        return
+      }
+
+      const invitation = await this.db.get('invitations', ['expiration'], {
+        id
+      })
+
+      if (!invitation || !invitation.length) {
+        res.status(404).json({ message: 'Invitation not found' })
+        return
+      }
+
+      const { expiration } = invitation[0]
+
+      if (+expiration < Date.now()) {
+        res.status(400).json({ message: 'Invitation expired' })
+        return
+      }
+
+      next()
+    } catch (error) {
+      this.logger.error(`Failed to check invitation`, { error })
+
+      res.status(400).json({ message: 'Invalid invitation' })
+    }
+  }
+
+  /**
+   * Rate limits invitations to the same contact
+   *
+   * @param {Request} req - the request object.
+   * @param {Response} res - the response object.
+   * @param {NextFunction} next - the next hundler.
+   */
+  rateLimitInvitations = async (
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<void> => {
+    try {
+      const {
+        body: { contact }
+      }: { body: InvitationRequestPayload } = req
+
+      const invitations = await this.db.get(
+        'invitations',
+        ['id', 'expiration'],
+        {
+          recepient: contact
+        }
+      )
+
+      if (!invitations || !invitations.length) {
+        next()
+        return
+      }
+
+      const lastInvitation = invitations[invitations.length - 1]
+      const { expiration } = lastInvitation
+
+      if (Date.now() - +expiration < this.ONE_HOUR) {
+        res
+          .status(400)
+          .json({ message: 'you already sent an invitation to this contact' })
+
+        return
+      }
+
+      next()
+    } catch (error) {
+      this.logger.error(`Failed to rate limit invitations`, { error })
+
+      res.status(400).json({ message: 'Failed to rate limit invitations' })
+    }
+  }
+}