Fix study detail logic to access without login

Add length option to title, about column Add onDelete: CASCADE option to study related entities
caulipse · Jun 9, 2022 · ae2b38a · ae2b38a
1 parent f6a2520
commit ae2b38a
Show file tree

Hide file tree

Showing 6 changed files with 75 additions and 27 deletions.
diff --git a/src/entity/CommentEntity.ts b/src/entity/CommentEntity.ts
@@ -51,7 +51,7 @@ export default class Comment {
   @Column('uuid')
   STUDY_ID!: string;
 
-  @ManyToOne(() => Study, (study) => study.id)
+  @ManyToOne(() => Study, (study) => study.id, { onDelete: 'CASCADE' })
   @JoinColumn({ name: 'STUDY_ID' })
   study!: Study;
 

diff --git a/src/entity/NoticeEntity.ts b/src/entity/NoticeEntity.ts
@@ -13,10 +13,10 @@ export default class Notice {
   @PrimaryGeneratedColumn('uuid', { name: 'ID' })
   id!: string;
 
-  @Column({ name: 'TITLE' })
+  @Column('varchar', { name: 'TITLE', length: 500 })
   title!: string;
 
-  @Column({ name: 'ABOUT' })
+  @Column('varchar', { name: 'ABOUT', length: 500 })
   about!: string;
 
   @CreateDateColumn({ name: 'CREATED_AT' })

diff --git a/src/entity/NotificationEntity.ts b/src/entity/NotificationEntity.ts
@@ -26,7 +26,10 @@ export default class Notification {
   @Column('uuid', { nullable: true })
   STUDY_ID!: string | null;
 
-  @ManyToOne(() => Study, (study) => study.id, { nullable: true })
+  @ManyToOne(() => Study, (study) => study.id, {
+    nullable: true,
+    onDelete: 'CASCADE',
+  })
   @JoinColumn({ name: 'STUDY_ID' })
   study!: Study | null;
 

diff --git a/src/entity/StudyEntity.ts b/src/entity/StudyEntity.ts
@@ -43,10 +43,10 @@ export default class Study {
   @CreateDateColumn({ name: 'CREATED_AT' })
   createdAt!: Date;
 
-  @Column({ name: 'TITLE' })
+  @Column('varchar', { name: 'TITLE', length: 500 })
   title!: string;
 
-  @Column({ name: 'STUDY_ABOUT' })
+  @Column('varchar', { name: 'STUDY_ABOUT', length: 500 })
   studyAbout!: string;
 
   @Column('set', { enum: WeekDayEnum, name: 'WEEKDAY' })

diff --git a/src/entity/StudyUserEntity.ts b/src/entity/StudyUserEntity.ts
@@ -24,7 +24,7 @@ export default class StudyUser {
   @PrimaryColumn('uuid')
   STUDY_ID!: string;
 
-  @ManyToOne(() => Study, (study) => study.id)
+  @ManyToOne(() => Study, (study) => study.id, { onDelete: 'CASCADE' })
   @JoinColumn({ name: 'STUDY_ID' })
   study!: Study;
 

diff --git a/src/routes/study/study.controller.ts b/src/routes/study/study.controller.ts
@@ -17,7 +17,9 @@ import {
 import { temp_findUserProfileById } from '../../services/user/profile';
 import { orderByEnum } from '../../types/study.dto';
 import bookmarkService from '../../services/study/bookmark';
-import { refresh } from '../../middlewares/auth';
+import { getRepository } from 'typeorm';
+import User from '../../entity/UserEntity';
+import { generateToken } from '../../middlewares/auth';
 
 export const schedules: { [key: string]: cron.ScheduledTask } = {};
 export const closedschedules: string[] = [];
@@ -226,6 +228,7 @@ const createStudy = async (req: Request, res: Response) => {
 
 const getStudybyId = async (req: Request, res: Response) => {
   const NOT_FOUND = '데이터베이스에 일치하는 요청값이 없습니다';
+  const FORBIDDEN = '접근 권한이 없습니다';
 
   try {
     const { studyid } = req.params;
@@ -237,51 +240,90 @@ const getStudybyId = async (req: Request, res: Response) => {
     await studyService.updateStudyViews(study);
 
     if (req.cookies) {
-      let { accessToken, refreshToken } = req.cookies;
+      const { accessToken, refreshToken } = req.cookies;
+
       if (!accessToken && !refreshToken) {
-        return res
-          .status(200)
-          .json({ ...study, bookmarked: false, applied: false });
+        return res.status(200).json({
+          ...study,
+          bookmarked: false,
+          applied: false,
+          isLogIn: false,
+        });
       }
-
       if (!accessToken && refreshToken) {
-        await refresh(req, res);
-
-        if (!req.cookies.accessToken) return;
-        else {
-          accessToken = req.cookies.accessToken;
-          refreshToken = req.cookies.refreshToken;
+        try {
+          const decoded = jwt.verify(
+            refreshToken,
+            process.env.SIGNUP_TOKEN_SECRET as string
+          ) as { id: string; email: string };
+          const user = await getRepository(User).findOne({ id: decoded.id });
+          if (user?.id !== decoded.id) throw new Error(FORBIDDEN);
+          if (user?.isLogout) throw new Error(FORBIDDEN);
+
+          const newAccessToken = generateToken({ id: decoded.id });
+          const bookmarkFlag = await bookmarkService.checkBookmarked(
+            decoded.id,
+            studyid
+          );
+          const appliedFlag = await checkApplied(studyid, decoded.id);
+          return res
+            .cookie('accessToken', newAccessToken, {
+              expires: new Date(Date.now() + 3 * 3600 * 1000),
+              domain: 'caustudy.com',
+              sameSite: 'none',
+              secure: true,
+            })
+            .status(200)
+            .json({
+              ...study,
+              bookmarked: bookmarkFlag ? true : false,
+              applied: appliedFlag ? true : false,
+              isLogIn: true,
+            });
+        } catch (e) {
+          if ((e as Error).message === FORBIDDEN) {
+            return res.status(403).json({ message: FORBIDDEN });
+          } else {
+            // logout
+            return res.status(200).json({
+              ...study,
+              bookmarked: false,
+              applied: false,
+              isLogIn: false,
+            });
+          }
         }
       }
-
       try {
         const decoded = jwt.verify(
           accessToken,
           process.env.SIGNUP_TOKEN_SECRET as string
         ) as { id: string };
-        req.user = { id: decoded.id };
 
         const bookmarkFlag = await bookmarkService.checkBookmarked(
           decoded.id,
           studyid
         );
         const appliedFlag = await checkApplied(studyid, decoded.id);
-
         return res.status(200).json({
           ...study,
           bookmarked: bookmarkFlag ? true : false,
           applied: appliedFlag ? true : false,
+          isLogIn: true,
         });
       } catch (e) {
-        return res
-          .status(200)
-          .json({ ...study, bookmarked: false, applied: false });
+        // logout
+        return res.status(200).json({
+          ...study,
+          bookmarked: false,
+          applied: false,
+          isLogIn: false,
+        });
       }
     }
-
     return res
       .status(200)
-      .json({ ...study, bookmarked: false, applied: false });
+      .json({ ...study, bookmarked: false, applied: false, isLogIn: false });
   } catch (e) {
     if ((e as Error).message === NOT_FOUND) {
       return res.status(404).json({ message: NOT_FOUND });
@@ -668,6 +710,9 @@ export default {
  *                applied:
  *                  type: boolean
  *                  description: "유저가 해당 스터디에 대하여 참가 신청을 한 상태인지 아닌지에 대한 여부"
+ *                isLogIn:
+ *                  type: boolean
+ *                  description: "유저가 현재 로그인 상태인지 아닌지에 대한 여부"
  *        404:
  *          description: "전달한 studyid가 데이터베이스에 없는 경우입니다"
  *          schema: