-
Notifications
You must be signed in to change notification settings - Fork 203
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Live-Site] Test/event kickout peer api #1387
base: develop
Are you sure you want to change the base?
Conversation
… isTokenExpired method
@@ -10,5 +10,7 @@ | |||
router.get("/:id", eventsValidator.getEventById, events.getEventById); | |||
router.patch("/", authenticate, eventsValidator.updateEvent, events.updateEvent); | |||
router.patch("/end", authenticate, eventsValidator.endActiveEvent, events.endActiveEvent); | |||
router.patch("/:id/peer", authenticate, eventsValidator.addPeerToEvent, events.addPeerToEvent); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
authorization
This route handler performs
authorization
This route handler performs
authorization
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Change accordingly as per main PR
Yes, done. Thank you |
controllers/events.js
Outdated
logger.error({ error }); | ||
return res.status(500).json({ | ||
error: error.code, | ||
message: "You can't remove selected Participant from Remove, Please ask Admin or Host for help.", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same move all strings to constants they become easier to manage
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I have fixed it.
26e1dce
controllers/events.js
Outdated
}; | ||
|
||
try { | ||
await apiService.post(`/active-rooms/${id}/remove-peers`, payload); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will suggest to keep all the strings in constant
- easier to maintain
- easier to replace
- you remember constant names more often than long strings so they are easier to navigate and search
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks a lot for your review, @vvaibhavdesai.
I have made all the strings as constant.
await apiService.post(`/active-rooms/${id}/remove-peers`, payload); | ||
await eventQuery.kickoutPeer({ eventId: id, peerId: payload.peer_id, reason: req.body.reason }); | ||
return res.status(200).json({ | ||
message: SUCCESS_MESSAGES.CONTROLLERS.KICKOUT_PEER, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nicely done 👌
*/ | ||
const createEvent = async (req, res) => { | ||
const { name, description, region, userId } = req.body; | ||
const payload = { name, description, region }; | ||
try { | ||
const eventData = await apiService.post("/rooms", payload); | ||
const eventData = await apiService.post(API_URLS.CREATE_EVENT, payload); | ||
const event = removeUnwantedProperties(UNWANTED_PROPERTIES_FROM_100MS, eventData); | ||
const eventDataFromDB = await eventQuery.createEvent({ room_id: eventData.id, created_by: userId, ...event }); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we need to save room_id in DB..?
@@ -86,7 +94,7 @@ const getAllEvents = async (req, res) => { | |||
* @param {Object} req - The Express request object. | |||
* @param {Object} res - The Express response object. | |||
* @returns {Object} An object containing the generated token and a success message in JSON format. | |||
* @throws {Error} If an error occurs while generating the token. | |||
* @returns {Object} If an error occurs while generating the token. | |||
*/ | |||
const joinEvent = async (req, res) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
function is not checking the role property of the req.body object. This means that the function will allow users to join events with any role, even if they are not supposed to have access to the event.
is my understanding correct..?
@@ -173,22 +182,86 @@ const updateEvent = async (req, res) => { | |||
* @param {Object} req - The Express request object. | |||
* @param {Object} res - The Express response object. | |||
* @returns {Promise<Object>} The JSON response with a message indicating the session has ended. | |||
* @throws {Object} The JSON response with an error message if an error occurred while ending the event. | |||
* @returns {Promise<Object>} The JSON response with an error message if an error occurred while ending the event. | |||
*/ | |||
const endActiveEvent = async (req, res) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
endActiveEvent() function is not checking the lock property of the req.body object. This means that the function will allow users to end active events, even if the event is locked.
to fix this change to below
if (payload.lock === true) {
return res.status(403).json({
error: 'Forbidden',
message: 'The event is locked and cannot be ended',
});
}
Description:
Tests for kickout peer API for live site.
PATCH - /:id/peers/kickout - Removes peer from the event & update the database.
Main PR
#1375
More details:
Fixes: #1374