Merge pull request #101 from HackRU/user-exists

avsomers25 · web-flow · commit e45cd5452c77 · 2025-05-23T10:16:36.000-04:00
Add endpoint that allows hackers to look up other users
diff --git a/serverless.ts b/serverless.ts
@@ -18,6 +18,7 @@ import getBuyIns from '@functions/get-buy-ins';
 import notifyByEmail from '@functions/notify-by-email';
 import verifyEmail from '@functions/verify-email';
 import deleteUser from '@functions/delete';
+import userExists from '@functions/user-exists';
 
 import * as path from 'path';
 import * as dotenv from 'dotenv';
@@ -62,6 +63,7 @@ const serverlessConfiguration: AWS = {
     notifyByEmail,
     verifyEmail,
     deleteUser,
+    userExists,
   },
   package: { individually: true, patterns: ['!.env*', '.env.vault'] },
   custom: {
diff --git a/src/functions/index.ts b/src/functions/index.ts
@@ -16,3 +16,4 @@ export { default as getBuyIns } from './get-buy-ins';
 export { default as notifyByEmail } from './notify-by-email';
 export { default as verifyEmail } from './verify-email';
 export { default as delete } from './delete';
+export { default as userExists } from './user-exists';
diff --git a/src/functions/user-exists/handler.ts b/src/functions/user-exists/handler.ts
@@ -0,0 +1,70 @@
+import type { ValidatedEventAPIGatewayProxyEvent } from '@libs/api-gateway';
+import { middyfy } from '@libs/lambda';
+import schema from './schema';
+import { MongoDB, validateToken } from '../../util';
+import * as path from 'path';
+import * as dotenv from 'dotenv';
+dotenv.config({ path: path.resolve(process.cwd(), '.env') });
+
+const userExists: ValidatedEventAPIGatewayProxyEvent<typeof schema> = async (event) => {
+  try {
+    //Check token validity
+    const isValidToken = validateToken(event.body.auth_token, process.env.JWT_SECRET, event.body.auth_email);
+    if (!isValidToken) {
+      return {
+        statusCode: 401,
+        body: JSON.stringify({
+          statuscode: 401,
+          message: 'Unauthorized',
+        }),
+      };
+    }
+
+    //Connect to DB
+    const db = MongoDB.getInstance(process.env.MONGO_URI);
+    await db.connect();
+    const users = db.getCollection('users');
+
+    const authUser = await users.findOne({ email: event.body.auth_email });
+    if (!authUser) {
+      return {
+        statusCode: 404,
+        body: JSON.stringify({
+          statuscode: 404,
+          message: 'Auth user not found.',
+        }),
+      };
+    }
+
+    //Check if user being looked up exists
+    const lookupUser = await users.findOne(
+      { email: event.body.email.toLowerCase() },
+      { projection: { password: 0, _id: 0 } }
+    );
+    if (!lookupUser) {
+      return {
+        statusCode: 404,
+        body: JSON.stringify({
+          statusCode: 404,
+          message: 'Look-up user was not found',
+        }),
+      };
+    }
+    //return that user exists
+    return {
+      statusCode: 200,
+      body: JSON.stringify('User exists'),
+    };
+  } catch (error) {
+    console.error('Error reading user:', error);
+    return {
+      statusCode: 500,
+      body: JSON.stringify({
+        statusCode: 500,
+        message: 'Internal server error.',
+        error,
+      }),
+    };
+  }
+};
+export const main = middyfy(userExists);
diff --git a/src/functions/user-exists/index.ts b/src/functions/user-exists/index.ts
@@ -0,0 +1,20 @@
+import { handlerPath } from '@libs/handler-resolver';
+import schema from './schema';
+
+export default {
+  handler: `${handlerPath(__dirname)}/handler.main`,
+  events: [
+    {
+      http: {
+        method: 'post',
+        path: 'user-exists',
+        cors: true,
+        request: {
+          schemas: {
+            'application/json': schema,
+          },
+        },
+      },
+    },
+  ],
+};
diff --git a/src/functions/user-exists/schema.ts b/src/functions/user-exists/schema.ts
@@ -0,0 +1,9 @@
+export default {
+  type: 'object',
+  properties: {
+    auth_email: { type: 'string', format: 'email' },
+    auth_token: { type: 'string' },
+    email: { type: 'string', format: 'email' },
+  },
+  required: ['auth_email', 'auth_token', 'email'],
+} as const;
diff --git a/tests/user-exists.test.ts b/tests/user-exists.test.ts
@@ -0,0 +1,116 @@
+import { main } from '../src/functions/user-exists/handler';
+
+import { createEvent, mockContext } from './helper';
+import * as util from '../src/util';
+
+jest.mock('../src/util', () => ({
+  // eslint-disable-next-line @typescript-eslint/naming-convention
+  MongoDB: {
+    getInstance: jest.fn().mockReturnValue({
+      connect: jest.fn(),
+      disconnect: jest.fn(),
+      getCollection: jest.fn().mockReturnValue({
+        findOne: jest.fn(),
+        find: jest.fn().mockReturnValue({
+          toArray: jest.fn(),
+        }),
+      }),
+    }),
+  },
+  validateToken: jest.fn().mockReturnValueOnce(false).mockReturnValue(true),
+}));
+
+describe('/user-exists endpoint', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+  const path = '/user-exists';
+  const httpMethod = 'POST';
+
+  const findOneMock = util.MongoDB.getInstance('uri').getCollection('users').findOne as jest.Mock;
+  const mockCallback = jest.fn();
+
+  it('invalid token', async () => {
+    const userData = {
+      auth_email: 'hacker@hackru.org',
+      auth_token: 'mockToken',
+      email: 'hacker@hackru.org',
+    };
+    const mockEvent = createEvent(userData, path, httpMethod);
+
+    const res = await main(mockEvent, mockContext, mockCallback);
+    expect(res.statusCode).toBe(401);
+    expect(JSON.parse(res.body).message).toBe('Unauthorized');
+  });
+
+  it('auth user not found', async () => {
+    findOneMock.mockReturnValueOnce(null);
+    const userData = {
+      auth_email: 'non-existent-user@hackru.org',
+      auth_token: 'mockToken',
+      email: 'hacker@hackru.org',
+    };
+    const mockEvent = createEvent(userData, path, httpMethod);
+
+    const res = await main(mockEvent, mockContext, mockCallback);
+    expect(res.statusCode).toBe(404);
+    expect(JSON.parse(res.body).message).toBe('Auth user not found.');
+  });
+
+  it('look-up user not found', async () => {
+    findOneMock
+      .mockReturnValueOnce({
+        email: 'hackerCheck@hackru.org',
+      })
+      .mockReturnValueOnce(null);
+    const userData = {
+      auth_email: 'hackerCheck@hackru.org',
+      auth_token: 'mockToken',
+      email: 'non-existent-user@hackru.org',
+    };
+    const mockEvent = createEvent(userData, path, httpMethod);
+
+    const res = await main(mockEvent, mockContext, mockCallback);
+
+    expect(res.statusCode).toBe(404);
+    expect(JSON.parse(res.body).message).toBe('Look-up user was not found');
+  });
+
+  it('success case', async () => {
+    //can check even if you don't have the admin role
+    findOneMock
+      .mockReturnValueOnce({
+        email: 'hackerCheck@hackru.org',
+      })
+      .mockReturnValueOnce({});
+    const userData = {
+      auth_email: 'hackerCheck@hackru.org',
+      auth_token: 'mockToken',
+      email: 'hacker@hackru.org',
+    };
+    const mockEvent = createEvent(userData, path, httpMethod);
+
+    const res = await main(mockEvent, mockContext, mockCallback);
+
+    expect(res.statusCode).toBe(200);
+    expect(res.body).toBeDefined();
+  });
+
+  it('success case for all lookup', async () => {
+    findOneMock
+      .mockReturnValueOnce({
+        email: 'hackerCheck@hackru.org',
+      })
+      .mockReturnValueOnce({ email: 'targetHacker@hackru.org' });
+    const userData = {
+      auth_email: 'hackerCheck@hackru.org',
+      auth_token: 'mockToken',
+      email: 'anyemail@hackru.org',
+    };
+    const mockEvent = createEvent(userData, path, httpMethod);
+    const res = await main(mockEvent, mockContext, mockCallback);
+    console.log(res.body);
+    expect(res.statusCode).toBe(200);
+    expect(JSON.parse(res.body)).toEqual('User exists');
+  });
+});
