From 3ad16cac7c59d3ee5afec3cce3b972c2ece09453 Mon Sep 17 00:00:00 2001 From: Divyank Aggarwal Date: Tue, 4 Oct 2022 18:45:40 +0530 Subject: [PATCH 1/2] added a route for admin to be able to delete sphinx tickets --- src/controllers/api/personal.ts | 27 +++++++++++++++++++++++++++ src/controllers/index.ts | 1 + src/utils/people.ts | 18 ++++++++++++++++++ 3 files changed, 46 insertions(+) diff --git a/src/controllers/api/personal.ts b/src/controllers/api/personal.ts index 0e6db7458..30cd24237 100644 --- a/src/controllers/api/personal.ts +++ b/src/controllers/api/personal.ts @@ -85,6 +85,33 @@ export async function deletePersonProfile(req, res) { } } +export async function deleteTicketByAdmin(req, res) { + if (!req.owner) return failure(res, 'no owner') + const tenant: number = req.owner.id + + try { + const owner: Contact = (await models.Contact.findOne({ + where: { tenant, isOwner: true }, + })) as Contact + const { + host, + pubkey, + created + } = req.body + + const person = await people.deleteTicketByAdmin( + host || config.tribes_host, + pubkey, + created, + owner.publicKey + ) + + success(res, person) + } catch (e) { + failure(res, e) + } +} + export async function uploadPublicPic(req, res) { if (!req.owner) return failure(res, 'no owner') diff --git a/src/controllers/index.ts b/src/controllers/index.ts index f3f1873c6..ad9556a35 100644 --- a/src/controllers/index.ts +++ b/src/controllers/index.ts @@ -79,6 +79,7 @@ export async function set(app) { app.post('/profile', personal.createPeopleProfile) app.delete('/profile', personal.deletePersonProfile) + app.post('/delete_ticket',personal.deleteTicketByAdmin) app.post('/public_pic', personal.uploadPublicPic) app.get('/refresh_jwt', personal.refreshJWT) app.post('/claim_on_liquid', personal.claimOnLiquid) diff --git a/src/utils/people.ts b/src/utils/people.ts index d7b535b1b..03c368a52 100644 --- a/src/utils/people.ts +++ b/src/utils/people.ts @@ -71,6 +71,24 @@ export async function deletePerson(host, id, owner_pubkey) { } } +export async function deleteTicketByAdmin(host, pubkey, created,owner_pubkey) { + try { + const token = await genSignedTimestamp(owner_pubkey) + let protocol = 'https' + if (config.tribes_insecure) protocol = 'http' + const r = await fetch(`${protocol}://${host}/ticket/${pubkey}/${created}?token=${token}`, { + method: 'DELETE' + }) + if (!r.ok) { + throw 'failed to delete ticket by admin' + r.status + } + } + catch (e) { + sphinxLogger.error(`unauthorized to delete ticket by admin`,logging.Tribes) + throw e + } +} + export async function claimOnLiquid({ host, asset, From 2e09af3fa3bb4fa99c0b6ba64ee6b08376f133c4 Mon Sep 17 00:00:00 2001 From: Divyank Aggarwal Date: Thu, 6 Oct 2022 15:03:43 +0530 Subject: [PATCH 2/2] Fixed owner to take from middleware --- src/controllers/api/personal.ts | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/controllers/api/personal.ts b/src/controllers/api/personal.ts index 30cd24237..0daeadcc5 100644 --- a/src/controllers/api/personal.ts +++ b/src/controllers/api/personal.ts @@ -87,12 +87,8 @@ export async function deletePersonProfile(req, res) { export async function deleteTicketByAdmin(req, res) { if (!req.owner) return failure(res, 'no owner') - const tenant: number = req.owner.id try { - const owner: Contact = (await models.Contact.findOne({ - where: { tenant, isOwner: true }, - })) as Contact const { host, pubkey, @@ -103,7 +99,7 @@ export async function deleteTicketByAdmin(req, res) { host || config.tribes_host, pubkey, created, - owner.publicKey + req.owner.publicKey ) success(res, person)