Merge pull request #20 from movie-web/dev

V1.1.4

.eslintrc.js

@@ -13,7 +13,7 @@ module.exports = {
     sourceType: 'module',
   },
   plugins: ['@typescript-eslint'],
-  ignorePatterns: ['./src/db/migrations/**/*'],
+  ignorePatterns: ['src/db/migrations/**/*'],
   rules: {
     '@typescript-eslint/interface-name-prefix': 'off',
     '@typescript-eslint/explicit-function-return-type': 'off',

package.json

@@ -1,6 +1,6 @@
 {
   "name": "backend",
-  "version": "1.0.4",
+  "version": "1.1.4",
   "private": true,
   "homepage": "https://github.com/movie-web/backend",
   "engines": {

src/config/index.ts

@@ -8,7 +8,7 @@ const fragments = {
   dockerdev: dockerFragment,
 };
 
-export const version = '1.0.3';
+export const version = process.env.npm_package_version ?? 'unknown';
 
 export const conf = createConfigLoader()
   .addFromEnvironment('MWB_')

src/config/schema.ts

@@ -41,6 +41,10 @@ export const configSchema = z.object({
     // will always keep the database schema in sync with the connected database
     // it is extremely destructive, do not use it EVER in production
     syncSchema: z.coerce.boolean().default(false),
+
+    // Enable debug logging for MikroORM - Outputs queries and entity management logs
+    // Do NOT use in production, leaks all sensitive data
+    debugLogging: z.coerce.boolean().default(false),
   }),
   crypto: z.object({
     // session secret. used for signing session tokens

src/db/migrations/.snapshot-movie_web.json

@@ -587,12 +587,12 @@
       "columns": {
         "id": {
           "name": "id",
-          "type": "uuid",
+          "type": "text",
           "unsigned": false,
           "autoincrement": false,
           "primary": false,
           "nullable": false,
-          "mappedType": "uuid"
+          "mappedType": "text"
         },
         "application_theme": {
           "name": "application_theme",

src/db/migrations/Migration20231122231620.ts

@@ -0,0 +1,14 @@
+import { Migration } from '@mikro-orm/migrations';
+
+export class Migration20231122231620 extends Migration {
+
+  async up(): Promise<void> {
+    this.addSql('alter table "user_settings" alter column "id" type text using ("id"::text);');
+  }
+
+  async down(): Promise<void> {
+    this.addSql('alter table "user_settings" alter column "id" drop default;');
+    this.addSql('alter table "user_settings" alter column "id" type uuid using ("id"::text::uuid);');
+  }
+
+}

src/db/models/ProgressItem.ts

@@ -53,6 +53,7 @@ export class ProgressItem {
 }
 
 export interface ProgressItemDTO {
+  id: string;
   tmdbId: string;
   season: {
     id?: string;
@@ -77,6 +78,7 @@ export function formatProgressItem(
   progressItem: ProgressItem,
 ): ProgressItemDTO {
   return {
+    id: progressItem.id,
     tmdbId: progressItem.tmdbId,
     episode: {
       id: progressItem.episodeId,

src/db/models/UserSettings.ts

@@ -1,10 +1,9 @@
 import { Entity, PrimaryKey, Property } from '@mikro-orm/core';
-import { randomUUID } from 'crypto';
 
 @Entity({ tableName: 'user_settings' })
 export class UserSettings {
-  @PrimaryKey({ name: 'id', type: 'uuid' })
-  id: string = randomUUID();
+  @PrimaryKey({ name: 'id', type: 'text' })
+  id!: string;
 
   @Property({ name: 'application_theme', nullable: true })
   applicationTheme?: string | null;

src/modules/fastify/routes.ts

@@ -2,7 +2,7 @@ import { loginAuthRouter } from '@/routes/auth/login';
 import { manageAuthRouter } from '@/routes/auth/manage';
 import { metaRouter } from '@/routes/meta';
 import { metricsRouter } from '@/routes/metrics';
-import { sessionsRouter } from '@/routes/sessions';
+import { sessionsRouter } from '@/routes/sessions/sessions';
 import { userBookmarkRouter } from '@/routes/users/bookmark';
 import { userDeleteRouter } from '@/routes/users/delete';
 import { userEditRouter } from '@/routes/users/edit';

src/modules/mikro/index.ts

@@ -14,8 +14,10 @@ export function getORM() {
 
 export async function setupMikroORM() {
   log.info(`Connecting to postgres`, { evt: 'connecting' });
-  const mikro = await createORM(conf.postgres.connection, (msg) =>
-    log.info(msg),
+  const mikro = await createORM(
+    conf.postgres.connection,
+    conf.postgres.debugLogging,
+    (msg) => log.info(msg),
   );
 
   if (conf.postgres.syncSchema) {

src/modules/mikro/orm.ts

@@ -16,9 +16,14 @@ export function makeOrmConfig(url: string): Options<PostgreSqlDriver> {
   };
 }
 
-export async function createORM(url: string, log: (msg: string) => void) {
+export async function createORM(
+  url: string,
+  debug: boolean,
+  log: (msg: string) => void,
+) {
   return await MikroORM.init<PostgreSqlDriver>({
     ...makeOrmConfig(url),
     logger: log,
+    debug,
   });
 }

src/routes/sessions/session.ts

@@ -1,35 +0,0 @@
-import { Session } from '@/db/models/Session';
-import { StatusError } from '@/services/error';
-import { handle } from '@/services/handler';
-import { makeRouter } from '@/services/router';
-import { z } from 'zod';
-
-export const sessionRouter = makeRouter((app) => {
-  app.delete(
-    '/sessions/:sid',
-    {
-      schema: {
-        params: z.object({
-          sid: z.string(),
-        }),
-      },
-    },
-    handle(async ({ auth, params, em }) => {
-      await auth.assert();
-
-      const targetedSession = await em.findOne(Session, { id: params.sid });
-      if (!targetedSession)
-        return {
-          id: params.sid,
-        };
-
-      if (targetedSession.user !== auth.user.id)
-        throw new StatusError('Cannot delete sessions you do not own', 401);
-
-      await em.removeAndFlush(targetedSession);
-      return {
-        id: params.sid,
-      };
-    }),
-  );
-});

src/routes/sessions/sessions.ts

@@ -13,7 +13,7 @@ export const sessionsRouter = makeRouter((app) => {
           sid: z.string(),
         }),
         body: z.object({
-          name: z.string().max(500).min(1).optional(),
+          deviceName: z.string().max(500).min(1).optional(),
         }),
       },
     },
@@ -25,10 +25,10 @@ export const sessionsRouter = makeRouter((app) => {
       if (!targetedSession)
         throw new StatusError('Session cannot be found', 404);
 
-      if (targetedSession.user !== auth.user.id)
-        throw new StatusError('Cannot modify sessions you do not own', 401);
+      if (targetedSession.id !== params.sid)
+        throw new StatusError('Cannot edit sessions other than your own', 401);
 
-      if (body.name) targetedSession.device = body.name;
+      if (body.deviceName) targetedSession.device = body.deviceName;
 
       await em.persistAndFlush(targetedSession);
 

src/routes/users/bookmark.ts

@@ -6,8 +6,14 @@ import {
 import { StatusError } from '@/services/error';
 import { handle } from '@/services/handler';
 import { makeRouter } from '@/services/router';
+import { randomUUID } from 'crypto';
 import { z } from 'zod';
 
+const bookmarkDataSchema = z.object({
+  tmdbId: z.string(),
+  meta: bookmarkMetaSchema,
+});
+
 export const userBookmarkRouter = makeRouter((app) => {
   app.get(
     '/users/:uid/bookmarks',
@@ -40,9 +46,7 @@ export const userBookmarkRouter = makeRouter((app) => {
           uid: z.string(),
           tmdbid: z.string(),
         }),
-        body: z.object({
-          meta: bookmarkMetaSchema,
-        }),
+        body: bookmarkDataSchema,
       },
     },
     handle(async ({ auth, params, body, em }) => {
@@ -70,6 +74,40 @@ export const userBookmarkRouter = makeRouter((app) => {
     }),
   );
 
+  app.put(
+    '/users/:uid/bookmarks',
+    {
+      schema: {
+        params: z.object({
+          uid: z.string(),
+        }),
+        body: z.array(bookmarkDataSchema),
+      },
+    },
+    handle(async ({ auth, params, body, em }) => {
+      await auth.assert();
+
+      if (auth.user.id !== params.uid)
+        throw new StatusError('Cannot modify user other than yourself', 403);
+
+      const bookmarks = await em.upsertMany(
+        Bookmark,
+        body.map((item) => ({
+          userId: params.uid,
+          tmdbId: item.tmdbId,
+          meta: item.meta,
+          updatedAt: new Date(),
+        })),
+        {
+          onConflictFields: ['tmdbId', 'userId'],
+        },
+      );
+
+      await em.flush();
+      return bookmarks.map(formatBookmark);
+    }),
+  );
+
   app.delete(
     '/users/:uid/bookmarks/:tmdbid',
     {

src/routes/users/get.ts

@@ -1,3 +1,4 @@
+import { formatSession } from '@/db/models/Session';
 import { User, formatUser } from '@/db/models/User';
 import { StatusError } from '@/services/error';
 import { handle } from '@/services/handler';
@@ -5,6 +6,24 @@ import { makeRouter } from '@/services/router';
 import { z } from 'zod';
 
 export const userGetRouter = makeRouter((app) => {
+  app.get(
+    '/users/@me',
+    handle(async ({ auth, em }) => {
+      await auth.assert();
+
+      const user = await em.findOne(User, { id: auth.user.id });
+      if (!user) throw new StatusError('User does not exist', 404);
+
+      const session = await auth.getSession();
+      if (!session) throw new StatusError('Session does not exist', 400);
+
+      return {
+        user: formatUser(user),
+        session: formatSession(session),
+      };
+    }),
+  );
+
   app.get(
     '/users/:uid',
     {
@@ -16,16 +35,16 @@ export const userGetRouter = makeRouter((app) => {
     },
     handle(async ({ auth, params, em }) => {
       await auth.assert();
-      let uid = params.uid;
-      if (uid === '@me') uid = auth.user.id;
 
-      if (auth.user.id !== uid)
+      if (auth.user.id !== params.uid)
         throw new StatusError('Cannot access users other than yourself', 403);
 
-      const user = await em.findOne(User, { id: uid });
+      const user = await em.findOne(User, { id: params.uid });
       if (!user) throw new StatusError('User does not exist', 404);
 
-      return formatUser(user);
+      return {
+        user: formatUser(user),
+      };
     }),
   );
 });

src/routes/users/progress.ts

@@ -6,8 +6,20 @@ import {
 import { StatusError } from '@/services/error';
 import { handle } from '@/services/handler';
 import { makeRouter } from '@/services/router';
+import { randomUUID } from 'crypto';
 import { z } from 'zod';
 
+const progressItemSchema = z.object({
+  meta: progressMetaSchema,
+  tmdbId: z.string(),
+  duration: z.number().transform((n) => Math.round(n)),
+  watched: z.number().transform((n) => Math.round(n)),
+  seasonId: z.string().optional(),
+  episodeId: z.string().optional(),
+  seasonNumber: z.number().optional(),
+  episodeNumber: z.number().optional(),
+});
+
 export const userProgressRouter = makeRouter((app) => {
   app.put(
     '/users/:uid/progress/:tmdbid',
@@ -17,15 +29,7 @@ export const userProgressRouter = makeRouter((app) => {
           uid: z.string(),
           tmdbid: z.string(),
         }),
-        body: z.object({
-          meta: progressMetaSchema,
-          duration: z.number(),
-          watched: z.number(),
-          seasonId: z.string().optional(),
-          episodeId: z.string().optional(),
-          seasonNumber: z.number().optional(),
-          episodeNumber: z.number().optional(),
-        }),
+        body: progressItemSchema,
       },
     },
     handle(async ({ auth, params, body, em }) => {
@@ -63,6 +67,80 @@ export const userProgressRouter = makeRouter((app) => {
     }),
   );
 
+  app.put(
+    '/users/:uid/progress/import',
+    {
+      schema: {
+        params: z.object({
+          uid: z.string(),
+        }),
+        body: z.array(progressItemSchema),
+      },
+    },
+    handle(async ({ auth, params, body, em, req, limiter }) => {
+      await auth.assert();
+
+      if (auth.user.id !== params.uid)
+        throw new StatusError('Cannot modify user other than yourself', 403);
+
+      const itemsUpserted: ProgressItem[] = [];
+
+      const newItems = [...body];
+
+      for (const existingItem of await em.find(ProgressItem, {
+        userId: params.uid,
+      })) {
+        const newItemIndex = newItems.findIndex(
+          (item) =>
+            item.tmdbId == existingItem.tmdbId &&
+            item.seasonId == existingItem.seasonId &&
+            item.episodeId == existingItem.episodeId,
+        );
+
+        if (newItemIndex > -1) {
+          const newItem = newItems[newItemIndex];
+          if (existingItem.watched < newItem.watched) {
+            existingItem.updatedAt = new Date();
+            existingItem.watched = newItem.watched;
+          }
+          itemsUpserted.push(existingItem);
+
+          // Remove the item from the array, we have processed it
+          newItems.splice(newItemIndex, 1);
+        }
+      }
+
+      // All unprocessed items, aka all items that don't already exist
+      for (const newItem of newItems) {
+        itemsUpserted.push({
+          id: randomUUID(),
+          duration: newItem.duration,
+          episodeId: newItem.episodeId,
+          episodeNumber: newItem.episodeNumber,
+          meta: newItem.meta,
+          seasonId: newItem.seasonId,
+          seasonNumber: newItem.seasonNumber,
+          tmdbId: newItem.tmdbId,
+          userId: params.uid,
+          watched: newItem.watched,
+          updatedAt: new Date(),
+        });
+      }
+
+      const progressItems = await em.upsertMany(ProgressItem, itemsUpserted);
+
+      await em.flush();
+
+      await limiter?.assertAndBump(req, {
+        id: 'progress_import',
+        max: 5,
+        window: '10m',
+      });
+
+      return progressItems.map(formatProgressItem);
+    }),
+  );
+
   app.delete(
     '/users/:uid/progress/:tmdbid',
     {

src/routes/users/settings.ts

@@ -38,9 +38,9 @@ export const userSettingsRouter = makeRouter((app) => {
           uid: z.string(),
         }),
         body: z.object({
-          applicationLanguage: z.string().optional(),
-          applicationTheme: z.string().optional(),
-          defaultSubtitleLanguage: z.string().optional(),
+          applicationLanguage: z.string().nullable().optional(),
+          applicationTheme: z.string().nullable().optional(),
+          defaultSubtitleLanguage: z.string().nullable().optional(),
         }),
       },
     },
@@ -58,12 +58,12 @@ export const userSettingsRouter = makeRouter((app) => {
         settings.id = params.uid;
       }
 
-      if (body.applicationLanguage)
+      if (body.applicationLanguage !== undefined)
         settings.applicationLanguage = body.applicationLanguage;
-      if (body.applicationTheme)
-        settings.applicationTheme = body.applicationTheme;
-      if (body.defaultSubtitleLanguage)
+      if (body.defaultSubtitleLanguage !== undefined)
         settings.defaultSubtitleLanguage = body.defaultSubtitleLanguage;
+      if (body.applicationTheme !== undefined)
+        settings.applicationTheme = body.applicationTheme;
 
       await em.persistAndFlush(settings);
       return formatUserSettings(settings);