[Fix] fixed RSVP get and post routes

Author: MeghP89

src/api/routes/rsvp.ts

@@ -1,10 +1,10 @@
 import { FastifyPluginAsync } from "fastify";
 import rateLimiter from "api/plugins/rateLimiter.js";
 import { withRoles, withTags } from "api/components/index.js";
-import { QueryCommand } from "@aws-sdk/client-dynamodb";
-import { unmarshall } from "@aws-sdk/util-dynamodb";
-import { getUserOrgRoles } from "api/functions/organizations.js";
+import { QueryCommand, PutItemCommand } from "@aws-sdk/client-dynamodb";
+import { unmarshall, marshall } from "@aws-sdk/util-dynamodb";
 import {
+  DatabaseFetchError,
   UnauthenticatedError,
   UnauthorizedError,
   ValidationError,
@@ -14,14 +14,7 @@ import { verifyUiucAccessToken } from "api/functions/uin.js";
 import { checkPaidMembership } from "api/functions/membership.js";
 import { FastifyZodOpenApiTypeProvider } from "fastify-zod-openapi";
 import { genericConfig } from "common/config.js";
-
-const rsvpItemSchema = z.object({
-  eventId: z.string(),
-  userId: z.string(),
-  isPaidMember: z.boolean(),
-  createdAt: z.string(),
-});
-const rsvpListSchema = z.array(rsvpItemSchema);
+import { AppRoles } from "common/roles.js";
 
 const rsvpRoutes: FastifyPluginAsync = async (fastify, _options) => {
   await fastify.register(rateLimiter, {
@@ -38,6 +31,9 @@ const rsvpRoutes: FastifyPluginAsync = async (fastify, _options) => {
           eventId: z.string().min(1).meta({
             description: "The previously-created event ID in the events API.",
           }),
+          orgId: z.string().min(1).meta({
+            description: "The organization ID the event belongs to.",
+          }),
         }),
         headers: z.object({
           "x-uiuc-token": z.jwt().min(1).meta({
@@ -76,41 +72,53 @@ const rsvpRoutes: FastifyPluginAsync = async (fastify, _options) => {
         isPaidMember,
         createdAt: "",
       };
+      const putCommand = new PutItemCommand({
+        TableName: genericConfig.RSVPDynamoTableName,
+        Item: marshall(entry),
+      });
+      await fastify.dynamoClient.send(putCommand);
+      return reply.status(201).send(entry);
     },
   );
   fastify.withTypeProvider<FastifyZodOpenApiTypeProvider>().get(
     "/:orgId/event/:eventId",
     {
-      schema: withTags(["RSVP"], {
-        summary: "Get all RSVPs for an event.",
-        params: z.object({
-          eventId: z.string().min(1).meta({
-            description: "The previously-created event ID in the events API.",
-          }),
-          orgId: z.string().min(1).meta({
-            description: "The organization ID the event belongs to.",
-          }),
-        }),
-        headers: z.object({
-          "x-uiuc-token": z.jwt().min(1).meta({
-            description:
-              "An access token for the user in the UIUC Entra ID tenant.",
+      schema: withRoles(
+        [AppRoles.VIEW_RSVPS],
+        withTags(["RSVP"], {
+          summary: "Get all RSVPs for an event.",
+          params: z.object({
+            eventId: z.string().min(1).meta({
+              description: "The previously-created event ID in the events API.",
+            }),
+            orgId: z.string().min(1).meta({
+              description: "The organization ID the event belongs to.",
+            }),
           }),
         }),
-      }),
+      ),
+      onRequest: fastify.authorizeFromSchema,
     },
     async (request, reply) => {
-      const commnand = new QueryCommand({
-        TableName: genericConfig.EventsDynamoTableName,
+      const command = new QueryCommand({
+        TableName: genericConfig.RSVPDynamoTableName,
         IndexName: "EventIdIndex",
         KeyConditionExpression: "eventId = :eid",
         ExpressionAttributeValues: {
           ":eid": { S: request.params.eventId },
         },
       });
-      const response = await fastify.dynamoClient.send(commnand);
-      const items = response.Items?.map((item) => unmarshall(item)) || [];
-      return reply.send(items as z.infer<typeof rsvpListSchema>);
+      const response = await fastify.dynamoClient.send(command);
+      if (!response || !response.Items) {
+        throw new DatabaseFetchError({
+          message: "Failed to get all member lists.",
+        });
+      }
+      const rsvps = response.Items.map((x) => unmarshall(x));
+      const uniqueRsvps = [
+        ...new Map(rsvps.map((item) => [item.userId, item])).values()
+      ];
+      return reply.send(uniqueRsvps);
     },
   );
 };

src/common/config.ts

@@ -38,6 +38,7 @@ export type ConfigType = {
 
 export type GenericConfigType = {
   EventsDynamoTableName: string;
+  RSVPDynamoTableName: string;
   CacheDynamoTableName: string;
   LinkryDynamoTableName: string;
   StripeLinksDynamoTableName: string;
@@ -84,6 +85,7 @@ export const commChairsGroupId = "105e7d32-7289-435e-a67a-552c7f215507";
 
 const genericConfig: GenericConfigType = {
   EventsDynamoTableName: "infra-core-api-events",
+  RSVPDynamoTableName: "infra-core-api-events-rsvp",
   StripeLinksDynamoTableName: "infra-core-api-stripe-links",
   StripePaymentsDynamoTableName: "infra-core-api-stripe-payments",
   CacheDynamoTableName: "infra-core-api-cache",

src/common/roles.ts

@@ -7,6 +7,8 @@ export const META_ROLE_PREFIX = "__metaRole:"
 
 export enum BaseRoles {
   EVENTS_MANAGER = "manage:events",
+  RSVPS_MANAGER = "manage:rsvps",
+  VIEW_RSVPS = "view:rsvps",
   TICKETS_SCANNER = "scan:tickets",
   TICKETS_MANAGER = "manage:tickets",
   IAM_ADMIN = "admin:iam",

src/common/types/rsvp.ts

@@ -0,0 +1,8 @@
+import * as z from "zod/v4";
+
+export const rsvpItemSchema = z.object({
+  eventId: z.string(),
+  userId: z.string(),
+  isPaidMember: z.boolean(),
+  createdAt: z.string(),
+});

terraform/modules/dynamo/main.tf

@@ -568,7 +568,7 @@ resource "aws_dynamodb_table" "store_limits" {
   }
 }
 
-resource "aws_dynamodb_table" "store_limits" {
+resource "aws_dynamodb_table" "events_rsvp" {
   region                      = "us-east-2"
   billing_mode                = "PAY_PER_REQUEST"
   name                        = "${var.ProjectId}-events-rsvp"

tests/unit/rsvps.test.ts

@@ -0,0 +1,157 @@
+import { expect, test, vi, describe, beforeEach } from "vitest";
+import {
+  DynamoDBClient,
+  PutItemCommand,
+  QueryCommand,
+} from "@aws-sdk/client-dynamodb";
+import { marshall } from "@aws-sdk/util-dynamodb";
+import { mockClient } from "aws-sdk-client-mock";
+import init from "../../src/api/index.js";
+import { createJwt } from "./auth.test.js";
+import { testSecretObject } from "./secret.testdata.js";
+import { Redis } from "../../src/api/types.js";
+import { FastifyBaseLogger } from "fastify";
+
+const DUMMY_JWT =
+  "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
+
+vi.mock("../../src/api/functions/uin.js", async () => {
+  const actual = await vi.importActual("../../src/api/functions/uin.js");
+  return {
+    ...actual,
+    verifyUiucAccessToken: vi
+      .fn()
+      .mockImplementation(
+        async ({
+          token,
+          logger,
+        }: {
+          token: string;
+          logger: FastifyBaseLogger;
+        }) => {
+          if (token === DUMMY_JWT) {
+            console.log("DUMMY_JWT matched in mock implementation");
+          }
+          return {
+            userPrincipalName: "[email protected]",
+            givenName: "John",
+            surname: "Doe",
+            mail: "[email protected]",
+          };
+        },
+      ),
+  };
+});
+
+vi.mock("../../src/api/functions/membership.js", async () => {
+  const actual = await vi.importActual("../../src/api/functions/membership.js");
+  return {
+    ...actual,
+    checkPaidMembership: vi
+      .fn()
+      .mockImplementation(
+        async ({
+          netId,
+          redisClient,
+          dynamoClient,
+          logger,
+        }: {
+          netId: string;
+          redisClient: Redis;
+          dynamoClient: DynamoDBClient;
+          logger: FastifyBaseLogger;
+        }) => {
+          if (netId === "jd3") {
+            return true;
+          }
+          return false;
+        },
+      ),
+  };
+});
+
+const ddbMock = mockClient(DynamoDBClient);
+const jwt_secret = testSecretObject["jwt_key"];
+vi.stubEnv("JwtSigningKey", jwt_secret);
+
+const app = await init();
+
+describe("RSVP API tests", () => {
+  beforeEach(() => {
+    ddbMock.reset();
+    vi.clearAllMocks();
+  });
+
+  test("Test posting an RSVP for an event", async () => {
+    ddbMock.on(PutItemCommand).resolves({});
+
+    const testJwt = createJwt();
+    const mockUpn = "[email protected]";
+    const eventId = "Make Your Own Database";
+    const orgId = "SIGDatabase";
+
+    const response = await app.inject({
+      method: "POST",
+      url: `/api/v1/rsvp/${orgId}/event/${encodeURIComponent(eventId)}`,
+      headers: {
+        Authorization: `Bearer ${testJwt}`,
+        "x-uiuc-token": DUMMY_JWT,
+      },
+    });
+
+    if (response.statusCode !== 201) {
+      console.log("Test Failed Response:", response.body);
+    }
+
+    expect(response.statusCode).toBe(201);
+
+    const body = JSON.parse(response.body);
+    expect(body.userId).toBe(mockUpn);
+    expect(body.eventId).toBe(eventId);
+    expect(body.isPaidMember).toBe(true);
+    expect(body.partitionKey).toBe(`${eventId}#${mockUpn}`);
+
+    expect(ddbMock.calls()).toHaveLength(1);
+    const putItemInput = ddbMock.call(0).args[0].input as any;
+    expect(putItemInput.TableName).toBe("infra-core-api-events-rsvp");
+  });
+
+  test("Test getting RSVPs for an event (Mocking Query Response)", async () => {
+    const eventId = "Make Your Own Database";
+    const orgId = "SIGDatabase";
+    const mockRsvps = [
+      {
+        eventId,
+        userId: "[email protected]",
+        isPaidMember: true,
+        createdAt: "2023-01-01",
+      },
+      {
+        eventId,
+        userId: "[email protected]",
+        isPaidMember: false,
+        createdAt: "2023-01-02",
+      },
+    ];
+    ddbMock.on(QueryCommand).resolves({
+      Items: mockRsvps.map((item) => marshall(item)),
+    });
+
+    const adminJwt = await createJwt();
+
+    const response = await app.inject({
+      method: "GET",
+      url: `/api/v1/rsvp/${orgId}/event/${encodeURIComponent(eventId)}`,
+      headers: {
+        Authorization: `Bearer ${adminJwt}`,
+      },
+    });
+
+    expect(response.statusCode).toBe(200);
+    const body = JSON.parse(response.body);
+
+    expect(body).toHaveLength(2);
+    expect(body[0].userId).toBe("[email protected]");
+    expect(body[1].userId).toBe("[email protected]");
+  });
+});