From 87514154b1007a103a427db869adbede9c637a7d Mon Sep 17 00:00:00 2001 From: Tyffoni Date: Tue, 30 Dec 2025 23:50:09 -0800 Subject: [PATCH 1/7] remove alias and use id instead to identify and remove cards --- api/main_endpoints/routes/OfficeAccessCard.js | 42 +++++++++++-------- api/main_endpoints/util/OfficeAccessCard.js | 42 ++++++++++++------- src/APIFunctions/CardReader.js | 4 +- src/Pages/CardReader/CardReader.js | 6 +-- 4 files changed, 57 insertions(+), 37 deletions(-) diff --git a/api/main_endpoints/routes/OfficeAccessCard.js b/api/main_endpoints/routes/OfficeAccessCard.js index f3146c1ff..dd3b72540 100644 --- a/api/main_endpoints/routes/OfficeAccessCard.js +++ b/api/main_endpoints/routes/OfficeAccessCard.js @@ -21,7 +21,7 @@ const { } = require('../util/token-functions.js'); const ROWS_PER_PAGE = 25; const { - checkIfCardExists, + verifyCard, generateAlias, deleteCard, } = require('../util/OfficeAccessCard.js'); @@ -92,7 +92,7 @@ router.get('/verify', async (req, res) => { return res.sendStatus(UNAUTHORIZED); } - const cardExists = await checkIfCardExists({ cardBytes }); + const cardExists = await verifyCard({ cardBytes }); if (cardExists) { const alias = cardExists.alias; AuditLog.create({ @@ -146,8 +146,8 @@ router.post('/delete', async (req, res) => { return res.sendStatus(UNAUTHORIZED); } - const { alias } = req.body; - if (!alias) { + const { _id } = req.body; + if (!_id) { writeLogToClient(req.method, { statusCode: BAD_REQUEST, message: 'cardBytes missing from request', @@ -155,20 +155,35 @@ router.post('/delete', async (req, res) => { return res.sendStatus(BAD_REQUEST); } - const cardExists = await checkIfCardExists({ alias }); - if (!await cardExists) { + // const cardExists = await verifyCard({ _id}); + // if (!await cardExists) { + // logger.info('Card does not exist'); + // writeLogToClient(req.method, { + // statusCode: NOT_FOUND, + // message: 'Card does not exist', + // }); + // return res.sendStatus(NOT_FOUND); + // } + const cardDeletion = await deleteCard(_id); + + if(cardDeletion === null) { logger.info('Card does not exist'); writeLogToClient(req.method, { statusCode: NOT_FOUND, message: 'Card does not exist', }); return res.sendStatus(NOT_FOUND); - } - - if (await deleteCard(alias)) { + } else if(cardDeletion === false){ + writeLogToClient(req.method, { + statusCode: SERVER_ERROR, + message: 'Error deleting card', + }); + return res.sendStatus(SERVER_ERROR); + } else { + const alias = cardDeletion.alias; logger.info('Successfully deleted card'); writeLogToClient(req.method, { - alias, + alias: cardDeletion.alias, statusCode: OK, }); AuditLog.create({ @@ -178,13 +193,6 @@ router.post('/delete', async (req, res) => { }); return res.sendStatus(OK); } - - writeLogToClient(req.method, { - alias: cardExists.alias, - statusCode: SERVER_ERROR, - message: 'Error deleting card', - }); - return res.sendStatus(SERVER_ERROR); }); router.post('/getAllCards', async (req, res) => { diff --git a/api/main_endpoints/util/OfficeAccessCard.js b/api/main_endpoints/util/OfficeAccessCard.js index c9b31cc2b..52e16d2be 100644 --- a/api/main_endpoints/util/OfficeAccessCard.js +++ b/api/main_endpoints/util/OfficeAccessCard.js @@ -2,12 +2,10 @@ const OfficeAccessCard = require('../models/OfficeAccessCard.js'); const logger = require('../../util/logger'); const { ADJECTIVES, NOUNS } = require('../../util/CardReaderConstants.js'); -function checkIfCardExists({ cardBytes = null, alias = null } = {}) { - const body = (cardBytes !== null) ? { cardBytes } : { alias }; +function verifyCard({ cardBytes = null} = {}) { return new Promise((resolve) => { try { OfficeAccessCard.findOneAndUpdate( - body, { $inc: { verifiedCount: 1 }, $set: { lastVerified: Date.now() } @@ -16,17 +14,16 @@ function checkIfCardExists({ cardBytes = null, alias = null } = {}) { } , (error, result) => { if (error) { - logger.error('checkIfCardExists got an error querying mongodb: ', error); + logger.error('verifyCard got an error querying mongodb: ', error); return resolve(false); } if (!result) { - const { description } = body; - logger.info(`Card:${description} not found in the database`); + logger.info(`Card:${cardBytes} not found in the database`); } return resolve(result); // return the document }); } catch (error) { - logger.error('checkIfCardExists caught an error: ', error); + logger.error('verifyCard caught an error: ', error); return resolve(false); } }); @@ -64,20 +61,35 @@ async function generateAlias() { return new Date().toGMTString(); } -function deleteCard(alias) { +function deleteCard(_id) { return new Promise((resolve) => { try { - OfficeAccessCard.findOneAndDelete( - { alias } - , (error, result) => { + // OfficeAccessCard.findOneAndDelete( + // { _id } + // , (error, result) => { + // if (error) { + // logger.error('deleteCard got an error querying mongodb: ', error); + // return resolve(false); + // } + // if (!result) { + // logger.info(`Card ${ alias } not found in the database`); + // } + // return resolve(!!result); + // } + // ); + + OfficeAccessCard.findByIdAndDelete( + _id, + (error, result) => { if (error) { logger.error('deleteCard got an error querying mongodb: ', error); return resolve(false); + } + if(!result) { + logger.info(`Card with id: ${ _id } not found in the database`); + return resolve(null); } - if (!result) { - logger.info(`Card ${ alias } not found in the database`); - } - return resolve(!!result); + return resolve(result._id); } ); } catch (error) { diff --git a/src/APIFunctions/CardReader.js b/src/APIFunctions/CardReader.js index 25c1e4a4b..3b64e22fe 100644 --- a/src/APIFunctions/CardReader.js +++ b/src/APIFunctions/CardReader.js @@ -31,7 +31,7 @@ export async function getAllCardsFromDb({ return status; } -export async function deleteCardFromDb(token, alias) { +export async function deleteCardFromDb(token, _id) { let status = new ApiResponse(); try { const url = new URL('/api/OfficeAccessCard/delete', BASE_API_URL); @@ -41,7 +41,7 @@ export async function deleteCardFromDb(token, alias) { 'Authorization': `Bearer ${token}`, 'Content-Type': 'application/json', }, - body: JSON.stringify({ alias, }), + body: JSON.stringify(), }); if (res.ok) { const result = await res.json(); diff --git a/src/Pages/CardReader/CardReader.js b/src/Pages/CardReader/CardReader.js index d9a34540d..c6c279cef 100644 --- a/src/Pages/CardReader/CardReader.js +++ b/src/Pages/CardReader/CardReader.js @@ -58,7 +58,7 @@ export default function CardReader() { const method = data.requestType.padEnd(8); const code = String(data.statusCode).padEnd(7); const event = data.message.padEnd(21); - const alias = data.alias.padEnd(18); + const alias = (data.alias || 'no alias')?.padEnd(18); return [time, endpoint, method, code, alias, event].join(''); } @@ -143,7 +143,7 @@ export default function CardReader() { } catch (err) { // if the message sent from error cannot be parsed setLogs( (currLogs) => [ - '[error] unable to format response, check browser logs', + '[error] unable to format response, check browser logs: \n' + err, ...currLogs, ] ); @@ -280,7 +280,7 @@ export default function CardReader() { cancelText: 'No, keep the card', confirmClassAddons: 'bg-red-600 hover:bg-red-500', handleConfirmation: async () => { - await deleteCardFromDb(token, cardToDelete.alias); + await deleteCardFromDb(token, cardToDelete._id); await getAllCards(); setToggleDelete(!toggleDelete); }, From a62e7d37bd61382f816b08b6810ab4b8af2bbb4b Mon Sep 17 00:00:00 2001 From: Tyffoni Date: Wed, 31 Dec 2025 10:06:12 -0800 Subject: [PATCH 2/7] removed trailing space --- api/main_endpoints/util/OfficeAccessCard.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/main_endpoints/util/OfficeAccessCard.js b/api/main_endpoints/util/OfficeAccessCard.js index dc8e90961..5d76611ba 100644 --- a/api/main_endpoints/util/OfficeAccessCard.js +++ b/api/main_endpoints/util/OfficeAccessCard.js @@ -85,7 +85,7 @@ function deleteCard(_id) { if (error) { logger.error('deleteCard got an error querying mongodb: ', error); return resolve(false); - } + } if(!result) { logger.info(`Card with id: ${ _id } not found in the database`); return resolve(null); From 1fc2e00034127d673a070d80132d99d852593546 Mon Sep 17 00:00:00 2001 From: Tyffoni Date: Wed, 31 Dec 2025 10:12:51 -0800 Subject: [PATCH 3/7] change export to verifyCard --- api/main_endpoints/util/OfficeAccessCard.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/main_endpoints/util/OfficeAccessCard.js b/api/main_endpoints/util/OfficeAccessCard.js index 5d76611ba..ad6bbff56 100644 --- a/api/main_endpoints/util/OfficeAccessCard.js +++ b/api/main_endpoints/util/OfficeAccessCard.js @@ -126,4 +126,4 @@ function editAlias(_id, newAlias) { }); } -module.exports = { checkIfCardExists, generateAlias, deleteCard, editAlias }; +module.exports = { verifyCard, generateAlias, deleteCard, editAlias }; From 653a9934b5968c2e76990da2e07cd35939b45baa Mon Sep 17 00:00:00 2001 From: Tyffoni Date: Wed, 31 Dec 2025 10:22:47 -0800 Subject: [PATCH 4/7] Co-authored-by: adarsh --- api/main_endpoints/routes/OfficeAccessCard.js | 18 ++++------------ api/main_endpoints/util/OfficeAccessCard.js | 21 ++++--------------- test/api/OfficeAccessCard.js | 9 +++++--- 3 files changed, 14 insertions(+), 34 deletions(-) diff --git a/api/main_endpoints/routes/OfficeAccessCard.js b/api/main_endpoints/routes/OfficeAccessCard.js index 5909b1098..1d70af2cb 100644 --- a/api/main_endpoints/routes/OfficeAccessCard.js +++ b/api/main_endpoints/routes/OfficeAccessCard.js @@ -89,14 +89,14 @@ router.get('/verify', async (req, res) => { return res.sendStatus(FORBIDDEN); } - const cardExists = await verifyCard({ cardBytes }); - if (cardExists) { - const alias = cardExists.alias; + const cardVerification = await verifyCard(cardBytes); + if (cardVerification) { + const alias = cardVerification.alias; AuditLog.create({ action: AuditLogActions.VERIFY_CARD, details: { alias } }); - writeLogToClient(req.method, { alias: cardExists.alias, statusCode: OK }); + writeLogToClient(req.method, { alias: cardVerification.alias, statusCode: OK }); return res.sendStatus(OK); } // if a card doesnt exist and we arent trying @@ -151,16 +151,6 @@ router.post('/delete', async (req, res) => { }); return res.sendStatus(BAD_REQUEST); } - - // const cardExists = await verifyCard({ _id}); - // if (!await cardExists) { - // logger.info('Card does not exist'); - // writeLogToClient(req.method, { - // statusCode: NOT_FOUND, - // message: 'Card does not exist', - // }); - // return res.sendStatus(NOT_FOUND); - // } const cardDeletion = await deleteCard(_id); if(cardDeletion === null) { diff --git a/api/main_endpoints/util/OfficeAccessCard.js b/api/main_endpoints/util/OfficeAccessCard.js index ad6bbff56..723b1cffc 100644 --- a/api/main_endpoints/util/OfficeAccessCard.js +++ b/api/main_endpoints/util/OfficeAccessCard.js @@ -2,10 +2,11 @@ const OfficeAccessCard = require('../models/OfficeAccessCard.js'); const logger = require('../../util/logger'); const { ADJECTIVES, NOUNS } = require('../../util/CardReaderConstants.js'); -function verifyCard({ cardBytes = null} = {}) { +function verifyCard(cardBytes) { return new Promise((resolve) => { try { OfficeAccessCard.findOneAndUpdate( + { cardBytes }, { $inc: { verifiedCount: 1 }, $set: { lastVerified: Date.now() } @@ -65,20 +66,6 @@ async function generateAlias() { function deleteCard(_id) { return new Promise((resolve) => { try { - // OfficeAccessCard.findOneAndDelete( - // { _id } - // , (error, result) => { - // if (error) { - // logger.error('deleteCard got an error querying mongodb: ', error); - // return resolve(false); - // } - // if (!result) { - // logger.info(`Card ${ alias } not found in the database`); - // } - // return resolve(!!result); - // } - // ); - OfficeAccessCard.findByIdAndDelete( _id, (error, result) => { @@ -86,11 +73,11 @@ function deleteCard(_id) { logger.error('deleteCard got an error querying mongodb: ', error); return resolve(false); } - if(!result) { + if (!result) { logger.info(`Card with id: ${ _id } not found in the database`); return resolve(null); } - return resolve(result._id); + return resolve(result); } ); } catch (error) { diff --git a/test/api/OfficeAccessCard.js b/test/api/OfficeAccessCard.js index a3eabc9af..5bd0e8759 100644 --- a/test/api/OfficeAccessCard.js +++ b/test/api/OfficeAccessCard.js @@ -53,6 +53,8 @@ describe('OfficeAccessCard', () => { const NEW_CARD_BYTES = 'dials card'; const INVALID_CARD_BYTES = 'evans card'; + const VALID_ID = 'tiffanys id'; + const INVALID_ID = 'evans id'; const VALID_ALIAS = 'gauravs card'; const INVALID_ALIAS = 'bobs card'; const NEW_ALIAS = 'updated test card'; @@ -76,6 +78,7 @@ describe('OfficeAccessCard', () => { // Before each test we empty the database tools.emptySchema(OfficeAccessCard); const testOfficeAccessCard = new OfficeAccessCard({ + _id: VALID_ID, cardBytes: VALID_CARD_BYTES, alias: VALID_ALIAS, verifiedCount: INCREMENT_VERIFY_COUNT, @@ -196,7 +199,7 @@ describe('OfficeAccessCard', () => { setTokenStatus(true); deleteCardStub.resolves(false); const result = await test.sendPostRequestWithToken(token, - DELETE_API_PATH, { alias: INVALID_ALIAS }, + DELETE_API_PATH, { _id: INVALID_ID }, ); expect(result).to.have.status(NOT_FOUND); }); @@ -205,7 +208,7 @@ describe('OfficeAccessCard', () => { setTokenStatus(true); deleteCardStub.resolves(true); const result = await test.sendPostRequestWithToken(token, - DELETE_API_PATH, { alias: VALID_ALIAS }, + DELETE_API_PATH, { _id: VALID_ID }, ); expect(result).to.have.status(OK); }); @@ -214,7 +217,7 @@ describe('OfficeAccessCard', () => { setTokenStatus(true); deleteCardStub.resolves(false); const result = await test.sendPostRequestWithToken(token, - DELETE_API_PATH, { alias: VALID_ALIAS }, + DELETE_API_PATH, { _id: VALID_ID }, ); expect(result).to.have.status(SERVER_ERROR); }); From 30c3d80c237db1066122457055c4ae0f690a19f4 Mon Sep 17 00:00:00 2001 From: Tyffoni Date: Wed, 31 Dec 2025 10:24:55 -0800 Subject: [PATCH 5/7] fix id type --- test/api/OfficeAccessCard.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/api/OfficeAccessCard.js b/test/api/OfficeAccessCard.js index 5bd0e8759..1ec26b5f6 100644 --- a/test/api/OfficeAccessCard.js +++ b/test/api/OfficeAccessCard.js @@ -53,8 +53,8 @@ describe('OfficeAccessCard', () => { const NEW_CARD_BYTES = 'dials card'; const INVALID_CARD_BYTES = 'evans card'; - const VALID_ID = 'tiffanys id'; - const INVALID_ID = 'evans id'; + const VALID_ID = id.toString(); + const INVALID_ID = 'tiffanys id'; const VALID_ALIAS = 'gauravs card'; const INVALID_ALIAS = 'bobs card'; const NEW_ALIAS = 'updated test card'; From 5be8149f871ea7cc49d4c0676100c3a73c88f597 Mon Sep 17 00:00:00 2001 From: Tyffoni Date: Wed, 31 Dec 2025 10:28:18 -0800 Subject: [PATCH 6/7] change test stub to null --- api/main_endpoints/routes/OfficeAccessCard.js | 2 +- api/main_endpoints/util/OfficeAccessCard.js | 2 +- test/api/OfficeAccessCard.js | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/api/main_endpoints/routes/OfficeAccessCard.js b/api/main_endpoints/routes/OfficeAccessCard.js index 1d70af2cb..d6d6a4a15 100644 --- a/api/main_endpoints/routes/OfficeAccessCard.js +++ b/api/main_endpoints/routes/OfficeAccessCard.js @@ -153,7 +153,7 @@ router.post('/delete', async (req, res) => { } const cardDeletion = await deleteCard(_id); - if(cardDeletion === null) { + if (cardDeletion === null) { logger.info('Card does not exist'); writeLogToClient(req.method, { statusCode: NOT_FOUND, diff --git a/api/main_endpoints/util/OfficeAccessCard.js b/api/main_endpoints/util/OfficeAccessCard.js index 723b1cffc..a9360f5da 100644 --- a/api/main_endpoints/util/OfficeAccessCard.js +++ b/api/main_endpoints/util/OfficeAccessCard.js @@ -74,7 +74,7 @@ function deleteCard(_id) { return resolve(false); } if (!result) { - logger.info(`Card with id: ${ _id } not found in the database`); + logger.info(`Card with id: ${_id} not found in the database`); return resolve(null); } return resolve(result); diff --git a/test/api/OfficeAccessCard.js b/test/api/OfficeAccessCard.js index 1ec26b5f6..4e26a69f9 100644 --- a/test/api/OfficeAccessCard.js +++ b/test/api/OfficeAccessCard.js @@ -197,7 +197,7 @@ describe('OfficeAccessCard', () => { it('Should return 404 if the card attempted to be deleted was not found', async () => { setTokenStatus(true); - deleteCardStub.resolves(false); + deleteCardStub.resolves(null); const result = await test.sendPostRequestWithToken(token, DELETE_API_PATH, { _id: INVALID_ID }, ); From 77e9f04aae7dda0f22f5529d83d44d56b4907662 Mon Sep 17 00:00:00 2001 From: adarshm11 Date: Wed, 31 Dec 2025 10:46:34 -0800 Subject: [PATCH 7/7] cleanup --- api/main_endpoints/routes/OfficeAccessCard.js | 1 + src/APIFunctions/CardReader.js | 2 +- test/api/OfficeAccessCard.js | 4 ---- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/api/main_endpoints/routes/OfficeAccessCard.js b/api/main_endpoints/routes/OfficeAccessCard.js index d6d6a4a15..63eacaa60 100644 --- a/api/main_endpoints/routes/OfficeAccessCard.js +++ b/api/main_endpoints/routes/OfficeAccessCard.js @@ -172,6 +172,7 @@ router.post('/delete', async (req, res) => { writeLogToClient(req.method, { alias: cardDeletion.alias, statusCode: OK, + _id }); AuditLog.create({ userId: decoded.token._id, diff --git a/src/APIFunctions/CardReader.js b/src/APIFunctions/CardReader.js index 9300ffcf7..20daf47b5 100644 --- a/src/APIFunctions/CardReader.js +++ b/src/APIFunctions/CardReader.js @@ -41,7 +41,7 @@ export async function deleteCardFromDb(token, _id) { 'Authorization': `Bearer ${token}`, 'Content-Type': 'application/json', }, - body: JSON.stringify(), + body: JSON.stringify({ _id }), }); if (res.ok) { const result = await res.json(); diff --git a/test/api/OfficeAccessCard.js b/test/api/OfficeAccessCard.js index 4e26a69f9..28ee669cb 100644 --- a/test/api/OfficeAccessCard.js +++ b/test/api/OfficeAccessCard.js @@ -20,7 +20,6 @@ const { SERVER_ERROR, FORBIDDEN, } = require('../../api/util/constants').STATUS_CODES; -const { MEMBERSHIP_STATE } = require('../../api/util/constants'); const { initializeTokenMock, setTokenStatus, @@ -45,8 +44,6 @@ const token = ''; describe('OfficeAccessCard', () => { let deleteCardStub = null; - let getAllCardsStub = null; - let editAliasStub = null; let testCardId = null; const VALID_CARD_BYTES = 'wesleys card'; @@ -56,7 +53,6 @@ describe('OfficeAccessCard', () => { const VALID_ID = id.toString(); const INVALID_ID = 'tiffanys id'; const VALID_ALIAS = 'gauravs card'; - const INVALID_ALIAS = 'bobs card'; const NEW_ALIAS = 'updated test card'; const EMPTY_ALIAS = ''; const WHITESPACE_ALIAS = ' ';