|
| 1 | +import { FastifyPluginAsync } from "fastify"; |
| 2 | +import rateLimiter from "api/plugins/rateLimiter.js"; |
| 3 | +import { withRoles, withTags } from "api/components/index.js"; |
| 4 | +import { getUserOrgRoles } from "api/functions/organizations.js"; |
| 5 | +import { |
| 6 | + UnauthenticatedError, |
| 7 | + UnauthorizedError, |
| 8 | + ValidationError, |
| 9 | +} from "common/errors/index.js"; |
| 10 | +import * as z from "zod/v4"; |
| 11 | +import { verifyUiucAccessToken } from "api/functions/uin.js"; |
| 12 | +import { checkPaidMembership } from "api/functions/membership.js"; |
| 13 | +import { FastifyZodOpenApiTypeProvider } from "fastify-zod-openapi"; |
| 14 | + |
| 15 | +const rsvpRoutes: FastifyPluginAsync = async (fastify, _options) => { |
| 16 | + await fastify.register(rateLimiter, { |
| 17 | + limit: 30, |
| 18 | + duration: 30, |
| 19 | + rateLimitIdentifier: "rsvp", |
| 20 | + }); |
| 21 | + fastify.withTypeProvider<FastifyZodOpenApiTypeProvider>().post( |
| 22 | + "/:orgId/event/:eventId", |
| 23 | + { |
| 24 | + schema: withTags(["RSVP"], { |
| 25 | + summary: "Submit an RSVP for an event.", |
| 26 | + params: z.object({ |
| 27 | + eventId: z.string().min(1).meta({ |
| 28 | + description: "The previously-created event ID in the events API.", |
| 29 | + }), |
| 30 | + }), |
| 31 | + headers: z.object({ |
| 32 | + "x-uiuc-token": z.jwt().min(1).meta({ |
| 33 | + description: |
| 34 | + "An access token for the user in the UIUC Entra ID tenant.", |
| 35 | + }), |
| 36 | + }), |
| 37 | + }), |
| 38 | + }, |
| 39 | + async (request, reply) => { |
| 40 | + const accessToken = request.headers["x-uiuc-token"]; |
| 41 | + const verifiedData = await verifyUiucAccessToken({ |
| 42 | + accessToken, |
| 43 | + logger: request.log, |
| 44 | + }); |
| 45 | + const { userPrincipalName: upn, givenName, surname } = verifiedData; |
| 46 | + const netId = upn.replace("@illinois.edu", ""); |
| 47 | + if (netId.includes("@")) { |
| 48 | + request.log.error( |
| 49 | + `Found UPN ${upn} which cannot be turned into NetID via simple replacement.`, |
| 50 | + ); |
| 51 | + throw new ValidationError({ |
| 52 | + message: "ID token could not be parsed.", |
| 53 | + }); |
| 54 | + } |
| 55 | + const isPaidMember = await checkPaidMembership({ |
| 56 | + netId, |
| 57 | + dynamoClient: fastify.dynamoClient, |
| 58 | + redisClient: fastify.redisClient, |
| 59 | + logger: request.log, |
| 60 | + }); |
| 61 | + const entry = { |
| 62 | + partitionKey: `${request.params.eventId}#${upn}`, |
| 63 | + eventId: request.params.eventId, |
| 64 | + userId: upn, |
| 65 | + isPaidMember, |
| 66 | + createdAt: "", |
| 67 | + }; |
| 68 | + }, |
| 69 | + ); |
| 70 | +}; |
| 71 | + |
| 72 | +export default rsvpRoutes; |
0 commit comments