insecure version

README.md

@@ -1 +1,10 @@
+graphql-chat
+===
 
+User
+---
+Всё как обычно - query `login` для токена, `UserUpsert` для регистрации.
+
+Message
+---
+**Обязана обладать чатом** при создании. chat - сущность типа Chat

index.js

@@ -55,7 +55,7 @@ const upload  = require('multer')({ dest: uploadPath })
              _id: ID
              text: String
 
-             chat: Chat
+             chat: ChatInput
              media: [MediaInput]
              replies: [MessageInput]
              replyTo: MessageInput
@@ -77,10 +77,10 @@ const upload  = require('multer')({ dest: uploadPath })
 
 
         input ChatInput {
-            id: Int
+            _id: ID
 
             title: String
-            members: [UserInputt]
+            members: [UserInput]
             messages: [MessageInput]
         }
 
@@ -143,7 +143,7 @@ const upload  = require('multer')({ dest: uploadPath })
 
             let {models: {Media }} = await getModels(decoded.sub)
             let media = await Media.fromFileData(req.file)
-            res.end(JSON.stringify({_id: image._id, url: image.url}))
+            res.end(JSON.stringify({_id: media._id, url: media.url}))
         }
         else {
             res.status(503).send('permission denied')
@@ -155,7 +155,10 @@ const upload  = require('multer')({ dest: uploadPath })
 
     let socketPath = "/home/asmer/node_hosts/graphql-chat"
     //let socketPath = 5000
-    fs.unlinkSync(socketPath)
+    try {
+        fs.unlinkSync(socketPath)
+    }
+    catch (e) {}
     app.listen(socketPath, () => {
         console.log(`Express GraphQL Server Now Running On ${socketPath}/graphql`);
         fs.chmodSync(socketPath, '777');

models.js

@@ -51,6 +51,10 @@ module.exports = async (dbName='graphql-chat') => {
                     delete: []
                 }
             }
+
+            static get guestRelations(){
+                return ["chats"];
+            }
         }
         SlicedSavable.addClass(User)
 
@@ -110,6 +114,19 @@ module.exports = async (dbName='graphql-chat') => {
         SlicedSavable.addClass(Media)
 
         class Message extends OwnerSlicedSavable {
+
+            async save(...params){
+                if (!this.chat){
+                    throw new RefernceError("You should set chat")
+                }
+                const chatId = this.chat._id.toString()
+
+                this.___permissions.read.push(chatId)
+                this.___permissions.read = [...new Set(this.___permissions.read)]
+
+                return await super.save(...params)
+            }
+
             static get relations(){
                 return {
                     media: ['messages'],
@@ -123,8 +140,8 @@ module.exports = async (dbName='graphql-chat') => {
 
             static get defaultPermissions(){
                 return {
-                    create: ['user'],
-                    read: ['owner', 'user', 'admin'],
+                    create: ['user', 'admin'],
+                    read: ['user', 'owner',  'admin'],
                     write: ['owner','admin'],
                     delete: ['admin']
                 }
@@ -140,6 +157,15 @@ module.exports = async (dbName='graphql-chat') => {
         class Chat extends OwnerSlicedSavable {
             constructor(...params){
                 super(...params)
+                this.members  = Savable.arrize(this.members)
+            }
+
+            async save(...params){
+                if (!this._id){
+                    await super.save(...params)
+                    this.___permissions.read.push(this._id)
+                }
+                return await super.save(...params)
             }
 
             static get relations(){
@@ -153,13 +179,17 @@ module.exports = async (dbName='graphql-chat') => {
             static get defaultPermissions(){
                 return {
                     create: ['user'],
-                    read: ['owner',  'admin'],
+                    read: ['owner',  'admin', 'user'],
                     write: ['owner'],
                     delete: []
                 }
             }
+
+            static get guestRelations(){
+                return ['messages']
+            }
         }
-        SlicedSavable.addClass(TimeTrack)
+        SlicedSavable.addClass(Chat)
 
         const thisUser = id !== 'anon' && await Savable.m.User.findOne({_id: ObjectID(id)})
 

package-lock.json

@@ -465,8 +465,7 @@
         "express": "^4.17.1",
         "express-graphql": "^0.9.0",
         "graphql": "^14.4.2",
-        "jsonwebtoken": "^8.5.1",
-        "mm": "git+ssh://git@gitlab.a-level.com.ua:gitgod/mm.git#8ae3c69780bf9cb25097a4c0a0a0ad01efc02327"
+        "jsonwebtoken": "^8.5.1"
       },
       "dependencies": {
         "express-graphql": {
@@ -497,6 +496,13 @@
           "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
           "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
         },
+        "mm": {
+          "version": "git+ssh://git@gitlab.a-level.com.ua:gitgod/mm.git#8ae3c69780bf9cb25097a4c0a0a0ad01efc02327",
+          "from": "git+ssh://git@gitlab.a-level.com.ua:gitgod/mm.git#8ae3c69780bf9cb25097a4c0a0a0ad01efc02327",
+          "requires": {
+            "mongodb": "^3.2.2"
+          }
+        },
         "raw-body": {
           "version": "2.4.1",
           "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.4.1.tgz",