homepagedata json

mentorpal · Feb 8, 2024 · 985a9f1 · 985a9f1
1 parent 8bb74c8
commit 985a9f1
Show file tree

Hide file tree

Showing 2 changed files with 65 additions and 17 deletions.
diff --git a/node/src/gql/query/mentor-client-data.ts b/node/src/gql/query/mentor-client-data.ts
@@ -170,9 +170,14 @@ async function getCompletedQuestions(
   return subjectQuestionsWithUpdatedTopics;
 }
 
+interface LeftHomePageData {
+  time: string;
+  targetMentors: string[];
+}
+
 function verifyDirectLinkSecure(
   mentor: Mentor,
-  leftHomePageTime: string,
+  leftHomePageData: string,
   user?: User
 ): boolean {
   const userOwnsMentor = user?.mentorIds.includes(mentor._id);
@@ -183,12 +188,21 @@ function verifyDirectLinkSecure(
   ) {
     return true;
   }
-  if (!leftHomePageTime) {
+
+  if (!leftHomePageData) {
+    return false;
+  }
+
+  const homePageData: LeftHomePageData = JSON.parse(leftHomePageData);
+  if (!homePageData.time || !homePageData.targetMentors) {
+    return false;
+  }
+  if (!homePageData.targetMentors.includes(`${mentor._id}`)) {
     return false;
   }
-  const leftHomePage = new Date(leftHomePageTime);
+  const leftHomePageTime = new Date(homePageData.time);
   const currentTime = new Date();
-  const timeDiff = currentTime.getTime() - leftHomePage.getTime();
+  const timeDiff = currentTime.getTime() - leftHomePageTime.getTime();
   const secondsDiff = timeDiff / 1000;
   const hoursDiff = secondsDiff / 3600;
   return hoursDiff <= 1;
@@ -200,15 +214,15 @@ export const mentorData = {
     mentor: { type: GraphQLNonNull(GraphQLID) },
     subject: { type: GraphQLID },
     orgAccessCode: { type: GraphQLString },
-    leftHomePageTime: { type: GraphQLString },
+    leftHomePageData: { type: GraphQLString },
   },
   resolve: async (
     _root: GraphQLObjectType,
     args: {
       mentor: string;
       subject?: string;
       orgAccessCode?: string;
-      leftHomePageTime?: string;
+      leftHomePageData?: string;
     },
     context: { user?: User; org: Organization }
   ): Promise<MentorClientData> => {
@@ -221,7 +235,7 @@ export const mentorData = {
         `mentor is private and you do not have permission to access`
       );
     }
-    if (!verifyDirectLinkSecure(mentor, args.leftHomePageTime, context.user)) {
+    if (!verifyDirectLinkSecure(mentor, args.leftHomePageData, context.user)) {
       throw new Error('mentor can only be accessed via homepage');
     }
 

diff --git a/node/test/graphql/query/mentor-client-data.spec.ts b/node/test/graphql/query/mentor-client-data.spec.ts
@@ -296,7 +296,7 @@ describe('mentorClientData', () => {
       );
     });
 
-    it('Rejects if mentor is directLinkPrivate and no "leftHomePage" param provided', async () => {
+    it('Rejects if mentor is directLinkPrivate and no "leftHomePageData" param provided', async () => {
       const response = await request(app)
         .post('/graphql')
         .send({
@@ -318,15 +318,24 @@ describe('mentorClientData', () => {
       const twoHoursAgo = new Date();
       twoHoursAgo.setHours(twoHoursAgo.getHours() - 2);
       const timeInPast = twoHoursAgo.toISOString();
+
+      const data = JSON.stringify({
+        time: timeInPast,
+        targetMentors: ['5ffdf41a1ee2c62111111113'],
+      });
+
       const response = await request(app)
         .post('/graphql')
         .send({
-          query: `query {
-            mentorClientData(mentor: "5ffdf41a1ee2c62111111113", leftHomePageTime: "${timeInPast}") {
+          query: `query MentorClientData($leftHomePageData: String!) {
+            mentorClientData(mentor: "5ffdf41a1ee2c62111111113", leftHomePageData: $leftHomePageData) {
               _id
               name
             }
         }`,
+          variables: {
+            leftHomePageData: data,
+          },
         });
       expect(response.status).to.equal(200);
       expect(response.body).to.have.deep.nested.property(
@@ -340,16 +349,24 @@ describe('mentorClientData', () => {
       const twoHoursAgo = new Date();
       twoHoursAgo.setHours(twoHoursAgo.getHours() - 2);
       const timeInPast = twoHoursAgo.toISOString();
+
+      const data = JSON.stringify({
+        time: timeInPast,
+        targetMentors: ['5ffdf41a1ee2c62111111113'],
+      });
       const response = await request(app)
         .post('/graphql')
         .set('Authorization', `bearer ${token}`)
         .send({
-          query: `query {
-            mentorClientData(mentor: "5ffdf41a1ee2c62111111113", leftHomePageTime: "${timeInPast}") {
+          query: `query MentorClientData($leftHomePageData: String!) {
+            mentorClientData(mentor: "5ffdf41a1ee2c62111111113", leftHomePageData: $leftHomePageData) {
               _id
               name
             }
         }`,
+          variables: {
+            leftHomePageData: data,
+          },
         });
       expect(response.status).to.equal(200);
       expect(response.body.data.mentorClientData).to.eql({
@@ -363,16 +380,24 @@ describe('mentorClientData', () => {
       const twoHoursAgo = new Date();
       twoHoursAgo.setHours(twoHoursAgo.getHours() - 2);
       const timeInPast = twoHoursAgo.toISOString();
+
+      const data = JSON.stringify({
+        time: timeInPast,
+        targetMentors: ['5ffdf41a1ee2c62111111113'],
+      });
       const response = await request(app)
         .post('/graphql')
         .set('Authorization', `bearer ${token}`)
         .send({
-          query: `query {
-            mentorClientData(mentor: "5ffdf41a1ee2c62111111113", leftHomePageTime: "${timeInPast}") {
+          query: `query MentorClientData($leftHomePageData: String!) {
+            mentorClientData(mentor: "5ffdf41a1ee2c62111111113", leftHomePageData: $leftHomePageData) {
               _id
               name
             }
         }`,
+          variables: {
+            leftHomePageData: data,
+          },
         });
       expect(response.status).to.equal(200);
       expect(response.body.data.mentorClientData).to.eql({
@@ -382,17 +407,26 @@ describe('mentorClientData', () => {
     });
 
     it('returns mentor if home page visited within last hour', async () => {
-      const now = new Date();
+      const now = new Date().toISOString();
+
+      const data = JSON.stringify({
+        time: now,
+        targetMentors: ['5ffdf41a1ee2c62111111113'],
+      });
       const response = await request(app)
         .post('/graphql')
         .send({
-          query: `query {
-            mentorClientData(mentor: "5ffdf41a1ee2c62111111113", leftHomePageTime: "${now.toISOString()}") {
+          query: `query MentorClientData($leftHomePageData: String!) {
+            mentorClientData(mentor: "5ffdf41a1ee2c62111111113", leftHomePageData: $leftHomePageData) {
               _id
               name
             }
         }`,
+          variables: {
+            leftHomePageData: data,
+          },
         });
+      console.log(JSON.stringify(response.body, null, 2));
       expect(response.status).to.equal(200);
       expect(response.body.data.mentorClientData).to.eql({
         _id: '5ffdf41a1ee2c62111111113',