Merge pull request #1315 from leggedrobotics/dev

Release 0.41.2

Author: wp99cp

backend/package.json

@@ -1,6 +1,6 @@
 {
     "name": "kleinkram-backend",
-    "version": "0.41.0",
+    "version": "0.41.2",
     "description": "",
     "author": "",
     "private": true,
@@ -82,7 +82,7 @@
         "@types/node": "^22.13.5",
         "@types/supertest": "^6.0.0",
         "@typescript-eslint/eslint-plugin": "^8.25.0",
-        "@typescript-eslint/parser": "^8.24.1",
+        "@typescript-eslint/parser": "^8.25.0",
         "eslint": "^9.21.0",
         "eslint-config-prettier": "^10.0.1",
         "eslint-plugin-prettier": "^5.0.0",

backend/src/app.module.ts

@@ -23,6 +23,7 @@ import { PrometheusModule } from '@willsoto/nestjs-prometheus';
 import { AuditLoggerMiddleware } from './routing/middlewares/audit-logger-middleware.service';
 import { appVersion } from './app-version';
 import { ActionModule } from './endpoints/action/action.module';
+import { VersionCheckerMiddlewareService } from './routing/middlewares/version-checker-middleware.service';
 
 export interface AccessGroupConfig {
     emails: [{ email: string; access_groups: string[] }];
@@ -92,8 +93,13 @@ export class AppModule implements NestModule {
      * @param consumer
      */
     configure(consumer: MiddlewareConsumer): void {
-        consumer // enable default middleware for all routes
-            .apply(APIKeyResolverMiddleware, AuditLoggerMiddleware)
+        // Apply APIKeyResolverMiddleware and AuditLoggerMiddleware to all routes
+        consumer
+            .apply(
+                APIKeyResolverMiddleware,
+                AuditLoggerMiddleware,
+                VersionCheckerMiddlewareService,
+            )
             .forRoutes('*');
     }
 }

backend/src/endpoints/auth/auth-helper.ts

@@ -16,7 +16,7 @@ export const projectAccessUUIDQuery = (
     // we us randomized tokens to creat a signature for the subquery parameters
     // in this way we avoid conflicts with other subqueries or the main query
     // would be nice if typeorm did this out of the box, but it doesnt
-    if (tok === undefined) tok = uuidv4().replace(/-/g, '');
+    if (tok === undefined) tok = uuidv4().replaceAll('-', '');
 
     const projectIdsQuery = query
         .subQuery()
@@ -37,7 +37,7 @@ export const missionAccessUUIDQuery = (
     // we us randomized tokens to creat a signature for the subquery parameters
     // in this way we avoid conflicts with other subqueries or the main query
     // would be nice if typeorm did this out of the box, but it doesnt
-    if (tok === undefined) tok = uuidv4().replace(/-/g, '');
+    if (tok === undefined) tok = uuidv4().replaceAll('-', '');
 
     return query
         .subQuery()
@@ -56,7 +56,7 @@ export const getUserIsAdminSubQuery = (
     // we us randomized tokens to creat a signature for the subquery parameters
     // in this way we avoid conflicts with other subqueries or the main query
     // would be nice if typeorm did this out of the box, but it doesnt
-    if (tok === undefined) tok = uuidv4().replace(/-/g, '');
+    if (tok === undefined) tok = uuidv4().replaceAll('-', '');
 
     const subQuery = query.subQuery().select('user.role').from(User, 'user');
     subQuery.where(`user.uuid = :userUUID_${tok}`, {

backend/src/endpoints/file/utils.ts renamed to backend/src/endpoints/file/utilities.ts

@@ -24,8 +24,7 @@ function validateResponseJSON<T extends object>(dto: ClassConstructor<T>) {
 
             if (errors.length > 0) {
                 logger.error(
-                    // eslint-disable-next-line @typescript-eslint/restrict-template-expressions
-                    `Response Validation failed: ${errors.length} errors`,
+                    `Response Validation failed: ${errors.length.toString()} errors`,
                 );
                 logger.error(`In response: `);
                 logger.error(JSON.stringify(data, undefined, 2));
@@ -37,8 +36,7 @@ function validateResponseJSON<T extends object>(dto: ClassConstructor<T>) {
                     `\n${errors.map((error) => error.toString()).join('\n')}`,
                 );
                 throw new InternalServerErrorException(
-                    // eslint-disable-next-line @typescript-eslint/restrict-template-expressions
-                    `Validation failed: ${errors.length} errors. Check backend logs for details.`,
+                    `Validation failed: ${errors.length.toString()} errors. Check backend logs for details.`,
                 );
             }
         }

backend/src/routing/interceptors/output-validation.ts

@@ -0,0 +1,117 @@
+import { Injectable, NestMiddleware } from '@nestjs/common';
+import { NextFunction, Request, Response } from 'express';
+import logger from '../../logger';
+
+/**
+ *
+ * A nest middleware that resolves the user from the API key in the request.
+ *
+ */
+@Injectable()
+export class VersionCheckerMiddlewareService implements NestMiddleware {
+    async use(
+        request: Request,
+        response: Response,
+        next: NextFunction,
+    ): Promise<void> {
+        let clientVersion = request.headers['kleinkram-client-version'] as
+            | string
+            | undefined;
+
+        const requestPath = request.originalUrl;
+
+        // ignore auth endpoints
+        if (requestPath.startsWith('/auth/')) {
+            next();
+            return;
+        }
+
+        // strip away everything after .dev
+        if (clientVersion !== undefined) {
+            clientVersion = clientVersion.split('.dev')[0];
+        }
+
+        // verify if version is of semver format
+        const validVersion = /^\d+\.\d+\.\d+$/;
+        if (clientVersion !== undefined && !validVersion.test(clientVersion)) {
+            this.rejectRequest(response, clientVersion);
+            return;
+        }
+
+        logger.debug(
+            `Check Client Version for call to endpoint: ${requestPath} is: ${clientVersion}`,
+        );
+
+        if (clientVersion === undefined) {
+            this.rejectRequest(response, 'undefined');
+            return;
+        }
+
+        // forbidden client versions: allows for the following notations
+        // - '<0.40.x': versions below 0.40.x are forbidden
+        // - '0.41.x': version 0.41.x is forbidden
+        const forbiddenClientVersions = ['<0.40.0', '0.41.0', '0.41.1'];
+
+        if (this.isVersionForbidden(clientVersion, forbiddenClientVersions)) {
+            this.rejectRequest(response, clientVersion);
+            return;
+        }
+
+        next();
+    }
+
+    private rejectRequest(response: Response, clientVersion: string): void {
+        // reject request with 426
+        response.status(426).json({
+            statusCode: 426,
+            message: `Client version ${clientVersion} is not a valid version.`,
+        });
+
+        response.send();
+    }
+
+    private isVersionForbidden(
+        clientVersion: string,
+        forbiddenVersions: string[],
+    ): boolean {
+        for (const forbiddenVersion of forbiddenVersions) {
+            if (forbiddenVersion.startsWith('<')) {
+                const versionToCompare = forbiddenVersion.slice(1);
+                if (this.isLessThan(clientVersion, versionToCompare)) {
+                    return true;
+                }
+            } else if (forbiddenVersion.endsWith('.x')) {
+                const baseVersion = forbiddenVersion.slice(
+                    0,
+                    Math.max(0, forbiddenVersion.length - 2),
+                );
+                if (clientVersion.startsWith(baseVersion)) {
+                    return true;
+                }
+            } else if (clientVersion === forbiddenVersion) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    private isLessThan(version1: string, version2: string): boolean {
+        const v1Parts = version1.split('.').map(Number);
+        const v2Parts = version2.split('.').map(Number);
+
+        const maxLength = Math.max(v1Parts.length, v2Parts.length);
+
+        for (let i = 0; i < maxLength; i++) {
+            const part1 = v1Parts[i] || 0;
+            const part2 = v2Parts[i] || 0;
+
+            if (part1 < part2) {
+                return true;
+            } else if (part1 > part2) {
+                return false;
+            }
+        }
+
+        return false;
+    }
+}

backend/src/routing/middlewares/version-checker-middleware.service.ts

@@ -30,7 +30,6 @@ import { ProjectWithMissionsDto } from '@common/api/types/project/project-with-m
 import { GroupMembershipDto, UserDto } from '@common/api/types/user.dto';
 import { FileDto, FileWithTopicDto } from '@common/api/types/file/file.dto';
 import { TopicDto } from '@common/api/types/topic.dto';
-import logger from './logger';
 
 export const missionEntityToDto = (mission: Mission): MissionDto => {
     if (!mission.project) {
@@ -83,9 +82,9 @@ export const missionEntityToDtoWithFiles = (
     }
 
     return {
-        ...missionEntityToDtoWithCreator(mission),
-        files: mission.files.map(fileEntityToDto),
-        tags: mission.tags.map(tagEntityToDto),
+        ...(missionEntityToDtoWithCreator(mission) as MissionWithFilesDto),
+        files: mission.files.map((element) => fileEntityToDto(element)),
+        tags: mission.tags.map((element) => tagEntityToDto(element)),
     };
 };
 
@@ -195,8 +194,8 @@ export const fileEntityToDtoWithTopic = (
         throw new Error('File topics are not set');
     }
     return {
-        ...fileEntityToDto(file),
-        topics: file.topics.map(topicEntityToDto),
+        ...(fileEntityToDto(file) as FileWithTopicDto),
+        topics: file.topics.map((element) => topicEntityToDto(element)),
     };
 };
 
@@ -255,7 +254,7 @@ export const projectEntityToDtoWithMissionCount = (
     }
 
     return {
-        ...projectEntityToDto(project),
+        ...(projectEntityToDto(project) as ProjectWithMissionCountDto),
         creator: userEntityToDto(project.creator),
         missionCount: project.missions?.length ?? 0,
     };
@@ -269,9 +268,11 @@ export const projectEntityToDtoWithMissions = (
     }
 
     return {
-        ...projectEntityToDto(project),
+        ...(projectEntityToDto(project) as ProjectWithMissionsDto),
         creator: userEntityToDto(project.creator),
-        requiredTags: project.requiredTags.map(tagTypeEntityToDto),
+        requiredTags: project.requiredTags.map((element) =>
+            tagTypeEntityToDto(element),
+        ),
         missions: project.missions?.map(missionEntityToFlatDto) ?? [],
     };
 };

backend/src/serialization.ts

@@ -88,6 +88,7 @@ export class AccessService {
                             name: value.project?.name,
                             uuid: value.project?.uuid,
                             rights: value.rights,
+                            autoConvert: value.project?.autoConvert ?? false,
                         }) as ProjectWithAccessRightsDto,
                 ) ?? [],
         };
@@ -341,7 +342,6 @@ export class AccessService {
         const data: AccessGroupDto[] = accessGroups.map(
             (accessGroup: AccessGroup): AccessGroupDto => {
                 return {
-                    // eslint-disable-next-line unicorn/no-null
                     creator: accessGroup.creator
                         ? userEntityToDto(accessGroup.creator)
                         : null,
@@ -475,7 +475,7 @@ export class AccessService {
         );
 
         return {
-            data: access.map(projectAccessEntityToDto),
+            data: access.map((element) => projectAccessEntityToDto(element)),
             count,
             take: count,
             skip: 0,
@@ -558,9 +558,9 @@ export class AccessService {
         // filter out the access rights that have not been modified
         const accessRightsChanges = newProjectAccess.filter((access) => {
             return !currentAccess.some(
-                (currentAccess) =>
-                    currentAccess.accessGroup?.uuid === access.uuid &&
-                    currentAccess.rights === access.rights,
+                (projectAccess) =>
+                    projectAccess.accessGroup?.uuid === access.uuid &&
+                    projectAccess.rights === access.rights,
             );
         });
 

backend/src/services/access.service.ts

@@ -213,7 +213,9 @@ export class ActionService {
 
         return {
             count,
-            data: templates.map(actionTemplateEntityToDto),
+            data: templates.map((element) =>
+                actionTemplateEntityToDto(element),
+            ),
             skip,
             take,
         };
@@ -265,7 +267,7 @@ export class ActionService {
             const [actions, count] = await query.getManyAndCount();
             return {
                 count,
-                data: actions.map(actionEntityToDto),
+                data: actions.map((element) => actionEntityToDto(element)),
                 skip,
                 take,
             };
@@ -312,7 +314,7 @@ export class ActionService {
 
         return {
             count,
-            data: actions.map(actionEntityToDto),
+            data: actions.map((element) => actionEntityToDto(element)),
             skip,
             take,
         };

backend/src/services/action.service.ts

@@ -47,6 +47,7 @@ export class DBDumper {
             return dumpFile;
         } catch (error: any) {
             await unlinkAsync(dumpFile);
+
             // eslint-disable-next-line @typescript-eslint/restrict-template-expressions
             throw new Error(`Failed to create database dump: ${error.message}`);
         }