hackforla
diff --git a/‎.github/workflows/aws-backend-deploy.yml‎
Lines changed: 21 additions & 34 deletions b/‎.github/workflows/aws-backend-deploy.yml‎
Lines changed: 21 additions & 34 deletions
diff --git a/‎backend/controllers/project.controller.js‎
Lines changed: 65 additions & 1 deletion b/‎backend/controllers/project.controller.js‎
Lines changed: 65 additions & 1 deletion
diff --git a/‎backend/controllers/user.controller.js‎
Lines changed: 110 additions & 15 deletions b/‎backend/controllers/user.controller.js‎
Lines changed: 110 additions & 15 deletions
diff --git a/‎backend/models/user.model.js‎
Lines changed: 2 additions & 2 deletions b/‎backend/models/user.model.js‎
Lines changed: 2 additions & 2 deletions
@@ -32,7 +32,7 @@ jobs:
         run: |
           if [[ "$GITHUB_EVENT_NAME" == "workflow_dispatch" ]]; then
               INPUT_ENV=${{ github.event.inputs.env }}; INPUT_REF=${{ github.event.inputs.ref }}
-              echo AWS_APPENV="$AWS_APP_NAME"-$INPUT_ENV >> $GITHUB_ENV
+              echo AWS_APPENV=$AWS_APP_NAME >> $GITHUB_ENV
               echo IMAGE_TAG=$(git rev-parse --short HEAD) >> $GITHUB_ENV
               echo BUILD_SHA=$(git rev-parse --short HEAD) >> $GITHUB_ENV
           fi
@@ -43,18 +43,20 @@ jobs:
   build:
     name: Build & Push Docker Image
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write # Needed for OIDC authentication to AWS
     needs: [setup_env]
     steps:
       - name: Checkout
         uses: actions/checkout@v4
         with:
           ref: ${{ github.event.inputs.ref }}
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v3 # Sets AWS credentials for CLI
         with:
-          aws-access-key-id: ${{ secrets.INCUBATOR_AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.INCUBATOR_AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ env.AWS_REGION }}
+          role-to-assume: arn:aws:iam::035866691871:role/incubator-cicd-vrms # IAM role for deploy
+          role-session-name: incubator-cicd-vrms-gha # Session name for audit
+          aws-region: us-west-2 # AWS region
       - name: Login to Amazon ECR
         id: login-ecr
         uses: aws-actions/amazon-ecr-login@v2
@@ -85,42 +87,27 @@ jobs:
             --push \
             --build-arg BUILD_SHA=$BUILD_SHA \
             -f ${{ env.DOCKERFILE }} \
-            -t $ECR_REGISTRY/$ECR_REPOSITORY:latest \
+            -t $ECR_REGISTRY/$ECR_REPOSITORY:${{ github.event.inputs.env }} \
             -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG \
             ${{ env.DOCKER_PATH }}
   deploy:
     name: Deploy to AWS ECS
     runs-on: ubuntu-latest
     needs: [setup_env, build]
+    permissions:
+      id-token: write # Needed for OIDC authentication to AWS
     steps:
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v3 # Sets AWS credentials for CLI
         with:
-          aws-access-key-id: ${{ secrets.INCUBATOR_AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.INCUBATOR_AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ env.AWS_REGION }}
-      - name: Login to Amazon ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v2
-      - name: Pull Task Definition & write to file
-        id: aws-task-definition
+          role-to-assume: arn:aws:iam::035866691871:role/incubator-cicd-vrms # IAM role for deploy
+          role-session-name: incubator-cicd-vrms-gha # Session name for audit
+          aws-region: us-west-2 # AWS region
+      - name: Restart ECS Service
+        id: redeploy-service
+        env:
+          SERVICE_NAME: ${{env.AWS_APP_NAME}}-${{ github.event.inputs.env }} # ECS service name
+        # Force a new deployment of the ECS service to use the latest Docker image
         run: |
-          aws ecs describe-task-definition \
-            --task-definition ${{ needs.setup_env.outputs.AWS_APPENV }} \
-            --query taskDefinition | \
-            jq 'del(.taskDefinitionArn,.revision,.status,.registeredBy,.registeredAt,.compatibilities,.requiresAttributes)' > task-def.json
-      - name: Interpolate new Docker Image into Task Definition
-        id: task-definition
-        uses: aws-actions/amazon-ecs-render-task-definition@v1
-        with:
-          task-definition: task-def.json
-          container-name: ${{ needs.setup_env.outputs.AWS_APPENV }}
-          image: ${{ steps.login-ecr.outputs.registry }}/${{ needs.setup_env.outputs.AWS_APPENV }}:${{ needs.setup_env.outputs.IMAGE_TAG }}
-      - name: Deploy Amazon ECS
-        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
-        with:
-          task-definition: ${{ steps.task-definition.outputs.task-definition }}
-          service: ${{ needs.setup_env.outputs.AWS_APPENV }}
-          cluster: ${{ env.AWS_SHARED_CLUSTER }}
-          wait-for-service-stability: true
-          wait-for-minutes: 5
+          aws ecs update-service --force-new-deployment --service $SERVICE_NAME --cluster $AWS_SHARED_CLUSTER
+  
@@ -1,4 +1,5 @@
-const { Project } = require('../models');
+const { Project, User } = require('../models');
+const { ObjectId } = require('mongodb');
 
 const ProjectController = {};
 
@@ -66,4 +67,67 @@ ProjectController.destroy = async function (req, res) {
   }
 };
 
+ProjectController.updateManagedByUsers = async function (req, res) {
+  const { ProjectId } = req.params;
+  const { action, userId } = req.body; // action - 'add' or 'remove'
+
+  try {
+    // Update project's managedByUsers and the user's managedProjects
+    const project = await Project.findById(ProjectId);
+    let managedByUsers = project.managedByUsers || [];
+
+    const user = await User.findById(userId);
+    let managedProjects = user.managedProjects || [];
+
+    if (action === 'add') {
+      managedByUsers = [...new Set([...managedByUsers, userId])];
+      managedProjects = [...new Set([...managedProjects, ProjectId])];
+    } else {
+      // remove case
+      managedByUsers = managedByUsers.filter((id) => id !== userId);
+      managedProjects = managedProjects.filter((id) => id !== ProjectId);
+    }
+
+    // Update project's managedByUsers
+    project.managedByUsers = managedByUsers;
+    await project.save({ validateBeforeSave: false });
+
+    // Update user's managedProjects
+    user.managedProjects = managedProjects;
+    await user.save({ validateBeforeSave: false });
+
+    return res.status(200).send({ project, user });
+  } catch (err) {
+    console.log(err);
+    return res.sendStatus(400);
+  }
+};
+
+ProjectController.bulkUpdateManagedByUsers = async function (req, res) {
+  const { bulkOps } = req.body;
+
+  // Convert string IDs to ObjectId in bulkOps
+  bulkOps.forEach((op) => {
+    if (op?.updateOne?.filter._id) {
+      op.updateOne.filter._id = ObjectId(op.updateOne.filter._id);
+    }
+    if (op?.updateOne?.update) {
+      const update = op.updateOne.update;
+      if (update?.$addToSet?.managedByUsers) {
+        update.$addToSet.managedByUsers = ObjectId(update.$addToSet.managedByUsers);
+      }
+      if (update?.$pull?.managedByUsers) {
+        update.$pull.managedByUsers = ObjectId(update.$pull.managedByUsers);
+      }
+    }
+  });
+
+  try {
+    const result = await Project.bulkWrite(bulkOps);
+    res.status(200).json(result);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+};
+
 module.exports = ProjectController;
@@ -1,4 +1,5 @@
 const jwt = require('jsonwebtoken');
+const { ObjectId } = require('mongodb');
 
 const EmailController = require('./email.controller');
 const { CONFIG_AUTH } = require('../config');
@@ -21,6 +22,25 @@ UserController.user_list = async function (req, res) {
   try {
     const user = await User.find(query);
     return res.status(200).send(user);
+  } catch (err) {
+    console.error(err);
+    return res.sendStatus(400);
+  }
+};
+
+UserController.user_by_email = async function (req, res) {
+  const { headers } = req;
+  const { email } = req.params;
+
+  console.log('email: ', email);
+
+  if (headers['x-customrequired-header'] !== expectedHeader) {
+    return res.sendStatus(403);
+  }
+
+  try {
+    const user = await User.find({ email });
+    return res.status(200).send(user);
   } catch (err) {
     console.log(err);
     return res.sendStatus(400);
@@ -39,7 +59,7 @@ UserController.admin_list = async function (req, res) {
     const admins = await User.find({ accessLevel: { $in: ['admin', 'superadmin'] } });
     return res.status(200).send(admins);
   } catch (err) {
-    console.log(err);
+    console.error(err);
     return res.sendStatus(400);
   }
 };
@@ -53,17 +73,24 @@ UserController.projectManager_list = async function (req, res) {
 
   try {
     const projectManagers = await User.find({
-      $and: [
-        { accessLevel: { $in: ['admin', 'superadmin'] } },
-        { managedProjects: { $exists: true, $type: 'array', $ne: [] } },
-      ],
+      managedProjects: { $exists: true, $type: 'array', $ne: [] },
     });
 
     // Collect all unique project IDs
-    const allProjectIds = [...new Set(projectManagers.flatMap((pm) => pm.managedProjects))];
+    const allProjectIds = [
+      ...new Set(
+        projectManagers
+          .flatMap((pm) => pm.managedProjects)
+          .filter((id) => typeof id === 'string' && id.match(/^[a-f\d]{24}$/i)),
+      ),
+    ];
 
     // Fetch all projects in one query
-    const projects = await Project.find({ _id: { $in: allProjectIds } });
+    const projects = await Project.find(
+      { _id: { $in: allProjectIds } },
+      { _id: 1, name: 1 }, // projection
+    );
+
     const projectIdToName = {};
     for (const project of projects) {
       projectIdToName[project._id.toString()] = project.name;
@@ -80,7 +107,8 @@ UserController.projectManager_list = async function (req, res) {
 
     return res.status(200).send(updatedProjectManagers);
   } catch (err) {
-    console.log(err);
+    console.error(err);
+    console.log('Projectlead error', err);
     return res.sendStatus(400);
   }
 };
@@ -96,11 +124,9 @@ UserController.user_by_id = async function (req, res) {
 
   try {
     const user = await User.findById(UserId);
-    // TODO throw 404 if User.findById returns empty object
-    // and look downstream to see whether 404 would break anything
     return res.status(200).send(user);
   } catch (err) {
-    console.log(err);
+    console.error(err);
     return res.sendStatus(400);
   }
 };
@@ -144,7 +170,7 @@ UserController.update = async function (req, res) {
     const user = await User.findOneAndUpdate({ _id: UserId }, req.body, { new: true });
     return res.status(200).send(user);
   } catch (err) {
-    console.log(err);
+    console.error(err);
     return res.sendStatus(400);
   }
 };
@@ -162,7 +188,7 @@ UserController.delete = async function (req, res) {
     const user = await User.findByIdAndDelete(UserId);
     return res.status(200).send(user);
   } catch (err) {
-    console.log(err);
+    console.error(err);
     return res.sendStatus(400);
   }
 };
@@ -232,7 +258,6 @@ UserController.signin = function (req, res) {
 };
 
 UserController.verifySignIn = async function (req, res) {
-   
   let token = req.headers['x-access-token'] || req.headers['authorization'];
   if (token.startsWith('Bearer ')) {
     // Remove Bearer from string
@@ -245,7 +270,7 @@ UserController.verifySignIn = async function (req, res) {
     res.cookie('token', token, { httpOnly: true });
     return res.send(user);
   } catch (err) {
-    console.log(err);
+    console.error(err);
     return res.status(403);
   }
 };
@@ -259,4 +284,74 @@ UserController.logout = async function (req, res) {
   return res.clearCookie('token').status(200).send('Successfully logged out.');
 };
 
+// Update user's managedProjects
+UserController.updateManagedProjects = async function (req, res) {
+  const { headers } = req;
+  const { UserId } = req.params;
+  const { action, projectId } = req.body; // action - 'add' or 'remove'
+  // console.log('action:', action, 'projectId:', projectId);
+
+  if (headers['x-customrequired-header'] !== expectedHeader) {
+    return res.sendStatus(403);
+  }
+
+  try {
+    // Update user's managedProjects and the project's managedByUsers
+    const user = await User.findById(UserId);
+    let managedProjects = user.managedProjects || [];
+
+    const project = await Project.findById(projectId);
+    let managedByUsers = project.managedByUsers || [];
+
+    if (action === 'add') {
+      managedProjects = [...managedProjects, projectId];
+      managedByUsers = [...managedByUsers, UserId];
+    } else {
+      // remove case
+      managedProjects = managedProjects.filter((id) => id !== projectId);
+      managedByUsers = managedByUsers.filter((id) => id !== UserId);
+    }
+
+    // Update user's managedProjects
+    user.managedProjects = managedProjects;
+    await user.save({ validateBeforeSave: false });
+
+    // Update project's managedByUsers
+    project.managedByUsers = managedByUsers;
+    await project.save({ validateBeforeSave: false });
+
+    return res.status(200).send({ user, project });
+  } catch (err) {
+    console.log(err);
+    return res.sendStatus(400);
+  }
+};
+
+UserController.bulkUpdateManagedProjects = async function (req, res) {
+  const { bulkOps } = req.body;
+
+  // Convert string IDs to ObjectId in bulkOps
+  bulkOps.forEach((op) => {
+    if (op?.updateOne?.filter._id) {
+      op.updateOne.filter._id = ObjectId(op.updateOne.filter._id);
+    }
+    if (op?.updateOne?.update) {
+      const update = op.updateOne.update;
+      if (update?.$addToSet?.managedProjects) {
+        update.$addToSet.managedProjects = ObjectId(update.$addToSet.managedProjects);
+      }
+      if (update?.$pull?.managedProjects) {
+        update.$pull.managedProjects = ObjectId(update.$pull.managedProjects);
+      }
+    }
+  });
+
+  try {
+    const result = await User.bulkWrite(bulkOps);
+    res.status(200).json(result);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+};
+
 module.exports = UserController;
@@ -8,7 +8,7 @@ const userSchema = mongoose.Schema({
     firstName: { type: String },
     lastName: { type: String },
   },
-  email: { type: String, unique: true },
+  email: { type: String, unique: true, lowercase: true },
   accessLevel: { 
     type: String, 
     enum: ["user", "admin", "superadmin"], // restricts values to "user", "admin" and "superadmin"
@@ -37,7 +37,7 @@ const userSchema = mongoose.Schema({
   isHflaGithubMember: { type: Boolean }, // pull from API once github handle in place?
   githubPublic2FA: { type: Boolean }, // does the user have 2FA enabled on their github and membership set to public?
   availability: { type: String }, // availability to meet outside of hacknight times; string for now, more structured in future
-  managedProjects: [{ type: String}], // Which projects managed by user.
+  managedProjects: [{ type: String }], // Which projects managed by user.
   //currentProject: { type: String }              // no longer need this as we can get it from Project Team Member table
   // password: { type: String, required: true }
   isActive: { type: Boolean, default: true }