From 8cad73d01db874d159c046f35ce170fe35413c7d Mon Sep 17 00:00:00 2001
From: slawk0 <justgetahouse4@pm.me>
Date: Sat, 14 Dec 2024 23:20:41 +0100
Subject: [PATCH] verifying if user is admin when adding member

---
 client/src/components/chat/AddGroupMember.tsx | 30 +++++++++++++------
 .../src/components/chat/CreateGroupButton.tsx |  4 ++-
 server/db/db.js                               |  1 +
 server/server.js                              | 22 +++++++++++++-
 4 files changed, 46 insertions(+), 11 deletions(-)

diff --git a/client/src/components/chat/AddGroupMember.tsx b/client/src/components/chat/AddGroupMember.tsx
index 4ee6f54..e520feb 100644
--- a/client/src/components/chat/AddGroupMember.tsx
+++ b/client/src/components/chat/AddGroupMember.tsx
@@ -4,7 +4,6 @@ import { SubmitHandler, useForm } from 'react-hook-form';
 import { axiosClient } from '../../App.tsx';
 import { ContactsProps } from '../../pages/Chat.tsx';
 import { socket } from '../../socket/socket.tsx';
-import { AxiosResponse } from 'axios';
 import { UserRoundPlus } from 'lucide-react';
 
 type Inputs = {
@@ -23,17 +22,19 @@ function AddGroupMember({ contact }: AddGroupMemberProps) {
   const [isLoading, setIsLoading] = useState<boolean>(false);
   const [notFound, setNotFound] = useState<boolean>(false);
   const [selectedIndex, setSelectedIndex] = useState<number>(0);
+  const [errorMessage, setErrorMessage] = useState<string | null>(null);
 
   useEffect(() => {
     const fetchSuggestions = async () => {
       if (contactInput?.length >= 3) {
         try {
           setIsLoading(true);
-          const response: AxiosResponse<string[]> = await axiosClient.get(
+          setErrorMessage(null);
+          const response = await axiosClient.get(
             `/api/chat/contacts/suggestions/${contactInput}`,
           );
           setSuggestions(response.data);
-          setSelectedIndex(0); // Reset selection to first item when suggestions update
+          setSelectedIndex(0);
           if (response.data.length < 1) {
             setIsLoading(false);
             setNotFound(true);
@@ -41,9 +42,12 @@ function AddGroupMember({ contact }: AddGroupMemberProps) {
             setIsLoading(false);
             setNotFound(false);
           }
-        } catch (error) {
+        } catch (e) {
           setIsLoading(false);
-          console.error('Error fetching suggestions:', error);
+          console.error('Error fetching suggestions:', e);
+          setErrorMessage(
+            e.response?.data?.message || 'Failed to fetch suggestions',
+          );
         }
       } else {
         setNotFound(false);
@@ -60,6 +64,7 @@ function AddGroupMember({ contact }: AddGroupMemberProps) {
   }, [contactInput]);
 
   if (!socket) return;
+
   const onSubmit: SubmitHandler<Inputs> = async (data) => {
     const contactToSubmit =
       suggestions.length > 0
@@ -68,19 +73,22 @@ function AddGroupMember({ contact }: AddGroupMemberProps) {
 
     try {
       setIsLoading(true);
+      setErrorMessage(null);
       const response = await axiosClient.post(`/api/chat/groups/addMember/`, {
         group_id: contact?.conversation_id,
         username: contactToSubmit,
       });
-      console.log(response.data);
+      console.log('Add member to group', response);
       setIsLoading(false);
       socket?.emit('added to group', { group_id: contact?.conversation_id });
       if (modalRef.current) {
         modalRef.current.close();
       }
+      reset();
     } catch (e) {
-      console.error('Failed to create group: ', e);
+      console.error('Failed to add group member: ', e);
       setIsLoading(false);
+      setErrorMessage(e.response?.data?.message || 'Failed to add member');
     }
   };
 
@@ -134,7 +142,7 @@ function AddGroupMember({ contact }: AddGroupMemberProps) {
               <div className="text-center">
                 <form onSubmit={handleSubmit(onSubmit)}>
                   <input
-                    className="text-black bg-green-50 pl-2 shadow-lg rounded-md h-8 mb-2 mt-2"
+                    className="text-black bg-green-50 pl-2 shadow-lg rounded-md h-10 mb-2 mt-2"
                     type="text"
                     onKeyDown={handleKeyDown}
                     {...register('username', {
@@ -155,7 +163,6 @@ function AddGroupMember({ contact }: AddGroupMemberProps) {
                               : 'hover:bg-gray-500'
                           }`}
                           onClick={() => {
-                            reset({ username: suggestion });
                             handleSubmit(() =>
                               onSubmit({ username: suggestion }),
                             )();
@@ -176,6 +183,11 @@ function AddGroupMember({ contact }: AddGroupMemberProps) {
                   ) : null}
                 </div>
               </div>
+              {errorMessage && (
+                <p className="text-red-500 mt-2 p-1 bg-gray-800  rounded-md w-full">
+                  {errorMessage}
+                </p>
+              )}
             </div>
 
             <div className="mt-4 flex justify-center">
diff --git a/client/src/components/chat/CreateGroupButton.tsx b/client/src/components/chat/CreateGroupButton.tsx
index 91fa7b5..017646d 100644
--- a/client/src/components/chat/CreateGroupButton.tsx
+++ b/client/src/components/chat/CreateGroupButton.tsx
@@ -14,6 +14,7 @@ function CreateGroupButton() {
   const {
     register,
     handleSubmit,
+    reset,
     formState: { errors },
   } = useForm<Inputs>();
 
@@ -28,6 +29,7 @@ function CreateGroupButton() {
           modalRef.current.close();
         }
       }
+      reset();
     } catch (e) {
       console.error('Failed to create group: ', e);
       setIsLoading(false);
@@ -62,7 +64,7 @@ function CreateGroupButton() {
                 className="w-full max-w-xs relative"
               >
                 <input
-                  className="input input-bordered bg-green-50 w-full text-black rounded-md text-center"
+                  className="input input-bordered bg-green-50 w-full h-10 text-black rounded-md text-center"
                   {...register('groupName', {
                     required: true,
                     minLength: 4,
diff --git a/server/db/db.js b/server/db/db.js
index b26c3ef..a709235 100644
--- a/server/db/db.js
+++ b/server/db/db.js
@@ -1033,4 +1033,5 @@ module.exports = {
   getMembers,
   removeUserFromGroupById,
   isConversationMember,
+  isAdmin,
 };
diff --git a/server/server.js b/server/server.js
index 14a7d24..172e661 100644
--- a/server/server.js
+++ b/server/server.js
@@ -42,6 +42,8 @@ const {
   deleteMessage,
   getMembers,
   insertContactByUsername,
+  isConversationMember,
+  isAdmin,
 } = require("./db/db");
 const { extname } = require("node:path");
 
@@ -368,15 +370,22 @@ app.post("/api/chat/groups/create", authorizeUser, async (req, res) => {
   });
 });
 
-app.post("/api/chat/groups/addMember", async (req, res) => {
+app.post("/api/chat/groups/addMember", authorizeUser, async (req, res) => {
   const username = req.body.username;
   const group_id = req.body.group_id;
+  const user_id = req.user.user_id;
   if (!username) {
     return res.status(400).json({ message: "Username not provided" });
   }
   if (!group_id) {
     return res.status(400).json({ message: "group_id not provided" });
   }
+
+  const isUserAdmin = await isAdmin(user_id, group_id);
+  if (!isUserAdmin) {
+    return res.status(401).json({ message: "You are not group administrator" });
+  }
+
   const result = await addMemberToGroupByUsername(group_id, username);
   if (result !== null) {
     io.to(result).to(group_id).emit("added to group", {
@@ -417,6 +426,17 @@ app.get(
     if (!conversation_id) {
       return res.status(400).json({ message: "No conversation_id provided" });
     }
+
+    const isMember = await isConversationMember(
+      req.user.user_id,
+      conversation_id,
+    );
+    if (!isMember) {
+      return res
+        .status(401)
+        .json({ message: "You are not member of this conversation" });
+    }
+
     const participants = await getMembers(conversation_id);
     console.log(
       `getMemers for conversation: ${conversation_id}, participants: ${participants} `,