Merge branch 'develop' into feat-nepali-language

Author: raclim

client/modules/IDE/actions/uploader.js

@@ -82,6 +82,23 @@ export function dropzoneCompleteCallback(file) {
         content: file.content
       };
       dispatch(handleCreateFile(formParams, false));
+    } else if (file.status === 'error' || file.xhr.status >= 400) {
+      let uploadFileErrorMessage = 'Uploading file to AWS failed.';
+      if (file.xhr?.response) {
+        const parser = new DOMParser();
+        const xmlDoc = parser.parseFromString(file.xhr.response, 'text/xml');
+        const message = xmlDoc.getElementsByTagName('Message')[0]?.textContent;
+        const code = xmlDoc.getElementsByTagName('Code')[0]?.textContent;
+        uploadFileErrorMessage = `${code}: ${message}`;
+      }
+      file.previewElement.classList.add('dz-error');
+      file.previewElement.classList.remove('dz-success');
+      const dzErrorMessageElement = file.previewElement?.querySelector(
+        '[data-dz-errormessage]'
+      );
+      if (dzErrorMessageElement) {
+        dzErrorMessageElement.textContent = uploadFileErrorMessage;
+      }
     }
   };
 }

client/modules/IDE/components/FileUploader.jsx

@@ -23,13 +23,36 @@ const StyledUploader = styled.div`
   .dz-preview.dz-image-preview {
     background-color: transparent;
   }
+  .dz-image img {
+    width: 100%;
+    height: auto;
+  }
+  .dz-details .dz-filename:hover {
+    overflow: hidden;
+  }
+  .dz-error-message span {
+    width: 100%;
+    height: auto;
+    overflow: hidden;
+    display: block;
+  }
+  .dz-error-mark:hover {
+    cursor: pointer !important;
+  }
 `;
 
 function FileUploader() {
   const { t } = useTranslation();
   const dispatch = useDispatch();
   const userId = useSelector((state) => state.user.id);
-
+  const deleteUploadErrorFiles = (uploader, file) => {
+    if (file.status === 'error') {
+      file.previewElement.addEventListener('click', (e) => {
+        e.stopPropagation();
+        uploader.removeFile(file);
+      });
+    }
+  };
   useEffect(() => {
     const uploader = new Dropzone('div#uploader', {
       url: s3BucketHttps,
@@ -52,6 +75,7 @@ function FileUploader() {
     });
     uploader.on('complete', (file) => {
       dispatch(dropzoneCompleteCallback(file));
+      deleteUploadErrorFiles(uploader, file);
     });
     return () => {
       uploader.destroy();

contributor_docs/installation.md

@@ -37,6 +37,13 @@ _Note_: The installation steps assume you are using a Unix-like shell. If you ar
 7. Install MongoDB and make sure it is running
    * For Mac OSX with [homebrew](http://brew.sh/): `brew tap mongodb/brew` then `brew install mongodb-community` and finally start the server with `brew services start mongodb-community` or you can visit the installation guide here [Installation Guide For MacOS](https://docs.mongodb.com/manual/tutorial/install-mongodb-on-os-x/)
    * For Windows and Linux: [MongoDB Installation](https://docs.mongodb.com/manual/installation/)
+   * If you have trouble setting up MongoDB locally, an alternative is to use [MongoDB Atlas](https://cloud.mongodb.com/) to get a connection string that you can use as your `MONGO_URL` in the `.env` file. To get your connection string:
+      - Navigate to [mongodb.com](https://www.mongodb.com/) and sign up or log in.
+      - Create a new project. Give it any name, and either add a key-value pair or skip that step.
+      - Create a cluster by choosing the free tier. Give your cluster a name, choose a region, and keep the provider as AWS.
+      - Set a username and password for your database-user, these will be part of your connection string.
+      - Choose **Node.js** as the driver for your connection method. You will see a connection string, with or without the password filled in.
+      - Copy the string and use it as your `MONGO_URL` in the `.env` file.
 8. `$ cp .env.example .env`
 9. (Optional) Update `.env` with necessary keys to enable certain app behaviors, i.e. add Github ID and Github Secret if you want to be able to log in with Github.
    * See the [GitHub API Configuration](#github-api-configuration) section for information on how to authenticate with Github.

server/config/passport.js

@@ -124,6 +124,18 @@ const getVerifiedEmails = (githubEmails) =>
 const getPrimaryEmail = (githubEmails) =>
   (lodash.find(githubEmails, { primary: true }) || {}).value;
 
+/**
+ * Get primary email from Google OAuth profile.
+ * Returns the first email if available, or null if emails array is missing/empty.
+ */
+const getGooglePrimaryEmail = (googleEmails) => {
+  if (!Array.isArray(googleEmails) || googleEmails.length === 0) {
+    return null;
+  }
+  const primaryEmail = googleEmails[0]?.value?.trim();
+  return primaryEmail || null;
+};
+
 /**
  * Sign in with GitHub.
  */
@@ -240,8 +252,18 @@ passport.use(
     },
     async (req, accessToken, refreshToken, profile, done) => {
       try {
+        // Validate that emails array exists and has at least one element
+        const primaryEmail = getGooglePrimaryEmail(profile._json?.emails);
+        if (!primaryEmail) {
+          return done(null, false, {
+            msg:
+              'Unable to retrieve email from Google account. ' +
+              'Please ensure your Google account has an email address and try again.'
+          });
+        }
+
         const existingUser = await User.findOne({
-          google: profile._json.emails[0].value
+          google: primaryEmail
         }).exec();
 
         if (existingUser) {
@@ -258,18 +280,16 @@ passport.use(
           return done(null, existingUser);
         }
 
-        const primaryEmail = profile._json.emails[0].value;
-
         if (req.user) {
           if (!req.user.google) {
-            req.user.google = profile._json.emails[0].value;
+            req.user.google = primaryEmail;
             req.user.tokens.push({ kind: 'google', accessToken });
             req.user.verified = User.EmailConfirmation().Verified;
           }
           await req.user.save();
           return done(null, req.user);
         }
-        let username = profile._json.emails[0].value.split('@')[0];
+        let username = primaryEmail.split('@')[0];
         const existingEmailUser = await User.findByEmail(primaryEmail);
         const existingUsernameUser = await User.findByUsername(username, {
           caseInsensitive: true
@@ -285,7 +305,7 @@ passport.use(
             return done(null, false, { msg: accountSuspensionMessage });
           }
           existingEmailUser.email = existingEmailUser.email || primaryEmail;
-          existingEmailUser.google = profile._json.emails[0].value;
+          existingEmailUser.google = primaryEmail;
           existingEmailUser.username = existingEmailUser.username || username;
           existingEmailUser.tokens.push({
             kind: 'google',
@@ -301,7 +321,7 @@ passport.use(
 
         const user = new User();
         user.email = primaryEmail;
-        user.google = profile._json.emails[0].value;
+        user.google = primaryEmail;
         user.username = username;
         user.tokens.push({ kind: 'google', accessToken });
         user.name = profile._json.displayName;

server/controllers/project.controller.js

@@ -131,6 +131,14 @@ export async function getProjectAsset(req, res) {
       .send({ message: 'Project with that id does not exist' });
   }
 
+  // Check visibility and ownership for private projects
+  if (
+    project.visibility === 'Private' &&
+    (!req.user || !project.user._id.equals(req.user._id))
+  ) {
+    return res.status(403).send({ message: 'Project is private' });
+  }
+
   const filePath = req.params[0];
   const resolvedFile = resolvePathToFile(filePath, project.files);
   if (!resolvedFile) {

server/controllers/project.controller/__test__/getProjectAsset.test.js

@@ -0,0 +1,213 @@
+/**
+ * @jest-environment node
+ */
+import { Request, Response } from 'jest-express';
+import axios from 'axios';
+import mime from 'mime';
+import Project from '../../../models/project';
+import { getProjectAsset } from '../../project.controller';
+import { resolvePathToFile } from '../../../utils/filePath';
+
+jest.mock('../../../models/project');
+jest.mock('../../../utils/filePath');
+jest.mock('mime');
+jest.mock('axios');
+
+describe('project.controller', () => {
+  describe('getProjectAsset()', () => {
+    let request;
+    let response;
+
+    beforeEach(() => {
+      request = new Request();
+      response = new Response();
+      response.send = jest.fn();
+      response.status = jest.fn().mockReturnThis();
+      response.set = jest.fn().mockReturnThis();
+      request.setParams({ project_id: 'project-123', 0: 'image.png' });
+      Project.findOne = jest.fn().mockReturnValue({
+        populate: jest.fn().mockReturnThis(),
+        exec: jest.fn()
+      });
+      jest.clearAllMocks();
+    });
+
+    afterEach(() => {
+      request.resetMocked();
+      response.resetMocked();
+    });
+
+    it('returns 404 if project does not exist', async () => {
+      Project.findOne().populate().exec.mockResolvedValue(null);
+
+      await getProjectAsset(request, response);
+
+      expect(response.status).toHaveBeenCalledWith(404);
+      expect(response.send).toHaveBeenCalledWith({
+        message: 'Project with that id does not exist'
+      });
+    });
+
+    it('returns 403 if private project is accessed by unauthenticated user', async () => {
+      const project = {
+        _id: 'project-123',
+        visibility: 'Private',
+        user: { _id: { equals: jest.fn() } },
+        files: []
+      };
+      request.user = undefined;
+
+      Project.findOne().populate().exec.mockResolvedValue(project);
+
+      await getProjectAsset(request, response);
+
+      expect(response.status).toHaveBeenCalledWith(403);
+      expect(response.send).toHaveBeenCalledWith({
+        message: 'Project is private'
+      });
+    });
+
+    it('returns 403 if private project is accessed by non-owner', async () => {
+      const ownerId = { equals: jest.fn().mockReturnValue(false) };
+      const project = {
+        _id: 'project-123',
+        visibility: 'Private',
+        user: { _id: ownerId },
+        files: []
+      };
+      request.user = { _id: 'other-user-id' };
+
+      Project.findOne().populate().exec.mockResolvedValue(project);
+
+      await getProjectAsset(request, response);
+
+      expect(response.status).toHaveBeenCalledWith(403);
+      expect(response.send).toHaveBeenCalledWith({
+        message: 'Project is private'
+      });
+      expect(ownerId.equals).toHaveBeenCalledWith('other-user-id');
+    });
+
+    it('allows owner to access private project assets', async () => {
+      const ownerId = 'owner-123';
+      const ownerIdObj = { equals: jest.fn().mockReturnValue(true) };
+      const project = {
+        _id: 'project-123',
+        visibility: 'Private',
+        user: { _id: ownerIdObj },
+        files: []
+      };
+      const resolvedFile = {
+        name: 'image.png',
+        content: Buffer.from('image content')
+      };
+
+      request.user = { _id: ownerId };
+      Project.findOne().populate().exec.mockResolvedValue(project);
+      resolvePathToFile.mockReturnValue(resolvedFile);
+      mime.getType.mockReturnValue('image/png');
+
+      await getProjectAsset(request, response);
+
+      expect(ownerIdObj.equals).toHaveBeenCalledWith(ownerId);
+      expect(response.status).not.toHaveBeenCalledWith(403);
+      expect(response.set).toHaveBeenCalledWith('Content-Type', 'image/png');
+      expect(response.send).toHaveBeenCalledWith(resolvedFile.content);
+    });
+
+    it('allows anyone to access public project assets', async () => {
+      const project = {
+        _id: 'project-123',
+        visibility: 'Public',
+        user: { _id: { equals: jest.fn() } },
+        files: []
+      };
+      const resolvedFile = {
+        name: 'image.png',
+        content: Buffer.from('image content')
+      };
+
+      request.user = undefined; // unauthenticated
+      Project.findOne().populate().exec.mockResolvedValue(project);
+      resolvePathToFile.mockReturnValue(resolvedFile);
+      mime.getType.mockReturnValue('image/png');
+
+      await getProjectAsset(request, response);
+
+      expect(response.status).not.toHaveBeenCalledWith(403);
+      expect(response.set).toHaveBeenCalledWith('Content-Type', 'image/png');
+      expect(response.send).toHaveBeenCalledWith(resolvedFile.content);
+    });
+
+    it('returns 404 if asset does not exist', async () => {
+      const project = {
+        _id: 'project-123',
+        visibility: 'Public',
+        user: { _id: { equals: jest.fn() } },
+        files: []
+      };
+
+      Project.findOne().populate().exec.mockResolvedValue(project);
+      resolvePathToFile.mockReturnValue(null);
+
+      await getProjectAsset(request, response);
+
+      expect(response.status).toHaveBeenCalledWith(404);
+      expect(response.send).toHaveBeenCalledWith({
+        message: 'Asset does not exist'
+      });
+    });
+
+    it('fetches and serves asset from URL when resolvedFile has url', async () => {
+      const project = {
+        _id: 'project-123',
+        visibility: 'Public',
+        user: { _id: { equals: jest.fn() } },
+        files: []
+      };
+      const resolvedFile = {
+        name: 'image.png',
+        url: 'https://example.com/image.png'
+      };
+      const imageData = Buffer.from('image data');
+
+      Project.findOne().populate().exec.mockResolvedValue(project);
+      resolvePathToFile.mockReturnValue(resolvedFile);
+      mime.getType.mockReturnValue('image/png');
+      axios.get.mockResolvedValue({ data: imageData });
+
+      await getProjectAsset(request, response);
+
+      expect(axios.get).toHaveBeenCalledWith(resolvedFile.url, {
+        responseType: 'arraybuffer'
+      });
+      expect(response.set).toHaveBeenCalledWith('Content-Type', 'image/png');
+      expect(response.send).toHaveBeenCalledWith(imageData);
+    });
+
+    it('returns 404 if fetching asset URL fails', async () => {
+      const project = {
+        _id: 'project-123',
+        visibility: 'Public',
+        user: { _id: { equals: jest.fn() } },
+        files: []
+      };
+      const resolvedFile = {
+        name: 'image.png',
+        url: 'https://example.com/image.png'
+      };
+
+      Project.findOne().populate().exec.mockResolvedValue(project);
+      resolvePathToFile.mockReturnValue(resolvedFile);
+      mime.getType.mockReturnValue('image/png');
+      axios.get.mockRejectedValue(new Error('Network error'));
+
+      await getProjectAsset(request, response);
+
+      expect(response.status).toHaveBeenCalledWith(404);
+      expect(response.send).toHaveBeenCalledWith({
+        message: 'Asset does not exist'
+      });
+    });
+  });
+});