archetecture security fix
This commit is contained in:
+108
@@ -0,0 +1,108 @@
|
||||
"use strict";
|
||||
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
||||
if (k2 === undefined) k2 = k;
|
||||
var desc = Object.getOwnPropertyDescriptor(m, k);
|
||||
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
||||
desc = { enumerable: true, get: function() { return m[k]; } };
|
||||
}
|
||||
Object.defineProperty(o, k2, desc);
|
||||
}) : (function(o, m, k, k2) {
|
||||
if (k2 === undefined) k2 = k;
|
||||
o[k2] = m[k];
|
||||
}));
|
||||
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
||||
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
||||
}) : function(o, v) {
|
||||
o["default"] = v;
|
||||
});
|
||||
var __importStar = (this && this.__importStar) || (function () {
|
||||
var ownKeys = function(o) {
|
||||
ownKeys = Object.getOwnPropertyNames || function (o) {
|
||||
var ar = [];
|
||||
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
||||
return ar;
|
||||
};
|
||||
return ownKeys(o);
|
||||
};
|
||||
return function (mod) {
|
||||
if (mod && mod.__esModule) return mod;
|
||||
var result = {};
|
||||
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
||||
__setModuleDefault(result, mod);
|
||||
return result;
|
||||
};
|
||||
})();
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.listReviews = listReviews;
|
||||
exports.getReview = getReview;
|
||||
exports.replyToReview = replyToReview;
|
||||
exports.getStats = getStats;
|
||||
exports.sendReviewReminder = sendReviewReminder;
|
||||
const errors_1 = require("../../http/errors");
|
||||
const notificationService_1 = require("../../services/notificationService");
|
||||
const emailTranslations_1 = require("../../lib/emailTranslations");
|
||||
const repo = __importStar(require("./review.repo"));
|
||||
const reservationRepo = __importStar(require("../reservations/reservation.repo"));
|
||||
async function listReviews(companyId, query) {
|
||||
const { rating, page, pageSize } = query;
|
||||
const where = {};
|
||||
if (rating != null)
|
||||
where.overallRating = rating;
|
||||
const [reviews, total] = await repo.findMany(companyId, where, (page - 1) * pageSize, pageSize);
|
||||
return {
|
||||
data: reviews,
|
||||
meta: { total, page, pageSize, totalPages: Math.ceil(total / pageSize) },
|
||||
};
|
||||
}
|
||||
async function getReview(id, companyId) {
|
||||
const review = await repo.findById(id, companyId);
|
||||
if (!review)
|
||||
throw new errors_1.NotFoundError('Review not found');
|
||||
return review;
|
||||
}
|
||||
async function replyToReview(id, companyId, companyReply) {
|
||||
const review = await repo.findById(id, companyId);
|
||||
if (!review)
|
||||
throw new errors_1.NotFoundError('Review not found');
|
||||
return repo.updateById(id, {
|
||||
companyReply,
|
||||
companyRepliedAt: new Date(),
|
||||
});
|
||||
}
|
||||
async function getStats(companyId) {
|
||||
return repo.getStats(companyId);
|
||||
}
|
||||
async function sendReviewReminder(id, companyId) {
|
||||
const review = await repo.findById(id, companyId);
|
||||
if (!review)
|
||||
throw new errors_1.NotFoundError('Review not found');
|
||||
const reservation = review.reservation;
|
||||
if (!reservation)
|
||||
throw new errors_1.AppError('Review has no linked reservation', 400, 'no_reservation');
|
||||
if (reservation.reviewPaused)
|
||||
throw new errors_1.AppError('Review requests are paused for this reservation', 400, 'review_paused');
|
||||
const customer = reservation.customer;
|
||||
if (!customer || customer.reviewOptOut)
|
||||
throw new errors_1.AppError('Customer has opted out of review requests', 400, 'opted_out');
|
||||
if (!customer.email)
|
||||
throw new errors_1.AppError('Customer has no email address', 400, 'no_email');
|
||||
if (!reservation.reviewToken)
|
||||
throw new errors_1.AppError('No review token available for this reservation', 400, 'no_token');
|
||||
// Determine which reminder field to update
|
||||
const field = reservation.reviewReminderSentAt ? 'reviewFinalReminderSentAt' : 'reviewReminderSentAt';
|
||||
const company = await reservationRepo.findCompanyWithBrand(companyId);
|
||||
const lang = (company?.brand?.defaultLocale ?? 'fr');
|
||||
const companyName = company?.brand?.displayName ?? company?.name ?? 'the rental company';
|
||||
const vehicle = reservation.vehicle;
|
||||
const vehicleLabel = vehicle ? `${vehicle.year} ${vehicle.make} ${vehicle.model}` : 'your rental vehicle';
|
||||
const reviewUrl = `${process.env.MARKETPLACE_URL ?? 'http://localhost:3000'}/review?token=${reservation.reviewToken}`;
|
||||
await (0, notificationService_1.sendTransactionalEmail)({
|
||||
to: customer.email,
|
||||
subject: emailTranslations_1.reviewRequestEmail.subject(vehicleLabel, lang),
|
||||
html: emailTranslations_1.reviewRequestEmail.html({ firstName: customer.firstName, companyName, vehicleLabel, reviewUrl }, lang),
|
||||
text: emailTranslations_1.reviewRequestEmail.text({ firstName: customer.firstName, companyName, vehicleLabel, reviewUrl }, lang),
|
||||
});
|
||||
await repo.sendReminder(reservation.id, new Date(), field);
|
||||
return { success: true, field };
|
||||
}
|
||||
//# sourceMappingURL=review.service.js.map
|
||||
Reference in New Issue
Block a user