Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
async setLoggedInUser(user = {}) {
if (!user._id) throw new Error("setLoggedInUser: user must have _id property set");
const { users } = this.reactionNodeApp.collections;
const loginToken = Random.id();
const hashedToken = hashToken(loginToken);
const existing = await users.findOne({ _id: user._id });
if (!existing) {
await this.createUserAndAccount(user);
}
// Set the hashed login token on the users document
await users.updateOne({ _id: user._id }, {
$push: {
"services.resume.loginTokens": {
hashedToken,
when: new Date()
}
}
});
export default async function reconcileCarts(context, input) {
const { accountId, collections, user } = context;
const { Cart } = collections;
const { anonymousCartId, cartToken, mode = "merge" } = input;
if (!accountId) throw new ReactionError("access-denied", "Access Denied");
if (!anonymousCartId) throw new ReactionError("invalid-param", "anonymousCartId is required");
if (!cartToken) throw new ReactionError("invalid-param", "cartToken is required");
const accountCartSelector = { accountId };
const anonymousCartSelector = { _id: anonymousCartId, anonymousAccessToken: hashToken(cartToken) };
const carts = await Cart.find({
$or: [accountCartSelector, anonymousCartSelector]
}).toArray();
const anonymousCart = carts.find((cart) => cart._id === anonymousCartId);
if (!anonymousCart) throw new ReactionError("not-found", "Anonymous cart not found");
const { shopId } = anonymousCart;
// In the Meteor app, there are accounts for anonymous users. This check can be removed someday.
// Don't use `userHasPermission` for this check because that always returns true if there
// is "owner" role. We want to know explicitly whether they have the "anonymous" role.
const roles = (user.roles && user.roles[shopId]) || [];
if (roles.includes("anonymous")) {
Logger.warn("reconcileCarts called by an anonymous user. Check client code.");
export function getOrderQuery(context, selector, shopId, token) {
const { accountId: contextAccountId, userHasPermission } = context;
const newSelector = { ...selector, shopId };
if (userHasPermission(["orders", "order/fulfillment", "order/view"], shopId)) {
// admins with orders permissions can see any order in the shop
// admins with order/fulfillment and order/view permissions can also view order
// with further permission checks in each component to limit functionality where needed
// No need to adjust the selector to get the order
} else if (contextAccountId) {
// Regular users can only see their own orders
newSelector.accountId = contextAccountId;
} else if (token) {
// If you have an anonymous access token for this order, OK to see it
newSelector["anonymousAccessTokens.hashedToken"] = hashToken(token);
} else {
throw new ReactionError("access-denied", "Access Denied");
}
return newSelector;
}
export function getOrderQuery(context, selector, shopId, token) {
const { accountId: contextAccountId, userHasPermission } = context;
const newSelector = { ...selector, shopId };
if (userHasPermission(["orders", "order/fulfillment", "order/view"], shopId)) {
// admins with orders permissions can see any order in the shop
// admins with order/fulfillment and order/view permissions can also view order
// with further permission checks in each component to limit functionality where needed
// No need to adjust the selector to get the order
} else if (contextAccountId) {
// Regular users can only see their own orders
newSelector.accountId = contextAccountId;
} else if (token) {
// If you have an anonymous access token for this order, OK to see it
newSelector["anonymousAccessTokens.hashedToken"] = hashToken(token);
} else {
throw new ReactionError("access-denied", "Access Denied");
}
return newSelector;
}
export default async function addCartItems(context, input, options = {}) {
const { cartId, items, cartToken } = input;
const { collections, accountId = null } = context;
const { Cart } = collections;
let selector;
if (accountId) {
// Account cart
selector = { _id: cartId, accountId };
} else {
// Anonymous cart
if (!cartToken) {
throw new ReactionError("not-found", "Cart not found");
}
selector = { _id: cartId, anonymousAccessToken: hashToken(cartToken) };
}
const cart = await Cart.findOne(selector);
if (!cart) {
throw new ReactionError("not-found", "Cart not found");
}
const {
incorrectPriceFailures,
minOrderQuantityFailures,
updatedItemList
} = await addCartItemsUtil(context, cart.items, items, { skipPriceCheck: options.skipPriceCheck });
const updatedCart = {
...cart,
items: updatedItemList,
export function getAnonymousAccessToken() {
const token = Random.secret();
return {
createdAt: new Date(),
hashedToken: hashToken(token),
token
};
}
export default async function setEmailOnAnonymousCart(context, input) {
inputSchema.validate(input || {});
const { collections: { Cart } } = context;
const { cartId, email, cartToken } = input;
const cart = await Cart.findOne({
_id: cartId,
anonymousAccessToken: hashToken(cartToken)
});
if (!cart) throw new ReactionError("not-found", "Cart not found");
const updatedCart = {
...cart,
email,
updatedAt: new Date()
};
const savedCart = await context.mutations.saveCart(context, updatedCart);
return { cart: savedCart };
}
export default async function removeCartItems(context, input) {
inputSchema.validate(input || {});
const { accountId, collections } = context;
const { Cart } = collections;
const { cartId, cartItemIds, cartToken } = input;
const selector = { _id: cartId };
if (cartToken) {
selector.anonymousAccessToken = hashToken(cartToken);
} else if (accountId) {
selector.accountId = accountId;
} else {
throw new ReactionError("invalid-param", "A cartToken is required when updating an anonymous cart");
}
const cart = await Cart.findOne(selector);
if (!cart) throw new ReactionError("not-found", "Cart not found");
const updatedCart = {
...cart,
items: cart.items.filter((item) => !cartItemIds.includes(item._id)),
updatedAt: new Date()
};
const savedCart = await context.mutations.saveCart(context, updatedCart);
export default async function anonymousCartByCartId(context, { cartId, cartToken } = {}) {
const { collections } = context;
const { Cart } = collections;
if (!cartId) {
throw new ReactionError("invalid-param", "You must provide a cartId");
}
return Cart.findOne({
_id: cartId,
anonymousAccessToken: hashToken(cartToken)
});
}