opengovsg / FormSG / 12740798736

import { NextFunction } from 'express'

import { AuthedSessionData } from 'express-session'

  MAX_UPLOAD_FILE_SIZE,

  VALID_UPLOAD_FILE_TYPES,

} from '../../../../../shared/constants/file'

  AdminDashboardFormMetaDto,

  BasicField,

  CreateFormBodyDto,

  DeserializeTransform,

  DuplicateFormBodyDto,

  EndPageUpdateDto,

  ErrorDto,

  FieldCreateDto,

  FieldUpdateDto,

  FormAuthType,

  FormColorTheme,

  FormDto,

  FormFeedbackMetaDto,

  FormFieldDto,

  FormLogoState,

  FormResponseMode,

  FormSettings,

  FormWebhookResponseModeSettings,

  FormWebhookSettings,

  FormWorkflowDto,

  FormWorkflowStepDto,

  Language,

  LogicConditionState,

  LogicDto,

  LogicIfValue,

  LogicType,

  PermissionsUpdateDto,

  PreviewFormViewDto,

  PrivateFormErrorDto,

  PublicFormDto,

  SettingsUpdateDto,

  StartPageUpdateDto,

  SubmissionCountQueryDto,

  WebhookSettingsUpdateDto,

} from '../../../../../shared/types'

  EncryptedStringsMessageContent,

  encryptStringsMessage,

} from '../../../../../shared/utils/crypto'

import { IFormDocument, IPopulatedForm } from '../../../../types'

import {

  EncryptSubmissionDto,

  FormUpdateParams,

  ParsedEmailModeSubmissionBody,

} from '../../../../types/api'

import {

  DatabaseConflictError,

  DatabaseError,

  DatabasePayloadSizeError,

  DatabaseValidationError,

} from '../../core/core.errors'

import { ControllerHandler } from '../../core/core.types'

  mapRouteError as mapEmailSubmissionError,

  SubmissionEmailObj,

} from '../../submission/email-submission/email-submission.util'

  extractEmailConfirmationData,

  mapAttachmentsFromResponses,

  mapRouteError as mapSubmissionError,

} from '../../submission/submission.utils'

  PREVIEW_CORPPASS_UID,

  PREVIEW_CORPPASS_UINFIN,

  PREVIEW_SINGPASS_UINFIN,

} from './admin-form.constants'

  createWorkflowStepValidator,

  getWebhookSettingsValidator,

  updateSettingsValidator,

  updateWebhookSettingsValidator,

  updateWorkflowStepValidator,

} from './admin-form.middlewares'

  mapGoGovErrors,

  mapRouteError,

  verifyValidUnicodeString,

} from './admin-form.utils'

// NOTE: Refer to this for documentation: https://github.com/sideway/joi-date/blob/master/API.md

// Validators

  [Segments.BODY]: {

    form: BaseJoi.object<CreateFormBodyDto>()

      .keys({

        // Require valid responsesMode field.

        responseMode: Joi.string()

          .valid(...Object.values(FormResponseMode))

          .required(),

        // Require title field.

        title: Joi.string().min(4).max(200).required(),

        // Require emails string (for backwards compatibility) or string

        // array if form to be created in Email mode.

        // Must be string array (which can be empty) if form is to be created in Encrypt mode.

        emails: Joi.when('responseMode', {

          switch: [

            {

              is: FormResponseMode.Email,

              then: Joi.alternatives()

                .try(

                  Joi.array().items(Joi.string().email()).min(1),

                  Joi.string().email(),

                )

                .required(),

            },

            {

              is: FormResponseMode.Encrypt,

              then: Joi.array().items(Joi.string().email()).required(),

            },

            {

              is: FormResponseMode.Multirespondent,

              then: Joi.forbidden(),

            },

          ],

          otherwise: Joi.forbidden(),

        }),

        // Require publicKey field if form to be created in Storage mode or

        // Multirespondent mode

        publicKey: Joi.when('responseMode', {

          is: [FormResponseMode.Encrypt, FormResponseMode.Multirespondent],

          then: Joi.string().required().disallow(''),

          otherwise: Joi.forbidden(),

        }),

        workspaceId: Joi.string(),

      })

      .required()

      // Allow other form schema keys to be passed for form creation.

      .unknown(true)

  },

})

  // uses CreateFormBodyDto as that is the shape of the data used in client's WorkspaceService

  [Segments.BODY]: BaseJoi.object<DuplicateFormBodyDto>({

    // Require valid responsesMode field.

    responseMode: Joi.string()

      .valid(...Object.values(FormResponseMode))

      .required(),

    // Require title field.

    title: Joi.string().min(4).max(200).required(),

    // Require emails string (for backwards compatibility) or string array

    // if form to be duplicated in Email mode.

    emails: Joi.when('responseMode', {

      switch: [

        {

          is: FormResponseMode.Email,

          then: Joi.alternatives()

            .try(

              Joi.array().items(Joi.string().email()).min(1),

              Joi.string().email(),

            )

            .required(),

        },

        {

          // When duplicating forms, we reset the `emails` field to be empty

          // Refer to `admin-form.utils.ts`.

          is: FormResponseMode.Encrypt,

          then: Joi.forbidden(),

        },

        {

          is: FormResponseMode.Multirespondent,

          then: Joi.forbidden(),

        },

      ],

      otherwise: Joi.forbidden(),

    }),

    // Require publicKey field if form to be duplicated in Storage mode or

    // Multirespondent mode

    publicKey: Joi.when('responseMode', {

      is: [FormResponseMode.Encrypt, FormResponseMode.Multirespondent],

      then: Joi.string().required().disallow(''),

      otherwise: Joi.forbidden(),

    }),

    workspaceId: Joi.string(),

  }),

})

  [Segments.BODY]: {

    email: Joi.string()

      .required()

      .email()

      .message('Please enter a valid email')

      .lowercase(),

  },

})

  [Segments.BODY]: {

    fileId: Joi.string().required(),

    fileMd5Hash: Joi.string().base64().required(),

    fileType: Joi.string()

      .valid(...VALID_UPLOAD_FILE_TYPES)

      .required(),

    isNewClient: Joi.boolean().optional(), // TODO(#4228): isNewClient in param was allowed for backward compatibility after #4213 removed isNewClient flag from frontend. To remove 2 weeks after release.

  },

})

/**

 * Handler for GET /adminform endpoint.

 * @security session

 *

 * @returns 200 with list of forms user can access when list is retrieved successfully

 * @returns 422 when user of given id cannnot be found in the database

 * @returns 500 when database errors occur

 */

  unknown,

  AdminDashboardFormMetaDto[] | ErrorDto

    .mapErr((error) => {

        message: 'Error listing dashboard forms',

        meta: {

          action: 'handleListDashboardForms',

          userId: authedUserId,

        },

        error,

      })

    })

}

/**

 * Handler for GET /:formId/adminform.

 * @security session

 *

 * @returns 200 with retrieved form with formId if user has read permissions

 * @returns 403 when user does not have permissions to access form

 * @returns 404 when form cannot be found

 * @returns 410 when form is archived

 * @returns 422 when user in session cannot be retrieved from the database

 * @returns 500 when database error occurs

 */

  req,

  res,

) => {

    // Step 1: Retrieve currently logged in user.

    UserService.getPopulatedUserById(sessionUserId)

      .andThen((user) =>

        // Step 2: Check whether user has read permissions to form

          user,

          formId,

          level: PermissionLevel.Read,

        }),

      )

      .mapErr((error) => {

          message: 'Error retrieving single form',

          meta: {

            action: 'handleGetSingleForm',

            ...createReqMeta(req),

          },

          error,

        })

      })

  )

}

/**

 * Handler for GET /api/v3/admin/forms/:formId/collaborators

 * @security session

 *

 * @returns 200 with collaborators

 * @returns 403 when current user does not have read permissions for the form

 * @returns 404 when form cannot be found

 * @returns 410 when retrieving collaborators for an archived form

 * @returns 422 when user in session cannot be retrieved from the database

 * @returns 500 when database error occurs

 */

  { formId: string },

  PermissionsUpdateDto | ErrorDto

    // Step 1: Retrieve currently logged in user.

    UserService.getPopulatedUserById(sessionUserId)

      .andThen((user) =>

        // Step 2: Check whether user has read permissions to form

          user,

          formId,

          level: PermissionLevel.Read,

        }),

      )

      .map(({ permissionList }) =>

      )

      .mapErr((error) => {

          message: 'Error retrieving form collaborators',

          meta: {

            action: 'handleGetFormCollaborators',

            ...createReqMeta(req),

          },

          error,

        })

      })

  )

}

/**

 * Handler for GET /:formId/adminform/preview.

 * @security session

 *

 * @returns 200 with form with private details scrubbed for previewing if user has read permissions

 * @returns 403 when user does not have permissions to access form

 * @returns 404 when form cannot be found

 * @returns 410 when form is archived

 * @returns 422 when user in session cannot be retrieved from the database

 * @returns 500 when database error occurs

 */

  req,

  res,

) => {

    // Step 1: Retrieve currently logged in user.

    UserService.getPopulatedUserById(sessionUserId)

      .andThen((user) =>

        // Step 2: Check whether user has read permissions to form

          user,

          formId,

          level: PermissionLevel.Read,

        }),

      )

      // Step 3: Remove private details from form for previewing.

      .map((scrubbedForm) =>

      )

      .mapErr((error) => {

          message: 'Error previewing admin form',

          meta: {

            action: 'handlePreviewAdminForm',

            ...createReqMeta(req),

            userId: sessionUserId,

            formId,

          },

          error,

        })

      })

  )

}

/**

 * Handler for POST /:formId([a-fA-F0-9]{24})/adminform/images.

 * @security session

 *

 * @returns 200 with presigned POST URL object

 * @returns 400 when error occurs whilst creating presigned POST URL object

 * @returns 403 when user does not have write permissions for form

 * @returns 404 when form cannot be found

 * @returns 410 when form is archived

 * @returns 422 when user in session cannot be retrieved from the database

 */

  { formId: string },

  unknown,

  {

    fileId: string

    fileMd5Hash: string

    fileType: string

  }

  // Adding random objectId ensures fileId is unpredictable by client

    // Step 1: Retrieve currently logged in user.

    UserService.getPopulatedUserById(sessionUserId)

      .andThen((user) =>

        // Step 2: Check whether user has write permissions to form

          user,

          formId,

          level: PermissionLevel.Write,

        }),

      )

      // Step 3: Has write permissions, generate presigned POST URL.

      .andThen(() =>

          fileId: randomizedFileId,

          fileMd5Hash,

          fileType,

        }),

      )

      .mapErr((error) => {

          message: 'Presigning post data encountered an error',

          meta: {

            action: 'createPresignedPostUrlForImages',

            ...createReqMeta(req),

          },

          error,

        })

      })

  )

}

  fileUploadValidator,

  createPresignedPostUrlForImages,

] as ControllerHandler[]

/**

 * Handler for POST /:formId([a-fA-F0-9]{24})/adminform/logos.

 * @security session

 *

 * @returns 200 with presigned POST URL object

 * @returns 400 when error occurs whilst creating presigned POST URL object

 * @returns 403 when user does not have write permissions for form

 * @returns 404 when form cannot be found

 * @returns 410 when form is archived

 * @returns 422 when user in session cannot be retrieved from the database

 */

  { formId: string },

  unknown,

  {

    fileId: string

    fileMd5Hash: string

    fileType: string

  }

  // Adding random objectId ensures fileId is unpredictable by client

    // Step 1: Retrieve currently logged in user.

    UserService.getPopulatedUserById(sessionUserId)

      .andThen((user) =>

        // Step 2: Check whether user has write permissions to form

          user,

          formId,

          level: PermissionLevel.Write,

        }),

      )

      // Step 3: Has write permissions, generate presigned POST URL.

      .andThen(() =>

          fileId: randomizedFileId,

          fileMd5Hash,

          fileType,

        }),

      )

      .mapErr((error) => {

          message: 'Presigning post data encountered an error',

          meta: {

            action: 'createPresignedPostUrlForLogos',

            ...createReqMeta(req),

          },

          error,

        })

      })

  )

}

  fileUploadValidator,

  createPresignedPostUrlForLogos,

] as ControllerHandler[]

// Validates that the ending date >= starting date

  [Segments.QUERY]: Joi.object()

    .keys({

      startDate: Joi.date().format('YYYY-MM-DD').raw(),

      endDate: Joi.date().format('YYYY-MM-DD').min(Joi.ref('startDate')).raw(),

    })

    .and('startDate', 'endDate'),

})

/**

 * NOTE: This is exported solely for testing

 * @security session

 *

 * @returns 200 with submission counts of given form

 * @returns 400 when query.startDate or query.endDate is malformed

 * @returns 403 when user does not have permissions to access form

 * @returns 404 when form cannot be found

 * @returns 410 when form is archived

 * @returns 422 when user in session cannot be retrieved from the database

 * @returns 500 when database error occurs

 */

  { formId: string },

  ErrorDto | number,

  unknown,

  SubmissionCountQueryDto

    action: 'handleCountFormSubmissions',

    ...createReqMeta(req),

    userId: sessionUserId,

    formId,

  }

  // Step 1: Retrieve currently logged in user.

    sessionUserId,

  ).andThen((user) =>

    // Step 2: Check whether user has read permissions to form

      user,

      formId,

      level: PermissionLevel.Read,

    }),

  )

      message: 'Error occurred when checking user permissions for form',

      meta: logMeta,

      error: formResult.error,

    })

  }

  // Step 3: Has permissions, continue to retrieve submission counts.

    .mapErr((error) => {

        message: 'Error retrieving form submission count',

        meta: {

          action: 'handleCountFormSubmissions',

          ...createReqMeta(req),

          userId: sessionUserId,

          formId,

        },

        error,

      })

    })

}

// Handler for GET /admin/forms/:formId/submissions/count

  validateDateRange,

  countFormSubmissions,

] as ControllerHandler[]

/**

 * Handler for GET /{formId}/adminform/feedback/count.

 * @security session

 *

 * @returns 200 with feedback counts of given form

 * @returns 403 when user does not have permissions to access form

 * @returns 404 when form cannot be found

 * @returns 410 when form is archived

 * @returns 422 when user in session cannot be retrieved from the database

 * @returns 500 when database error occurs

 */

  { formId: string },

  number | ErrorDto

    // Step 1: Retrieve currently logged in user.

    UserService.getPopulatedUserById(sessionUserId)

      .andThen((user) =>

        // Step 2: Check whether user has read permissions to form

          user,

          formId,

          level: PermissionLevel.Read,

        }),

      )

      // Step 3: Retrieve form feedback counts.

      // Some error occurred earlier in the chain.

      .mapErr((error) => {

          message: 'Error retrieving form feedback count',

          meta: {

            action: 'handleCountFormFeedback',

            ...createReqMeta(req),

            userId: sessionUserId,

            formId,

          },

          error,

        })

      })

  )

}

/**

 * Handler for GET /{formId}/adminform/feedback/download.

 * @security session

 *

 * @returns 200 with feedback stream

 * @returns 403 when user does not have permissions to access form

 * @returns 404 when form cannot be found

 * @returns 410 when form is archived

 * @returns 422 when user in session cannot be retrieved from the database

 * @returns 500 when database or stream error occurs

 */

  formId: string

  // Step 1: Retrieve currently logged in user.

    sessionUserId,

  ).andThen((user) =>

    // Step 2: Check whether user has read permissions to form

      user,

      formId,

      level: PermissionLevel.Read,

    }),

  )

    action: 'handleStreamFormFeedback',

    ...createReqMeta(req),

    userId: sessionUserId,

    formId,

  }

      message: 'Error occurred whilst verifying user permissions',

      meta: logMeta,

      error: hasReadPermissionResult.error,

    })

      hasReadPermissionResult.error,

    )

  }

  // No errors, start stream.

    .on('error', (error) => {

        message: 'Error streaming feedback from MongoDB',

        meta: logMeta,

        error,

      })

        message: 'Error retrieving from database.',

      })

    })

    .pipe(JSONStream.stringify())

    .on('error', (error) => {

        message: 'Error converting feedback to JSON',

        meta: logMeta,

        error,

      })

        message: 'Error converting feedback to JSON',

      })

    })

    .pipe(res.type('json'))

    .on('error', (error) => {

        message: 'Error writing feedback to HTTP stream',

        meta: logMeta,

        error,

      })

        message: 'Error writing feedback to HTTP stream',

      })

    })

    .on('close', () => {

        message: 'Stream feedback closed',

        meta: logMeta,

      })

    })

}

/**

 * Handler for GET /{formId}/adminform/feedback.

 * @security session

 *

 * @returns 200 with feedback response

 * @returns 403 when user does not have permissions to access form

 * @returns 404 when form cannot be found

 * @returns 410 when form is archived

 * @returns 422 when user in session cannot be retrieved from the database

 * @returns 500 when database error occurs

 */

  { formId: string },

  FormFeedbackMetaDto | ErrorDto

    .andThen((user) =>

        user,

        formId,

        level: PermissionLevel.Read,

      }),

    )

    .mapErr((error) => {

        message: 'Error retrieving form feedbacks',

        meta: {

          action: 'handleGetFormFeedback',

          ...createReqMeta(req),

          userId: sessionUserId,

          formId,

        },

        error,

      })

    })

}

/**

 * Handler for DELETE /{formId}/adminform.

 * @security session

 *

 * @returns 200 with success message when successfully archived

 * @returns 403 when user does not have permissions to archive form

 * @returns 404 when form cannot be found

 * @returns 410 when form is already archived

 * @returns 422 when user in session cannot be retrieved from the database

 * @returns 500 when database error occurs

 */

  req,

  res,

    // Step 1: Retrieve currently logged in user.

    UserService.getPopulatedUserById(sessionUserId)

      .andThen((user) =>

        // Step 2: Check whether user has delete permissions for form.

          user,

          formId,

          level: PermissionLevel.Delete,

        }),

      )

      // Step 3: Currently logged in user has permissions to archive form.

      .andThen((archivedForm) => {

        // Step 4: For each collaborator, remove the form from their workspaces

                formIds: [formId],

                userId: user._id,

              }),

          )

        })

        // Step 5: remove form from workspace of current user

          formIds: [formId],

          userId: sessionUserId,

        })

      })

      .mapErr((error) => {

          message: 'Error occurred when archiving form',

          meta: {

            action: 'handleArchiveForm',

            ...createReqMeta(req),

            userId: sessionUserId,

            formId,

          },

          error,

        })

      })

  )

}

/**

 * Handler for POST /:formId/adminform

 * Duplicates the form corresponding to the formId. The currently logged in user

 * must have read permissions to the form being copied.

 * @note Even if current user is not admin of the form, the current user will be the admin of the new form

 * @security session

 *

 * @returns 200 with the duplicate form dashboard view

 * @returns 403 when user does not have permissions to access form

 * @returns 404 when form cannot be found

 * @returns 410 when form is archived

 * @returns 422 when user in session cannot be retrieved from the database

 * @returns 500 when database error occurs

 */

  { formId: string },

  unknown,

  DuplicateFormBodyDto

    // Step 1: Retrieve currently logged in user.

    UserService.getPopulatedUserById(userId)

      .andThen((user) =>

        // Step 2: Check if current user has permissions to read form.

          user,

          formId,

          level: PermissionLevel.Read,

        })

          .andThen((originalForm) =>

            // Step 3: Duplicate form.

              originalForm,

              userId,

              overrideParams,

              workspaceId,

            ),

          )

          // Step 4: Retrieve dashboard view of duplicated form.

      )

      // Success; return duplicated form's dashboard view.

      // Error; some error occurred in the chain.

      .mapErr((error) => {

          message: 'Error duplicating form',

          meta: {

            action: 'duplicateAdminForm',

            ...createReqMeta(req),

            userId,

            formId,

          },

          error,

        })

      })

  )

}

  duplicateFormValidator,

  duplicateAdminForm,

] as ControllerHandler[]

/**

 * Handler for GET /:formId/adminform/template

 * Handler for GET /api/v3/admin/forms/:formId/use-template

 * @security session

 *

 * @returns 200 with target form's template view

 * @returns 403 when the target form is private

 * @returns 404 when form cannot be found

 * @returns 410 when form is archived

 * @returns 500 when database error occurs

 */

  { formId: string },

  PreviewFormViewDto | ErrorDto | PrivateFormErrorDto

    // Step 1: Retrieve form only if form is currently public.

    AuthService.getFormIfPublic(formId)

      // Step 2: Remove private form details before being returned.

      .map((scrubbedForm) =>

          .status(StatusCodes.OK)

          .json({ form: scrubbedForm as PublicFormDto }),

      )

      .mapErr((error) => {

          message: 'Error retrieving form template',

          meta: {

            action: 'handleGetTemplateForm',

            ...createReqMeta(req),

            userId,

            formId,

          },

          error,

        })

        // Specialized error response for PrivateFormError.

            message: error.message,

            // Flag to prevent default 404 subtext ("please check link") from

            // showing.

            isPageFound: true,

            formTitle: error.formTitle,

          })

        }

      })

  )

}

/**

 * Handler for POST /:formId/adminform/use-template

 * Duplicates the form corresponding to the formId. The form must be public to

 * be copied.

 * @note The current user will be the admin of the new duplicated form

 * @security session

 *

 * @returns 200 with the new form dashboard view

 * @returns 403 when form is private

 * @returns 404 when form cannot be found

 * @returns 410 when form is archived

 * @returns 422 when user in session cannot be retrieved from the database