Merge branch 'secure' into 'stable'

Merge Secure into Stable Removed insecure package, resolved all access violations See merge request !11
InfinityMin3r · Dec 3, 2016 · cd8b173 · cd8b173
2 parents ea88afa + 75a87a4
commit cd8b173
Show file tree

Hide file tree

Showing 5 changed files with 94 additions and 70 deletions.
diff --git a/ticket/.meteor/packages b/ticket/.meteor/packages
@@ -19,7 +19,6 @@ [email protected]              # Enable ECMAScript2015+ syntax in app code
 [email protected]            # Server-side component of the `meteor shell` command
 
 [email protected]             # Publish all data to the clients (for prototyping)
-[email protected]                # Allow all DB writes from clients (for prototyping)
 iron:router
 [email protected]
 [email protected]

diff --git a/ticket/.meteor/versions b/ticket/.meteor/versions
@@ -37,7 +37,6 @@ [email protected]
 [email protected]
 [email protected]
 [email protected]
-[email protected]
 iron:[email protected]
 iron:[email protected]
 iron:[email protected]

diff --git a/ticket/imports/api/tickets.js b/ticket/imports/api/tickets.js
@@ -1,5 +1,74 @@
 // Import and initialize database
 
+import { Meteor } from 'meteor/meteor';
 import { Mongo } from 'meteor/mongo';
 
 export const Tickets = new Mongo.Collection('tickets');
+
+Meteor.methods({
+  'tickets.insert'( //secure method for insertion - take all fields from client
+    namein,
+    rpiemail,
+    altemail,
+    phonein,
+    issuetype,
+    priority,
+    summary,
+    description,
+    youremail,
+    number,
+    status,
+    comments) {
+    // Make sure the user is logged in before inserting a task
+    if (!this.userId) {
+      throw new Meteor.Error('not-authorized');
+    }
+    Tickets.insert({ //actually insert
+      namein,
+      rpiemail,
+      altemail,
+      phonein,
+      issuetype,
+      priority,
+      summary,
+      description,
+      youremail,
+      number,
+      status,
+      comments,
+      createdAt: new Date(),
+    });
+  },
+  'tickets.comment'(numtofind, body, author) {
+    const ticket = Tickets.findOne({ number: numtofind }); // get the actual ticket
+    const arro = ticket.comments; //get the existing comments
+    const time = new Date(); //current time
+    let arrnew = [{}];
+    if (typeof (arro) === 'undefined') { //if no existing comments
+      arrnew = [{ author, body, time }]; //compose new comment
+    } else { //there are existing comments
+      arrnew = arro; //copy old array
+      arrnew.push({ author, body, time }); //push new comment to array
+    }
+    Tickets.update({ _id: ticket._id }, { $set: { comments: arrnew } }); //update comments array to new comments array
+  },
+  'tickets.resolve'(numtofind, body, open) { //function to resolve or reopen a ticket
+    const ticket = Tickets.findOne({ number: numtofind }); //find ticket
+    const arro = ticket.comments; //get existing comments
+    const author = 'System'; //these comments are authored by System
+    const time = new Date(); //current time
+    let arrnew = [{}];
+    if (typeof (arro) === 'undefined') { //if no existing comments
+      arrnew = [{ author, body, time }]; //compose new comment
+    } else { //else comments already exist
+      arrnew = arro; //copy comments
+      arrnew.push({ author, body, time }); //add new comment to array
+    }
+    Tickets.update({ _id: ticket._id }, { $set: { comments: arrnew } }); //update comments array with new one
+    if (open) { //if reopening
+      Tickets.update({ _id: ticket._id }, { $set: { status: true } }); //set status to open
+    } else { //if resolving
+      Tickets.update({ _id: ticket._id }, { $set: { status: false } }); //set status to resolved
+    }
+  },
+});
diff --git a/ticket/imports/ui/404.html b/ticket/imports/ui/404.html
@@ -0,0 +1,12 @@
+<!-- This template handles invalid routes -->
+<!-- Phrasing sourced from Tumblr -->
+
+<template name="404">
+  <div class="container">
+    <div class="text-center">
+      <h1>There's nothing here.</h1>
+      <p>Whatever you were looking for doesn't currently exist at this address. Unless you were looking for this error page, in which case: Congrats! You totally found it.<br /> <br /> Click <a href='/'>here</a> to return to the homepage.</p>
+    </div>
+  </div>
+</template>
+
diff --git a/ticket/imports/ui/body.js b/ticket/imports/ui/body.js
@@ -10,6 +10,7 @@ import './submit.html';
 import './ticket.html';
 import './ticketview.html';
 import './login.html';
+import './404.html';
 
 // Non-blocking alert for bad user-input
 function badform() {
@@ -64,6 +65,10 @@ Routing functions.  Controls how users move throughout the site.
 Most routes include checks for user authentication to protect information
 */
 
+Router.configure({
+  notFoundTemplate: '404',
+});
+
 // Primary route, runs the homepage template when a user browses to the root of the site.
 Router.route('/', function () {
   this.render('homepage');
@@ -199,20 +204,8 @@ Template.ticketview.events({
       .parent()
       .find('.ticketnum')
       .text(), 10);
-    const ticket = Tickets.findOne({ number: numtofind });
-    const author = 'System';
-    const time = new Date();
     const body = 'Ticket resolved by ' + Meteor.user().emails[0].address;
-    const arro = ticket.comments;
-    let arrnew = [{}];
-    if (typeof (arro) === 'undefined') {
-      arrnew = [{ author, body, time }];
-    } else {
-      arrnew = arro;
-      arrnew.push({ author, body, time });
-    }
-    Tickets.update({ _id: ticket._id }, { $set: { comments: arrnew } });
-    Tickets.update({ _id: ticket._id }, { $set: { status: false } });
+    Meteor.call('tickets.resolve', numtofind, body, false);
   },
   'click .btn-reopen': function (event) { // Event for resolve ticket button.  Changes ticket status to resolve.
     const target = event.target;
@@ -221,20 +214,8 @@ Template.ticketview.events({
       .parent()
       .find('.ticketnum')
       .text(), 10);
-    const ticket = Tickets.findOne({ number: numtofind });
-    const author = 'System';
-    const time = new Date();
     const body = 'Ticket reopened by ' + Meteor.user().emails[0].address;
-    const arro = ticket.comments;
-    let arrnew = [{}];
-    if (typeof (arro) === 'undefined') {
-      arrnew = [{ author, body, time }];
-    } else {
-      arrnew = arro;
-      arrnew.push({ author, body, time });
-    }
-    Tickets.update({ _id: ticket._id }, { $set: { comments: arrnew } });
-    Tickets.update({ _id: ticket._id }, { $set: { status: true } });
+    Meteor.call('tickets.resolve', numtofind, body, true);
   },
 });
 
@@ -245,58 +226,24 @@ Template.singleticket.events({
     const target = event.target;
     $(target).toggle();
     const numtofind = parseInt($('#ticketnum').text(), 10);
-    const ticket = Tickets.findOne({ number: numtofind });
-    const author = 'System';
-    const time = new Date();
     const body = 'Ticket resolved by ' + Meteor.user().emails[0].address;
-    const arro = ticket.comments;
-    let arrnew = [{}];
-    if (typeof (arro) === 'undefined') {
-      arrnew = [{ author, body, time }];
-    } else {
-      arrnew = arro;
-      arrnew.push({ author, body, time });
-    }
-    Tickets.update({ _id: ticket._id }, { $set: { comments: arrnew } });
-    Tickets.update({ _id: ticket._id }, { $set: { status: false } });
+    Meteor.call('tickets.resolve', numtofind, body, false);
   },
   'click .btn-reopen': function (event) { // Event for resolve ticket button.  Changes ticket status to resolve.
     event.preventDefault();
     const target = event.target;
     $(target).toggle();
     const numtofind = parseInt($('#ticketnum').text(), 10);
-    const ticket = Tickets.findOne({ number: numtofind });
-    const author = 'System';
-    const time = new Date();
     const body = 'Ticket reopened by ' + Meteor.user().emails[0].address;
-    const arro = ticket.comments;
-    let arrnew = [{}];
-    if (typeof (arro) === 'undefined') {
-      arrnew = [{ author, body, time }];
-    } else {
-      arrnew = arro;
-      arrnew.push({ author, body, time });
-    }
-    Tickets.update({ _id: ticket._id }, { $set: { comments: arrnew } });
-    Tickets.update({ _id: ticket._id }, { $set: { status: true } });
+    Meteor.call('tickets.resolve', numtofind, body, true);
   },
   'submit form': function (event) { // Event for ticket commenting.  Logs current username and adds new comment.
     event.preventDefault();
     const target = event.target;
     const numtofind = parseInt($('#ticketnum').text(), 10);
-    const author = Meteor.user().emails[0].address;
-    const time = new Date();
     const body = target.commentbody.value;
-    const ticket = Tickets.findOne({ number: numtofind }); // get the actual ticket
-    const arro = ticket.comments;
-    let arrnew = [{}];
-    if (typeof (arro) === 'undefined') {
-      arrnew = [{ author, body, time }];
-    } else {
-      arrnew = arro;
-      arrnew.push({ author, body, time });
-    }
-    Tickets.update({ _id: ticket._id }, { $set: { comments: arrnew } });
+    const author = Meteor.user().emails[0].address;
+    Meteor.call('tickets.comment', numtofind, body, author);
     target.commentbody.value = '';
   },
 });
@@ -327,7 +274,7 @@ Template.submit.events({
       return false;
     }
     // Store ticket information in database
-    Tickets.insert({
+    Meteor.call('tickets.insert',
       namein,
       rpiemail,
       altemail,
@@ -339,9 +286,7 @@ Template.submit.events({
       youremail,
       number,
       status,
-      comments,
-      createdAt: new Date(),
-    });
+      comments);
     // Route user to ticket list
     Router.go('/view');
   },