feat(SW-1710): add access checks to my stay page for viewing booking

2025-03-05 13:46:09 +01:00
parent 1009ea87c9
commit b0df70e552
21 changed files with 515 additions and 133 deletions
--- a/apps/scandic-web/server/routers/booking/input.ts
+++ b/apps/scandic-web/server/routers/booking/input.ts
@@ -112,7 +112,7 @@ export const cancelBookingInput = z.object({
 })

 export const createRefIdInput = z.object({
-  bookingNumber: z
+  confirmationNumber: z
    .string()
    .trim()
    .regex(/^\s*[0-9]+(-[0-9])?\s*$/)
--- a/apps/scandic-web/server/routers/booking/output.ts
+++ b/apps/scandic-web/server/routers/booking/output.ts
@@ -80,6 +80,8 @@ const guestSchema = z.object({
  countryCode: z.string().nullable().default(""),
 })

+export type Guest = z.output<typeof guestSchema>
+
 export const packageSchema = z
  .object({
    type: z.string().nullable(),
--- a/apps/scandic-web/server/routers/booking/query.ts
+++ b/apps/scandic-web/server/routers/booking/query.ts
@@ -10,7 +10,7 @@ import {
 } from "@/server/trpc"

 import { getHotel } from "../hotels/query"
-import encryptValue from "../utils/encryptValue"
+import { encrypt } from "../utils/encryption"
 import {
  bookingConfirmationInput,
  createRefIdInput,
@@ -241,8 +241,8 @@ export const bookingQueryRouter = router({
  createRefId: serviceProcedure
    .input(createRefIdInput)
    .mutation(async function ({ input }) {
-      const { bookingNumber, lastName } = input
-      const encryptedRefId = encryptValue(`${bookingNumber},${lastName}`)
+      const { confirmationNumber, lastName } = input
+      const encryptedRefId = encrypt(`${confirmationNumber},${lastName}`)

      if (!encryptedRefId) {
        throw serverErrorByStatus(422, "Was not able to encrypt ref id")
--- a/apps/scandic-web/server/routers/user/utils.ts
+++ b/apps/scandic-web/server/routers/user/utils.ts
@@ -4,7 +4,7 @@ import { Lang } from "@/constants/languages"
 import { env } from "@/env/server"
 import * as api from "@/lib/api"

-import encryptValue from "../utils/encryptValue"
+import { encrypt } from "../utils/encryption"

 import type { FriendTransaction, Stay } from "./output"

@@ -93,7 +93,7 @@ async function updateStaysBookingUrl(
      d.attributes.confirmationNumber.toString() +
      "," +
      apiJson.data.attributes.lastName
-    const encryptedBookingValue = encryptValue(originalString)
+    const encryptedBookingValue = encrypt(originalString)
    if (!!encryptedBookingValue) {
      bookingUrl.searchParams.set("RefId", encryptedBookingValue)
    } else {
--- a/apps/scandic-web/server/routers/utils/encryptValue.ts
+++ b/apps/scandic-web/server/routers/utils/encryptValue.ts
@@ -1,27 +0,0 @@
-import crypto from "crypto"
-
-import { env } from "@/env/server"
-
-export default function encryptValue(originalString: string) {
-  try {
-    const encryptionKey = env.BOOKING_ENCRYPTION_KEY
-    const bufferKey = Buffer.from(encryptionKey, "utf8")
-    const cipher = crypto.createCipheriv("DES-ECB", bufferKey, null)
-    cipher.setAutoPadding(false)
-    const bufferString = Buffer.from(originalString, "utf8")
-    const paddingSize =
-      bufferKey.length - (bufferString.length % bufferKey.length)
-    const paddedStr = Buffer.concat([
-      bufferString,
-      Buffer.alloc(paddingSize, 0),
-    ])
-    const buffers: Buffer[] = []
-    buffers.push(cipher.update(paddedStr))
-    buffers.push(cipher.final())
-    const result = Buffer.concat(buffers).toString("base64").replace(/\+/g, "-")
-    return result
-  } catch (e) {
-    console.log(e)
-    return ""
-  }
-}
--- a/apps/scandic-web/server/routers/utils/encryption.ts
+++ b/apps/scandic-web/server/routers/utils/encryption.ts
@@ -0,0 +1,54 @@
+import "server-only"
+
+import crypto from "crypto"
+
+import { env } from "@/env/server"
+
+export { decrypt, encrypt }
+
+const algorithm = "DES-ECB"
+const encryptionKey = env.BOOKING_ENCRYPTION_KEY
+const bufferKey = Buffer.from(encryptionKey, "utf8")
+
+function encrypt(originalString: string) {
+  try {
+    const cipher = crypto.createCipheriv(algorithm, bufferKey, null)
+    cipher.setAutoPadding(false)
+    const bufferString = Buffer.from(originalString, "utf8")
+    const paddingSize =
+      bufferKey.length - (bufferString.length % bufferKey.length)
+    const paddedStr = Buffer.concat([
+      bufferString,
+      Buffer.alloc(paddingSize, 0),
+    ])
+    const buffers: Buffer[] = []
+    buffers.push(cipher.update(paddedStr))
+    buffers.push(cipher.final())
+    const result = Buffer.concat(buffers).toString("base64").replace(/\+/g, "-")
+    return result
+  } catch (e) {
+    console.log(e)
+    return ""
+  }
+}
+
+function decrypt(encryptedString: string) {
+  try {
+    const decipher = crypto.createDecipheriv(algorithm, bufferKey, null)
+    decipher.setAutoPadding(false)
+    const buffers: Buffer[] = []
+    buffers.push(decipher.update(encryptedString, "base64"))
+    buffers.push(decipher.final())
+    const result = Buffer.concat(buffers)
+      .toString("utf8")
+      /*
+       * Hexadecimal byte (null byte) replace. These occur when decrypting because
+       * we're disabling the auto padding for historical/compatibility reasons.
+       */
+      .replace(/(\x00)*/g, "")
+    return result
+  } catch (e) {
+    console.log(e)
+    return ""
+  }
+}