forked from canada-ca/tracker
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathremove-domain.js
More file actions
340 lines (319 loc) · 13.5 KB
/
Copy pathremove-domain.js
File metadata and controls
340 lines (319 loc) · 13.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
import { GraphQLNonNull, GraphQLID } from 'graphql'
import { mutationWithClientMutationId, fromGlobalId } from 'graphql-relay'
import { t } from '@lingui/macro'
import { removeDomainUnion } from '../unions'
export const removeDomain = new mutationWithClientMutationId({
name: 'RemoveDomain',
description: 'This mutation allows the removal of unused domains.',
inputFields: () => ({
domainId: {
type: GraphQLNonNull(GraphQLID),
description: 'The global id of the domain you wish to remove.',
},
orgId: {
type: GraphQLNonNull(GraphQLID),
description: 'The organization you wish to remove the domain from.',
},
}),
outputFields: () => ({
result: {
type: GraphQLNonNull(removeDomainUnion),
description:
'`RemoveDomainUnion` returning either a `DomainResultType`, or `DomainErrorType` object.',
resolve: (payload) => payload,
},
}),
mutateAndGetPayload: async (
args,
{
i18n,
query,
collections,
transaction,
userKey,
auth: { checkPermission, userRequired, verifiedRequired },
validators: { cleanseInput },
loaders: { loadDomainByKey, loadOrgByKey },
},
) => {
// Get User
const user = await userRequired()
verifiedRequired({ user })
// Cleanse Input
const { type: _domainType, id: domainId } = fromGlobalId(
cleanseInput(args.domainId),
)
const { type: _orgType, id: orgId } = fromGlobalId(cleanseInput(args.orgId))
// Get domain from db
const domain = await loadDomainByKey.load(domainId)
// Check to see if domain exists
if (typeof domain === 'undefined') {
console.warn(
`User: ${userKey} attempted to remove ${domainId} however no domain is associated with that id.`,
)
return {
_type: 'error',
code: 400,
description: i18n._(t`Unable to remove unknown domain.`),
}
}
// Get Org from db
const org = await loadOrgByKey.load(orgId)
// Check to see if org exists
if (typeof org === 'undefined') {
console.warn(
`User: ${userKey} attempted to remove ${domain.slug} in org: ${orgId} however there is no organization associated with that id.`,
)
return {
_type: 'error',
code: 400,
description: i18n._(
t`Unable to remove domain from unknown organization.`,
),
}
}
// Get permission
const permission = await checkPermission({ orgId: org._id })
// Check to see if domain belongs to verified check org
if (org.verified && permission !== 'super_admin') {
console.warn(
`User: ${userKey} attempted to remove ${domain.slug} in ${org.slug} but does not have permission to remove a domain from a verified check org.`,
)
return {
_type: 'error',
code: 403,
description: i18n._(
t`Permission Denied: Please contact super admin for help with removing domain.`,
),
}
}
if (permission !== 'super_admin' && permission !== 'admin') {
console.warn(
`User: ${userKey} attempted to remove ${domain.slug} in ${org.slug} however they do not have permission in that org.`,
)
return {
_type: 'error',
code: 403,
description: i18n._(
t`Permission Denied: Please contact organization admin for help with removing domain.`,
),
}
}
// Check to see if more than one organization has a claim to this domain
let countCursor
try {
countCursor = await query`
WITH claims, domains, organizations
FOR v, e IN 1..1 ANY ${domain._id} claims RETURN true
`
} catch (err) {
console.error(
`Database error occurred for user: ${userKey}, when counting domain claims for domain: ${domain.slug}, error: ${err}`,
)
throw new Error(i18n._(t`Unable to remove domain. Please try again.`))
}
// check to see if org removing domain has ownership
let dmarcCountCursor
try {
dmarcCountCursor = await query`
WITH domains, organizations, ownership
FOR v IN 1..1 OUTBOUND ${org._id} ownership RETURN true
`
} catch (err) {
console.error(
`Database error occurred for user: ${userKey}, when counting ownership claims for domain: ${domain.slug}, error: ${err}`,
)
throw new Error(i18n._(t`Unable to remove domain. Please try again.`))
}
// Generate list of collections names
const collectionStrings = []
for (const property in collections) {
collectionStrings.push(property.toString())
}
// Setup Trans action
const trx = await transaction(collectionStrings)
if (dmarcCountCursor.count === 1) {
try {
await trx.step(
() => query`
WITH ownership, organizations, domains, dmarcSummaries, domainsToDmarcSummaries
LET dmarcSummaryEdges = (
FOR v, e IN 1..1 OUTBOUND ${domain._id} domainsToDmarcSummaries
RETURN { edgeKey: e._key, dmarcSummaryId: e._to }
)
LET removeDmarcSummaryEdges = (
FOR dmarcSummaryEdge IN dmarcSummaryEdges
REMOVE dmarcSummaryEdge.edgeKey IN domainsToDmarcSummaries
)
LET removeDmarcSummary = (
FOR dmarcSummaryEdge IN dmarcSummaryEdges
LET key = PARSE_IDENTIFIER(dmarcSummaryEdge.dmarcSummaryId).key
REMOVE key IN dmarcSummaries
)
RETURN true
`,
)
} catch (err) {
console.error(
`Trx step error occurred when removing dmarc summary data for user: ${userKey} while attempting to remove domain: ${domain.slug}, error: ${err}`,
)
throw new Error(i18n._(t`Unable to remove domain. Please try again.`))
}
try {
await trx.step(
() => query`
WITH ownership, organizations, domains
LET domainEdges = (
FOR v, e IN 1..1 INBOUND ${domain._id} ownership
REMOVE e._key IN ownership
)
RETURN true
`,
)
} catch (err) {
console.error(
`Trx step error occurred when removing ownership data for user: ${userKey} while attempting to remove domain: ${domain.slug}, error: ${err}`,
)
throw new Error(i18n._(t`Unable to remove domain. Please try again.`))
}
}
if (countCursor.count <= 1) {
// Remove scan data
try {
await Promise.all([
trx.step(async () => {
await query`
WITH claims, dkim, domains, domainsDKIM, organizations, dkimToDkimResults, dkimResults
LET domainEdges = (FOR v, e IN 1..1 OUTBOUND ${org._id} claims RETURN { edgeKey: e._key, domainId: e._to })
FOR domainEdge in domainEdges
LET dkimEdges = (FOR v, e IN 1..1 OUTBOUND domainEdge.domainId domainsDKIM RETURN { edgeKey: e._key, dkimId: e._to })
FOR dkimEdge IN dkimEdges
LET dkimResultEdges = (FOR v, e IN 1..1 OUTBOUND dkimEdge.dkimId dkimToDkimResults RETURN { edgeKey: e._key, dkimResultId: e._to })
LET removeDkimResultEdges = (FOR dkimResultEdge IN dkimResultEdges REMOVE dkimResultEdge.edgeKey IN dkimToDkimResults)
LET removeDkimResult = (FOR dkimResultEdge IN dkimResultEdges LET key = PARSE_IDENTIFIER(dkimResultEdge.dkimResultId).key REMOVE key IN dkimResults)
RETURN true
`
}),
trx.step(async () => {
await query`
WITH claims, dkim, domains, domainsDKIM, organizations
LET domainEdges = (FOR v, e IN 1..1 INBOUND ${domain._id} claims RETURN { edgeKey: e._key, domainId: e._to })
FOR domainEdge in domainEdges
LET dkimEdges = (FOR v, e IN 1..1 OUTBOUND domainEdge.domainId domainsDKIM RETURN { edgeKey: e._key, dkimId: e._to })
LET removeDkimEdges = (FOR dkimEdge IN dkimEdges REMOVE dkimEdge.edgeKey IN domainsDKIM)
LET removeDkim = (FOR dkimEdge IN dkimEdges LET key = PARSE_IDENTIFIER(dkimEdge.dkimId).key REMOVE key IN dkim)
RETURN true
`
}),
trx.step(async () => {
await query`
WITH claims, dmarc, domains, domainsDMARC, organizations
LET domainEdges = (FOR v, e IN 1..1 INBOUND ${domain._id} claims RETURN { edgeKey: e._key, domainId: e._to })
FOR domainEdge in domainEdges
LET dmarcEdges = (FOR v, e IN 1..1 OUTBOUND domainEdge.domainId domainsDMARC RETURN { edgeKey: e._key, dmarcId: e._to })
LET removeDmarcEdges = (FOR dmarcEdge IN dmarcEdges REMOVE dmarcEdge.edgeKey IN domainsDMARC)
LET removeDmarc = (FOR dmarcEdge IN dmarcEdges LET key = PARSE_IDENTIFIER(dmarcEdge.dmarcId).key REMOVE key IN dmarc)
RETURN true
`
}),
trx.step(async () => {
await query`
WITH claims, domains, domainsSPF, organizations, spf
LET domainEdges = (FOR v, e IN 1..1 INBOUND ${domain._id} claims RETURN { edgeKey: e._key, domainId: e._to })
FOR domainEdge in domainEdges
LET spfEdges = (FOR v, e IN 1..1 OUTBOUND domainEdge.domainId domainsSPF RETURN { edgeKey: e._key, spfId: e._to })
LET removeSpfEdges = (FOR spfEdge IN spfEdges REMOVE spfEdge.edgeKey IN domainsSPF)
LET removeSpf = (FOR spfEdge IN spfEdges LET key = PARSE_IDENTIFIER(spfEdge.spfId).key REMOVE key IN spf)
RETURN true
`
}),
trx.step(async () => {
await query`
WITH claims, domains, domainsHTTPS, https, organizations
LET domainEdges = (FOR v, e IN 1..1 INBOUND ${domain._id} claims RETURN { edgeKey: e._key, domainId: e._to })
FOR domainEdge in domainEdges
LET httpsEdges = (FOR v, e IN 1..1 OUTBOUND domainEdge.domainId domainsHTTPS RETURN { edgeKey: e._key, httpsId: e._to })
LET removeHttpsEdges = (FOR httpsEdge IN httpsEdges REMOVE httpsEdge.edgeKey IN domainsHTTPS)
LET removeHttps = (FOR httpsEdge IN httpsEdges LET key = PARSE_IDENTIFIER(httpsEdge.httpsId).key REMOVE key IN https)
RETURN true
`
}),
trx.step(async () => {
await query`
WITH claims, domains, domainsSSL, organizations, ssl
LET domainEdges = (FOR v, e IN 1..1 INBOUND ${domain._id} claims RETURN { edgeKey: e._key, domainId: e._to })
FOR domainEdge in domainEdges
LET sslEdges = (FOR v, e IN 1..1 OUTBOUND domainEdge.domainId domainsSSL RETURN { edgeKey: e._key, sslId: e._to})
LET removeSslEdges = (FOR sslEdge IN sslEdges REMOVE sslEdge.edgeKey IN domainsSSL)
LET removeSsl = (FOR sslEdge IN sslEdges LET key = PARSE_IDENTIFIER(sslEdge.sslId).key REMOVE key IN ssl)
RETURN true
`
}),
])
} catch (err) {
console.error(
`Trx step error occurred while user: ${userKey} attempted to remove scan data for ${domain.slug} in org: ${org.slug}, error: ${err}`,
)
throw new Error(i18n._(t`Unable to remove domain. Please try again.`))
}
// Remove domain
try {
await trx.step(async () => {
await query`
WITH claims, domains, organizations
LET domainEdges = (FOR v, e IN 1..1 INBOUND ${domain._id} claims RETURN { edgeKey: e._key, domainId: e._to })
LET removeDomainEdges = (FOR domainEdge in domainEdges REMOVE domainEdge.edgeKey IN claims)
LET removeDomain = (FOR domainEdge in domainEdges LET key = PARSE_IDENTIFIER(domainEdge.domainId).key REMOVE key IN domains)
RETURN true
`
})
} catch (err) {
console.error(
`Trx step error occurred while user: ${userKey} attempted to remove ${domain.slug} in org: ${org.slug}, error: ${err}`,
)
throw new Error(i18n._(t`Unable to remove domain. Please try again.`))
}
} else {
try {
await trx.step(async () => {
await query`
WITH claims, domains, organizations
LET domainEdges = (FOR v, e IN 1..1 INBOUND ${domain._id} claims RETURN { _key: e._key, _from: e._from, _to: e._to })
LET edgeKeys = (
FOR domainEdge IN domainEdges
FILTER domainEdge._to == ${domain._id}
FILTER domainEdge._from == ${org._id}
RETURN domainEdge._key
)
FOR edgeKey IN edgeKeys
REMOVE edgeKey IN claims
`
})
} catch (err) {
console.error(
`Trx step error occurred while user: ${userKey} attempted to remove claim for ${domain.slug} in org: ${org.slug}, error: ${err}`,
)
throw new Error(i18n._(t`Unable to remove domain. Please try again.`))
}
}
// Commit transaction
try {
await trx.commit()
} catch (err) {
console.error(
`Trx commit error occurred while user: ${userKey} attempted to remove ${domain.slug} in org: ${org.slug}, error: ${err}`,
)
throw new Error(i18n._(t`Unable to remove domain. Please try again.`))
}
console.info(
`User: ${userKey} successfully removed domain: ${domain.slug} from org: ${org.slug}.`,
)
return {
_type: 'result',
status: i18n._(
t`Successfully removed domain: ${domain.slug} from ${org.slug}.`,
),
domain,
}
},
})