From ea8f9ed3cfcd23c1def9aa95c9e16ec2206823bd Mon Sep 17 00:00:00 2001
From: chagai95 <31655082+chagai95@users.noreply.github.com>
Date: Sun, 10 Oct 2021 09:18:50 +0200
Subject: [PATCH] First federation steps (#80)

* allow all users to make offers.api requests

* temporarily allow all CORS

* avoid checks for authentication until a better concept is made in policy

* concatinate data from the local and 1 remote instance

* change the colors of the dots

* open openhospitality.network link when clicking on federated dots on map
---
 config/lib/express.js                         |  1 +
 modules/offers/client/api/offers.api.js       |  7 ++++--
 .../controllers/offers.server.controller.js   |  8 +++---
 .../server/policies/offers.server.policy.js   |  6 ++---
 .../server/routes/offers.server.routes.js     |  2 ++
 .../client/components/SearchMap.component.js  | 25 ++++++++++++++++---
 modules/search/client/components/layers.js    |  8 ++++--
 7 files changed, 43 insertions(+), 14 deletions(-)

diff --git a/config/lib/express.js b/config/lib/express.js
index cd67e2c96d..bce4a65158 100644
--- a/config/lib/express.js
+++ b/config/lib/express.js
@@ -323,6 +323,7 @@ module.exports.initHelmetHeaders = function (app) {
           'fcm.googleapis.com',
           'www.facebook.com',
           'https://sentry.io',
+          `http://192.168.0.134/`,
         ],
 
         // Allows control over Flash and other plugins.
diff --git a/modules/offers/client/api/offers.api.js b/modules/offers/client/api/offers.api.js
index e0af144b4c..c9889eab90 100644
--- a/modules/offers/client/api/offers.api.js
+++ b/modules/offers/client/api/offers.api.js
@@ -42,7 +42,10 @@ export async function getOffer(offerId) {
  * @param {int} offerId - id of offer
  * @returns Promise<Offer[]> - array of the found offers with limited info, mainly offer id and type.
  */
-export async function queryOffers(query = {}) {
-  const { data } = await axios.get(`/api/offers?${new URLSearchParams(query)}`);
+export async function queryOffers(query = {}, baseUrl = ``) {
+  const { data } = await axios.get(
+    `/api/offers?${new URLSearchParams(query)}`,
+    { baseURL: baseUrl },
+  );
   return data;
 }
diff --git a/modules/offers/server/controllers/offers.server.controller.js b/modules/offers/server/controllers/offers.server.controller.js
index 11ebdfd80e..f93066acf0 100644
--- a/modules/offers/server/controllers/offers.server.controller.js
+++ b/modules/offers/server/controllers/offers.server.controller.js
@@ -380,11 +380,11 @@ exports.delete = function (req, res) {
  * List of Offers
  */
 exports.list = function (req, res) {
-  if (!req.user) {
+  /* if (!req.user) {
     return res.status(403).send({
       message: errorService.getErrorMessageByKey('forbidden'),
     });
-  }
+  } */
 
   // Validate required bounding box query parameters
   const coordinateKeys = [
@@ -608,7 +608,7 @@ exports.list = function (req, res) {
     }
   }
 
-  // Filter out users that do not share any circles with the authenticated user
+  /*   // Filter out users that do not share any circles with the authenticated user
   // and chose to not appear in those searches.
   const showOnlyInMyCirclesQueries = [{ showOnlyInMyCircles: false }];
   req.user.member?.forEach(function (membership) {
@@ -622,7 +622,7 @@ exports.list = function (req, res) {
     $match: {
       $or: showOnlyInMyCirclesQueries,
     },
-  });
+  }); */
 
   // Pick fields and convert to GeoJson Feature
   query.push({
diff --git a/modules/offers/server/policies/offers.server.policy.js b/modules/offers/server/policies/offers.server.policy.js
index 7f503a5bad..858aa6c393 100644
--- a/modules/offers/server/policies/offers.server.policy.js
+++ b/modules/offers/server/policies/offers.server.policy.js
@@ -57,11 +57,11 @@ exports.invokeRolesPolicies = function () {
  */
 exports.isAllowed = function (req, res, next) {
   // No offers for non-authenticated nor for authenticated but un-published users
-  if (!req.user || (req.user && !req.user.public)) {
+  /*   if (!req.user || (req.user && !req.user.public)) {
     return res.status(403).send({
       message: errorService.getErrorMessageByKey('forbidden'),
     });
-  }
+  } */
 
   // If an offer is being processed and the current user owns it, then allow any manipulation
   if (req.offer && req.user && req.offer.user === req.user._id) {
@@ -69,7 +69,7 @@ exports.isAllowed = function (req, res, next) {
   }
 
   // Check for user roles
-  const roles = req.user && req.user.roles ? req.user.roles : ['guest'];
+  const roles = ['user'];
   acl.areAnyRolesAllowed(
     roles,
     req.route.path,
diff --git a/modules/offers/server/routes/offers.server.routes.js b/modules/offers/server/routes/offers.server.routes.js
index a26788efc3..42b2402627 100644
--- a/modules/offers/server/routes/offers.server.routes.js
+++ b/modules/offers/server/routes/offers.server.routes.js
@@ -3,8 +3,10 @@
  */
 const offersPolicy = require('../policies/offers.server.policy');
 const offers = require('../controllers/offers.server.controller');
+const cors = require('cors');
 
 module.exports = function (app) {
+  app.use(cors()); // this is not the place for this but it somehow works here, this adds cors headers
   app
     .route('/api/offers-by/:offerUserId')
     .all(offersPolicy.isAllowed)
diff --git a/modules/search/client/components/SearchMap.component.js b/modules/search/client/components/SearchMap.component.js
index 1e2fb51671..d83894ed95 100644
--- a/modules/search/client/components/SearchMap.component.js
+++ b/modules/search/client/components/SearchMap.component.js
@@ -314,13 +314,19 @@ export default function SearchMap({
     }
 
     const layerId = features[0]?.layer?.id;
+    // add also federated-host-maybe and no
+    const isFederated = features[0]?.properties?.offer === 'federated-host-yes';
 
     switch (layerId) {
       // Hosting or meeting offer
       case unclusteredPointLayer.id:
         if (features[0]?.id) {
           setSelectedState(features[0]);
-          openOfferById(features[0].id);
+          if (!isFederated) {
+            openOfferById(features[0].id);
+          } else {
+            window.open('https://openhospitality.network'); // get this from elsewhere
+          }
         }
         break;
       // Clusters
@@ -357,16 +363,29 @@ export default function SearchMap({
 
     try {
       // @TODO: cancellation when need to re-fetch
+      const dataFederated = await queryOffers(
+        {
+          filters,
+          ...boundingBox,
+        },
+        `http://192.168.0.134/`,
+      );
       const data = await queryOffers({
         filters,
         ...boundingBox,
       });
+      dataFederated.features.map(obj => {
+        const rObj = obj;
+        rObj.properties.offer = 'federated-host-yes';
+        return rObj;
+      });
+      data.features = data.features.concat(dataFederated.features);
       setOffers(data);
-    } catch {
+    } catch (err) {
       // @TODO Error handling
       process.env.NODE_ENV === 'development' &&
         // eslint-disable-next-line no-console
-        console.error('Could not load offers.');
+        console.error(err);
     }
   }
 
diff --git a/modules/search/client/components/layers.js b/modules/search/client/components/layers.js
index d5918c6ef9..357ef434af 100644
--- a/modules/search/client/components/layers.js
+++ b/modules/search/client/components/layers.js
@@ -69,11 +69,15 @@ export const unclusteredPointLayer = {
 
         // Host yes
         'host-yes',
-        '#58ba58',
+        '#3E6B71',
 
         // Host no
         'host-maybe',
-        '#f2ae43',
+        '#ECEFF1',
+
+        // federated-host-yes
+        'federated-host-yes',
+        '#B0BEC5',
 
         // Other:
         '#ccc',