fix(skydive): migrate author field from ObjectId to UUID string

- Register SkydiverProfile model in mysql.js (fixes startup crash on association)
- Replace $toObjectId with direct string match in all 12 aggregation queries
- Guard toJSONFor on all Mongo models to fall back to MySQL user.toProfileJSONFor()
  when author is a UUID string (restores username/image in API responses)
- Pass user to toJSONFor() everywhere instead of null
- Remove dead .populate('author') calls (author: String has no ref)
- Fix ownership check in /last route: compare author string to req.payload.id
  instead of the now-absent author.username property
This commit is contained in:
2026-04-26 04:27:47 +02:00
parent da1f9437ab
commit 66821427be
17 changed files with 64 additions and 120 deletions
@@ -10,7 +10,6 @@ mailer.setApiKey(process.env.SENDGRID_API_KEY);
// Preload application objects on routes with ':application'
router.param('application', function (req, res, next, slug) {
Application.findOne({ slug: slug })
.populate('author')
.then(function (application) {
if (!application) {
return res.sendStatus(404);
@@ -52,7 +51,6 @@ router.get('/', auth.required, function (req, res, next) {
.skip(Number(offset))
.limit(Number(limit))
.sort({ createdAt: 'desc' })
.populate('author')
.exec(),
Application.countDocuments(query).exec(),
req.payload ? UserService.getUserById(req.payload.id) : null
@@ -117,8 +115,7 @@ router.post('/', auth.required, function (req, res, next) {
*/
router.get('/:application', auth.required, function (req, res, next) {
Promise.all([
req.payload ? UserService.getUserById(req.payload.id) : null,
req.application.populate('author')
req.payload ? UserService.getUserById(req.payload.id) : null
]).then(function (results) {
let user = results[0];
return res.json({ application: req.application.toJSONFor(user) });
+8 -10
View File
@@ -13,7 +13,6 @@ const { UserService } = require('../../../services');
// Preload jump objects on routes with ':jump'
router.param('jump', function (req, res, next, slug) {
Jump.findOne({ slug: slug })
.populate('author')
.populate('files')
.populate('x2data')
.then(function (jump) {
@@ -98,7 +97,6 @@ router.get('/', auth.required, function (req, res, next) {
.skip(Number(offset))
.limit(Number(limit))
.sort({ numero: 'desc' })
.populate('author')
.populate('files')
.populate('x2data')
.exec(),
@@ -107,9 +105,10 @@ router.get('/', auth.required, function (req, res, next) {
]).then(function (results) {
let jumps = results[0];
let jumpsCount = results[1];
let user = results[2];
return res.json({
jumps: jumps.map(function (jump) {
return jump.toJSONFor(null);
return jump.toJSONFor(user);
}),
jumpsCount: jumpsCount
});
@@ -283,7 +282,6 @@ router.get('/last', auth.required, function (req, res, next) {
Jump.find({author: user.id})
.limit(1)
.sort({ numero: 'desc' })
.populate('author')
.populate('files')
.populate('x2data')
.exec()
@@ -292,10 +290,10 @@ router.get('/last', auth.required, function (req, res, next) {
return res.status(404).json({ errors: { "Not Found": "aucun saut trouvé" } });
}
req.lastjump = jumps[0];
if (req.lastjump.author.username !== req.payload.username) {
if (req.lastjump.author !== req.payload.id) {
return res.status(403).json({ errors: { "Forbidden": "Vous ne disposez pas des autorisations suffisantes" } });
}
return res.json({ jump: req.lastjump.toJSONFor(null) });
return res.json({ jump: req.lastjump.toJSONFor(user) });
}).catch(next);
}).catch(next);
});
@@ -317,7 +315,7 @@ router.get('/:jump', auth.required, function (req, res, next) {
Jump.findOne({numero: (req.jump.numero + 1)}).exec(),
]).then(function (results) {
return res.json({
jump: req.jump.toJSONFor(null),
jump: req.jump.toJSONFor(user),
prevJump: results[0],
nextJump: results[1]
});
@@ -336,7 +334,7 @@ router.post('/', auth.required, function (req, res, next) {
let jump = new Jump(req.body.jump);
jump.author = user.id;
return jump.save().then(function () {
return res.json({ jump: jump.toJSONFor(null) });
return res.json({ jump: jump.toJSONFor(user) });
});
}).catch(next);
});
@@ -366,7 +364,7 @@ router.post('/data/:jump', auth.required, function (req, res, next) {
req.jump.files = files;
req.jump.x2data = x2data;
Jump.updateOne({_id: req.jump._id}, {files: files, x2data: x2data._id}).then(function () {
return res.json({ jump: req.jump.toJSONFor(null) });
return res.json({ jump: req.jump.toJSONFor(user) });
}).catch(next);
}).catch(next);
}).catch(next);
@@ -492,7 +490,7 @@ router.put('/:jump', auth.required, function (req, res, next) {
}
return req.jump.save().then(function (jump) {
return res.json({ jump: jump.toJSONFor(null) });
return res.json({ jump: jump.toJSONFor(user) });
});
}).catch(next);
});
+4 -8
View File
@@ -23,7 +23,6 @@ router.get('/aeronefs', auth.required, function (req, res, next) {
.limit(1)
.skip(0)
.sort({ numero: 'desc' })
.populate('author')
.populate('files')
.populate('x2data')
.exec(),
@@ -37,7 +36,7 @@ router.get('/aeronefs', auth.required, function (req, res, next) {
.exec()
]).then(function (results) {
if (results[0].length) {
let lastjump = results[0][0].toJSONFor(null);
let lastjump = results[0][0].toJSONFor(user);
let aeronefsByImat = results[1].map(function (data) {
return { aeronef: data._id.aeronef, imat: data._id.imat, count: data.count };
});
@@ -79,7 +78,6 @@ router.get('/canopies', auth.required, function (req, res, next) {
.limit(1)
.skip(0)
.sort({ numero: 'desc' })
.populate('author')
.populate('files')
.populate('x2data')
.exec(),
@@ -101,7 +99,7 @@ router.get('/canopies', auth.required, function (req, res, next) {
.exec()
]).then(function (results) {
if (results[0].length) {
let lastjump = results[0][0].toJSONFor(null);
let lastjump = results[0][0].toJSONFor(user);
let canopiesBySize = results[1].map(function (data) {
return { taille: data._id.taille, count: data.count };
});
@@ -146,7 +144,6 @@ router.get('/dropzones', auth.required, function (req, res, next) {
.limit(1)
.skip(0)
.sort({ numero: 'desc' })
.populate('author')
.populate('files')
.populate('x2data')
.exec(),
@@ -160,7 +157,7 @@ router.get('/dropzones', auth.required, function (req, res, next) {
.exec()
]).then(function (results) {
if (results[0].length) {
let lastjump = results[0][0].toJSONFor(null);
let lastjump = results[0][0].toJSONFor(user);
let dropZonesByOaci = results[1].map(function (data) {
return { lieu: data._id.lieu, oaci: data._id.oaci, count: data.count };
});
@@ -197,7 +194,6 @@ router.get('/jumps', auth.required, function (req, res, next) {
.limit(1)
.skip(0)
.sort({ numero: 'desc' })
.populate('author')
.populate('files')
.populate('x2data')
.exec(),
@@ -223,7 +219,7 @@ router.get('/jumps', auth.required, function (req, res, next) {
.exec()
]).then(function (results) {
if (results[0].length) {
let lastjump = results[0][0].toJSONFor(null);
let lastjump = results[0][0].toJSONFor(user);
let jumpsByYears = results[1].map(function (data) {
return { year: data._id.year, count: data.count };
});