Support Ticket API Pull Request.

[FireMario211]

This pull requests adds a new API endpoint /api/tickets. (Requires Client Permission)

Additions from this branch:

• Added Support Ticket System API
• Added documentation for functions in /api/auth.ts
• Added new field to users table permission_id.
• Added 2 new JSON files in src.
  • 1 is permissions.json, which can handle what users can access what pages.
  • 2 is ticket_categories.json, which are for what categories users can add to their ticket.
• Fixed some of the warnings from ESLint.
• Changed website.ts to allow any Request Method (GET, POST, PATCH, DELETE, etc)

Support Ticket API Documentation:

• GET /api/tickets/list (Client [1] will be able to view their own tickets, and Support [2:level] will be able to view all tickets based on their level, and below.) - Lists the tickets.
  • Optional params:
    • page: number - Page Number (example: page=4 | defaults to 1.)
    • status: "opened" | "closed" - Filter based on closed or opened tickets (example: status=closed | defaults to opened.)
    • limit: number - Limit to how much tickets should be shown. (example: limit=15 | defaults to 10.)
  • Example Response:

{
    "ticket_id": 1,
    "user_id": 1,
    "subject": "Need help.",
    "content": "My service is not operating properly.",
    "category_ids": "0,1",
    "opened": "2021-06-24T21:25:49.359Z",
    "closed": null,
    "level": 3,
    "name": "My Name",
    "editedIn": null
}

• POST /api/tickets/create - Creates the ticket.
  • Required params:
    • subject: string - Subject or Title of the Ticket. (example: subject=Need help.)
    • content: string - Contents of the Ticket. (example: content=My service is not operating properly.)
  • Optional params:
    • categories: string or array - Category IDs for the Ticket. (example: categories=0,1)
  • Example Response:

[
  {
    "ticket_id": 1,
    "user_id": 1,
    "subject": "Need help.",
    "content": "My service is not operating properly.",
    "category_ids": "0,1",
    "opened": "2021-06-24T21:25:49.359Z",
    "closed": null,
    "level": 3,
    "name": "My Name",
    "editedIn": null
  }
]

• GET /api/tickets/:ticketid (Client [1] will only be able to access if it's their own ticket, and Support [2:level] will only be able to view the ticket based on if the ticket is based on their level, or below.) - View information about the ticket.
  • Optional params:
    • page: number - Page Number for messages (example: page=4 | defaults to 1.)
    • limit: number - Limit to how much messages should be shown. (example: limit=15 | defaults to 10.)
  • Example Response:

{
  "ticket_id": 1,
  "user_id": 1,
  "subject": "Need help.",
  "content": "My service is not operating properly.",
  "level": 3,
  "category_ids": "0,1",
  "opened": "2021-06-24T21:25:49.359Z",
  "closed": null,
  "msgs": [
    {
      "msg_id": 1,
      "user_id": 1,
      "content": "Test Message",
      "files": "0",
      "createdIn": "2021-06-24T21:28:22.242Z",
      "editedIn": null
    }
  ],
  "name": "My Name",
  "editedIn": null
}

• PUT /api/tickets/:ticketid - (Client [1] will only be able to access if it's their own ticket, and Support [2:level] will only be able to view the ticket based on if the ticket is based on their level, or below.) - Edits the ticket information, such as changing the categories, changing the status (closed/open), or editing the subject/content.
  • Optional params:
    • reopen: number - Reopens the Ticket (example: reopen=1)
    • closed: number - Closes the Ticket (example: closed=1)
    • subject: string - Subject or Title of the Ticket. (example: subject=Need help.)
    • content: string - Contents of the Ticket. (example: content=My service is not operating properly.)
    • categories: string or array - Category IDs for the Ticket. (example: categories=0,1)
  • Example Response:

204 No Content

• POST /api/tickets/:ticketid (Client [1] will only be able to access if it's their own ticket, and Support [2:level] will only be able to view the ticket based on if the ticket is based on their level, or below.) - Posts a new message to the Ticket.
  • Required params:
    • content: string - Contents of the message. (example: content=My reply to my ticket.)
  • Example Response:

{
  "msg_id": 1,
  "ticket_id": 1,
  "user_id": 1,
  "content": "Test Message",
  "createdIn": "2021-06-24T21:28:22.242Z"
}

• DELETE /api/tickets/:ticketid - (Client [1] will only be able to access if it's their own ticket, and Support [2:level] will only be able to view the ticket based on if the ticket is based on their level, or below. Administrators [4] are able to delete the ticket instead of closing it.) - Closes the Ticket.
  • Example Response:

204 No Content

• GET /api/tickets/:ticketid/:msgid - (Client [1] will only be able to access if it's their own message, and Support [2:level] will only be able to view the message based on if the ticket is based on their level, or below.) - View information about the message (Not useful but it's there.)
  • Example Response:

{
  "msg_id": 1,
  "ticket_id": 1,
  "user_id": 1,
  "content": "Test Message",
  "files": "0",
  "createdIn": "2021-06-24T21:28:22.242Z",
  "editedIn": null
}

• PATCH /api/tickets/:ticketid/:msgid (Client [1] will only be able to access if it's their own message, though Support is not able to edit the message if it's not theirs.) - Posts a new message to the Ticket.
  • Required params:
    • content: string - Contents of the message. (example: content=My edit to this message.)
  • Example Response:

{
  "msg_id": 1,
  "ticket_id": 1,
  "user_id": 1,
  "content": "My edit to this message.",
  "files": "0",
  "createdIn": "2021-06-24T21:28:22.242Z",
  "editedIn": "2021-06-24T21:31:47.355Z"
}

• DELETE /api/tickets/:ticketid/:msgid - (Client [1] will only be able to access if it's their own message, and Support [2:level] will only be able to delete the message based on if the ticket is based on their level, or below.) - Deletes the message.
  • Example Response:

204 No Content

File uploading is currently not supported and will be supported later.

Requirements after using git pull when PR is merged:

1. Use ALTER TABLE users ADD COLUMN permission_id INTEGER NOT NULL DEFAULT 0, this will add the permission_id field to the users table.
2. Use npm run sql, this will create the tickets and ticket_msgs table.
3. All users are required to be assigned permissions and logout in order to use the new ticket system.

If there are any questions or issues about this Pull Request, let me know.

[github-actions]

SQL Risks Found

src/sql/init.sql

+-------------------------------------------------+
|                   SQLCHECK                      |
+-------------------------------------------------+
> RISK LEVEL    :: ONLY MEDIUM AND HIGH RISK ANTI-PATTERNS
> SQL FILE NAME :: src/sql/init.sql
> COLOR MODE    :: DISABLED
> VERBOSE MODE  :: DISABLED
> DELIMITER     :: ;
-------------------------------------------------
==================== Results ===================

-------------------------------------------------
SQL Statement: -- initialize all tables create table if not exists users ( user_id integer not
null primary key, -- the users id registered timestamp not null, -- when the
user registered name text not null, -- the users real name email text not null,
-- for contacting the user password text not null, -- required salt text not
null, -- extra security, this will be used as an extra salt verified integer not
null default 0, -- if the user verified their email (1) or if they verified
their phone # (2) permission_id integer not null default 0 -- users permission
id. );
[src/sql/init.sql]: (HIGH RISK) (LOGICAL_DATABASE_DESIGN ANTI-PATTERN) Generic Primary Key
[Matching Expression:  id ]

[src/sql/init.sql]: (MEDIUM RISK) (PHYSICAL_DATABASE_DESIGN ANTI-PATTERN) Imprecise Data Type
[Matching Expression: real]


-------------------------------------------------
SQL Statement: create table if not exists invoices ( invoice_id integer not null primary key,
opened timestamp not null, due timestamp not null, price real not null default
0.00, currency text not null default '€' );
[src/sql/init.sql]: (MEDIUM RISK) (PHYSICAL_DATABASE_DESIGN ANTI-PATTERN) Imprecise Data Type
[Matching Expression: real]


-------------------------------------------------
SQL Statement: create table if not exists sessions ( session_id integer not null primary key,
-- session id user_id integer not null, -- user id jwt text not null, -- jwt
token createdin timestamp not null, -- when the token was created expiresin
timestamp not null, -- when the token expires ip text not null, -- remote
address rememberme integer not null default 0 -- will change what expiresin
should be );
[src/sql/init.sql]: (HIGH RISK) (LOGICAL_DATABASE_DESIGN ANTI-PATTERN) Generic Primary Key
[Matching Expression:  id ]


-------------------------------------------------
SQL Statement: create table if not exists tickets ( ticket_id integer not null primary key, --
ticket id user_id integer not null, -- user id of who created the ticket.
subject text not null default 'ticket', -- ticket subject (or title) content
text not null default 'message', -- contents of the ticket. category_ids text
not null default '0,1', -- category(s) for the ticket. (0 being billing, and 1
being bug) status integer not null default 0, -- status of the ticket, if its
open (0), or if its closed (1). opened timestamp not null, -- when the ticket
was opened. closed timestamp not null default 0, -- when the ticket was closed.
files text not null default 0, -- any files that are uploaded. (will be shown in
url form) level integer not null default 3, -- level of support createdin
timestamp not null, -- when the ticket was created. editedin timestamp not null
default 0 -- when the ticket was edited. );
[src/sql/init.sql]: (HIGH RISK) (LOGICAL_DATABASE_DESIGN ANTI-PATTERN) Generic Primary Key
[Matching Expression:  id ]


==================== Summary ===================
All Anti-Patterns and Hints  :: 5
>  High Risk   :: 3
>  Medium Risk :: 2
>  Low Risk    :: 0
>  Hints       :: 0

src/sql/init.sql

+-------------------------------------------------+
|                   SQLCHECK                      |
+-------------------------------------------------+
> RISK LEVEL    :: ONLY MEDIUM AND HIGH RISK ANTI-PATTERNS
> SQL FILE NAME :: src/sql/init.sql
> COLOR MODE    :: DISABLED
> VERBOSE MODE  :: DISABLED
> DELIMITER     :: ;
-------------------------------------------------
==================== Results ===================

-------------------------------------------------
SQL Statement: -- initialize all tables create table if not exists users ( user_id integer not
null primary key, -- the users id registered timestamp not null, -- when the
user registered name text not null, -- the users real name email text not null,
-- for contacting the user password text not null, -- required salt text not
null, -- extra security, this will be used as an extra salt verified integer not
null default 0, -- if the user verified their email (1) or if they verified
their phone # (2) permission_id integer not null default 0 -- users permission
id. );
[src/sql/init.sql]: (HIGH RISK) (LOGICAL_DATABASE_DESIGN ANTI-PATTERN) Generic Primary Key
[Matching Expression:  id ]

[src/sql/init.sql]: (MEDIUM RISK) (PHYSICAL_DATABASE_DESIGN ANTI-PATTERN) Imprecise Data Type
[Matching Expression: real]


-------------------------------------------------
SQL Statement: create table if not exists invoices ( invoice_id integer not null primary key,
opened timestamp not null, due timestamp not null, price real not null default
0.00, currency text not null default '€' );
[src/sql/init.sql]: (MEDIUM RISK) (PHYSICAL_DATABASE_DESIGN ANTI-PATTERN) Imprecise Data Type
[Matching Expression: real]


-------------------------------------------------
SQL Statement: create table if not exists sessions ( session_id integer not null primary key,
-- session id user_id integer not null, -- user id jwt text not null, -- jwt
token createdin timestamp not null, -- when the token was created expiresin
timestamp not null, -- when the token expires ip text not null, -- remote
address rememberme integer not null default 0 -- will change what expiresin
should be );
[src/sql/init.sql]: (HIGH RISK) (LOGICAL_DATABASE_DESIGN ANTI-PATTERN) Generic Primary Key
[Matching Expression:  id ]


-------------------------------------------------
SQL Statement: create table if not exists tickets ( ticket_id integer not null primary key, --
ticket id user_id integer not null, -- user id of who created the ticket.
subject text not null default 'ticket', -- ticket subject (or title) content
text not null default 'message', -- contents of the ticket. category_ids text
not null default '0,1', -- category(s) for the ticket. (0 being billing, and 1
being bug) status integer not null default 0, -- status of the ticket, if its
open (0), or if its closed (1). opened timestamp not null, -- when the ticket
was opened. closed timestamp not null default 0, -- when the ticket was closed.
files text not null default 0, -- any files that are uploaded. (will be shown in
url form) level integer not null default 3, -- level of support createdin
timestamp not null, -- when the ticket was created. editedin timestamp not null
default 0 -- when the ticket was edited. );
[src/sql/init.sql]: (HIGH RISK) (LOGICAL_DATABASE_DESIGN ANTI-PATTERN) Generic Primary Key
[Matching Expression:  id ]


==================== Summary ===================
All Anti-Patterns and Hints  :: 5
>  High Risk   :: 3
>  Medium Risk :: 2
>  Low Risk    :: 0
>  Hints       :: 0

[github-actions]

SQL Risks Found

src/sql/init.sql

+-------------------------------------------------+
|                   SQLCHECK                      |
+-------------------------------------------------+
> RISK LEVEL    :: ONLY MEDIUM AND HIGH RISK ANTI-PATTERNS
> SQL FILE NAME :: src/sql/init.sql
> COLOR MODE    :: DISABLED
> VERBOSE MODE  :: DISABLED
> DELIMITER     :: ;
-------------------------------------------------
==================== Results ===================

-------------------------------------------------
SQL Statement: -- initialize all tables create table if not exists users ( user_id integer not
null primary key, -- the users id registered timestamp not null, -- when the
user registered name text not null, -- the users real name email text not null,
-- for contacting the user password text not null, -- required salt text not
null, -- extra security, this will be used as an extra salt verified integer not
null default 0, -- if the user verified their email (1) or if they verified
their phone # (2) permission_id integer not null default 0 -- users permission
id. );
[src/sql/init.sql]: (HIGH RISK) (LOGICAL_DATABASE_DESIGN ANTI-PATTERN) Generic Primary Key
[Matching Expression:  id ]

[src/sql/init.sql]: (MEDIUM RISK) (PHYSICAL_DATABASE_DESIGN ANTI-PATTERN) Imprecise Data Type
[Matching Expression: real]


-------------------------------------------------
SQL Statement: create table if not exists invoices ( invoice_id integer not null primary key,
opened timestamp not null, due timestamp not null, price real not null default
0.00, currency text not null default '€' );
[src/sql/init.sql]: (MEDIUM RISK) (PHYSICAL_DATABASE_DESIGN ANTI-PATTERN) Imprecise Data Type
[Matching Expression: real]


-------------------------------------------------
SQL Statement: create table if not exists sessions ( session_id integer not null primary key,
-- session id user_id integer not null, -- user id jwt text not null, -- jwt
token createdin timestamp not null, -- when the token was created expiresin
timestamp not null, -- when the token expires ip text not null, -- remote
address rememberme integer not null default 0 -- will change what expiresin
should be );
[src/sql/init.sql]: (HIGH RISK) (LOGICAL_DATABASE_DESIGN ANTI-PATTERN) Generic Primary Key
[Matching Expression:  id ]


-------------------------------------------------
SQL Statement: create table if not exists tickets ( ticket_id integer not null primary key, --
ticket id user_id integer not null, -- user id of who created the ticket.
subject text not null default 'ticket', -- ticket subject (or title) content
text not null default 'message', -- contents of the ticket. category_ids text
not null default '0,1', -- category(s) for the ticket. (0 being billing, and 1
being bug) status integer not null default 0, -- status of the ticket, if its
open (0), or if its closed (1). opened timestamp not null, -- when the ticket
was opened. closed timestamp not null default 0, -- when the ticket was closed.
files text not null default 0, -- any files that are uploaded. (will be shown in
url form) level integer not null default 3, -- level of support createdin
timestamp not null, -- when the ticket was created. editedin timestamp not null
default 0 -- when the ticket was edited. );
[src/sql/init.sql]: (HIGH RISK) (LOGICAL_DATABASE_DESIGN ANTI-PATTERN) Generic Primary Key
[Matching Expression:  id ]


==================== Summary ===================
All Anti-Patterns and Hints  :: 5
>  High Risk   :: 3
>  Medium Risk :: 2
>  Low Risk    :: 0
>  Hints       :: 0

src/sql/init.sql

+-------------------------------------------------+
|                   SQLCHECK                      |
+-------------------------------------------------+
> RISK LEVEL    :: ONLY MEDIUM AND HIGH RISK ANTI-PATTERNS
> SQL FILE NAME :: src/sql/init.sql
> COLOR MODE    :: DISABLED
> VERBOSE MODE  :: DISABLED
> DELIMITER     :: ;
-------------------------------------------------
==================== Results ===================

-------------------------------------------------
SQL Statement: -- initialize all tables create table if not exists users ( user_id integer not
null primary key, -- the users id registered timestamp not null, -- when the
user registered name text not null, -- the users real name email text not null,
-- for contacting the user password text not null, -- required salt text not
null, -- extra security, this will be used as an extra salt verified integer not
null default 0, -- if the user verified their email (1) or if they verified
their phone # (2) permission_id integer not null default 0 -- users permission
id. );
[src/sql/init.sql]: (HIGH RISK) (LOGICAL_DATABASE_DESIGN ANTI-PATTERN) Generic Primary Key
[Matching Expression:  id ]

[src/sql/init.sql]: (MEDIUM RISK) (PHYSICAL_DATABASE_DESIGN ANTI-PATTERN) Imprecise Data Type
[Matching Expression: real]


-------------------------------------------------
SQL Statement: create table if not exists invoices ( invoice_id integer not null primary key,
opened timestamp not null, due timestamp not null, price real not null default
0.00, currency text not null default '€' );
[src/sql/init.sql]: (MEDIUM RISK) (PHYSICAL_DATABASE_DESIGN ANTI-PATTERN) Imprecise Data Type
[Matching Expression: real]


-------------------------------------------------
SQL Statement: create table if not exists sessions ( session_id integer not null primary key,
-- session id user_id integer not null, -- user id jwt text not null, -- jwt
token createdin timestamp not null, -- when the token was created expiresin
timestamp not null, -- when the token expires ip text not null, -- remote
address rememberme integer not null default 0 -- will change what expiresin
should be );
[src/sql/init.sql]: (HIGH RISK) (LOGICAL_DATABASE_DESIGN ANTI-PATTERN) Generic Primary Key
[Matching Expression:  id ]


-------------------------------------------------
SQL Statement: create table if not exists tickets ( ticket_id integer not null primary key, --
ticket id user_id integer not null, -- user id of who created the ticket.
subject text not null default 'ticket', -- ticket subject (or title) content
text not null default 'message', -- contents of the ticket. category_ids text
not null default '0,1', -- category(s) for the ticket. (0 being billing, and 1
being bug) status integer not null default 0, -- status of the ticket, if its
open (0), or if its closed (1). opened timestamp not null, -- when the ticket
was opened. closed timestamp not null default 0, -- when the ticket was closed.
files text not null default 0, -- any files that are uploaded. (will be shown in
url form) level integer not null default 3, -- level of support createdin
timestamp not null, -- when the ticket was created. editedin timestamp not null
default 0 -- when the ticket was edited. );
[src/sql/init.sql]: (HIGH RISK) (LOGICAL_DATABASE_DESIGN ANTI-PATTERN) Generic Primary Key
[Matching Expression:  id ]


==================== Summary ===================
All Anti-Patterns and Hints  :: 5
>  High Risk   :: 3
>  Medium Risk :: 2
>  Low Risk    :: 0
>  Hints       :: 0