allow regenerating joincode

clr-li · Feb 17, 2024 · b69377c · b69377c
1 parent 38a9522
commit b69377c
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 0 deletions.
diff --git a/public/admin.html b/public/admin.html
@@ -35,6 +35,7 @@ <h1>Dashboard</h1>
                 <div id="qrcode" class="img"></div>
                 <button id="joinlink" class="button">Copy Join Link</button>
                 <button id="emailInvite" class="button">Invite by Email</button>
+                <button id="resetJoincode" class="button delete">Reset Joincode</button>
                 <br />
             </section>
             <section class="light-section">

diff --git a/public/admin.js b/public/admin.js
@@ -51,6 +51,19 @@ async function updateJoinLink() {
         }, 5000);
     };
 
+    document.getElementById('resetJoincode').onclick = async () => {
+        const allow = await Popup.confirm(
+            "Are you sure you want to reset the group's join code? This will make the old join code and any pending email invites invalid.",
+        );
+        if (!allow) return;
+        const res = await GET('/resetJoincode?businessId=' + getBusinessId());
+        if (res.ok) {
+            updateJoinLink();
+        } else {
+            Popup.alert(sanitizeText(await res.text()), 'var(--error)');
+        }
+    };
+
     document.getElementById('emailInvite').onclick = async () => {
         const emails = await Popup.prompt(
             'Enter comma separated email addresses of the people you want to invite:',

diff --git a/server/Business.js b/server/Business.js
@@ -72,6 +72,7 @@ router.get('/renameBusiness', async (request, response) => {
  * Gets the joincode of the specified business.
  * @queryParams businessId - id of the business to get the joincode for
  * @requiredPrivileges read access to the specified business
+ * @response json object with the joincode of the specified business
  */
 router.get('/joincode', async (request, response) => {
     const uid = await handleAuth(request, response, request.query.businessId, { read: true });
@@ -83,6 +84,25 @@ router.get('/joincode', async (request, response) => {
     response.send(row);
 });
 
+/**
+ * Regenerates the joincode of the specified business (invalidating the old joincode).
+ * @queryParams businessId - id of the business to reset the joincode for
+ * @requiredPrivileges write access to the specified business
+ * @response 200 OK - if successful, 403 - [access denied], 401 - [not logged in], 400 - [bad request]
+ */
+router.get('/resetJoincode', async (request, response) => {
+    const uid = await handleAuth(request, response, request.query.businessId, { write: true });
+    if (!uid) return;
+
+    const businessId = request.query.businessId;
+
+    const changes = await asyncRunWithChanges(`UPDATE Businesses SET joincode = ? WHERE id = ?`, [
+        uuid.v4(),
+        businessId,
+    ]);
+    response.sendStatus(changes === 1 ? 200 : 400);
+});
+
 /**
  * Joins the specified business if the specified joincode is correct.
  * @queryParams businessId - id of the business to join