All files / src/utils cohort-filter.js

94.44% Statements 17/18
93.33% Branches 14/15
100% Functions 4/4
100% Lines 14/14

Press n or j to go to the next uncovered block, b, p or k for the previous block. 



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
23x
23x
 
 
27x
18x
 
9x
9x
9x
7x
 
 
 
16x
12x
 
27x
27x
 
 
27x
 
 
23x
 
/**
 * UK OSA #17 PR 10 — list-body cohort filter.
 *
 * Companion to `middleware/sameCohort.js` (which handles the *outer*
 * 404-existence-hiding gate). This module handles the *inner* gate:
 * given a list of entries that each point to a user, filter out the
 * entries whose owner is cross-cohort to the caller.
 *
 * Resolution rules per entry:
 *   1. If the entry has a stamped `cohort` field in the
 *      `VALID_COHORTS` allow-list → use it. Zero Firestore reads.
 *   2. Else (legacy entry, pre-PR-10) → live-look up `users/<id>` and
 *      derive via `effectiveCohort`. Zero-downtime migration: old
 *      entries Just Work until they're rewritten by the write-time
 *      stamping in `updateGiftRankings` / `updateGiftWall`.
 *   3. If the live lookup returns a non-existent doc → return null
 *      (drop the entry). This is the deleted-user case: WITHOUT
 *      explicit drop, `effectiveCohort(null) → 'minor'` would leak
 *      the existence of deleted users to minor callers as
 *      "same-cohort" entries.
 *
 * Tests live in `tests/routes/leaderboards-cohort.test.js`.
 */
 
const { db } = require('./firebase');
const { effectiveCohort, VALID_COHORTS } = require('./firebase-claims');
 
async function resolveEntryCohort(entry, userId) {
  if (entry && typeof entry.cohort === 'string' && VALID_COHORTS.has(entry.cohort)) {
    return entry.cohort;
  }
  Iif (!userId) return null;
  const snap = await db.doc(`users/${userId}`).get();
  if (!snap.exists) return null;
  return effectiveCohort(snap.data());
}
 
async function filterListByCohort(items, callerCohort, idField) {
  if (!Array.isArray(items) || items.length === 0) return [];
  const resolved = await Promise.all(
    items.map(async (item) => {
      const cohort = await resolveEntryCohort(item, item?.[idField]);
      return cohort === callerCohort ? item : null;
    }),
  );
  return resolved.filter((x) => x !== null);
}
 
module.exports = { resolveEntryCohort, filterListByCohort };
 
Code coverage generated by istanbul at 2026-05-30T14:37:31.803Z