2019-04-05 00:10:19 +02:00
|
|
|
const fs = require('fs')
|
|
|
|
|
const path = require('path')
|
|
|
|
|
const crypto = require('crypto')
|
2019-04-03 00:25:12 +02:00
|
|
|
const jwt = require('jsonwebtoken')
|
2019-04-05 00:10:19 +02:00
|
|
|
const { Op } = require('sequelize')
|
2019-04-26 23:14:43 +02:00
|
|
|
const jsonwebtoken = require('jsonwebtoken')
|
2019-06-21 23:52:18 +02:00
|
|
|
const config = require('config')
|
2019-04-05 00:10:19 +02:00
|
|
|
const mail = require('../mail')
|
2019-09-12 14:59:51 +02:00
|
|
|
const { user: User, event: Event, tag: Tag, place: Place, fed_users: FedUsers } = require('../models')
|
2019-06-21 23:52:18 +02:00
|
|
|
const settingsController = require('./settings')
|
2019-07-31 01:43:08 +02:00
|
|
|
const federation = require('../../federation/helpers')
|
2019-04-03 00:25:12 +02:00
|
|
|
|
|
|
|
|
const userController = {
|
2019-09-11 19:12:24 +02:00
|
|
|
async login (req, res) {
|
2019-04-03 00:25:12 +02:00
|
|
|
// find the user
|
2019-09-11 11:58:42 +02:00
|
|
|
const user = await User.findOne({ where: {
|
2019-09-11 19:12:24 +02:00
|
|
|
[Op.or]: [
|
2019-09-11 11:58:42 +02:00
|
|
|
{ email: req.body.email },
|
|
|
|
|
{ username: req.body.email }
|
|
|
|
|
]
|
|
|
|
|
} })
|
2019-04-03 00:25:12 +02:00
|
|
|
if (!user) {
|
2019-05-30 12:04:14 +02:00
|
|
|
res.status(403).json({ success: false, message: 'auth.fail' })
|
2019-04-03 00:25:12 +02:00
|
|
|
} else if (user) {
|
|
|
|
|
if (!user.is_active) {
|
2019-05-30 12:04:14 +02:00
|
|
|
res.status(403).json({ success: false, message: 'auth.not_confirmed' })
|
2019-04-03 00:25:12 +02:00
|
|
|
// check if password matches
|
|
|
|
|
} else if (!await user.comparePassword(req.body.password)) {
|
2019-05-30 12:04:14 +02:00
|
|
|
res.status(403).json({ success: false, message: 'auth.fail' })
|
2019-04-03 00:25:12 +02:00
|
|
|
} else {
|
|
|
|
|
// if user is found and password is right
|
|
|
|
|
// create a token
|
2019-04-29 00:27:29 +02:00
|
|
|
const accessToken = jsonwebtoken.sign(
|
2019-04-26 23:14:43 +02:00
|
|
|
{
|
|
|
|
|
id: user.id,
|
|
|
|
|
email: user.email,
|
|
|
|
|
scope: [user.is_admin ? 'admin' : 'user']
|
2019-04-29 00:27:29 +02:00
|
|
|
},
|
2019-06-10 00:40:37 +02:00
|
|
|
config.secret
|
2019-04-26 23:14:43 +02:00
|
|
|
)
|
2019-07-23 01:31:43 +02:00
|
|
|
res.cookie('auth._token.local', 'Bearer ' + accessToken)
|
2019-06-07 17:02:33 +02:00
|
|
|
res.json({ token: accessToken })
|
2019-04-03 00:25:12 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
|
2019-09-11 19:12:24 +02:00
|
|
|
async delEvent (req, res) {
|
2019-04-03 00:25:12 +02:00
|
|
|
const event = await Event.findByPk(req.params.id)
|
|
|
|
|
// check if event is mine (or user is admin)
|
|
|
|
|
if (event && (req.user.is_admin || req.user.id === event.userId)) {
|
|
|
|
|
if (event.image_path) {
|
2019-06-11 17:44:11 +02:00
|
|
|
const old_path = path.join(config.upload_path, event.image_path)
|
|
|
|
|
const old_thumb_path = path.join(config.upload_path, 'thumb', event.image_path)
|
2019-05-30 12:04:14 +02:00
|
|
|
try {
|
2019-08-10 15:00:08 +02:00
|
|
|
console.error('media files not removed')
|
|
|
|
|
// TOFIX
|
|
|
|
|
// await fs.unlink(old_path)
|
|
|
|
|
// await fs.unlink(old_thumb_path)
|
2019-05-30 12:04:14 +02:00
|
|
|
} catch (e) {
|
|
|
|
|
console.error(e)
|
|
|
|
|
}
|
2019-04-03 00:25:12 +02:00
|
|
|
}
|
|
|
|
|
await event.destroy()
|
|
|
|
|
res.sendStatus(200)
|
|
|
|
|
} else {
|
|
|
|
|
res.sendStatus(403)
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
|
2019-07-05 23:58:47 +02:00
|
|
|
// ADD EVENT
|
2019-09-11 19:12:24 +02:00
|
|
|
async addEvent (req, res) {
|
2019-04-03 00:25:12 +02:00
|
|
|
const body = req.body
|
|
|
|
|
|
|
|
|
|
const eventDetails = {
|
|
|
|
|
title: body.title,
|
2019-07-13 22:51:45 +02:00
|
|
|
// remove html tag
|
2019-06-25 01:05:38 +02:00
|
|
|
description: body.description ? body.description.replace(/(<([^>]+)>)/ig, '') : '',
|
2019-04-03 00:25:12 +02:00
|
|
|
multidate: body.multidate,
|
|
|
|
|
start_datetime: body.start_datetime,
|
|
|
|
|
end_datetime: body.end_datetime,
|
2019-05-30 12:12:51 +02:00
|
|
|
|
2019-07-13 01:02:11 +02:00
|
|
|
recurrent: body.recurrent,
|
|
|
|
|
// publish this event only if authenticated
|
2019-04-03 00:25:12 +02:00
|
|
|
is_visible: !!req.user
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (req.file) {
|
|
|
|
|
eventDetails.image_path = req.file.filename
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-11 19:12:24 +02:00
|
|
|
const event = await Event.create(eventDetails)
|
2019-04-03 00:25:12 +02:00
|
|
|
|
2019-09-11 11:56:22 +02:00
|
|
|
// create place if needed
|
2019-04-03 00:25:12 +02:00
|
|
|
let place
|
|
|
|
|
try {
|
|
|
|
|
place = await Place.findOrCreate({ where: { name: body.place_name },
|
|
|
|
|
defaults: { address: body.place_address } })
|
|
|
|
|
.spread((place, created) => place)
|
|
|
|
|
await event.setPlace(place)
|
2019-06-26 14:44:21 +02:00
|
|
|
event.place = place
|
2019-04-03 00:25:12 +02:00
|
|
|
} catch (e) {
|
|
|
|
|
console.error(e)
|
|
|
|
|
}
|
|
|
|
|
// create/assign tags
|
|
|
|
|
if (body.tags) {
|
|
|
|
|
await Tag.bulkCreate(body.tags.map(t => ({ tag: t })), { ignoreDuplicates: true })
|
|
|
|
|
const tags = await Tag.findAll({ where: { tag: { [Op.in]: body.tags } } })
|
2019-09-11 19:12:24 +02:00
|
|
|
await Promise.all(tags.map(t => t.update({ weigth: Number(t.weigth) + 1 })))
|
2019-04-03 00:25:12 +02:00
|
|
|
await event.addTags(tags)
|
2019-06-26 14:44:21 +02:00
|
|
|
event.tags = tags
|
2019-04-03 00:25:12 +02:00
|
|
|
}
|
2019-06-26 14:44:21 +02:00
|
|
|
|
2019-06-25 01:05:38 +02:00
|
|
|
if (req.user) {
|
|
|
|
|
await req.user.addEvent(event)
|
|
|
|
|
await event.setUser(req.user)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// send response to client
|
|
|
|
|
res.json(event)
|
2019-04-03 00:25:12 +02:00
|
|
|
|
2019-09-11 19:12:24 +02:00
|
|
|
if (req.user) { federation.sendEvent(event, req.user) }
|
2019-08-02 13:43:28 +02:00
|
|
|
|
2019-08-10 15:00:08 +02:00
|
|
|
// res.sendStatus(200)
|
2019-07-31 01:43:08 +02:00
|
|
|
|
2019-06-25 01:05:38 +02:00
|
|
|
// send notification (mastodon/email/confirmation)
|
2019-07-31 01:55:52 +02:00
|
|
|
// notifier.notifyEvent(event.id)
|
2019-04-03 00:25:12 +02:00
|
|
|
},
|
|
|
|
|
|
2019-09-11 19:12:24 +02:00
|
|
|
async updateEvent (req, res) {
|
2019-04-03 00:25:12 +02:00
|
|
|
const body = req.body
|
|
|
|
|
const event = await Event.findByPk(body.id)
|
|
|
|
|
if (!req.user.is_admin && event.userId !== req.user.id) {
|
|
|
|
|
return res.sendStatus(403)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (req.file) {
|
|
|
|
|
if (event.image_path) {
|
2019-06-11 17:44:11 +02:00
|
|
|
const old_path = path.resolve(config.upload_path, event.image_path)
|
|
|
|
|
const old_thumb_path = path.resolve(config.upload_path, 'thumb', event.image_path)
|
2019-04-03 00:25:12 +02:00
|
|
|
await fs.unlink(old_path, e => console.error(e))
|
|
|
|
|
await fs.unlink(old_thumb_path, e => console.error(e))
|
|
|
|
|
}
|
|
|
|
|
body.image_path = req.file.filename
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
body.description = body.description
|
|
|
|
|
.replace(/(<([^>]+)>)/ig, '') // remove all tags from description
|
|
|
|
|
|
|
|
|
|
await event.update(body)
|
|
|
|
|
let place
|
|
|
|
|
try {
|
|
|
|
|
place = await Place.findOrCreate({ where: { name: body.place_name },
|
|
|
|
|
defaults: { address: body.place_address } })
|
|
|
|
|
.spread((place, created) => place)
|
|
|
|
|
} catch (e) {
|
|
|
|
|
console.log('error', e)
|
|
|
|
|
}
|
|
|
|
|
await event.setPlace(place)
|
|
|
|
|
await event.setTags([])
|
|
|
|
|
if (body.tags) {
|
|
|
|
|
await Tag.bulkCreate(body.tags.map(t => ({ tag: t })), { ignoreDuplicates: true })
|
|
|
|
|
const tags = await Tag.findAll({ where: { tag: { [Op.in]: body.tags } } })
|
|
|
|
|
await event.addTags(tags)
|
|
|
|
|
}
|
2019-06-25 01:05:38 +02:00
|
|
|
const newEvent = await Event.findByPk(event.id, { include: [Tag, Place] })
|
|
|
|
|
res.json(newEvent)
|
2019-04-03 00:25:12 +02:00
|
|
|
},
|
|
|
|
|
|
2019-09-11 19:12:24 +02:00
|
|
|
async forgotPassword (req, res) {
|
2019-04-03 00:25:12 +02:00
|
|
|
const email = req.body.email
|
|
|
|
|
const user = await User.findOne({ where: { email: { [Op.eq]: email } } })
|
2019-09-11 19:12:24 +02:00
|
|
|
if (!user) { return res.sendStatus(200) }
|
2019-04-03 00:25:12 +02:00
|
|
|
|
|
|
|
|
user.recover_code = crypto.randomBytes(16).toString('hex')
|
2019-06-10 00:40:37 +02:00
|
|
|
mail.send(user.email, 'recover', { user, config })
|
2019-05-30 12:04:14 +02:00
|
|
|
|
2019-04-03 00:25:12 +02:00
|
|
|
await user.save()
|
|
|
|
|
res.sendStatus(200)
|
|
|
|
|
},
|
|
|
|
|
|
2019-09-11 19:12:24 +02:00
|
|
|
async checkRecoverCode (req, res) {
|
2019-04-03 00:25:12 +02:00
|
|
|
const recover_code = req.body.recover_code
|
2019-09-11 19:12:24 +02:00
|
|
|
if (!recover_code) { return res.sendStatus(400) }
|
2019-04-03 00:25:12 +02:00
|
|
|
const user = await User.findOne({ where: { recover_code: { [Op.eq]: recover_code } } })
|
2019-09-11 19:12:24 +02:00
|
|
|
if (!user) { return res.sendStatus(400) }
|
2019-09-06 11:58:11 +02:00
|
|
|
try {
|
2019-09-11 19:12:24 +02:00
|
|
|
await user.update({ recover_code: '' })
|
2019-09-06 11:58:11 +02:00
|
|
|
res.sendStatus(200)
|
|
|
|
|
} catch (e) {
|
|
|
|
|
res.sendStatus(400)
|
|
|
|
|
}
|
2019-04-03 00:25:12 +02:00
|
|
|
},
|
|
|
|
|
|
2019-09-11 19:12:24 +02:00
|
|
|
async updatePasswordWithRecoverCode (req, res) {
|
2019-04-03 00:25:12 +02:00
|
|
|
const recover_code = req.body.recover_code
|
|
|
|
|
const password = req.body.password
|
2019-09-11 19:12:24 +02:00
|
|
|
if (!recover_code || !password) { return res.sendStatus(400) }
|
2019-04-03 00:25:12 +02:00
|
|
|
const user = await User.findOne({ where: { recover_code: { [Op.eq]: recover_code } } })
|
2019-09-11 19:12:24 +02:00
|
|
|
if (!user) { return res.sendStatus(400) }
|
2019-09-06 11:58:11 +02:00
|
|
|
user.recover_code = ''
|
2019-04-03 00:25:12 +02:00
|
|
|
user.password = password
|
2019-05-30 12:04:14 +02:00
|
|
|
try {
|
|
|
|
|
await user.save()
|
|
|
|
|
res.sendStatus(200)
|
2019-06-07 17:02:33 +02:00
|
|
|
} catch (e) {
|
2019-05-30 12:04:14 +02:00
|
|
|
res.sendStatus(400)
|
|
|
|
|
}
|
2019-04-03 00:25:12 +02:00
|
|
|
},
|
|
|
|
|
|
2019-09-12 14:59:51 +02:00
|
|
|
async current (req, res) {
|
|
|
|
|
if (!req.user) return res.status(400).send('Not logged')
|
|
|
|
|
const user = await User.findByPk(req.user.id, { include: [ FedUsers ]})
|
|
|
|
|
res.json(user)
|
2019-04-03 00:25:12 +02:00
|
|
|
},
|
|
|
|
|
|
2019-09-11 19:12:24 +02:00
|
|
|
async getAll (req, res) {
|
2019-04-03 00:25:12 +02:00
|
|
|
const users = await User.findAll({
|
|
|
|
|
order: [['createdAt', 'DESC']]
|
|
|
|
|
})
|
|
|
|
|
res.json(users)
|
|
|
|
|
},
|
|
|
|
|
|
2019-09-11 19:12:24 +02:00
|
|
|
async update (req, res) {
|
2019-09-11 11:58:42 +02:00
|
|
|
// user to modify
|
|
|
|
|
user = await User.findByPk(req.body.id)
|
|
|
|
|
|
2019-09-11 19:12:24 +02:00
|
|
|
if (!user) { return res.status(404).json({ success: false, message: 'User not found!' }) }
|
2019-09-11 11:58:42 +02:00
|
|
|
|
|
|
|
|
if (req.body.id !== req.user.id && !req.user.is_admin) {
|
|
|
|
|
return res.status(400).json({ succes: false, message: 'Not allowed' })
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ensure username to not change if not empty
|
2019-09-11 19:12:24 +02:00
|
|
|
req.body.username = user.username ? user.username : req.body.username
|
2019-09-11 11:58:42 +02:00
|
|
|
|
2019-09-11 19:12:24 +02:00
|
|
|
if (!req.body.password) { delete req.body.password }
|
2019-09-11 11:58:42 +02:00
|
|
|
|
|
|
|
|
await user.update(req.body)
|
|
|
|
|
|
|
|
|
|
if (!user.is_active && req.body.is_active && user.recover_code) {
|
|
|
|
|
mail.send(user.email, 'confirm', { user, config })
|
2019-04-03 00:25:12 +02:00
|
|
|
}
|
2019-09-11 11:58:42 +02:00
|
|
|
res.json(user)
|
2019-04-03 00:25:12 +02:00
|
|
|
},
|
|
|
|
|
|
2019-09-11 19:12:24 +02:00
|
|
|
async register (req, res) {
|
|
|
|
|
if (!settingsController.settings.allow_registration) { return res.sendStatus(404) }
|
2019-04-03 00:25:12 +02:00
|
|
|
const n_users = await User.count()
|
|
|
|
|
try {
|
2019-05-30 12:04:14 +02:00
|
|
|
// the first registered user will be an active admin
|
2019-04-03 00:25:12 +02:00
|
|
|
if (n_users === 0) {
|
|
|
|
|
req.body.is_active = req.body.is_admin = true
|
|
|
|
|
} else {
|
|
|
|
|
req.body.is_active = false
|
|
|
|
|
}
|
2019-05-30 12:04:14 +02:00
|
|
|
|
2019-09-06 11:58:11 +02:00
|
|
|
req.body.recover_code = crypto.randomBytes(16).toString('hex')
|
2019-04-03 00:25:12 +02:00
|
|
|
const user = await User.create(req.body)
|
|
|
|
|
try {
|
2019-09-06 11:58:11 +02:00
|
|
|
mail.send(user.email, 'register', { user, config })
|
|
|
|
|
mail.send(config.admin, 'admin_register', { user, config })
|
2019-04-03 00:25:12 +02:00
|
|
|
} catch (e) {
|
|
|
|
|
return res.status(400).json(e)
|
|
|
|
|
}
|
2019-06-06 23:54:32 +02:00
|
|
|
const payload = {
|
|
|
|
|
id: user.id,
|
|
|
|
|
email: user.email,
|
|
|
|
|
scope: [user.is_admin ? 'admin' : 'user']
|
|
|
|
|
}
|
2019-06-10 00:40:37 +02:00
|
|
|
const token = jwt.sign(payload, config.secret)
|
2019-06-07 17:02:33 +02:00
|
|
|
res.json({ token, user })
|
2019-04-03 00:25:12 +02:00
|
|
|
} catch (e) {
|
|
|
|
|
res.status(404).json(e)
|
|
|
|
|
}
|
2019-06-18 14:45:04 +02:00
|
|
|
},
|
|
|
|
|
|
2019-09-11 19:12:24 +02:00
|
|
|
async create (req, res) {
|
2019-06-18 14:45:04 +02:00
|
|
|
try {
|
|
|
|
|
req.body.is_active = true
|
2019-07-23 01:31:43 +02:00
|
|
|
req.body.recover_code = crypto.randomBytes(16).toString('hex')
|
2019-06-18 14:45:04 +02:00
|
|
|
const user = await User.create(req.body)
|
2019-07-23 01:31:43 +02:00
|
|
|
mail.send(user.email, 'user_confirm', { user, config })
|
2019-06-18 14:45:04 +02:00
|
|
|
res.json(user)
|
|
|
|
|
} catch (e) {
|
|
|
|
|
res.status(404).json(e)
|
|
|
|
|
}
|
2019-06-18 15:13:13 +02:00
|
|
|
},
|
|
|
|
|
|
2019-09-11 19:12:24 +02:00
|
|
|
async remove (req, res) {
|
2019-06-18 15:13:13 +02:00
|
|
|
try {
|
|
|
|
|
const user = await User.findByPk(req.params.id)
|
|
|
|
|
user.destroy()
|
|
|
|
|
res.sendStatus(200)
|
|
|
|
|
} catch (e) {
|
|
|
|
|
res.status(404).json(e)
|
|
|
|
|
}
|
2019-04-03 00:25:12 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
module.exports = userController
|
