gancio-upstream/server/api/controller/user.js

const crypto = require('crypto')
const { Op } = require('sequelize')
const config = require('config')
const mail = require('../mail')
const { user: User } = require('../models')
const settingsController = require('./settings')
const debug = require('debug')('user:controller')
const linkify = require('linkifyjs')

const userController = {

  async forgotPassword (req, res) {
    const email = req.body.email
    const user = await User.findOne({ where: { email: { [Op.eq]: email } } })
    if (!user) { return res.sendStatus(200) }

    user.recover_code = crypto.randomBytes(16).toString('hex')
    mail.send(user.email, 'recover', { user, config }, req.settings.locale)

    await user.save()
    res.sendStatus(200)
  },

  async checkRecoverCode (req, res) {
    const recover_code = req.body.recover_code
    if (!recover_code) { return res.sendStatus(400) }
    const user = await User.findOne({ where: { recover_code: { [Op.eq]: recover_code } } })
    if (!user) { return res.sendStatus(400) }
    res.sendStatus(200)
  },

  async updatePasswordWithRecoverCode (req, res) {
    const recover_code = req.body.recover_code
    const password = req.body.password
    if (!recover_code || !password) { return res.sendStatus(400) }
    const user = await User.findOne({ where: { recover_code: { [Op.eq]: recover_code } } })
    if (!user) { return res.sendStatus(400) }
    try {
      await user.update({ recover_code: '', password })
      res.sendStatus(200)
    } catch (e) {
      res.sendStatus(400)
    }
  },

  async current (req, res) {
    if (!req.user) { return res.status(400).send('Not logged') }
    const user = await User.scope('withoutPassword').findByPk(req.user.id)
    res.json(user)
  },

  async getAll (req, res) {
    const users = await User.scope('withoutPassword').findAll({
      order: [['is_admin', 'DESC'], ['createdAt', 'DESC']]
    })
    res.json(users)
  },

  async update (req, res) {
    // user to modify
    const user = await User.findByPk(req.body.id)

    if (!user) { return res.status(404).json({ success: false, message: 'User not found!' }) }

    if (req.body.id !== req.user.id && !req.user.is_admin) {
      return res.status(400).json({ succes: false, message: 'Not allowed' })
    }

    if (!req.body.password) { delete req.body.password }

    if (!user.is_active && req.body.is_active && user.recover_code) {
      mail.send(user.email, 'confirm', { user, config }, req.settings.locale)
    }

    await user.update(req.body)
    res.json(user)
  },

  async register (req, res) {
    if (!settingsController.settings.allow_registration) { return res.sendStatus(404) }
    const n_users = await User.count()
    try {
      req.body.recover_code = crypto.randomBytes(16).toString('hex')

      // the first registered user will be an active admin
      if (n_users === 0) {
        req.body.is_active = req.body.is_admin = true
        const user = await User.create(req.body)
        return res.json(user)
      }

      req.body.is_active = false

      // check email
      if (!linkify.test(req.body.email, 'email')) {
        return res.status(404).json('Invalid email')
      }

      debug('Register user ', req.body.email)
      const user = await User.create(req.body)
      debug(`Sending registration email to ${user.email}`)
      mail.send(user.email, 'register', { user, config }, req.settings.locale)
      mail.send(config.admin_email, 'admin_register', { user, config })
      res.sendStatus(200)
    } catch (e) {
      res.status(404).json(e)
    }
  },

  async create (req, res) {
    try {
      req.body.is_active = true
      req.body.recover_code = crypto.randomBytes(16).toString('hex')
      const user = await User.create(req.body)
      mail.send(user.email, 'user_confirm', { user, config }, req.settings.locale)
      res.json(user)
    } catch (e) {
      res.status(404).json(e)
    }
  },

  async remove (req, res) {
    try {
      const user = await User.findByPk(req.params.id)
      user.destroy()
      res.sendStatus(200)
    } catch (e) {
      res.status(404).json(e)
    }
  }
}

module.exports = userController
working on ssr 2019-04-05 00:10:19 +02:00			`const crypto = require('crypto')`
			`const { Op } = require('sequelize')`
better config / install from cli / allow_registration 2019-06-21 23:52:18 +02:00			`const config = require('config')`
working on ssr 2019-04-05 00:10:19 +02:00			`const mail = require('../mail')`
move add/rm/edit event in eventController 2020-01-31 14:56:31 +01:00			`const { user: User } = require('../models')`
better config / install from cli / allow_registration 2019-06-21 23:52:18 +02:00			`const settingsController = require('./settings')`
refactorin docker files 2019-09-25 14:38:16 +02:00			`const debug = require('debug')('user:controller')`
fix #73 - add migration to docs 2020-02-15 15:42:41 +01:00			`const linkify = require('linkifyjs')`
start with nuxt 2019-04-03 00:25:12 +02:00
			`const userController = {`

linting 2019-09-11 19:12:24 +02:00			`async forgotPassword (req, res) {`
start with nuxt 2019-04-03 00:25:12 +02:00			`const email = req.body.email`
			`const user = await User.findOne({ where: { email: { [Op.eq]: email } } })`
linting 2019-09-11 19:12:24 +02:00			`if (!user) { return res.sendStatus(200) }`
start with nuxt 2019-04-03 00:25:12 +02:00
			`user.recover_code = crypto.randomBytes(16).toString('hex')`
taskManager & recurrent events generation 2020-01-30 12:37:19 +01:00			`mail.send(user.email, 'recover', { user, config }, req.settings.locale)`
. 2019-05-30 12:04:14 +02:00
start with nuxt 2019-04-03 00:25:12 +02:00			`await user.save()`
			`res.sendStatus(200)`
			`},`

linting 2019-09-11 19:12:24 +02:00			`async checkRecoverCode (req, res) {`
start with nuxt 2019-04-03 00:25:12 +02:00			`const recover_code = req.body.recover_code`
linting 2019-09-11 19:12:24 +02:00			`if (!recover_code) { return res.sendStatus(400) }`
start with nuxt 2019-04-03 00:25:12 +02:00			`const user = await User.findOne({ where: { recover_code: { [Op.eq]: recover_code } } })`
linting 2019-09-11 19:12:24 +02:00			`if (!user) { return res.sendStatus(400) }`
minor 2019-10-02 21:05:15 +02:00			`res.sendStatus(200)`
start with nuxt 2019-04-03 00:25:12 +02:00			`},`

linting 2019-09-11 19:12:24 +02:00			`async updatePasswordWithRecoverCode (req, res) {`
start with nuxt 2019-04-03 00:25:12 +02:00			`const recover_code = req.body.recover_code`
			`const password = req.body.password`
linting 2019-09-11 19:12:24 +02:00			`if (!recover_code \|\| !password) { return res.sendStatus(400) }`
start with nuxt 2019-04-03 00:25:12 +02:00			`const user = await User.findOne({ where: { recover_code: { [Op.eq]: recover_code } } })`
linting 2019-09-11 19:12:24 +02:00			`if (!user) { return res.sendStatus(400) }`
. 2019-05-30 12:04:14 +02:00			`try {`
[fix] password recovery 2019-10-02 21:04:24 +02:00			`await user.update({ recover_code: '', password })`
. 2019-05-30 12:04:14 +02:00			`res.sendStatus(200)`
. 2019-06-07 17:02:33 +02:00			`} catch (e) {`
. 2019-05-30 12:04:14 +02:00			`res.sendStatus(400)`
			`}`
start with nuxt 2019-04-03 00:25:12 +02:00			`},`

fix #18, cache users from fediverse 2019-09-12 14:59:51 +02:00			`async current (req, res) {`
[lint] linting 2019-10-28 17:33:20 +01:00			`if (!req.user) { return res.status(400).send('Not logged') }`
[refactor] remove `username` field and let instance_name be the only AP Actor 2019-12-04 00:50:15 +01:00			`const user = await User.scope('withoutPassword').findByPk(req.user.id)`
minor 2019-10-02 21:05:15 +02:00			`res.json(user)`
start with nuxt 2019-04-03 00:25:12 +02:00			`},`

linting 2019-09-11 19:12:24 +02:00			`async getAll (req, res) {`
show admin users first 2019-11-09 15:05:33 +01:00			`const users = await User.scope('withoutPassword').findAll({`
			`order: [['is_admin', 'DESC'], ['createdAt', 'DESC']]`
start with nuxt 2019-04-03 00:25:12 +02:00			`})`
			`res.json(users)`
			`},`

linting 2019-09-11 19:12:24 +02:00			`async update (req, res) {`
settings for user - enable federation for users 2019-09-11 11:58:42 +02:00			`// user to modify`
[lint] linting 2019-10-28 17:33:20 +01:00			`const user = await User.findByPk(req.body.id)`
settings for user - enable federation for users 2019-09-11 11:58:42 +02:00
linting 2019-09-11 19:12:24 +02:00			`if (!user) { return res.status(404).json({ success: false, message: 'User not found!' }) }`
settings for user - enable federation for users 2019-09-11 11:58:42 +02:00
			`if (req.body.id !== req.user.id && !req.user.is_admin) {`
			`return res.status(400).json({ succes: false, message: 'Not allowed' })`
			`}`

linting 2019-09-11 19:12:24 +02:00			`if (!req.body.password) { delete req.body.password }`
settings for user - enable federation for users 2019-09-11 11:58:42 +02:00
			`if (!user.is_active && req.body.is_active && user.recover_code) {`
use Taskmanager to send email with correct locale 2020-01-29 22:16:57 +01:00			`mail.send(user.email, 'confirm', { user, config }, req.settings.locale)`
start with nuxt 2019-04-03 00:25:12 +02:00			`}`
[fix] register email confirmation 2019-10-14 21:49:59 +02:00
			`await user.update(req.body)`
settings for user - enable federation for users 2019-09-11 11:58:42 +02:00			`res.json(user)`
start with nuxt 2019-04-03 00:25:12 +02:00			`},`

linting 2019-09-11 19:12:24 +02:00			`async register (req, res) {`
			`if (!settingsController.settings.allow_registration) { return res.sendStatus(404) }`
start with nuxt 2019-04-03 00:25:12 +02:00			`const n_users = await User.count()`
			`try {`
fix #73 - add migration to docs 2020-02-15 15:42:41 +01:00			`req.body.recover_code = crypto.randomBytes(16).toString('hex')`

. 2019-05-30 12:04:14 +02:00			`// the first registered user will be an active admin`
start with nuxt 2019-04-03 00:25:12 +02:00			`if (n_users === 0) {`
			`req.body.is_active = req.body.is_admin = true`
fix #73 - add migration to docs 2020-02-15 15:42:41 +01:00			`const user = await User.create(req.body)`
			`return res.json(user)`
			`}`

			`req.body.is_active = false`

			`// check email`
			`if (!linkify.test(req.body.email, 'email')) {`
			`return res.status(404).json('Invalid email')`
start with nuxt 2019-04-03 00:25:12 +02:00			`}`
. 2019-05-30 12:04:14 +02:00
[mega] settings, timezone 2019-10-20 14:22:55 +02:00			`debug('Register user ', req.body.email)`
start with nuxt 2019-04-03 00:25:12 +02:00			`const user = await User.create(req.body)`
use Taskmanager to send email with correct locale 2020-01-29 22:16:57 +01:00			debug(`Sending registration email to ${user.email}`)
			`mail.send(user.email, 'register', { user, config }, req.settings.locale)`
refactoring locales management 2020-02-20 18:37:10 +01:00			`mail.send(config.admin_email, 'admin_register', { user, config })`
use Taskmanager to send email with correct locale 2020-01-29 22:16:57 +01:00			`res.sendStatus(200)`
start with nuxt 2019-04-03 00:25:12 +02:00			`} catch (e) {`
			`res.status(404).json(e)`
			`}`
admin could add user, fix #14 2019-06-18 14:45:04 +02:00			`},`

linting 2019-09-11 19:12:24 +02:00			`async create (req, res) {`
admin could add user, fix #14 2019-06-18 14:45:04 +02:00			`try {`
			`req.body.is_active = true`
major on recurrent events 2019-07-23 01:31:43 +02:00			`req.body.recover_code = crypto.randomBytes(16).toString('hex')`
admin could add user, fix #14 2019-06-18 14:45:04 +02:00			`const user = await User.create(req.body)`
use Taskmanager to send email with correct locale 2020-01-29 22:16:57 +01:00			`mail.send(user.email, 'user_confirm', { user, config }, req.settings.locale)`
admin could add user, fix #14 2019-06-18 14:45:04 +02:00			`res.json(user)`
			`} catch (e) {`
			`res.status(404).json(e)`
			`}`
admin could remove user 2019-06-18 15:13:13 +02:00			`},`

linting 2019-09-11 19:12:24 +02:00			`async remove (req, res) {`
admin could remove user 2019-06-18 15:13:13 +02:00			`try {`
			`const user = await User.findByPk(req.params.id)`
			`user.destroy()`
			`res.sendStatus(200)`
			`} catch (e) {`
			`res.status(404).json(e)`
			`}`
start with nuxt 2019-04-03 00:25:12 +02:00			`}`
			`}`

			`module.exports = userController`