gancio-upstream/server/api/controller/user.js

const fs = require('fs')
const path = require('path')
const crypto = require('crypto')
const { Op } = require('sequelize')
const sanitizeHtml = require('sanitize-html')
const config = require('config')
const mail = require('../mail')
const { user: User, event: Event, tag: Tag, place: Place } = require('../models')
const settingsController = require('./settings')
const debug = require('debug')('user:controller')

const userController = {
  async delEvent (req, res) {
    const event = await Event.findByPk(req.params.id)
    // check if event is mine (or user is admin)
    if (event && (req.user.is_admin || req.user.id === event.userId)) {
      if (event.image_path) {
        const old_path = path.join(config.upload_path, event.image_path)
        const old_thumb_path = path.join(config.upload_path, 'thumb', event.image_path)
        try {
          fs.unlinkSync(old_thumb_path)
          fs.unlinkSync(old_path)
        } catch (e) {
          debug(e)
        }
      }
      const notifier = require('../../notifier')
      await notifier.notifyEvent('Delete', event.id)
      await event.destroy()
      res.sendStatus(200)
    } else {
      res.sendStatus(403)
    }
  },

  /**
   * add event
   */
  async addEvent (req, res) {
    // req.err comes from multer streaming error
    if (req.err) {
      debug(req.err)
      return res.status(400).json(req.err.toString())
    }

    try {
      const body = req.body
      const recurrent = body.recurrent ? JSON.parse(body.recurrent) : null

      const eventDetails = {
        title: body.title,
        // remove html tags
        description: sanitizeHtml(body.description),
        multidate: body.multidate,
        start_datetime: body.start_datetime,
        end_datetime: body.end_datetime,
        recurrent,
        // publish this event only if authenticated
        is_visible: !!req.user
      }

      if (req.file) {
        eventDetails.image_path = req.file.filename
      }

      const event = await Event.create(eventDetails)

      // create place if needed
      const place = await Place.findOrCreate({
        where: { name: body.place_name },
        defaults: { address: body.place_address }
      })
        .spread((place, created) => place)
      await event.setPlace(place)
      event.place = place

      // create/assign tags
      if (body.tags) {
        await Tag.bulkCreate(body.tags.map(t => ({ tag: t })), { ignoreDuplicates: true })
        const tags = await Tag.findAll({ where: { tag: { [Op.in]: body.tags } } })
        await Promise.all(tags.map(t => t.update({ weigth: Number(t.weigth) + 1 })))
        await event.addTags(tags)
        event.tags = tags
      }

      // associate user to event and reverse
      if (req.user) {
        await req.user.addEvent(event)
        await event.setUser(req.user)
      }

      // return created event to the client
      res.json(event)

      // send notification (mastodon/email)
      // only if user is authenticated
      if (req.user) {
        const notifier = require('../../notifier')
        notifier.notifyEvent('Create', event.id)
      }
    } catch (e) {
      res.sendStatus(400)
      debug(e.toString())
    }
  },

  async updateEvent (req, res) {
    if (req.err) {
      return res.status(400).json(req.err.toString())
    }
    const body = req.body
    const event = await Event.findByPk(body.id)
    if (!req.user.is_admin && event.userId !== req.user.id) {
      return res.sendStatus(403)
    }

    if (req.file) {
      if (event.image_path) {
        const old_path = path.resolve(config.upload_path, event.image_path)
        const old_thumb_path = path.resolve(config.upload_path, 'thumb', event.image_path)
        await fs.unlink(old_path, e => console.error(e))
        await fs.unlink(old_thumb_path, e => console.error(e))
      }
      body.image_path = req.file.filename
    }

    body.description = sanitizeHtml(body.description)

    await event.update(body)
    let place
    try {
      place = await Place.findOrCreate({
        where: { name: body.place_name },
        defaults: { address: body.place_address }
      }).spread((place, created) => place)
    } catch (e) {
      console.log('error', e)
    }
    await event.setPlace(place)
    await event.setTags([])
    if (body.tags) {
      await Tag.bulkCreate(body.tags.map(t => ({ tag: t })), { ignoreDuplicates: true })
      const tags = await Tag.findAll({ where: { tag: { [Op.in]: body.tags } } })
      await event.addTags(tags)
    }
    const newEvent = await Event.findByPk(event.id, { include: [Tag, Place] })
    res.json(newEvent)
    const notifier = require('../../notifier')
    notifier.notifyEvent('Update', event.id)
  },

  async forgotPassword (req, res) {
    const email = req.body.email
    const user = await User.findOne({ where: { email: { [Op.eq]: email } } })
    if (!user) { return res.sendStatus(200) }

    user.recover_code = crypto.randomBytes(16).toString('hex')
    mail.send(user.email, 'recover', { user, config })

    await user.save()
    res.sendStatus(200)
  },

  async checkRecoverCode (req, res) {
    const recover_code = req.body.recover_code
    if (!recover_code) { return res.sendStatus(400) }
    const user = await User.findOne({ where: { recover_code: { [Op.eq]: recover_code } } })
    if (!user) { return res.sendStatus(400) }
    res.sendStatus(200)
  },

  async updatePasswordWithRecoverCode (req, res) {
    const recover_code = req.body.recover_code
    const password = req.body.password
    if (!recover_code || !password) { return res.sendStatus(400) }
    const user = await User.findOne({ where: { recover_code: { [Op.eq]: recover_code } } })
    if (!user) { return res.sendStatus(400) }
    try {
      await user.update({ recover_code: '', password })
      res.sendStatus(200)
    } catch (e) {
      res.sendStatus(400)
    }
  },

  async current (req, res) {
    if (!req.user) { return res.status(400).send('Not logged') }
    const user = await User.scope('withoutPassword').findByPk(req.user.id)
    res.json(user)
  },

  async getAll (req, res) {
    const users = await User.scope('withoutPassword').findAll({
      order: [['is_admin', 'DESC'], ['createdAt', 'DESC']]
    })
    res.json(users)
  },

  async update (req, res) {
    // user to modify
    const user = await User.findByPk(req.body.id)

    if (!user) { return res.status(404).json({ success: false, message: 'User not found!' }) }

    if (req.body.id !== req.user.id && !req.user.is_admin) {
      return res.status(400).json({ succes: false, message: 'Not allowed' })
    }

    if (!req.body.password) { delete req.body.password }

    if (!user.is_active && req.body.is_active && user.recover_code) {
      mail.send(user.email, 'confirm', { user, config })
    }

    await user.update(req.body)
    res.json(user)
  },

  async register (req, res) {
    if (!settingsController.settings.allow_registration) { return res.sendStatus(404) }
    const n_users = await User.count()
    try {
      // the first registered user will be an active admin
      if (n_users === 0) {
        req.body.is_active = req.body.is_admin = true
      } else {
        req.body.is_active = false
      }

      req.body.recover_code = crypto.randomBytes(16).toString('hex')
      debug('Register user ', req.body.email)
      const user = await User.create(req.body)
      try {
        debug(`Sending registration email to ${user.email}`)
        mail.send(user.email, 'register', { user, config })
        mail.send(config.admin_email, 'admin_register', { user, config })
      } catch (e) {
        return res.status(400).json(e)
      }
      const payload = {
        id: user.id,
        email: user.email,
        scope: [user.is_admin ? 'admin' : 'user']
      }
      const token = jwt.sign(payload, config.secret)
      res.json({ token, user })
    } catch (e) {
      res.status(404).json(e)
    }
  },

  async create (req, res) {
    try {
      req.body.is_active = true
      req.body.recover_code = crypto.randomBytes(16).toString('hex')
      const user = await User.create(req.body)
      mail.send(user.email, 'user_confirm', { user, config })
      res.json(user)
    } catch (e) {
      res.status(404).json(e)
    }
  },

  async remove (req, res) {
    try {
      const user = await User.findByPk(req.params.id)
      user.destroy()
      res.sendStatus(200)
    } catch (e) {
      res.status(404).json(e)
    }
  }
}

module.exports = userController
working on ssr 2019-04-05 00:10:19 +02:00			`const fs = require('fs')`
			`const path = require('path')`
			`const crypto = require('crypto')`
			`const { Op } = require('sequelize')`
sanitizehtml on event description 2020-01-15 23:37:25 +01:00			`const sanitizeHtml = require('sanitize-html')`
better config / install from cli / allow_registration 2019-06-21 23:52:18 +02:00			`const config = require('config')`
working on ssr 2019-04-05 00:10:19 +02:00			`const mail = require('../mail')`
[refactor] remove `username` field and let instance_name be the only AP Actor 2019-12-04 00:50:15 +01:00			`const { user: User, event: Event, tag: Tag, place: Place } = require('../models')`
better config / install from cli / allow_registration 2019-06-21 23:52:18 +02:00			`const settingsController = require('./settings')`
refactorin docker files 2019-09-25 14:38:16 +02:00			`const debug = require('debug')('user:controller')`
start with nuxt 2019-04-03 00:25:12 +02:00
			`const userController = {`
linting 2019-09-11 19:12:24 +02:00			`async delEvent (req, res) {`
start with nuxt 2019-04-03 00:25:12 +02:00			`const event = await Event.findByPk(req.params.id)`
			`// check if event is mine (or user is admin)`
			`if (event && (req.user.is_admin \|\| req.user.id === event.userId)) {`
			`if (event.image_path) {`
fix #10 choose upload path in config.js 2019-06-11 17:44:11 +02:00			`const old_path = path.join(config.upload_path, event.image_path)`
			`const old_thumb_path = path.join(config.upload_path, 'thumb', event.image_path)`
. 2019-05-30 12:04:14 +02:00			`try {`
[fix] remove media files on event removal 2019-10-24 15:20:09 +02:00			`fs.unlinkSync(old_thumb_path)`
			`fs.unlinkSync(old_path)`
. 2019-05-30 12:04:14 +02:00			`} catch (e) {`
[feat] add actions to notifications (add/del/update) 2019-10-02 21:04:03 +02:00			`debug(e)`
. 2019-05-30 12:04:14 +02:00			`}`
start with nuxt 2019-04-03 00:25:12 +02:00			`}`
[feat] add actions to notifications (add/del/update) 2019-10-02 21:04:03 +02:00			`const notifier = require('../../notifier')`
			`await notifier.notifyEvent('Delete', event.id)`
start with nuxt 2019-04-03 00:25:12 +02:00			`await event.destroy()`
			`res.sendStatus(200)`
			`} else {`
			`res.sendStatus(403)`
			`}`
			`},`

[fix] fediverse signature 2019-11-09 15:06:25 +01:00			`/**`
			`* add event`
			`*/`
linting 2019-09-11 19:12:24 +02:00			`async addEvent (req, res) {`
error handling while adding events 2020-01-29 22:16:11 +01:00			`// req.err comes from multer streaming error`
sanitizehtml on event description 2020-01-15 23:37:25 +01:00			`if (req.err) {`
			`debug(req.err)`
			`return res.status(400).json(req.err.toString())`
			`}`
start with nuxt 2019-04-03 00:25:12 +02:00
error handling while adding events 2020-01-29 22:16:11 +01:00			`try {`
			`const body = req.body`
			`const recurrent = body.recurrent ? JSON.parse(body.recurrent) : null`
start with nuxt 2019-04-03 00:25:12 +02:00
error handling while adding events 2020-01-29 22:16:11 +01:00			`const eventDetails = {`
			`title: body.title,`
			`// remove html tags`
			`description: sanitizeHtml(body.description),`
			`multidate: body.multidate,`
			`start_datetime: body.start_datetime,`
			`end_datetime: body.end_datetime,`
			`recurrent,`
			`// publish this event only if authenticated`
			`is_visible: !!req.user`
			`}`
start with nuxt 2019-04-03 00:25:12 +02:00
error handling while adding events 2020-01-29 22:16:11 +01:00			`if (req.file) {`
			`eventDetails.image_path = req.file.filename`
			`}`

			`const event = await Event.create(eventDetails)`

			`// create place if needed`
			`const place = await Place.findOrCreate({`
sanitizehtml on event description 2020-01-15 23:37:25 +01:00			`where: { name: body.place_name },`
			`defaults: { address: body.place_address }`
			`})`
start with nuxt 2019-04-03 00:25:12 +02:00			`.spread((place, created) => place)`
			`await event.setPlace(place)`
color, weigth, locale, config 2019-06-26 14:44:21 +02:00			`event.place = place`
[feat] add actions to notifications (add/del/update) 2019-10-02 21:04:03 +02:00
error handling while adding events 2020-01-29 22:16:11 +01:00			`// create/assign tags`
			`if (body.tags) {`
			`await Tag.bulkCreate(body.tags.map(t => ({ tag: t })), { ignoreDuplicates: true })`
			`const tags = await Tag.findAll({ where: { tag: { [Op.in]: body.tags } } })`
			`await Promise.all(tags.map(t => t.update({ weigth: Number(t.weigth) + 1 })))`
			`await event.addTags(tags)`
			`event.tags = tags`
			`}`
color, weigth, locale, config 2019-06-26 14:44:21 +02:00
error handling while adding events 2020-01-29 22:16:11 +01:00			`// associate user to event and reverse`
			`if (req.user) {`
			`await req.user.addEvent(event)`
			`await event.setUser(req.user)`
			`}`
allow_anon_event, comment via mastodon 2019-06-25 01:05:38 +02:00
error handling while adding events 2020-01-29 22:16:11 +01:00			`// return created event to the client`
			`res.json(event)`
start with nuxt 2019-04-03 00:25:12 +02:00
error handling while adding events 2020-01-29 22:16:11 +01:00			`// send notification (mastodon/email)`
			`// only if user is authenticated`
			`if (req.user) {`
			`const notifier = require('../../notifier')`
			`notifier.notifyEvent('Create', event.id)`
			`}`
			`} catch (e) {`
			`res.sendStatus(400)`
			`debug(e.toString())`
[fix] #56 unconfirmed event sent via ap 2019-11-06 11:29:00 +01:00			`}`
start with nuxt 2019-04-03 00:25:12 +02:00			`},`

linting 2019-09-11 19:12:24 +02:00			`async updateEvent (req, res) {`
sanitizehtml on event description 2020-01-15 23:37:25 +01:00			`if (req.err) {`
			`return res.status(400).json(req.err.toString())`
			`}`
start with nuxt 2019-04-03 00:25:12 +02:00			`const body = req.body`
			`const event = await Event.findByPk(body.id)`
			`if (!req.user.is_admin && event.userId !== req.user.id) {`
			`return res.sendStatus(403)`
			`}`

			`if (req.file) {`
			`if (event.image_path) {`
fix #10 choose upload path in config.js 2019-06-11 17:44:11 +02:00			`const old_path = path.resolve(config.upload_path, event.image_path)`
			`const old_thumb_path = path.resolve(config.upload_path, 'thumb', event.image_path)`
start with nuxt 2019-04-03 00:25:12 +02:00			`await fs.unlink(old_path, e => console.error(e))`
			`await fs.unlink(old_thumb_path, e => console.error(e))`
			`}`
			`body.image_path = req.file.filename`
			`}`

sanitizehtml on event description 2020-01-15 23:37:25 +01:00			`body.description = sanitizeHtml(body.description)`
start with nuxt 2019-04-03 00:25:12 +02:00
			`await event.update(body)`
			`let place`
			`try {`
sanitizehtml on event description 2020-01-15 23:37:25 +01:00			`place = await Place.findOrCreate({`
			`where: { name: body.place_name },`
			`defaults: { address: body.place_address }`
			`}).spread((place, created) => place)`
start with nuxt 2019-04-03 00:25:12 +02:00			`} catch (e) {`
			`console.log('error', e)`
			`}`
			`await event.setPlace(place)`
			`await event.setTags([])`
			`if (body.tags) {`
			`await Tag.bulkCreate(body.tags.map(t => ({ tag: t })), { ignoreDuplicates: true })`
			`const tags = await Tag.findAll({ where: { tag: { [Op.in]: body.tags } } })`
			`await event.addTags(tags)`
			`}`
allow_anon_event, comment via mastodon 2019-06-25 01:05:38 +02:00			`const newEvent = await Event.findByPk(event.id, { include: [Tag, Place] })`
			`res.json(newEvent)`
[feat] add actions to notifications (add/del/update) 2019-10-02 21:04:03 +02:00			`const notifier = require('../../notifier')`
			`notifier.notifyEvent('Update', event.id)`
start with nuxt 2019-04-03 00:25:12 +02:00			`},`

linting 2019-09-11 19:12:24 +02:00			`async forgotPassword (req, res) {`
start with nuxt 2019-04-03 00:25:12 +02:00			`const email = req.body.email`
			`const user = await User.findOne({ where: { email: { [Op.eq]: email } } })`
linting 2019-09-11 19:12:24 +02:00			`if (!user) { return res.sendStatus(200) }`
start with nuxt 2019-04-03 00:25:12 +02:00
			`user.recover_code = crypto.randomBytes(16).toString('hex')`
could listen to unix socket, better conf 2019-06-10 00:40:37 +02:00			`mail.send(user.email, 'recover', { user, config })`
. 2019-05-30 12:04:14 +02:00
start with nuxt 2019-04-03 00:25:12 +02:00			`await user.save()`
			`res.sendStatus(200)`
			`},`

linting 2019-09-11 19:12:24 +02:00			`async checkRecoverCode (req, res) {`
start with nuxt 2019-04-03 00:25:12 +02:00			`const recover_code = req.body.recover_code`
linting 2019-09-11 19:12:24 +02:00			`if (!recover_code) { return res.sendStatus(400) }`
start with nuxt 2019-04-03 00:25:12 +02:00			`const user = await User.findOne({ where: { recover_code: { [Op.eq]: recover_code } } })`
linting 2019-09-11 19:12:24 +02:00			`if (!user) { return res.sendStatus(400) }`
minor 2019-10-02 21:05:15 +02:00			`res.sendStatus(200)`
start with nuxt 2019-04-03 00:25:12 +02:00			`},`

linting 2019-09-11 19:12:24 +02:00			`async updatePasswordWithRecoverCode (req, res) {`
start with nuxt 2019-04-03 00:25:12 +02:00			`const recover_code = req.body.recover_code`
			`const password = req.body.password`
linting 2019-09-11 19:12:24 +02:00			`if (!recover_code \|\| !password) { return res.sendStatus(400) }`
start with nuxt 2019-04-03 00:25:12 +02:00			`const user = await User.findOne({ where: { recover_code: { [Op.eq]: recover_code } } })`
linting 2019-09-11 19:12:24 +02:00			`if (!user) { return res.sendStatus(400) }`
. 2019-05-30 12:04:14 +02:00			`try {`
[fix] password recovery 2019-10-02 21:04:24 +02:00			`await user.update({ recover_code: '', password })`
. 2019-05-30 12:04:14 +02:00			`res.sendStatus(200)`
. 2019-06-07 17:02:33 +02:00			`} catch (e) {`
. 2019-05-30 12:04:14 +02:00			`res.sendStatus(400)`
			`}`
start with nuxt 2019-04-03 00:25:12 +02:00			`},`

fix #18, cache users from fediverse 2019-09-12 14:59:51 +02:00			`async current (req, res) {`
[lint] linting 2019-10-28 17:33:20 +01:00			`if (!req.user) { return res.status(400).send('Not logged') }`
[refactor] remove `username` field and let instance_name be the only AP Actor 2019-12-04 00:50:15 +01:00			`const user = await User.scope('withoutPassword').findByPk(req.user.id)`
minor 2019-10-02 21:05:15 +02:00			`res.json(user)`
start with nuxt 2019-04-03 00:25:12 +02:00			`},`

linting 2019-09-11 19:12:24 +02:00			`async getAll (req, res) {`
show admin users first 2019-11-09 15:05:33 +01:00			`const users = await User.scope('withoutPassword').findAll({`
			`order: [['is_admin', 'DESC'], ['createdAt', 'DESC']]`
start with nuxt 2019-04-03 00:25:12 +02:00			`})`
			`res.json(users)`
			`},`

linting 2019-09-11 19:12:24 +02:00			`async update (req, res) {`
settings for user - enable federation for users 2019-09-11 11:58:42 +02:00			`// user to modify`
[lint] linting 2019-10-28 17:33:20 +01:00			`const user = await User.findByPk(req.body.id)`
settings for user - enable federation for users 2019-09-11 11:58:42 +02:00
linting 2019-09-11 19:12:24 +02:00			`if (!user) { return res.status(404).json({ success: false, message: 'User not found!' }) }`
settings for user - enable federation for users 2019-09-11 11:58:42 +02:00
			`if (req.body.id !== req.user.id && !req.user.is_admin) {`
			`return res.status(400).json({ succes: false, message: 'Not allowed' })`
			`}`

linting 2019-09-11 19:12:24 +02:00			`if (!req.body.password) { delete req.body.password }`
settings for user - enable federation for users 2019-09-11 11:58:42 +02:00
			`if (!user.is_active && req.body.is_active && user.recover_code) {`
			`mail.send(user.email, 'confirm', { user, config })`
start with nuxt 2019-04-03 00:25:12 +02:00			`}`
[fix] register email confirmation 2019-10-14 21:49:59 +02:00
			`await user.update(req.body)`
settings for user - enable federation for users 2019-09-11 11:58:42 +02:00			`res.json(user)`
start with nuxt 2019-04-03 00:25:12 +02:00			`},`

linting 2019-09-11 19:12:24 +02:00			`async register (req, res) {`
			`if (!settingsController.settings.allow_registration) { return res.sendStatus(404) }`
start with nuxt 2019-04-03 00:25:12 +02:00			`const n_users = await User.count()`
			`try {`
. 2019-05-30 12:04:14 +02:00			`// the first registered user will be an active admin`
start with nuxt 2019-04-03 00:25:12 +02:00			`if (n_users === 0) {`
			`req.body.is_active = req.body.is_admin = true`
			`} else {`
			`req.body.is_active = false`
			`}`
. 2019-05-30 12:04:14 +02:00
refactoring email notification, closes #8 2019-09-06 11:58:11 +02:00			`req.body.recover_code = crypto.randomBytes(16).toString('hex')`
[mega] settings, timezone 2019-10-20 14:22:55 +02:00			`debug('Register user ', req.body.email)`
start with nuxt 2019-04-03 00:25:12 +02:00			`const user = await User.create(req.body)`
			`try {`
[mega] settings, timezone 2019-10-20 14:22:55 +02:00			debug(`Sending registration email to ${user.email}`)
refactoring email notification, closes #8 2019-09-06 11:58:11 +02:00			`mail.send(user.email, 'register', { user, config })`
cleaning documentation 2019-09-24 11:46:11 +02:00			`mail.send(config.admin_email, 'admin_register', { user, config })`
start with nuxt 2019-04-03 00:25:12 +02:00			`} catch (e) {`
			`return res.status(400).json(e)`
			`}`
. 2019-06-06 23:54:32 +02:00			`const payload = {`
			`id: user.id,`
			`email: user.email,`
			`scope: [user.is_admin ? 'admin' : 'user']`
			`}`
could listen to unix socket, better conf 2019-06-10 00:40:37 +02:00			`const token = jwt.sign(payload, config.secret)`
. 2019-06-07 17:02:33 +02:00			`res.json({ token, user })`
start with nuxt 2019-04-03 00:25:12 +02:00			`} catch (e) {`
			`res.status(404).json(e)`
			`}`
admin could add user, fix #14 2019-06-18 14:45:04 +02:00			`},`

linting 2019-09-11 19:12:24 +02:00			`async create (req, res) {`
admin could add user, fix #14 2019-06-18 14:45:04 +02:00			`try {`
			`req.body.is_active = true`
major on recurrent events 2019-07-23 01:31:43 +02:00			`req.body.recover_code = crypto.randomBytes(16).toString('hex')`
admin could add user, fix #14 2019-06-18 14:45:04 +02:00			`const user = await User.create(req.body)`
major on recurrent events 2019-07-23 01:31:43 +02:00			`mail.send(user.email, 'user_confirm', { user, config })`
admin could add user, fix #14 2019-06-18 14:45:04 +02:00			`res.json(user)`
			`} catch (e) {`
			`res.status(404).json(e)`
			`}`
admin could remove user 2019-06-18 15:13:13 +02:00			`},`

linting 2019-09-11 19:12:24 +02:00			`async remove (req, res) {`
admin could remove user 2019-06-18 15:13:13 +02:00			`try {`
			`const user = await User.findByPk(req.params.id)`
			`user.destroy()`
			`res.sendStatus(200)`
			`} catch (e) {`
			`res.status(404).json(e)`
			`}`
start with nuxt 2019-04-03 00:25:12 +02:00			`}`
			`}`

			`module.exports = userController`