gancio-upstream/server/api/index.js

const express = require('express')
const multer = require('multer')
const cors = require('cors')()

const config = require('../config')
const log = require('../log')

const api = express.Router()
api.use(express.urlencoded({ extended: false }))
api.use(express.json())


if (config.status !== 'READY') {

  const setupController = require('./controller/setup')
  const settingsController = require('./controller/settings')
  api.post('/settings', settingsController.setRequest)
  api.post('/setup/db', setupController.setupDb)
  api.post('/setup/restart', setupController.restart)
  api.post('/settings/smtp', settingsController.testSMTP)

} else {

  const { isAuth, isAdmin } = require('./auth')
  const eventController = require('./controller/event')
  const placeController = require('./controller/place')
  const tagController = require('./controller/tag')
  const settingsController = require('./controller/settings')
  const exportController = require('./controller/export')
  const userController = require('./controller/user')
  const instanceController = require('./controller/instance')
  const apUserController = require('./controller/ap_user')
  const resourceController = require('./controller/resource')
  const oauthController = require('./controller/oauth')
  const announceController = require('./controller/announce')
  const cohortController = require('./controller/cohort')
  const helpers = require('../helpers')
  const storage = require('./storage')
  const upload = multer({ storage })

  /**
   * Get current authenticated user
   * @category User
   * @name /api/user
   * @type GET
   * @example **Response**
   * ```json
  {
    "description" : null,
    "recover_code" : "",
    "id" : 1,
    "createdAt" : "2020-01-29T18:10:16.630Z",
    "updatedAt" : "2020-01-30T22:42:14.789Z",
    "is_active" : true,
    "settings" : "{}",
    "email" : "eventi@cisti.org",
    "is_admin" : true
  }
  ```
  */
  api.get('/ping', (req, res) => res.sendStatus(200))
  api.get('/user', isAuth, (req, res) => res.json(res.locals.user))


  api.post('/user/recover', userController.forgotPassword)
  api.post('/user/check_recover_code', userController.checkRecoverCode)
  api.post('/user/recover_password', userController.updatePasswordWithRecoverCode)

  // register and add users
  api.post('/user/register', userController.register)
  api.post('/user', isAdmin, userController.create)

  // update user
  api.put('/user', isAuth, userController.update)

  // delete user
  api.delete('/user/:id', isAdmin, userController.remove)
  api.delete('/user', isAuth, userController.remove)

  // get all users
  api.get('/users', isAdmin, userController.getAll)

  /**
   * Get events
   * @category Event
   * @name /api/events
   * @type GET
   * @param {integer} [start] - start timestamp (default: now)
   * @param {integer} [end] - end timestamp (optional)
   * @param {array} [tags] - List of tags
   * @param {array} [places] - List of places
   * @param {integer} [max] - Max events 
   * @param {boolean} [show_recurrent] - Show also recurrent events (default: as choosen in admin settings)
   * @example ***Example***  
   * [https://demo.gancio.org/api/events](https://demo.gancio.org/api/events)  
   * [usage example](https://framagit.org/les/gancio/-/blob/master/webcomponents/src/GancioEvents.svelte#L18-42)
   */

   api.get('/events', cors, eventController.select)  

  /**
   * Add a new event
   * @category Event
   * @name /api/event
   * @type POST
   * @info `Content-Type` has to be `multipart/form-data` to support image upload
   * @param {string} title - event's title
   * @param {string} description - event's description (html accepted and sanitized)
   * @param {string} place_name - the name of the place
   * @param {string} [place_address] - the address of the place
   * @param {integer} start_datetime - start timestamp
   * @param {integer} multidate - is a multidate event?
   * @param {array} tags - List of tags
   * @param {object} [recurrent] - Recurrent event details
   * @param {string} [recurrent.frequency] - could be `1w` or `2w`
   * @param {array} [recurrent.days] - array of days
   * @param {image} [image] - Image
   */

  // allow anyone to add an event (anon event has to be confirmed, TODO: flood protection)
  api.post('/event', eventController.isAnonEventAllowed, upload.single('image'), eventController.add)

  api.get('/event/search', eventController.search)

  api.put('/event', isAuth, upload.single('image'), eventController.update)
  api.get('/event/import', isAuth, helpers.importURL)

  // remove event
  api.delete('/event/:id', isAuth, eventController.remove)

  // get tags/places
  api.get('/event/meta', eventController.searchMeta)

  // get unconfirmed events
  api.get('/event/unconfirmed', isAdmin, eventController.getUnconfirmed)

  // add event notification TODO
  api.post('/event/notification', eventController.addNotification)
  api.delete('/event/notification/:code', eventController.delNotification)

  api.post('/settings', isAdmin, settingsController.setRequest)
  api.post('/settings/logo', isAdmin, multer({ dest: config.upload_path }).single('logo'), settingsController.setLogo)
  api.post('/settings/smtp', isAdmin, settingsController.testSMTP)

  // confirm event
  api.put('/event/confirm/:event_id', isAuth, eventController.confirm)
  api.put('/event/unconfirm/:event_id', isAuth, eventController.unconfirm)

  // get event
  api.get('/event/:event_slug.:format?', cors, eventController.get)

  // export events (rss/ics)
  api.get('/export/:type', cors, exportController.export)


  api.get('/place/:placeName/events', cors, placeController.getEvents)
  api.get('/place/all', isAdmin, placeController.getAll)
  api.get('/place', cors, placeController.get)
  api.put('/place', isAdmin, placeController.updatePlace)

  api.get('/tag', cors, tagController.get)

  // - FEDIVERSE INSTANCES, MODERATION, RESOURCES
  api.get('/instances', isAdmin, instanceController.getAll)
  api.get('/instances/:instance_domain', isAdmin, instanceController.get)
  api.post('/instances/toggle_block', isAdmin, instanceController.toggleBlock)
  api.post('/instances/toggle_user_block', isAdmin, apUserController.toggleBlock)
  api.put('/resources/:resource_id', isAdmin, resourceController.hide)
  api.delete('/resources/:resource_id', isAdmin, resourceController.remove)
  api.get('/resources', isAdmin, resourceController.getAll)

  // - ADMIN ANNOUNCEMENTS
  api.get('/announcements', isAdmin, announceController.getAll)
  api.post('/announcements', isAdmin, announceController.add)
  api.put('/announcements/:announce_id', isAdmin, announceController.update)
  api.delete('/announcements/:announce_id', isAdmin, announceController.remove)

  // - COHORT
  api.get('/cohorts/:name', cohortController.getEvents)
  api.get('/cohorts', cohortController.getAll)
  api.post('/cohorts', isAdmin, cohortController.add)
  api.delete('/cohort/:id', isAdmin, cohortController.remove)
  api.get('/filter/:cohort_id', isAdmin, cohortController.getFilters)
  api.post('/filter', isAdmin, cohortController.addFilter)
  api.delete('/filter/:id', isAdmin, cohortController.removeFilter)

  // OAUTH
  api.get('/clients', isAuth, oauthController.getClients)
  api.get('/client/:client_id', isAuth, oauthController.getClient)
  api.post('/client', oauthController.createClient)
}

api.use((_req, res) => res.sendStatus(404))

// Handle 500
api.use((error, _req, res, _next) => {
  log.error('[API ERROR]', error)
  res.status(500).send('500: Internal Server Error')
})

module.exports = api
start with nuxt 2019-04-03 00:25:12 +02:00			`const express = require('express')`
			`const multer = require('multer')`
[api] cors for public api 2019-12-10 22:29:36 +01:00			`const cors = require('cors')()`
. 2019-06-06 23:54:32 +02:00
new /setup api 2021-09-30 11:12:45 +02:00			`const config = require('../config')`
refactoring logs: use winston 2021-03-05 14:17:10 +01:00			`const log = require('../log')`
linting 2019-09-11 19:12:24 +02:00
cleaning 2019-08-25 14:34:26 +02:00			`const api = express.Router()`
[oauth] start oauth auth_code server implementation 2019-12-26 11:46:21 +01:00			`api.use(express.urlencoded({ extended: false }))`
			`api.use(express.json())`
. 2019-06-06 23:54:32 +02:00
new /setup api 2021-09-30 11:12:45 +02:00
improve setup and DB initialization 2022-01-26 09:51:42 +01:00			`if (config.status !== 'READY') {`
new /setup api 2021-09-30 11:12:45 +02:00
			`const setupController = require('./controller/setup')`
			`const settingsController = require('./controller/settings')`
			`api.post('/settings', settingsController.setRequest)`
			`api.post('/setup/db', setupController.setupDb)`
			`api.post('/setup/restart', setupController.restart)`
ok lot of smtp minors 2021-10-18 15:46:38 +02:00			`api.post('/settings/smtp', settingsController.testSMTP)`
new /setup api 2021-09-30 11:12:45 +02:00
			`} else {`

			`const { isAuth, isAdmin } = require('./auth')`
			`const eventController = require('./controller/event')`
minor 2022-05-23 14:45:14 +02:00			`const placeController = require('./controller/place')`
add a tag controller 2022-05-25 10:53:51 +02:00			`const tagController = require('./controller/tag')`
new /setup api 2021-09-30 11:12:45 +02:00			`const settingsController = require('./controller/settings')`
			`const exportController = require('./controller/export')`
			`const userController = require('./controller/user')`
			`const instanceController = require('./controller/instance')`
			`const apUserController = require('./controller/ap_user')`
			`const resourceController = require('./controller/resource')`
			`const oauthController = require('./controller/oauth')`
			`const announceController = require('./controller/announce')`
cohort / filter api 2022-05-20 13:04:07 +02:00			`const cohortController = require('./controller/cohort')`
new /setup api 2021-09-30 11:12:45 +02:00			`const helpers = require('../helpers')`
			`const storage = require('./storage')`
			`const upload = multer({ storage })`

			`/**`
			`* Get current authenticated user`
			`* @category User`
			`* @name /api/user`
			`* @type GET`
			`* @example Response`
			* ```json
			`{`
			`"description" : null,`
			`"recover_code" : "",`
			`"id" : 1,`
			`"createdAt" : "2020-01-29T18:10:16.630Z",`
			`"updatedAt" : "2020-01-30T22:42:14.789Z",`
			`"is_active" : true,`
			`"settings" : "{}",`
			`"email" : "eventi@cisti.org",`
			`"is_admin" : true`
			`}`
			```
			`*/`
			`api.get('/ping', (req, res) => res.sendStatus(200))`
refactor res.locals and settings 2022-02-26 21:27:40 +01:00			`api.get('/user', isAuth, (req, res) => res.json(res.locals.user))`
new /setup api 2021-09-30 11:12:45 +02:00

			`api.post('/user/recover', userController.forgotPassword)`
			`api.post('/user/check_recover_code', userController.checkRecoverCode)`
			`api.post('/user/recover_password', userController.updatePasswordWithRecoverCode)`

			`// register and add users`
			`api.post('/user/register', userController.register)`
			`api.post('/user', isAdmin, userController.create)`

			`// update user`
			`api.put('/user', isAuth, userController.update)`

			`// delete user`
			`api.delete('/user/:id', isAdmin, userController.remove)`
minor 2022-05-03 12:09:34 +02:00			`api.delete('/user', isAuth, userController.remove)`
new /setup api 2021-09-30 11:12:45 +02:00
			`// get all users`
			`api.get('/users', isAdmin, userController.getAll)`

sort locales 2022-03-11 23:18:57 +01:00			`/**`
			`* Get events`
			`* @category Event`
			`* @name /api/events`
			`* @type GET`
			`* @param {integer} [start] - start timestamp (default: now)`
			`* @param {integer} [end] - end timestamp (optional)`
			`* @param {array} [tags] - List of tags`
			`* @param {array} [places] - List of places`
			`* @param {integer} [max] - Max events`
			`* @param {boolean} [show_recurrent] - Show also recurrent events (default: as choosen in admin settings)`
			`* @example *Example*`
			`* [https://demo.gancio.org/api/events](https://demo.gancio.org/api/events)`
			`* [usage example](https://framagit.org/les/gancio/-/blob/master/webcomponents/src/GancioEvents.svelte#L18-42)`
			`*/`

			`api.get('/events', cors, eventController.select)`

new /setup api 2021-09-30 11:12:45 +02:00			`/**`
			`* Add a new event`
			`* @category Event`
sort locales 2022-03-11 23:18:57 +01:00			`* @name /api/event`
new /setup api 2021-09-30 11:12:45 +02:00			`* @type POST`
			* @info `Content-Type` has to be `multipart/form-data` to support image upload
			`* @param {string} title - event's title`
			`* @param {string} description - event's description (html accepted and sanitized)`
			`* @param {string} place_name - the name of the place`
			`* @param {string} [place_address] - the address of the place`
			`* @param {integer} start_datetime - start timestamp`
			`* @param {integer} multidate - is a multidate event?`
			`* @param {array} tags - List of tags`
			`* @param {object} [recurrent] - Recurrent event details`
			* @param {string} [recurrent.frequency] - could be `1w` or `2w`
			`* @param {array} [recurrent.days] - array of days`
			`* @param {image} [image] - Image`
			`*/`

			`// allow anyone to add an event (anon event has to be confirmed, TODO: flood protection)`
more test 2022-03-10 13:51:24 +01:00			`api.post('/event', eventController.isAnonEventAllowed, upload.single('image'), eventController.add)`
new /setup api 2021-09-30 11:12:45 +02:00
minor 2022-05-23 14:45:14 +02:00			`api.get('/event/search', eventController.search)`

new /setup api 2021-09-30 11:12:45 +02:00			`api.put('/event', isAuth, upload.single('image'), eventController.update)`
			`api.get('/event/import', isAuth, helpers.importURL)`

			`// remove event`
			`api.delete('/event/:id', isAuth, eventController.remove)`

			`// get tags/places`
searchMeta api 2022-05-31 15:29:52 +02:00			`api.get('/event/meta', eventController.searchMeta)`
new /setup api 2021-09-30 11:12:45 +02:00
			`// get unconfirmed events`
			`api.get('/event/unconfirmed', isAdmin, eventController.getUnconfirmed)`

			`// add event notification TODO`
			`api.post('/event/notification', eventController.addNotification)`
			`api.delete('/event/notification/:code', eventController.delNotification)`

			`api.post('/settings', isAdmin, settingsController.setRequest)`
			`api.post('/settings/logo', isAdmin, multer({ dest: config.upload_path }).single('logo'), settingsController.setLogo)`
			`api.post('/settings/smtp', isAdmin, settingsController.testSMTP)`

			`// confirm event`
			`api.put('/event/confirm/:event_id', isAuth, eventController.confirm)`
			`api.put('/event/unconfirm/:event_id', isAuth, eventController.unconfirm)`

			`// get event`
fix media name 2021-11-11 16:56:08 +01:00			`api.get('/event/:event_slug.:format?', cors, eventController.get)`
new /setup api 2021-09-30 11:12:45 +02:00
			`// export events (rss/ics)`
			`api.get('/export/:type', cors, exportController.export)`

minor 2022-05-23 14:45:14 +02:00
			`api.get('/place/:placeName/events', cors, placeController.getEvents)`
fix event content-type 2022-06-01 14:13:58 +02:00			`api.get('/place/all', isAdmin, placeController.getAll)`
searchMeta api 2022-05-31 15:29:52 +02:00			`api.get('/place', cors, placeController.get)`
			`api.put('/place', isAdmin, placeController.updatePlace)`
add a tag controller 2022-05-25 10:53:51 +02:00
			`api.get('/tag', cors, tagController.get)`

minor 2022-05-23 14:45:14 +02:00			`// - FEDIVERSE INSTANCES, MODERATION, RESOURCES`
new /setup api 2021-09-30 11:12:45 +02:00			`api.get('/instances', isAdmin, instanceController.getAll)`
			`api.get('/instances/:instance_domain', isAdmin, instanceController.get)`
			`api.post('/instances/toggle_block', isAdmin, instanceController.toggleBlock)`
			`api.post('/instances/toggle_user_block', isAdmin, apUserController.toggleBlock)`
			`api.put('/resources/:resource_id', isAdmin, resourceController.hide)`
			`api.delete('/resources/:resource_id', isAdmin, resourceController.remove)`
			`api.get('/resources', isAdmin, resourceController.getAll)`

			`// - ADMIN ANNOUNCEMENTS`
			`api.get('/announcements', isAdmin, announceController.getAll)`
			`api.post('/announcements', isAdmin, announceController.add)`
			`api.put('/announcements/:announce_id', isAdmin, announceController.update)`
			`api.delete('/announcements/:announce_id', isAdmin, announceController.remove)`

cohort / filter api 2022-05-20 13:04:07 +02:00			`// - COHORT`
			`api.get('/cohorts/:name', cohortController.getEvents)`
			`api.get('/cohorts', cohortController.getAll)`
			`api.post('/cohorts', isAdmin, cohortController.add)`
			`api.delete('/cohort/:id', isAdmin, cohortController.remove)`
			`api.get('/filter/:cohort_id', isAdmin, cohortController.getFilters)`
			`api.post('/filter', isAdmin, cohortController.addFilter)`
			`api.delete('/filter/:id', isAdmin, cohortController.removeFilter)`

new /setup api 2021-09-30 11:12:45 +02:00			`// OAUTH`
			`api.get('/clients', isAuth, oauthController.getClients)`
			`api.get('/client/:client_id', isAuth, oauthController.getClient)`
			`api.post('/client', oauthController.createClient)`
new API page in docs 2020-02-02 21:08:16 +01:00			`}`
[oauth] start oauth auth_code server implementation 2019-12-26 11:46:21 +01:00
searchMeta api 2022-05-31 15:29:52 +02:00			`api.use((_req, res) => res.sendStatus(404))`
linting 2019-09-11 19:12:24 +02:00
			`// Handle 500`
searchMeta api 2022-05-31 15:29:52 +02:00			`api.use((error, _req, res, _next) => {`
improve error logging 2021-07-08 20:41:56 +02:00			`log.error('[API ERROR]', error)`
linting 2019-09-11 19:12:24 +02:00			`res.status(500).send('500: Internal Server Error')`
			`})`

start with nuxt 2019-04-03 00:25:12 +02:00			`module.exports = api`