gancio-upstream/server/api/controller/user.js

const crypto = require('crypto')
const { Op } = require('sequelize')
const config = require('../../config')
const mail = require('../mail')
const { User } = require('../models/models')
const settingsController = require('./settings')
const log = require('../../log')
const linkify = require('linkifyjs')

const userController = {
  
  async forgotPassword (req, res) {
    const email = req.body.email
    const user = await User.findOne({ where: { email, is_active: true } })
    if (!user) { return res.sendStatus(200) }

    user.recover_code = crypto.randomBytes(16).toString('hex')
    mail.send(user.email, 'recover', { user, config }, res.locals.locale)

    await user.save()
    res.sendStatus(200)
  },

  async checkRecoverCode (req, res) {
    const recover_code = req.body.recover_code
    if (!recover_code) { return res.sendStatus(400) }
    const user = await User.findOne({ where: { recover_code: { [Op.eq]: recover_code } } })
    if (!user) { return res.sendStatus(400) }
    res.json({ email: user.email })
  },

  async updatePasswordWithRecoverCode (req, res) {
    const recover_code = req.body.recover_code
    const password = req.body.password
    if (!recover_code || !password) { return res.sendStatus(400) }
    const user = await User.findOne({ where: { recover_code: { [Op.eq]: recover_code } } })
    if (!user) { return res.sendStatus(400) }
    try {
      await user.update({ recover_code: '', password })
      res.sendStatus(200)
    } catch (e) {
      res.sendStatus(400)
    }
  },

  async current (req, res) {
    if (!req.user) { return res.status(400).send('Not logged') }
    const user = await User.scope('withoutPassword').findByPk(req.user.id)
    res.json(user)
  },

  async getAll (req, res) {
    const users = await User.scope(req.user.is_admin ? 'withRecover' : 'withoutPassword').findAll({
      order: [['is_admin', 'DESC'], ['createdAt', 'DESC']]
    })
    res.json(users)
  },

  async update (req, res) {
    // user to modify
    const user = await User.findByPk(req.body.id)

    if (!user) { return res.status(404).json({ success: false, message: 'User not found!' }) }

    if (!req.body.password) { delete req.body.password }

    if ((!user.is_active && req.body.is_active)) {
      mail.send(user.email, 'confirm', { user, config }, res.locals.settings.locale)
    }

    await user.update(req.body)
    res.status(200).send()
  },

  async register (req, res) {
    if (!settingsController.settings.allow_registration) { return res.sendStatus(404) }
    const n_users = await User.count()
    try {

      // the first registered user will be an active admin
      if (n_users === 0) {
        req.body.is_active = req.body.is_admin = true
        req.body.role = 'admin'
        const user = await User.create(req.body)
        return res.json(user)
      }

      req.body.is_active = false
      req.body.is_admin = false

      // check email
      if (!linkify.test(req.body.email, 'email')) {
        return res.status(404).json('Invalid email')
      }

      log.info('Register user ', req.body.email)
      const user = await User.create(req.body)
      log.info(`Sending registration email to ${user.email}`)
      mail.send(user.email, 'register', { user, config }, res.locals.locale)
      mail.send(settingsController.settings.admin_email, 'admin_register', { user, config })
      res.sendStatus(200)
    } catch (e) {
      log.error('Registration error:', e)
      res.status(400).json(e)
    }
  },

  async create (req, res) {
    try {
      req.body.is_active = true
      req.body.recover_code = crypto.randomBytes(16).toString('hex')
      const user = await User.scope('withRecover').create(req.body)
      mail.send(user.email, 'user_confirm', { user, config }, res.locals.locale)
      res.json(user)
    } catch (e) {
      log.error('User creation error:', e)
      res.status(404).json(e)
    }
  },

  async remove (req, res) {
    try {
      let user
      // TODO: has to unset events first!
      if (req.user.is_admin && req.params.id) {
        user = await User.findByPk(req.params.id)
      } else {
        user = await User.findByPk(req.user.id)  
      }
      await user.destroy()
      log.warn(`User ${user.email} removed!`)
      res.sendStatus(200)
    } catch (e) {
      log.error('User removal error:"', e)
      res.status(404).json(e)
    }
  }
}

module.exports = userController
working on ssr 2019-04-05 00:10:19 +02:00			`const crypto = require('crypto')`
			`const { Op } = require('sequelize')`
whole new conf/setup method 2021-09-27 10:42:17 +02:00			`const config = require('../../config')`
working on ssr 2019-04-05 00:10:19 +02:00			`const mail = require('../mail')`
models initialization refactored, better dev experience as backend hmr is working 2022-12-23 01:08:14 +01:00			`const { User } = require('../models/models')`
better config / install from cli / allow_registration 2019-06-21 23:52:18 +02:00			`const settingsController = require('./settings')`
refactoring logs: use winston 2021-03-05 14:17:10 +01:00			`const log = require('../../log')`
fix #73 - add migration to docs 2020-02-15 15:42:41 +01:00			`const linkify = require('linkifyjs')`
start with nuxt 2019-04-03 00:25:12 +02:00
			`const userController = {`
allow admin to contact users via mail 2023-11-21 01:39:18 +01:00
linting 2019-09-11 19:12:24 +02:00			`async forgotPassword (req, res) {`
start with nuxt 2019-04-03 00:25:12 +02:00			`const email = req.body.email`
forgot password on active user only 2023-10-25 09:58:30 +02:00			`const user = await User.findOne({ where: { email, is_active: true } })`
linting 2019-09-11 19:12:24 +02:00			`if (!user) { return res.sendStatus(200) }`
start with nuxt 2019-04-03 00:25:12 +02:00
			`user.recover_code = crypto.randomBytes(16).toString('hex')`
refactor res.locals and settings 2022-02-26 21:27:40 +01:00			`mail.send(user.email, 'recover', { user, config }, res.locals.locale)`
. 2019-05-30 12:04:14 +02:00
start with nuxt 2019-04-03 00:25:12 +02:00			`await user.save()`
			`res.sendStatus(200)`
			`},`

linting 2019-09-11 19:12:24 +02:00			`async checkRecoverCode (req, res) {`
start with nuxt 2019-04-03 00:25:12 +02:00			`const recover_code = req.body.recover_code`
linting 2019-09-11 19:12:24 +02:00			`if (!recover_code) { return res.sendStatus(400) }`
start with nuxt 2019-04-03 00:25:12 +02:00			`const user = await User.findOne({ where: { recover_code: { [Op.eq]: recover_code } } })`
linting 2019-09-11 19:12:24 +02:00			`if (!user) { return res.sendStatus(400) }`
improve user_confirm / recover code flow 2021-12-03 16:19:50 +01:00			`res.json({ email: user.email })`
start with nuxt 2019-04-03 00:25:12 +02:00			`},`

linting 2019-09-11 19:12:24 +02:00			`async updatePasswordWithRecoverCode (req, res) {`
start with nuxt 2019-04-03 00:25:12 +02:00			`const recover_code = req.body.recover_code`
			`const password = req.body.password`
linting 2019-09-11 19:12:24 +02:00			`if (!recover_code \|\| !password) { return res.sendStatus(400) }`
start with nuxt 2019-04-03 00:25:12 +02:00			`const user = await User.findOne({ where: { recover_code: { [Op.eq]: recover_code } } })`
linting 2019-09-11 19:12:24 +02:00			`if (!user) { return res.sendStatus(400) }`
. 2019-05-30 12:04:14 +02:00			`try {`
[fix] password recovery 2019-10-02 21:04:24 +02:00			`await user.update({ recover_code: '', password })`
. 2019-05-30 12:04:14 +02:00			`res.sendStatus(200)`
. 2019-06-07 17:02:33 +02:00			`} catch (e) {`
. 2019-05-30 12:04:14 +02:00			`res.sendStatus(400)`
			`}`
start with nuxt 2019-04-03 00:25:12 +02:00			`},`

fix #18, cache users from fediverse 2019-09-12 14:59:51 +02:00			`async current (req, res) {`
squash new oauth2 flow 2022-11-04 12:22:21 +01:00			`if (!req.user) { return res.status(400).send('Not logged') }`
			`const user = await User.scope('withoutPassword').findByPk(req.user.id)`
minor 2019-10-02 21:05:15 +02:00			`res.json(user)`
start with nuxt 2019-04-03 00:25:12 +02:00			`},`

linting 2019-09-11 19:12:24 +02:00			`async getAll (req, res) {`
squash new oauth2 flow 2022-11-04 12:22:21 +01:00			`const users = await User.scope(req.user.is_admin ? 'withRecover' : 'withoutPassword').findAll({`
show admin users first 2019-11-09 15:05:33 +01:00			`order: [['is_admin', 'DESC'], ['createdAt', 'DESC']]`
start with nuxt 2019-04-03 00:25:12 +02:00			`})`
			`res.json(users)`
			`},`

linting 2019-09-11 19:12:24 +02:00			`async update (req, res) {`
settings for user - enable federation for users 2019-09-11 11:58:42 +02:00			`// user to modify`
[lint] linting 2019-10-28 17:33:20 +01:00			`const user = await User.findByPk(req.body.id)`
settings for user - enable federation for users 2019-09-11 11:58:42 +02:00
linting 2019-09-11 19:12:24 +02:00			`if (!user) { return res.status(404).json({ success: false, message: 'User not found!' }) }`
settings for user - enable federation for users 2019-09-11 11:58:42 +02:00
linting 2019-09-11 19:12:24 +02:00			`if (!req.body.password) { delete req.body.password }`
settings for user - enable federation for users 2019-09-11 11:58:42 +02:00
fix: edit role from admin 2024-02-10 11:53:05 +01:00			`if ((!user.is_active && req.body.is_active)) {`
refactor res.locals and settings 2022-02-26 21:27:40 +01:00			`mail.send(user.email, 'confirm', { user, config }, res.locals.settings.locale)`
start with nuxt 2019-04-03 00:25:12 +02:00			`}`
[fix] register email confirmation 2019-10-14 21:49:59 +02:00
			`await user.update(req.body)`
minor 2021-05-19 16:26:01 +02:00			`res.status(200).send()`
start with nuxt 2019-04-03 00:25:12 +02:00			`},`

linting 2019-09-11 19:12:24 +02:00			`async register (req, res) {`
			`if (!settingsController.settings.allow_registration) { return res.sendStatus(404) }`
start with nuxt 2019-04-03 00:25:12 +02:00			`const n_users = await User.count()`
			`try {`
fix #73 - add migration to docs 2020-02-15 15:42:41 +01:00
. 2019-05-30 12:04:14 +02:00			`// the first registered user will be an active admin`
start with nuxt 2019-04-03 00:25:12 +02:00			`if (n_users === 0) {`
			`req.body.is_active = req.body.is_admin = true`
first registered user is an admin 2024-04-01 10:29:18 +02:00			`req.body.role = 'admin'`
fix #73 - add migration to docs 2020-02-15 15:42:41 +01:00			`const user = await User.create(req.body)`
			`return res.json(user)`
			`}`

			`req.body.is_active = false`
notify user when accepted, fix #308 2023-10-25 09:50:20 +02:00			`req.body.is_admin = false`
fix #73 - add migration to docs 2020-02-15 15:42:41 +01:00
			`// check email`
			`if (!linkify.test(req.body.email, 'email')) {`
			`return res.status(404).json('Invalid email')`
start with nuxt 2019-04-03 00:25:12 +02:00			`}`
. 2019-05-30 12:04:14 +02:00
improve logging 2021-04-28 12:44:26 +02:00			`log.info('Register user ', req.body.email)`
start with nuxt 2019-04-03 00:25:12 +02:00			`const user = await User.create(req.body)`
improve logging 2021-04-28 12:44:26 +02:00			log.info(`Sending registration email to ${user.email}`)
preparing multisite settings, fix #141 2022-03-07 17:47:31 +01:00			`mail.send(user.email, 'register', { user, config }, res.locals.locale)`
minor 2021-10-20 14:14:26 +02:00			`mail.send(settingsController.settings.admin_email, 'admin_register', { user, config })`
use Taskmanager to send email with correct locale 2020-01-29 22:16:57 +01:00			`res.sendStatus(200)`
start with nuxt 2019-04-03 00:25:12 +02:00			`} catch (e) {`
improve error logging 2021-07-08 20:41:56 +02:00			`log.error('Registration error:', e)`
do not set recover_code during user registration 2022-06-28 13:34:30 +02:00			`res.status(400).json(e)`
start with nuxt 2019-04-03 00:25:12 +02:00			`}`
admin could add user, fix #14 2019-06-18 14:45:04 +02:00			`},`

linting 2019-09-11 19:12:24 +02:00			`async create (req, res) {`
admin could add user, fix #14 2019-06-18 14:45:04 +02:00			`try {`
			`req.body.is_active = true`
major on recurrent events 2019-07-23 01:31:43 +02:00			`req.body.recover_code = crypto.randomBytes(16).toString('hex')`
improve user_confirm / recover code flow 2021-12-03 16:19:50 +01:00			`const user = await User.scope('withRecover').create(req.body)`
preparing multisite settings, fix #141 2022-03-07 17:47:31 +01:00			`mail.send(user.email, 'user_confirm', { user, config }, res.locals.locale)`
admin could add user, fix #14 2019-06-18 14:45:04 +02:00			`res.json(user)`
			`} catch (e) {`
improve error logging 2021-07-08 20:41:56 +02:00			`log.error('User creation error:', e)`
admin could add user, fix #14 2019-06-18 14:45:04 +02:00			`res.status(404).json(e)`
			`}`
admin could remove user 2019-06-18 15:13:13 +02:00			`},`

linting 2019-09-11 19:12:24 +02:00			`async remove (req, res) {`
admin could remove user 2019-06-18 15:13:13 +02:00			`try {`
fix user self-removal 2022-05-03 11:42:59 +02:00			`let user`
feat: refactoring event moderation, report, report notification 2024-03-28 13:23:40 +01:00			`// TODO: has to unset events first!`
squash new oauth2 flow 2022-11-04 12:22:21 +01:00			`if (req.user.is_admin && req.params.id) {`
fix user self-removal 2022-05-03 11:42:59 +02:00			`user = await User.findByPk(req.params.id)`
			`} else {`
squash new oauth2 flow 2022-11-04 12:22:21 +01:00			`user = await User.findByPk(req.user.id)`
fix user self-removal 2022-05-03 11:42:59 +02:00			`}`
fix user removal 2021-11-10 10:59:47 +01:00			`await user.destroy()`
improve user_confirm / recover code flow 2021-12-03 16:19:50 +01:00			log.warn(`User ${user.email} removed!`)
admin could remove user 2019-06-18 15:13:13 +02:00			`res.sendStatus(200)`
			`} catch (e) {`
improve error logging 2021-07-08 20:41:56 +02:00			`log.error('User removal error:"', e)`
admin could remove user 2019-06-18 15:13:13 +02:00			`res.status(404).json(e)`
			`}`
start with nuxt 2019-04-03 00:25:12 +02:00			`}`
			`}`

			`module.exports = userController`