gancio-upstream/server/api/controller/user.js

const fs = require('fs')
const path = require('path')
const crypto = require('crypto')
const jwt = require('jsonwebtoken')
const { Op } = require('sequelize')
const jsonwebtoken = require('jsonwebtoken')
const config = require('config')
const mail = require('../mail')
const { user: User, event: Event, tag: Tag, place: Place } = require('../models')
const settingsController = require('./settings')
const notifier = require('../../notifier')

const userController = {
  async login(req, res) {
    // find the user
    const user = await User.findOne({ where: { email: { [Op.eq]: req.body && req.body.email } } })
    if (!user) {
      res.status(403).json({ success: false, message: 'auth.fail' })
    } else if (user) {
      if (!user.is_active) {
        res.status(403).json({ success: false, message: 'auth.not_confirmed' })
      // check if password matches
      } else if (!await user.comparePassword(req.body.password)) {
        res.status(403).json({ success: false, message: 'auth.fail' })
      } else {
        // if user is found and password is right
        // create a token
        const accessToken = jsonwebtoken.sign(
          {
            id: user.id,
            email: user.email,
            scope: [user.is_admin ? 'admin' : 'user']
          },
          config.secret
        )

        res.json({ token: accessToken })
      }
    }
  },

  async logout(req, res) {

  },

  async setToken(req, res) {
    req.user.mastodon_auth = req.body
    await req.user.save()
    res.json(req.user)
  },

  async delEvent(req, res) {
    const event = await Event.findByPk(req.params.id)
    // check if event is mine (or user is admin)
    if (event && (req.user.is_admin || req.user.id === event.userId)) {
      if (event.image_path) {
        const old_path = path.join(config.upload_path, event.image_path)
        const old_thumb_path = path.join(config.upload_path, 'thumb', event.image_path)
        try {
          await fs.unlink(old_path)
          await fs.unlink(old_thumb_path)
        } catch (e) {
          console.error(e)
        }
      }
      await event.destroy()
      res.sendStatus(200)
    } else {
      res.sendStatus(403)
    }
  },

  // ADD EVENT // there's probably a better way to do this with sequelize! TOFIX
  async addEvent(req, res) {
    const body = req.body

    const eventDetails = {
      title: body.title,
      description: body.description ? body.description.replace(/(<([^>]+)>)/ig, '') : '',
      multidate: body.multidate,
      start_datetime: body.start_datetime,
      end_datetime: body.end_datetime,

      // publish this event if authenticated
      is_visible: !!req.user
    }

    if (req.file) {
      eventDetails.image_path = req.file.filename
    }

    let event = await Event.create(eventDetails)

    // create place if needs to
    let place
    try {
      place = await Place.findOrCreate({ where: { name: body.place_name },
        defaults: { address: body.place_address } })
        .spread((place, created) => place)
      await event.setPlace(place)
      event.place = place
    } catch (e) {
      console.error(e)
    }
    // create/assign tags
    if (body.tags) {
      await Tag.bulkCreate(body.tags.map(t => ({ tag: t })), { ignoreDuplicates: true })
      const tags = await Tag.findAll({ where: { tag: { [Op.in]: body.tags } } })
      await Promise.all(tags.map(t => t.update({weigth: Number(t.weigth)+1})))
      await event.addTags(tags)
      event.tags = tags
    }

    if (req.user) {
      await req.user.addEvent(event)
      await event.setUser(req.user)
    }

    // send response to client
    res.json(event)

    // send notification (mastodon/email/confirmation)
    notifier.notifyEvent(event.id)

  },

  async updateEvent(req, res) {
    const body = req.body
    const event = await Event.findByPk(body.id)
    if (!req.user.is_admin && event.userId !== req.user.id) {
      return res.sendStatus(403)
    }

    if (req.file) {
      if (event.image_path) {
        const old_path = path.resolve(config.upload_path, event.image_path)
        const old_thumb_path = path.resolve(config.upload_path, 'thumb', event.image_path)
        await fs.unlink(old_path, e => console.error(e))
        await fs.unlink(old_thumb_path, e => console.error(e))
      }
      body.image_path = req.file.filename
    }

    body.description = body.description
      .replace(/(<([^>]+)>)/ig, '') // remove all tags from description
      // .replace(/(https?:\/\/[^\s]+)/g, '<a href="$1">$1</a>') // add links

    await event.update(body)
    let place
    try {
      place = await Place.findOrCreate({ where: { name: body.place_name },
        defaults: { address: body.place_address } })
        .spread((place, created) => place)
    } catch (e) {
      console.log('error', e)
    }
    await event.setPlace(place)
    await event.setTags([])
    if (body.tags) {
      await Tag.bulkCreate(body.tags.map(t => ({ tag: t })), { ignoreDuplicates: true })
      const tags = await Tag.findAll({ where: { tag: { [Op.in]: body.tags } } })
      await event.addTags(tags)
    }
    const newEvent = await Event.findByPk(event.id, { include: [Tag, Place] })
    res.json(newEvent)
  },

  async forgotPassword(req, res) {
    const email = req.body.email
    const user = await User.findOne({ where: { email: { [Op.eq]: email } } })
    if (!user) return res.sendStatus(200)

    user.recover_code = crypto.randomBytes(16).toString('hex')
    mail.send(user.email, 'recover', { user, config })

    await user.save()
    res.sendStatus(200)
  },

  async checkRecoverCode(req, res) {
    const recover_code = req.body.recover_code
    if (!recover_code) return res.sendStatus(400)
    const user = await User.findOne({ where: { recover_code: { [Op.eq]: recover_code } } })
    if (!user) return res.sendStatus(400)
    res.json(user)
  },

  async updatePasswordWithRecoverCode(req, res) {
    const recover_code = req.body.recover_code
    const password = req.body.password
    if (!recover_code || !password) return res.sendStatus(400)
    const user = await User.findOne({ where: { recover_code: { [Op.eq]: recover_code } } })
    if (!user) return res.sendStatus(400)
    user.password = password
    try {
      await user.save()
      res.sendStatus(200)
    } catch (e) {
      res.sendStatus(400)
    }
  },

  current(req, res) {
    if (req.user) { res.json(req.user) } else { res.sendStatus(404) }
  },

  async getAll(req, res) {
    const users = await User.findAll({
      order: [['createdAt', 'DESC']]
    })
    res.json(users)
  },

  async update(req, res) {
    const user = await User.findByPk(req.body.id)
    if (user) {
      if (!user.is_active && req.body.is_active) {
        await mail.send(user.email, 'confirm', { user, config })
      }
      await user.update(req.body)
      res.json(user)
    } else {
      res.sendStatus(400)
    }
  },


  async register(req, res) {
    if (!settingsController.settings.allow_registration) return res.sendStatus(404)
    const n_users = await User.count()
    try {
      // the first registered user will be an active admin
      if (n_users === 0) {
        req.body.is_active = req.body.is_admin = true
      } else {
        req.body.is_active = false
      }

      const user = await User.create(req.body)
      try {
        mail.send([user.email, config.admin], 'register', { user, config })
      } catch (e) {
        return res.status(400).json(e)
      }
      const payload = {
        id: user.id,
        email: user.email,
        scope: [user.is_admin ? 'admin' : 'user']
      }
      const token = jwt.sign(payload, config.secret)
      res.json({ token, user })
    } catch (e) {
      res.status(404).json(e)
    }
  },

  async create(req, res) {
    try {
      req.body.is_active = true
      const user = await User.create(req.body)
      res.json(user)
    } catch (e) {
      res.status(404).json(e)
    }
  },

  async remove(req, res) {
    try {
      const user = await User.findByPk(req.params.id)
      user.destroy()
      res.sendStatus(200)
    } catch (e) {
      res.status(404).json(e)
    }
  }
}

module.exports = userController
working on ssr 2019-04-05 00:10:19 +02:00			`const fs = require('fs')`
			`const path = require('path')`
			`const crypto = require('crypto')`
start with nuxt 2019-04-03 00:25:12 +02:00			`const jwt = require('jsonwebtoken')`
working on ssr 2019-04-05 00:10:19 +02:00			`const { Op } = require('sequelize')`
auth.nuxt.js plugin 2019-04-26 23:14:43 +02:00			`const jsonwebtoken = require('jsonwebtoken')`
better config / install from cli / allow_registration 2019-06-21 23:52:18 +02:00			`const config = require('config')`
working on ssr 2019-04-05 00:10:19 +02:00			`const mail = require('../mail')`
. 2019-06-06 23:54:32 +02:00			`const { user: User, event: Event, tag: Tag, place: Place } = require('../models')`
better config / install from cli / allow_registration 2019-06-21 23:52:18 +02:00			`const settingsController = require('./settings')`
allow_anon_event, comment via mastodon 2019-06-25 01:05:38 +02:00			`const notifier = require('../../notifier')`
start with nuxt 2019-04-03 00:25:12 +02:00
			`const userController = {`
working on ssr 2019-04-05 00:10:19 +02:00			`async login(req, res) {`
start with nuxt 2019-04-03 00:25:12 +02:00			`// find the user`
working on ssr 2019-04-05 00:10:19 +02:00			`const user = await User.findOne({ where: { email: { [Op.eq]: req.body && req.body.email } } })`
start with nuxt 2019-04-03 00:25:12 +02:00			`if (!user) {`
. 2019-05-30 12:04:14 +02:00			`res.status(403).json({ success: false, message: 'auth.fail' })`
start with nuxt 2019-04-03 00:25:12 +02:00			`} else if (user) {`
			`if (!user.is_active) {`
. 2019-05-30 12:04:14 +02:00			`res.status(403).json({ success: false, message: 'auth.not_confirmed' })`
start with nuxt 2019-04-03 00:25:12 +02:00			`// check if password matches`
			`} else if (!await user.comparePassword(req.body.password)) {`
. 2019-05-30 12:04:14 +02:00			`res.status(403).json({ success: false, message: 'auth.fail' })`
start with nuxt 2019-04-03 00:25:12 +02:00			`} else {`
			`// if user is found and password is right`
			`// create a token`
mille storie commenti da mastodon, widget con custom widget test... 2019-04-29 00:27:29 +02:00			`const accessToken = jsonwebtoken.sign(`
auth.nuxt.js plugin 2019-04-26 23:14:43 +02:00			`{`
			`id: user.id,`
			`email: user.email,`
			`scope: [user.is_admin ? 'admin' : 'user']`
mille storie commenti da mastodon, widget con custom widget test... 2019-04-29 00:27:29 +02:00			`},`
could listen to unix socket, better conf 2019-06-10 00:40:37 +02:00			`config.secret`
auth.nuxt.js plugin 2019-04-26 23:14:43 +02:00			`)`
. 2019-06-06 23:54:32 +02:00
. 2019-06-07 17:02:33 +02:00			`res.json({ token: accessToken })`
start with nuxt 2019-04-03 00:25:12 +02:00			`}`
			`}`
			`},`

auth.nuxt.js plugin 2019-04-26 23:14:43 +02:00			`async logout(req, res) {`

			`},`

working on ssr 2019-04-05 00:10:19 +02:00			`async setToken(req, res) {`
start with nuxt 2019-04-03 00:25:12 +02:00			`req.user.mastodon_auth = req.body`
			`await req.user.save()`
			`res.json(req.user)`
			`},`

working on ssr 2019-04-05 00:10:19 +02:00			`async delEvent(req, res) {`
start with nuxt 2019-04-03 00:25:12 +02:00			`const event = await Event.findByPk(req.params.id)`
			`// check if event is mine (or user is admin)`
			`if (event && (req.user.is_admin \|\| req.user.id === event.userId)) {`
			`if (event.image_path) {`
fix #10 choose upload path in config.js 2019-06-11 17:44:11 +02:00			`const old_path = path.join(config.upload_path, event.image_path)`
			`const old_thumb_path = path.join(config.upload_path, 'thumb', event.image_path)`
. 2019-05-30 12:04:14 +02:00			`try {`
			`await fs.unlink(old_path)`
			`await fs.unlink(old_thumb_path)`
			`} catch (e) {`
			`console.error(e)`
			`}`
start with nuxt 2019-04-03 00:25:12 +02:00			`}`
			`await event.destroy()`
			`res.sendStatus(200)`
			`} else {`
			`res.sendStatus(403)`
			`}`
			`},`

filteredEventsWithPast, check db connection 2019-06-26 15:44:26 +02:00			`// ADD EVENT // there's probably a better way to do this with sequelize! TOFIX`
working on ssr 2019-04-05 00:10:19 +02:00			`async addEvent(req, res) {`
start with nuxt 2019-04-03 00:25:12 +02:00			`const body = req.body`

			`const eventDetails = {`
			`title: body.title,`
allow_anon_event, comment via mastodon 2019-06-25 01:05:38 +02:00			`description: body.description ? body.description.replace(/(<([^>]+)>)/ig, '') : '',`
start with nuxt 2019-04-03 00:25:12 +02:00			`multidate: body.multidate,`
			`start_datetime: body.start_datetime,`
			`end_datetime: body.end_datetime,`
. 2019-05-30 12:12:51 +02:00
			`// publish this event if authenticated`
start with nuxt 2019-04-03 00:25:12 +02:00			`is_visible: !!req.user`
			`}`

			`if (req.file) {`
			`eventDetails.image_path = req.file.filename`
			`}`

			`let event = await Event.create(eventDetails)`

. 2019-05-30 12:12:51 +02:00			`// create place if needs to`
start with nuxt 2019-04-03 00:25:12 +02:00			`let place`
			`try {`
			`place = await Place.findOrCreate({ where: { name: body.place_name },`
			`defaults: { address: body.place_address } })`
			`.spread((place, created) => place)`
			`await event.setPlace(place)`
color, weigth, locale, config 2019-06-26 14:44:21 +02:00			`event.place = place`
start with nuxt 2019-04-03 00:25:12 +02:00			`} catch (e) {`
			`console.error(e)`
			`}`
			`// create/assign tags`
			`if (body.tags) {`
			`await Tag.bulkCreate(body.tags.map(t => ({ tag: t })), { ignoreDuplicates: true })`
			`const tags = await Tag.findAll({ where: { tag: { [Op.in]: body.tags } } })`
color, weigth, locale, config 2019-06-26 14:44:21 +02:00			`await Promise.all(tags.map(t => t.update({weigth: Number(t.weigth)+1})))`
start with nuxt 2019-04-03 00:25:12 +02:00			`await event.addTags(tags)`
color, weigth, locale, config 2019-06-26 14:44:21 +02:00			`event.tags = tags`
start with nuxt 2019-04-03 00:25:12 +02:00			`}`
color, weigth, locale, config 2019-06-26 14:44:21 +02:00
allow_anon_event, comment via mastodon 2019-06-25 01:05:38 +02:00			`if (req.user) {`
			`await req.user.addEvent(event)`
			`await event.setUser(req.user)`
			`}`

			`// send response to client`
			`res.json(event)`
start with nuxt 2019-04-03 00:25:12 +02:00
allow_anon_event, comment via mastodon 2019-06-25 01:05:38 +02:00			`// send notification (mastodon/email/confirmation)`
			`notifier.notifyEvent(event.id)`
start with nuxt 2019-04-03 00:25:12 +02:00
			`},`

working on ssr 2019-04-05 00:10:19 +02:00			`async updateEvent(req, res) {`
start with nuxt 2019-04-03 00:25:12 +02:00			`const body = req.body`
			`const event = await Event.findByPk(body.id)`
			`if (!req.user.is_admin && event.userId !== req.user.id) {`
			`return res.sendStatus(403)`
			`}`

			`if (req.file) {`
			`if (event.image_path) {`
fix #10 choose upload path in config.js 2019-06-11 17:44:11 +02:00			`const old_path = path.resolve(config.upload_path, event.image_path)`
			`const old_thumb_path = path.resolve(config.upload_path, 'thumb', event.image_path)`
start with nuxt 2019-04-03 00:25:12 +02:00			`await fs.unlink(old_path, e => console.error(e))`
			`await fs.unlink(old_thumb_path, e => console.error(e))`
			`}`
			`body.image_path = req.file.filename`
			`}`

			`body.description = body.description`
			`.replace(/(<([^>]+)>)/ig, '') // remove all tags from description`
. 2019-05-30 12:12:51 +02:00			`// .replace(/(https?:\/\/[^\s]+)/g, '<a href="$1">$1</a>') // add links`
start with nuxt 2019-04-03 00:25:12 +02:00
			`await event.update(body)`
			`let place`
			`try {`
			`place = await Place.findOrCreate({ where: { name: body.place_name },`
			`defaults: { address: body.place_address } })`
			`.spread((place, created) => place)`
			`} catch (e) {`
			`console.log('error', e)`
			`}`
			`await event.setPlace(place)`
			`await event.setTags([])`
			`if (body.tags) {`
			`await Tag.bulkCreate(body.tags.map(t => ({ tag: t })), { ignoreDuplicates: true })`
			`const tags = await Tag.findAll({ where: { tag: { [Op.in]: body.tags } } })`
			`await event.addTags(tags)`
			`}`
allow_anon_event, comment via mastodon 2019-06-25 01:05:38 +02:00			`const newEvent = await Event.findByPk(event.id, { include: [Tag, Place] })`
			`res.json(newEvent)`
start with nuxt 2019-04-03 00:25:12 +02:00			`},`

working on ssr 2019-04-05 00:10:19 +02:00			`async forgotPassword(req, res) {`
start with nuxt 2019-04-03 00:25:12 +02:00			`const email = req.body.email`
			`const user = await User.findOne({ where: { email: { [Op.eq]: email } } })`
			`if (!user) return res.sendStatus(200)`

			`user.recover_code = crypto.randomBytes(16).toString('hex')`
could listen to unix socket, better conf 2019-06-10 00:40:37 +02:00			`mail.send(user.email, 'recover', { user, config })`
. 2019-05-30 12:04:14 +02:00
start with nuxt 2019-04-03 00:25:12 +02:00			`await user.save()`
			`res.sendStatus(200)`
			`},`

working on ssr 2019-04-05 00:10:19 +02:00			`async checkRecoverCode(req, res) {`
start with nuxt 2019-04-03 00:25:12 +02:00			`const recover_code = req.body.recover_code`
			`if (!recover_code) return res.sendStatus(400)`
			`const user = await User.findOne({ where: { recover_code: { [Op.eq]: recover_code } } })`
			`if (!user) return res.sendStatus(400)`
			`res.json(user)`
			`},`

working on ssr 2019-04-05 00:10:19 +02:00			`async updatePasswordWithRecoverCode(req, res) {`
start with nuxt 2019-04-03 00:25:12 +02:00			`const recover_code = req.body.recover_code`
			`const password = req.body.password`
. 2019-05-30 12:04:14 +02:00			`if (!recover_code \|\| !password) return res.sendStatus(400)`
start with nuxt 2019-04-03 00:25:12 +02:00			`const user = await User.findOne({ where: { recover_code: { [Op.eq]: recover_code } } })`
			`if (!user) return res.sendStatus(400)`
			`user.password = password`
. 2019-05-30 12:04:14 +02:00			`try {`
			`await user.save()`
			`res.sendStatus(200)`
. 2019-06-07 17:02:33 +02:00			`} catch (e) {`
. 2019-05-30 12:04:14 +02:00			`res.sendStatus(400)`
			`}`
start with nuxt 2019-04-03 00:25:12 +02:00			`},`

. 2019-06-07 17:02:33 +02:00			`current(req, res) {`
			`if (req.user) { res.json(req.user) } else { res.sendStatus(404) }`
start with nuxt 2019-04-03 00:25:12 +02:00			`},`

working on ssr 2019-04-05 00:10:19 +02:00			`async getAll(req, res) {`
start with nuxt 2019-04-03 00:25:12 +02:00			`const users = await User.findAll({`
			`order: [['createdAt', 'DESC']]`
			`})`
			`res.json(users)`
			`},`

working on ssr 2019-04-05 00:10:19 +02:00			`async update(req, res) {`
start with nuxt 2019-04-03 00:25:12 +02:00			`const user = await User.findByPk(req.body.id)`
			`if (user) {`
			`if (!user.is_active && req.body.is_active) {`
could listen to unix socket, better conf 2019-06-10 00:40:37 +02:00			`await mail.send(user.email, 'confirm', { user, config })`
start with nuxt 2019-04-03 00:25:12 +02:00			`}`
			`await user.update(req.body)`
			`res.json(user)`
			`} else {`
			`res.sendStatus(400)`
			`}`
			`},`

admin could add user, fix #14 2019-06-18 14:45:04 +02:00
working on ssr 2019-04-05 00:10:19 +02:00			`async register(req, res) {`
better config / install from cli / allow_registration 2019-06-21 23:52:18 +02:00			`if (!settingsController.settings.allow_registration) return res.sendStatus(404)`
start with nuxt 2019-04-03 00:25:12 +02:00			`const n_users = await User.count()`
			`try {`
. 2019-05-30 12:04:14 +02:00			`// the first registered user will be an active admin`
start with nuxt 2019-04-03 00:25:12 +02:00			`if (n_users === 0) {`
			`req.body.is_active = req.body.is_admin = true`
			`} else {`
			`req.body.is_active = false`
			`}`
. 2019-05-30 12:04:14 +02:00
start with nuxt 2019-04-03 00:25:12 +02:00			`const user = await User.create(req.body)`
			`try {`
could listen to unix socket, better conf 2019-06-10 00:40:37 +02:00			`mail.send([user.email, config.admin], 'register', { user, config })`
start with nuxt 2019-04-03 00:25:12 +02:00			`} catch (e) {`
			`return res.status(400).json(e)`
			`}`
. 2019-06-06 23:54:32 +02:00			`const payload = {`
			`id: user.id,`
			`email: user.email,`
			`scope: [user.is_admin ? 'admin' : 'user']`
			`}`
could listen to unix socket, better conf 2019-06-10 00:40:37 +02:00			`const token = jwt.sign(payload, config.secret)`
. 2019-06-07 17:02:33 +02:00			`res.json({ token, user })`
start with nuxt 2019-04-03 00:25:12 +02:00			`} catch (e) {`
			`res.status(404).json(e)`
			`}`
admin could add user, fix #14 2019-06-18 14:45:04 +02:00			`},`

			`async create(req, res) {`
			`try {`
			`req.body.is_active = true`
			`const user = await User.create(req.body)`
			`res.json(user)`
			`} catch (e) {`
			`res.status(404).json(e)`
			`}`
admin could remove user 2019-06-18 15:13:13 +02:00			`},`

			`async remove(req, res) {`
			`try {`
			`const user = await User.findByPk(req.params.id)`
			`user.destroy()`
			`res.sendStatus(200)`
			`} catch (e) {`
			`res.status(404).json(e)`
			`}`
start with nuxt 2019-04-03 00:25:12 +02:00			`}`
			`}`

			`module.exports = userController`