app/controller/user.js

const jwt = require('jsonwebtoken')
const Mastodon = require('mastodon-api')

const User = require('../models/user')
const { Event, Tag, Place } = require('../models/event')
const settingsController = require('./settings')
const eventController = require('./event')
const config = require('../config')
const mail = require('../mail')
const { Op } = require('sequelize')
const fs = require('fs')
const path = require('path')

const userController = {
  async login (req, res) {
    // find the user
    const user = await User.findOne({ where: { email: { [Op.eq]: req.body.email } } })
    if (!user) {
      res.status(404).json({ success: false, message: 'AUTH_FAIL' })
    } else if (user) {
      if (!user.is_active) {
        res.status(403).json({ success: false, message: 'NOT_CONFIRMED' })
      // check if password matches
      } else if (!await user.comparePassword(req.body.password)) {
        res.status(403).json({ success: false, message: 'AUTH_FAIL' })
      } else {
        // if user is found and password is right
        // create a token
        const payload = { email: user.email }
        var token = jwt.sign(payload, config.secret)
        res.json({
          success: true,
          message: 'Enjoy your token!',
          token,
          user
        })
      }
    }
  },

  async setToken (req, res) {
    req.user.mastodon_auth = req.body
    await req.user.save()
    res.json(req.user)
  },

  async delEvent (req, res) {
    const event = await Event.findByPk(req.params.id)
    // check if event is mine (or user is admin)
    if (event && (req.user.is_admin || req.user.id === event.userId)) {
      if (event.image_path) {
        const old_path = path.resolve(__dirname, '..', '..', 'uploads', event.image_path)
        const old_thumb_path = path.resolve(__dirname, '..', '..', 'uploads', 'thumb', event.image_path)
        await fs.unlink(old_path)
        await fs.unlink(old_thumb_path)
      }
      await event.destroy()
      res.sendStatus(200)
    } else {
      res.sendStatus(403)
    }
  },

  // ADD EVENT
  async addEvent (req, res) {
    const body = req.body

    // remove description tag and create anchor tags
    const description = body.description
      .replace(/(<([^>]+)>)/ig, '')
      .replace(/(https?:\/\/[^\s]+)/g, '<a href="$1">$1</a>')

    const eventDetails = {
      title: body.title,
      description,
      multidate: body.multidate,
      start_datetime: body.start_datetime,
      end_datetime: body.end_datetime,
      is_visible: !!req.user
    }

    if (req.file) {
      eventDetails.image_path = req.file.filename
    }

    let event = await Event.create(eventDetails)

    // create place
    let place
    try {
      place = await Place.findOrCreate({ where: { name: body.place_name },
        defaults: { address: body.place_address } })
        .spread((place, created) => place)
      await event.setPlace(place)
    } catch (e) {
      console.error(e)
    }

    // create/assign tags
    if (body.tags) {
      await Tag.bulkCreate(body.tags.map(t => ({ tag: t })), { ignoreDuplicates: true })
      const tags = await Tag.findAll({ where: { tag: { [Op.in]: body.tags } } })
      await event.addTags(tags)
    }
    if (req.user) await req.user.addEvent(event)
    event = await Event.findByPk(event.id, { include: [User, Tag, Place] })

    // insert notifications
    const notifications = await eventController.getNotifications(event)
    await event.setNotifications(notifications)

    return res.json(event)
  },

  async updateEvent (req, res) {
    const body = req.body
    const event = await Event.findByPk(body.id)
    if (!req.user.is_admin && event.userId !== req.user.id) {
      return res.sendStatus(403)
    }

    if (req.file) {
      if (event.image_path) {
        const old_path = path.resolve(__dirname, '..', '..', 'uploads', event.image_path)
        const old_thumb_path = path.resolve(__dirname, '..', '..', 'uploads', 'thumb', event.image_path)
        await fs.unlink(old_path, e => console.error(e))
        await fs.unlink(old_thumb_path, e => console.error(e))
      }
      body.image_path = req.file.filename
    }

    body.description = body.description
      .replace(/(<([^>]+)>)/ig, '') // remove all tags from description
      .replace(/(https?:\/\/[^\s]+)/g, '<a href="$1">$1</a>') // add links

    await event.update(body)
    let place
    try {
      place = await Place.findOrCreate({ where: { name: body.place_name },
        defaults: { address: body.place_address } })
        .spread((place, created) => place)
    } catch (e) {
      console.log('error', e)
    }
    await event.setPlace(place)
    await event.setTags([])
    if (body.tags) {
      await Tag.bulkCreate(body.tags.map(t => ({ tag: t })), { ignoreDuplicates: true })
      const tags = await Tag.findAll({ where: { tag: { [Op.in]: body.tags } } })
      await event.addTags(tags)
    }
    const newEvent = await Event.findByPk(event.id, { include: [User, Tag, Place] })
    return res.json(newEvent)
  },

  async getAuthURL (req, res) {
    const instance = req.body.instance
    const is_admin = req.body.admin && req.user.is_admin
    const callback = `${config.baseurl}/${is_admin ? 'admin/oauth' : 'settings'}`
    const { client_id, client_secret } = await Mastodon.createOAuthApp(`https://${instance}/api/v1/apps`,
      config.title, 'read write', callback)
    const url = await Mastodon.getAuthorizationUrl(client_id, client_secret,
      `https://${instance}`, 'read write', callback)

    if (is_admin) {
      await settingsController.setAdminSetting('mastodon_auth', { client_id, client_secret, instance })
    } else {
      req.user.mastodon_auth = { client_id, client_secret, instance }
      await req.user.save()
    }
    res.json(url)
  },

  async code (req, res) {
    const { code, is_admin } = req.body
    let client_id, client_secret, instance
    const callback = `${config.baseurl}/${is_admin ? 'admin/oauth' : 'settings'}`

    if (is_admin) {
      const settings = await settingsController.settings();
      ({ client_id, client_secret, instance } = settings.mastodon_auth)
    } else {
      ({ client_id, client_secret, instance } = req.user.mastodon_auth)
    }

    try {
      const token = await Mastodon.getAccessToken(client_id, client_secret, code,
        `https://${instance}`, callback)
      const mastodon_auth = { client_id, client_secret, access_token: token, instance }
      if (is_admin) {
        await settingsController.setAdminSetting('mastodon_auth', mastodon_auth)
        res.json(instance)
      } else {
        req.user.mastodon_auth = mastodon_auth
        await req.user.save()
        // await bot.add(req.user, token)
        res.json(req.user)
      }
    } catch (e) {
      res.json(e)
    }
  },

  async current (req, res) {
    res.json(req.user)
  },

  async getAll (req, res) {
    const users = await User.findAll({
      order: [['createdAt', 'DESC']]
    })
    res.json(users)
  },

  async update (req, res) {
    const user = await User.findByPk(req.body.id)
    if (user) {
      if (!user.is_active && req.body.is_active) {
        await mail.send(user.email, 'confirm', { user, config })
      }
      await user.update(req.body)
      res.json(user)
    } else {
      res.send(400)
    }
  },

  async register (req, res) {
    const n_users = await User.count()
    try {
      if (n_users === 0) {
        // the first registered user will be an active admin
        req.body.is_active = req.body.is_admin = true
      } else {
        req.body.is_active = false
      }
      const user = await User.create(req.body)
      try {
        mail.send(user.email, 'register', { user })
      } catch (e) {
        return res.status(400).json(e)
      }
      const payload = { email: user.email }
      const token = jwt.sign(payload, config.secret)
      res.json({ user, token })
    } catch (e) {
      res.status(404).json(e)
    }
  }
}

module.exports = userController
first commit backend 2019-02-26 00:02:42 +01:00			`const jwt = require('jsonwebtoken')`
			`const Mastodon = require('mastodon-api')`

			`const User = require('../models/user')`
admin settings fix #12, fix #13 image in mastodon 2019-03-12 01:16:52 +01:00			`const { Event, Tag, Place } = require('../models/event')`
			`const settingsController = require('./settings')`
pm2 / cron worker to send reminder 2019-03-10 01:01:23 +01:00			`const eventController = require('./event')`
first commit backend 2019-02-26 00:02:42 +01:00			`const config = require('../config')`
			`const mail = require('../mail')`
pm2 / cron worker to send reminder 2019-03-10 01:01:23 +01:00			`const { Op } = require('sequelize')`
fix #30, thumbnail 2019-03-20 00:50:43 +01:00			`const fs = require('fs')`
			`const path = require('path')`
first commit backend 2019-02-26 00:02:42 +01:00
			`const userController = {`
			`async login (req, res) {`
			`// find the user`
pm2 / cron worker to send reminder 2019-03-10 01:01:23 +01:00			`const user = await User.findOne({ where: { email: { [Op.eq]: req.body.email } } })`
first commit backend 2019-02-26 00:02:42 +01:00			`if (!user) {`
			`res.status(404).json({ success: false, message: 'AUTH_FAIL' })`
			`} else if (user) {`
			`if (!user.is_active) {`
stream of consciousness 2019-03-07 14:59:28 +01:00			`res.status(403).json({ success: false, message: 'NOT_CONFIRMED' })`
first commit backend 2019-02-26 00:02:42 +01:00			`// check if password matches`
stream of consciousness 2019-03-07 14:59:28 +01:00			`} else if (!await user.comparePassword(req.body.password)) {`
first commit backend 2019-02-26 00:02:42 +01:00			`res.status(403).json({ success: false, message: 'AUTH_FAIL' })`
			`} else {`
			`// if user is found and password is right`
			`// create a token`
			`const payload = { email: user.email }`
			`var token = jwt.sign(payload, config.secret)`
			`res.json({`
			`success: true,`
			`message: 'Enjoy your token!',`
			`token,`
			`user`
			`})`
			`}`
			`}`
			`},`

			`async setToken (req, res) {`
			`req.user.mastodon_auth = req.body`
			`await req.user.save()`
			`res.json(req.user)`
			`},`

			`async delEvent (req, res) {`
			`const event = await Event.findByPk(req.params.id)`
minor 2019-03-14 11:12:56 +01:00			`// check if event is mine (or user is admin)`
front end, config 2019-02-26 01:17:52 +01:00			`if (event && (req.user.is_admin \|\| req.user.id === event.userId)) {`
fix #30, thumbnail 2019-03-20 00:50:43 +01:00			`if (event.image_path) {`
			`const old_path = path.resolve(__dirname, '..', '..', 'uploads', event.image_path)`
			`const old_thumb_path = path.resolve(__dirname, '..', '..', 'uploads', 'thumb', event.image_path)`
			`await fs.unlink(old_path)`
			`await fs.unlink(old_thumb_path)`
			`}`
first commit backend 2019-02-26 00:02:42 +01:00			`await event.destroy()`
			`res.sendStatus(200)`
			`} else {`
stream of consciousness 2019-03-07 14:59:28 +01:00			`res.sendStatus(403)`
first commit backend 2019-02-26 00:02:42 +01:00			`}`
			`},`

stream of consciousness 2019-03-07 14:59:28 +01:00			`// ADD EVENT`
fix #1 - description link clickable 2019-03-05 21:57:53 +01:00			`async addEvent (req, res) {`
first commit backend 2019-02-26 00:02:42 +01:00			`const body = req.body`
stream of consciousness 2019-03-07 14:59:28 +01:00
admin settings fix #12, fix #13 image in mastodon 2019-03-12 01:16:52 +01:00			`// remove description tag and create anchor tags`
fix #1 - description link clickable 2019-03-05 21:57:53 +01:00			`const description = body.description`
			`.replace(/(<([^>]+)>)/ig, '')`
			`.replace(/(https?:\/\/[^\s]+)/g, '<a href="$1">$1</a>')`
stream of consciousness 2019-03-07 14:59:28 +01:00
first commit backend 2019-02-26 00:02:42 +01:00			`const eventDetails = {`
			`title: body.title,`
fix #1 - description link clickable 2019-03-05 21:57:53 +01:00			`description,`
first commit backend 2019-02-26 00:02:42 +01:00			`multidate: body.multidate,`
			`start_datetime: body.start_datetime,`
stream of consciousness 2019-03-07 14:59:28 +01:00			`end_datetime: body.end_datetime,`
admin settings fix #12, fix #13 image in mastodon 2019-03-12 01:16:52 +01:00			`is_visible: !!req.user`
first commit backend 2019-02-26 00:02:42 +01:00			`}`

			`if (req.file) {`
fix #30, thumbnail 2019-03-20 00:50:43 +01:00			`eventDetails.image_path = req.file.filename`
first commit backend 2019-02-26 00:02:42 +01:00			`}`

admin settings fix #12, fix #13 image in mastodon 2019-03-12 01:16:52 +01:00			`let event = await Event.create(eventDetails)`

front end, config 2019-02-26 01:17:52 +01:00			`// create place`
first commit backend 2019-02-26 00:02:42 +01:00			`let place`
			`try {`
front end, config 2019-02-26 01:17:52 +01:00			`place = await Place.findOrCreate({ where: { name: body.place_name },`
			`defaults: { address: body.place_address } })`
			`.spread((place, created) => place)`
admin settings fix #12, fix #13 image in mastodon 2019-03-12 01:16:52 +01:00			`await event.setPlace(place)`
front end, config 2019-02-26 01:17:52 +01:00			`} catch (e) {`
admin settings fix #12, fix #13 image in mastodon 2019-03-12 01:16:52 +01:00			`console.error(e)`
first commit backend 2019-02-26 00:02:42 +01:00			`}`
pm2 / cron worker to send reminder 2019-03-10 01:01:23 +01:00
first commit backend 2019-02-26 00:02:42 +01:00			`// create/assign tags`
			`if (body.tags) {`
front end, config 2019-02-26 01:17:52 +01:00			`await Tag.bulkCreate(body.tags.map(t => ({ tag: t })), { ignoreDuplicates: true })`
pm2 / cron worker to send reminder 2019-03-10 01:01:23 +01:00			`const tags = await Tag.findAll({ where: { tag: { [Op.in]: body.tags } } })`
first commit backend 2019-02-26 00:02:42 +01:00			`await event.addTags(tags)`
			`}`
stream of consciousness 2019-03-07 14:59:28 +01:00			`if (req.user) await req.user.addEvent(event)`
front end, config 2019-02-26 01:17:52 +01:00			`event = await Event.findByPk(event.id, { include: [User, Tag, Place] })`
stream of consciousness 2019-03-07 14:59:28 +01:00
fix #31 2019-03-20 01:52:48 +01:00			`// insert notifications`
			`const notifications = await eventController.getNotifications(event)`
			`await event.setNotifications(notifications)`

first commit backend 2019-02-26 00:02:42 +01:00			`return res.json(event)`
			`},`

			`async updateEvent (req, res) {`
			`const body = req.body`
			`const event = await Event.findByPk(body.id)`
optimize bundle size and resize/sharp image upload fix #11 2019-03-07 22:39:12 +01:00			`if (!req.user.is_admin && event.userId !== req.user.id) {`
			`return res.sendStatus(403)`
			`}`
fix #1 - description link clickable 2019-03-05 21:57:53 +01:00
fix #32 2019-03-19 23:55:44 +01:00			`if (req.file) {`
			`if (event.image_path) {`
fix #30, thumbnail 2019-03-20 00:50:43 +01:00			`const old_path = path.resolve(__dirname, '..', '..', 'uploads', event.image_path)`
			`const old_thumb_path = path.resolve(__dirname, '..', '..', 'uploads', 'thumb', event.image_path)`
fix #32 2019-03-19 23:55:44 +01:00			`await fs.unlink(old_path, e => console.error(e))`
fix #30, thumbnail 2019-03-20 00:50:43 +01:00			`await fs.unlink(old_thumb_path, e => console.error(e))`
fix #32 2019-03-19 23:55:44 +01:00			`}`
fix #30, thumbnail 2019-03-20 00:50:43 +01:00			`body.image_path = req.file.filename`
fix #32 2019-03-19 23:55:44 +01:00			`}`

fix #1 - description link clickable 2019-03-05 21:57:53 +01:00			`body.description = body.description`
			`.replace(/(<([^>]+)>)/ig, '') // remove all tags from description`
			`.replace(/(https?:\/\/[^\s]+)/g, '<a href="$1">$1</a>') // add links`

first commit backend 2019-02-26 00:02:42 +01:00			`await event.update(body)`
			`let place`
			`try {`
fix #29 2019-03-19 23:41:49 +01:00			`place = await Place.findOrCreate({ where: { name: body.place_name },`
front end, config 2019-02-26 01:17:52 +01:00			`defaults: { address: body.place_address } })`
			`.spread((place, created) => place)`
			`} catch (e) {`
			`console.log('error', e)`
first commit backend 2019-02-26 00:02:42 +01:00			`}`
			`await event.setPlace(place)`
			`await event.setTags([])`
			`if (body.tags) {`
front end, config 2019-02-26 01:17:52 +01:00			`await Tag.bulkCreate(body.tags.map(t => ({ tag: t })), { ignoreDuplicates: true })`
minor 2019-03-13 18:13:00 +01:00			`const tags = await Tag.findAll({ where: { tag: { [Op.in]: body.tags } } })`
first commit backend 2019-02-26 00:02:42 +01:00			`await event.addTags(tags)`
front end, config 2019-02-26 01:17:52 +01:00			`}`
			`const newEvent = await Event.findByPk(event.id, { include: [User, Tag, Place] })`
first commit backend 2019-02-26 00:02:42 +01:00			`return res.json(newEvent)`
			`},`

			`async getAuthURL (req, res) {`
			`const instance = req.body.instance`
admin settings fix #12, fix #13 image in mastodon 2019-03-12 01:16:52 +01:00			`const is_admin = req.body.admin && req.user.is_admin`
			const callback = `${config.baseurl}/${is_admin ? 'admin/oauth' : 'settings'}`
			const { client_id, client_secret } = await Mastodon.createOAuthApp(`https://${instance}/api/v1/apps`,
			`config.title, 'read write', callback)`
			`const url = await Mastodon.getAuthorizationUrl(client_id, client_secret,`
			`https://${instance}`, 'read write', callback)

			`if (is_admin) {`
			`await settingsController.setAdminSetting('mastodon_auth', { client_id, client_secret, instance })`
			`} else {`
			`req.user.mastodon_auth = { client_id, client_secret, instance }`
			`await req.user.save()`
			`}`
first commit backend 2019-02-26 00:02:42 +01:00			`res.json(url)`
			`},`

			`async code (req, res) {`
admin settings fix #12, fix #13 image in mastodon 2019-03-12 01:16:52 +01:00			`const { code, is_admin } = req.body`
			`let client_id, client_secret, instance`
			const callback = `${config.baseurl}/${is_admin ? 'admin/oauth' : 'settings'}`

			`if (is_admin) {`
			`const settings = await settingsController.settings();`
			`({ client_id, client_secret, instance } = settings.mastodon_auth)`
			`} else {`
			`({ client_id, client_secret, instance } = req.user.mastodon_auth)`
			`}`

first commit backend 2019-02-26 00:02:42 +01:00			`try {`
admin settings fix #12, fix #13 image in mastodon 2019-03-12 01:16:52 +01:00			`const token = await Mastodon.getAccessToken(client_id, client_secret, code,`
			`https://${instance}`, callback)
			`const mastodon_auth = { client_id, client_secret, access_token: token, instance }`
			`if (is_admin) {`
			`await settingsController.setAdminSetting('mastodon_auth', mastodon_auth)`
			`res.json(instance)`
			`} else {`
			`req.user.mastodon_auth = mastodon_auth`
			`await req.user.save()`
			`// await bot.add(req.user, token)`
			`res.json(req.user)`
			`}`
first commit backend 2019-02-26 00:02:42 +01:00			`} catch (e) {`
			`res.json(e)`
			`}`
			`},`

			`async current (req, res) {`
			`res.json(req.user)`
			`},`

			`async getAll (req, res) {`
			`const users = await User.findAll({`
			`order: [['createdAt', 'DESC']]`
			`})`
			`res.json(users)`
			`},`

			`async update (req, res) {`
			`const user = await User.findByPk(req.body.id)`
			`if (user) {`
fix #27, fix #25, fix #26, fix #20, fix #19 2019-03-18 01:42:42 +01:00			`if (!user.is_active && req.body.is_active) {`
			`await mail.send(user.email, 'confirm', { user, config })`
			`}`
first commit backend 2019-02-26 00:02:42 +01:00			`await user.update(req.body)`
			`res.json(user)`
			`} else {`
			`res.send(400)`
			`}`
			`},`

			`async register (req, res) {`
admin settings fix #12, fix #13 image in mastodon 2019-03-12 01:16:52 +01:00			`const n_users = await User.count()`
first commit backend 2019-02-26 00:02:42 +01:00			`try {`
admin settings fix #12, fix #13 image in mastodon 2019-03-12 01:16:52 +01:00			`if (n_users === 0) {`
fix #27, fix #25, fix #26, fix #20, fix #19 2019-03-18 01:42:42 +01:00			`// the first registered user will be an active admin`
admin settings fix #12, fix #13 image in mastodon 2019-03-12 01:16:52 +01:00			`req.body.is_active = req.body.is_admin = true`
			`} else {`
			`req.body.is_active = false`
			`}`
first commit backend 2019-02-26 00:02:42 +01:00			`const user = await User.create(req.body)`
			`try {`
			`mail.send(user.email, 'register', { user })`
			`} catch (e) {`
			`return res.status(400).json(e)`
			`}`
			`const payload = { email: user.email }`
			`const token = jwt.sign(payload, config.secret)`
			`res.json({ user, token })`
			`} catch (e) {`
			`res.status(404).json(e)`
			`}`
			`}`
			`}`

			`module.exports = userController`