optimize bundle size and resize/sharp image upload

fix #11

app/api.js

@@ -2,44 +2,74 @@ const express = require('express')
 const { fillUser, isAuth, isAdmin } = require('./auth')
 const eventController = require('./controller/event')
 const exportController = require('./controller/export')
+const userController = require('./controller/user')
 // const botController = require('./controller/bot')
 
+const path = require('path')
 const multer = require('multer')
-const upload = multer({ dest: 'uploads/' })
+const crypto = require('crypto')
+
+const storage = require('./storage')({
+  destination: 'uploads/',
+  filename: (req, file, cb) => {
+    cb(null, crypto.randomBytes(16).toString('hex') + path.extname(file.originalname))
+  }
+})
+const upload = multer({ storage })
 const api = express.Router()
 
-// USER API
-const userController = require('./controller/user')
-
+// login
 api.post('/login', userController.login)
 
 api.route('/user')
+  // register
   .post(userController.register)
+  // get current user
   .get(isAuth, userController.current)
+  // update user (eg. confirm)
   .put(isAuth, isAdmin, userController.update)
 
+// get all users
 api.get('/users', isAuth, isAdmin, userController.getAll)
+
+// update a tag (modify color)
 api.put('/tag', isAuth, isAdmin, eventController.updateTag)
+
+// update a place (modify address..)
 api.put('/place', isAuth, isAdmin, eventController.updatePlace)
 
 api.route('/user/event')
+  // add event
   .post(fillUser, upload.single('image'), userController.addEvent)
-  .get(isAuth, userController.getMyEvents)
+  // update event
   .put(isAuth, upload.single('image'), userController.updateEvent)
 
+// remove event
 api.delete('/user/event/:id', isAuth, userController.delEvent)
 
+// get tags/places
 api.get('/event/meta', eventController.getMeta)
-api.get('/event/unconfirmed', isAuth, isAdmin, eventController.getUnconfirmed)
-api.post('/event/reminder', eventController.addReminder)
 
+// get unconfirmed events
+api.get('/event/unconfirmed', isAuth, isAdmin, eventController.getUnconfirmed)
+
+// add event reminder
+api.post('/event/reminder', eventController.addReminder)
+// api.del('/event/reminder/:id', eventController.delReminder)
+
+// get event
 api.get('/event/:event_id', eventController.get)
+
+// confirm event
 api.get('/event/confirm/:event_id', isAuth, isAdmin, eventController.confirm)
 
+// export events (rss/ics)
 api.get('/export/:type', exportController.export)
 
+// get events in this range
 api.get('/event/:year/:month', eventController.getAll)
 
+// mastodon oauth auth
 api.post('/user/getauthurl', isAuth, userController.getAuthURL)
 api.post('/user/code', isAuth, userController.code)
 

app/controller/user.js

@@ -110,6 +110,9 @@ const userController = {
   async updateEvent (req, res) {
     const body = req.body
     const event = await Event.findByPk(body.id)
+    if (!req.user.is_admin && event.userId !== req.user.id) {
+      return res.sendStatus(403)
+    }
 
     body.description = body.description
       .replace(/(<([^>]+)>)/ig, '') // remove all tags from description
@@ -142,11 +145,6 @@ const userController = {
     return res.json(newEvent)
   },
 
-  async getMyEvents (req, res) {
-    const events = await req.user.getEvents()
-    res.json(events)
-  },
-
   async getAuthURL (req, res) {
     const instance = req.body.instance
     const { client_id, client_secret } = await Mastodon.createOAuthApp(`https://${instance}/api/v1/apps`, 'eventi', 'read write', `${config.baseurl}/settings`)

app/db.js

@@ -3,7 +3,7 @@ const conf = require('./config.js')
 console.error(conf.db)
 const db = new Sequelize(conf.db)
 
-//db.sync({ force: true })
+// db.sync({ force: true })
 // db.sync()
 
 module.exports = db