better config / install from cli / allow_registration

server/api/auth.js

@@ -1,6 +1,5 @@
 const { Op } = require('sequelize')
 const { user: User } = require('./models')
-const Settings = require('./controller/settings')
 
 const Auth = {
   async fillUser(req, res, next) {
@@ -26,7 +25,7 @@ const Auth = {
     if (!req.user) {
       return res
         .status(403)
-        .send({ message: 'Failed to authenticate token ' + err })
+        .send({ message: 'Failed to authenticate token ' })
     }
     next()
   },

server/api/controller/bot.js

@@ -2,15 +2,13 @@ const fs = require('fs')
 const path = require('path')
 const moment = require('moment')
 const { event: Event, comment: Comment } = require('../models')
-const config = require('../../config')
+const config = require('config')
 const Mastodon = require('mastodon-api')
 const settingsController = require('./settings')
-moment.locale(process.env.locale)
 
 const botController = {
   bot: null,
   async initialize() {
-    const settings = await settingsController.settings()
     if (!settings.mastodon_auth || !settings.mastodon_auth.access_token) return
     const mastodon_auth = settings.mastodon_auth
     botController.bot = new Mastodon({

server/api/controller/event.js

@@ -169,17 +169,19 @@ const eventController = {
   async getAll(req, res) {
     // this is due how v-calendar shows dates
     const start = moment().year(req.params.year).month(req.params.month)
-      .startOf('month').startOf('isoWeek')
-    let end = moment().year(req.params.year).month(req.params.month).endOf('month')
+      .startOf('month').startOf('isoWeek').unix()
+    let end = moment().utc().year(req.params.year).month(req.params.month).endOf('month')
     const shownDays = end.diff(start, 'days')
     if (shownDays <= 34) end = end.add(1, 'week')
-    end = end.endOf('isoWeek')
+    end = end.endOf('isoWeek').unix()
     const events = await Event.findAll({
       where: {
         is_visible: true,
         [Op.and]: [
-          { start_datetime: { [Op.gte]: start } },
-          { start_datetime: { [Op.lte]: end } }
+          Sequelize.literal(`start_datetime >= ${start}`),
+          Sequelize.literal(`start_datetime <= ${end}`)
+          //   { start_datetime: { [Op.gte]: start } },
+        //   { start_datetime: { [Op.lte]: end } }
         ]
       },
       order: [

server/api/controller/settings.js

@@ -1,47 +1,77 @@
 const Mastodon = require('mastodon-api')
 const { setting: Setting } = require('../models')
+const config = require('config')
 
 const settingsController = {
+  settings: null,
+  secretSettings: null,
 
-  async setAdminSetting(key, value) {
-    await Setting.findOrCreate({ where: { key },
-      defaults: { value } })
-      .spread((settings, created) => {
-        if (!created) return settings.update({ value })
-      })
+  // initialize instance settings from db
+  async init (req, res, next) {
+    if (!settingsController.settings) {
+      const settings = await Setting.findAll()
+      settingsController.settings = {}
+      settingsController.secretSettings = {}
+      settings.forEach( s => settingsController[s.is_secret?'secretSettings':'settings'][s.key] = s.value)
+    }
+    next()
   },
 
-  async getAdminSettings(req, res) {
-    const settings = await settingsController.settings()
-    res.json(settings)
+  async set(key, value, is_secret=false) {
+    try {
+      await Setting.findOrCreate({
+        where: { key },
+        defaults: { value, is_secret }
+      }).spread((settings, created) => {
+        if (!created) return settings.update({ value, is_secret })
+      })
+      settingsController[is_secret?'secretSettings':'settings'][key]=value
+      console.error('settings ', settingsController.settings)
+      console.error('settings controller ', settingsController.secretSettings)
+      return true
+    } catch(e) {
+      console.error(e)
+      return false
+    }
+  },
+
+  async setRequest(req, res) {
+    const { key, value, is_secret } = req.body
+    const ret = await settingsController.set(key, value, is_secret)
+    if (ret) res.sendStatus(200)
+    else res.sendStatus(400)
+  },
+
+  getAllRequest(req, res) {
+    res.json(settingsController.settings)
   },
 
   async getAuthURL(req, res) {
-    const instance = req.body.instance
-    const callback = `${process.env.baseurl}/api/settings/oauth`
+    const instance  = req.body.instance
+    console.error('DENTRO GET AUTH URL ', instance)
+    const callback = `${config.baseurl}/api/settings/oauth`
     const { client_id, client_secret } = await Mastodon.createOAuthApp(`https://${instance}/api/v1/apps`,
       'gancio', 'read write', callback)
     const url = await Mastodon.getAuthorizationUrl(client_id, client_secret,
       `https://${instance}`, 'read write', callback)
-
-    await settingsController.setAdminSetting('mastodon_auth', { client_id, client_secret, instance })
+    
+    await settingsController.set('mastodon_instance', instance )
+    await settingsController.set('mastodon_auth', { client_id, client_secret }, true)
     res.json(url)
   },
 
   async code(req, res) {
     const code = req.query.code
-    let client_id, client_secret, instance
-    const callback = `${process.env.baseurl}/api/settings/oauth`
-
-    const settings = await settingsController.settings()
-
-    ({ client_id, client_secret, instance } = settings.mastodon_auth)
+    const callback = `${config.baseurl}/api/settings/oauth`
+    const client_id = settingsController.secretSettings.mastodon_auth.client_id
+    const client_secret = settingsController.secretSettings.mastodon_auth.client_secret
+    const instance = settingsController.settings.mastodon_instance
 
     try {
-      const token = await Mastodon.getAccessToken(client_id, client_secret, code,
+      const access_token = await Mastodon.getAccessToken(client_id, client_secret, code,
         `https://${instance}`, callback)
-      const mastodon_auth = { client_id, client_secret, access_token: token, instance }
-      await settingsController.setAdminSetting('mastodon_auth', mastodon_auth)
+      const mastodon_auth = { client_id, client_secret, access_token }
+      await settingsController.set('mastodon_auth', mastodon_auth, true)
 
       res.redirect('/admin')
     } catch (e) {
@@ -49,11 +79,6 @@ const settingsController = {
     }
   },
 
-  async settings() {
-    const settings = await Setting.findAll()
-    return settings
-  }
-
 }
 
 module.exports = settingsController

server/api/controller/user.js

@@ -4,10 +4,11 @@ const crypto = require('crypto')
 const jwt = require('jsonwebtoken')
 const { Op } = require('sequelize')
 const jsonwebtoken = require('jsonwebtoken')
+const config = require('config')
 const mail = require('../mail')
 const { user: User, event: Event, tag: Tag, place: Place } = require('../models')
 const eventController = require('./event')
-const config = require('../../config')
+const settingsController = require('./settings')
 
 const userController = {
   async login(req, res) {
@@ -219,6 +220,7 @@ const userController = {
 
 
   async register(req, res) {
+    if (!settingsController.settings.allow_registration) return res.sendStatus(404)
     const n_users = await User.count()
     try {
       // the first registered user will be an active admin

server/api/index.js

@@ -3,7 +3,7 @@ const multer = require('multer')
 const cookieParser = require('cookie-parser')
 const bodyParser = require('body-parser')
 const expressJwt = require('express-jwt')
-const config = require('../config')
+const config = require('config')
 
 const { fillUser, isAuth, isAdmin } = require('./auth')
 const eventController = require('./controller/event')
@@ -18,10 +18,20 @@ const api = express.Router()
 api.use(cookieParser())
 api.use(bodyParser.urlencoded({ extended: false }))
 api.use(bodyParser.json())
+api.use(settingsController.init)
 
 const jwt = expressJwt({
   secret: config.secret,
-  credentialsRequired: false
+  credentialsRequired: false,
+  getToken: function fromHeaderOrQuerystring (req) {
+    if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
+        return req.headers.authorization.split(' ')[1];
+    } else if (req.cookies && req.cookies['auth._token.local']) {
+      const [ prefix, token ] = req.cookies['auth._token.local'].split(' ')
+      if (prefix === 'Bearer') return token
+    }
+    return null
+  }
 })
 
 // AUTH
@@ -74,8 +84,8 @@ api.get('/event/unconfirmed', jwt, isAuth, isAdmin, eventController.getUnconfirm
 api.post('/event/notification', eventController.addNotification)
 api.delete('/event/notification/:code', eventController.delNotification)
 
-api.get('/settings', jwt, fillUser, isAdmin, settingsController.getAdminSettings)
-api.post('/settings', jwt, fillUser, isAdmin, settingsController.setAdminSetting)
+api.get('/settings', settingsController.getAllRequest)
+api.post('/settings', jwt, fillUser, isAdmin, settingsController.setRequest)
 
 // get event
 api.get('/event/:event_id', eventController.get)

server/api/mail.js

@@ -1,7 +1,7 @@
 const Email = require('email-templates')
 const path = require('path')
 const moment = require('moment')
-const config = require('../config')
+const config = require('config')
 
 moment.locale(config.locale)
 const mail = {

server/api/models/event.js

@@ -6,10 +6,13 @@ module.exports = (sequelize, DataTypes) => {
     description: DataTypes.TEXT,
     multidate: DataTypes.BOOLEAN,
     start_datetime: {
-      type: DataTypes.DATE,
+      type: DataTypes.INTEGER,
+      index: true
+    },
+    end_datetime: {
+      type: DataTypes.INTEGER,
       index: true
     },
-    end_datetime: DataTypes.DATE,
     image_path: DataTypes.STRING,
     is_visible: DataTypes.BOOLEAN,
     activitypub_id: {

server/api/models/eventnotification.js

@@ -5,12 +5,10 @@ module.exports = (sequelize, DataTypes) => {
       type: DataTypes.ENUM,
       values: ['new', 'sent', 'error'],
       defaultValue: 'new',
+      errorMessage: DataTypes.TEXT,
       index: true
     }
   }, {})
 
-  eventNotification.associate = function (models) {
-    // associations can be defined here
-  }
   return eventNotification
 }

server/api/models/index.js

@@ -2,9 +2,8 @@ const argv = require('yargs').argv
 const fs = require('fs')
 const path = require('path')
 const Sequelize = require('sequelize')
-const config_path = path.resolve(argv.config || './config.js')
 const basename = path.basename(__filename)
-const config = require(config_path)
+const config = require('config')
 const db = {}
 
 const sequelize = new Sequelize(config.db)

server/api/models/setting.js

@@ -7,7 +7,8 @@ module.exports = (sequelize, DataTypes) => {
       allowNull: false,
       index: true
     },
-    value: DataTypes.JSON
+    value: DataTypes.JSON,
+    is_secret: DataTypes.BOOLEAN
   }, {})
 
   return setting

server/api/storage.js

@@ -4,7 +4,7 @@ const crypto = require('crypto')
 const mkdirp = require('mkdirp')
 const sharp = require('sharp')
 const consola = require('consola')
-const config = require('../config')
+const config = require('config')
 
 mkdirp.sync(config.upload_path + '/thumb')
 

server/cli.js

@@ -0,0 +1,162 @@
+#!/usr/bin/env node
+const arg = require('arg')
+const inquirer = require('inquirer')
+const package = require('../package.json')
+const consola = require('consola')
+const firstrun = require('./firstrun')
+const path = require('path')
+const fs = require('fs')
+const sequelize = require('sequelize')
+
+/**
+ * initial setup:
+ * - check first run
+ * - ask title, description, baseurl
+ * - ask and create upload path and thumb dir
+ * - ask and inizialite db
+ * - create first admin account
+ * - enable open registration?
+ * - enable anon event?
+ * - enable email export?
+ * - enable email notification?
+ * - enable notifier?
+ * - enable pm2
+ * 
+ * start gancio:
+ * 
+ * update gancio:
+ * - yarn/npm global update...
+ * - sequelize migrate ! 
+ */
+
+function parseArguments(rawArgs) {
+  const args = arg({
+    '--config': String,
+    '--install': Boolean,
+    '--upgrade': Boolean
+  }, {
+    argv: rawArgs.slice(2),
+  });
+
+  return {
+    config: path.resolve(args['--config'] || '/etc/gancio_config.json') ,
+    install: args['--install'] || false,
+    upgrade: args['--upgrade'] || false
+  };
+}
+
+async function setupQuestionnaire() {
+
+  const questions = []
+  questions.push({
+    message: 'Specify a baseurl for this gancio installation! (eg. http://gancio.cisti.org)',
+    name: 'baseurl',
+    default: 'http://localhost:3000',
+    validate: baseurl => baseurl.length>0
+  })
+
+  questions.push({
+    name: 'db.dialect',
+    message: 'DB dialect',
+    type: 'list',
+    choices: ['sqlite', 'postgres']
+  })
+
+  questions.push({
+    name: 'db.storage',
+    message: 'sqlite db path',
+    default: '/var/gancio/db.sqlite',
+    when: answers => answers.db.dialect === 'sqlite',
+    validate: db_path => db_path.length>0 && fs.existsSync(path.dirname(db_path))
+  })
+
+  questions.push({
+    name: 'db.user',
+    message: 'Postgres user',
+    default: 'gancio',
+    when: answers => answers.db.dialect === 'postgres',
+    validate: user => user.length>0
+  })
+  
+  questions.push({
+    name: 'db.pass',
+    type: 'password',
+    message: 'Postgres password',
+    default: 'gancio',
+    when: answers => answers.db.dialect === 'postgres',
+    validate: async (password, options) => {
+      try {
+        const db = new sequelize({host: 'localhost', dialect: 'postgres', database: 'gancio', username: options.db.user, password })
+        return db.authenticate().then( () => {
+          consola.info(`DB connected`)
+          return true
+        })
+      } catch(e) {
+        consola.error(e)
+        return false
+      }
+    }
+  })
+
+  questions.push({
+    name: 'upload_path',
+    message: 'Where gancio has to store media?',
+    default: '/var/gancio/',
+    validate: (p) => {
+      const exists =  fs.existsSync(p)
+      if (!exists) consola.warn(`"${p}" does not exists, please create it`)
+      return exists
+    }
+  })
+
+  questions.push({
+    name: 'admin.email',
+    message: `Admin email (a first user with this username will be created)`,
+    validate: email => email.length>0
+  })
+  
+  questions.push({
+    name: 'admin.password',
+    message: 'Admin password',
+    type: 'password',
+    validate: password => password.length>0
+  })
+
+  const answers = await inquirer.prompt(questions)
+  return answers
+}
+
+async function cli(args) {
+  
+  const options = parseArguments(args)
+  consola.info(`${package.name} - v${package.version} - ${package.description}`)
+
+  // install flag specified?
+  if (options.install) {
+    consola.info(`Cool! You're going to setup gancio on this machine.`)
+    const config = await setupQuestionnaire()
+    await firstrun.setup(config, options.config)
+    consola.info(`This is your configuration, run "gancio --install" or edit ${options.config} to modify it: `)
+    consola.info(JSON.stringify(config, null, 2))
+    process.exit(0)
+  }
+  
+  // upgrade gancio / TODO npm/yarn global upgrade gancio ?
+  if (options.upgrade) {
+    consola.warn('Not implemented yet but should be an easy task! PR welcome!')
+    process.exit(-1)
+  }
+
+  // is first run?
+  if (firstrun.check(options.config)) {
+    consola.error(`Configuration file "${options.config}" not found! 
+This is your first run? You could create it using --install flag`)
+
+    process.exit(-1)
+  } else {
+    require('./index')
+  }
+
+}
+
+cli(process.argv)

server/config.js

@@ -1,5 +1,24 @@
-const argv = require('yargs').argv
-const path = require('path')
-const config_path = path.resolve(argv.config || './config.js')
+// const argv = require('yargs').argv
+// const path = require('path')
+// const fs = require('fs')
 
-module.exports = require(config_path)
+// const config_path = path.resolve(argv.config || './config.js')
+
+// let user_config
+// if (fs.existsSync(config_path)) {
+//   user_config = require(config_path)
+// }
+
+// const config = {
+//   baseurl: 'PLEASE CONFIGURE YOUR BASEURL!',
+//   server: {
+//     host: 'localhost',
+//     port: 3000
+//   },
+//   secret: '',
+//   db: {
+//     dialect: 'sqlite'
+//   }
+// }
+
+// module.exports = Object.assign( config, user_config )

server/emails/register/html.pug

@@ -3,4 +3,4 @@ p= t('email.register')
 hr
 small #{config.title} / #{config.description}
 br
-small #{config.baseurl}
+a(href='#{config.baseurl}') #{config.baseurl}

server/firstrun.js

@@ -1,41 +1,43 @@
 // check config.js existance
 const fs = require('fs')
-const path = require('path')
-const argv = require('yargs').argv
+const consola = require('consola')
 
-const config_path = path.resolve(argv.config || './config.js')
+module.exports = {
+  check (config_path) {
+    return !fs.existsSync(config_path)
+  },
 
-if (!fs.existsSync(config_path)) {
-  console.error(`Configuration file not found at '${config_path}. Please copy 'config.example.js' and modify it.`)
-  process.exit(1)
-}
+  async setup (config, config_path) {
+    // generate a random salt
+    consola.info('Generate random salt')
+    config.secret = Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15)
 
-const config = require(config_path)
-if (!config.secret) {
-  console.error(`Please specify a random 'secret' in '${config_path}'!`)
-  process.exit(1)
-}
+    consola.info(`Save configuration into ${config_path}`)
+    fs.writeFileSync(config_path, JSON.stringify(config, null, 2))
 
-const Sequelize = require('sequelize')
-let db
-try {
-  db = new Sequelize(config.db)
-} catch (e) {
-  console.error(`DB Error: check '${config.env}' configuration.\n (sequelize error -> ${e})`)
-  process.exit(1)
-}
-
-// return db existence
-module.exports = db.authenticate()
-  .then(() => {
-    require('./api/models')
-    if (config.env === 'development') {
-      console.error('DB Force sync')
-      return db.sync({ force: true })
+    // sync db (TODO, check if there's something in db and ask to backup)
+    const db = require('./api/models')
+    try {
+      consola.info(`Create tables..`)
+      await db.sequelize.sync({force: true})
+    } catch(e) {
+      consola.error('Error creating tables', e)
+      return -1
     }
-  })
-  .catch(e => {
-    console.error(e)
-    console.error(`DB Error: check '${config.env}' configuration\n (sequelize error -> ${e})`)
-    process.exit(1)
-  })
+
+    // create admin user
+    consola.info('Create admin user')
+    await db.user.create({
+      email: config.admin.email,
+      password: config.admin.password,
+      is_admin: true,
+      is_active: true
+    })
+
+    const settings = require('./api/controller/settings')
+    settings.set('enable_registration', true)
+    settings.set('allow_anon_event', true)
+    settings.set('allow_mastodon_association', true)
+
+  }
+}

server/index.js

@@ -7,10 +7,11 @@ const { Nuxt, Builder } = require('nuxt')
 const firstRun = require('./firstrun')
 // Import and Set Nuxt.js options
 const nuxt_config = require('../nuxt.config.js')
-const config = require('./config')
+const config = require('config')
 
 const app = express()
 async function start() {
+  nuxt_config.server = config.server
   // Init Nuxt.js
   const nuxt = new Nuxt(nuxt_config)
 
@@ -31,7 +32,7 @@ async function start() {
   app.use(nuxt.render)
 
   // Listen the server
-  const server = app.listen(config.server)
+  const server = app.listen(nuxt_config.server)
 
   // close connections/port/unix socket
   function shutdown() {
@@ -54,4 +55,4 @@ async function start() {
   })
 }
 
-firstRun.then(start)
+start()

server/migrations/20190605141850-create-event.js

@@ -22,10 +22,12 @@ module.exports = {
         type: Sequelize.BOOLEAN
       },
       start_datetime: {
-        type: Sequelize.DATE
+        type: Sequelize.INTEGER,
+        index: true
       },
       end_datetime: {
-        type: Sequelize.DATE
+        type: Sequelize.INTEGER,
+        index: true
       },
       image_path: {
         type: Sequelize.STRING

server/migrations/20190605142619-create-setting.js

@@ -11,6 +11,7 @@ module.exports = {
       value: {
         type: Sequelize.JSON
       },
+      is_secret: Sequelize.BOOLEAN,
       createdAt: {
         allowNull: false,
         type: Sequelize.DATE