better config / install from cli / allow_registration

2019-06-21 23:52:18 +02:00
parent 4c3c7ee324
commit cf81a73f2f
38 changed files with 530 additions and 272 deletions
--- a/server/api/auth.js
+++ b/server/api/auth.js
@@ -1,6 +1,5 @@
 const { Op } = require('sequelize')
 const { user: User } = require('./models')
-const Settings = require('./controller/settings')

 const Auth = {
  async fillUser(req, res, next) {
@@ -26,7 +25,7 @@ const Auth = {
    if (!req.user) {
      return res
        .status(403)
-        .send({ message: 'Failed to authenticate token ' + err })
+        .send({ message: 'Failed to authenticate token ' })
    }
    next()
  },
--- a/server/api/controller/bot.js
+++ b/server/api/controller/bot.js
@@ -2,15 +2,13 @@ const fs = require('fs')
 const path = require('path')
 const moment = require('moment')
 const { event: Event, comment: Comment } = require('../models')
-const config = require('../../config')
+const config = require('config')
 const Mastodon = require('mastodon-api')
 const settingsController = require('./settings')
-moment.locale(process.env.locale)

 const botController = {
  bot: null,
  async initialize() {
-    const settings = await settingsController.settings()
    if (!settings.mastodon_auth || !settings.mastodon_auth.access_token) return
    const mastodon_auth = settings.mastodon_auth
    botController.bot = new Mastodon({
--- a/server/api/controller/event.js
+++ b/server/api/controller/event.js
@@ -169,17 +169,19 @@ const eventController = {
  async getAll(req, res) {
    // this is due how v-calendar shows dates
    const start = moment().year(req.params.year).month(req.params.month)
-      .startOf('month').startOf('isoWeek')
-    let end = moment().year(req.params.year).month(req.params.month).endOf('month')
+      .startOf('month').startOf('isoWeek').unix()
+    let end = moment().utc().year(req.params.year).month(req.params.month).endOf('month')
    const shownDays = end.diff(start, 'days')
    if (shownDays <= 34) end = end.add(1, 'week')
-    end = end.endOf('isoWeek')
+    end = end.endOf('isoWeek').unix()
    const events = await Event.findAll({
      where: {
        is_visible: true,
        [Op.and]: [
-          { start_datetime: { [Op.gte]: start } },
-          { start_datetime: { [Op.lte]: end } }
+          Sequelize.literal(`start_datetime >= ${start}`),
+          Sequelize.literal(`start_datetime <= ${end}`)
+          //   { start_datetime: { [Op.gte]: start } },
+        //   { start_datetime: { [Op.lte]: end } }
        ]
      },
      order: [
--- a/server/api/controller/settings.js
+++ b/server/api/controller/settings.js
@@ -1,47 +1,77 @@
 const Mastodon = require('mastodon-api')
 const { setting: Setting } = require('../models')
+const config = require('config')

 const settingsController = {
+  settings: null,
+  secretSettings: null,

-  async setAdminSetting(key, value) {
-    await Setting.findOrCreate({ where: { key },
-      defaults: { value } })
-      .spread((settings, created) => {
-        if (!created) return settings.update({ value })
-      })
+  // initialize instance settings from db
+  async init (req, res, next) {
+    if (!settingsController.settings) {
+      const settings = await Setting.findAll()
+      settingsController.settings = {}
+      settingsController.secretSettings = {}
+      settings.forEach( s => settingsController[s.is_secret?'secretSettings':'settings'][s.key] = s.value)
+    }
+    next()
  },

-  async getAdminSettings(req, res) {
-    const settings = await settingsController.settings()
-    res.json(settings)
+  async set(key, value, is_secret=false) {
+    try {
+      await Setting.findOrCreate({
+        where: { key },
+        defaults: { value, is_secret }
+      }).spread((settings, created) => {
+        if (!created) return settings.update({ value, is_secret })
+      })
+      settingsController[is_secret?'secretSettings':'settings'][key]=value
+      console.error('settings ', settingsController.settings)
+      console.error('settings controller ', settingsController.secretSettings)
+      return true
+    } catch(e) {
+      console.error(e)
+      return false
+    }
+  },
+
+  async setRequest(req, res) {
+    const { key, value, is_secret } = req.body
+    const ret = await settingsController.set(key, value, is_secret)
+    if (ret) res.sendStatus(200)
+    else res.sendStatus(400)
+  },
+
+  getAllRequest(req, res) {
+    res.json(settingsController.settings)
  },

  async getAuthURL(req, res) {
-    const instance = req.body.instance
-    const callback = `${process.env.baseurl}/api/settings/oauth`
+    const instance  = req.body.instance
+    console.error('DENTRO GET AUTH URL ', instance)
+    const callback = `${config.baseurl}/api/settings/oauth`
    const { client_id, client_secret } = await Mastodon.createOAuthApp(`https://${instance}/api/v1/apps`,
      'gancio', 'read write', callback)
    const url = await Mastodon.getAuthorizationUrl(client_id, client_secret,
      `https://${instance}`, 'read write', callback)
-
-    await settingsController.setAdminSetting('mastodon_auth', { client_id, client_secret, instance })
+    
+    await settingsController.set('mastodon_instance', instance )
+    await settingsController.set('mastodon_auth', { client_id, client_secret }, true)
    res.json(url)
  },

  async code(req, res) {
    const code = req.query.code
-    let client_id, client_secret, instance
-    const callback = `${process.env.baseurl}/api/settings/oauth`
-
-    const settings = await settingsController.settings()
-
-    ({ client_id, client_secret, instance } = settings.mastodon_auth)
+    const callback = `${config.baseurl}/api/settings/oauth`
+    const client_id = settingsController.secretSettings.mastodon_auth.client_id
+    const client_secret = settingsController.secretSettings.mastodon_auth.client_secret
+    const instance = settingsController.settings.mastodon_instance

    try {
-      const token = await Mastodon.getAccessToken(client_id, client_secret, code,
+      const access_token = await Mastodon.getAccessToken(client_id, client_secret, code,
        `https://${instance}`, callback)
-      const mastodon_auth = { client_id, client_secret, access_token: token, instance }
-      await settingsController.setAdminSetting('mastodon_auth', mastodon_auth)
+      const mastodon_auth = { client_id, client_secret, access_token }
+      await settingsController.set('mastodon_auth', mastodon_auth, true)

      res.redirect('/admin')
    } catch (e) {
@@ -49,11 +79,6 @@ const settingsController = {
    }
  },

-  async settings() {
-    const settings = await Setting.findAll()
-    return settings
-  }
-
 }

 module.exports = settingsController
--- a/server/api/controller/user.js
+++ b/server/api/controller/user.js
@@ -4,10 +4,11 @@ const crypto = require('crypto')
 const jwt = require('jsonwebtoken')
 const { Op } = require('sequelize')
 const jsonwebtoken = require('jsonwebtoken')
+const config = require('config')
 const mail = require('../mail')
 const { user: User, event: Event, tag: Tag, place: Place } = require('../models')
 const eventController = require('./event')
-const config = require('../../config')
+const settingsController = require('./settings')

 const userController = {
  async login(req, res) {
@@ -219,6 +220,7 @@ const userController = {


  async register(req, res) {
+    if (!settingsController.settings.allow_registration) return res.sendStatus(404)
    const n_users = await User.count()
    try {
      // the first registered user will be an active admin
--- a/server/api/index.js
+++ b/server/api/index.js
@@ -3,7 +3,7 @@ const multer = require('multer')
 const cookieParser = require('cookie-parser')
 const bodyParser = require('body-parser')
 const expressJwt = require('express-jwt')
-const config = require('../config')
+const config = require('config')

 const { fillUser, isAuth, isAdmin } = require('./auth')
 const eventController = require('./controller/event')
@@ -18,10 +18,20 @@ const api = express.Router()
 api.use(cookieParser())
 api.use(bodyParser.urlencoded({ extended: false }))
 api.use(bodyParser.json())
+api.use(settingsController.init)

 const jwt = expressJwt({
  secret: config.secret,
-  credentialsRequired: false
+  credentialsRequired: false,
+  getToken: function fromHeaderOrQuerystring (req) {
+    if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
+        return req.headers.authorization.split(' ')[1];
+    } else if (req.cookies && req.cookies['auth._token.local']) {
+      const [ prefix, token ] = req.cookies['auth._token.local'].split(' ')
+      if (prefix === 'Bearer') return token
+    }
+    return null
+  }
 })

 // AUTH
@@ -74,8 +84,8 @@ api.get('/event/unconfirmed', jwt, isAuth, isAdmin, eventController.getUnconfirm
 api.post('/event/notification', eventController.addNotification)
 api.delete('/event/notification/:code', eventController.delNotification)

-api.get('/settings', jwt, fillUser, isAdmin, settingsController.getAdminSettings)
-api.post('/settings', jwt, fillUser, isAdmin, settingsController.setAdminSetting)
+api.get('/settings', settingsController.getAllRequest)
+api.post('/settings', jwt, fillUser, isAdmin, settingsController.setRequest)

 // get event
 api.get('/event/:event_id', eventController.get)
--- a/server/api/mail.js
+++ b/server/api/mail.js
@@ -1,7 +1,7 @@
 const Email = require('email-templates')
 const path = require('path')
 const moment = require('moment')
-const config = require('../config')
+const config = require('config')

 moment.locale(config.locale)
 const mail = {
--- a/server/api/models/event.js
+++ b/server/api/models/event.js
@@ -6,10 +6,13 @@ module.exports = (sequelize, DataTypes) => {
    description: DataTypes.TEXT,
    multidate: DataTypes.BOOLEAN,
    start_datetime: {
-      type: DataTypes.DATE,
+      type: DataTypes.INTEGER,
+      index: true
+    },
+    end_datetime: {
+      type: DataTypes.INTEGER,
      index: true
    },
-    end_datetime: DataTypes.DATE,
    image_path: DataTypes.STRING,
    is_visible: DataTypes.BOOLEAN,
    activitypub_id: {
--- a/server/api/models/eventnotification.js
+++ b/server/api/models/eventnotification.js
@@ -5,12 +5,10 @@ module.exports = (sequelize, DataTypes) => {
      type: DataTypes.ENUM,
      values: ['new', 'sent', 'error'],
      defaultValue: 'new',
+      errorMessage: DataTypes.TEXT,
      index: true
    }
  }, {})

-  eventNotification.associate = function (models) {
-    // associations can be defined here
-  }
  return eventNotification
 }
--- a/server/api/models/index.js
+++ b/server/api/models/index.js
@@ -2,9 +2,8 @@ const argv = require('yargs').argv
 const fs = require('fs')
 const path = require('path')
 const Sequelize = require('sequelize')
-const config_path = path.resolve(argv.config || './config.js')
 const basename = path.basename(__filename)
-const config = require(config_path)
+const config = require('config')
 const db = {}

 const sequelize = new Sequelize(config.db)
--- a/server/api/models/setting.js
+++ b/server/api/models/setting.js
@@ -7,7 +7,8 @@ module.exports = (sequelize, DataTypes) => {
      allowNull: false,
      index: true
    },
-    value: DataTypes.JSON
+    value: DataTypes.JSON,
+    is_secret: DataTypes.BOOLEAN
  }, {})

  return setting
--- a/server/api/storage.js
+++ b/server/api/storage.js
@@ -4,7 +4,7 @@ const crypto = require('crypto')
 const mkdirp = require('mkdirp')
 const sharp = require('sharp')
 const consola = require('consola')
-const config = require('../config')
+const config = require('config')

 mkdirp.sync(config.upload_path + '/thumb')