users0.js 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191
  1. var Repo = require('../database').UserRepo;
  2. var express = require('express');
  3. var app = new express.Router();
  4. var CryptoJS = require('crypto-js');
  5. var ErrorHandler = require('./error-handler.js');
  6. function getUser(token) {
  7. return knex.table('users').select('*').
  8. where({ token }).
  9. then((data) => {
  10. var [user] = data;
  11. if (user === null) {
  12. throw Error('Not a valid token!');
  13. } else {
  14. return user;
  15. }
  16. });
  17. }
  18. function middleware(req, res, next) {
  19. var token = req.get('Token');
  20. if (!token || token.length < 5) {
  21. next();
  22. return true;
  23. }
  24. getUser(token).then((user) => {
  25. req.sessionUser = user;
  26. next();
  27. }).
  28. catch(() => {
  29. console.log('Session Users errors');
  30. next();
  31. });
  32. return true;
  33. }
  34. // /////////////////////////////////////////////////////////////////////
  35. app.post('/role', (req, res) => {
  36. if (!auth.isAdmin(req)) {
  37. return res.sendStatus(403);
  38. }
  39. if (!req.body.role || !req.body.id) {
  40. return res.sendStatus(404);
  41. }
  42. return knex.table('users').
  43. where({ id: req.body.id }).
  44. update({ role: req.body.role }).
  45. then((updated) => {
  46. const updates = updated;
  47. if (updates !== 1) {
  48. res.sendStatus(409);
  49. const err = { status: 409 };
  50. throw err;
  51. }
  52. }).
  53. then(() => res.send({ msg: 'OK' }));
  54. });
  55. app.post('/register', (req, res) => {
  56. Repo.register(req.body.username, req.body.password, req.body.email).
  57. then((result) => res.send(result));
  58. return knex.table('users').select('*').
  59. where({ username: req.body.username }).
  60. then((data) => {
  61. var [ndata] = data;
  62. if (typeof ndata !== 'undefined' || ndata) {
  63. res.status(409);
  64. res.send(ErrorHandler.
  65. createError('Please choose another username or login!'));
  66. throw Error('Username exists');
  67. }
  68. }).
  69. then(() => {
  70. // create salt and hash
  71. console.log(req.body);
  72. var hashFn = CryptoJS.SHA256;
  73. var salt = CryptoJS.lib.WordArray.random(128 / 8).toString();
  74. var hash = hashFn(salt + req.body.password + salt).toString();
  75. var user = {
  76. email: req.body.email,
  77. name: req.body.name,
  78. password: hash,
  79. phone: req.body.phone,
  80. salt,
  81. username: req.body.username
  82. };
  83. });
  84. function checkUpdateToken(user) {
  85. var hashFn = CryptoJS.SHA256;
  86. var Token = user.token;
  87. var month = new Date().getMonth();
  88. if (month > 9) {
  89. month -= 10;
  90. }
  91. if (!user.token || parseInt(user.token[user.token.length - 1], 10) !== month) {
  92. // generate token
  93. Token = hashFn(Math.random().toString() + user.salt).toString() + month;
  94. }
  95. return Token;
  96. }
  97. function checkGenerateToken(user, password) {
  98. var hashFn = CryptoJS.SHA256;
  99. var hash = hashFn(user.salt + password + user.salt).toString();
  100. if (hash === user.password) {
  101. var Token = checkUpdateToken(user);
  102. return knex.table('users').where({ id: user.id }).
  103. update('token', Token).
  104. then(() => Token);
  105. }
  106. return Promise.reject(new Error('incorrect password'));
  107. }
  108. app.post('/login', (req, res) => {
  109. if (!req.body.username || !req.body.password) {
  110. res.status(400);
  111. res.send('Missing creds');
  112. return;
  113. }
  114. Repo.login(req.body.username, req.body.password).
  115. then((user) => res.send(user)).
  116. catch(() => {
  117. res.status(403);
  118. res.send('Bad creds');
  119. });
  120. });
  121. app.get('/me', (req, res) => {
  122. var token = req.get('Token');
  123. if (!token) {
  124. res.status(400);
  125. res.send('Need a token...');
  126. return;
  127. }
  128. knex.table('users').select('*').
  129. where({ token }).
  130. then((users) => {
  131. var [user] = users;
  132. if (user === null) {
  133. res.status(400);
  134. res.send(ErrorHandler.createError('Invalid token!'));
  135. } else {
  136. res.send(present(user));
  137. }
  138. });
  139. });
  140. app.get('/', (req, res) => {
  141. if (!auth.isAdmin(req)) {
  142. res.sendStatus(403);
  143. return false;
  144. }
  145. return knex.table('users').select('*').
  146. then((users) => res.send(users));
  147. });
  148. app.get('/logout', (req, res) => {
  149. knex.table('users').select('*').
  150. where({ token: req.get('Token') }).
  151. then((users) => {
  152. var [user] = users;
  153. if (user === null) {
  154. res.status(400);
  155. res.send(ErrorHandler.createError('Invalid token!'));
  156. } else {
  157. return knex.table('users').where({ id: user.id }).
  158. update('Token', null);
  159. }
  160. return false;
  161. }).
  162. then((data) => res.send(data));
  163. });
  164. module.exports = {
  165. App: app,
  166. GetUser: getUser,
  167. Middleware: middleware
  168. };