LosPoulos
/
mafalda-api


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191
							var Repo = require('../database').UserRepo;
var express = require('express');
var app = new express.Router();
var CryptoJS = require('crypto-js');

var ErrorHandler = require('./error-handler.js');
function getUser(token) {
 return knex.table('users').select('*').
where({ token }).
then((data) => {
var [user] = data;
if (user === null) {
 throw Error('Not a valid token!');
} else {
 return user;
}
});
}

function middleware(req, res, next) {
var token = req.get('Token');
if (!token || token.length < 5) {
next();

return true;
}
getUser(token).then((user) => {
 req.sessionUser = user;
 next();
}).
catch(() => {
 console.log('Session Users errors');
 next();
});


return true;
}
// /////////////////////////////////////////////////////////////////////
app.post('/role', (req, res) => {
    if (!auth.isAdmin(req)) {
        return res.sendStatus(403);
    }
    if (!req.body.role || !req.body.id) {
        return res.sendStatus(404);
    }

    return knex.table('users').
                where({ id: req.body.id }).
                update({ role: req.body.role }).
                then((updated) => {
                  const updates = updated;
                  if (updates !== 1) {
                    res.sendStatus(409);
                    const err = { status: 409 };

                    throw err;
                  }
                }).
                then(() => res.send({ msg: 'OK' }));
});
app.post('/register', (req, res) => {
    Repo.register(req.body.username, req.body.password, req.body.email).
    then((result) => res.send(result));

    return knex.table('users').select('*').
    where({ username: req.body.username }).
    then((data) => {
        var [ndata] = data;
        if (typeof ndata !== 'undefined' || ndata) {
            res.status(409);
            res.send(ErrorHandler.
                createError('Please choose another username or login!'));
            throw Error('Username exists');
        }
    }).
    then(() => {
    // create salt and hash
    console.log(req.body);
    var hashFn = CryptoJS.SHA256;
    var salt = CryptoJS.lib.WordArray.random(128 / 8).toString();
    var hash = hashFn(salt + req.body.password + salt).toString();
    var user = {
        email: req.body.email,
        name: req.body.name,
        password: hash,
        phone: req.body.phone,
        salt,
        username: req.body.username
    };
});

function checkUpdateToken(user) {
 var hashFn = CryptoJS.SHA256;
 var Token = user.token;
 var month = new Date().getMonth();
 if (month > 9) {
  month -= 10;
 }
 if (!user.token || parseInt(user.token[user.token.length - 1], 10) !== month) {
  // generate token
  Token = hashFn(Math.random().toString() + user.salt).toString() + month;
 }

return Token;
}
function checkGenerateToken(user, password) {
var hashFn = CryptoJS.SHA256;
var hash = hashFn(user.salt + password + user.salt).toString();
if (hash === user.password) {

var Token = checkUpdateToken(user);

return knex.table('users').where({ id: user.id }).
update('token', Token).
then(() => Token);
}

return Promise.reject(new Error('incorrect password'));

}

app.post('/login', (req, res) => {
    if (!req.body.username || !req.body.password) {
        res.status(400);
        res.send('Missing creds');
        return;
    }
    Repo.login(req.body.username, req.body.password).
    then((user) => res.send(user)).
    catch(() => {
        res.status(403);
        res.send('Bad creds');
    });
});

app.get('/me', (req, res) => {
    var token = req.get('Token');
    if (!token) {
        res.status(400);
        res.send('Need a token...');

        return;
    }
    knex.table('users').select('*').
    where({ token }).
    then((users) => {
        var [user] = users;
        if (user === null) {
            res.status(400);
            res.send(ErrorHandler.createError('Invalid token!'));
        } else {
            res.send(present(user));
        }
    });
});

app.get('/', (req, res) => {
    if (!auth.isAdmin(req)) {
        res.sendStatus(403);

        return false;
    }

    return knex.table('users').select('*').
    then((users) => res.send(users));
});

app.get('/logout', (req, res) => {
knex.table('users').select('*').
where({ token: req.get('Token') }).
then((users) => {
var [user] = users;
if (user === null) {
res.status(400);
res.send(ErrorHandler.createError('Invalid token!'));
} else {
return knex.table('users').where({ id: user.id }).
update('Token', null);
}

return false;
}).
then((data) => res.send(data));
});

module.exports = {
App: app,
GetUser: getUser,
Middleware: middleware
};