Dim Dim преди 6 години
родител
ревизия
dc5b8893da
променени са 8 файла, в които са добавени 284 реда и са изтрити 2 реда
  1. 42 0
      database/db.js
  2. BIN
      database/mydb/000003.log
  3. 1 0
      database/mydb/CURRENT
  4. 0 0
      database/mydb/LOCK
  5. 1 0
      database/mydb/LOG
  6. BIN
      database/mydb/MANIFEST-000002
  7. 1 2
      package.json
  8. 239 0
      routes/users0.js

+ 42 - 0
database/db.js

@@ -0,0 +1,42 @@
+var level = require('level');
+
+var database = {
+	init: function(){
+		const db = level('./mydb');
+	},
+	open: function(callback){
+		return this.db.open(callback);
+	},
+	close: function(callback){
+		return this.db.close(callback);
+	},
+	put: function(key, value, options, callback){
+		return this.db.put(key, value, options, callback);
+	},
+	get: function(key, options, callback){
+		return this.db.get(key, options, callback);
+	},
+	del: function(key, options, callback){
+		return this.db.del(key, options, callback);
+	},
+	batch: function(array, options, callback){
+		return this.db.batch(array, options, callback);
+	},
+	isOpen: function(){
+		return this.db.isOpen();
+	},
+	isClosed: function(){
+		return this.db.isClosed();
+	},
+	createReadStream: function(options){
+		return this.db.createReadStream(options);
+	},
+	createKeyStream: function(options){
+		return this.db.createKeyStream(options);
+	},
+	createValueStream: function(options){
+		return this.db.createValueStream(options);
+	}
+};
+
+module.exports = database;

BIN
database/mydb/000003.log


+ 1 - 0
database/mydb/CURRENT

@@ -0,0 +1 @@
+MANIFEST-000002

+ 0 - 0
database/mydb/LOCK


+ 1 - 0
database/mydb/LOG

@@ -0,0 +1 @@
+2018/01/20-17:34:51.200 1344 Delete type=3 #1

BIN
database/mydb/MANIFEST-000002


+ 1 - 2
package.json

@@ -10,8 +10,7 @@
     "cookie-parser": "~1.4.3",
     "debug": "~2.6.9",
     "express": "~4.15.5",
-    "leveldown": "^2.1.1",
-    "levelup": "^2.0.1",
+    "level": "^2.1.1",
     "morgan": "~1.9.0",
     "pug": "2.0.0-beta11",
     "serve-favicon": "~2.4.5"

+ 239 - 0
routes/users0.js

@@ -0,0 +1,239 @@
+var knex = require('../db/db.js');
+var express = require('express');
+var app = new express.Router();
+var CryptoJS = require('crypto-js');
+var auth = require('../helpers/auth');
+
+var ErrorHandler = require('./error-handler.js');
+// /////////////////////////////////////////////////////////////////////
+var included = {
+email: 3,
+id: 99,
+// password : 2,
+role: 5,
+token: 4,
+username: 1
+};
+function present(user) {
+ var res = {};
+ for (var key in user) {
+  if (included[key]) {
+  res[key] = user[key];
+  }
+ }
+
+ return res;
+}
+// /////////////////////////////////////////////////////////////////////
+function getUser(token) {
+ return knex.table('users').select('*').
+where({ token }).
+then((data) => {
+var [user] = data;
+if (user === null) {
+ throw Error('Not a valid token!');
+} else {
+ return user;
+}
+});
+}
+
+function middleware(req, res, next) {
+var token = req.get('Token');
+if (!token || token.length < 5) {
+next();
+
+return true;
+}
+getUser(token).then((user) => {
+ req.sessionUser = user;
+ next();
+}).
+catch(() => {
+ console.log('Session Users errors');
+ next();
+});
+
+
+return true;
+}
+// /////////////////////////////////////////////////////////////////////
+app.post('/role', (req, res) => {
+    if (!auth.isAdmin(req)) {
+        return res.sendStatus(403);
+    }
+    if (!req.body.role || !req.body.id) {
+        return res.sendStatus(404);
+    }
+
+    return knex.table('users').
+                where({ id: req.body.id }).
+                update({ role: req.body.role }).
+                then((updated) => {
+                  const updates = updated;
+                  if (updates !== 1) {
+                    res.sendStatus(409);
+                    const err = { status: 409 };
+
+                    throw err;
+                  }
+                }).
+                then(() => res.send({ msg: 'OK' }));
+});
+app.post('/register', (req, res) => {
+
+    if (!auth.isAdmin(req)) {
+        return res.sendStatus(403);
+    }
+
+    var theuser = {};
+
+    return knex.table('users').select('*').
+    where({ username: req.body.username }).
+    then((data) => {
+        var [ndata] = data;
+        if (typeof ndata !== 'undefined' || ndata) {
+            res.status(409);
+            res.send(ErrorHandler.
+                createError('Please choose another username or login!'));
+            throw Error('Username exists');
+        }
+    }).
+    then(() => {
+    // create salt and hash
+    console.log(req.body);
+    var hashFn = CryptoJS.SHA256;
+
+    var salt = CryptoJS.lib.WordArray.random(128 / 8).toString();
+    var hash = hashFn(salt + req.body.password + salt).toString();
+    var user = {
+        email: req.body.email,
+        name: req.body.name,
+        password: hash,
+        phone: req.body.phone,
+        salt,
+        username: req.body.username
+    };
+    theuser = user;
+
+    return knex.table('users').insert(user);
+    }).
+    // register
+    then(() => res.send(present(theuser)));
+});
+
+function checkUpdateToken(user) {
+ var hashFn = CryptoJS.SHA256;
+ var Token = user.token;
+ var month = new Date().getMonth();
+ if (month > 9) {
+  month -= 10;
+ }
+ if (!user.token || parseInt(user.token[user.token.length - 1], 10) !== month) {
+  // generate token
+  Token = hashFn(Math.random().toString() + user.salt).toString() + month;
+ }
+
+return Token;
+}
+function checkGenerateToken(user, password) {
+var hashFn = CryptoJS.SHA256;
+var hash = hashFn(user.salt + password + user.salt).toString();
+if (hash === user.password) {
+
+var Token = checkUpdateToken(user);
+
+return knex.table('users').where({ id: user.id }).
+update('token', Token).
+then(() => Token);
+}
+
+return Promise.reject(new Error('incorrect password'));
+
+}
+
+app.post('/login', (req, res) => {
+    if (!req.body.username || !req.body.password) {
+        res.status(400);
+        res.send('Missing creds');
+
+        return;
+    }
+    var theuser = {};
+    knex.table('users').select('*').
+    where({ username: req.body.username }).
+    then((users) => {
+        var [user] = users;
+        theuser = user;
+        if (!user) {
+            throw Error({ 'msg': 'No username' });
+        }
+
+        return checkGenerateToken(user, req.body.password).
+               then((token) => {
+                    theuser.token = token;
+
+                    return res.send(present(theuser));
+        });
+    }).
+    catch(() => {
+        res.status(403);
+        res.send('Bad creds');
+    });
+});
+
+app.get('/me', (req, res) => {
+    var token = req.get('Token');
+    if (!token) {
+        res.status(400);
+        res.send('Need a token...');
+
+        return;
+    }
+    knex.table('users').select('*').
+    where({ token }).
+    then((users) => {
+        var [user] = users;
+        if (user === null) {
+            res.status(400);
+            res.send(ErrorHandler.createError('Invalid token!'));
+        } else {
+            res.send(present(user));
+        }
+    });
+});
+
+app.get('/', (req, res) => {
+    if (!auth.isAdmin(req)) {
+        res.sendStatus(403);
+
+        return false;
+    }
+
+    return knex.table('users').select('*').
+    then((users) => res.send(users));
+});
+
+app.get('/logout', (req, res) => {
+knex.table('users').select('*').
+where({ token: req.get('Token') }).
+then((users) => {
+var [user] = users;
+if (user === null) {
+res.status(400);
+res.send(ErrorHandler.createError('Invalid token!'));
+} else {
+return knex.table('users').where({ id: user.id }).
+update('Token', null);
+}
+
+return false;
+}).
+then((data) => res.send(data));
+});
+
+module.exports = {
+App: app,
+GetUser: getUser,
+Middleware: middleware
+};