var knex = require('../db/db.js'); var express = require('express'); var app = new express.Router(); var CryptoJS = require('crypto-js'); var auth = require('../helpers/auth'); var ErrorHandler = require('./error-handler.js'); // ///////////////////////////////////////////////////////////////////// var included = { email: 3, id: 99, // password : 2, role: 5, token: 4, username: 1 }; function present(user) { var res = {}; for (var key in user) { if (included[key]) { res[key] = user[key]; } } return res; } // ///////////////////////////////////////////////////////////////////// function getUser(token) { return knex.table('users').select('*'). where({ token }). then((data) => { var [user] = data; if (user === null) { throw Error('Not a valid token!'); } else { return user; } }); } function middleware(req, res, next) { var token = req.get('Token'); if (!token || token.length < 5) { next(); return true; } getUser(token).then((user) => { req.sessionUser = user; next(); }). catch(() => { console.log('Session Users errors'); next(); }); return true; } // ///////////////////////////////////////////////////////////////////// app.post('/role', (req, res) => { if (!auth.isAdmin(req)) { return res.sendStatus(403); } if (!req.body.role || !req.body.id) { return res.sendStatus(404); } return knex.table('users'). where({ id: req.body.id }). update({ role: req.body.role }). then((updated) => { const updates = updated; if (updates !== 1) { res.sendStatus(409); const err = { status: 409 }; throw err; } }). then(() => res.send({ msg: 'OK' })); }); app.post('/register', (req, res) => { if (!auth.isAdmin(req)) { return res.sendStatus(403); } var theuser = {}; return knex.table('users').select('*'). where({ username: req.body.username }). then((data) => { var [ndata] = data; if (typeof ndata !== 'undefined' || ndata) { res.status(409); res.send(ErrorHandler. createError('Please choose another username or login!')); throw Error('Username exists'); } }). then(() => { // create salt and hash console.log(req.body); var hashFn = CryptoJS.SHA256; var salt = CryptoJS.lib.WordArray.random(128 / 8).toString(); var hash = hashFn(salt + req.body.password + salt).toString(); var user = { email: req.body.email, name: req.body.name, password: hash, phone: req.body.phone, salt, username: req.body.username }; theuser = user; return knex.table('users').insert(user); }). // register then(() => res.send(present(theuser))); }); function checkUpdateToken(user) { var hashFn = CryptoJS.SHA256; var Token = user.token; var month = new Date().getMonth(); if (month > 9) { month -= 10; } if (!user.token || parseInt(user.token[user.token.length - 1], 10) !== month) { // generate token Token = hashFn(Math.random().toString() + user.salt).toString() + month; } return Token; } function checkGenerateToken(user, password) { var hashFn = CryptoJS.SHA256; var hash = hashFn(user.salt + password + user.salt).toString(); if (hash === user.password) { var Token = checkUpdateToken(user); return knex.table('users').where({ id: user.id }). update('token', Token). then(() => Token); } return Promise.reject(new Error('incorrect password')); } app.post('/login', (req, res) => { if (!req.body.username || !req.body.password) { res.status(400); res.send('Missing creds'); return; } var theuser = {}; knex.table('users').select('*'). where({ username: req.body.username }). then((users) => { var [user] = users; theuser = user; if (!user) { throw Error({ 'msg': 'No username' }); } return checkGenerateToken(user, req.body.password). then((token) => { theuser.token = token; return res.send(present(theuser)); }); }). catch(() => { res.status(403); res.send('Bad creds'); }); }); app.get('/me', (req, res) => { var token = req.get('Token'); if (!token) { res.status(400); res.send('Need a token...'); return; } knex.table('users').select('*'). where({ token }). then((users) => { var [user] = users; if (user === null) { res.status(400); res.send(ErrorHandler.createError('Invalid token!')); } else { res.send(present(user)); } }); }); app.get('/', (req, res) => { if (!auth.isAdmin(req)) { res.sendStatus(403); return false; } return knex.table('users').select('*'). then((users) => res.send(users)); }); app.get('/logout', (req, res) => { knex.table('users').select('*'). where({ token: req.get('Token') }). then((users) => { var [user] = users; if (user === null) { res.status(400); res.send(ErrorHandler.createError('Invalid token!')); } else { return knex.table('users').where({ id: user.id }). update('Token', null); } return false; }). then((data) => res.send(data)); }); module.exports = { App: app, GetUser: getUser, Middleware: middleware };