123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239 |
- var knex = require('../db/db.js');
- var express = require('express');
- var app = new express.Router();
- var CryptoJS = require('crypto-js');
- var auth = require('../helpers/auth');
- var ErrorHandler = require('./error-handler.js');
- // /////////////////////////////////////////////////////////////////////
- var included = {
- email: 3,
- id: 99,
- // password : 2,
- role: 5,
- token: 4,
- username: 1
- };
- function present(user) {
- var res = {};
- for (var key in user) {
- if (included[key]) {
- res[key] = user[key];
- }
- }
- return res;
- }
- // /////////////////////////////////////////////////////////////////////
- function getUser(token) {
- return knex.table('users').select('*').
- where({ token }).
- then((data) => {
- var [user] = data;
- if (user === null) {
- throw Error('Not a valid token!');
- } else {
- return user;
- }
- });
- }
- function middleware(req, res, next) {
- var token = req.get('Token');
- if (!token || token.length < 5) {
- next();
- return true;
- }
- getUser(token).then((user) => {
- req.sessionUser = user;
- next();
- }).
- catch(() => {
- console.log('Session Users errors');
- next();
- });
- return true;
- }
- // /////////////////////////////////////////////////////////////////////
- app.post('/role', (req, res) => {
- if (!auth.isAdmin(req)) {
- return res.sendStatus(403);
- }
- if (!req.body.role || !req.body.id) {
- return res.sendStatus(404);
- }
- return knex.table('users').
- where({ id: req.body.id }).
- update({ role: req.body.role }).
- then((updated) => {
- const updates = updated;
- if (updates !== 1) {
- res.sendStatus(409);
- const err = { status: 409 };
- throw err;
- }
- }).
- then(() => res.send({ msg: 'OK' }));
- });
- app.post('/register', (req, res) => {
- if (!auth.isAdmin(req)) {
- return res.sendStatus(403);
- }
- var theuser = {};
- return knex.table('users').select('*').
- where({ username: req.body.username }).
- then((data) => {
- var [ndata] = data;
- if (typeof ndata !== 'undefined' || ndata) {
- res.status(409);
- res.send(ErrorHandler.
- createError('Please choose another username or login!'));
- throw Error('Username exists');
- }
- }).
- then(() => {
- // create salt and hash
- console.log(req.body);
- var hashFn = CryptoJS.SHA256;
- var salt = CryptoJS.lib.WordArray.random(128 / 8).toString();
- var hash = hashFn(salt + req.body.password + salt).toString();
- var user = {
- email: req.body.email,
- name: req.body.name,
- password: hash,
- phone: req.body.phone,
- salt,
- username: req.body.username
- };
- theuser = user;
- return knex.table('users').insert(user);
- }).
- // register
- then(() => res.send(present(theuser)));
- });
- function checkUpdateToken(user) {
- var hashFn = CryptoJS.SHA256;
- var Token = user.token;
- var month = new Date().getMonth();
- if (month > 9) {
- month -= 10;
- }
- if (!user.token || parseInt(user.token[user.token.length - 1], 10) !== month) {
- // generate token
- Token = hashFn(Math.random().toString() + user.salt).toString() + month;
- }
- return Token;
- }
- function checkGenerateToken(user, password) {
- var hashFn = CryptoJS.SHA256;
- var hash = hashFn(user.salt + password + user.salt).toString();
- if (hash === user.password) {
- var Token = checkUpdateToken(user);
- return knex.table('users').where({ id: user.id }).
- update('token', Token).
- then(() => Token);
- }
- return Promise.reject(new Error('incorrect password'));
- }
- app.post('/login', (req, res) => {
- if (!req.body.username || !req.body.password) {
- res.status(400);
- res.send('Missing creds');
- return;
- }
- var theuser = {};
- knex.table('users').select('*').
- where({ username: req.body.username }).
- then((users) => {
- var [user] = users;
- theuser = user;
- if (!user) {
- throw Error({ 'msg': 'No username' });
- }
- return checkGenerateToken(user, req.body.password).
- then((token) => {
- theuser.token = token;
- return res.send(present(theuser));
- });
- }).
- catch(() => {
- res.status(403);
- res.send('Bad creds');
- });
- });
- app.get('/me', (req, res) => {
- var token = req.get('Token');
- if (!token) {
- res.status(400);
- res.send('Need a token...');
- return;
- }
- knex.table('users').select('*').
- where({ token }).
- then((users) => {
- var [user] = users;
- if (user === null) {
- res.status(400);
- res.send(ErrorHandler.createError('Invalid token!'));
- } else {
- res.send(present(user));
- }
- });
- });
- app.get('/', (req, res) => {
- if (!auth.isAdmin(req)) {
- res.sendStatus(403);
- return false;
- }
- return knex.table('users').select('*').
- then((users) => res.send(users));
- });
- app.get('/logout', (req, res) => {
- knex.table('users').select('*').
- where({ token: req.get('Token') }).
- then((users) => {
- var [user] = users;
- if (user === null) {
- res.status(400);
- res.send(ErrorHandler.createError('Invalid token!'));
- } else {
- return knex.table('users').where({ id: user.id }).
- update('Token', null);
- }
- return false;
- }).
- then((data) => res.send(data));
- });
- module.exports = {
- App: app,
- GetUser: getUser,
- Middleware: middleware
- };
|