178 lines
6.3 KiB
JavaScript
178 lines
6.3 KiB
JavaScript
import express from 'express';
|
|
import svgCaptcha from 'svg-captcha';
|
|
|
|
const collection = 'users';
|
|
|
|
/**
|
|
* UsersController. API for the user management, граничен клас за комуникация с потребителския модул
|
|
*/
|
|
class UsersController {
|
|
name = 'userApi'
|
|
route = '/api/user'
|
|
|
|
init(app) {
|
|
const { db, am, user, global } = app;
|
|
const router = express.Router();
|
|
|
|
router.get('/info', (req, res) => {
|
|
res.json({ user: req.user });
|
|
})
|
|
|
|
router.post('/signin', function (req, res, next) {
|
|
user.passport.authenticate('local', function (err, user, info) {
|
|
if (err) { return next(err); }
|
|
if (!user) {
|
|
am.audit(req, 'login:error', null, { message: info.message });
|
|
return res.json({ status: 'error', message: info.message })
|
|
}
|
|
req.login(user, (err) => {
|
|
if (err) {
|
|
am.audit(req, 'login:error', null, { err });
|
|
return next(err);
|
|
}
|
|
res.json({ status: 'OK', user: req.user });
|
|
am.audit(req, 'login');
|
|
})
|
|
})(req, res, next);
|
|
});
|
|
|
|
router.post('/signup', async (req, res) => {
|
|
try {
|
|
await user.signUp(req, req.body);
|
|
res.json({ status: "OK", user: req.user });
|
|
} catch (err) {
|
|
res.json({ status: 'error', message: err.message, user: null });
|
|
}
|
|
});
|
|
|
|
router.get('/signout', async (req, res) => {
|
|
am.audit(req, 'logout');
|
|
req.logout(then => {
|
|
res.json({ status: 'OK' });
|
|
});
|
|
})
|
|
|
|
router.get('/auth/facebook', user.passport.authenticate('facebook', { scope: ['email'] }));
|
|
router.get('/auth/facebook/callback', am.getSocialCallback('facebook'));
|
|
|
|
router.get('/auth/google', user.passport.authenticate('google', { scope: ['profile', 'email'] }));
|
|
router.get('/auth/google/callback', am.getSocialCallback('google'));
|
|
|
|
router.post('/tm', async (req, res) => {
|
|
am.audit(req, 'tm:' + req.body.action, req.body.object, req.body.data)
|
|
res.json({ status: "OK" });
|
|
})
|
|
|
|
router.post('/update', am.user, async (req, res) => {
|
|
try {
|
|
await user.update(req, req.body);
|
|
res.json({ status: 'OK' });
|
|
} catch (err) {
|
|
if (err.message == 'unauthorized') {
|
|
res.status(401).json({ status: 'error', message: 'Unauthorized' })
|
|
} else {
|
|
console.error(err);
|
|
res.status(500).json({ status: 'error' })
|
|
}
|
|
}
|
|
})
|
|
|
|
router.post('/forgotten', async (req, res) => {
|
|
try {
|
|
await user.forgotten(req, req.body);
|
|
res.json({ status: "OK" });
|
|
} catch (err) {
|
|
res.json({ status: 'error', message: err.message });
|
|
}
|
|
})
|
|
|
|
router.post('/reset', async (req, res) => {
|
|
try {
|
|
await user.reset(req, req.body);
|
|
res.json({ status: "OK" });
|
|
} catch (err) {
|
|
res.json({ status: 'error', message: err.message });
|
|
}
|
|
});
|
|
|
|
router.post('/send-validation-email', async (req, res) => {
|
|
let dbUser = await db.get(collection, { '_id': db.ObjectId(req.body._id) });
|
|
if (dbUser.email != req.user?.email) {
|
|
res.json({ status: 'error', message: 'invalidEmail' });
|
|
}
|
|
if (dbUser) {
|
|
if (dbUser.status == 9) {
|
|
await user.sendValidationEmail(req, dbUser);
|
|
res.json({ status: "OK" });
|
|
} else if (dbUser.status == 10) {
|
|
res.json({ status: 'error', message: 'emailAlreadyValidated' });
|
|
}
|
|
} else {
|
|
res.json({ status: 'error', message: 'invalidEmail' });
|
|
}
|
|
})
|
|
|
|
router.post('/validate-email', async (req, res) => {
|
|
try {
|
|
await user.validateEmail(req, req.body);
|
|
res.json({ status: "OK" });
|
|
} catch (err) {
|
|
res.json({ status: 'error', message: err.message });
|
|
}
|
|
})
|
|
|
|
router.get('/get/:id', am.admin, async (req, res) => {
|
|
let user = await db.get(collection, { '_id': db.ObjectId(req.params.id) }, { password: 0 });
|
|
res.json(user);
|
|
})
|
|
|
|
router.delete('/delete/:id', am.admin, async (req, res) => {
|
|
await user.delete(req, req.params.id);
|
|
res.json({ status: 'OK' });
|
|
})
|
|
|
|
router.post('/list', am.admin, async (req, res) => {
|
|
let q = {
|
|
query: {},
|
|
project: { password: 0 },
|
|
limit: req.body.limit || 12, skip: req.body.skip || 0
|
|
};
|
|
if (req.body.email) {
|
|
q.query.email = { $regex: global.JsUtils.escapeRegExp(req.body.email), $options: 'i' }
|
|
}
|
|
let list = await db.list(collection, q);
|
|
res.json(list);
|
|
})
|
|
|
|
router.get('/captcha', (req, res) => {
|
|
let captcha = svgCaptcha.create({
|
|
noise: 2,
|
|
color: true
|
|
});
|
|
req.session.captcha = captcha.text;
|
|
res.type('svg');
|
|
res.status(200).send(captcha.data);
|
|
})
|
|
|
|
router.post('/i-am-not-a-robot', async (req, res) => {
|
|
if (req.body.captcha?.toLowerCase() == req.session.captcha?.toLowerCase()) {
|
|
let cache = db.instance.collection('cache');
|
|
let queryKey = {
|
|
scope: 'ip', key: req.clientIP
|
|
}
|
|
let ipInfo = await cache.findOne(queryKey)
|
|
if (ipInfo) {
|
|
ipInfo.objects = [];
|
|
await cache.replaceOne(queryKey, ipInfo);
|
|
}
|
|
res.json({ status: 'OK' });
|
|
} else {
|
|
res.json({ status: 'error', message: 'invalidCaptcha' });
|
|
}
|
|
})
|
|
|
|
app.webServer.xapp.use(this.route, router);
|
|
}
|
|
}
|
|
|
|
export { UsersController } |