surya/freeplanet_serverside
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- primo aggiornamento myreccard

Browse Source 
- aggiunta sito germogliamo.app
- aggiornato login con il parametro "browser_random" che serve per fare un login anche su 2 pagine contemporaneamente.
This commit is contained in:
Surya Paolo
2025-11-25 17:45:24 +01:00
parent c61572a715
commit 70698fab44
15 changed files with 134 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.env.dev.riso
View File

@@ -29,8 +29,8 @@ GCM_API_KEY=""
PROD=0 PROD=0
PROJECT_DESCR_MAIN='__PROJECTS' PROJECT_DESCR_MAIN='__PROJECTS'
SECRK=Askb38v23jjDFaoskBOWj92axXCQ SECRK=Askb38v23jjDFaoskBOWj92axXCQ
TOKEN_LIFE=10m TOKEN_LIFE=1m
REFRESH_TOKEN_LIFE=14d REFRESH_TOKEN_LIFE=30d
FTPSERVER_HOST=139.162.166.31 FTPSERVER_HOST=139.162.166.31
FTPSERVER_PORT=21 FTPSERVER_PORT=21
FTPSERVER_USER=ftpusrsrv_ FTPSERVER_USER=ftpusrsrv_

4
.env.development
View File

@@ -29,8 +29,8 @@ GCM_API_KEY=""
PROD=0 PROD=0
PROJECT_DESCR_MAIN='__PROJECTS' PROJECT_DESCR_MAIN='__PROJECTS'
SECRK=Askb38v23jjDFaoskBOWj92axXCQ SECRK=Askb38v23jjDFaoskBOWj92axXCQ
TOKEN_LIFE=2m TOKEN_LIFE=30d
REFRESH_TOKEN_LIFE=14d REFRESH_TOKEN_LIFE=30d
FTPSERVER_HOST=139.162.166.31 FTPSERVER_HOST=139.162.166.31
FTPSERVER_PORT=21 FTPSERVER_PORT=21
FTPSERVER_USER=ftpusrsrv_ FTPSERVER_USER=ftpusrsrv_

2
.env.prod.riso
View File

@@ -30,7 +30,7 @@ SECRK=iUUb38v23jjDFaosWj92axkBOXCQ
TOKEN_LIFE=30d TOKEN_LIFE=30d
REFRESH_TOKEN_LIFE=30d REFRESH_TOKEN_LIFE=30d
AUTH_NEW_SITES=B234HDSAOJ734ndcsdKWNV AUTH_NEW_SITES=B234HDSAOJ734ndcsdKWNV
DOMAINS=[{"hostname":"riso.app","port":"3006"},{"hostname":"freeplanet.app","port":"3000"},{"hostname":"nuovomondo.app","port":"3032"}] DOMAINS=[{"hostname":"riso.app","port":"3006"},{"hostname":"freeplanet.app","port":"3000"},{"hostname":"nuovomondo.app","port":"3032"},{"hostname":"germogliamo.app","port":"3042"}]
DOMAINS_ALLOWED=["riso.app","comunitanuovomondo.app","nuovomondo.app","kolibrilab.it","artenergetica.org","freeplanet.app","www.freeplanet.app","freeplanet.app:3000","freeplanet.app:3001","www.freeplanet.app:3000","www.freeplanet.app:3001"] DOMAINS_ALLOWED=["riso.app","comunitanuovomondo.app","nuovomondo.app","kolibrilab.it","artenergetica.org","freeplanet.app","www.freeplanet.app","freeplanet.app:3000","freeplanet.app:3001","www.freeplanet.app:3000","www.freeplanet.app:3001"]
#DOMAINS=[{"hostname":"abitaregliiblei.it","port":"3021"},{"hostname":"riso.app","port":"3005"}] #DOMAINS=[{"hostname":"abitaregliiblei.it","port":"3021"},{"hostname":"riso.app","port":"3005"}]
SCRIPTS_DIR=admin_scripts SCRIPTS_DIR=admin_scripts

15
src/controllers/UserController.js
View File

@@ -55,7 +55,7 @@ class UserController {
} }
// Send response with tokens // Send response with tokens
res.header('x-auth', result.token).header('x-refrtok', result.refreshToken).send(result.user); res.header('x-auth', result.token).header('x-refrtok', result.refreshToken).header('x-browser-random', result.browser_random).send(result.user);
} catch (error) { } catch (error) {
console.error('Error in registration:', error.message); console.error('Error in registration:', error.message);
res.status(400).send({ res.status(400).send({
@@ -72,7 +72,9 @@ class UserController {
async login(req, res) { async login(req, res) {
try { try {
console.log('LOGIN'); console.log('LOGIN');
const { username, password, idapp, keyappid } = req.body; const { username, password, idapp, keyappid, br } = req.body;
const browser_random = br;
// Validate API key // Validate API key
if (keyappid !== process.env.KEY_APP_ID) { if (keyappid !== process.env.KEY_APP_ID) {
@@ -89,7 +91,7 @@ class UserController {
} }
// Attempt login // Attempt login
const result = await this.authService.authenticate(idapp, username, password, req); const result = await this.authService.authenticate(idapp, username, password, req, browser_random);
console.log('attempt...', result); console.log('attempt...', result);
@@ -101,7 +103,7 @@ class UserController {
} }
// Send response with tokens // Send response with tokens
res.header('x-auth', result.token).header('x-refrtok', result.refreshToken).send({ res.header('x-auth', result.token).header('x-refrtok', result.refreshToken).header('x-browser-random', result.browser_random).send({
usertosend: result.user, usertosend: result.user,
code: server_constants.RIS_CODE_OK, code: server_constants.RIS_CODE_OK,
subsExistonDb: result.subsExistonDb, subsExistonDb: result.subsExistonDb,
@@ -262,7 +264,9 @@ class UserController {
*/ */
async refreshToken(req, res) { async refreshToken(req, res) {
try { try {
const { refreshToken } = req.body; const { refreshToken, br } = req.body;
const browser_random = br;
if (!refreshToken) { if (!refreshToken) {
return res.status(400).send({ error: 'Refresh token mancante' }); return res.status(400).send({ error: 'Refresh token mancante' });
@@ -277,6 +281,7 @@ class UserController {
res.status(200).send({ res.status(200).send({
token: result.token, token: result.token,
refreshToken: result.refreshToken, refreshToken: result.refreshToken,
browser_random,
}); });
} catch (error) { } catch (error) {
console.error('Error in refreshToken:', error.message); console.error('Error in refreshToken:', error.message);

7
src/middleware/authenticate.js
View File

@@ -19,8 +19,11 @@ const authenticateMiddleware = async (req, res, next, withUser = false, lean = f
try { try {
const logPrefix = noError ? (withUser ? (lean ? 'WITHUSERLEAN' : 'WITHUSER') : 'NOERROR') : 'AUTH'; const logPrefix = noError ? (withUser ? (lean ? 'WITHUSERLEAN' : 'WITHUSER') : 'NOERROR') : 'AUTH';
// Validazione token // Validazione token
const token = req.header('x-auth'); const token = req.header('x-auth');
const browser_random = req.header('x-browser-random');
const refreshToken = req.header('x-refrtok');
if (!token) { if (!token) {
return handleAuthFailure(req, res, next, { return handleAuthFailure(req, res, next, {
code: server_constants.RIS_CODE_HTTP_INVALID_TOKEN, code: server_constants.RIS_CODE_HTTP_INVALID_TOKEN,
@@ -31,13 +34,13 @@ const authenticateMiddleware = async (req, res, next, withUser = false, lean = f
} }
// Recupera utente // Recupera utente
const refreshToken = req.header('x-refrtok'); const user = await User.findByToken(token, 'auth', browser_random, false, withUser, lean);
const user = await User.findByToken(token, 'auth', false, withUser, lean);
// Imposta dati richiesta // Imposta dati richiesta
req.user = user.code === server_constants.RIS_CODE_OK ? user.user : null; req.user = user.code === server_constants.RIS_CODE_OK ? user.user : null;
req.token = user.code === server_constants.RIS_CODE_OK ? token : null; req.token = user.code === server_constants.RIS_CODE_OK ? token : null;
req.refreshToken = refreshToken; req.refreshToken = refreshToken;
req.browser_random = browser_random;
req.code = user.code; req.code = user.code;
req.statuscode2 = null; req.statuscode2 = null;

1
src/models/subscribers.js
View File

@@ -18,6 +18,7 @@ const SubscriberSchema = new Schema({
userId: String, userId: String,
access: String, access: String,
browser: String, browser: String,
browser_random: String,
createDate: { createDate: {
type: Date, type: Date,
default: Date.now default: Date.now

77
src/models/user.js
View File

@@ -136,6 +136,10 @@ const UserSchema = new mongoose.Schema({
type: String, type: String,
default: '', default: '',
}, },
browser_random: {
type: String,
default: '',
},
date_login: { date_login: {
type: Date, type: Date,
}, },
@@ -571,7 +575,7 @@ UserSchema.methods.toJSON = function () {
return _.pick(userObject, ['_id', ...shared_consts.fieldsUserToChange()]); return _.pick(userObject, ['_id', ...shared_consts.fieldsUserToChange()]);
}; };
UserSchema.methods.generateAuthToken = function (req) { UserSchema.methods.generateAuthToken = function (req, browser_random) {
const user = this; const user = this;
const useragent = req.get('User-Agent'); const useragent = req.get('User-Agent');
@@ -607,13 +611,24 @@ UserSchema.methods.generateAuthToken = function (req) {
const date_login = new Date(); const date_login = new Date();
// Controlla se il token è già presente per la coppia access-browser /*
const idx = user.tokens.findIndex((tok) => tok.access === access && tok.browser === browser); if (user.tokens) {
console.log('token salvati: ' + user.tokens.length);
} else {
console.log('⚠️ Nessun Token salvato! ');
}*/
// Controlla se il token è già presente per la tripla access-browser-browser_random
const idx = user.tokens.findIndex(
(tok) =>
tok.access === access && tok.browser === browser && (!browser_random || tok.browser_random === browser_random)
);
if (idx === -1) { if (idx === -1) {
user.tokens.push({ access, browser, token, date_login, refreshToken }); user.tokens.push({ access, browser, token, date_login, refreshToken, browser_random });
} else { } else {
// Se il token esiste già, sostituisce il valore vecchio con il nuovo // Se il token esiste già, sostituisce il valore vecchio con il nuovo
user.tokens[idx] = { access, browser, token, date_login, refreshToken }; user.tokens[idx] = { access, browser, token, date_login, refreshToken, browser_random };
} }
user.lasttimeonline = new Date(); user.lasttimeonline = new Date();
@@ -622,11 +637,11 @@ UserSchema.methods.generateAuthToken = function (req) {
.save() .save()
.then(() => { .then(() => {
console.log('########## HO CREATO UN NUOVO TOKEN E REFRESHTOKEN !!!!! ----------- '); console.log('########## HO CREATO UN NUOVO TOKEN E REFRESHTOKEN !!!!! ----------- ');
return { token, refreshToken }; return { token, refreshToken, browser_random };
}) })
.catch((err) => { .catch((err) => {
console.log('Error', err.message); console.log('Error', err.message);
return { token: '', refreshToken: '' }; return { token: '', refreshToken: '', browser_random };
}); });
}; };
@@ -802,7 +817,16 @@ UserSchema.statics.isFacilitatore = function (perm) {
*/ */
// Funzione helper separata per trovare l'utente // Funzione helper separata per trovare l'utente
async function findUserByTokenAndAccess(User, decoded, token, typeaccess, withuser, withlean, project) { async function findUserByTokenAndAccessAndBrowserRandom(
User,
decoded,
token,
typeaccess,
browser_random,
withuser,
withlean,
project
) {
try { try {
const query = { const query = {
_id: decoded._id, _id: decoded._id,
@@ -810,6 +834,7 @@ async function findUserByTokenAndAccess(User, decoded, token, typeaccess, withus
$elemMatch: { $elemMatch: {
token, token,
access: typeaccess, access: typeaccess,
browser_random,
}, },
}, },
}; };
@@ -829,6 +854,7 @@ async function findUserByTokenAndAccess(User, decoded, token, typeaccess, withus
$elemMatch: { $elemMatch: {
token, token,
access: typeaccess, access: typeaccess,
browser_random,
}, },
}, },
}; };
@@ -842,7 +868,14 @@ async function findUserByTokenAndAccess(User, decoded, token, typeaccess, withus
} }
// Funzione principale refactored // Funzione principale refactored
UserSchema.statics.findByToken = async function (token, typeaccess, con_auth, withuser, withlean = false) { UserSchema.statics.findByToken = async function (
token,
typeaccess,
browser_random,
con_auth,
withuser,
withlean = false
) {
const User = this; const User = this;
let code = server_constants.RIS_CODE_HTTP_INVALID_TOKEN; let code = server_constants.RIS_CODE_HTTP_INVALID_TOKEN;
let user = null; let user = null;
@@ -884,7 +917,16 @@ UserSchema.statics.findByToken = async function (token, typeaccess, con_auth, wi
}; };
// Ricerca utente con funzione separata // Ricerca utente con funzione separata
user = await findUserByTokenAndAccess(User, decoded, token, typeaccess, withuser, withlean, project); user = await findUserByTokenAndAccessAndBrowserRandom(
User,
decoded,
token,
typeaccess,
browser_random,
withuser,
withlean,
project
);
// Verifica scadenza token per idapp specifici // Verifica scadenza token per idapp specifici
if (user) { if (user) {
@@ -1634,7 +1676,6 @@ UserSchema.statics.setAmmissioneByTokenAndUsername = async function (idapp, user
const User = this; const User = this;
try { try {
if (username === undefined) return false; if (username === undefined) return false;
const myquery = { const myquery = {
@@ -1660,7 +1701,11 @@ UserSchema.statics.setAmmissioneByTokenAndUsername = async function (idapp, user
return recfound; return recfound;
} }
const rec = await User.findOneAndUpdate(myquery, { $set: { token_da_ammettere: token, date_token_ammettere: new Date(), } }, { new: true }); const rec = await User.findOneAndUpdate(
myquery,
{ $set: { token_da_ammettere: token, date_token_ammettere: new Date() } },
{ new: true }
);
return rec; return rec;
} catch (e) { } catch (e) {
console.error('Error setAmmissione', e); console.error('Error setAmmissione', e);
@@ -1677,7 +1722,13 @@ UserSchema.statics.findAmmissioneByTokenAndUsername = async function (idapp, tok
token_da_ammettere: token, token_da_ammettere: token,
}; };
const rec = await User.findOne(myquery, { verified_by_aportador: 1, username: 1, aportador_solidario: 1, idapp: 1, lang: 1 }); const rec = await User.findOne(myquery, {
verified_by_aportador: 1,
username: 1,
aportador_solidario: 1,
idapp: 1,
lang: 1,
});
return rec && username.toLowerCase() === rec.username.toLowerCase() ? rec : null; return rec && username.toLowerCase() === rec.username.toLowerCase() ? rec : null;
}; };

6
src/router/index_router.js
View File

@@ -296,9 +296,10 @@ router.post(process.env.LINK_REQUEST_NEWPASSWORD, async (req, res) => {
// Ritorna il token per poter effettuare le chiamate... // Ritorna il token per poter effettuare le chiamate...
router.post(process.env.LINK_UPDATE_PWD, async (req, res) => { router.post(process.env.LINK_UPDATE_PWD, async (req, res) => {
try { try {
const body = _.pick(req.body, ['idapp', 'email', 'tokenforgot', 'tokenforgot_code', 'password']); const body = _.pick(req.body, ['idapp', 'email', 'tokenforgot', 'tokenforgot_code', 'password', 'br']);
const idapp = body.idapp; const idapp = body.idapp;
const email = body.email.toLowerCase().trim(); const email = body.email.toLowerCase().trim();
const browser_random = body.br;
const tokenforgot = body.tokenforgot; const tokenforgot = body.tokenforgot;
const tokenforgot_code = body.tokenforgot_code; const tokenforgot_code = body.tokenforgot_code;
const password = body.password; const password = body.password;
@@ -347,6 +348,7 @@ router.post(process.env.LINK_UPDATE_PWD, async (req, res) => {
res res
.header('x-auth', ris.token) .header('x-auth', ris.token)
.header('x-refrtok', ris.refreshToken) .header('x-refrtok', ris.refreshToken)
.header('x-browser-random', ris.browser_random)
.send({ code: server_constants.RIS_CODE_OK }); // Ritorna il token di ritorno .send({ code: server_constants.RIS_CODE_OK }); // Ritorna il token di ritorno
}); });
}); });
@@ -2024,7 +2026,7 @@ async function testMongoPerformance(ind, iterations = 20) {
const token = const token =
'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJfaWQiOiJQUk9WQU1TR0AxQSIsInNtYXJ0IjoiNjIwODAwYWRjMTI5ZDFlYmE3NjBiZWNiIiwiYWNjZXNzIjoiYXV0aCIsInVuIjoic3VyeWExOTc3IiwiaWF0IjoxNzQxODcyMzEwLCJleHAiOjE3NDE4Nzk1MTB9.SXJLmsS6EZVhaU7sUWYMnaqGpiiy8RfE9K43xTdxNuU'; 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJfaWQiOiJQUk9WQU1TR0AxQSIsInNtYXJ0IjoiNjIwODAwYWRjMTI5ZDFlYmE3NjBiZWNiIiwiYWNjZXNzIjoiYXV0aCIsInVuIjoic3VyeWExOTc3IiwiaWF0IjoxNzQxODcyMzEwLCJleHAiOjE3NDE4Nzk1MTB9.SXJLmsS6EZVhaU7sUWYMnaqGpiiy8RfE9K43xTdxNuU';
await User.findByToken(token, 'auth', true, true); await User.findByToken(token, 'auth', '', true, true);
} }
} catch (err) { } catch (err) {
log(`Errore nell'iterazione ${i + 1}: ${err.message}`); log(`Errore nell'iterazione ${i + 1}: ${err.message}`);

5
src/router/subscribe_router.js
View File

@@ -37,6 +37,7 @@ router.post('/', authenticate, async (req, res) => {
subscriptionModel.userId = req.body.others.userId; subscriptionModel.userId = req.body.others.userId;
subscriptionModel.access = req.body.others.access; subscriptionModel.access = req.body.others.access;
subscriptionModel.browser = req.get('User-Agent'); subscriptionModel.browser = req.get('User-Agent');
subscriptionModel.browser_random = req.body.others.browser_random;
// console.log('subscriptionModel.browser', subscriptionModel.browser); // console.log('subscriptionModel.browser', subscriptionModel.browser);
@@ -45,6 +46,7 @@ router.post('/', authenticate, async (req, res) => {
userId: subscriptionModel.userId, userId: subscriptionModel.userId,
access: subscriptionModel.access, access: subscriptionModel.access,
browser: subscriptionModel.browser, browser: subscriptionModel.browser,
browser_random: subscriptionModel.browser_random,
}).then(itemsub => { }).then(itemsub => {
return itemsub; return itemsub;
}).catch(err => { }).catch(err => {
@@ -96,8 +98,9 @@ router.delete('/del', authenticate, async (req, res) => {
if (req.user) { if (req.user) {
const browser = req.get('User-Agent'); const browser = req.get('User-Agent');
const browser_random = req.body.browser_random;
return await Subscription.findOneAndDelete( return await Subscription.findOneAndDelete(
{ userId: req.user._id, access: req.access, browser }).then(() => { { userId: req.user._id, access: req.access, browser, browser_random }).then(() => {
res.status(200).send(); res.status(200).send();
}, () => { }, () => {
res.status(400).send(); res.status(400).send();

25
src/router/users_router.js
View File

@@ -58,9 +58,9 @@ const mongoose = require('mongoose').set('debug', false);
const Subscription = require('../models/subscribers'); const Subscription = require('../models/subscribers');
const Macro = require('../modules/Macro'); const Macro = require('../modules/Macro');
async function existSubScribe(userId, access, browser) { async function existSubScribe(userId, access, browser, browser_random) {
try { try {
const itemsub = await Subscription.findOne({ userId, access, browser }).lean(); const itemsub = await Subscription.findOne({ userId, access, browser, browser_random }).lean();
return itemsub; return itemsub;
} catch (err) { } catch (err) {
return null; return null;
@@ -101,6 +101,7 @@ router.post('/', async (req, res) => {
'lang', 'lang',
'profile', 'profile',
'aportador_solidario', 'aportador_solidario',
'br',
]); ]);
body.email = body.email.toLowerCase(); body.email = body.email.toLowerCase();
@@ -112,6 +113,8 @@ router.post('/', async (req, res) => {
user.name = user.name.trim(); user.name = user.name.trim();
user.surname = user.surname.trim(); user.surname = user.surname.trim();
const browser_random = body.br;
if (user.aportador_solidario === 'tuo_username' || user.aportador_solidario === '{username}') { if (user.aportador_solidario === 'tuo_username' || user.aportador_solidario === '{username}') {
user.aportador_solidario = 'surya1977'; user.aportador_solidario = 'surya1977';
} }
@@ -313,8 +316,8 @@ router.post('/', async (req, res) => {
// Invia la richiesta di ammissione all'Invitante! // Invia la richiesta di ammissione all'Invitante!
await telegrambot.askConfirmationUser(myuser.idapp, shared_consts.CallFunz.REGISTRATION, myuser); await telegrambot.askConfirmationUser(myuser.idapp, shared_consts.CallFunz.REGISTRATION, myuser);
const { token, refreshToken } = await myuser.generateAuthToken(req); const { token, refreshToken, browser_random } = await myuser.generateAuthToken(req, browser_random);
res.header('x-auth', token).header('x-refrtok', refreshToken).send(myuser); res.header('x-auth', token).header('x-refrtok', refreshToken).header('x-browser-random', browser_random).send(myuser);
return true; return true;
} }
} }
@@ -327,7 +330,7 @@ router.post('/', async (req, res) => {
.then((usertrovato) => { .then((usertrovato) => {
// tools.mylog("TROVATO USERNAME ? ", user.username, usertrovato); // tools.mylog("TROVATO USERNAME ? ", user.username, usertrovato);
if (usertrovato !== null) { if (usertrovato !== null) {
return user.generateAuthToken(req); return user.generateAuthToken(req, browser_random);
} else { } else {
res.status(400).send(); res.status(400).send();
return 0; return 0;
@@ -365,7 +368,7 @@ router.post('/', async (req, res) => {
// if (!tools.testing()) { // if (!tools.testing()) {
await sendemail.sendEmail_Registration(user.lang, user.email, user, user.idapp, user.linkreg); await sendemail.sendEmail_Registration(user.lang, user.email, user, user.idapp, user.linkreg);
// } // }
res.header('x-auth', ris.token).header('x-refrtok', ris.refreshToken).send(user); res.header('x-auth', ris.token).header('x-refrtok', ris.refreshToken).header('x-browser-random', ris.browser_random).send(user);
return true; return true;
}); });
}) })
@@ -667,7 +670,7 @@ router.post('/newtok', async (req, res) => {
return res.status(403).send({ error: 'Refresh token non valido' }); return res.status(403).send({ error: 'Refresh token non valido' });
} }
const { token, refreshToken: newRefreshToken } = await recFound.generateAuthToken(req); const { token, refreshToken: newRefreshToken } = await recFound.generateAuthToken(req, browser_random);
return res.status(200).send({ return res.status(200).send({
token, token,
@@ -708,8 +711,10 @@ function checkBlocked(req, res, next) {
} }
router.post('/login', checkBlocked, async (req, res) => { router.post('/login', checkBlocked, async (req, res) => {
const body = _.pick(req.body, ['username', 'password', 'idapp', 'keyappid', 'lang']); const body = _.pick(req.body, ['username', 'password', 'idapp', 'keyappid', 'lang', 'br']);
const userpass = new User(body); const userpass = new User(body);
const browser_random = body.br;
// const subs = _.pick(req.body, ['subs']); // const subs = _.pick(req.body, ['subs']);
// tools.mylog("LOG: u: " + user.username + " p:" + user.password); // tools.mylog("LOG: u: " + user.username + " p:" + user.password);
@@ -783,7 +788,7 @@ router.post('/login', checkBlocked, async (req, res) => {
return res.status(401).send({ code: server_constants.RIS_CODE_LOGIN_ERR }); return res.status(401).send({ code: server_constants.RIS_CODE_LOGIN_ERR });
} else { } else {
const myris = await user.generateAuthToken(req); const myris = await user.generateAuthToken(req, browser_random);
const usertosend = new User(); const usertosend = new User();
@@ -791,7 +796,7 @@ router.post('/login', checkBlocked, async (req, res) => {
usertosend[field] = user[field]; usertosend[field] = user[field];
}); });
const subsExistonDb = await existSubScribe(usertosend._id, 'auth', req.get('User-Agent')); const subsExistonDb = await existSubScribe(usertosend._id, 'auth', req.get('User-Agent'), myris.browser_random);
res.header('x-auth', myris.token).header('x-refrtok', myris.refreshToken).send({ res.header('x-auth', myris.token).header('x-refrtok', myris.refreshToken).send({
usertosend, usertosend,

6
src/server/serverUtils.js
View File

@@ -56,7 +56,7 @@ function createCorsOptions(domains, domainsAllowed, isProduction, noCors = false
if (noCors) { if (noCors) {
console.log('NOCORS mode enabled'); console.log('NOCORS mode enabled');
return { return {
exposedHeaders: ['x-auth', 'x-refrtok'], exposedHeaders: ['x-auth', 'x-refrtok', 'x-browser-random'],
}; };
} }
@@ -91,8 +91,8 @@ function createCorsOptions(domains, domainsAllowed, isProduction, noCors = false
origin: originValidator, origin: originValidator,
credentials: true, credentials: true,
methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'PATCH'], methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'PATCH'],
allowedHeaders: ['Origin', 'X-Requested-With', 'Content-Type', 'Accept', 'Authorization', 'x-auth', 'x-refrtok'], allowedHeaders: ['Origin', 'X-Requested-With', 'Content-Type', 'Accept', 'Authorization', 'x-auth', 'x-refrtok', 'x-browser-random'],
exposedHeaders: ['x-auth', 'x-refrtok'], exposedHeaders: ['x-auth', 'x-refrtok', 'x-browser-random'],
maxAge: 86400, maxAge: 86400,
preflightContinue: false, preflightContinue: false,
optionsSuccessStatus: 204, optionsSuccessStatus: 204,

5
src/server/setupRouters.js
View File

@@ -45,7 +45,8 @@ function setupRouters(app) {
const router = require(`../router/${file}`); const router = require(`../router/${file}`);
app.use(path, router); app.use(path, router);
} catch (err) { } catch (err) {
console.error(`❌ Errore caricamento router ${file}: ${err.message}`); console.error(`❌ Errore caricamento router ${file}:`, err.stack ? err.stack : err.message);
return false;
} }
}); });
@@ -56,6 +57,8 @@ function setupRouters(app) {
service: 'invita-amico-api', service: 'invita-amico-api',
}); });
}); });
return true;
} }
function setupMailchimpRoutes(app) { function setupMailchimpRoutes(app) {

7
src/server/startServer.js
View File

@@ -24,7 +24,12 @@ async function startServer(app, port) {
await myLoad().then(async (ris) => { await myLoad().then(async (ris) => {
setupExpress(app, corsOptions); setupExpress(app, corsOptions);
setupRouters(app); const ok = setupRouters(app);
if (!ok) {
console.error('Errore durante setupRouters');
process.exit(1);
}
setupMailchimpRoutes(app); setupMailchimpRoutes(app);
console.log('DOMAINS:', domains) console.log('DOMAINS:', domains)

13
src/services/AuthService.js
View File

@@ -14,7 +14,7 @@ class AuthService {
/** /**
* Authenticate user with username and password * Authenticate user with username and password
*/ */
async authenticate(idapp, username, password, req) { async authenticate(idapp, username, password, req, browser_random) {
try { try {
console.log('STO FACENDO LOGIN...'); console.log('STO FACENDO LOGIN...');
// Check if user is blocked // Check if user is blocked
@@ -42,7 +42,7 @@ class AuthService {
delete this.failedLoginAttempts[username]; delete this.failedLoginAttempts[username];
// Generate tokens // Generate tokens
const { token, refreshToken } = await user.generateAuthToken(req); const { token, refreshToken, browser_random } = await user.generateAuthToken(req);
// Prepare user data to send // Prepare user data to send
const userToSend = this._prepareUserData(user); const userToSend = this._prepareUserData(user);
@@ -50,12 +50,13 @@ class AuthService {
console.log('userToSend', userToSend); console.log('userToSend', userToSend);
// Check subscription // Check subscription
const subsExistonDb = await this._checkSubscription(user._id, req.get('User-Agent')); const subsExistonDb = await this._checkSubscription(user._id, req.get('User-Agent'), browser_random);
return { return {
error: false, error: false,
token, token,
refreshToken, refreshToken,
browser_random,
user: userToSend, user: userToSend,
subsExistonDb, subsExistonDb,
}; };
@@ -93,12 +94,13 @@ class AuthService {
}; };
} }
const { token, refreshToken: newRefreshToken } = await user.generateAuthToken(req); const { token, refreshToken: newRefreshToken, browser_random } = await user.generateAuthToken(req);
return { return {
error: false, error: false,
token, token,
refreshToken: newRefreshToken, refreshToken: newRefreshToken,
browser_random,
}; };
} catch (error) { } catch (error) {
console.error('Error in refreshToken:', error.message); console.error('Error in refreshToken:', error.message);
@@ -224,12 +226,13 @@ class AuthService {
* Check if subscription exists * Check if subscription exists
* @private * @private
*/ */
async _checkSubscription(userId, userAgent) { async _checkSubscription(userId, userAgent, browser_random) {
try { try {
const subscription = await Subscription.findOne({ const subscription = await Subscription.findOne({
userId, userId,
access: 'auth', access: 'auth',
browser: userAgent, browser: userAgent,
browser_random,
}).lean(); }).lean();
return !!subscription; return !!subscription;

7
src/services/RegistrationService.js
View File

@@ -215,16 +215,18 @@ class RegistrationService {
const myuser = await User.findOne({ _id: existingUser._id }); const myuser = await User.findOne({ _id: existingUser._id });
if (myuser) { if (myuser) {
// Ask confirmation from inviter // Ask confirmation from inviter
await telegrambot.askConfirmationUser(myuser.idapp, shared_consts.CallFunz.REGISTRATION, myuser); await telegrambot.askConfirmationUser(myuser.idapp, shared_consts.CallFunz.REGISTRATION, myuser);
const { token, refreshToken } = await myuser.generateAuthToken(req); const { token, refreshToken, browser_random } = await myuser.generateAuthToken(req);
return { return {
error: false, error: false,
token, token,
refreshToken, refreshToken,
browser_random,
user: myuser, user: myuser,
}; };
} }
@@ -255,7 +257,7 @@ class RegistrationService {
} }
// Generate tokens // Generate tokens
const { token, refreshToken } = await savedUser.generateAuthToken(req); const { token, refreshToken, browser_random } = await savedUser.generateAuthToken(req);
if (!savedUser.verified_by_aportador) { if (!savedUser.verified_by_aportador) {
// Send confirmation request to inviter // Send confirmation request to inviter
@@ -278,6 +280,7 @@ class RegistrationService {
error: false, error: false,
token, token,
refreshToken, refreshToken,
browser_random,
user: savedUser, user: savedUser,
}; };
} }