diff --git a/src/server/models/user.js b/src/server/models/user.js index 70fc370..c490913 100755 --- a/src/server/models/user.js +++ b/src/server/models/user.js @@ -133,6 +133,9 @@ const UserSchema = new mongoose.Schema({ ipaddr: { type: String, }, + banIp: { + type: Boolean, + }, date_reg: { type: Date, }, diff --git a/src/server/router/index_router.js b/src/server/router/index_router.js index 10c0072..f4112eb 100755 --- a/src/server/router/index_router.js +++ b/src/server/router/index_router.js @@ -157,7 +157,7 @@ router.post(process.env.ADD_NEW_SITE, async (req, res) => { console.log('Add New Site: idapp = ', idapp, 'email=', email, 'name=', name); const ris = await User.addNewSite(idapp, body); - + if (ris) { res.send(ris); } else { @@ -168,7 +168,7 @@ router.post(process.env.ADD_NEW_SITE, async (req, res) => { console.log(process.env.ADD_NEW_SITE, e.message); res.status(400).send({ code: server_constants.RIS_CODE_ERR, msg: e }); } - + }); @@ -185,8 +185,10 @@ router.post(process.env.LINK_REQUEST_NEWPASSWORD, async (req, res) => { // Check if too many requests if (await User.tooManyReqPassword(idapp, email, true)) { - console.log(process.env.LINK_REQUEST_NEWPASSWORD, 'TOO MANY REQUESTS !!! EXIT ', email); - res.status(400).send({ code: server_constants.RIS_CODE_ERR, msg: 'TOO MANY REQUESTS' }); + let text = 'Troppe richieste di Password: ' + email; + telegrambot.sendMsgTelegramToTheManagers(idapp, text, true); + console.log(process.env.LINK_REQUEST_NEWPASSWORD, text, email); + res.status(400).send({ code: server_constants.RIS_CODE_ERR, msg: text }); return false; } @@ -307,7 +309,7 @@ router.get('/test1', authenticate_noerror, async (req, res) => { router.post('/settable', authenticate, async (req, res) => { const params = req.body; const mytable = globalTables.getTableByTableName(params.table); - + let mydata = req.body.data; let extrarec = {}; if (mydata && mydata.hasOwnProperty('extrarec')) { @@ -339,7 +341,7 @@ router.post('/settable', authenticate, async (req, res) => { if ((!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm) && !User.isEditor(req.user.perm) && !User.isFacilitatore(req.user.perm)) && - !tools.ModificheConsentite(params.table, fieldsvalue)) { + !tools.ModificheConsentite(req, params.table, fieldsvalue)) { // If without permissions, exit return res.status(404). send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' }); @@ -849,12 +851,16 @@ router.patch('/chval', authenticate, async (req, res) => { // tools.mylogshow('PATCH CHVAL: ', id, fieldsvalue); + req.user.perm = 0; + // If I change my record... - if (((!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm) && - !User.isEditor(req.user.perm) && !User.isFacilitatore(req.user.perm)) && - (req.user._id.toString() !== id) && - (!tools.ModificheConsentite(mydata.table, fieldsvalue))) - && !((mydata.table === 'accounts') && await Account.canEditAccountAdmins(req.user.username, mydata.id)) + if (((!User.isAdmin(req.user.perm) + && !User.isManager(req.user.perm) + && !User.isEditor(req.user.perm) + && !User.isFacilitatore(req.user.perm)) + && (!tools.ModificheConsentite(req, mydata.table, fieldsvalue, id))) + && !((mydata.table === 'accounts') + && await Account.canEditAccountAdmins(req.user.username, mydata.id)) ) { // If without permissions, exit return res.status(404). @@ -1036,7 +1042,7 @@ router.patch('/chval', authenticate, async (req, res) => { } } - if (tools.ModificheConsentite(mydata.table, fieldsvalue)) { + if (tools.ModificheConsentite(req, mydata.table, fieldsvalue)) { let msg = ''; if (mydata.table === 'users') { if ('aportador_solidario' in fieldsvalue) { @@ -1235,7 +1241,7 @@ router.delete('/delrec/:table/:id', authenticate, async (req, res) => { if ((!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm)) && (tablename !== 'extralist') && - !tools.ModificheConsentite(tablename, fields, id, req.user)) { + !tools.ModificheConsentite(req, tablename, fields, id, req.user)) { // If without permissions, exit return res.status(404). send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' }); @@ -1264,7 +1270,7 @@ router.delete('/delrec/:table/:id', authenticate, async (req, res) => { if (!cancellato) { // ELIMINA VERAMENTE IL RECORD !!! - ris = await mytable.deleteOne({_id: id}).then((rec) => { + ris = await mytable.deleteOne({ _id: id }).then((rec) => { if (!rec) { // res.status(404).send(); return false; @@ -1450,7 +1456,7 @@ function load(req, res, version) { try { if (req.user) ismanager = User.isManager(req.user.perm) - } catch(e) { + } catch (e) { } let products = Product.findAllIdApp(idapp, undefined, undefined, ismanager); let productInfos = ProductInfo.findAllIdApp(idapp); @@ -1824,7 +1830,7 @@ function uploadFile(req, res, version) { oldpath = file.newFilename; - + let fromfile = '.' + server_constants.DIR_UPLOAD + '/' + dir + '/' + oldpath; let tofile = '.' + server_constants.DIR_UPLOAD + '/' + dir + '/' + file.originalFilename; let mydircurrent = process.cwd() + '/src/server/router/upload/' + dir; diff --git a/src/server/router/users_router.js b/src/server/router/users_router.js index 87605b4..cf7308c 100755 --- a/src/server/router/users_router.js +++ b/src/server/router/users_router.js @@ -168,7 +168,9 @@ router.post('/', async (req, res) => { user.surname; tools.writeIPToBan(msg); - await telegrambot.sendMsgTelegramToTheAdmin(body.idapp, 'BAN: ' + msg, true); + await User.findOneAndUpdate({ _id: user._id }, { $set: { banIp: true } }); + + await telegrambot.sendMsgTelegramToTheAdmin(body.idapp, '‼️ BAN: ' + msg, true); await tools.snooze(5000); res.status(400). diff --git a/src/server/server.js b/src/server/server.js index d55e16b..ac969da 100755 --- a/src/server/server.js +++ b/src/server/server.js @@ -413,7 +413,7 @@ async function mycron() { } async function mycron_30min() { - for (const app of tools.getApps()) { + for (const app of await tools.getApps()) { let enablecrontab = false; enablecrontab = await Settings.getValDbSettings(app.idapp, @@ -425,6 +425,29 @@ async function mycron_30min() { } } +async function mycron_everyday() { + try { + + const { User } = require('./models/user'); + + const arrapps = await tools.getApps(); + for (const app of arrapps) { + + // Azzera le richieste di password: + const usersblocked = await User.find({ idapp: app.idapp, retry_pwd: { $exists: true, $gte: 29 } }).lean(); + for (const user of usersblocked) { + await User.findOneAndUpdate({ _id: user._id }, { $set: { retry_pwd: 20 } }); + let text = `⚠️⚠️⚠️ L\'utente ${user.username} (${user.name} ${user.surname}) viene sbloccato dal numero massimo di tentativi di richiesta password!\nTelerlo d\'occhio !\n@${user.profile.username_telegram}`; + await telegrambot.sendMsgTelegramToTheAdminAllSites(text, false); + } + + } + } catch (e) { + console.error('mycron_everyday: ', e); + } +} + + function testmsgwebpush() { const { User } = require('./models/user'); @@ -452,7 +475,7 @@ function testmsgwebpush() { cron.schedule('*/1 * * * *', () => { // console.log('Running Cron Job'); // if (!process.env.DEBUG) { - mycron(); + mycron(); // } }); @@ -463,6 +486,11 @@ cron.schedule('*/60 * * * *', async () => { } }); +// Cron every 21:00 (1 volta al giorno) +cron.schedule('0 21 * * *', async () => { + mycron_everyday(); +}); + // mycron_30min(); // tools.writelogfile('test', 'prova.txt'); @@ -489,6 +517,7 @@ async function resetProcessingJob() { async function inizia() { try { + mycron_everyday(); if (process.env.NODE_ENV === 'development') { await telegrambot.sendMsgTelegram(tools.FREEPLANET, diff --git a/src/server/tools/general.js b/src/server/tools/general.js index 97c5bf3..ab1257c 100755 --- a/src/server/tools/general.js +++ b/src/server/tools/general.js @@ -3765,14 +3765,23 @@ module.exports = { return mystr.replace(/\s+/g, ''); }, - ModificheConsentite(table, fieldsvalue, idrec, user) { + ModificheConsentite(req, table, fieldsvalue, idrec, user) { if (table === 'sharewithus') { return true; } + if (table === 'hours') { return true; } if (table === 'users') { + if (idrec && (req.user._id.toString() === idrec)) { + if (Object.keys(fieldsvalue).some(key => key.startsWith('profile.'))) { + return true; + } + if (Object.keys(fieldsvalue).some(key => server_constants.User_Fields.includes(key))) { + return true; + } + } if ('aportador_solidario' in fieldsvalue) { return true; } @@ -4891,7 +4900,7 @@ module.exports = { // console.log(`${city.descr}: Lat ${city.lat}, Long ${city.long}`); return city; } else { - console.error(`Coordinate non trovate per ${city.descr}, ${city.prov}`); + console.error(`Coordinate non trovate per ${city.descr}, ${city.prov}`); } return null; } catch (error) { diff --git a/src/server/tools/server_constants.js b/src/server/tools/server_constants.js index 9eb620b..6efa50f 100755 --- a/src/server/tools/server_constants.js +++ b/src/server/tools/server_constants.js @@ -113,4 +113,11 @@ module.exports = Object.freeze({ TYPE_SUBDIR: 2, }, + User_Fields: [ + 'name', + 'surname', + 'news_on', + 'profile', + ] + });