From c5a19f2d70b487888de229e4331490655afba11a Mon Sep 17 00:00:00 2001 From: Paolo Arena Date: Sun, 13 Oct 2019 20:44:05 +0200 Subject: [PATCH] - Finished Booking an Event - Starting UsersList (creating CGridTableRec component to view and edit a db table) --- server/models/user.js | 67 +++++++++++++++++++++++++++-------- server/reg/registration.js | 4 +-- server/router/email_router.js | 5 +-- server/router/index_router.js | 13 +++++-- server/router/users_router.js | 49 ++++++++++++++++++++++--- server/tools/general.js | 6 ++++ server/tools/shared_nodejs.js | 7 ++++ 7 files changed, 125 insertions(+), 26 deletions(-) create mode 100644 server/tools/shared_nodejs.js diff --git a/server/models/user.js b/server/models/user.js index 25cc44b..2ba44a6 100644 --- a/server/models/user.js +++ b/server/models/user.js @@ -25,7 +25,7 @@ var UserSchema = new mongoose.Schema({ required: true, trim: true, minlength: 1, - unique: true, + unique: false, /*validate: { validator: validator.isEmail, message: '{VALUE} is not a valid email' @@ -40,7 +40,7 @@ var UserSchema = new mongoose.Schema({ required: true, trim: true, minlength: 6, - unique: true, + unique: false, }, name: { type: String, @@ -83,6 +83,13 @@ var UserSchema = new mongoose.Schema({ type: Date }, }], + perm: { + type: Number + }, + date_reg: { + type: Date, + default: Date.now() + }, date_tokenforgot: { type: Date }, @@ -96,7 +103,7 @@ UserSchema.methods.toJSON = function () { var user = this; var userObject = user.toObject(); - return _.pick(userObject, ['_id', 'email', 'verified_email', 'username', 'userId', 'name', 'surname']); + return _.pick(userObject, ['_id', 'email', 'verified_email', 'idapp', 'username', 'userId', 'name', 'surname', 'perm']); }; UserSchema.methods.generateAuthToken = function (req) { @@ -106,10 +113,10 @@ UserSchema.methods.generateAuthToken = function (req) { const useragent = req.get('User-Agent'); tools.mylog("GENERATE USER-AGENT = ", useragent); - var access = 'auth'; + const access = 'auth'; const browser = useragent; - var token = jwt.sign({ _id: user._id.toHexString(), access }, process.env.SIGNCODE).toString(); - var date_login = new Date(); + const token = jwt.sign({ _id: user._id.toHexString(), access }, process.env.SIGNCODE).toString(); + const date_login = new Date(); // CANCELLA IL PRECEDENTE ! user.tokens = user.tokens.filter(function (tok) { @@ -127,9 +134,30 @@ UserSchema.methods.generateAuthToken = function (req) { }); }; +UserSchema.statics.setPermissionsById = function (id, perm) { + const user = this; + + return user.findByIdAndUpdate(id, { $set: { perm } }).then((user) => { + if (user) + return res.send({ code: server_constants.RIS_CODE_OK, msg: '' }); + else + return res.send({ code: server_constants.RIS_CODE_ERR, msg: '' }); + }); + +}; + +UserSchema.statics.isAdmin = function (user) { + try { + const ris = ((user.perm & tools.Permissions.Admin) === 1); + return ris; + }catch (e) { + return false + } +}; + UserSchema.statics.findByToken = function (token, typeaccess) { - var User = this; - var decoded; + const User = this; + let decoded; try { decoded = jwt.verify(token, process.env.SIGNCODE); @@ -160,14 +188,14 @@ UserSchema.statics.findByTokenAnyAccess = function (token) { }); }; -UserSchema.statics.findByCredentials = function (username, password) { +UserSchema.statics.findByCredentials = function (idapp, username, password) { var User = this; var pwd = ""; - return User.findOne({ username: username }).then((user) => { + return User.findOne({ idapp, username: username }).then((user) => { if (!user) { // Check if with email: - return User.findOne({ email: username }) + return User.findOne({ idapp, email: username }) } else { return user } @@ -193,10 +221,11 @@ UserSchema.statics.findByCredentials = function (username, password) { }; -UserSchema.statics.findByUsername = function (username) { - var User = this; +UserSchema.statics.findByUsername = function (idapp, username) { + const User = this; return User.findOne({ + 'idapp': idapp, 'username': username, }); }; @@ -222,10 +251,11 @@ UserSchema.statics.findByLinkTokenforgot = function (idapp, email, tokenforgot) }; -UserSchema.statics.findByEmail = function (email) { +UserSchema.statics.findByEmail = function (idapp, email) { var User = this; return User.findOne({ + 'idapp': idapp, 'email': email, }); }; @@ -249,7 +279,7 @@ UserSchema.pre('save', function (next) { }); UserSchema.methods.removeToken = function (token) { - var user = this; + const user = this; return user.update({ $pull: { @@ -258,6 +288,13 @@ UserSchema.methods.removeToken = function (token) { }); }; +UserSchema.statics.getUsersList = function (idapp) { + const User = this; + + return User.find({ 'idapp': idapp }, { username: 1, name: 1, surname: 1, verified_email: 1, perm:1, email: 1 }) + +}; + var User = mongoose.model('User', UserSchema); diff --git a/server/reg/registration.js b/server/reg/registration.js index e2ec482..7d7ad3e 100644 --- a/server/reg/registration.js +++ b/server/reg/registration.js @@ -7,9 +7,9 @@ function toHexString(bytes) { } module.exports = { - getlinkregByEmail: function (email, username) { + getlinkregByEmail: function (idapp, email, username) { try{ - mystr = email + username; + mystr = idapp + email + username; return jwt.sign(toHexString(mystr), process.env.SIGNCODE).toString(); } catch (e) { console.error(e); diff --git a/server/router/email_router.js b/server/router/email_router.js index 171a7a1..afc5810 100644 --- a/server/router/email_router.js +++ b/server/router/email_router.js @@ -3,10 +3,11 @@ const router = express.Router(); var {User} = require('../models/user'); -router.get('/:email', (req, res) => { +router.get('/:email/:idapp', (req, res) => { var email = req.params.email; + const idapp = req.params.idapp; - User.findByEmail(email).then((user) => { + User.findByEmail(idapp, email).then((user) => { if (!user) { return res.status(404).send(); } diff --git a/server/router/index_router.js b/server/router/index_router.js index 9797657..25dab31 100644 --- a/server/router/index_router.js +++ b/server/router/index_router.js @@ -93,12 +93,21 @@ router.get(process.env.LINK_CHECK_UPDATES, authenticate, (req, res) => { // ++Todo: Add to Log Stat .... + if (req.user) { + // If User is Admin, then send user Lists + if (User.isAdmin(req.user)) { + // Send UsersList + return User.getUsersList(req.user.idapp).then(usersList => { + return res.send({ cfgServer: arrcfgrec, usersList }); + }) + } + } + res.send({ cfgServer: arrcfgrec }); }).catch((e) => { console.log(e); - res.status(400).send(); - res.send({ code: server_constants.RIS_CODE_ERR, msg: e }); + res.status(400).send({ code: server_constants.RIS_CODE_ERR, msg: e }); }); }); diff --git a/server/router/users_router.js b/server/router/users_router.js index 6a29347..c6f76ae 100644 --- a/server/router/users_router.js +++ b/server/router/users_router.js @@ -6,6 +6,7 @@ var { User } = require('../models/user'); var sendemail = require('../sendemail'); const tools = require('../tools/general'); +const shared_consts = require('../tools/shared_nodejs'); var server_constants = require('../tools/server_constants'); @@ -37,14 +38,14 @@ router.post('/', (req, res) => { // tools.mylog("LANG PASSATO = " + user.lang, "IDAPP", user.idapp); - user.linkreg = reg.getlinkregByEmail(body.email, body.username); + user.linkreg = reg.getlinkregByEmail(body.idapp, body.email, body.username); user.verified_email = false; if (tools.testing()) { user.verified_email = true; } user.save().then(() => { - User.findByUsername(user.username) + User.findByUsername(user.idapp, user.username) .then((usertrovato) => { tools.mylog("TROVATO USERNAME ? ", user.username, usertrovato); @@ -72,10 +73,11 @@ router.post('/', (req, res) => { }) }); -router.get('/:username', (req, res) => { +router.get('/:username/:idapp', (req, res) => { var username = req.params.username; + const idapp = req.params.idapp; - User.findByUsername(username).then((user) => { + User.findByUsername(idapp, username).then((user) => { if (!user) { return res.status(404).send(); } @@ -85,6 +87,31 @@ router.get('/:username', (req, res) => { }); }); +router.patch('/:id', authenticate, (req, res) => { + const id = req.params.id; + const body = _.pick(req.body.user, shared_consts.fieldsUserToChange()); + + tools.mylogshow('PATCH USER: ', id); + + if (!User.isAdmin(req.user)) { + // If without permissions, exit + return res.status(404).send(); + } + + User.findByIdAndUpdate(id, { $set: body }).then((user) => { + tools.mylogshow(' USER TO MODIFY: ', user); + if (!user) { + return res.status(404).send(); + } else { + res.send({ code: server_constants.RIS_CODE_OK, msg: '' }); + } + + }).catch((e) => { + tools.mylogserr('Error patch USER: ', e); + res.status(400).send(); + }) +}); + router.post('/login', (req, res) => { var body = _.pick(req.body, ['username', 'password', 'idapp', 'keyappid', 'lang']); @@ -100,7 +127,7 @@ router.post('/login', (req, res) => { let resalreadysent = false; - User.findByCredentials(user.username, user.password) + User.findByCredentials(user.idapp, user.username, user.password) .then((user) => { tools.mylog("CREDENZIALI ! "); if (!user) { @@ -119,6 +146,7 @@ router.post('/login', (req, res) => { usertosend.email = user.email; usertosend.userId = user._id.toHexString(); usertosend.verified_email = user.verified_email; + usertosend.idapp = user.idapp; // tools.mylog("user.verified_email:" + user.verified_email); tools.mylog("usertosend.userId", usertosend.userId); @@ -171,4 +199,15 @@ router.delete('/me/token', authenticate, (req, res) => { }); }); +router.post('/setperm', authenticate, (req, res) => { + const body = _.pick(req.body, ['idapp', 'username', 'perm']); + tools.mylog("SETPERM = " + req.token); + + User.setPermissionsById(res.user._id, body).then(() => { + res.status(200).send(); + }, () => { + res.status(400).send(); + }); +}); + module.exports = router; diff --git a/server/tools/general.js b/server/tools/general.js index 8182540..a447b2c 100644 --- a/server/tools/general.js +++ b/server/tools/general.js @@ -32,6 +32,12 @@ module.exports = { MAX_PHASES: 5, FIRST_PROJ: '__PROJECTS', EXECUTE_CALCPROJ: true, + + Permissions: { + Normal: 0, + Admin: 1, + }, + getHostname: function () { return os.hostname() }, diff --git a/server/tools/shared_nodejs.js b/server/tools/shared_nodejs.js new file mode 100644 index 0000000..23d6b77 --- /dev/null +++ b/server/tools/shared_nodejs.js @@ -0,0 +1,7 @@ +module.exports = { + + fieldsUserToChange() { + return ['username', 'email', 'name', 'surname', 'perm', 'date_reg'] + } + +};