First Commit FreePlanet_ServerSide

server/config/config.js

@@ -0,0 +1,20 @@
+// still in app.js
+const node_env = process.env.NODE_ENV || 'development';
+var file = `.env.${node_env}`;
+
+// GLOBALI (Uguali per TUTTI)
+process.env.LINKVERIF_REG = '/vreg';
+process.env.LINK_REQUEST_NEWPASSWORD = '/requestnewpwd';
+process.env.LINK_UPDATE_PASSWORD = '/updatepwd';
+process.env.NOME_APP1 = 'FreePlanet';
+process.env.KEY_APP_ID='KKPPAA5KJK435J3KSS9F9D8S9F8SD98F9SDF';
+
+
+process.env.SEND_EMAIL = '1';
+
+console.log("FILE : " + file);
+require('dotenv').config({path: file});
+
+process.env.DATABASE = process.env.DATABASE || 'FreePlanet';
+
+process.env.MONGODB_URI = process.env.DOMAIN + process.env.DATABASE;

server/db/mongoose.js

@@ -0,0 +1,10 @@
+var mongoose = require('mongoose');
+
+mongoose.Promise = global.Promise;
+mongoose.connect(process.env.MONGODB_URI, { useMongoClient: true, promiseLibrary: require('bluebird') })
+  .then(() =>
+    console.log('connection succesful ' + process.env.MONGODB_URI + ' db: ' + process.env.DATABASE)
+  )
+  .catch((err) => console.error(err));
+
+module.exports = {mongoose};

server/locales/en.json

@@ -0,0 +1,7 @@
+{
+  "L'Email è già stata Verificata.": "Email was already verified",
+  "Email Verificata!": "Email Verified!",
+
+
+  "a": "a"
+}

server/locales/it.json

@@ -0,0 +1,6 @@
+{
+  "L'Email è già stata Verificata.": "L'Email è già stata Verificata.",
+  "Email Verificata!": "Email Verificata!",
+
+  "a": "a"
+}

server/middleware/authenticate.js

@@ -0,0 +1,21 @@
+var {User} = require('./../models/user');
+
+var authenticate = (req, res, next) => {
+  var token = req.header('x-auth');
+
+  console.log("TOKEN = " + token);
+
+  User.findByToken(token).then((user) => {
+    if (!user) {
+      return Promise.reject();
+    }
+
+    req.user = user;
+    req.token = token;
+    next();
+  }).catch((e) => {
+    res.status(401).send();
+  });
+};
+
+module.exports = {authenticate};

server/models/todo.js

@@ -0,0 +1,20 @@
+var mongoose = require('mongoose');
+
+var Todo = mongoose.model('Todo', {
+  text: {
+    type: String,
+    required: true,
+    minlength: 1,
+    trim: true
+  },
+  completed: {
+    type: Boolean,
+    default: false
+  },
+  completedAt: {
+    type: Number,
+    default: null
+  }
+});
+
+module.exports = {Todo};

server/models/user.js

@@ -0,0 +1,218 @@
+
+var bcrypt = require('bcrypt');
+
+const mongoose = require('mongoose');
+const validator = require('validator');
+const jwt = require('jsonwebtoken');
+const _ = require('lodash');
+
+
+var UserSchema = new mongoose.Schema({
+  email: {
+    type: String,
+    required: true,
+    trim: true,
+    minlength: 1,
+    unique: true,
+    validate: {
+      validator: validator.isEmail,
+      message: '{VALUE} is not a valid email'
+    }
+  },
+  idapp: {
+    type: Number,
+    required: true,
+  },
+  username: {
+    type: String,
+    required: true,
+    trim: true,
+    minlength: 6,
+    unique: true,
+  },
+  password: {
+    type: String,
+    require: true,
+    minlength: 6,
+  },
+  lang: {
+    type: String,
+    require: true,
+  },
+  linkreg: {
+    type: String,
+    required: true
+  },
+  verified_email: {
+    type: Boolean,
+  },
+  tokens: [{
+    access: {
+      type: String,
+      required: true
+    },
+    token: {
+      type: String,
+      required: true
+    }
+  }],
+  date_tokenforgot: {
+    type: Date
+  },
+  tokenforgot: {
+    type: String,
+  },
+
+});
+
+UserSchema.methods.toJSON = function () {
+  var user = this;
+  var userObject = user.toObject();
+
+  return _.pick(userObject, ['_id', 'email', 'verified_email', 'username']);
+};
+
+UserSchema.methods.generateAuthToken = function () {
+  console.log("GENERA TOKEN : ");
+  var user = this;
+  var access = 'auth';
+  var token = jwt.sign({_id: user._id.toHexString(), access}, process.env.SIGNCODE).toString();
+
+  // CANCELLA I PRECEDENTI !
+  user.tokens = [];
+  user.tokens.push({access, token});
+
+  return user.save().then(() => {
+    //console.log("TOKEN USCITA : " + token)
+    return token;
+  });
+};
+
+UserSchema.statics.findByToken = function (token) {
+  var User = this;
+  var decoded;
+
+  try {
+    decoded = jwt.verify(token, process.env.SIGNCODE);
+  } catch (e) {
+    return Promise.reject();
+  }
+
+  return User.findOne({
+    '_id': decoded._id,
+    'tokens.token': token,
+    'tokens.access': 'auth'
+  });
+};
+
+UserSchema.statics.findByCredentials = function (username, password) {
+  var User = this;
+  var pwd = "";
+
+  return User.findOne({username: username}).then((user) => {
+    if (!user) {
+      return null;
+    }
+    pwd = user.password;
+
+    return new Promise((resolve, reject) => {
+      // Use bcrypt.compare to compare password and user.password
+      console.log("pwd1 " + password);
+      console.log("pwd2 " + pwd);
+      bcrypt.compare(password, pwd, (err, res) => {
+        if (res) {
+          resolve(user);
+        } else {
+          return resolve(null);
+        }
+      });
+    });
+  });
+};
+
+
+
+UserSchema.statics.findByUsername = function (username) {
+  var User = this;
+
+  return User.findOne({
+    'username': username,
+  });
+};
+
+UserSchema.statics.findByLinkreg = function (idapp, linkreg) {
+  var User = this;
+
+  return User.findOne({
+    'linkreg': linkreg,
+    'idapp': idapp,
+  });
+};
+
+UserSchema.statics.findByLinkTokenforgot = function (idapp, email, tokenforgot) {
+  var User = this;
+
+  return User.findOne({
+    'email': email,
+    'tokenforgot': tokenforgot,
+    'date_tokenforgot': { $gte: new Date(ISODate().getTime() - 1000 * 60 * 60 * 4) } ,  // 4 ore fa!
+    'idapp': idapp,
+  });
+};
+
+
+UserSchema.statics.findByEmail = function (email) {
+  var User = this;
+
+  return User.findOne({
+    'email': email,
+  });
+};
+
+UserSchema.pre('save', function (next) {
+  var user = this;
+
+  /*
+  if (user.isModified('password')) {
+    bcrypt.genSalt(10, (err, salt) => {
+      bcrypt.hash(user.password, salt, (err, hash) => {
+        user.password = hash;
+        next();
+      });
+    });
+  } else {
+    next();
+  }
+  */
+  next();
+});
+
+UserSchema.methods.removeToken = function (token) {
+  var user = this;
+
+  return user.update({
+    $pull: {
+      tokens: {token}
+    }
+  });
+};
+
+
+var User = mongoose.model('User', UserSchema);
+
+class Hero {
+  constructor(name, level) {
+    this.name = name;
+    this.level = level;
+  }
+
+  // Adding a method to the constructor
+  greet() {
+    return `${this.name} says hello.`;
+  }
+}
+
+
+module.exports = {User, Hero};
+
+

server/reg/registration.js

@@ -0,0 +1,18 @@
+const jwt = require('jsonwebtoken');
+
+function toHexString(bytes) {
+  return Array.from(bytes, byte =>
+    ("00" + (byte & 0xFF).toString(16)).slice(-2)
+  ).join('');
+}
+
+module.exports = {
+  getlinkregByEmail: function (email, username) {
+    try{
+      mystr = email + username;
+    return jwt.sign(toHexString(mystr), process.env.SIGNCODE).toString();
+    } catch (e) {
+      console.error(e);
+    }
+  },
+};

server/sendemail.js

@@ -0,0 +1,135 @@
+var tools = require('./tools/general');
+
+const Email = require('email-templates');
+
+var i18n = require("i18n");
+
+
+const previewEmail = require('preview-email');
+var nodemailer = require("nodemailer");
+
+const transport_preview = nodemailer.createTransport({
+  jsonTransport: true
+});
+
+// create reusable transport method (opens pool of SMTP connections)
+var smtpTransport = nodemailer.createTransport({
+  service: 'Gmail',
+  auth: {
+    user: process.env.EMAIL_FROM,
+    pass: process.env.EMAIL_PW
+  }
+});
+
+function checkifSendEmail() {
+  //return process.env.SEND_EMAIL === "1";
+  return false;
+}
+
+module.exports = {
+  sendEmail_base: function (template, username, to, mylocalsconf) {
+
+    console.log("check EMAIL :" + checkifSendEmail());
+
+    const email = new Email({
+      message: {
+        from: process.env.EMAIL_FROM, // sender address
+      },
+      send: checkifSendEmail(),
+      preview: !checkifSendEmail(),
+      transport: {
+        service: 'Gmail',
+        auth: {
+          user: process.env.EMAIL_FROM,
+          pass: process.env.EMAIL_PW
+        }
+      },
+    });
+
+    email
+      .send({
+        template: template,
+        message: {
+          to: to,
+        },
+        locals: mylocalsconf,
+      })
+      .then(console.log)
+      .catch(console.error);
+  },
+  sendEmail_Normale: function (username, to, subject, html) {
+
+    // setup e-mail data with unicode symbols
+    var mailOptions = {
+      from: process.env.EMAIL_FROM, // sender address
+      to: to,
+      generateTextFromHTML: true,
+      subject: subject,
+      html: html,
+    };
+
+    if (process.env.SEND_EMAIL === 1) {
+      console.log("SEND EMAIL smtpTransport");
+// send mail with defined transport object
+      smtpTransport.sendMail(mailOptions, function (error, response) {
+        if (error) {
+          console.log(error);
+        } else {
+          console.log("Message sent: " + response);
+        }
+      });
+    } else {
+      if (process.env.PROVA_EMAIL_TEMPLATE !== "1")
+        previewEmail(mailOptions).then(console.log).catch(console.error);
+      else
+        transport_preview.sendMail(mailOptions).then(console.log).catch(console.error);
+    }
+  },
+  getHostByIdApp: function (idapp) {
+    if (idapp === 1) {
+      return process.env.URLBASE_APP1 + ':' + process.env.PORT_APP1;
+    }else{
+      return ""
+    }
+  },
+  getNomeAppByIdApp: function (idapp) {
+    if (idapp === 1) {
+      return process.env.NOME_APP1;
+    }
+  },
+  getlinkReg: function (idapp, idreg) {
+    strlinkreg = this.getHostByIdApp(idapp) + "/#" + process.env.LINKVERIF_REG + `?idapp=${idapp}&idlink=${idreg}`;
+    return strlinkreg;
+  },
+  getlinkRequestNewPassword: function (idapp, user, tokenforgot) {
+    strlinkreg = this.getHostByIdApp(idapp) + "/#" + process.env.LINK_REQUEST_NEWPASSWORD + `?idapp=${idapp}&username=${user}&=tokenforgot=${tokenforgot}`;
+    return strlinkreg;
+  },
+  sendEmail_Registration: function (lang, emailto, user, idapp, idreg) {
+
+    mylocalsconf = {
+      locale: lang,
+      nomeapp: this.getNomeAppByIdApp(idapp),
+      strlinkreg: this.getlinkReg(idapp, idreg),
+      user: user,
+      forgetpwd: "",
+      emailto: emailto,
+    };
+
+    this.sendEmail_base('registration/' + lang, user, emailto, mylocalsconf);
+  },
+  sendEmail_RequestNewPassword: function (lang, emailto, idapp, tokenforgot) {
+
+    mylocalsconf = {
+      locale: lang,
+      nomeapp: this.getNomeAppByIdApp(idapp),
+      user: user,
+      strlinksetpassword: this.getlinkRequestNewPassword(idapp, user, tokenforgot),
+      emailto: emailto,
+    };
+
+    this.sendEmail_base('resetpwd/' + lang, user, emailto, mylocalsconf);
+  },
+
+};
+

server/server.js

@@ -0,0 +1,281 @@
+require('./config/config');
+
+const _ = require('lodash');
+const cors = require('cors');
+var express = require('express'),
+  i18n = require("i18n");
+
+
+console.log("DB: " + process.env.DATABASE);
+console.log("PORT: " + process.env.PORT);
+console.log("MONGODB_URI: " + process.env.MONGODB_URI);
+
+const bodyParser = require('body-parser');
+const {ObjectID} = require('mongodb');
+
+var {mongoose} = require('./db/mongoose');
+var {Todo} = require('./models/todo');
+var {User} = require('./models/user');
+var {authenticate} = require('./middleware/authenticate');
+
+var sendemail = require('./sendemail');
+var reg = require('./reg/registration');
+var tools = require('./tools/general');
+var server_constants = require('./tools/server_constants');
+
+var app = express();
+
+var bcrypt = require('bcrypt');
+
+i18n.configure({
+  locales: ['it', 'en'],
+  directory: __dirname + '/locales'
+});
+
+
+app.use(cors({
+  exposedHeaders: ['x-auth'],
+}));
+
+const port = process.env.PORT;
+
+app.use(bodyParser.json());
+
+app.use(i18n.init);
+
+function getlang(res) {
+  return res.locale;
+}
+
+app.post(process.env.LINKVERIF_REG, (req, res) => {
+  var body = _.pick(req.body, ['idapp', 'idlink']);
+  var idapp = body.idapp;
+  var idlink = body.idlink;
+  console.log("POST " + process.env.LINKVERIF_REG + " idapp= " + idapp + " idlink = " + idlink);
+
+  // Cerco l'idlink se è ancora da Verificare
+
+  User.findByLinkreg(idapp, idlink).then((user) => {
+    if (!user) {
+      //console.log("NON TROVATO!");
+      return res.status(404).send();
+    } else {
+      if (user.verified_email) {
+        res.send({
+          code: server_constants.RIS_CODE_EMAIL_ALREADY_VERIFIED,
+          msg: res.__("L'Email è già stata Verificata.")
+        });
+      } else {
+        user.verified_email = true;
+        user.save().then(() => {
+          //console.log("TROVATOOOOOO!");
+          res.send({code: server_constants.RIS_CODE_EMAIL_VERIFIED, msg: res.__('Email Verificata!')});
+        });
+      }
+    }
+  }).catch((e) => {
+    console.log(e);
+    res.status(400).send();
+  });
+
+});
+
+
+
+// Faccio richiesta di una Nuova Password
+app.post(process.env.LINK_REQUEST_NEWPASSWORD, (req, res) => {
+  var body = _.pick(req.body, ['idapp', 'email']);
+  var idapp = body.idapp;
+  var email = body.email;
+  console.log("POST " + process.env.LINK_REQUEST_NEWPASSWORD + " idapp= " + idapp + " email = " + email);
+
+  User.findByEmail(idapp, email).then((user) => {
+    if (!user) {
+      return res.status(404).send();
+    } else {
+      // Creo il tokenforgot
+      user.tokenforgot = jwt.sign(user._id.toHexString(), process.env.SIGNCODE).toString();
+      user.date_tokenforgot = new Date();
+      user.save().then(() => {
+        sendemail.sendEmail_RequestNewPassword(getlang(res), user.email, user.idapp, user.tokenforgot);
+        res.send({code: server_constants.RIS_CODE_OK, msg: ''});
+      });
+    }
+  }).catch((e) => {
+    console.log(e);
+    res.status(400).send();
+    res.send({code: server_constants.RIS_CODE_ERR, msg: e});
+  });
+
+});
+
+// Invio la Nuova Password richiesta dal reset!
+// Ritorna il token per poter effettuare le chiamate...
+app.post(process.env.LINK_UPDATE_PASSWORD, (req, res) => {
+  var body = _.pick(req.body, ['idapp', 'email', 'tokenforgot', 'password']);
+  var idapp = body.idapp;
+  var email = body.email;
+  var tokenforgot = body.tokenforgot;
+  var password = body.password;
+  console.log("POST " + process.env.LINK_UPDATE_PASSWORD + " idapp= " + idapp + " email = " + email + " tokenforgot = " + tokenforgot);
+
+  User.findByLinkTokenforgot(idapp, email, tokenforgot).then((user) => {
+    if (!user) {
+      return res.status(404).send();
+    } else {
+      // aggiorna la nuova password
+      user.password = password;
+
+      // Crea token
+      token = user.generateAuthToken();
+
+      user.tokenforgot = '';  // Svuota il tokenforgot perché non ti servirà più...
+
+      // Salva lo User
+      user.save().then(() => {
+        res.header('x-auth', token).send(user);   // Ritorna il token di ritorno
+      });
+    }
+  }).catch((e) => {
+    console.log(e);
+    res.status(400).send();
+  });
+
+});
+
+// POST /users
+app.post('/users', (req, res) => {
+  console.log("POST /users");
+  var body = _.pick(req.body, ['email', 'password', 'username', 'idapp', 'keyappid', 'lang']);
+  var user = new User(body);
+
+  console.log("LANG PASSATO = " + user.lang);
+  console.log("IDAPP = " + user.idapp);
+
+  user.linkreg = reg.getlinkregByEmail(body.email, body.username);
+  user.verified_email = false;
+
+  user.save().then(() => {
+    User.findByUsername(user.username)
+      .then((usertrovato) => {
+        //console.log("USERNAME : " + user.username);
+        //console.log("TROVATO USERNAME ? " + usertrovato);
+        if (usertrovato !== null) {
+          //console.log("Non esiste ancora");
+          // Non esiste ancora, allora genero il TOKEN !
+          return user.generateAuthToken();
+        } else {
+          //console.log("Esiste già! Quindi non creo lo user.");
+          // Esiste già! Quindi non creo lo user.
+          res.status(11100).send();
+          return 0;
+        }
+      }).then((token) => {
+      // passo il token in x-auth
+      //console.log("USER");
+      //console.log(user);
+      console.log("TOKEN: ");
+      console.log(token);
+      res.header('x-auth', token).send(user);
+
+      console.log("LINKREG = " + user.linkreg);
+      // Invia un'email all'utente
+      sendemail.sendEmail_Registration(getlang(res), user.email, user.username, user.idapp, user.linkreg);
+    });
+  }).catch((e) => {
+    res.status(400).send(e);
+  })
+});
+
+app.get('/users/:username', (req, res) => {
+  var username = req.params.username;
+
+  User.findByUsername(username).then((user) => {
+    if (!user) {
+      return res.status(404).send();
+    }
+    res.status(200).send();
+  }).catch((e) => {
+    res.status(400).send();
+  });
+});
+
+app.get('/email/:email', (req, res) => {
+  var email = req.params.email;
+
+  User.findByEmail(email).then((user) => {
+    if (!user) {
+      return res.status(404).send();
+    }
+    res.status(200).send();
+  }).catch((e) => {
+    res.status(400).send();
+  });
+});
+
+app.post('/users/login', (req, res) => {
+  var body = _.pick(req.body, ['username', 'password', 'idapp', 'keyappid', 'lang']);
+  var user = new User(body);
+
+  console.log("user: " + user.username + " pwd = " + user.password);
+
+  if (body.keyappid !== process.env.KEY_APP_ID)
+    // Se non faccio la richesa con la IDAPP giusta, allora esco!
+    return res.status(400).send();
+
+
+  User.findByCredentials(user.username, user.password)
+    .then((user) => {
+      console.log("CREDENZIALI ! ");
+      if (!user) {
+        console.log("NOT FOUND !");
+        res.status(404).send({code: server_constants.RIS_CODE_LOGIN_ERR});
+      } else {
+        return user.generateAuthToken().then((token) => {
+          var usertosend = User();
+          usertosend.username = user.username;
+          usertosend.email = user.email;
+          usertosend._id = user._id;
+          usertosend.verified_email = user.verified_email;
+          console.log("user.verified_email:" + user.verified_email);
+
+          console.log("usertosend:");
+          console.log(usertosend);
+          res.header('x-auth', token).send(usertosend);
+          console.log("TROVATOOO!");
+        });
+      }
+    }).catch((e) => {
+      console.log("ERR: " + e);
+      res.status(400).send({code: server_constants.RIS_CODE_LOGIN_ERR_GENERIC});
+  });
+});
+
+app.delete('/users/me/token', authenticate, (req, res) => {
+  console.log("TOKENREM = " + req.token);
+  req.user.removeToken(req.token).then(() => {
+    res.status(200).send();
+  }, () => {
+    res.status(400).send();
+  });
+});
+
+app.listen(port, () => {
+  console.log(`Server started at port ${port}`);
+});
+
+module.exports = {app};
+
+if (process.env.TEST_ATTIVO) {
+  eseguitest();
+}
+
+function eseguitest() {
+
+  if (true){
+    console.log("ESEGUI I TEST:");
+    console.log("linkreg = " + sendemail.getlinkReg(1, "myusername"));
+  }
+
+  //sendemail.sendEmail_Registration("en", "paolo.arena77@gmail.com", "paoloar77", "miapwd", 1, "http://provalink.com");
+}

server/tools/general.js

@@ -0,0 +1,7 @@
+var os = require("os");
+
+module.exports = {
+  getHostname: function () {
+    return os.hostname()
+  }
+};

server/tools/server_constants.js

@@ -0,0 +1,10 @@
+module.exports = Object.freeze({
+  RIS_CODE_ERR: -99,
+  RIS_CODE_EMAIL_ALREADY_VERIFIED: -5,
+  RIS_CODE_EMAIL_VERIFIED: 1,
+  RIS_CODE_OK: 1,
+
+  RIS_CODE_LOGIN_ERR_GENERIC: -20,
+  RIS_CODE_LOGIN_ERR: -10,
+  RIS_CODE_LOGIN_OK: 1,
+});