const express = require('express'); const router = express.Router(), fs = require('fs'), path = require('path'); const jwt = require('jsonwebtoken'); const telegrambot = require('../telegram/telegrambot'); const sendemail = require('../sendemail'); const resizer = require('node-image-resizer'); const sharp = require('sharp'); const {authenticate, authenticate_noerror} = require( '../middleware/authenticate'); const {ObjectID} = require('mongodb'); // const {ListaIngresso} = require('../models/listaingresso'); const {Graduatoria} = require('../models/graduatoria'); const mongoose = require('mongoose').set('debug', false); const cfgserver = mongoose.model('cfgserver'); const uuidv4 = require('uuid/v4'); // I chose v4 ‒ you can select others const ftp = require('../ftp/FTPClient'), formidable = require('formidable'), folder = path.join(__dirname, 'upload'); if (!fs.existsSync(folder)) { fs.mkdirSync(folder); } const _ = require('lodash'); const {User} = require('../models/user'); const {MyGroup} = require('../models/mygroup'); // const { ExtraList } = require('../models/extralist'); const {Booking} = require('../models/booking'); const {Operator} = require('../models/operator'); const {Where} = require('../models/where'); const {MyEvent} = require('../models/myevent'); const {Contribtype} = require('../models/contribtype'); const {PaymentType} = require('../models/paymenttype'); const {Discipline} = require('../models/discipline'); const {Skill} = require('../models/skill'); const {Good} = require('../models/good'); const {SubSkill} = require('../models/subskill'); const {MySkill} = require('../models/myskill'); const {MyGood} = require('../models/mygood'); const {StatusSkill} = require('../models/statusSkill'); const {City} = require('../models/city'); const {Province} = require('../models/province'); const {Sector} = require('../models/sector'); const {SectorGood} = require('../models/sectorgood'); const {CatGrp} = require('../models/catgrp'); const {Level} = require('../models/level'); const {AdType} = require('../models/adtype'); const {AdTypeGood} = require('../models/adtypegood'); const Pickup = require('../models/pickup'); const {Newstosent} = require('../models/newstosent'); const {MyPage} = require('../models/mypage'); const {MyBot} = require('../models/bot'); const {CalZoom} = require('../models/calzoom'); const {Gallery} = require('../models/gallery'); const {TemplEmail} = require('../models/templemail'); const {OpzEmail} = require('../models/opzemail'); const {MailingList} = require('../models/mailinglist'); const {Settings} = require('../models/settings'); const {SendMsg} = require('../models/sendmsg'); const {Permission} = require('../models/permission'); const Producer = require('../models/producer'); const Cart = require('../models/cart'); const OrdersCart = require('../models/orderscart'); const Storehouse = require('../models/storehouse'); const Department = require('../models/department'); const Group = require('../models/group'); const tools = require('../tools/general'); const server_constants = require('../tools/server_constants'); const actions = require('./api/actions'); const shared_consts = require('../tools/shared_nodejs'); const globalTables = require('../tools/globalTables'); const UserCost = { FIELDS_UPDATE_TELEGRAM_BOT: [ 'profile.teleg_id', 'profile.manage_telegram', 'deleted', ], FIELDS_REQUISITI: [ 'verified_email', 'profile.teleg_id', 'profile.saw_and_accepted', 'profile.revolut', 'profile.payeer_id', 'profile.advcash_id', 'profile.link_payment', 'profile.email_paypal', 'profile.paymenttypes'], }; router.post(process.env.LINKVERIF_REG, (req, res) => { const body = _.pick(req.body, ['idapp', 'idlink']); const idapp = body.idapp; const idlink = body.idlink; // console.log("LINKVERIF_REG POST " + process.env.LINKVERIF_REG + " idapp= " + idapp + " idlink = " + idlink); // Cerco l'idlink se è ancora da Verificare User.findByLinkreg(idapp, idlink).then((user) => { if (!user) { //console.log("NON TROVATO!"); return res.status(404).send(); } else { console.log('user', user); if (user.verified_email) { res.send({ code: server_constants.RIS_CODE_EMAIL_ALREADY_VERIFIED, msg: tools.getres__('L\'Email è già stata Verificata', res), }); } else { user.verified_email = true; user.lasttimeonline = new Date(); user.save().then(() => { //console.log("TROVATOOOOOO!"); res.send({ code: server_constants.RIS_CODE_EMAIL_VERIFIED, msg: tools.getres__('EMAIL', res) + ' ' + tools.getres__('VERIF', res), }); }); } } }).catch((e) => { console.log(process.env.LINKVERIF_REG, e.message); res.status(400).send(); }); }); // Faccio richiesta di una Nuova Password router.post(process.env.LINK_REQUEST_NEWPASSWORD, (req, res) => { const body = _.pick(req.body, ['idapp', 'email']); const idapp = body.idapp; const email = body.email.toLowerCase().trim(); console.log( 'POST ' + process.env.LINK_REQUEST_NEWPASSWORD + ' idapp= ' + idapp + ' email = ' + email); User.findByEmail(idapp, email).then(async (user) => { if (!user) { await tools.snooze(5000); return res.status(200). send({code: server_constants.RIS_CODE_EMAIL_NOT_EXIST, msg: ''}); } else { // Creo il tokenforgot user.tokenforgot = jwt.sign(user._id.toHexString(), process.env.SIGNCODE). toString(); user.date_tokenforgot = new Date(); user.lasttimeonline = new Date(); user.save().then(async () => { await sendemail.sendEmail_RequestNewPassword(res.locale, user, user.email, user.idapp, user.tokenforgot); res.send({code: server_constants.RIS_CODE_OK, msg: ''}); }); } }).catch((e) => { console.log(process.env.LINK_REQUEST_NEWPASSWORD, e.message); res.status(400).send(); res.send({code: server_constants.RIS_CODE_ERR, msg: e}); }); }); // Invio la Nuova Password richiesta dal reset! // Ritorna il token per poter effettuare le chiamate... router.post(process.env.LINK_UPDATE_PWD, (req, res) => { const body = _.pick(req.body, ['idapp', 'email', 'tokenforgot', 'password']); const idapp = body.idapp; const email = body.email.toLowerCase().trim(); const tokenforgot = body.tokenforgot; const password = body.password; const msg = 'Richiesta Nuova Password: idapp= ' + idapp + ' email = ' + email; console.log(msg); // telegrambot.sendMsgTelegramToTheManagers(body.idapp, msg); User.findByLinkTokenforgot(idapp, email, tokenforgot).then((user) => { if (!user) { return res.send( {code: server_constants.RIS_CODE_TOKEN_RESETPASSWORD_NOT_FOUND}); } else { // aggiorna la nuova password user.password = password; user.lasttimeonline = new Date(); // Crea token user.generateAuthToken(req).then(token => { user.tokenforgot = ''; // Svuota il tokenforgot perché non ti servirà più... // Salva lo User user.save().then(() => { res.header('x-auth', token). send({code: server_constants.RIS_CODE_OK}); // Ritorna il token di ritorno }); }); } }).catch((e) => { console.log(process.env.LINK_UPDATE_PWD, e.message); res.status(400).send(); }); }); router.post('/testServer', authenticate_noerror, (req, res) => { try { const test = req.body.test; let ris = {test}; if (req.user) { tools.sendNotificationToUser(req.user._id, 'Test Server', 'Test Server OK', '/', '', 'server', []); } return res.send(ris); } catch (e) { console.error('testServer', e.message); return res.status(400).send(e); } }); router.post('/settable', authenticate, async (req, res) => { const params = req.body; const mytable = globalTables.getTableByTableName(params.table); const mydata = req.body.data; const fieldsvalue = {'ALL': 1}; mydata.idapp = req.user.idapp; let consentito = false; try { if (User.isAdmin(req.user.perm) || User.isManager(req.user.perm) || User.isEditor(req.user.perm) || User.isTutor(req.user.perm)) { consentito = true; } if ((!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm) && !User.isEditor(req.user.perm) && !User.isTutor(req.user.perm)) && !tools.ModificheConsentite(params.table, fieldsvalue)) { // If without permissions, exit return res.status(404). send({code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: ''}); } if (shared_consts.TABLES_USER_ID.includes(params.table)) { if (!mydata.userId) mydata.userId = req.user._id; } if (shared_consts.TABLES_PERM_NEWREC.includes(params.table)) { if (!consentito) { mydata.verifyrec = false; } } if (params.table === shared_consts.TAB_MYGROUPS) { if (shared_consts.MYGROUPS_KEY_TO_CRYPTED in mydata) { if (mydata[shared_consts.MYGROUPS_KEY_TO_CRYPTED]) { mydata[shared_consts.MYGROUPS_KEY_TO_CRYPTED + shared_consts.SUFFIX_CRYPTED] = tools.cryptdata( mydata[shared_consts.MYGROUPS_KEY_TO_CRYPTED]); } } } if (shared_consts.TABLES_USER_INCLUDE_MY.includes(params.table)) { if (mydata.admins.length <= 0) { // Aggiungi solo se non esistono Admin: mydata.admins = []; const indfind = mydata.admins.findIndex( (rec) => (rec.username === req.user.username)); if (indfind < 0) { mydata.admins.push({username: req.user.username}); } } } delete mydata['__v']; delete mydata['__proto__']; let mytablerec = new mytable(mydata); // console.log('mytablerec', mytablerec); const mytablestrutt = globalTables.getTableByTableName(params.table); if (mydata['_id'] !== undefined && mydata['_id'] !== 0) { mytablerec.isNew = false; } if (shared_consts.TABLES_ID_NUMBER.includes(params.table)) { } else if (params.table === 'hours') { } else { if (mydata['_id'] === undefined) { mydata._id = new ObjectID(); } } const isnewrec = mytablerec.isNew; if (params.table === shared_consts.TAB_MYGROUPS && isnewrec) { // Controlla se esiste già con lo stesso nome let alreadyexist = await MyGroup.findOne({idapp, groupname: mydata.groupname}); if (alreadyexist) { return res.send({code: server_constants.RIS_CODE_REC_ALREADY_EXIST_CODE }); } alreadyexist = await MyGroup.findOne({idapp, title: mydata.title}); if (alreadyexist) { return res.send({code: server_constants.RIS_CODE_REC_ALREADY_EXIST_NAME }); } } if (shared_consts.TABLES_UPDATE_LASTMODIFIED.includes(params.table)) { mytablerec.date_updated = new Date(); } return mytablerec.save(). then(async (rec) => { if (shared_consts.TABLES_GETCOMPLETEREC.includes(params.table)) { return await mytablestrutt.getCompleteRecord(rec.idapp, rec._id); } else { return rec; } // tools.mylog('rec', rec); }).then((myrec) => { if (params.table === shared_consts.TAB_MYGROUPS && isnewrec) { // nuovo Record: // aggiungi il creatore al gruppo stesso return User.setGroupsCmd(mydata.idapp, req.user.username, myrec.groupname, shared_consts.GROUPSCMD.SETGROUP, true).then((ris) => { return res.send(myrec); }); } return res.send(myrec); }).catch((e) => { console.error('settable', e.message); if (e.code === 11000) { const id = mytablerec._id; delete mytablerec._doc['_id']; const myfields = mytablerec._doc; if (!myfields.userId) { myfields.userId = req.user._id.toString(); } return mytablestrutt.findByIdAndUpdate(id, {$set: myfields}). then(async (rec) => { return res.send(rec); }). catch((err) => { tools.mylog('error: ', err.message); return res.status(400).send(err); }); } else { console.log(e.message); } }); } catch (e) { console.error('settable', e.message); return res.status(400).send(e); } }); router.post('/setsubrec', authenticate, (req, res) => { const params = req.body; const mytable = globalTables.getTableByTableName(params.table); const mydata = req.body.data; mydata.idapp = req.user.idapp; let mytablerec = new mytable(mydata); // console.log('mytablerec', mytablerec); const mytablestrutt = globalTables.getTableByTableName(params.table); const rec = mytablestrutt.createNewSubRecord(mydata.idapp, req).then(rec => { // tools.mylog('rec', rec); return res.send(rec); }).catch((e) => { }); return res.send(rec); return mytablerec.save().then(rec => { // tools.mylog('rec', rec); return res.send(rec); }).catch((e) => { if (e.code === 11000) { const id = mytablerec._id; delete mytablerec._doc['_id']; const myfields = mytablerec._doc; if (!myfields.userId) { myfields.userId = req.user._id.toString(); } return mytablestrutt.findByIdAndUpdate(id, {$set: myfields}). then(async (rec) => { return res.send(rec); }). catch((err) => { tools.mylog('error: ', err.message); return res.status(400).send(err); }); } else { console.log(e.message); } }); }); router.post('/gettable', authenticate, (req, res) => { const params = req.body; let idapp = req.user.idapp; const mytable = globalTables.getTableByTableName(params.table); // console.log('mytable', mytable); if (!mytable) { console.log(`Table ${params.table} not found`); return res.status(400).send({}); } try { return mytable.executeQueryTable(idapp, params, req.user).then(ris => { return res.send(ris); }).catch((e) => { console.error('gettable: ' + e.message); res.status(400).send(e); }); } catch (e) { console.error(`ERROR gettable ${params.table}: `, e.message, 'params', params); res.status(500).send(e); } }); router.post('/pickup', authenticate, (req, res) => { const params = req.body; let idapp = req.user.idapp; let mytable = globalTables.getTableByTableName(params.table); // console.log('mytable', mytable); if (!mytable) { console.log(`Table ${params.table} not found`); return res.status(400).send({}); } return mytable.executeQueryPickup(idapp, params).then(ris => { return res.send(ris); }).catch((e) => { console.log(e.message); res.status(400).send(e); }); }); router.post('/getpage', async (req, res) => { const params = req.body; const idapp = req.body.idapp; const mypath = params.path; return MyPage.findOne({idapp, path: mypath}).then((ris) => { return res.send({mypage: ris}); }).catch((e) => { console.log(e.message); res.status(400).send(e); }); }); router.patch('/setlang', authenticate, async (req, res) => { const username = req.body.data.username; const idapp = req.user.idapp; const mydata = req.body.data; const lang = mydata.lang; const fieldsvalue = { lang, }; if (!!lang) { const rec = await User.findByUsername(idapp, username, false); let ris = null; if (!!rec) ris = await User.findByIdAndUpdate(rec.id, {$set: fieldsvalue}); if (!!ris) { return res.send({code: server_constants.RIS_CODE_OK, msg: ''}); } res.status(400).send(); } }); router.patch('/chval', authenticate, async (req, res) => { // const idapp = req.body.idapp; const id = req.body.data.id; const idapp = req.user.idapp; const mydata = req.body.data; try { const mytable = globalTables.getTableByTableName(mydata.table); const fieldsvalue = mydata.fieldsvalue; const unset = mydata.unset; // tools.mylogshow('PATCH CHVAL: ', id, fieldsvalue); // If I change my record... if ((!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm) && !User.isEditor(req.user.perm) && !User.isTutor(req.user.perm)) && (req.user._id.toString() !== id) && !tools.ModificheConsentite(mydata.table, fieldsvalue)) { // If without permissions, exit return res.status(404). send({code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: ''}); } const camporequisiti = UserCost.FIELDS_REQUISITI.includes( Object.keys(fieldsvalue)[0]); let allData = {}; let username = ''; if (mydata.table === 'users') { if (camporequisiti) { allData = {}; allData.myuser = await User.getUserById(idapp, id); username = allData.myuser.username; if (!!allData.myuser) allData.precDataUser = await User.getInfoUser(idapp, allData.myuser.username); else allData.precDataUser = null; // allData.useraportador = await ListaIngresso.getUserByInvitante_Username(idapp, allData.myuser.aportador_solidario); // allData.precDataAportador = await getInfoUser(idapp, allData.myuser.aportador_solidario); } } let index = 0; let recoldnave = null; let myuser = null; let mydatamsg = {}; let flotta = null; let strflotta = ''; if (shared_consts.TABLES_UPDATE_LASTMODIFIED.includes(mydata.table)) { fieldsvalue.date_updated = new Date(); } const numobj = tools.getNumObj(fieldsvalue); if (numobj === 1 && fieldsvalue['_id']) { const myrec = await mytable.findById(id); const myidDel = myrec['_id']; myrec['_id'] = fieldsvalue['_id']; return await mytable.insertMany(myrec).then((ris) => { if (ris) { return mytable.deleteMany({_id: myidDel}).then((risdel) => { return res.send({code: server_constants.RIS_CODE_OK, msg: ''}); }); } else { return res.status(404).send(); } }); } const updatebot = UserCost.FIELDS_UPDATE_TELEGRAM_BOT.includes(Object.keys(fieldsvalue)[0]); tools.refreshAllTablesInMem(idapp, mydata.table, updatebot, username); if (mydata.table === shared_consts.TAB_SETTINGS) { if (shared_consts.KEY_TO_CRYPTED.includes(fieldsvalue.key)) { fieldsvalue.crypted = true; fieldsvalue.value_str = tools.cryptdata(fieldsvalue.value_str); } } if (mydata.table === shared_consts.TAB_SITES) { if (shared_consts.SITES_KEY_TO_CRYPTED in fieldsvalue) { fieldsvalue[shared_consts.SITES_KEY_TO_CRYPTED] = tools.cryptdata( fieldsvalue[shared_consts.SITES_KEY_TO_CRYPTED]); } } return await mytable.findByIdAndUpdate(id, {$set: fieldsvalue}). then(async (rec) => { // tools.mylogshow(' REC TO MODIFY: ', rec); if (!rec) { return res.status(404).send(); } else { let addmsg = ''; if (mydata.notifBot) { // Send Notification to the BOT await telegrambot.sendMsgTelegram(idapp, mydata.notifBot.un, mydata.notifBot.txt); if (!!addmsg) await telegrambot.sendMsgTelegram(idapp, mydata.notifBot.un, addmsg); let addtext = '[Msg Inviato a ' + mydata.notifBot.un + ']:' + '\n' + mydata.notifBot.txt; telegrambot.sendMsgTelegramToTheManagers(idapp, addtext, true); if (!!flotta) tools.writeFlottaLog(idapp, addtext, flotta.riga, flotta.col_prima); } if (mydata.table === 'users') { if (camporequisiti) { await User.checkIfSbloccatiRequisiti(idapp, allData, id); } if ('aportador_solidario' in fieldsvalue) { let ind_order_ingr = mydata.ind_order_ingr; // SERVE SE CI METTO LE MINUSCOLE/MAIUSCOLE SBAGLIATE in invitante_username! const myuserfound = await User.findByUsername(idapp, fieldsvalue.aportador_solidario, false); if (!!myuserfound) { if (!!myuserfound._id && !myuserfound.deleted) { const aportador = await User.getUsernameById(idapp, myuserfound._id); fieldsvalue.aportador_solidario = aportador; //Aggiorna record ! await mytable.findByIdAndUpdate(id, {$set: fieldsvalue}); } } else { res.send( { code: server_constants.RIS_CODE_ERR, msg: 'Non aggiornato', }); res.status(400).send(); return false; } } else if ('deleted' in fieldsvalue) { let msg = ''; if (fieldsvalue.deleted) msg = 'cancellato (nascosto)'; else msg = 'Ripristinato'; await telegrambot.sendMsgTelegramToTheManagers(idapp, `L\'utente ` + tools.getNomeCognomeEUserNameByUser(rec) + ` è stato ${msg} da ` + tools.getNomeCognomeEUserNameByUser(req.user)); } } if (tools.ModificheConsentite(mydata.table, fieldsvalue)) { let msg = ''; if (mydata.table === 'users') { if ('aportador_solidario' in fieldsvalue) { const nomecognomenuovo = await User.getNameSurnameByUsername( idapp, fieldsvalue.aportador_solidario); const nomecognomeas = await User.getNameSurnameByUsername( idapp, rec.aportador_solidario); msg = `Variato l'invitante di ` + tools.getNomeCognomeEUserNameByUser(rec) + '\nmodificato da ' + tools.getNomeCognomeEUserNameByUser(req.user) + ' \n' + 'Prima: ' + nomecognomeas + ' (' + rec.aportador_solidario + ')\n' + 'Dopo: ' + nomecognomenuovo + ' (' + fieldsvalue.aportador_solidario + ') ]'; // Metti l'iniziale if (!await User.AportadorOrig(id)) { await mytable.findByIdAndUpdate(id, {$set: {aportador_iniziale: fieldsvalue.aportador_solidario}}, {new: false}); } } } if (msg !== '') telegrambot.sendMsgTelegramToTheManagers(idapp, msg); } res.send({code: server_constants.RIS_CODE_OK, msg: ''}); } }). catch((e) => { tools.mylogserr('Error patch USER: ', e.message); res.status(400).send(); }); } catch (e) { tools.mylogserr('Error chval: ', e.message); res.status(400).send(); } }); router.patch('/askfunz', authenticate, async (req, res) => { // const idapp = req.body.idapp; const id = req.body.data.id; // const ind_order = req.body.data.ind_order; // const username = req.body.data.username; const idapp = req.user.idapp; const mydata = req.body.data; let entra = false; if (!entra) { // If I change my record... if ((!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm) && !User.isTutor(req.user.perm)) && (req.user._id.toString() !== id)) { // If without permissions, exit return res.status(404). send({code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: ''}); } } if (mydata.myfunc === shared_consts.CallFunz.DAMMI_PRIMO_UTENTE_LIBERO) { const userfree = await Graduatoria.getFirstUserGradFree(idapp); if (!!userfree) return res.send({code: server_constants.RIS_CODE_OK, out: userfree}); /*} else if (mydata.myfunc === shared_consts.CallFunz.GET_VALBYTABLE) { const mytable = globalTables.getTableByTableName(mydata.table); const coltoshow = { [mydata.coltoshow]: 1 }; const ris = await mytable.findOne({ _id: id }, coltoshow); return ris; } else if (mydata.myfunc === shared_consts.CallFunz.SET_VALBYTABLE) { const mytable = globalTables.getTableByTableName(mydata.table); const value = mydata.value; const coltoset = { [mydata.coltoshow]: value }; const ris = await mytable.findOneAndUpdate({ _id: id }, { $set: coltoset }, { new: false }); if (!!ris) return res.send({ code: server_constants.RIS_CODE_OK });*/ } return res.send({code: server_constants.RIS_CODE_ERR}); }); router.patch('/callfunz', authenticate, async (req, res) => { // const idapp = req.body.idapp; const id = req.body.data.id; // const ind_order = req.body.data.ind_order; const username = req.body.data.username; const idapp = req.user.idapp; const mydata = req.body.data; // const telegrambot = require('../telegram/telegrambot'); try { let entra = false; if (mydata.myfunc === shared_consts.CallFunz.AGGIUNGI_NUOVO_IMBARCO || mydata.myfunc === shared_consts.CallFunz.CANCELLA_IMBARCO) { entra = true; } if (!entra) { // If I change my record... if ((!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm) && !User.isTutor(req.user.perm)) && (req.user._id.toString() !== id)) { // If without permissions, exit return res.status(404). send({code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: ''}); } } let myuser = await User.findOne({idapp, username}); let fieldsvalue = {}; if (mydata.myfunc === shared_consts.CallFunz.ZOOM_GIA_PARTECIPATO) { if (!!myuser.username) { let FormDaMostrare = telegrambot.getFormDaMostrare(idapp, mydata.myfunc, myuser); await telegrambot.sendMsgTelegramToTheManagers(idapp, `L\'utente ${myuser.name} ${myuser.surname} (${myuser.username}) ha detto di aver già visto lo Zoom di Benvenuto`, false, FormDaMostrare); const ris = await User.findByIdAndUpdate(myuser.id, {$set: {'profile.ask_zoom_partecipato': true}}); if (ris) return res.send({code: server_constants.RIS_CODE_OK, msg: ''}); } } return res.send({code: server_constants.RIS_CODE_ERR}); } catch (e) { console.log(e.message); res.status(400).send(); } }); router.get('/copyfromapptoapp/:idapporig/:idappdest', async (req, res) => { // const idapporig = req.params.idapporig; // const idappdest = req.params.idappdest; // if (!idapporig || !idappdest) // res.status(400).send(); // // const mytablesstr = ['settings', 'users', 'templemail']; // // try { // let numrectot = 0; // for (const table of mytablesstr) { // const mytable = globalTables.getTableByTableName(table); // // tools.mylogshow('copyfromapptoapp: ', table, mytable); // // await mytable.DuplicateAllRecords(idapporig, idappdest).then((numrec) => { // // tools.mylogshow(' REC TO MODIFY: ', rec); // numrectot += numrec // }); // } // // res.send({ code: server_constants.RIS_CODE_OK, msg: '', numrectot }); // // } catch (e) { // tools.mylogserr('Error copyfromapptoapp: ', e); // res.status(400).send(); // } }); router.delete('/delrec/:table/:id', authenticate, async (req, res) => { const id = req.params.id; // const idapp = req.user.idapp; const tablename = req.params.table; // let notifBot = false; // const idapp = req.body.idapp; console.log('id', id, 'table', tablename); const mytable = globalTables.getTableByTableName(tablename); const fields = {'ALL': 1}; if ((!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm)) && (tablename !== 'extralist') && !tools.ModificheConsentite(tablename, fields, id, req.user)) { // If without permissions, exit return res.status(404). send({code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: ''}); } let cancellato = false; //++Tools: Notify... tools.NotifyIfDelRecord(tablename); if (!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm)) { if (tablename === 'users') { let fieldsvalue = { deleted: true, date_deleted: new Date(), }; await mytable.findByIdAndUpdate(id, {$set: fieldsvalue}); cancellato = true; } } let ris = null; if (!cancellato) { // ELIMINA VERAMENTE IL RECORD !!! ris = await mytable.findByIdAndRemove(id).then((rec) => { if (!rec) { // res.status(404).send(); return false; } if (tablename === shared_consts.TAB_MYGROUPS) { // Se è un gruppo, allora cancella anche tutti i suoi riferimenti User.removeAllUsersFromMyGroups(rec.idapp, rec.groupname); } tools.refreshAllTablesInMem(rec.idapp, tablename, true, rec.username); cancellato = true; tools.mylog('DELETED ', rec._id); return true; }).catch((e) => { console.log(e.message); res.status(400).send(); }); } if (cancellato) { // Do extra things after deleted //let ris2 = await actions.doOtherlasThingsAfterDeleted(tablename, myrec, notifBot, req); if (!!ris) { return res.send({code: server_constants.RIS_CODE_OK, msg: ''}); } } res.send({code: server_constants.RIS_CODE_ERR, msg: ''}); return ris; }); router.post('/duprec/:table/:id', authenticate, (req, res) => { const id = req.params.id; const tablename = req.params.table; // const idapp = req.body.idapp; console.log('id', id, 'table', tablename); const mytable = globalTables.getTableByTableName(tablename); if (!req.user) { return res.status(404). send({code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: ''}); } if (!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm)) { // If without permissions, exit return res.status(404). send({code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: ''}); } return mytable.findById(id).then((mydata) => { const datadup = tools.CloneRecordToNew(mydata); const mynewrec = new mytable(datadup); return mynewrec.save().then((rec) => { if (!rec) { return res.status(404).send(); } tools.mylog('DUPLICATED ', rec); // Do extra things after deleted return actions.doOtherThingsAfterDuplicated(tablename, rec). then(({myrec}) => { // ... mytable.findById(myrec._id).then((record) => { return res.send( {code: server_constants.RIS_CODE_OK, record, msg: ''}); }); }); }).catch((e) => { console.error(e.message); res.status(400).send(); }); }); }); router.get('/loadsite/:userId/:idapp', authenticate_noerror, (req, res) => { load(req, res, '0'); }); router.get('/loadsite/:userId/:idapp/:vers', authenticate_noerror, (req, res) => { let versionstr = req.params.vers; let version = tools.getVersionint(versionstr); load(req, res, version); }); function load(req, res, version) { const userId = req.params.userId; const idapp = req.params.idapp; if (!version) { version = '0'; } let gestoredelSito = '0'; if (!!req.user) { gestoredelSito = (User.isAdmin(req.user.perm) || User.isManager(req.user.perm) || User.isEditor(req.user.perm)) ? '1' : '0'; } // var category = req.params.category; // tools.mylog('loadsite : ', req.params); let bookedevent = []; // let msgs = []; let socioresidente = false; if (!!req.user) socioresidente = req.user.profile.socioresidente; if (userId !== '0') { // LOGGED WITH USERID bookedevent = Booking.findAllByUserIdAndIdApp(userId, idapp, gestoredelSito); } // Extract all the todos of the userId only const eventlist = MyEvent.findAllIdApp(socioresidente, idapp); const operators = Operator.findAllIdApp(idapp); const internalpages = MyPage.findInternalPages(idapp); const wheres = Where.findAllIdApp(idapp); const contribtype = Contribtype.findAllIdApp(idapp); const paymenttype = PaymentType.findAllIdApp(idapp); const disciplines = Discipline.findAllIdApp(idapp); const settings = Settings.findAllIdApp(idapp, false, false); const permissions = Permission.findAllIdApp(); let newstosent = Promise.resolve([]); let mailinglist = Promise.resolve([]); let mypage; if (version > 91) mypage = MyPage.findOnlyStruttRec(idapp); else mypage = MyPage.findAllIdApp(idapp); let calzoom = CalZoom.findAllIdApp(idapp); let gallery = Promise.resolve([]); if (gestoredelSito) { gallery = Gallery.findAllIdApp(idapp); } let producers = Producer.findAllIdApp(idapp); let groups = Group.findAllIdApp(idapp); // .... let resps = User.getusersRespList(idapp); let workers = User.getusersWorkersList(idapp); let storehouses = Storehouse.findAllIdApp(idapp); let departments = Department.findAllIdApp(idapp); // SKILLS: let levels = Level.findAllIdApp(idapp); let adtypes = AdType.findAllIdApp(idapp); let adtypegoods = AdTypeGood.findAllIdApp(idapp); let skills = Skill.findAllIdApp(idapp); let goods = Good.findAllIdApp(idapp); //let subSkills = SubSkill.findAllIdApp(idapp); let statusSkills = StatusSkill.findAllIdApp(idapp); let sectors = Sector.findAllIdApp(idapp); let sectorgoods = SectorGood.findAllIdApp(idapp); let catgrps = CatGrp.findAllIdApp(idapp); let cities = City.findAllIdApp(idapp); let cart = null; let orderscart = null; if (gestoredelSito) { newstosent = Newstosent.findAllIdApp(idapp); } let calcstat = null; if (req.user) { calcstat = User.calculateStat(idapp, req.user.username); cart = Cart.getCartByUserId(req.user.id, idapp); if (User.isManager(req.user.perm)) { // Prende Tutti gli Ordini ! orderscart = OrdersCart.getOrdersCartByUserId('ALL', idapp, 0); } else { orderscart = OrdersCart.getOrdersCartByUserId(req.user.id, idapp, 0); } } let askedfriends = []; let myuserextra = null; if (req.user) { // askedfriends = User.getAskedFriendsByUsername(idapp, req.user.username); myuserextra = User.addExtraInfo(idapp, req.user); } return Promise.all([ bookedevent, eventlist, operators, wheres, contribtype, settings, permissions, disciplines, newstosent, mailinglist, mypage, gallery, paymenttype, calcstat, calzoom, producers, cart, storehouses, departments, orderscart, groups, resps, workers, internalpages, levels, skills, //subSkills, myuserextra, sectors, statusSkills, cities, catgrps, adtypes, adtypegoods, sectorgoods, goods, ]).then((arrdata) => { // console.table(arrdata); let myuser = req.user; if (myuser) { try { myuser = arrdata[26]; if (myuser) { myuser.password = ''; myuser.calcstat = arrdata[13]; } } catch (e) {} } if (version < 91) { res.send({ bookedevent: arrdata[0], eventlist: arrdata[1], operators: arrdata[2], wheres: arrdata[3], contribtype: arrdata[4], settings: arrdata[5], permissions: arrdata[6], disciplines: arrdata[7], newstosent: arrdata[8], mailinglist: arrdata[9], mypage: arrdata[10], gallery: arrdata[11], paymenttypes: arrdata[12], calzoom: arrdata[14], producers: arrdata[15], cart: arrdata[16], storehouses: arrdata[17], departments: arrdata[18], orders: arrdata[19], groups: arrdata[20], resps: arrdata[21], workers: arrdata[22], myuser, internalpages: arrdata[23], }); } else { res.send({ bookedevent: arrdata[0], eventlist: arrdata[1], operators: arrdata[2], wheres: arrdata[3], contribtype: arrdata[4], settings: arrdata[5], permissions: arrdata[6], disciplines: arrdata[7], newstosent: arrdata[8], mailinglist: arrdata[9], mypage: arrdata[10], gallery: arrdata[11], paymenttypes: arrdata[12], calzoom: arrdata[14], producers: arrdata[15], cart: arrdata[16], storehouses: arrdata[17], departments: arrdata[18], orders: arrdata[19], groups: arrdata[20], resps: arrdata[21], workers: arrdata[22], myuser, internalpages: arrdata[23], levels: arrdata[24], skills: arrdata[25], // subSkills: arrdata[26], // myuser arrdata[26] sectors: arrdata[27], statusSkills: arrdata[28], cities: arrdata[29], catgrps: arrdata[30], adtypes: arrdata[31], adtypegoods: arrdata[32], sectorgoods: arrdata[33], goods: arrdata[34], }); } }).catch((e) => { console.log(e.message); res.status(400).send(e); }); } router.get(process.env.LINK_CHECK_UPDATES, authenticate, async (req, res) => { const userId = req.user._id; const idapp = req.query.idapp; // console.log("POST " + process.env.LINK_CHECK_UPDATES + " userId=" + userId); if (!ObjectID.isValid(userId)) { return res.status(404).send(); } await cfgserver.find({idapp}).then((arrcfgrec) => { if (!arrcfgrec) return res.status(404).send(); // ++Todo: Add to Log Stat .... // const sall = '0'; // msgs = SendMsg.findAllByUserIdAndIdApp(userId, req.user.username, req.user.idapp); let last_msgs = SendMsg.findLastGroupByUserIdAndIdApp(userId, req.user.username, idapp); let usersList = null; if (req.user) { // If User is Admin, then send user Lists if (User.isAdmin(req.user.perm) || User.isEditor(req.user.perm) || User.isManager(req.user.perm)) { // Send UsersList usersList = User.getUsersList(idapp); // usersList = null; } } return Promise.all([usersList, last_msgs]).then((arrdata) => { // console.table(arrdata); return res.send({ cfgServer: arrcfgrec, usersList: arrdata[0], last_msgs: arrdata[1], }); }); }).catch((e) => { console.log(e.message); res.status(400).send({code: server_constants.RIS_CODE_ERR, msg: e}); }); }); router.post('/upload_from_other_server/:dir', authenticate, (req, res) => { // const dir = req.params.dir; // const idapp = req.user.idapp; /* const form = new formidable.IncomingForm(); form.parse(req); const client = new ftp(process.env.FTPSERVER_HOST, process.env.FTPSERVER_PORT, process.env.FTPSERVER_USER + idapp + '@associazioneshen.it', process.env.FTPSERVER_PWD + idapp, false, 134217728); // SSL_OP_NO_TLSv1_2 = 134217728 // console.log('client', client); form.uploadDir = folder + '/' + dir; try { form.on('fileBegin', async function (name, file){ file.path = folder + '/' + file.name; }); form.on('file', async function (name, file){ try { // Create directory remote if (!!dir) await client.createDir(dir); const miofile = (dir) ? dir + ` / ` + file.name : file.name; console.log('Upload...'); const ret = await client.upload(file.path, miofile, 755); console.log('Uploaded ' + file.name, 'status:', ret); if (!ret) res.status(400).send(); else { // Delete file from local directory fs.unlinkSync(file.path); res.end(); } }catch (e) { console.log('error', e); res.status(400).send(); } }); form.on('aborted', () => { console.error('Request aborted by the user'); res.status(400).send(); }); form.on('error', (err) => { console.error('Error Uploading', err); res.status(400).send(); }); } catch (e) { console.log('Error', e) } */ }); function uploadFile(req, res, version) { // console.log('/upload dir:' + dir); const dir = tools.invertescapeslash(req.params.dir); const idapp = req.user.idapp; const form = new formidable.IncomingForm(); form.parse(req); let dirmain = '/statics'; if (version > 0) { if (tools.sulServer()) { dirmain = ''; } else { dirmain = '/public'; } } form.uploadDir = folder + '/' + dir; try { form.on('fileBegin', async function(name, file) { file.path = folder + '/' + file.name; }); form.on('file', async function(name, file) { try { console.log('1) Uploading ' + file.name); const mydir = tools.getdirByIdApp(idapp) + dirmain + server_constants.DIR_UPLOAD + '/' + dir; // Create Dir if doesn't exist: const rismk = tools.mkdirpath(mydir); let filename = file.name; let ext = path.extname(filename); //++Todo: Modifica del nomefile... da passare al frontend //if (mydir.includes('profile')) { // filename = uuidv4() + ext; //} file.name = filename; let newname = mydir + '/' + file.name; let resized_img = mydir + '/' + server_constants.PREFIX_IMG + filename; oldpath = file.path; file.path = newname; // Move in the folder application ! tools.move(oldpath, newname, (err) => { if (err) { console.log('err uploadDir:', err); res.status(400).send(); } else { // Salva le immagini in formato compresso try { let resized_img_small = tools.extractFilePath(newname) + '/' + server_constants.PREFIX_IMG_SMALL + tools.extractFileName(newname); // SMALL // questa opzione 'failOnError' serve per risolvere l'errore (Error: VipsJpeg: Invalid SOS parameters for sequential JPEG sharp(newname, { failOnError: false }). resize(64, 64). withMetadata(). toFile(resized_img_small); // MEDIUM let resized_img = tools.extractFilePath(newname) + '/' + server_constants.PREFIX_IMG + tools.extractFileName(newname); sharp(newname, { failOnError: false }). resize( { width: 512, height: 512, fit: sharp.fit.cover, position: sharp.strategy.entropy }) .withMetadata() .toFile(resized_img, function(err) { // console.log('3) Ridimensionata Immagine ' + newname, 'in', resized_img); if (tools.isFileExists(resized_img)) { // console.log('4) Cancella l \'immagine grande originale:', newname); // DELETE THE ORIGINAL BIG tools.delete(newname, false, () => {}); // console.log('5) Rinomina l\'immagine Media da', resized_img, 'a:', newname); // RENAME THE MEDIUM IN THE ORIGINAL NAME tools.move(resized_img, newname, (err) => { if (err) console.error('err', err); else console.log('move', newname); }); } if (err) console.error('Error Upload: ', err); }); } catch (e) { console.error('Error Upload(2) ', e); } } res.end(); // console.log('res.end'); // return res.send({filename: newname }); }); } catch (e) { console.log('error', e); res.status(400).send(); } }); form.on('end', function() { // console.log('-> upload done'); }); form.on('aborted', () => { console.error('Request aborted by the user'); res.status(400).send(); }); form.on('error', (err) => { console.error('Error Uploading', err); res.status(400).send(); }); } catch (e) { console.log('Error', e); } } router.post('/upload/:dir', authenticate, (req, res) => { return uploadFile(req, res, 0); }); router.post('/uploadnew/:vers/:dir/', authenticate, (req, res) => { let versionstr = req.params.vers; let version = tools.getVersionint(versionstr); try { return uploadFile(req, res, version); } catch (e) { console.log('error', e); res.status(400).send(); } }); router.delete('/delfile/:vers', authenticate, (req, res) => { let versionstr = req.params.vers; let version = tools.getVersionint(versionstr); deleteFile(req, res, version); }); router.delete('/delfile', authenticate, (req, res) => { deleteFile(req, res, 0); }); function deleteFile(req, res, version) { const relativefile = req.query.filename; const idapp = req.user.idapp; try { let dirmain = ''; if (version > 0) { if (tools.sulServer() !== 1) { dirmain = '/public'; } } try { console.log('Delete file ' + relativefile); // ++ Move in the folder application ! let fullpathfile = tools.getdirByIdApp(idapp) + dirmain + '/' + relativefile; tools.delete(fullpathfile, true, (err) => { if (err) console.log('err', err); if (err === undefined || err.errno === -2) res.send({code: server_constants.RIS_CODE_OK, msg: ''}); }); } catch (e) { console.log('error', e); res.status(400).send(); } } catch (e) { console.log('Error', e); } } module.exports = router;