const express = require('express'); const router = express.Router(), fs = require('fs'), path = require('path'); const { authenticate, authenticate_noerror } = require('../middleware/authenticate'); const { ObjectID } = require('mongodb'); const mongoose = require('mongoose'); const cfgserver = mongoose.model('cfgserver'); const ftp = require('../ftp/FTPClient'), formidable = require('formidable'), folder = path.join(__dirname, 'upload'); if (!fs.existsSync(folder)) { fs.mkdirSync(folder) } const _ = require('lodash'); const { User } = require('../models/user'); const { Booking } = require('../models/booking'); const { Operator } = require('../models/operator'); const { Where } = require('../models/where'); const { MyEvent } = require('../models/myevent'); const { Contribtype } = require('../models/contribtype'); const { Discipline } = require('../models/discipline'); const { Newstosent } = require('../models/newstosent'); const { MyPage } = require('../models/mypage'); const { Gallery } = require('../models/gallery'); const { TemplEmail } = require('../models/templemail'); const { OpzEmail } = require('../models/opzemail'); const { MailingList } = require('../models/mailinglist'); const { Settings } = require('../models/settings'); const { SendMsg } = require('../models/sendmsg'); const { Permission } = require('../models/permission'); const tools = require('../tools/general'); const server_constants = require('../tools/server_constants'); const actions = require('./api/actions'); router.post(process.env.LINKVERIF_REG, (req, res) => { const body = _.pick(req.body, ['idapp', 'idlink']); const idapp = body.idapp; const idlink = body.idlink; console.log("LINKVERIF_REG POST " + process.env.LINKVERIF_REG + " idapp= " + idapp + " idlink = " + idlink); // Cerco l'idlink se è ancora da Verificare User.findByLinkreg(idapp, idlink).then((user) => { if (!user) { //console.log("NON TROVATO!"); return res.status(404).send(); } else { if (user.verified_email) { res.send({ code: server_constants.RIS_CODE_EMAIL_ALREADY_VERIFIED, msg: res.__("L'Email è già stata Verificata.") }); } else { user.verified_email = true; user.lasttimeonline = new Date(); user.save().then(() => { //console.log("TROVATOOOOOO!"); res.send({ code: server_constants.RIS_CODE_EMAIL_VERIFIED, msg: res.__('Email Verificata!') }); }); } } }).catch((e) => { console.log(e); res.status(400).send(); }); }); // Faccio richiesta di una Nuova Password router.post(process.env.LINK_REQUEST_NEWPASSWORD, (req, res) => { const body = _.pick(req.body, ['idapp', 'email']); const idapp = body.idapp; const email = body.email; console.log("POST " + process.env.LINK_REQUEST_NEWPASSWORD + " idapp= " + idapp + " email = " + email); User.findByEmail(idapp, email).then((user) => { if (!user) { return res.status(404).send(); } else { // Creo il tokenforgot user.tokenforgot = jwt.sign(user._id.toHexString(), process.env.SIGNCODE).toString(); user.date_tokenforgot = new Date(); user.lasttimeonline = new Date(); user.save().then(async () => { await sendemail.sendEmail_RequestNewPassword(res.locale, user.email, user.idapp, user.tokenforgot); res.send({ code: server_constants.RIS_CODE_OK, msg: '' }); }); } }).catch((e) => { console.log(e); res.status(400).send(); res.send({ code: server_constants.RIS_CODE_ERR, msg: e }); }); }); // Invio la Nuova Password richiesta dal reset! // Ritorna il token per poter effettuare le chiamate... router.post(process.env.LINK_UPDATE_PASSWORD, (req, res) => { var body = _.pick(req.body, ['idapp', 'email', 'tokenforgot', 'password']); var idapp = body.idapp; var email = body.email; var tokenforgot = body.tokenforgot; var password = body.password; console.log("POST " + process.env.LINK_UPDATE_PASSWORD + " idapp= " + idapp + " email = " + email + " tokenforgot = " + tokenforgot); User.findByLinkTokenforgot(idapp, email, tokenforgot).then((user) => { if (!user) { return res.status(404).send(); } else { // aggiorna la nuova password user.password = password; user.lasttimeonline = new Date(); // Crea token user.generateAuthToken(req).then(token => { user.tokenforgot = ''; // Svuota il tokenforgot perché non ti servirà più... // Salva lo User user.save().then(() => { res.header('x-auth', token).send({ user }); // Ritorna il token di ritorno }); }) } }).catch((e) => { console.log(e); res.status(400).send(); }); }); function getTableByTableName(tablename) { mytable = ''; if (tablename === 'users') mytable = User; else if (tablename === 'bookings') mytable = Booking; else if (tablename === 'operators') mytable = Operator; else if (tablename === 'sendmsgs') mytable = SendMsg; else if (tablename === 'wheres') mytable = Where; else if (tablename === 'myevents') mytable = MyEvent; else if (tablename === 'contribtype') mytable = Contribtype; else if (tablename === 'disciplines') mytable = Discipline; else if (tablename === 'newstosent') mytable = Newstosent; else if (tablename === 'gallery') mytable = Gallery; else if (tablename === 'mypage') mytable = MyPage; else if (tablename === 'templemail') mytable = TemplEmail; else if (tablename === 'opzemail') mytable = OpzEmail; else if (tablename === 'settings') mytable = Settings; else if (tablename === 'permissions') mytable = Permission; else if (tablename === 'mailinglist') mytable = MailingList; return mytable } router.post('/settable', authenticate, (req, res) => { const params = req.body; const mytable = getTableByTableName(params.table); const mydata = req.body.data; mydata.idapp = req.user.idapp; if (params.table === 'permissions') { if (mydata["_id"] === undefined) { mydata._id = 1; } } else { if (mydata["_id"] === undefined) { mydata._id = new ObjectID() } } mytablerec = new mytable(mydata); console.log('mytablerec', mytablerec); return mytablerec.save() .then(rec => { // tools.mylog('rec', rec); return res.send(rec); }).catch((e) => { console.log(e); res.status(400).send(e); }); }); router.post('/gettable', authenticate, (req, res) => { const params = req.body; const mytable = getTableByTableName(params.table); // console.log('mytable', mytable); if (!mytable) { console.log(`Table ${params.table} not found`); return res.status(400).send({}); } return mytable.executeQueryTable(req.user.idapp, params).then(ris => { return res.send(ris); }).catch((e) => { console.log(e); res.status(400).send(e); }); }); router.patch('/chval', authenticate, (req, res) => { // const idapp = req.body.idapp; const id = req.body.data.id; const mydata = req.body.data; const mytable = getTableByTableName(mydata.table); const fieldsvalue = mydata.fieldsvalue; tools.mylogshow('PATCH CHVAL: ', id, fieldsvalue); // If I change my record... if ((!User.isAdmin(req.user) && !User.isManager(req.user)) || (req.user._id === id)) { // If without permissions, exit return res.status(404).send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' }); } mytable.findByIdAndUpdate(id, { $set: fieldsvalue }).then((rec) => { tools.mylogshow(' REC TO MODIFY: ', rec); if (!rec) { return res.status(404).send(); } else { res.send({ code: server_constants.RIS_CODE_OK, msg: '' }); } }).catch((e) => { tools.mylogserr('Error patch USER: ', e); res.status(400).send(); }) }); router.delete('/delrec/:table/:id', authenticate, (req, res) => { const id = req.params.id; const tablename = req.params.table; // const idapp = req.body.idapp; console.log('id', id, 'table', tablename); const mytable = getTableByTableName(tablename); if (!User.isAdmin(req.user) && !User.isManager(req.user)) { // If without permissions, exit return res.status(404).send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' }); } return mytable.findByIdAndRemove(id).then((rec) => { if (!rec) { return res.status(404).send(); } tools.mylog('DELETED ', rec._id); // Do extra things after deleted return actions.doOtherThingsAfterDeleted(tablename, rec).then((ris) => { if (ris) { tools.mylog('DELETED Others things ...'); return res.send({ code: server_constants.RIS_CODE_OK, msg: '' }); } }); }).catch((e) => { console.log(e); res.status(400).send(); }); }); router.post('/duprec/:table/:id', authenticate, (req, res) => { const id = req.params.id; const tablename = req.params.table; // const idapp = req.body.idapp; console.log('id', id, 'table', tablename); const mytable = getTableByTableName(tablename); if (!User.isAdmin(req.user) && !User.isManager(req.user)) { // If without permissions, exit return res.status(404).send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' }); } return mytable.findById(id).then((mydata) => { const datadup = tools.CloneRecordToNew(mydata); const mynewrec = new mytable(datadup); return mynewrec.save() .then((rec) => { if (!rec) { return res.status(404).send(); } tools.mylog('DUPLICATED ', rec); // Do extra things after deleted return actions.doOtherThingsAfterDuplicated(tablename, rec).then(({ myrec }) => { // ... mytable.findById(myrec._id).then((record) => { return res.send({ code: server_constants.RIS_CODE_OK, record, msg: '' }); }); }); }).catch((e) => { console.error(e); res.status(400).send(); }); }) }); function doOtherThingsAfterDeleted() { } router.get('/loadsite/:userId/:idapp/:sall', authenticate_noerror, (req, res) => { const userId = req.params.userId; const idapp = req.params.idapp; const sall = req.params.sall; // var category = req.params.category; // tools.mylog('loadsite : ', req.params); let bookedevent = []; let msgs = []; if (userId !== '0') { // LOGGED WITH USERID bookedevent = Booking.findAllByUserIdAndIdApp(userId, idapp, sall); } // Extract all the todos of the userId only const eventlist = MyEvent.findAllIdApp(idapp); const operators = Operator.findAllIdApp(idapp); const wheres = Where.findAllIdApp(idapp); const contribtype = Contribtype.findAllIdApp(idapp); const disciplines = Discipline.findAllIdApp(idapp); const settings = Settings.findAllIdApp(idapp, false); const permissions = Permission.findAllIdApp(); let newstosent = Promise.resolve([]); let mailinglist = Promise.resolve([]); let mypage = MyPage.findAllIdApp(idapp); let gallery = Gallery.findAllIdApp(idapp); if (sall) { newstosent = Newstosent.findAllIdApp(idapp); } return Promise.all([bookedevent, eventlist, operators, wheres, contribtype, settings, permissions, disciplines, newstosent, mailinglist, mypage, gallery]) .then((arrdata) => { // console.table(arrdata); const myuser = req.user; if (myuser) { myuser.password = ''; } res.send({ bookedevent: arrdata[0], eventlist: arrdata[1], operators: arrdata[2], wheres: arrdata[3], contribtype: arrdata[4], settings: arrdata[5], permissions: arrdata[6], disciplines: arrdata[7], newstosent: arrdata[8], mailinglist: arrdata[9], mypage: arrdata[10], gallery: arrdata[11], myuser, }); }) .catch((e) => { console.log(e); res.status(400).send(e); }); }); router.get(process.env.LINK_CHECK_UPDATES, authenticate, (req, res) => { const userId = req.user._id; // console.log("POST " + process.env.LINK_CHECK_UPDATES + " userId=" + userId); if (!ObjectID.isValid(userId)) { return res.status(404).send(); } cfgserver.find().then((arrcfgrec) => { if (!arrcfgrec) return res.status(404).send(); // ++Todo: Add to Log Stat .... // const sall = '0'; // msgs = SendMsg.findAllByUserIdAndIdApp(userId, req.user.username, req.user.idapp); last_msgs = SendMsg.findLastGroupByUserIdAndIdApp(userId, req.user.username, req.user.idapp); let usersList = null; if (req.user) { // If User is Admin, then send user Lists if (User.isAdmin(req.user)) { // Send UsersList usersList = User.getUsersList(req.user.idapp) } } return Promise.all([usersList, last_msgs]) .then((arrdata) => { // console.table(arrdata); return res.send({ cfgServer: arrcfgrec, usersList: arrdata[0], last_msgs: arrdata[1], }); }); }).catch((e) => { console.log(e); res.status(400).send({ code: server_constants.RIS_CODE_ERR, msg: e }); }); }); router.post('/upload_from_other_server/:dir', authenticate, (req, res) => { const dir = req.params.dir; const idapp = req.user.idapp; /* const form = new formidable.IncomingForm(); form.parse(req); const client = new ftp(process.env.FTPSERVER_HOST, process.env.FTPSERVER_PORT, process.env.FTPSERVER_USER + idapp + '@associazioneshen.it', process.env.FTPSERVER_PWD + idapp, false, 134217728); // SSL_OP_NO_TLSv1_2 = 134217728 // console.log('client', client); form.uploadDir = folder + '/' + dir; try { form.on('fileBegin', async function (name, file){ file.path = folder + '/' + file.name; }); form.on('file', async function (name, file){ try { // Create directory remote if (!!dir) await client.createDir(dir); const miofile = (dir) ? dir + `/` + file.name : file.name; console.log('Upload...'); const ret = await client.upload(file.path, miofile, 755); console.log('Uploaded ' + file.name, 'status:', ret); if (!ret) res.status(400).send(); else { // Delete file from local directory fs.unlinkSync(file.path); res.end(); } }catch (e) { console.log('error', e); res.status(400).send(); } }); form.on('aborted', () => { console.error('Request aborted by the user'); res.status(400).send(); }); form.on('error', (err) => { console.error('Error Uploading', err); res.status(400).send(); }); } catch (e) { console.log('Error', e) } */ }); router.post('/upload/:dir', authenticate, (req, res) => { const dir = req.params.dir; const idapp = req.user.idapp; // console.log('/upload dir:' + dir); const form = new formidable.IncomingForm(); form.parse(req); form.uploadDir = folder + '/' + dir; try { form.on('fileBegin', async function (name, file) { file.path = folder + '/' + file.name; }); form.on('file', async function (name, file) { try { console.log('Uploaded ' + file.name); const mydir = tools.getdirByIdApp(idapp) + '/statics/upload/' + dir; // Create Dir if doesn't exist: tools.mkdirpath(mydir); newname = mydir + '/' + file.name; console.log('move from ', file.path, 'to :', newname); // For local: ... resolve this... sending through the static folder... // res.sendFile(path.resolve(file.name)); // Move in the folder application ! tools.move(file.path, newname, (err) => { console.log('err:', err); res.end(); }); } catch (e) { console.log('error', e); res.status(400).send(); } }); form.on('aborted', () => { console.error('Request aborted by the user'); res.status(400).send(); }); form.on('error', (err) => { console.error('Error Uploading', err); res.status(400).send(); }); } catch (e) { console.log('Error', e) } }); router.delete('/delfile', authenticate, (req, res) => { const relativefile = req.query.filename; const idapp = req.user.idapp; try { try { console.log('Delete file ' + relativefile); // ++ Move in the folder application ! fullpathfile = tools.getdirByIdApp(idapp) + '/' + relativefile; tools.delete(fullpathfile, (err) => { if (err) console.log('err', err); if (err === undefined || err.errno === -2) res.send({ code: server_constants.RIS_CODE_OK, msg: '' }); }); } catch (e) { console.log('error', e); res.status(400).send(); } } catch (e) { console.log('Error', e) } }); module.exports = router;