627 lines
17 KiB
JavaScript
627 lines
17 KiB
JavaScript
const express = require('express');
|
|
const router = express.Router(),
|
|
fs = require('fs'),
|
|
path = require('path');
|
|
|
|
|
|
const { authenticate, authenticate_noerror } = require('../middleware/authenticate');
|
|
|
|
const { ObjectID } = require('mongodb');
|
|
|
|
const mongoose = require('mongoose');
|
|
const cfgserver = mongoose.model('cfgserver');
|
|
|
|
const ftp = require('../ftp/FTPClient'),
|
|
formidable = require('formidable'),
|
|
folder = path.join(__dirname, 'upload');
|
|
|
|
if (!fs.existsSync(folder)) {
|
|
fs.mkdirSync(folder)
|
|
}
|
|
|
|
const _ = require('lodash');
|
|
|
|
const { User } = require('../models/user');
|
|
const { Booking } = require('../models/booking');
|
|
const { Operator } = require('../models/operator');
|
|
const { Where } = require('../models/where');
|
|
const { MyEvent } = require('../models/myevent');
|
|
const { Contribtype } = require('../models/contribtype');
|
|
const { PaymentType } = require('../models/paymenttype');
|
|
const { Discipline } = require('../models/discipline');
|
|
const { Newstosent } = require('../models/newstosent');
|
|
const { MyPage } = require('../models/mypage');
|
|
const { Gallery } = require('../models/gallery');
|
|
const { TemplEmail } = require('../models/templemail');
|
|
const { OpzEmail } = require('../models/opzemail');
|
|
const { MailingList } = require('../models/mailinglist');
|
|
const { Settings } = require('../models/settings');
|
|
const { SendMsg } = require('../models/sendmsg');
|
|
const { Permission } = require('../models/permission');
|
|
|
|
|
|
const tools = require('../tools/general');
|
|
|
|
const server_constants = require('../tools/server_constants');
|
|
const actions = require('./api/actions');
|
|
|
|
|
|
router.post(process.env.LINKVERIF_REG, (req, res) => {
|
|
const body = _.pick(req.body, ['idapp', 'idlink']);
|
|
const idapp = body.idapp;
|
|
const idlink = body.idlink;
|
|
console.log("LINKVERIF_REG POST " + process.env.LINKVERIF_REG + " idapp= " + idapp + " idlink = " + idlink);
|
|
|
|
// Cerco l'idlink se è ancora da Verificare
|
|
|
|
User.findByLinkreg(idapp, idlink).then((user) => {
|
|
if (!user) {
|
|
//console.log("NON TROVATO!");
|
|
return res.status(404).send();
|
|
} else {
|
|
if (user.verified_email) {
|
|
res.send({
|
|
code: server_constants.RIS_CODE_EMAIL_ALREADY_VERIFIED,
|
|
msg: res.__("L'Email è già stata Verificata.")
|
|
});
|
|
} else {
|
|
user.verified_email = true;
|
|
user.lasttimeonline = new Date();
|
|
user.save().then(() => {
|
|
//console.log("TROVATOOOOOO!");
|
|
res.send({ code: server_constants.RIS_CODE_EMAIL_VERIFIED, msg: res.__('Email Verificata!') });
|
|
});
|
|
}
|
|
}
|
|
}).catch((e) => {
|
|
console.log(e);
|
|
res.status(400).send();
|
|
});
|
|
|
|
});
|
|
|
|
|
|
// Faccio richiesta di una Nuova Password
|
|
router.post(process.env.LINK_REQUEST_NEWPASSWORD, (req, res) => {
|
|
const body = _.pick(req.body, ['idapp', 'email']);
|
|
const idapp = body.idapp;
|
|
const email = body.email;
|
|
console.log("POST " + process.env.LINK_REQUEST_NEWPASSWORD + " idapp= " + idapp + " email = " + email);
|
|
|
|
User.findByEmail(idapp, email).then((user) => {
|
|
if (!user) {
|
|
return res.status(404).send();
|
|
} else {
|
|
// Creo il tokenforgot
|
|
user.tokenforgot = jwt.sign(user._id.toHexString(), process.env.SIGNCODE).toString();
|
|
user.date_tokenforgot = new Date();
|
|
user.lasttimeonline = new Date();
|
|
user.save().then(async () => {
|
|
await sendemail.sendEmail_RequestNewPassword(res.locale, user.email, user.idapp, user.tokenforgot);
|
|
res.send({ code: server_constants.RIS_CODE_OK, msg: '' });
|
|
});
|
|
}
|
|
}).catch((e) => {
|
|
console.log(e);
|
|
res.status(400).send();
|
|
res.send({ code: server_constants.RIS_CODE_ERR, msg: e });
|
|
});
|
|
|
|
});
|
|
|
|
|
|
// Invio la Nuova Password richiesta dal reset!
|
|
// Ritorna il token per poter effettuare le chiamate...
|
|
router.post(process.env.LINK_UPDATE_PASSWORD, (req, res) => {
|
|
var body = _.pick(req.body, ['idapp', 'email', 'tokenforgot', 'password']);
|
|
var idapp = body.idapp;
|
|
var email = body.email;
|
|
var tokenforgot = body.tokenforgot;
|
|
var password = body.password;
|
|
console.log("POST " + process.env.LINK_UPDATE_PASSWORD + " idapp= " + idapp + " email = " + email + " tokenforgot = " + tokenforgot);
|
|
|
|
User.findByLinkTokenforgot(idapp, email, tokenforgot).then((user) => {
|
|
if (!user) {
|
|
return res.status(404).send();
|
|
} else {
|
|
// aggiorna la nuova password
|
|
user.password = password;
|
|
user.lasttimeonline = new Date();
|
|
|
|
// Crea token
|
|
user.generateAuthToken(req).then(token => {
|
|
user.tokenforgot = ''; // Svuota il tokenforgot perché non ti servirà più...
|
|
|
|
// Salva lo User
|
|
user.save().then(() => {
|
|
res.header('x-auth', token).send({ user }); // Ritorna il token di ritorno
|
|
});
|
|
})
|
|
}
|
|
}).catch((e) => {
|
|
console.log(e);
|
|
res.status(400).send();
|
|
});
|
|
|
|
});
|
|
|
|
function getTableByTableName(tablename) {
|
|
|
|
mytable = '';
|
|
if (tablename === 'users')
|
|
mytable = User;
|
|
else if (tablename === 'bookings')
|
|
mytable = Booking;
|
|
else if (tablename === 'operators')
|
|
mytable = Operator;
|
|
else if (tablename === 'sendmsgs')
|
|
mytable = SendMsg;
|
|
else if (tablename === 'wheres')
|
|
mytable = Where;
|
|
else if (tablename === 'myevents')
|
|
mytable = MyEvent;
|
|
else if (tablename === 'contribtype')
|
|
mytable = Contribtype;
|
|
else if (tablename === 'paymenttypes')
|
|
mytable = PaymentType;
|
|
else if (tablename === 'disciplines')
|
|
mytable = Discipline;
|
|
else if (tablename === 'newstosent')
|
|
mytable = Newstosent;
|
|
else if (tablename === 'gallery')
|
|
mytable = Gallery;
|
|
else if (tablename === 'mypage')
|
|
mytable = MyPage;
|
|
else if (tablename === 'templemail')
|
|
mytable = TemplEmail;
|
|
else if (tablename === 'opzemail')
|
|
mytable = OpzEmail;
|
|
else if (tablename === 'settings')
|
|
mytable = Settings;
|
|
else if (tablename === 'permissions')
|
|
mytable = Permission;
|
|
else if (tablename === 'mailinglist')
|
|
mytable = MailingList;
|
|
|
|
return mytable
|
|
}
|
|
|
|
router.post('/settable', authenticate, (req, res) => {
|
|
const params = req.body;
|
|
const mytable = getTableByTableName(params.table);
|
|
const mydata = req.body.data;
|
|
|
|
mydata.idapp = req.user.idapp;
|
|
|
|
if (params.table === 'permissions') {
|
|
if (mydata["_id"] === undefined) {
|
|
mydata._id = 1;
|
|
}
|
|
} else {
|
|
if (mydata["_id"] === undefined) {
|
|
mydata._id = new ObjectID()
|
|
}
|
|
}
|
|
|
|
|
|
mytablerec = new mytable(mydata);
|
|
console.log('mytablerec', mytablerec);
|
|
|
|
|
|
return mytablerec.save()
|
|
.then(rec => {
|
|
// tools.mylog('rec', rec);
|
|
return res.send(rec);
|
|
|
|
}).catch((e) => {
|
|
console.log(e);
|
|
res.status(400).send(e);
|
|
});
|
|
|
|
});
|
|
|
|
router.post('/gettable', authenticate, (req, res) => {
|
|
const params = req.body;
|
|
const mytable = getTableByTableName(params.table);
|
|
// console.log('mytable', mytable);
|
|
if (!mytable) {
|
|
console.log(`Table ${params.table} not found`);
|
|
return res.status(400).send({});
|
|
}
|
|
|
|
return mytable.executeQueryTable(req.user.idapp, params).then(ris => {
|
|
return res.send(ris);
|
|
|
|
}).catch((e) => {
|
|
console.log(e);
|
|
res.status(400).send(e);
|
|
});
|
|
|
|
});
|
|
|
|
router.patch('/chval', authenticate, (req, res) => {
|
|
// const idapp = req.body.idapp;
|
|
const id = req.body.data.id;
|
|
const mydata = req.body.data;
|
|
|
|
const mytable = getTableByTableName(mydata.table);
|
|
const fieldsvalue = mydata.fieldsvalue;
|
|
|
|
tools.mylogshow('PATCH CHVAL: ', id, fieldsvalue);
|
|
|
|
// If I change my record...
|
|
if ((!User.isAdmin(req.user) && !User.isManager(req.user)) && !(req.user._id.toString() === id)) {
|
|
// If without permissions, exit
|
|
return res.status(404).send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' });
|
|
}
|
|
|
|
mytable.findByIdAndUpdate(id, { $set: fieldsvalue }).then((rec) => {
|
|
// tools.mylogshow(' REC TO MODIFY: ', rec);
|
|
if (!rec) {
|
|
return res.status(404).send();
|
|
} else {
|
|
res.send({ code: server_constants.RIS_CODE_OK, msg: '' });
|
|
}
|
|
|
|
}).catch((e) => {
|
|
tools.mylogserr('Error patch USER: ', e);
|
|
res.status(400).send();
|
|
})
|
|
});
|
|
|
|
router.delete('/delrec/:table/:id', authenticate, (req, res) => {
|
|
const id = req.params.id;
|
|
const tablename = req.params.table;
|
|
// const idapp = req.body.idapp;
|
|
|
|
console.log('id', id, 'table', tablename);
|
|
|
|
const mytable = getTableByTableName(tablename);
|
|
|
|
if (!User.isAdmin(req.user) && !User.isManager(req.user)) {
|
|
// If without permissions, exit
|
|
return res.status(404).send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' });
|
|
}
|
|
|
|
return mytable.findByIdAndRemove(id).then((rec) => {
|
|
if (!rec) {
|
|
return res.status(404).send();
|
|
}
|
|
|
|
tools.mylog('DELETED ', rec._id);
|
|
|
|
// Do extra things after deleted
|
|
return actions.doOtherThingsAfterDeleted(tablename, rec).then((ris) => {
|
|
if (ris) {
|
|
tools.mylog('DELETED Others things ...');
|
|
return res.send({ code: server_constants.RIS_CODE_OK, msg: '' });
|
|
}
|
|
});
|
|
|
|
|
|
}).catch((e) => {
|
|
console.log(e);
|
|
res.status(400).send();
|
|
});
|
|
});
|
|
|
|
|
|
router.post('/duprec/:table/:id', authenticate, (req, res) => {
|
|
const id = req.params.id;
|
|
const tablename = req.params.table;
|
|
// const idapp = req.body.idapp;
|
|
|
|
console.log('id', id, 'table', tablename);
|
|
|
|
const mytable = getTableByTableName(tablename);
|
|
|
|
if (!User.isAdmin(req.user) && !User.isManager(req.user)) {
|
|
// If without permissions, exit
|
|
return res.status(404).send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' });
|
|
}
|
|
|
|
return mytable.findById(id).then((mydata) => {
|
|
|
|
const datadup = tools.CloneRecordToNew(mydata);
|
|
const mynewrec = new mytable(datadup);
|
|
|
|
return mynewrec.save()
|
|
.then((rec) => {
|
|
if (!rec) {
|
|
return res.status(404).send();
|
|
}
|
|
|
|
tools.mylog('DUPLICATED ', rec);
|
|
|
|
// Do extra things after deleted
|
|
return actions.doOtherThingsAfterDuplicated(tablename, rec).then(({ myrec }) => {
|
|
// ...
|
|
mytable.findById(myrec._id).then((record) => {
|
|
return res.send({ code: server_constants.RIS_CODE_OK, record, msg: '' });
|
|
});
|
|
|
|
});
|
|
|
|
}).catch((e) => {
|
|
console.error(e);
|
|
res.status(400).send();
|
|
});
|
|
})
|
|
|
|
});
|
|
|
|
|
|
function doOtherThingsAfterDeleted() {
|
|
|
|
}
|
|
|
|
router.get('/loadsite/:userId/:idapp/:sall', authenticate_noerror, (req, res) => {
|
|
const userId = req.params.userId;
|
|
const idapp = req.params.idapp;
|
|
const sall = req.params.sall;
|
|
// var category = req.params.category;
|
|
|
|
// tools.mylog('loadsite : ', req.params);
|
|
|
|
let bookedevent = [];
|
|
let msgs = [];
|
|
|
|
if (userId !== '0') {
|
|
// LOGGED WITH USERID
|
|
bookedevent = Booking.findAllByUserIdAndIdApp(userId, idapp, sall);
|
|
}
|
|
|
|
// Extract all the todos of the userId only
|
|
const eventlist = MyEvent.findAllIdApp(idapp);
|
|
const operators = Operator.findAllIdApp(idapp);
|
|
const wheres = Where.findAllIdApp(idapp);
|
|
const contribtype = Contribtype.findAllIdApp(idapp);
|
|
const paymenttype = PaymentType.findAllIdApp(idapp);
|
|
const disciplines = Discipline.findAllIdApp(idapp);
|
|
const settings = Settings.findAllIdApp(idapp, false);
|
|
|
|
const permissions = Permission.findAllIdApp();
|
|
|
|
let newstosent = Promise.resolve([]);
|
|
let mailinglist = Promise.resolve([]);
|
|
let mypage = MyPage.findAllIdApp(idapp);
|
|
let gallery = Gallery.findAllIdApp(idapp);
|
|
if (sall) {
|
|
newstosent = Newstosent.findAllIdApp(idapp);
|
|
}
|
|
|
|
return Promise.all([bookedevent, eventlist, operators, wheres, contribtype, settings, permissions, disciplines, newstosent, mailinglist, mypage, gallery, paymenttype])
|
|
.then((arrdata) => {
|
|
// console.table(arrdata);
|
|
const myuser = req.user;
|
|
if (myuser) {
|
|
myuser.password = '';
|
|
}
|
|
|
|
res.send({
|
|
bookedevent: arrdata[0],
|
|
eventlist: arrdata[1],
|
|
operators: arrdata[2],
|
|
wheres: arrdata[3],
|
|
contribtype: arrdata[4],
|
|
settings: arrdata[5],
|
|
permissions: arrdata[6],
|
|
disciplines: arrdata[7],
|
|
newstosent: arrdata[8],
|
|
mailinglist: arrdata[9],
|
|
mypage: arrdata[10],
|
|
gallery: arrdata[11],
|
|
paymenttypes: arrdata[12],
|
|
myuser,
|
|
});
|
|
})
|
|
.catch((e) => {
|
|
console.log(e);
|
|
res.status(400).send(e);
|
|
});
|
|
|
|
});
|
|
|
|
router.get(process.env.LINK_CHECK_UPDATES, authenticate, (req, res) => {
|
|
const userId = req.user._id;
|
|
|
|
// console.log("POST " + process.env.LINK_CHECK_UPDATES + " userId=" + userId);
|
|
|
|
if (!ObjectID.isValid(userId)) {
|
|
return res.status(404).send();
|
|
}
|
|
|
|
cfgserver.find().then((arrcfgrec) => {
|
|
|
|
if (!arrcfgrec)
|
|
return res.status(404).send();
|
|
|
|
// ++Todo: Add to Log Stat ....
|
|
|
|
// const sall = '0';
|
|
|
|
// msgs = SendMsg.findAllByUserIdAndIdApp(userId, req.user.username, req.user.idapp);
|
|
last_msgs = SendMsg.findLastGroupByUserIdAndIdApp(userId, req.user.username, req.user.idapp);
|
|
|
|
let usersList = null;
|
|
|
|
if (req.user) {
|
|
// If User is Admin, then send user Lists
|
|
if (User.isAdmin(req.user)) {
|
|
// Send UsersList
|
|
usersList = User.getUsersList(req.user.idapp)
|
|
}
|
|
}
|
|
|
|
return Promise.all([usersList, last_msgs])
|
|
.then((arrdata) => {
|
|
// console.table(arrdata);
|
|
return res.send({
|
|
cfgServer: arrcfgrec,
|
|
usersList: arrdata[0],
|
|
last_msgs: arrdata[1],
|
|
});
|
|
});
|
|
|
|
}).catch((e) => {
|
|
console.log(e);
|
|
res.status(400).send({ code: server_constants.RIS_CODE_ERR, msg: e });
|
|
});
|
|
|
|
});
|
|
|
|
router.post('/upload_from_other_server/:dir', authenticate, (req, res) => {
|
|
const dir = req.params.dir;
|
|
const idapp = req.user.idapp;
|
|
|
|
/*
|
|
const form = new formidable.IncomingForm();
|
|
|
|
form.parse(req);
|
|
|
|
const client = new ftp(process.env.FTPSERVER_HOST, process.env.FTPSERVER_PORT, process.env.FTPSERVER_USER + idapp + '@associazioneshen.it', process.env.FTPSERVER_PWD + idapp, false, 134217728);
|
|
|
|
// SSL_OP_NO_TLSv1_2 = 134217728
|
|
|
|
// console.log('client', client);
|
|
|
|
form.uploadDir = folder + '/' + dir;
|
|
try {
|
|
|
|
form.on('fileBegin', async function (name, file){
|
|
file.path = folder + '/' + file.name;
|
|
});
|
|
|
|
form.on('file', async function (name, file){
|
|
try {
|
|
// Create directory remote
|
|
|
|
if (!!dir)
|
|
await client.createDir(dir);
|
|
|
|
const miofile = (dir) ? dir + `/` + file.name : file.name;
|
|
console.log('Upload...');
|
|
const ret = await client.upload(file.path, miofile, 755);
|
|
console.log('Uploaded ' + file.name, 'status:', ret);
|
|
if (!ret)
|
|
res.status(400).send();
|
|
else {
|
|
// Delete file from local directory
|
|
fs.unlinkSync(file.path);
|
|
res.end();
|
|
}
|
|
}catch (e) {
|
|
console.log('error', e);
|
|
res.status(400).send();
|
|
}
|
|
});
|
|
|
|
form.on('aborted', () => {
|
|
console.error('Request aborted by the user');
|
|
res.status(400).send();
|
|
});
|
|
|
|
form.on('error', (err) => {
|
|
console.error('Error Uploading', err);
|
|
res.status(400).send();
|
|
});
|
|
|
|
} catch (e) {
|
|
console.log('Error', e)
|
|
}
|
|
*/
|
|
|
|
|
|
});
|
|
|
|
|
|
router.post('/upload/:dir', authenticate, (req, res) => {
|
|
const dir = req.params.dir;
|
|
const idapp = req.user.idapp;
|
|
|
|
// console.log('/upload dir:' + dir);
|
|
|
|
const form = new formidable.IncomingForm();
|
|
|
|
form.parse(req);
|
|
|
|
form.uploadDir = folder + '/' + dir;
|
|
try {
|
|
|
|
form.on('fileBegin', async function (name, file) {
|
|
file.path = folder + '/' + file.name;
|
|
});
|
|
|
|
form.on('file', async function (name, file) {
|
|
try {
|
|
console.log('Uploaded ' + file.name);
|
|
const mydir = tools.getdirByIdApp(idapp) + '/statics/upload/' + dir;
|
|
|
|
// Create Dir if doesn't exist:
|
|
tools.mkdirpath(mydir);
|
|
newname = mydir + '/' + file.name;
|
|
|
|
console.log('move from ', file.path, 'to :', newname);
|
|
|
|
// For local: ... resolve this... sending through the static folder...
|
|
// res.sendFile(path.resolve(file.name));
|
|
|
|
// Move in the folder application !
|
|
tools.move(file.path, newname, (err) => {
|
|
console.log('err:', err);
|
|
res.end();
|
|
});
|
|
|
|
} catch (e) {
|
|
console.log('error', e);
|
|
res.status(400).send();
|
|
}
|
|
});
|
|
|
|
form.on('aborted', () => {
|
|
console.error('Request aborted by the user');
|
|
res.status(400).send();
|
|
});
|
|
|
|
form.on('error', (err) => {
|
|
console.error('Error Uploading', err);
|
|
res.status(400).send();
|
|
});
|
|
|
|
} catch (e) {
|
|
console.log('Error', e)
|
|
}
|
|
|
|
});
|
|
|
|
|
|
router.delete('/delfile', authenticate, (req, res) => {
|
|
const relativefile = req.query.filename;
|
|
const idapp = req.user.idapp;
|
|
|
|
try {
|
|
|
|
try {
|
|
console.log('Delete file ' + relativefile);
|
|
// ++ Move in the folder application !
|
|
fullpathfile = tools.getdirByIdApp(idapp) + '/' + relativefile;
|
|
|
|
tools.delete(fullpathfile, (err) => {
|
|
if (err) console.log('err', err);
|
|
if (err === undefined || err.errno === -2)
|
|
res.send({ code: server_constants.RIS_CODE_OK, msg: '' });
|
|
});
|
|
|
|
} catch (e) {
|
|
console.log('error', e);
|
|
res.status(400).send();
|
|
}
|
|
} catch (e) {
|
|
console.log('Error', e)
|
|
}
|
|
|
|
});
|
|
|
|
|
|
module.exports = router;
|