2018-01-23 20:06:30 +00:00
|
|
|
const bcrypt = require('bcrypt')
|
2018-04-13 16:20:57 +00:00
|
|
|
const config = require('./../config')
|
|
|
|
const db = require('knex')(config.database)
|
2018-10-13 11:06:58 +00:00
|
|
|
const perms = require('./permissionController')
|
2018-01-23 20:06:30 +00:00
|
|
|
const randomstring = require('randomstring')
|
2018-04-13 16:20:57 +00:00
|
|
|
const utils = require('./utilsController')
|
2017-10-04 00:13:38 +00:00
|
|
|
|
2018-04-05 10:52:57 +00:00
|
|
|
const authController = {}
|
2017-10-04 00:13:38 +00:00
|
|
|
|
|
|
|
authController.verify = async (req, res, next) => {
|
2018-01-23 20:06:30 +00:00
|
|
|
const username = req.body.username
|
|
|
|
const password = req.body.password
|
2017-10-04 00:13:38 +00:00
|
|
|
|
2018-12-18 17:01:28 +00:00
|
|
|
if (username === undefined) return res.json({ success: false, description: 'No username provided.' })
|
|
|
|
if (password === undefined) return res.json({ success: false, description: 'No password provided.' })
|
2017-10-04 00:13:38 +00:00
|
|
|
|
2018-01-23 20:06:30 +00:00
|
|
|
const user = await db.table('users').where('username', username).first()
|
2018-12-18 17:01:28 +00:00
|
|
|
if (!user)
|
2018-10-09 19:52:41 +00:00
|
|
|
return res.json({ success: false, description: 'Username doesn\'t exist.' })
|
2018-12-18 17:01:28 +00:00
|
|
|
|
|
|
|
if (user.enabled === false || user.enabled === 0)
|
2018-04-28 17:26:39 +00:00
|
|
|
return res.json({ success: false, description: 'This account has been disabled.' })
|
2017-10-04 00:13:38 +00:00
|
|
|
|
2018-03-29 23:22:08 +00:00
|
|
|
bcrypt.compare(password, user.password, (error, result) => {
|
|
|
|
if (error) {
|
2018-05-09 08:41:30 +00:00
|
|
|
console.error(error)
|
2018-03-24 13:52:47 +00:00
|
|
|
return res.json({ success: false, description: 'There was an error.' })
|
2018-01-23 20:06:30 +00:00
|
|
|
}
|
2018-12-18 17:01:28 +00:00
|
|
|
if (result === false) return res.json({ success: false, description: 'Wrong password.' })
|
2018-01-23 20:06:30 +00:00
|
|
|
return res.json({ success: true, token: user.token })
|
|
|
|
})
|
|
|
|
}
|
2017-10-04 00:13:38 +00:00
|
|
|
|
|
|
|
authController.register = async (req, res, next) => {
|
2018-12-18 17:01:28 +00:00
|
|
|
if (config.enableUserAccounts === false)
|
2018-03-24 13:52:47 +00:00
|
|
|
return res.json({ success: false, description: 'Register is disabled at the moment.' })
|
2018-01-23 20:06:30 +00:00
|
|
|
|
|
|
|
const username = req.body.username
|
|
|
|
const password = req.body.password
|
|
|
|
|
2018-12-18 17:01:28 +00:00
|
|
|
if (username === undefined) return res.json({ success: false, description: 'No username provided.' })
|
|
|
|
if (password === undefined) return res.json({ success: false, description: 'No password provided.' })
|
2018-01-23 20:06:30 +00:00
|
|
|
|
2018-12-18 17:01:28 +00:00
|
|
|
if (username.length < 4 || username.length > 32)
|
2018-03-24 13:52:47 +00:00
|
|
|
return res.json({ success: false, description: 'Username must have 4-32 characters.' })
|
2018-12-18 17:01:28 +00:00
|
|
|
|
|
|
|
if (password.length < 6 || password.length > 64)
|
2018-03-24 13:52:47 +00:00
|
|
|
return res.json({ success: false, description: 'Password must have 6-64 characters.' })
|
2018-01-23 20:06:30 +00:00
|
|
|
|
|
|
|
const user = await db.table('users').where('username', username).first()
|
2018-12-18 17:01:28 +00:00
|
|
|
if (user) return res.json({ success: false, description: 'Username already exists.' })
|
2018-01-23 20:06:30 +00:00
|
|
|
|
2018-03-29 23:22:08 +00:00
|
|
|
bcrypt.hash(password, 10, async (error, hash) => {
|
|
|
|
if (error) {
|
2018-05-09 08:41:30 +00:00
|
|
|
console.error(error)
|
2018-03-24 13:52:47 +00:00
|
|
|
return res.json({ success: false, description: 'Error generating password hash (╯°□°)╯︵ ┻━┻.' })
|
2018-01-23 20:06:30 +00:00
|
|
|
}
|
|
|
|
const token = randomstring.generate(64)
|
|
|
|
await db.table('users').insert({
|
2018-04-05 10:52:57 +00:00
|
|
|
username,
|
2018-01-23 20:06:30 +00:00
|
|
|
password: hash,
|
2018-04-05 10:52:57 +00:00
|
|
|
token,
|
2018-10-09 19:52:41 +00:00
|
|
|
enabled: 1,
|
2018-10-13 11:06:58 +00:00
|
|
|
permission: perms.permissions.user
|
2018-01-23 20:06:30 +00:00
|
|
|
})
|
2018-04-05 10:52:57 +00:00
|
|
|
return res.json({ success: true, token })
|
2018-01-23 20:06:30 +00:00
|
|
|
})
|
|
|
|
}
|
2017-10-04 00:13:38 +00:00
|
|
|
|
|
|
|
authController.changePassword = async (req, res, next) => {
|
2018-01-23 20:06:30 +00:00
|
|
|
const user = await utils.authorize(req, res)
|
2018-12-18 17:01:28 +00:00
|
|
|
if (!user) return
|
2017-10-04 00:13:38 +00:00
|
|
|
|
2018-04-05 10:52:57 +00:00
|
|
|
const password = req.body.password
|
2018-12-18 17:01:28 +00:00
|
|
|
if (password === undefined) return res.json({ success: false, description: 'No password provided.' })
|
2017-10-04 00:13:38 +00:00
|
|
|
|
2018-12-18 17:01:28 +00:00
|
|
|
if (password.length < 6 || password.length > 64)
|
2018-03-24 13:52:47 +00:00
|
|
|
return res.json({ success: false, description: 'Password must have 6-64 characters.' })
|
2017-10-04 00:13:38 +00:00
|
|
|
|
2018-03-29 23:22:08 +00:00
|
|
|
bcrypt.hash(password, 10, async (error, hash) => {
|
|
|
|
if (error) {
|
2018-05-09 08:41:30 +00:00
|
|
|
console.error(error)
|
2018-03-24 13:52:47 +00:00
|
|
|
return res.json({ success: false, description: 'Error generating password hash (╯°□°)╯︵ ┻━┻.' })
|
2018-01-23 20:06:30 +00:00
|
|
|
}
|
2017-10-04 00:13:38 +00:00
|
|
|
|
2018-04-28 17:26:39 +00:00
|
|
|
await db.table('users')
|
|
|
|
.where('id', user.id)
|
|
|
|
.update('password', hash)
|
|
|
|
|
2018-01-23 20:06:30 +00:00
|
|
|
return res.json({ success: true })
|
|
|
|
})
|
|
|
|
}
|
2017-10-04 00:13:38 +00:00
|
|
|
|
2018-03-24 13:52:47 +00:00
|
|
|
authController.getFileLengthConfig = async (req, res, next) => {
|
|
|
|
const user = await utils.authorize(req, res)
|
2018-12-18 17:01:28 +00:00
|
|
|
if (!user) return
|
2018-10-09 19:52:41 +00:00
|
|
|
return res.json({
|
|
|
|
success: true,
|
|
|
|
fileLength: user.fileLength,
|
|
|
|
config: config.uploads.fileLength
|
|
|
|
})
|
2018-03-24 13:52:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
authController.changeFileLength = async (req, res, next) => {
|
2018-12-18 17:01:28 +00:00
|
|
|
if (config.uploads.fileLength.userChangeable === false)
|
2018-10-09 19:52:41 +00:00
|
|
|
return res.json({
|
|
|
|
success: false,
|
|
|
|
description: 'Changing file name length is disabled at the moment.'
|
|
|
|
})
|
2018-03-24 13:52:47 +00:00
|
|
|
|
|
|
|
const user = await utils.authorize(req, res)
|
2018-12-18 17:01:28 +00:00
|
|
|
if (!user) return
|
2018-03-24 13:52:47 +00:00
|
|
|
|
2018-04-05 10:52:57 +00:00
|
|
|
const fileLength = parseInt(req.body.fileLength)
|
2018-12-18 17:01:28 +00:00
|
|
|
if (fileLength === undefined)
|
2018-10-09 19:52:41 +00:00
|
|
|
return res.json({
|
|
|
|
success: false,
|
|
|
|
description: 'No file name length provided.'
|
|
|
|
})
|
2018-12-18 17:01:28 +00:00
|
|
|
|
|
|
|
if (isNaN(fileLength))
|
2018-10-09 19:52:41 +00:00
|
|
|
return res.json({
|
|
|
|
success: false,
|
|
|
|
description: 'File name length is not a valid number.'
|
|
|
|
})
|
2018-03-24 13:52:47 +00:00
|
|
|
|
2018-12-18 17:01:28 +00:00
|
|
|
if (fileLength < config.uploads.fileLength.min || fileLength > config.uploads.fileLength.max)
|
2018-10-09 19:52:41 +00:00
|
|
|
return res.json({
|
|
|
|
success: false,
|
|
|
|
description: `File name length must be ${config.uploads.fileLength.min} to ${config.uploads.fileLength.max} characters.`
|
|
|
|
})
|
2018-03-24 13:52:47 +00:00
|
|
|
|
2018-12-18 17:01:28 +00:00
|
|
|
if (fileLength === user.fileLength)
|
2018-03-24 13:52:47 +00:00
|
|
|
return res.json({ success: true })
|
|
|
|
|
2018-04-28 17:26:39 +00:00
|
|
|
await db.table('users')
|
|
|
|
.where('id', user.id)
|
|
|
|
.update('fileLength', fileLength)
|
|
|
|
|
2018-03-24 13:52:47 +00:00
|
|
|
return res.json({ success: true })
|
|
|
|
}
|
|
|
|
|
2018-10-09 19:52:41 +00:00
|
|
|
authController.editUser = async (req, res, next) => {
|
|
|
|
const user = await utils.authorize(req, res)
|
2018-12-18 17:01:28 +00:00
|
|
|
if (!user) return
|
2018-10-09 19:52:41 +00:00
|
|
|
|
|
|
|
const id = parseInt(req.body.id)
|
2018-12-18 17:01:28 +00:00
|
|
|
if (isNaN(id))
|
2018-10-09 19:52:41 +00:00
|
|
|
return res.json({ success: false, description: 'No user specified.' })
|
|
|
|
|
|
|
|
const target = await db.table('users')
|
|
|
|
.where('id', id)
|
|
|
|
.first()
|
|
|
|
|
2018-12-18 17:01:28 +00:00
|
|
|
if (!target)
|
2018-10-09 19:52:41 +00:00
|
|
|
return res.json({ success: false, description: 'Could not get user with the specified ID.' })
|
2018-12-18 17:01:28 +00:00
|
|
|
else if (!perms.higher(user, target))
|
2018-10-09 19:52:41 +00:00
|
|
|
return res.json({ success: false, description: 'The user is in the same or higher group as you.' })
|
2018-12-18 17:01:28 +00:00
|
|
|
else if (target.username === 'root')
|
2018-10-09 19:52:41 +00:00
|
|
|
return res.json({ success: false, description: 'Root user may not be edited.' })
|
|
|
|
|
|
|
|
const username = String(req.body.username)
|
2018-12-18 17:01:28 +00:00
|
|
|
if (username.length < 4 || username.length > 32)
|
2018-10-09 19:52:41 +00:00
|
|
|
return res.json({ success: false, description: 'Username must have 4-32 characters.' })
|
|
|
|
|
2018-10-13 11:06:58 +00:00
|
|
|
let permission = req.body.group ? perms.permissions[req.body.group] : target.permission
|
2018-12-18 17:01:28 +00:00
|
|
|
if (typeof permission !== 'number' || permission < 0) permission = target.permission
|
2018-10-10 17:33:11 +00:00
|
|
|
|
2018-10-09 19:52:41 +00:00
|
|
|
await db.table('users')
|
|
|
|
.where('id', id)
|
|
|
|
.update({
|
|
|
|
username,
|
2018-10-10 17:33:11 +00:00
|
|
|
enabled: Boolean(req.body.enabled),
|
|
|
|
permission
|
2018-10-09 19:52:41 +00:00
|
|
|
})
|
|
|
|
|
2018-12-18 17:01:28 +00:00
|
|
|
if (!req.body.resetPassword)
|
2018-10-09 19:52:41 +00:00
|
|
|
return res.json({ success: true, username })
|
|
|
|
|
|
|
|
const password = randomstring.generate(16)
|
|
|
|
bcrypt.hash(password, 10, async (error, hash) => {
|
|
|
|
if (error) {
|
|
|
|
console.error(error)
|
|
|
|
return res.json({ success: false, description: 'Error generating password hash (╯°□°)╯︵ ┻━┻.' })
|
|
|
|
}
|
|
|
|
|
|
|
|
await db.table('users')
|
|
|
|
.where('id', id)
|
|
|
|
.update('password', hash)
|
|
|
|
|
|
|
|
return res.json({ success: true, password })
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
authController.listUsers = async (req, res, next) => {
|
|
|
|
const user = await utils.authorize(req, res)
|
2018-12-18 17:01:28 +00:00
|
|
|
if (!user) return
|
2018-10-09 19:52:41 +00:00
|
|
|
|
2018-10-13 11:06:58 +00:00
|
|
|
const isadmin = perms.is(user, 'admin')
|
2018-12-18 17:01:28 +00:00
|
|
|
if (!isadmin) return res.status(403)
|
2018-10-09 19:52:41 +00:00
|
|
|
|
|
|
|
let offset = req.params.page
|
2018-12-18 17:01:28 +00:00
|
|
|
if (offset === undefined) offset = 0
|
2018-10-09 19:52:41 +00:00
|
|
|
|
|
|
|
const users = await db.table('users')
|
|
|
|
// .orderBy('id', 'DESC')
|
|
|
|
.limit(25)
|
|
|
|
.offset(25 * offset)
|
|
|
|
.select('id', 'username', 'enabled', 'fileLength', 'permission')
|
|
|
|
|
2018-12-18 17:01:28 +00:00
|
|
|
if (!users.length) return res.json({ success: true, users })
|
2018-10-12 10:19:14 +00:00
|
|
|
|
2018-10-12 09:42:16 +00:00
|
|
|
const userids = []
|
|
|
|
|
2018-10-09 19:52:41 +00:00
|
|
|
for (const user of users) {
|
2018-10-13 11:09:09 +00:00
|
|
|
user.groups = perms.mapPermissions(user)
|
2018-10-09 19:52:41 +00:00
|
|
|
delete user.permission
|
2018-10-12 09:42:16 +00:00
|
|
|
|
|
|
|
userids.push(user.id)
|
|
|
|
user.uploadsCount = 0
|
2018-10-12 10:19:14 +00:00
|
|
|
user.diskUsage = 0
|
2018-10-12 09:42:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
const maps = {}
|
|
|
|
const uploads = await db.table('files').whereIn('userid', userids)
|
2018-10-12 10:19:14 +00:00
|
|
|
|
2018-10-12 09:42:16 +00:00
|
|
|
for (const upload of uploads) {
|
|
|
|
// This is the fastest method that I can think of
|
2018-12-18 17:01:28 +00:00
|
|
|
if (maps[upload.userid] === undefined)
|
2018-12-13 13:31:24 +00:00
|
|
|
maps[upload.userid] = {
|
|
|
|
count: 0,
|
|
|
|
size: 0
|
|
|
|
}
|
2018-12-18 17:01:28 +00:00
|
|
|
|
2018-10-12 10:19:14 +00:00
|
|
|
maps[upload.userid].count++
|
|
|
|
maps[upload.userid].size += parseInt(upload.size)
|
2018-10-12 09:42:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
for (const user of users) {
|
2018-12-18 17:01:28 +00:00
|
|
|
if (!maps[user.id]) continue
|
2018-10-12 10:19:14 +00:00
|
|
|
user.uploadsCount = maps[user.id].count
|
|
|
|
user.diskUsage = maps[user.id].size
|
2018-10-09 19:52:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return res.json({ success: true, users })
|
|
|
|
}
|
|
|
|
|
2018-01-23 20:06:30 +00:00
|
|
|
module.exports = authController
|