2019-09-08 01:56:29 +00:00
|
|
|
const { promisify } = require('util')
|
2018-01-23 20:06:30 +00:00
|
|
|
const bcrypt = require('bcrypt')
|
|
|
|
const randomstring = require('randomstring')
|
Updates (very important to read)
Client-side CSS & JS files will now be processed with Gulp.
Gulp tasks are configured in gulpfile.js file.
CSS files will be optimized with postcss-preset-env, which will
auto-add vendor prefixes and convert any parts necessary for browsers
compatibility.
Afterwards they will be minified with cssnano.
JS files will be optimized with bublé,
likewise for browsers compatibility.
Afterwards they will be minified with terser.
Unprocessed CSS & JS files will now be located at src directory, while
the processed results will be located at dist directory.
Due to bublé, the JS files should now be compatible up to IE 11
at the minimum.
Previously the safe would not work in IE 11 due to extensive usage of
template literals.
Due to that as well, JS files in src directory will now extensively use
arrow functions for my personal comfort (as they will be converted too).
The server will use the processed files at dist directory by default.
If you want to rebuild the files by your own, you can run "yarn build".
Gulp is a development dependency, so make sure you have installed all
development dependencies (e.i. NOT using "yarn install --production").
---
yarn lint -> gulp lint
yarn build -> gulp default
yarn watch -> gulp watch
yarn develop -> env NODE_ENV=development yarn watch
---
Fixed not being able to demote staff into normal users.
/api/token/verify will no longer respond with 401 HTTP error code,
unless an error occurred (which will be 500 HTTP error code).
Fixed /nojs route not displaying file's original name when a duplicate
is found on the server.
Removed is-breeze CSS class name, in favor of Bulma's is-info.
Removed custom styling from auth page, in favor of global styling.
Removed all usage of style HTML attribute in favor of CSS classes.
Renamed js/s/ to js/misc/.
Use loading spinners on dashboard's sidebar menus.
Disable all other sidebar menus when something is loading.
Changed title HTML attribute of disabled control buttons in
uploads & users list.
Hid checkboxes and WIP controls from users list.
Better error messages handling.
Especially homepage will now support CF's HTTP error codes.
Updated various icons.
Also, added fontello config file at public/libs/fontello/config.json.
This should let you edit them more easily with fontello.
Use Gatsby icon for my blog's link in homepage's footer.
A bunch of other improvements here & there.
2019-09-15 06:20:11 +00:00
|
|
|
const perms = require('./permissionController')
|
2019-06-18 21:04:14 +00:00
|
|
|
const tokens = require('./tokenController')
|
2018-04-13 16:20:57 +00:00
|
|
|
const utils = require('./utilsController')
|
Updates (very important to read)
Client-side CSS & JS files will now be processed with Gulp.
Gulp tasks are configured in gulpfile.js file.
CSS files will be optimized with postcss-preset-env, which will
auto-add vendor prefixes and convert any parts necessary for browsers
compatibility.
Afterwards they will be minified with cssnano.
JS files will be optimized with bublé,
likewise for browsers compatibility.
Afterwards they will be minified with terser.
Unprocessed CSS & JS files will now be located at src directory, while
the processed results will be located at dist directory.
Due to bublé, the JS files should now be compatible up to IE 11
at the minimum.
Previously the safe would not work in IE 11 due to extensive usage of
template literals.
Due to that as well, JS files in src directory will now extensively use
arrow functions for my personal comfort (as they will be converted too).
The server will use the processed files at dist directory by default.
If you want to rebuild the files by your own, you can run "yarn build".
Gulp is a development dependency, so make sure you have installed all
development dependencies (e.i. NOT using "yarn install --production").
---
yarn lint -> gulp lint
yarn build -> gulp default
yarn watch -> gulp watch
yarn develop -> env NODE_ENV=development yarn watch
---
Fixed not being able to demote staff into normal users.
/api/token/verify will no longer respond with 401 HTTP error code,
unless an error occurred (which will be 500 HTTP error code).
Fixed /nojs route not displaying file's original name when a duplicate
is found on the server.
Removed is-breeze CSS class name, in favor of Bulma's is-info.
Removed custom styling from auth page, in favor of global styling.
Removed all usage of style HTML attribute in favor of CSS classes.
Renamed js/s/ to js/misc/.
Use loading spinners on dashboard's sidebar menus.
Disable all other sidebar menus when something is loading.
Changed title HTML attribute of disabled control buttons in
uploads & users list.
Hid checkboxes and WIP controls from users list.
Better error messages handling.
Especially homepage will now support CF's HTTP error codes.
Updated various icons.
Also, added fontello config file at public/libs/fontello/config.json.
This should let you edit them more easily with fontello.
Use Gatsby icon for my blog's link in homepage's footer.
A bunch of other improvements here & there.
2019-09-15 06:20:11 +00:00
|
|
|
const config = require('./../config')
|
|
|
|
const logger = require('./../logger')
|
|
|
|
const db = require('knex')(config.database)
|
2017-10-04 00:13:38 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
const self = {
|
|
|
|
compare: promisify(bcrypt.compare),
|
|
|
|
hash: promisify(bcrypt.hash)
|
|
|
|
}
|
2017-10-04 00:13:38 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
self.verify = async (req, res, next) => {
|
|
|
|
const username = typeof req.body.username === 'string'
|
|
|
|
? req.body.username.trim()
|
|
|
|
: ''
|
|
|
|
if (!username)
|
2019-08-26 22:00:57 +00:00
|
|
|
return res.json({ success: false, description: 'No username provided.' })
|
2017-10-04 00:13:38 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
const password = typeof req.body.password === 'string'
|
|
|
|
? req.body.password.trim()
|
|
|
|
: ''
|
|
|
|
if (!password)
|
|
|
|
return res.json({ success: false, description: 'No password provided.' })
|
2017-10-04 00:13:38 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
try {
|
|
|
|
const user = await db.table('users')
|
|
|
|
.where('username', username)
|
|
|
|
.first()
|
|
|
|
|
|
|
|
if (!user)
|
|
|
|
return res.json({ success: false, description: 'Username does not exist.' })
|
|
|
|
|
|
|
|
if (user.enabled === false || user.enabled === 0)
|
|
|
|
return res.json({ success: false, description: 'This account has been disabled.' })
|
|
|
|
|
|
|
|
const result = await self.compare(password, user.password)
|
|
|
|
if (result === false)
|
|
|
|
return res.json({ success: false, description: 'Wrong password.' })
|
|
|
|
else
|
|
|
|
return res.json({ success: true, token: user.token })
|
|
|
|
} catch (error) {
|
|
|
|
logger.error(error)
|
|
|
|
return res.status(500).json({ success: false, description: 'An unexpected error occurred. Try again?' })
|
|
|
|
}
|
2018-01-23 20:06:30 +00:00
|
|
|
}
|
2017-10-04 00:13:38 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
self.register = async (req, res, next) => {
|
2018-12-18 17:01:28 +00:00
|
|
|
if (config.enableUserAccounts === false)
|
2019-09-08 01:56:29 +00:00
|
|
|
return res.json({ success: false, description: 'Registration is currently disabled.' })
|
2019-08-26 22:00:57 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
const username = typeof req.body.username === 'string'
|
|
|
|
? req.body.username.trim()
|
|
|
|
: ''
|
2018-12-18 17:01:28 +00:00
|
|
|
if (username.length < 4 || username.length > 32)
|
2018-03-24 13:52:47 +00:00
|
|
|
return res.json({ success: false, description: 'Username must have 4-32 characters.' })
|
2018-12-18 17:01:28 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
const password = typeof req.body.password === 'string'
|
|
|
|
? req.body.password.trim()
|
|
|
|
: ''
|
2018-12-18 17:01:28 +00:00
|
|
|
if (password.length < 6 || password.length > 64)
|
2018-03-24 13:52:47 +00:00
|
|
|
return res.json({ success: false, description: 'Password must have 6-64 characters.' })
|
2018-01-23 20:06:30 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
try {
|
|
|
|
const user = await db.table('users')
|
|
|
|
.where('username', username)
|
|
|
|
.first()
|
2018-01-23 20:06:30 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
if (user)
|
|
|
|
return res.json({ success: false, description: 'Username already exists.' })
|
|
|
|
|
|
|
|
const hash = await self.hash(password, 10)
|
2019-06-18 21:04:14 +00:00
|
|
|
|
|
|
|
const token = await tokens.generateUniqueToken()
|
|
|
|
if (!token)
|
2019-09-08 01:56:29 +00:00
|
|
|
return res.json({ success: false, description: 'Sorry, we could not allocate a unique token. Try again?' })
|
2019-06-18 21:04:14 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
await db.table('users')
|
|
|
|
.insert({
|
|
|
|
username,
|
|
|
|
password: hash,
|
|
|
|
token,
|
|
|
|
enabled: 1,
|
|
|
|
permission: perms.permissions.user
|
|
|
|
})
|
2019-04-12 00:45:33 +00:00
|
|
|
utils.invalidateStatsCache('users')
|
2019-09-08 18:33:07 +00:00
|
|
|
tokens.onHold.delete(token)
|
2019-09-08 01:56:29 +00:00
|
|
|
|
2018-04-05 10:52:57 +00:00
|
|
|
return res.json({ success: true, token })
|
2019-09-08 01:56:29 +00:00
|
|
|
} catch (error) {
|
|
|
|
logger.error(error)
|
|
|
|
return res.status(500).json({ success: false, description: 'An unexpected error occurred. Try again?' })
|
|
|
|
}
|
2018-01-23 20:06:30 +00:00
|
|
|
}
|
2017-10-04 00:13:38 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
self.changePassword = async (req, res, next) => {
|
2018-01-23 20:06:30 +00:00
|
|
|
const user = await utils.authorize(req, res)
|
2018-12-18 17:01:28 +00:00
|
|
|
if (!user) return
|
2017-10-04 00:13:38 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
const password = typeof req.body.password === 'string'
|
|
|
|
? req.body.password.trim()
|
|
|
|
: ''
|
2018-12-18 17:01:28 +00:00
|
|
|
if (password.length < 6 || password.length > 64)
|
2018-03-24 13:52:47 +00:00
|
|
|
return res.json({ success: false, description: 'Password must have 6-64 characters.' })
|
2017-10-04 00:13:38 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
try {
|
|
|
|
const hash = await self.hash(password, 10)
|
2017-10-04 00:13:38 +00:00
|
|
|
|
2018-04-28 17:26:39 +00:00
|
|
|
await db.table('users')
|
|
|
|
.where('id', user.id)
|
|
|
|
.update('password', hash)
|
|
|
|
|
2018-01-23 20:06:30 +00:00
|
|
|
return res.json({ success: true })
|
2019-09-08 01:56:29 +00:00
|
|
|
} catch (error) {
|
|
|
|
logger.error(error)
|
|
|
|
return res.status(500).json({ success: false, description: 'An unexpected error occurred. Try again?' })
|
|
|
|
}
|
2018-03-24 13:52:47 +00:00
|
|
|
}
|
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
self.editUser = async (req, res, next) => {
|
2018-10-09 19:52:41 +00:00
|
|
|
const user = await utils.authorize(req, res)
|
2018-12-18 17:01:28 +00:00
|
|
|
if (!user) return
|
2018-10-09 19:52:41 +00:00
|
|
|
|
|
|
|
const id = parseInt(req.body.id)
|
2018-12-18 17:01:28 +00:00
|
|
|
if (isNaN(id))
|
2018-10-09 19:52:41 +00:00
|
|
|
return res.json({ success: false, description: 'No user specified.' })
|
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
try {
|
|
|
|
const target = await db.table('users')
|
|
|
|
.where('id', id)
|
|
|
|
.first()
|
2019-01-01 19:39:08 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
if (!target)
|
|
|
|
return res.json({ success: false, description: 'Could not get user with the specified ID.' })
|
|
|
|
else if (!perms.higher(user, target))
|
|
|
|
return res.json({ success: false, description: 'The user is in the same or higher group as you.' })
|
|
|
|
else if (target.username === 'root')
|
|
|
|
return res.json({ success: false, description: 'Root user may not be edited.' })
|
2018-10-09 19:52:41 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
const update = {}
|
2019-01-01 19:39:08 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
if (req.body.username !== undefined) {
|
|
|
|
update.username = String(req.body.username).trim()
|
|
|
|
if (update.username.length < 4 || update.username.length > 32)
|
|
|
|
return res.json({ success: false, description: 'Username must have 4-32 characters.' })
|
|
|
|
}
|
2018-10-10 17:33:11 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
if (req.body.enabled !== undefined)
|
|
|
|
update.enabled = Boolean(req.body.enabled)
|
2018-10-09 19:52:41 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
if (req.body.group !== undefined) {
|
Updates (very important to read)
Client-side CSS & JS files will now be processed with Gulp.
Gulp tasks are configured in gulpfile.js file.
CSS files will be optimized with postcss-preset-env, which will
auto-add vendor prefixes and convert any parts necessary for browsers
compatibility.
Afterwards they will be minified with cssnano.
JS files will be optimized with bublé,
likewise for browsers compatibility.
Afterwards they will be minified with terser.
Unprocessed CSS & JS files will now be located at src directory, while
the processed results will be located at dist directory.
Due to bublé, the JS files should now be compatible up to IE 11
at the minimum.
Previously the safe would not work in IE 11 due to extensive usage of
template literals.
Due to that as well, JS files in src directory will now extensively use
arrow functions for my personal comfort (as they will be converted too).
The server will use the processed files at dist directory by default.
If you want to rebuild the files by your own, you can run "yarn build".
Gulp is a development dependency, so make sure you have installed all
development dependencies (e.i. NOT using "yarn install --production").
---
yarn lint -> gulp lint
yarn build -> gulp default
yarn watch -> gulp watch
yarn develop -> env NODE_ENV=development yarn watch
---
Fixed not being able to demote staff into normal users.
/api/token/verify will no longer respond with 401 HTTP error code,
unless an error occurred (which will be 500 HTTP error code).
Fixed /nojs route not displaying file's original name when a duplicate
is found on the server.
Removed is-breeze CSS class name, in favor of Bulma's is-info.
Removed custom styling from auth page, in favor of global styling.
Removed all usage of style HTML attribute in favor of CSS classes.
Renamed js/s/ to js/misc/.
Use loading spinners on dashboard's sidebar menus.
Disable all other sidebar menus when something is loading.
Changed title HTML attribute of disabled control buttons in
uploads & users list.
Hid checkboxes and WIP controls from users list.
Better error messages handling.
Especially homepage will now support CF's HTTP error codes.
Updated various icons.
Also, added fontello config file at public/libs/fontello/config.json.
This should let you edit them more easily with fontello.
Use Gatsby icon for my blog's link in homepage's footer.
A bunch of other improvements here & there.
2019-09-15 06:20:11 +00:00
|
|
|
update.permission = perms.permissions[req.body.group]
|
2019-09-08 01:56:29 +00:00
|
|
|
if (typeof update.permission !== 'number' || update.permission < 0)
|
|
|
|
update.permission = target.permission
|
|
|
|
}
|
2018-10-09 19:52:41 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
let password
|
|
|
|
if (req.body.resetPassword) {
|
|
|
|
password = randomstring.generate(16)
|
|
|
|
update.password = await self.hash(password, 10)
|
2018-10-09 19:52:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
await db.table('users')
|
|
|
|
.where('id', id)
|
2019-09-08 01:56:29 +00:00
|
|
|
.update(update)
|
|
|
|
utils.invalidateStatsCache('users')
|
2018-10-09 19:52:41 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
const response = { success: true, update }
|
|
|
|
if (password) response.password = password
|
|
|
|
return res.json(response)
|
|
|
|
} catch (error) {
|
|
|
|
logger.error(error)
|
|
|
|
return res.status(500).json({ success: false, description: 'An unexpected error occurred. Try again?' })
|
|
|
|
}
|
2018-10-09 19:52:41 +00:00
|
|
|
}
|
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
self.disableUser = async (req, res, next) => {
|
|
|
|
req.body = { id: req.body.id, enabled: false }
|
|
|
|
return self.editUser(req, res, next)
|
2019-01-01 19:39:08 +00:00
|
|
|
}
|
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
self.listUsers = async (req, res, next) => {
|
2018-10-09 19:52:41 +00:00
|
|
|
const user = await utils.authorize(req, res)
|
2018-12-18 17:01:28 +00:00
|
|
|
if (!user) return
|
2018-10-09 19:52:41 +00:00
|
|
|
|
2018-10-13 11:06:58 +00:00
|
|
|
const isadmin = perms.is(user, 'admin')
|
2019-06-18 21:04:14 +00:00
|
|
|
if (!isadmin)
|
|
|
|
return res.status(403).end()
|
2018-10-09 19:52:41 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
try {
|
|
|
|
const count = await db.table('users')
|
|
|
|
.count('id as count')
|
|
|
|
.then(rows => rows[0].count)
|
|
|
|
if (!count)
|
|
|
|
return res.json({ success: true, users: [], count })
|
2019-01-01 19:39:08 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
let offset = req.params.page
|
|
|
|
if (offset === undefined) offset = 0
|
2018-10-09 19:52:41 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
const users = await db.table('users')
|
|
|
|
.limit(25)
|
|
|
|
.offset(25 * offset)
|
|
|
|
.select('id', 'username', 'enabled', 'permission')
|
2018-10-09 19:52:41 +00:00
|
|
|
|
2019-09-10 16:31:27 +00:00
|
|
|
const pointers = {}
|
2019-09-08 01:56:29 +00:00
|
|
|
for (const user of users) {
|
|
|
|
user.groups = perms.mapPermissions(user)
|
|
|
|
delete user.permission
|
2019-09-10 16:31:27 +00:00
|
|
|
user.uploads = 0
|
|
|
|
user.usage = 0
|
|
|
|
pointers[user.id] = user
|
2019-09-08 01:56:29 +00:00
|
|
|
}
|
2018-10-12 09:42:16 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
const uploads = await db.table('files')
|
2019-09-10 16:31:27 +00:00
|
|
|
.whereIn('userid', Object.keys(pointers))
|
|
|
|
.select('userid', 'size')
|
2018-10-12 10:19:14 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
for (const upload of uploads) {
|
2019-09-10 16:31:27 +00:00
|
|
|
pointers[upload.userid].uploads++
|
|
|
|
pointers[upload.userid].usage += parseInt(upload.size)
|
2019-09-08 01:56:29 +00:00
|
|
|
}
|
2018-10-09 19:52:41 +00:00
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
return res.json({ success: true, users, count })
|
|
|
|
} catch (error) {
|
|
|
|
logger.error(error)
|
|
|
|
return res.status(500).json({ success: false, description: 'An unexpected error occurred. Try again?' })
|
|
|
|
}
|
2018-10-09 19:52:41 +00:00
|
|
|
}
|
|
|
|
|
2019-09-08 01:56:29 +00:00
|
|
|
module.exports = self
|