slasherss/ipwa-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: slasherss:master
Branches Tags
slasherss:master slasherss:1.2.0
slasherss:v1.1.1 slasherss:v1.1.0 slasherss:v1.0.1 slasherss:v1.0.0
...
pull from: slasherss:1.2.0
Branches Tags
slasherss:1.2.0 slasherss:master
slasherss:v1.1.1 slasherss:v1.1.0 slasherss:v1.0.1 slasherss:v1.0.0

8 Commits
master ... 1.2.0

Author SHA1 Message Date
Jan Szumotalski
453ff9094f fix: changed dateselector and filter logic 2025-06-14 20:03:25 +02:00
Jan Szumotalski
8fc171b874 fix: News now display author 2025-06-13 16:07:11 +02:00
Jan Szumotalski
9e420e548e fix: Own account 2025-06-13 15:11:17 +02:00
Jan Szumotalski
2db19ee1e7 fix: Remade perms 2025-06-13 14:55:52 +02:00
Jan Szumotalski
3ba7460eee fix: split groups 2025-06-13 12:24:42 +02:00
Jan Szumotalski
681881097b fix: post now sends created user object in response 2025-06-12 12:04:36 +02:00
Jan Szumotalski
4d4c3993d9 feat: luxon related 2025-06-09 21:53:08 +02:00
Jan Szumotalski
e8b4e4634f chore: version numbers 2025-06-09 14:22:29 +02:00
11 changed files with 93 additions and 66 deletions
Expand all files Collapse all files

5
package-lock.json generated
View File

@@ -1,12 +1,12 @@
{ {
"name": "backend2", "name": "backend2",
"version": "1.1.1", "version": "1.2.0",
"lockfileVersion": 3, "lockfileVersion": 3,
"requires": true, "requires": true,
"packages": { "packages": {
"": { "": {
"name": "backend2", "name": "backend2",
"version": "1.0.0", "version": "1.2.0",
"license": "GPL-3.0-or-later", "license": "GPL-3.0-or-later",
"dependencies": { "dependencies": {
"bcryptjs": "^2.4.3", "bcryptjs": "^2.4.3",
@@ -2499,6 +2499,7 @@
"version": "3.6.1", "version": "3.6.1",
"resolved": "https://registry.npmjs.org/luxon/-/luxon-3.6.1.tgz", "resolved": "https://registry.npmjs.org/luxon/-/luxon-3.6.1.tgz",
"integrity": "sha512-tJLxrKJhO2ukZ5z0gyjY1zPh3Rh88Ej9P7jNrZiHMUXHae1yvI2imgOZtL1TO8TW6biMMKfTtAOoEJANgtWBMQ==", "integrity": "sha512-tJLxrKJhO2ukZ5z0gyjY1zPh3Rh88Ej9P7jNrZiHMUXHae1yvI2imgOZtL1TO8TW6biMMKfTtAOoEJANgtWBMQ==",
"license": "MIT",
"engines": { "engines": {
"node": ">=12" "node": ">=12"
} }

2
package.json
View File

@@ -1,6 +1,6 @@
{ {
"name": "backend2", "name": "backend2",
"version": "1.1.1", "version": "1.2.0",
"description": "", "description": "",
"main": "src/index.js", "main": "src/index.js",
"type": "module", "type": "module",

48
src/index.ts
View File

@@ -22,11 +22,6 @@ declare global {
namespace Express { namespace Express {
export interface User extends IUser { export interface User extends IUser {
_id: mongoose.Types.ObjectId; _id: mongoose.Types.ObjectId;
// pass: string;
// uname: string;
// admin?: number;
// locked?: boolean;
// room?: string
} }
} }
} }
@@ -34,7 +29,7 @@ declare global {
//#region express initialization //#region express initialization
var app = express(); var app = express();
app.use(bodyParser.json()) app.use(bodyParser.json())
app.use(bodyParser.urlencoded({extended: true})) app.use(bodyParser.urlencoded({ extended: true }))
app.use(cors({ app.use(cors({
origin: ["http://localhost:4200", `https://${process.env.DOMAIN}`,], origin: ["http://localhost:4200", `https://${process.env.DOMAIN}`,],
credentials: true credentials: true
@@ -44,7 +39,7 @@ app.use(session({
rolling: true, rolling: true,
secret: process.env.SECRET, secret: process.env.SECRET,
saveUninitialized: false, saveUninitialized: false,
store: MongoStore.create({mongoUrl: connectionString, dbName: "ipwa", collectionName: "sessions", touchAfter: 60, autoRemove: 'disabled'}), store: MongoStore.create({ mongoUrl: connectionString, dbName: "ipwa", collectionName: "sessions", touchAfter: 60, autoRemove: 'disabled' }),
cookie: { cookie: {
maxAge: 1209600000, maxAge: 1209600000,
} }
@@ -53,32 +48,32 @@ app.use(passport.session())
//#endregion //#endregion
//#region Passport strategies initialization //#region Passport strategies initialization
passport.use("normal",new LocalStrategy(async function verify(uname,pass,done) { passport.use("normal", new LocalStrategy(async function verify(uname, pass, done) {
let query = await User.findOne({uname: uname.toLowerCase()}) let query = await User.findOne({ uname: uname.toLowerCase() })
if (query) { if (query) {
if (query.locked == true) return done({type: "locked", message: "Twoje konto jest zablokowane. Skontaktuj się z administratorem."}, false) if (query.locked == true) return done({ type: "locked", message: "Twoje konto jest zablokowane. Skontaktuj się z administratorem." }, false)
var timeout = security.check(query._id) var timeout = security.check(query._id)
if (timeout) { if (timeout) {
timeout = Math.ceil(timeout / 1000 / 60) timeout = Math.ceil(timeout / 1000 / 60)
return done({type: "timeout", message: `Zbyt wiele nieudanych prób logowania. Odczekaj ${timeout} minut lub skontaktuj się z administratorem.`}, false) return done({ type: "timeout", message: `Zbyt wiele nieudanych prób logowania. Odczekaj ${timeout} minut lub skontaktuj się z administratorem.` }, false)
} }
if (await bcrypt.compare(pass, query.pass)) { if (await bcrypt.compare(pass, query.pass)) {
return done(null, query) return done(null, query)
} else { } else {
security.addAttempt(query._id) security.addAttempt(query._id)
done({type: "unf"}, false) done({ type: "unf" }, false)
} }
} else { } else {
done({type: "unf"}, false) done({ type: "unf" }, false)
} }
})) }))
//#endregion //#endregion
passport.serializeUser(function(user, done) { passport.serializeUser(function (user, done) {
done(null, user._id); done(null, user._id);
}); });
passport.deserializeUser(async function(id, done) { passport.deserializeUser(async function (id, done) {
let query = await User.findById(id) let query = await User.findById(id)
if (query) { if (query) {
done(null, query) done(null, query)
@@ -89,6 +84,7 @@ passport.deserializeUser(async function(id, done) {
var server = app.listen(8080, async () => { var server = app.listen(8080, async () => {
await mongoose.connect(connectionString); await mongoose.connect(connectionString);
await dataMigration()
if (process.send) process.send("ready") if (process.send) process.send("ready")
}) })
@@ -97,4 +93,24 @@ app.use('/', routes)
process.on('SIGINT', () => { process.on('SIGINT', () => {
server.close() server.close()
mongoose.disconnect().then(() => process.exit(0), () => process.exit(1)) mongoose.disconnect().then(() => process.exit(0), () => process.exit(1))
}) })
async function dataMigration() {
//#region User
var users = await User.find({ admin: { $type: "int" } }).lean()
users.forEach(async v => {
var oldFlags = v.admin as unknown as number
var newFlags: string[] | undefined = []
if ((oldFlags & 1) == 1) newFlags.push("news")
if ((oldFlags & 2) == 2) newFlags.push("menu")
if ((oldFlags & 4) == 4) newFlags.push("notif")
if ((oldFlags & 8) == 8) newFlags.push("groups")
if ((oldFlags & 16) == 16) newFlags.push("accs")
if ((oldFlags & 32) == 32) newFlags.push("super")
if ((oldFlags & 64) == 64) newFlags.push("keys")
if ((oldFlags & 128) == 128) newFlags.push("grades")
if (newFlags.length == 0) newFlags = undefined
await User.findByIdAndUpdate(v._id, { $set: { admin: newFlags } })
})
//#endregion
}

28
src/routes/api/admin/accs.ts
View File

@@ -1,8 +1,6 @@
import User from "@schemas/User"; import User from "@schemas/User";
import { Router } from "express" import { Router } from "express"
import { Perms, adminCond, adminPerm } from "@/utility"; import { Perms, adminCond, adminPerm } from "@/utility";
import capability from "@/helpers/capability";
import Group from "@/schemas/Group";
import security from "@/helpers/security"; import security from "@/helpers/security";
import { Types } from "mongoose"; import { Types } from "mongoose";
@@ -11,11 +9,7 @@ const accsRouter = Router()
accsRouter.use(adminPerm(Perms.Accs)) accsRouter.use(adminPerm(Perms.Accs))
accsRouter.get('/', async (req, res)=> { accsRouter.get('/', async (req, res)=> {
var data = { res.send(await User.find(undefined, {pass: 0}))
users: await User.find({"uname": {"$ne": req.user.uname}}, {pass: 0}),
groups: capability.settings.groups ? await Group.find() : undefined
}
res.send(data)
}) })
accsRouter.get('/:id', async (req, res) => { accsRouter.get('/:id', async (req, res) => {
@@ -27,19 +21,21 @@ accsRouter.get('/:id', async (req, res) => {
accsRouter.post('/', async (req, res)=> { accsRouter.post('/', async (req, res)=> {
if (req.body.uname == "admin") return res.status(400).send("This name is reserved").end() if (req.body.uname == "admin") return res.status(400).send("This name is reserved").end()
if (req.body.flags) { var createdUser
if (req.body.admin) {
if (adminCond(req.user.admin, Perms.Superadmin)) { if (adminCond(req.user.admin, Perms.Superadmin)) {
if (adminCond(req.body.flags, Perms.Superadmin)) { if (adminCond(req.body.admin, Perms.Superadmin)) {
res.status(400).send("Cannot set superadmin") res.status(400).send("Cannot set superadmin")
} else { } else {
await User.create({uname: req.body.uname, room: req.body.room, admin: req.body.flags, fname: req.body.fname, surname: req.body.surname}) createdUser = await User.create({uname: req.body.uname, room: req.body.room, admin: req.body.admin, fname: req.body.fname, surname: req.body.surname})
res.status(201).send({status: 201})
} }
} }
} else { } else {
await User.create({uname: req.body.uname, room: req.body.room, fname: req.body.fname, surname: req.body.surname}) createdUser = await User.create({uname: req.body.uname, room: req.body.room, fname: req.body.fname, surname: req.body.surname})
res.status(201).send({status: 201})
} }
var responseCandidate = createdUser.toJSON()
delete responseCandidate.pass
res.status(201).send(responseCandidate)
}) })
accsRouter.put('/:id', async (req, res)=> { accsRouter.put('/:id', async (req, res)=> {
@@ -48,15 +44,15 @@ accsRouter.put('/:id', async (req, res)=> {
res.status(404).send("User not found") res.status(404).send("User not found")
return return
} }
if (req.body.flags) { if (req.body.admin) {
if (adminCond(req.user.admin, Perms.Superadmin)) { if (adminCond(req.user.admin, Perms.Superadmin)) {
if (adminCond(user.admin, Perms.Superadmin)) { if (adminCond(user.admin, Perms.Superadmin)) {
res.status(400).send("Cannot edit other superadmins") res.status(400).send("Cannot edit other superadmins")
} else { } else {
if (adminCond(req.body.flags, Perms.Superadmin)) { if (adminCond(req.body.admin, Perms.Superadmin)) {
res.status(400).send("Cannot set superadmin") res.status(400).send("Cannot set superadmin")
} else { } else {
await user.set({uname: req.body.uname, room: req.body.room, admin: req.body.flags, fname: req.body.fname, surname: req.body.surname, groups: req.body.groups}).save() await user.set({uname: req.body.uname, room: req.body.room, admin: req.body.admin, fname: req.body.fname, surname: req.body.surname, groups: req.body.groups}).save()
res.send({status: 200}) res.send({status: 200})
} }
} }

2
src/routes/api/admin/clean.ts
View File

@@ -10,7 +10,7 @@ const cleanRouter = Router()
cleanRouter.use(adminPerm(Perms.Clean)) cleanRouter.use(adminPerm(Perms.Clean))
cleanRouter.use(capability.mw(Features.Clean)) cleanRouter.use(capability.mw(Features.Clean))
cleanRouter.get("/:date([0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}(\\.[0-9]+)?([Zz]|([\\+-])([01]\\d|2[0-3]):?([0-5]\\d)?)?)/:room", async (req, res) => { cleanRouter.get("/:date([0-9]{4}-[0-9]{2}-[0-9]{2})/:room", async (req, res) => {
res.send(await Grade.findOne({ res.send(await Grade.findOne({
date: new Date(req.params.date), date: new Date(req.params.date),
room: req.params.room room: req.params.room

8
src/routes/api/admin/index.ts
View File

@@ -9,6 +9,8 @@ import { keysRouter } from "./keys";
import { cleanRouter } from "./clean"; import { cleanRouter } from "./clean";
import { settingsRouter } from "./settings"; import { settingsRouter } from "./settings";
import User from "@/schemas/User"; import User from "@/schemas/User";
import capability from "@/helpers/capability";
import Group from "@/schemas/Group";
export const adminRouter = Router() export const adminRouter = Router()
@@ -25,4 +27,10 @@ adminRouter.use('/settings', settingsRouter)
adminRouter.get('/usearch', async (req, res) => { adminRouter.get('/usearch', async (req, res) => {
var results = await User.find({$text: {$search: req.query['q'].toString()}}, {uname: 1, surname: 1, fname: 1, room: 1}) var results = await User.find({$text: {$search: req.query['q'].toString()}}, {uname: 1, surname: 1, fname: 1, room: 1})
res.send(results) res.send(results)
})
adminRouter.get('/sync', async (req, res) => {
res.send({
groups: capability.settings.groups ? await Group.find() : undefined
})
}) })

24
src/routes/api/admin/news.ts
View File

@@ -2,26 +2,28 @@ import { Router } from "express";
import News from "@schemas/News" import News from "@schemas/News"
import { Perms, adminPerm } from "@/utility"; import { Perms, adminPerm } from "@/utility";
import capability, { Features } from "@/helpers/capability"; import capability, { Features } from "@/helpers/capability";
import { IUser } from "@/schemas/User";
const newsRouter = Router() const newsRouter = Router()
newsRouter.use(adminPerm(Perms.News)) newsRouter.use(adminPerm(Perms.News))
newsRouter.use(capability.mw(Features.News)) newsRouter.use(capability.mw(Features.News))
newsRouter.get('/', async (req,res)=>{ newsRouter.get('/', async (req, res) => {
res.send(await News.find({},null,{sort: {pinned: -1 ,date: -1}})) var news = await News.find(undefined, undefined, { sort: { pinned: -1, date: -1 } }).populate<{ author: Pick<IUser, "fname" | "surname" | "uname"> }>("author", ["fname", "surname", "uname"])
res.send(news)
}) })
newsRouter.post('/', async (req,res)=>{ newsRouter.post('/', async (req, res) => {
await News.create({title: req.body.title, content: req.body.content}) await News.create({ title: req.body.title, content: req.body.content, author: req.user._id })
res.status(201).send({status: 201}) res.status(201).send({ status: 201 })
}) })
newsRouter.delete('/:id', async (req,res)=>{ newsRouter.delete('/:id', async (req, res) => {
await News.findByIdAndDelete(req.params.id) await News.findByIdAndDelete(req.params.id)
res.send({status: 200}) res.send({ status: 200 })
}) })
newsRouter.put('/:id', async (req,res)=>{ newsRouter.put('/:id', async (req, res) => {
await News.findByIdAndUpdate(req.params.id, req.body) await News.findByIdAndUpdate(req.params.id, { ...req.body, author: req.user._id })
res.send({status: 200}) res.send({ status: 200 })
}) })
export {newsRouter}; export { newsRouter };

9
src/routes/api/app/index.ts
View File

@@ -10,13 +10,14 @@ import usettings from "@/helpers/usettings";
import Grade from "@schemas/Grade"; import Grade from "@schemas/Grade";
import { createHash } from "node:crypto"; import { createHash } from "node:crypto";
import Inbox from "@/schemas/Inbox"; import Inbox from "@/schemas/Inbox";
import { IUser } from "@/schemas/User";
export const appRouter = Router(); export const appRouter = Router();
appRouter.use(islogged) appRouter.use(islogged)
appRouter.get("/news", capability.mw(Features.News), async (req, res) => { appRouter.get("/news", capability.mw(Features.News), async (req, res) => {
var news = await News.find({"visible": {"$ne": false}}, {_id: 0, visible: 0}, {sort: {pinned: -1 ,date: -1}}) var news = await News.find({"visible": {"$ne": false}}, {_id: 0, visible: 0}, {sort: {pinned: -1 ,date: -1}}).populate<{author: Pick<IUser, "fname" | "surname" | "uname">}>("author", ["fname", "surname", "uname"])
res.send(news) res.send(news)
}) })
@@ -28,9 +29,9 @@ appRouter.get("/news/check", capability.mw(Features.News), async (req, res) => {
res.send(check) res.send(check)
}) })
appRouter.get("/menu/:timestamp", capability.mw(Features.Menu), async (req, res) => { appRouter.get("/menu/:date", capability.mw(Features.Menu), async (req, res) => {
var item = await Menu.aggregate(vote(new Date(Number.parseInt(req.params.timestamp)),req.user!._id)) var item = await Menu.aggregate(vote(new Date(req.params.date),req.user!._id))
var votes = await Vote.find({dom: new Date(Number.parseInt(req.params.timestamp))}) var votes = await Vote.find({dom: new Date(req.params.date)})
var grouped = votes.reduce((x, y) => { var grouped = votes.reduce((x, y) => {
x[y.tom].push(y) x[y.tom].push(y)
return x return x

8
src/schemas/News.ts
View File

@@ -1,11 +1,12 @@
import mongoose, { Schema } from "mongoose" import mongoose, { Schema, Types } from "mongoose"
interface INews { interface INews {
content: string; content: string;
title: string; title: string;
date: Date; date: Date;
visible?: boolean; visible?: boolean;
pinned?: boolean pinned?: boolean;
author: Types.ObjectId
} }
const newsSchema = new Schema<INews>({ const newsSchema = new Schema<INews>({
@@ -13,7 +14,8 @@ const newsSchema = new Schema<INews>({
title: {type: String, required: true}, title: {type: String, required: true},
date: {type: Date, requred: true, default: Date.now}, date: {type: Date, requred: true, default: Date.now},
visible: {type: Boolean, default: false}, visible: {type: Boolean, default: false},
pinned: {type: Boolean, default: false} pinned: {type: Boolean, default: false},
author: {type: "ObjectId", ref: "logins", required: true}
}) })
export default mongoose.model("news", newsSchema) export default mongoose.model("news", newsSchema)

5
src/schemas/User.ts
View File

@@ -1,10 +1,11 @@
import { Perms } from "@/utility";
import mongoose, { Types, Schema } from "mongoose" import mongoose, { Types, Schema } from "mongoose"
export interface IUser { export interface IUser {
uname: string; uname: string;
pass: string; pass: string;
room?: string; room?: string;
admin?: number; admin?: Perms[];
locked?: boolean; locked?: boolean;
fname?: string; fname?: string;
surname?: string; surname?: string;
@@ -17,7 +18,7 @@ const userSchema = new Schema<IUser>({
uname: {type: String, required: true}, uname: {type: String, required: true},
pass: {type: String, required: true, default: "$2y$10$wxDhf.XiXkmdKrFqYUEa0.F4Bf.pDykZaMmgjvyLyeRP3E/Xy0hbC"}, pass: {type: String, required: true, default: "$2y$10$wxDhf.XiXkmdKrFqYUEa0.F4Bf.pDykZaMmgjvyLyeRP3E/Xy0hbC"},
room: {type: String, default: ""}, room: {type: String, default: ""},
admin: Number, admin: [{type: String}],
locked: {type: Boolean, default: false}, locked: {type: Boolean, default: false},
fname: {type: String, default: ""}, fname: {type: String, default: ""},
surname: {type: String, default: ""}, surname: {type: String, default: ""},

20
src/utility.ts
View File

@@ -15,14 +15,14 @@ var isadmin = (req: Request, res: Response, next: NextFunction) => {
} }
enum Perms { enum Perms {
News = 1, News = "news",
Menu = 2, Menu = "menu",
Notif = 4, Notif = "notif",
Groups = 8, Groups = "groups",
Accs = 16, Accs = "accs",
Superadmin = 32, Superadmin = "super",
Key = 64, Key = "keys",
Clean = 128, Clean = "grades",
} }
var adminPerm = (perm: Perms) => { var adminPerm = (perm: Perms) => {
@@ -34,8 +34,8 @@ var adminPerm = (perm: Perms) => {
} }
} }
var adminCond = (adminInt = 0, perm: Perms) => { var adminCond = (perms: Perms[], perm: Perms) => {
return (adminInt & perm) == perm return perms.includes(perm)
} }
export function project<T extends object>(obj: T | any, projection?: (keyof T)[] | { [key in keyof T]: any}): Partial<T> { export function project<T extends object>(obj: T | any, projection?: (keyof T)[] | { [key in keyof T]: any}): Partial<T> {