Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
453ff9094f
|
|||
|
8fc171b874
|
|||
|
9e420e548e
|
|||
|
2db19ee1e7
|
|||
|
3ba7460eee
|
|||
|
681881097b
|
|||
|
4d4c3993d9
|
|||
|
e8b4e4634f
|
|||
|
647bc1c2ba
|
5
package-lock.json
generated
5
package-lock.json
generated
@@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "backend2",
|
||||
"version": "1.1.1",
|
||||
"version": "1.2.0",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "backend2",
|
||||
"version": "1.0.0",
|
||||
"version": "1.2.0",
|
||||
"license": "GPL-3.0-or-later",
|
||||
"dependencies": {
|
||||
"bcryptjs": "^2.4.3",
|
||||
@@ -2499,6 +2499,7 @@
|
||||
"version": "3.6.1",
|
||||
"resolved": "https://registry.npmjs.org/luxon/-/luxon-3.6.1.tgz",
|
||||
"integrity": "sha512-tJLxrKJhO2ukZ5z0gyjY1zPh3Rh88Ej9P7jNrZiHMUXHae1yvI2imgOZtL1TO8TW6biMMKfTtAOoEJANgtWBMQ==",
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
"node": ">=12"
|
||||
}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "backend2",
|
||||
"version": "1.1.1",
|
||||
"version": "1.2.0",
|
||||
"description": "",
|
||||
"main": "src/index.js",
|
||||
"type": "module",
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
import { project } from "@/utility";
|
||||
import { PathOrFileDescriptor, readFileSync, writeFileSync } from "node:fs";
|
||||
|
||||
export class FileHandler<T> {
|
||||
export abstract class FileHandler<T> {
|
||||
protected _value: T
|
||||
public get value(): T {
|
||||
return this._value;
|
||||
@@ -13,8 +12,7 @@ export class FileHandler<T> {
|
||||
|
||||
constructor(public path: PathOrFileDescriptor, public settings?: {
|
||||
defaultContent?: T,
|
||||
name?: string,
|
||||
project?: (keyof T)[] | { [key in keyof T]: any}
|
||||
name?: string
|
||||
}) {
|
||||
try {
|
||||
this._value = JSON.parse(readFileSync(path, 'utf-8'))
|
||||
@@ -32,11 +30,17 @@ export class FileHandler<T> {
|
||||
}
|
||||
|
||||
private save() {
|
||||
writeFileSync(this.path, JSON.stringify(project(this._value, this.settings.project), undefined, 2))
|
||||
writeFileSync(this.path, JSON.stringify(this.construct(this._value), undefined, 2))
|
||||
}
|
||||
|
||||
public reload() {
|
||||
this._value = JSON.parse(readFileSync(this.path, { encoding: "utf-8" }))
|
||||
console.log(`Reloaded ${this.settings.name}`);
|
||||
}
|
||||
|
||||
/**
|
||||
* Method that makes sure that object is the interface.
|
||||
* @param value Input object
|
||||
*/
|
||||
abstract construct(value: T | any): T
|
||||
}
|
||||
@@ -1,5 +1,3 @@
|
||||
import { project } from "@/utility";
|
||||
import { readFileSync, writeFileSync } from "node:fs";
|
||||
import { FileHandler } from "./filehandler";
|
||||
|
||||
export interface IUSettings {
|
||||
@@ -22,6 +20,26 @@ export interface IUSettings {
|
||||
}
|
||||
|
||||
class UOptions extends FileHandler<IUSettings> {
|
||||
construct(value: IUSettings | any): IUSettings {
|
||||
return {
|
||||
keyrooms: value.keyrooms ?? [],
|
||||
rooms: value.rooms ?? [],
|
||||
cleanThings: value.cleanThings ?? [],
|
||||
menu: {
|
||||
defaultItems: {
|
||||
sn: value.menu.defaultItems.sn ?? [],
|
||||
kol: value.menu.defaultItems.kol ?? []
|
||||
}
|
||||
},
|
||||
security: {
|
||||
loginTimeout: {
|
||||
attempts: value.security.loginTimeout.attempts ?? 0,
|
||||
time: value.security.loginTimeout.time ?? 0,
|
||||
lockout: value.security.loginTimeout.lockout ?? 0
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
constructor() {
|
||||
const defaultSettings: IUSettings = {
|
||||
keyrooms: [],
|
||||
@@ -41,7 +59,7 @@ class UOptions extends FileHandler<IUSettings> {
|
||||
}
|
||||
}
|
||||
}
|
||||
super("./config/usettings.json", {defaultContent: defaultSettings, name: "user settings", project: ['cleanThings', 'keyrooms', 'menu', 'rooms', 'security']})
|
||||
super("./config/usettings.json", {defaultContent: defaultSettings, name: "user settings"})
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
46
src/index.ts
46
src/index.ts
@@ -22,11 +22,6 @@ declare global {
|
||||
namespace Express {
|
||||
export interface User extends IUser {
|
||||
_id: mongoose.Types.ObjectId;
|
||||
// pass: string;
|
||||
// uname: string;
|
||||
// admin?: number;
|
||||
// locked?: boolean;
|
||||
// room?: string
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -34,7 +29,7 @@ declare global {
|
||||
//#region express initialization
|
||||
var app = express();
|
||||
app.use(bodyParser.json())
|
||||
app.use(bodyParser.urlencoded({extended: true}))
|
||||
app.use(bodyParser.urlencoded({ extended: true }))
|
||||
app.use(cors({
|
||||
origin: ["http://localhost:4200", `https://${process.env.DOMAIN}`,],
|
||||
credentials: true
|
||||
@@ -44,7 +39,7 @@ app.use(session({
|
||||
rolling: true,
|
||||
secret: process.env.SECRET,
|
||||
saveUninitialized: false,
|
||||
store: MongoStore.create({mongoUrl: connectionString, dbName: "ipwa", collectionName: "sessions", touchAfter: 60, autoRemove: 'disabled'}),
|
||||
store: MongoStore.create({ mongoUrl: connectionString, dbName: "ipwa", collectionName: "sessions", touchAfter: 60, autoRemove: 'disabled' }),
|
||||
cookie: {
|
||||
maxAge: 1209600000,
|
||||
}
|
||||
@@ -53,32 +48,32 @@ app.use(passport.session())
|
||||
//#endregion
|
||||
|
||||
//#region Passport strategies initialization
|
||||
passport.use("normal",new LocalStrategy(async function verify(uname,pass,done) {
|
||||
let query = await User.findOne({uname: uname.toLowerCase()})
|
||||
passport.use("normal", new LocalStrategy(async function verify(uname, pass, done) {
|
||||
let query = await User.findOne({ uname: uname.toLowerCase() })
|
||||
if (query) {
|
||||
if (query.locked == true) return done({type: "locked", message: "Twoje konto jest zablokowane. Skontaktuj się z administratorem."}, false)
|
||||
if (query.locked == true) return done({ type: "locked", message: "Twoje konto jest zablokowane. Skontaktuj się z administratorem." }, false)
|
||||
var timeout = security.check(query._id)
|
||||
if (timeout) {
|
||||
timeout = Math.ceil(timeout / 1000 / 60)
|
||||
return done({type: "timeout", message: `Zbyt wiele nieudanych prób logowania. Odczekaj ${timeout} minut lub skontaktuj się z administratorem.`}, false)
|
||||
return done({ type: "timeout", message: `Zbyt wiele nieudanych prób logowania. Odczekaj ${timeout} minut lub skontaktuj się z administratorem.` }, false)
|
||||
}
|
||||
if (await bcrypt.compare(pass, query.pass)) {
|
||||
return done(null, query)
|
||||
} else {
|
||||
security.addAttempt(query._id)
|
||||
done({type: "unf"}, false)
|
||||
done({ type: "unf" }, false)
|
||||
}
|
||||
} else {
|
||||
done({type: "unf"}, false)
|
||||
done({ type: "unf" }, false)
|
||||
}
|
||||
}))
|
||||
//#endregion
|
||||
|
||||
passport.serializeUser(function(user, done) {
|
||||
passport.serializeUser(function (user, done) {
|
||||
done(null, user._id);
|
||||
});
|
||||
|
||||
passport.deserializeUser(async function(id, done) {
|
||||
passport.deserializeUser(async function (id, done) {
|
||||
let query = await User.findById(id)
|
||||
if (query) {
|
||||
done(null, query)
|
||||
@@ -89,6 +84,7 @@ passport.deserializeUser(async function(id, done) {
|
||||
|
||||
var server = app.listen(8080, async () => {
|
||||
await mongoose.connect(connectionString);
|
||||
await dataMigration()
|
||||
if (process.send) process.send("ready")
|
||||
})
|
||||
|
||||
@@ -98,3 +94,23 @@ process.on('SIGINT', () => {
|
||||
server.close()
|
||||
mongoose.disconnect().then(() => process.exit(0), () => process.exit(1))
|
||||
})
|
||||
|
||||
async function dataMigration() {
|
||||
//#region User
|
||||
var users = await User.find({ admin: { $type: "int" } }).lean()
|
||||
users.forEach(async v => {
|
||||
var oldFlags = v.admin as unknown as number
|
||||
var newFlags: string[] | undefined = []
|
||||
if ((oldFlags & 1) == 1) newFlags.push("news")
|
||||
if ((oldFlags & 2) == 2) newFlags.push("menu")
|
||||
if ((oldFlags & 4) == 4) newFlags.push("notif")
|
||||
if ((oldFlags & 8) == 8) newFlags.push("groups")
|
||||
if ((oldFlags & 16) == 16) newFlags.push("accs")
|
||||
if ((oldFlags & 32) == 32) newFlags.push("super")
|
||||
if ((oldFlags & 64) == 64) newFlags.push("keys")
|
||||
if ((oldFlags & 128) == 128) newFlags.push("grades")
|
||||
if (newFlags.length == 0) newFlags = undefined
|
||||
await User.findByIdAndUpdate(v._id, { $set: { admin: newFlags } })
|
||||
})
|
||||
//#endregion
|
||||
}
|
||||
|
||||
@@ -1,8 +1,6 @@
|
||||
import User from "@schemas/User";
|
||||
import { Router } from "express"
|
||||
import { Perms, adminCond, adminPerm } from "@/utility";
|
||||
import capability from "@/helpers/capability";
|
||||
import Group from "@/schemas/Group";
|
||||
import security from "@/helpers/security";
|
||||
import { Types } from "mongoose";
|
||||
|
||||
@@ -11,11 +9,7 @@ const accsRouter = Router()
|
||||
accsRouter.use(adminPerm(Perms.Accs))
|
||||
|
||||
accsRouter.get('/', async (req, res)=> {
|
||||
var data = {
|
||||
users: await User.find({"uname": {"$ne": req.user.uname}}, {pass: 0}),
|
||||
groups: capability.settings.groups ? await Group.find() : undefined
|
||||
}
|
||||
res.send(data)
|
||||
res.send(await User.find(undefined, {pass: 0}))
|
||||
})
|
||||
|
||||
accsRouter.get('/:id', async (req, res) => {
|
||||
@@ -27,19 +21,21 @@ accsRouter.get('/:id', async (req, res) => {
|
||||
|
||||
accsRouter.post('/', async (req, res)=> {
|
||||
if (req.body.uname == "admin") return res.status(400).send("This name is reserved").end()
|
||||
if (req.body.flags) {
|
||||
var createdUser
|
||||
if (req.body.admin) {
|
||||
if (adminCond(req.user.admin, Perms.Superadmin)) {
|
||||
if (adminCond(req.body.flags, Perms.Superadmin)) {
|
||||
if (adminCond(req.body.admin, Perms.Superadmin)) {
|
||||
res.status(400).send("Cannot set superadmin")
|
||||
} else {
|
||||
await User.create({uname: req.body.uname, room: req.body.room, admin: req.body.flags, fname: req.body.fname, surname: req.body.surname})
|
||||
res.status(201).send({status: 201})
|
||||
createdUser = await User.create({uname: req.body.uname, room: req.body.room, admin: req.body.admin, fname: req.body.fname, surname: req.body.surname})
|
||||
}
|
||||
}
|
||||
} else {
|
||||
await User.create({uname: req.body.uname, room: req.body.room, fname: req.body.fname, surname: req.body.surname})
|
||||
res.status(201).send({status: 201})
|
||||
createdUser = await User.create({uname: req.body.uname, room: req.body.room, fname: req.body.fname, surname: req.body.surname})
|
||||
}
|
||||
var responseCandidate = createdUser.toJSON()
|
||||
delete responseCandidate.pass
|
||||
res.status(201).send(responseCandidate)
|
||||
})
|
||||
|
||||
accsRouter.put('/:id', async (req, res)=> {
|
||||
@@ -48,15 +44,15 @@ accsRouter.put('/:id', async (req, res)=> {
|
||||
res.status(404).send("User not found")
|
||||
return
|
||||
}
|
||||
if (req.body.flags) {
|
||||
if (req.body.admin) {
|
||||
if (adminCond(req.user.admin, Perms.Superadmin)) {
|
||||
if (adminCond(user.admin, Perms.Superadmin)) {
|
||||
res.status(400).send("Cannot edit other superadmins")
|
||||
} else {
|
||||
if (adminCond(req.body.flags, Perms.Superadmin)) {
|
||||
if (adminCond(req.body.admin, Perms.Superadmin)) {
|
||||
res.status(400).send("Cannot set superadmin")
|
||||
} else {
|
||||
await user.set({uname: req.body.uname, room: req.body.room, admin: req.body.flags, fname: req.body.fname, surname: req.body.surname, groups: req.body.groups}).save()
|
||||
await user.set({uname: req.body.uname, room: req.body.room, admin: req.body.admin, fname: req.body.fname, surname: req.body.surname, groups: req.body.groups}).save()
|
||||
res.send({status: 200})
|
||||
}
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ const cleanRouter = Router()
|
||||
cleanRouter.use(adminPerm(Perms.Clean))
|
||||
cleanRouter.use(capability.mw(Features.Clean))
|
||||
|
||||
cleanRouter.get("/:date([0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}(\\.[0-9]+)?([Zz]|([\\+-])([01]\\d|2[0-3]):?([0-5]\\d)?)?)/:room", async (req, res) => {
|
||||
cleanRouter.get("/:date([0-9]{4}-[0-9]{2}-[0-9]{2})/:room", async (req, res) => {
|
||||
res.send(await Grade.findOne({
|
||||
date: new Date(req.params.date),
|
||||
room: req.params.room
|
||||
|
||||
@@ -9,6 +9,8 @@ import { keysRouter } from "./keys";
|
||||
import { cleanRouter } from "./clean";
|
||||
import { settingsRouter } from "./settings";
|
||||
import User from "@/schemas/User";
|
||||
import capability from "@/helpers/capability";
|
||||
import Group from "@/schemas/Group";
|
||||
|
||||
export const adminRouter = Router()
|
||||
|
||||
@@ -26,3 +28,9 @@ adminRouter.get('/usearch', async (req, res) => {
|
||||
var results = await User.find({$text: {$search: req.query['q'].toString()}}, {uname: 1, surname: 1, fname: 1, room: 1})
|
||||
res.send(results)
|
||||
})
|
||||
|
||||
adminRouter.get('/sync', async (req, res) => {
|
||||
res.send({
|
||||
groups: capability.settings.groups ? await Group.find() : undefined
|
||||
})
|
||||
})
|
||||
@@ -2,26 +2,28 @@ import { Router } from "express";
|
||||
import News from "@schemas/News"
|
||||
import { Perms, adminPerm } from "@/utility";
|
||||
import capability, { Features } from "@/helpers/capability";
|
||||
import { IUser } from "@/schemas/User";
|
||||
|
||||
const newsRouter = Router()
|
||||
|
||||
newsRouter.use(adminPerm(Perms.News))
|
||||
newsRouter.use(capability.mw(Features.News))
|
||||
|
||||
newsRouter.get('/', async (req,res)=>{
|
||||
res.send(await News.find({},null,{sort: {pinned: -1 ,date: -1}}))
|
||||
newsRouter.get('/', async (req, res) => {
|
||||
var news = await News.find(undefined, undefined, { sort: { pinned: -1, date: -1 } }).populate<{ author: Pick<IUser, "fname" | "surname" | "uname"> }>("author", ["fname", "surname", "uname"])
|
||||
res.send(news)
|
||||
})
|
||||
newsRouter.post('/', async (req,res)=>{
|
||||
await News.create({title: req.body.title, content: req.body.content})
|
||||
res.status(201).send({status: 201})
|
||||
newsRouter.post('/', async (req, res) => {
|
||||
await News.create({ title: req.body.title, content: req.body.content, author: req.user._id })
|
||||
res.status(201).send({ status: 201 })
|
||||
})
|
||||
newsRouter.delete('/:id', async (req,res)=>{
|
||||
newsRouter.delete('/:id', async (req, res) => {
|
||||
await News.findByIdAndDelete(req.params.id)
|
||||
res.send({status: 200})
|
||||
res.send({ status: 200 })
|
||||
})
|
||||
newsRouter.put('/:id', async (req,res)=>{
|
||||
await News.findByIdAndUpdate(req.params.id, req.body)
|
||||
res.send({status: 200})
|
||||
newsRouter.put('/:id', async (req, res) => {
|
||||
await News.findByIdAndUpdate(req.params.id, { ...req.body, author: req.user._id })
|
||||
res.send({ status: 200 })
|
||||
})
|
||||
|
||||
export {newsRouter};
|
||||
export { newsRouter };
|
||||
@@ -10,13 +10,14 @@ import usettings from "@/helpers/usettings";
|
||||
import Grade from "@schemas/Grade";
|
||||
import { createHash } from "node:crypto";
|
||||
import Inbox from "@/schemas/Inbox";
|
||||
import { IUser } from "@/schemas/User";
|
||||
|
||||
export const appRouter = Router();
|
||||
|
||||
appRouter.use(islogged)
|
||||
|
||||
appRouter.get("/news", capability.mw(Features.News), async (req, res) => {
|
||||
var news = await News.find({"visible": {"$ne": false}}, {_id: 0, visible: 0}, {sort: {pinned: -1 ,date: -1}})
|
||||
var news = await News.find({"visible": {"$ne": false}}, {_id: 0, visible: 0}, {sort: {pinned: -1 ,date: -1}}).populate<{author: Pick<IUser, "fname" | "surname" | "uname">}>("author", ["fname", "surname", "uname"])
|
||||
res.send(news)
|
||||
})
|
||||
|
||||
@@ -28,9 +29,9 @@ appRouter.get("/news/check", capability.mw(Features.News), async (req, res) => {
|
||||
res.send(check)
|
||||
})
|
||||
|
||||
appRouter.get("/menu/:timestamp", capability.mw(Features.Menu), async (req, res) => {
|
||||
var item = await Menu.aggregate(vote(new Date(Number.parseInt(req.params.timestamp)),req.user!._id))
|
||||
var votes = await Vote.find({dom: new Date(Number.parseInt(req.params.timestamp))})
|
||||
appRouter.get("/menu/:date", capability.mw(Features.Menu), async (req, res) => {
|
||||
var item = await Menu.aggregate(vote(new Date(req.params.date),req.user!._id))
|
||||
var votes = await Vote.find({dom: new Date(req.params.date)})
|
||||
var grouped = votes.reduce((x, y) => {
|
||||
x[y.tom].push(y)
|
||||
return x
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
import mongoose, { Schema } from "mongoose"
|
||||
import mongoose, { Schema, Types } from "mongoose"
|
||||
|
||||
interface INews {
|
||||
content: string;
|
||||
title: string;
|
||||
date: Date;
|
||||
visible?: boolean;
|
||||
pinned?: boolean
|
||||
pinned?: boolean;
|
||||
author: Types.ObjectId
|
||||
}
|
||||
|
||||
const newsSchema = new Schema<INews>({
|
||||
@@ -13,7 +14,8 @@ const newsSchema = new Schema<INews>({
|
||||
title: {type: String, required: true},
|
||||
date: {type: Date, requred: true, default: Date.now},
|
||||
visible: {type: Boolean, default: false},
|
||||
pinned: {type: Boolean, default: false}
|
||||
pinned: {type: Boolean, default: false},
|
||||
author: {type: "ObjectId", ref: "logins", required: true}
|
||||
})
|
||||
|
||||
export default mongoose.model("news", newsSchema)
|
||||
@@ -1,10 +1,11 @@
|
||||
import { Perms } from "@/utility";
|
||||
import mongoose, { Types, Schema } from "mongoose"
|
||||
|
||||
export interface IUser {
|
||||
uname: string;
|
||||
pass: string;
|
||||
room?: string;
|
||||
admin?: number;
|
||||
admin?: Perms[];
|
||||
locked?: boolean;
|
||||
fname?: string;
|
||||
surname?: string;
|
||||
@@ -17,7 +18,7 @@ const userSchema = new Schema<IUser>({
|
||||
uname: {type: String, required: true},
|
||||
pass: {type: String, required: true, default: "$2y$10$wxDhf.XiXkmdKrFqYUEa0.F4Bf.pDykZaMmgjvyLyeRP3E/Xy0hbC"},
|
||||
room: {type: String, default: ""},
|
||||
admin: Number,
|
||||
admin: [{type: String}],
|
||||
locked: {type: Boolean, default: false},
|
||||
fname: {type: String, default: ""},
|
||||
surname: {type: String, default: ""},
|
||||
|
||||
@@ -15,14 +15,14 @@ var isadmin = (req: Request, res: Response, next: NextFunction) => {
|
||||
}
|
||||
|
||||
enum Perms {
|
||||
News = 1,
|
||||
Menu = 2,
|
||||
Notif = 4,
|
||||
Groups = 8,
|
||||
Accs = 16,
|
||||
Superadmin = 32,
|
||||
Key = 64,
|
||||
Clean = 128,
|
||||
News = "news",
|
||||
Menu = "menu",
|
||||
Notif = "notif",
|
||||
Groups = "groups",
|
||||
Accs = "accs",
|
||||
Superadmin = "super",
|
||||
Key = "keys",
|
||||
Clean = "grades",
|
||||
}
|
||||
|
||||
var adminPerm = (perm: Perms) => {
|
||||
@@ -34,8 +34,8 @@ var adminPerm = (perm: Perms) => {
|
||||
}
|
||||
}
|
||||
|
||||
var adminCond = (adminInt = 0, perm: Perms) => {
|
||||
return (adminInt & perm) == perm
|
||||
var adminCond = (perms: Perms[], perm: Perms) => {
|
||||
return perms.includes(perm)
|
||||
}
|
||||
|
||||
export function project<T extends object>(obj: T | any, projection?: (keyof T)[] | { [key in keyof T]: any}): Partial<T> {
|
||||
|
||||
Reference in New Issue
Block a user