richard
/
wiki
mirror of https://github.com/Requarks/wiki.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
214 Commits
3 Branches
120 Tags
80 MiB
Tree: 9f9e75c99f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9f9e75c99f'
${ noResults }
wiki/controllers/admin.js

250 lines
7.1 KiB
Raw Normal View History

Standard JS code conversion + fixes
7 years ago
Base server logic
8 years ago
Standard JS code conversion + fixes
7 years ago
System Settings UI + code cleanup
7 years ago
Initial work for upgrade feature
7 years ago
Settings page UI + npm installation fixes
7 years ago
Base server logic
8 years ago
Standard JS code conversion + fixes
7 years ago
Account page
8 years ago
Standard JS code conversion + fixes
7 years ago
Added access check for write and manage actions
7 years ago
Standard JS code conversion + fixes
7 years ago
Integration to Requarks Core
8 years ago
Added own profile save + dependencies update
7 years ago
Standard JS code conversion + fixes
7 years ago
Added own profile save + dependencies update
7 years ago
Integration to Requarks Core
8 years ago
Standard JS code conversion + fixes
7 years ago
Integration to Requarks Core
8 years ago
Standard JS code conversion + fixes
7 years ago
Users list + Edit user interface
7 years ago
Standard JS code conversion + fixes
7 years ago
Integration to Requarks Core
8 years ago
Create / Authorize User feature
7 years ago
Fix auth fail when using uppercase in email
7 years ago
Create / Authorize User feature
7 years ago
Added GitHub and Slack authentication integrations
7 years ago
Create / Authorize User feature
7 years ago
Added rights management + user edit
7 years ago
Standard JS code conversion + fixes
7 years ago
Added rights management + user edit
7 years ago
User delete feature
7 years ago
Integration to Requarks Core
8 years ago
Standard JS code conversion + fixes
7 years ago
Added access check for write and manage actions
7 years ago
Settings page UI + npm installation fixes
7 years ago
System Settings UI + code cleanup
7 years ago
Settings page UI + npm installation fixes
7 years ago
System Settings UI + code cleanup
7 years ago
Standard JS code conversion + fixes
7 years ago
Base server logic
8 years ago
Settings page UI + npm installation fixes
7 years ago
Initial work for upgrade feature
7 years ago
Settings page UI + npm installation fixes
7 years ago
Initial work for upgrade feature
7 years ago
Standard JS code conversion + fixes
7 years ago
  1. 'use strict'
  3. var express = require('express')
  4. var router = express.Router()
  5. const Promise = require('bluebird')
  6. const validator = require('validator')
  7. const _ = require('lodash')
  8. const axios = require('axios')
  9. const path = require('path')
  10. const fs = Promise.promisifyAll(require('fs-extra'))
  12. /**
  13. * Admin
  14. */
  15. router.get('/', (req, res) => {
  16. res.redirect('/admin/profile')
  17. })
  19. router.get('/profile', (req, res) => {
  20. if (res.locals.isGuest) {
  21. return res.render('error-forbidden')
  22. }
  24. res.render('pages/admin/profile', { adminTab: 'profile' })
  25. })
  27. router.post('/profile', (req, res) => {
  28. if (res.locals.isGuest) {
  29. return res.render('error-forbidden')
  30. }
  32. return db.User.findById(req.user.id).then((usr) => {
  33. usr.name = _.trim(req.body.name)
  34. if (usr.provider === 'local' && req.body.password !== '********') {
  35. let nPwd = _.trim(req.body.password)
  36. if (nPwd.length < 6) {
  37. return Promise.reject(new Error('New Password too short!'))
  38. } else {
  39. return db.User.hashPassword(nPwd).then((pwd) => {
  40. usr.password = pwd
  41. return usr.save()
  42. })
  43. }
  44. } else {
  45. return usr.save()
  46. }
  47. }).then(() => {
  48. return res.json({ msg: 'OK' })
  49. }).catch((err) => {
  50. res.status(400).json({ msg: err.message })
  51. })
  52. })
  54. router.get('/stats', (req, res) => {
  55. if (res.locals.isGuest) {
  56. return res.render('error-forbidden')
  57. }
  59. Promise.all([
  60. db.Entry.count(),
  61. db.UplFile.count(),
  62. db.User.count()
  63. ]).spread((totalEntries, totalUploads, totalUsers) => {
  64. return res.render('pages/admin/stats', {
  65. totalEntries, totalUploads, totalUsers, adminTab: 'stats'
  66. }) || true
  67. }).catch((err) => {
  68. throw err
  69. })
  70. })
  72. router.get('/users', (req, res) => {
  73. if (!res.locals.rights.manage) {
  74. return res.render('error-forbidden')
  75. }
  77. db.User.find({})
  78. .select('-password -rights')
  79. .sort('name email')
  80. .exec().then((usrs) => {
  81. res.render('pages/admin/users', { adminTab: 'users', usrs })
  82. })
  83. })
  85. router.get('/users/:id', (req, res) => {
  86. if (!res.locals.rights.manage) {
  87. return res.render('error-forbidden')
  88. }
  90. if (!validator.isMongoId(req.params.id)) {
  91. return res.render('error-forbidden')
  92. }
  94. db.User.findById(req.params.id)
  95. .select('-password -providerId')
  96. .exec().then((usr) => {
  97. let usrOpts = {
  98. canChangeEmail: (usr.email !== 'guest' && usr.provider === 'local' && usr.email !== req.app.locals.appconfig.admin),
  99. canChangeName: (usr.email !== 'guest'),
  100. canChangePassword: (usr.email !== 'guest' && usr.provider === 'local'),
  101. canChangeRole: (usr.email !== 'guest' && !(usr.provider === 'local' && usr.email === req.app.locals.appconfig.admin)),
  102. canBeDeleted: (usr.email !== 'guest' && !(usr.provider === 'local' && usr.email === req.app.locals.appconfig.admin))
  103. }
  105. res.render('pages/admin/users-edit', { adminTab: 'users', usr, usrOpts })
  106. })
  107. })
  109. /**
  110. * Create / Authorize a new user
  111. */
  112. router.post('/users/create', (req, res) => {
  113. if (!res.locals.rights.manage) {
  114. return res.status(401).json({ msg: 'Unauthorized' })
  115. }
  117. let nUsr = {
  118. email: _.toLower(_.trim(req.body.email)),
  119. provider: _.trim(req.body.provider),
  120. password: req.body.password,
  121. name: _.trim(req.body.name)
  122. }
  124. if (!validator.isEmail(nUsr.email)) {
  125. return res.status(400).json({ msg: 'Invalid email address' })
  126. } else if (!validator.isIn(nUsr.provider, ['local', 'google', 'windowslive', 'facebook', 'github', 'slack'])) {
  127. return res.status(400).json({ msg: 'Invalid provider' })
  128. } else if (nUsr.provider === 'local' && !validator.isLength(nUsr.password, { min: 6 })) {
  129. return res.status(400).json({ msg: 'Password too short or missing' })
  130. } else if (nUsr.provider === 'local' && !validator.isLength(nUsr.name, { min: 2 })) {
  131. return res.status(400).json({ msg: 'Name is missing' })
  132. }
  134. db.User.findOne({ email: nUsr.email, provider: nUsr.provider }).then(exUsr => {
  135. if (exUsr) {
  136. return res.status(400).json({ msg: 'User already exists!' }) || true
  137. }
  139. let pwdGen = (nUsr.provider === 'local') ? db.User.hashPassword(nUsr.password) : Promise.resolve(true)
  140. return pwdGen.then(nPwd => {
  141. if (nUsr.provider !== 'local') {
  142. nUsr.password = ''
  143. nUsr.name = '-- pending --'
  144. } else {
  145. nUsr.password = nPwd
  146. }
  148. nUsr.rights = [{
  149. role: 'read',
  150. path: '/',
  151. exact: false,
  152. deny: false
  153. }]
  155. return db.User.create(nUsr).then(() => {
  156. return res.json({ ok: true })
  157. })
  158. }).catch(err => {
  159. winston.warn(err)
  160. return res.status(500).json({ msg: err })
  161. })
  162. }).catch(err => {
  163. winston.warn(err)
  164. return res.status(500).json({ msg: err })
  165. })
  166. })
  168. router.post('/users/:id', (req, res) => {
  169. if (!res.locals.rights.manage) {
  170. return res.status(401).json({ msg: 'Unauthorized' })
  171. }
  173. if (!validator.isMongoId(req.params.id)) {
  174. return res.status(400).json({ msg: 'Invalid User ID' })
  175. }
  177. return db.User.findById(req.params.id).then((usr) => {
  178. usr.name = _.trim(req.body.name)
  179. usr.rights = JSON.parse(req.body.rights)
  180. if (usr.provider === 'local' && req.body.password !== '********') {
  181. let nPwd = _.trim(req.body.password)
  182. if (nPwd.length < 6) {
  183. return Promise.reject(new Error('New Password too short!'))
  184. } else {
  185. return db.User.hashPassword(nPwd).then((pwd) => {
  186. usr.password = pwd
  187. return usr.save()
  188. })
  189. }
  190. } else {
  191. return usr.save()
  192. }
  193. }).then(() => {
  194. return res.json({ msg: 'OK' })
  195. }).catch((err) => {
  196. res.status(400).json({ msg: err.message })
  197. })
  198. })
  200. /**
  201. * Delete / Deauthorize a user
  202. */
  203. router.delete('/users/:id', (req, res) => {
  204. if (!res.locals.rights.manage) {
  205. return res.status(401).json({ msg: 'Unauthorized' })
  206. }
  208. if (!validator.isMongoId(req.params.id)) {
  209. return res.status(400).json({ msg: 'Invalid User ID' })
  210. }
  212. return db.User.findByIdAndRemove(req.params.id).then(() => {
  213. return res.json({ msg: 'OK' })
  214. }).catch((err) => {
  215. res.status(500).json({ msg: err.message })
  216. })
  217. })
  219. router.get('/settings', (req, res) => {
  220. if (!res.locals.rights.manage) {
  221. return res.render('error-forbidden')
  222. }
  224. fs.readJsonAsync(path.join(ROOTPATH, 'package.json')).then(packageObj => {
  225. axios.get('https://api.github.com/repos/Requarks/wiki/releases/latest').then(resp => {
  226. let sysversion = {
  227. current: 'v' + packageObj.version,
  228. latest: resp.data.tag_name,
  229. latestPublishedAt: resp.data.published_at
  230. }
  232. res.render('pages/admin/settings', { adminTab: 'settings', sysversion })
  233. }).catch(err => {
  234. winston.warn(err)
  235. res.render('pages/admin/settings', { adminTab: 'settings', sysversion: { current: 'v' + packageObj.version } })
  236. })
  237. })
  238. })
  240. router.post('/settings/install', (req, res) => {
  241. if (!res.locals.rights.manage) {
  242. return res.render('error-forbidden')
  243. }
  245. // let sysLib = require(path.join(ROOTPATH, 'libs/system.js'))
  246. // sysLib.install('v1.0-beta.7')
  247. res.status(400).send('Sorry, Upgrade/Re-Install via the web UI is not yet ready. You must use the npm upgrade method in the meantime.').end()
  248. })
  250. module.exports = router