You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

247 lines
6.8 KiB

8 years ago
  1. 'use strict'
  2. var express = require('express')
  3. var router = express.Router()
  4. const Promise = require('bluebird')
  5. const validator = require('validator')
  6. const _ = require('lodash')
  7. const axios = require('axios')
  8. const path = require('path')
  9. /**
  10. * Admin
  11. */
  12. router.get('/', (req, res) => {
  13. res.redirect('/admin/profile')
  14. })
  15. router.get('/profile', (req, res) => {
  16. if (res.locals.isGuest) {
  17. return res.render('error-forbidden')
  18. }
  19. res.render('pages/admin/profile', { adminTab: 'profile' })
  20. })
  21. router.post('/profile', (req, res) => {
  22. if (res.locals.isGuest) {
  23. return res.render('error-forbidden')
  24. }
  25. return db.User.findById(req.user.id).then((usr) => {
  26. usr.name = _.trim(req.body.name)
  27. if (usr.provider === 'local' && req.body.password !== '********') {
  28. let nPwd = _.trim(req.body.password)
  29. if (nPwd.length < 6) {
  30. return Promise.reject(new Error('New Password too short!'))
  31. } else {
  32. return db.User.hashPassword(nPwd).then((pwd) => {
  33. usr.password = pwd
  34. return usr.save()
  35. })
  36. }
  37. } else {
  38. return usr.save()
  39. }
  40. }).then(() => {
  41. return res.json({ msg: 'OK' })
  42. }).catch((err) => {
  43. res.status(400).json({ msg: err.message })
  44. })
  45. })
  46. router.get('/stats', (req, res) => {
  47. if (res.locals.isGuest) {
  48. return res.render('error-forbidden')
  49. }
  50. Promise.all([
  51. db.Entry.count(),
  52. db.UplFile.count(),
  53. db.User.count()
  54. ]).spread((totalEntries, totalUploads, totalUsers) => {
  55. return res.render('pages/admin/stats', {
  56. totalEntries, totalUploads, totalUsers, adminTab: 'stats'
  57. }) || true
  58. }).catch((err) => {
  59. throw err
  60. })
  61. })
  62. router.get('/users', (req, res) => {
  63. if (!res.locals.rights.manage) {
  64. return res.render('error-forbidden')
  65. }
  66. db.User.find({})
  67. .select('-password -rights')
  68. .sort('name email')
  69. .exec().then((usrs) => {
  70. res.render('pages/admin/users', { adminTab: 'users', usrs })
  71. })
  72. })
  73. router.get('/users/:id', (req, res) => {
  74. if (!res.locals.rights.manage) {
  75. return res.render('error-forbidden')
  76. }
  77. if (!validator.isMongoId(req.params.id)) {
  78. return res.render('error-forbidden')
  79. }
  80. db.User.findById(req.params.id)
  81. .select('-password -providerId')
  82. .exec().then((usr) => {
  83. let usrOpts = {
  84. canChangeEmail: (usr.email !== 'guest' && usr.provider === 'local' && usr.email !== req.app.locals.appconfig.admin),
  85. canChangeName: (usr.email !== 'guest'),
  86. canChangePassword: (usr.email !== 'guest' && usr.provider === 'local'),
  87. canChangeRole: (usr.email !== 'guest' && !(usr.provider === 'local' && usr.email === req.app.locals.appconfig.admin)),
  88. canBeDeleted: (usr.email !== 'guest' && !(usr.provider === 'local' && usr.email === req.app.locals.appconfig.admin))
  89. }
  90. res.render('pages/admin/users-edit', { adminTab: 'users', usr, usrOpts })
  91. })
  92. })
  93. /**
  94. * Create / Authorize a new user
  95. */
  96. router.post('/users/create', (req, res) => {
  97. if (!res.locals.rights.manage) {
  98. return res.status(401).json({ msg: 'Unauthorized' })
  99. }
  100. let nUsr = {
  101. email: _.trim(req.body.email),
  102. provider: _.trim(req.body.provider),
  103. password: req.body.password,
  104. name: _.trim(req.body.name)
  105. }
  106. if (!validator.isEmail(nUsr.email)) {
  107. return res.status(400).json({ msg: 'Invalid email address' })
  108. } else if (!validator.isIn(nUsr.provider, ['local', 'google', 'windowslive', 'facebook'])) {
  109. return res.status(400).json({ msg: 'Invalid provider' })
  110. } else if (nUsr.provider === 'local' && !validator.isLength(nUsr.password, { min: 6 })) {
  111. return res.status(400).json({ msg: 'Password too short or missing' })
  112. } else if (nUsr.provider === 'local' && !validator.isLength(nUsr.name, { min: 2 })) {
  113. return res.status(400).json({ msg: 'Name is missing' })
  114. }
  115. db.User.findOne({ email: nUsr.email, provider: nUsr.provider }).then(exUsr => {
  116. if (exUsr) {
  117. return res.status(400).json({ msg: 'User already exists!' }) || true
  118. }
  119. let pwdGen = (nUsr.provider === 'local') ? db.User.hashPassword(nUsr.password) : Promise.resolve(true)
  120. return pwdGen.then(nPwd => {
  121. if (nUsr.provider !== 'local') {
  122. nUsr.password = ''
  123. nUsr.name = '-- pending --'
  124. } else {
  125. nUsr.password = nPwd
  126. }
  127. nUsr.rights = [{
  128. role: 'read',
  129. path: '/',
  130. exact: false,
  131. deny: false
  132. }]
  133. return db.User.create(nUsr).then(() => {
  134. return res.json({ ok: true })
  135. })
  136. }).catch(err => {
  137. winston.warn(err)
  138. return res.status(500).json({ msg: err })
  139. })
  140. }).catch(err => {
  141. winston.warn(err)
  142. return res.status(500).json({ msg: err })
  143. })
  144. })
  145. router.post('/users/:id', (req, res) => {
  146. if (!res.locals.rights.manage) {
  147. return res.status(401).json({ msg: 'Unauthorized' })
  148. }
  149. if (!validator.isMongoId(req.params.id)) {
  150. return res.status(400).json({ msg: 'Invalid User ID' })
  151. }
  152. return db.User.findById(req.params.id).then((usr) => {
  153. usr.name = _.trim(req.body.name)
  154. usr.rights = JSON.parse(req.body.rights)
  155. if (usr.provider === 'local' && req.body.password !== '********') {
  156. let nPwd = _.trim(req.body.password)
  157. if (nPwd.length < 6) {
  158. return Promise.reject(new Error('New Password too short!'))
  159. } else {
  160. return db.User.hashPassword(nPwd).then((pwd) => {
  161. usr.password = pwd
  162. return usr.save()
  163. })
  164. }
  165. } else {
  166. return usr.save()
  167. }
  168. }).then(() => {
  169. return res.json({ msg: 'OK' })
  170. }).catch((err) => {
  171. res.status(400).json({ msg: err.message })
  172. })
  173. })
  174. /**
  175. * Delete / Deauthorize a user
  176. */
  177. router.delete('/users/:id', (req, res) => {
  178. if (!res.locals.rights.manage) {
  179. return res.status(401).json({ msg: 'Unauthorized' })
  180. }
  181. if (!validator.isMongoId(req.params.id)) {
  182. return res.status(400).json({ msg: 'Invalid User ID' })
  183. }
  184. return db.User.findByIdAndRemove(req.params.id).then(() => {
  185. return res.json({ msg: 'OK' })
  186. }).catch((err) => {
  187. res.status(500).json({ msg: err.message })
  188. })
  189. })
  190. router.get('/settings', (req, res) => {
  191. if (!res.locals.rights.manage) {
  192. return res.render('error-forbidden')
  193. }
  194. axios.get('https://api.github.com/repos/Requarks/wiki/releases/latest').then(resp => {
  195. let sysversion = {
  196. current: appdata.version,
  197. latest: resp.data.tag_name,
  198. latestPublishedAt: resp.data.published_at
  199. }
  200. res.render('pages/admin/settings', { adminTab: 'settings', sysversion })
  201. }).catch(err => {
  202. winston.warn(err)
  203. res.render('pages/admin/settings', { adminTab: 'settings', sysversion: { current: appdata.version } })
  204. })
  205. })
  206. router.get('/settings/install', (req, res) => {
  207. if (!res.locals.rights.manage) {
  208. return res.render('error-forbidden')
  209. }
  210. let sysLib = require(path.join(ROOTPATH, 'libs/system.js'))
  211. sysLib.install('v1.0-beta.5')
  212. res.status(200).end()
  213. })
  214. module.exports = router