KK
/
customer-dashboard-api
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
customer-dashboard-api/src/controllers/userController.ts

832 lines
19 KiB
TypeScript
Raw Blame History

import { Request, Response } from "express";
import logger from "../logger/logger";
import User from "../models/user";
import {
isAccountNameValid,
isCompanyNameValid,
isEmailValid,
isLanguageCodeValid,
isPasswordValid,
isUsernameValid,
} from "../validator/validator";
import {
ACCOUNT_DEMO_DAYS,
ACCOUNT_STATE,
CALENDAR_MAX_FUTURE_BOOKING_DAYS,
CALENDAR_MAX_SERVICE_DURATION,
CALENDAR_MIN_EARLIEST_BOOKING_TIME,
Roles,
USER_ANALYTICS_ENABLED_DEFAULT,
} from "../utils/constants";
import {
decodeBase64,
getUserSession,
hashPassword,
matchPassword,
newAccountExportId,
newFeedbackId,
newStoreId,
newUserId,
saveSession,
} from "../utils/utils";
import Store from "../models/store";
import Session from "../models/session";
import Feedback from "../models/feedback";
import fs from "fs-extra";
import { channel } from "../rabbitmq/rabbitmq";
import verifyCaptcha from "../utils/recaptcha";
export async function SignUp(req: Request, res: Response) {
try {
let {
companyName,
username,
accountName,
password,
language,
rememberMe,
recaptcha,
} = req.body;
// validate request
if (
!companyName ||
!username ||
!accountName ||
!password ||
!language ||
!isCompanyNameValid(companyName) ||
!isUsernameValid(username) ||
!isAccountNameValid(accountName) ||
!isLanguageCodeValid(language) ||
rememberMe === undefined ||
!recaptcha
) {
return res.status(400).send({ err: "invalid request" });
}
// validate recaptcha
const recaptchaValid = await verifyCaptcha(
recaptcha,
req.headers["x-real-ip"] as string
);
if (!recaptchaValid) {
return res.status(400).send({ err: "invalid request" });
}
accountName = accountName.toLowerCase();
// check if user already exists
const existingUser = await User.findOne({
where: {
account_name: accountName,
},
});
if (existingUser) {
return res.status(400).send({ err: "invalid request" });
}
// decode password
const decodedPassword = decodeBase64(password);
if (!isPasswordValid(decodedPassword)) {
return res.status(400).send({ err: "invalid request" });
}
// hash password
const hashedPassword = await hashPassword(decodedPassword);
// create store
let userId = newUserId();
Store.create({
store_id: newStoreId(),
owner_user_id: userId,
name: companyName,
calendar_max_future_booking_days: CALENDAR_MAX_FUTURE_BOOKING_DAYS,
calendar_min_earliest_booking_time: CALENDAR_MIN_EARLIEST_BOOKING_TIME,
calendar_max_service_duration: CALENDAR_MAX_SERVICE_DURATION,
})
.then(async (store) => {
// create user
await User.create({
user_id: userId,
store_id: store.store_id,
role: Roles.Master,
account_name: accountName,
username: username,
password: hashedPassword,
language: language,
analytics_enabled: USER_ANALYTICS_ENABLED_DEFAULT,
state: ACCOUNT_STATE.ACTIVE,
})
.then((user) => {
// create session
saveSession(req, res, user.user_id, user.username, rememberMe);
})
.catch((err) => {
logger.error(err);
res.status(500).send({ err: "invalid request" });
});
})
.catch((err) => {
logger.error(err);
res.status(500).send({ err: "invalid request" });
});
} catch (error) {
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}
export async function Login(req: Request, res: Response) {
try {
let { accountName, password, rememberMe, recaptcha } = req.body;
// validate request
if (!accountName) {
return res.status(400).send({ err: "invalid request" });
}
accountName = accountName.toLowerCase();
if (!isAccountNameValid(accountName)) {
return res.status(400).send({ err: "invalid request" });
}
// check if user exists
const user = await User.findOne({
where: {
account_name: accountName,
},
attributes: ["user_id", "password", "state"],
});
if (!user) {
return res.status(400).send({ err: "invalid request" });
}
// if password not provided, then send user state
// user is on the login page on the first step of the login process
// and only needs to enter their account name to get the user state to know what to do next
if (password === undefined) {
return res.status(200).send({ state: user.state });
}
// validate recaptcha
const recaptchaValid = await verifyCaptcha(
recaptcha,
req.headers["x-real-ip"] as string
);
if (!recaptchaValid) {
return res.status(400).send({ err: "invalid request" });
}
// decode password
const decodedPassword = decodeBase64(password);
if (!isPasswordValid(decodedPassword)) {
return res.status(400).send({ err: "invalid request" });
}
let updateData = {};
// if user state is INIT_LOGIN, then user is logging in for the first time and needs to set their password
if (user.state === ACCOUNT_STATE.INIT_LOGIN) {
// hash password
updateData = {
password: await hashPassword(decodedPassword),
};
} else {
// compare password
const match = await matchPassword(decodedPassword, user.password);
if (!match) {
return res.status(400).send({ err: "invalid request" });
}
}
// check user state
if (
user.state === ACCOUNT_STATE.PENDING_DELETION ||
user.state === ACCOUNT_STATE.INIT_LOGIN
) {
// update user state back to active
updateData = {
...updateData,
state: ACCOUNT_STATE.ACTIVE,
};
User.update(updateData, {
where: {
user_id: user.user_id,
},
});
}
// create session
saveSession(req, res, user.user_id, user.username, rememberMe);
} catch (error) {
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}
export async function Logout(req: Request, res: Response) {
try {
const session = await getUserSession(req);
if (!session) {
return res.status(401).send({ err: "unauthorized" });
}
await session.destroy();
res.status(200).send({ msg: "logout successful" });
} catch (error) {
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}
export async function GetUser(req: Request, res: Response) {
try {
const session = await getUserSession(req);
if (!session) {
return res.status(401).send({ err: "unauthorized" });
}
const user = await User.findOne({
where: {
user_id: session.user_id,
},
attributes: [
"user_id",
"username",
"store_id",
"language",
"analytics_enabled",
"created_at",
],
});
if (!user) {
return res.status(401).send({ err: "unauthorized" });
}
const stores = await Store.findAll({
where: {
owner_user_id: user.user_id,
},
attributes: ["store_id", "name"],
});
// send user data
let respData = {
user: {
user_id: user.user_id,
username: user.username,
//store_id: user.store_id,
language: user.language,
analytics_enabled: user.analytics_enabled,
},
stores: stores,
// only temporary until we have a proper permissions system
permissions: [] as string[],
};
// if user is not a store master, then check if user is a worker
if (!stores || stores.length === 0) {
// user is a worker
const store = await Store.findOne({
where: {
store_id: user.store_id,
},
attributes: ["store_id", "name"],
});
if (!store) {
return res.status(401).send({ err: "unauthorized" });
}
stores.push(store);
respData.stores = stores;
respData.permissions.push("calendar");
} else {
// user is a store owner
respData.permissions.push(
"settings",
"employees",
"services",
"calendar",
"website"
);
// calc account plan expiry by created_at + demo days
const accountPlanExpiry = new Date(user.created_at);
accountPlanExpiry.setDate(
accountPlanExpiry.getDate() + ACCOUNT_DEMO_DAYS
);
respData.user = {
...respData.user,
account_plan_expiry: accountPlanExpiry,
} as {
user_id: string;
username: string;
language: string;
analytics_enabled: boolean;
account_plan_expiry: Date;
};
}
// update user session last_used
Session.update(
{
last_used: new Date(),
},
{
where: {
session_id: session.session_id,
},
}
);
res.status(200).send(respData);
} catch (error) {
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}
export async function IsAccountNameAvailable(req: Request, res: Response) {
try {
let { accountName } = req.body;
// validate request
if (!accountName) {
return res.status(400).send({ err: "invalid request" });
}
accountName = accountName.toLowerCase();
if (!isAccountNameValid(accountName)) {
return res.status(400).send({ err: "invalid request" });
}
// check if user exists
const user = await User.findOne({
where: {
account_name: accountName,
},
});
if (user) {
return res.status(400).send({ err: "invalid request" });
}
res.status(200).send({ msg: "account name available" });
} catch (error) {
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}
export async function GetUserProfileSettings(req: Request, res: Response) {
try {
const session = await getUserSession(req);
if (!session) {
return res.status(401).send({ err: "unauthorized" });
}
const user = await User.findOne({
where: {
user_id: session.user_id,
},
attributes: ["language", "analytics_enabled", "username", "account_name"],
});
res.status(200).json(user);
} catch (error) {
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}
export async function UpdateUserProfileSettings(req: Request, res: Response) {
try {
const { language, analyticsEnabled, username, accountName } = req.body;
if (
!language &&
analyticsEnabled === undefined &&
!username &&
!accountName
) {
return res.status(400).send({ err: "invalid request" });
}
const session = await getUserSession(req);
if (!session) {
return res.status(401).send({ err: "unauthorized" });
}
const user = await User.findOne({
where: {
user_id: session.user_id,
},
});
if (!user) {
return res.status(401).send({ err: "unauthorized" });
}
if (language) {
user.language = language;
}
if (analyticsEnabled !== undefined) {
user.analytics_enabled = analyticsEnabled;
}
if (username) {
if (!isUsernameValid(username)) {
return res.status(400).send({ err: "invalid request" });
}
user.username = username;
}
if (accountName) {
if (!isAccountNameValid(accountName)) {
return res.status(400).send({ err: "invalid request" });
}
user.account_name = accountName;
}
await user.save();
res.status(200).send({ msg: "user profile settings updated" });
} catch (error) {
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}
export async function UpdateUserProfilePassword(req: Request, res: Response) {
try {
const { currentPassword, newPassword } = req.body;
if (!currentPassword || !newPassword) {
return res.status(400).send({ err: "invalid request" });
}
const session = await getUserSession(req);
if (!session) {
return res.status(401).send({ err: "unauthorized" });
}
const user = await User.findOne({
where: {
user_id: session.user_id,
},
attributes: ["password"],
});
if (!user) {
return res.status(401).send({ err: "unauthorized" });
}
const decodedCurrentPassword = decodeBase64(currentPassword);
const match = await matchPassword(decodedCurrentPassword, user.password);
if (!match) {
return res.status(400).send({ err: "invalid request" });
}
const decodedPassword = decodeBase64(newPassword);
if (!isPasswordValid(decodedPassword)) {
return res.status(400).send({ err: "invalid request" });
}
const hashedPassword = await hashPassword(decodedPassword);
// update user password
await User.update(
{
password: hashedPassword,
},
{
where: {
user_id: session.user_id,
},
}
);
// delete all sessions of this user by deleting all sessions with this user_id
await Session.destroy({
where: {
user_id: session.user_id,
},
});
res.status(200).send({ msg: "user password updated" });
} catch (error) {
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}
export async function GetUserProfileSessions(req: Request, res: Response) {
try {
const session = await getUserSession(req);
if (!session) {
return res.status(401).send({ err: "unauthorized" });
}
const sessions = await Session.findAll({
where: {
user_id: session.user_id,
},
attributes: ["session_id", "id", "browser", "os", "last_used"],
});
// set last_used to now if session is the user's current session
let currentSession = sessions.find(
(sess) => sess.session_id === session.session_id
)?.id;
// remove session_id from sessions for security reasons
const sessionsList = sessions.map((sess) => {
return {
id: sess.id,
browser: sess.browser,
os: sess.os,
last_used: sess.last_used,
};
});
res.status(200).json({
sessions: sessionsList,
currentSession: currentSession,
});
} catch (error) {
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}
export async function DeleteUserProfileSession(req: Request, res: Response) {
try {
const { id } = req.params;
if (!id) {
return res.status(400).send({ err: "invalid request" });
}
const session = await getUserSession(req);
if (!session) {
return res.status(401).send({ err: "unauthorized" });
}
await Session.destroy({
where: {
id: id,
user_id: session.user_id,
},
});
res.status(200).send({ msg: "session deleted" });
} catch (error) {
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}
export async function DeleteUserProfile(req: Request, res: Response) {
try {
const { reason, feedback, password } = req.body;
if (!reason || !feedback || !password) {
return res.status(400).send({ err: "invalid request" });
}
const session = await getUserSession(req);
if (!session) {
return res.status(401).send({ err: "unauthorized" });
}
const user = await User.findOne({
where: {
user_id: session.user_id,
},
attributes: ["password"],
});
if (!user) {
return res.status(401).send({ err: "unauthorized" });
}
const decodedPassword = decodeBase64(password);
const match = await matchPassword(decodedPassword, user.password);
if (!match) {
return res.status(400).send({ err: "invalid request" });
}
// set user state to pending deletion
await User.update(
{
state: ACCOUNT_STATE.PENDING_DELETION,
},
{
where: {
user_id: session.user_id,
},
}
);
// delete all sessions of this user by deleting all sessions with this user_id
await Session.destroy({
where: {
user_id: session.user_id,
},
});
// send feedback
Feedback.create({
feedback_id: newFeedbackId(),
user_id: session.user_id,
feedback: `${reason} - ${feedback}`,
});
res.status(200).send({ msg: "user deleted" });
} catch (error) {
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}
export async function ExportUserAccount(req: Request, res: Response) {
try {
const { email, password } = req.body;
if (
!email ||
!password ||
!isEmailValid(email) ||
!isPasswordValid(password)
) {
return res.status(400).send({ err: "invalid request" });
}
const session = await getUserSession(req);
if (!session) {
return res.status(401).send({ err: "unauthorized" });
}
const user = await User.findOne({
where: {
user_id: session.user_id,
},
});
if (!user) {
return res.status(401).send({ err: "unauthorized" });
}
const decodedPassword = decodeBase64(password);
const match = await matchPassword(decodedPassword, user.password);
if (!match) {
return res.status(400).send({ err: "invalid request" });
}
(async () => {
try {
// create json file with user data
const exportData = {
user: {
user_id: user.user_id,
username: user.username,
account_name: user.account_name,
calendar_max_future_booking_days:
user.calendar_max_future_booking_days,
calendar_min_earliest_booking_time:
user.calendar_min_earliest_booking_time,
calendar_using_primary_calendar:
user.calendar_using_primary_calendar,
language: user.language,
analytics_enabled: user.analytics_enabled,
},
};
const accountExportId = newAccountExportId();
fs.writeJson(
`./user-profile-exports/${accountExportId}.json`,
exportData
);
// send email with file
channel.sendToQueue(
process.env.RABBITMQ_MAIL_QUEUE as string,
Buffer.from(
JSON.stringify({
m: email, // UserMail
t: "dashboardUserAccountExportFinish", // TemplateId
l: "de", // LanguageId
// BodyData
b: {
accountExportDownloadUrl: `${
process.env.ACCOUNT_EXPORT_URL as string
}${accountExportId}`,
},
})
)
);
} catch (error) {
logger.error(error);
}
})();
res.status(200).json({});
} catch (error) {
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}
export function GetExportedUserAccount(req: Request, res: Response) {
try {
const { id } = req.params;
if (!id) {
return res.status(400).send({ err: "invalid request" });
}
const file = `./user-profile-exports/${id}.json`;
res.download(file, (err) => {
if (err) {
res.status(500).send({ err: "invalid request" });
}
});
// delete file after download
fs.remove(file);
} catch (error) {
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}
Reference in New Issue View Git Blame Copy Permalink