1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344 |
- import config from "config";
- import async from "async";
- import axios from "axios";
- import bcrypt from "bcrypt";
- import sha256 from "sha256";
- import { isAdminRequired, isLoginRequired } from "./hooks";
- import moduleManager from "../../index";
- const DBModule = moduleManager.modules.db;
- const UtilsModule = moduleManager.modules.utils;
- const WSModule = moduleManager.modules.ws;
- const CacheModule = moduleManager.modules.cache;
- const MailModule = moduleManager.modules.mail;
- const PunishmentsModule = moduleManager.modules.punishments;
- const ActivitiesModule = moduleManager.modules.activities;
- const PlaylistsModule = moduleManager.modules.playlists;
- CacheModule.runJob("SUB", {
- channel: "user.updatePreferences",
- cb: res => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId: res.userId }, this).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("keep.event:user.preferences.changed", res.preferences);
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.updateOrderOfFavoriteStations",
- cb: res => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId: res.userId }, this).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.orderOfFavoriteStations.changed", res.favoriteStations);
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.updateOrderOfPlaylists",
- cb: res => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId: res.userId }, this).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.orderOfPlaylists.changed", res.orderOfPlaylists);
- });
- });
- WSModule.runJob("EMIT_TO_ROOM", {
- room: `profile-${res.userId}-playlists`,
- args: ["event:user.orderOfPlaylists.changed", res.orderOfPlaylists]
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.updateUsername",
- cb: user => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId: user._id }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.username.changed", user.username);
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.removeSessions",
- cb: userId => {
- WSModule.runJob("SOCKETS_FROM_USER_WITHOUT_CACHE", { userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("keep.event:user.session.removed");
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.linkPassword",
- cb: userId => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.linkPassword");
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.unlinkPassword",
- cb: userId => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.unlinkPassword");
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.linkGithub",
- cb: userId => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.linkGithub");
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.unlinkGithub",
- cb: userId => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.unlinkGithub");
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.ban",
- cb: data => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId: data.userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("keep.event:banned", data.punishment);
- socket.disconnect(true);
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.favoritedStation",
- cb: data => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId: data.userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.favoritedStation", data.stationId);
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.unfavoritedStation",
- cb: data => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId: data.userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.unfavoritedStation", data.stationId);
- });
- });
- }
- });
- export default {
- /**
- * Lists all Users
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Function} cb - gets called with the result
- */
- index: isAdminRequired(async function index(session, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.find({}).exec(next);
- }
- ],
- async (err, users) => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "USER_INDEX", `Indexing users failed. "${err}"`);
- return cb({ status: "failure", message: err });
- }
- this.log("SUCCESS", "USER_INDEX", `Indexing users successful.`);
- const filteredUsers = [];
- users.forEach(user => {
- filteredUsers.push({
- _id: user._id,
- name: user.name,
- username: user.username,
- role: user.role,
- liked: user.liked,
- disliked: user.disliked,
- songsRequested: user.statistics.songsRequested,
- email: {
- address: user.email.address,
- verified: user.email.verified
- },
- avatar: {
- type: user.avatar.type,
- url: user.avatar.url,
- color: user.avatar.color
- },
- hasPassword: !!user.services.password,
- services: { github: user.services.github }
- });
- });
- return cb({ status: "success", data: filteredUsers });
- }
- );
- }),
- /**
- * Removes all data held on a user, including their ability to login
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Function} cb - gets called with the result
- */
- remove: isLoginRequired(async function remove(session, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- const stationModel = await DBModule.runJob("GET_MODEL", { modelName: "station" }, this);
- const playlistModel = await DBModule.runJob("GET_MODEL", { modelName: "playlist" }, this);
- const activityModel = await DBModule.runJob("GET_MODEL", { modelName: "activity" }, this);
- async.waterfall(
- [
- next => {
- activityModel.deleteMany({ userId: session.userId }, next);
- },
- (res, next) => {
- stationModel.deleteMany({ owner: session.userId }, next);
- },
- (res, next) => {
- playlistModel.deleteMany({ createdBy: session.userId }, next);
- },
- (res, next) => {
- userModel.deleteMany({ _id: session.userId }, next);
- }
- ],
- async err => {
- console.log(err);
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "USER_REMOVE",
- `Removing data and account for user "${session.userId}" failed. "${err}"`
- );
- return cb({ status: "failure", message: err });
- }
- this.log(
- "SUCCESS",
- "USER_REMOVE",
- `Successfully removed data and account for user "${session.userId}"`
- );
- return cb({
- status: "success",
- message: "Successfully removed data and account."
- });
- }
- );
- }),
- /**
- * Logs user in
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} identifier - the email of the user
- * @param {string} password - the plaintext of the user
- * @param {Function} cb - gets called with the result
- */
- async login(session, identifier, password, cb) {
- identifier = identifier.toLowerCase();
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- const sessionSchema = await CacheModule.runJob("GET_SCHEMA", { schemaName: "session" }, this);
- async.waterfall(
- [
- // check if a user with the requested identifier exists
- next => {
- userModel.findOne(
- {
- $or: [{ "email.address": identifier }]
- },
- next
- );
- },
- // if the user doesn't exist, respond with a failure
- // otherwise compare the requested password and the actual users password
- (user, next) => {
- if (!user) return next("User not found");
- if (!user.services.password || !user.services.password.password)
- return next("The account you are trying to access uses GitHub to log in.");
- return bcrypt.compare(sha256(password), user.services.password.password, (err, match) => {
- if (err) return next(err);
- if (!match) return next("Incorrect password");
- return next(null, user);
- });
- },
- (user, next) => {
- UtilsModule.runJob("GUID", {}, this).then(sessionId => {
- next(null, user, sessionId);
- });
- },
- (user, sessionId, next) => {
- CacheModule.runJob(
- "HSET",
- {
- table: "sessions",
- key: sessionId,
- value: sessionSchema(sessionId, user._id)
- },
- this
- )
- .then(() => {
- next(null, sessionId);
- })
- .catch(next);
- }
- ],
- async (err, sessionId) => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "USER_PASSWORD_LOGIN",
- `Login failed with password for user "${identifier}". "${err}"`
- );
- return cb({ status: "failure", message: err });
- }
- this.log("SUCCESS", "USER_PASSWORD_LOGIN", `Login successful with password for user "${identifier}"`);
- return cb({
- status: "success",
- message: "Login successful",
- user: {},
- SID: sessionId
- });
- }
- );
- },
- /**
- * Registers a new user
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} username - the username for the new user
- * @param {string} email - the email for the new user
- * @param {string} password - the plaintext password for the new user
- * @param {object} recaptcha - the recaptcha data
- * @param {Function} cb - gets called with the result
- */
- async register(session, username, email, password, recaptcha, cb) {
- email = email.toLowerCase();
- const verificationToken = await UtilsModule.runJob("GENERATE_RANDOM_STRING", { length: 64 }, this);
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- const verifyEmailSchema = await MailModule.runJob(
- "GET_SCHEMA",
- {
- schemaName: "verifyEmail"
- },
- this
- );
- async.waterfall(
- [
- next => {
- if (config.get("registrationDisabled") === true)
- return next("Registration is not allowed at this time.");
- return next();
- },
- next => {
- if (!DBModule.passwordValid(password))
- return next("Invalid password. Check if it meets all the requirements.");
- return next();
- },
- // verify the request with google recaptcha
- next => {
- if (config.get("apis.recaptcha.enabled") === true)
- axios
- .post("https://www.google.com/recaptcha/api/siteverify", {
- data: {
- secret: config.get("apis").recaptcha.secret,
- response: recaptcha
- }
- })
- .then(res => next(null, res.data))
- .catch(err => next(err));
- else next(null, null);
- },
- // check if the response from Google recaptcha is successful
- // if it is, we check if a user with the requested username already exists
- (body, next) => {
- if (config.get("apis.recaptcha.enabled") === true)
- if (body.success !== true) return next("Response from recaptcha was not successful.");
- return userModel.findOne({ username: new RegExp(`^${username}$`, "i") }, next);
- },
- // if the user already exists, respond with that
- // otherwise check if a user with the requested email already exists
- (user, next) => {
- if (user) return next("A user with that username already exists.");
- return userModel.findOne({ "email.address": email }, next);
- },
- // if the user already exists, respond with that
- // otherwise, generate a salt to use with hashing the new users password
- (user, next) => {
- if (user) return next("A user with that email already exists.");
- return bcrypt.genSalt(10, next);
- },
- // hash the password
- (salt, next) => {
- bcrypt.hash(sha256(password), salt, next);
- },
- (hash, next) => {
- UtilsModule.runJob("GENERATE_RANDOM_STRING", { length: 12 }, this).then(_id => {
- next(null, hash, _id);
- });
- },
- // create the user object
- (hash, _id, next) => {
- next(null, {
- _id,
- username,
- email: {
- address: email,
- verificationToken
- },
- services: {
- password: {
- password: hash
- }
- }
- });
- },
- // generate the url for gravatar avatar
- (user, next) => {
- UtilsModule.runJob("CREATE_GRAVATAR", { email: user.email.address }, this).then(url => {
- user.avatar = {
- type: "gravatar",
- url
- };
- next(null, user);
- });
- },
- // save the new user to the database
- (user, next) => {
- userModel.create(user, next);
- },
- // respond with the new user
- (user, next) => {
- verifyEmailSchema(email, username, verificationToken, err => {
- next(err, user._id);
- });
- },
- // create a liked songs playlist for the new user
- (userId, next) => {
- PlaylistsModule.runJob("CREATE_READ_ONLY_PLAYLIST", {
- userId,
- displayName: "Liked Songs",
- type: "user"
- })
- .then(likedSongsPlaylist => {
- next(null, likedSongsPlaylist, userId);
- })
- .catch(err => next(err));
- },
- // create a disliked songs playlist for the new user
- (likedSongsPlaylist, userId, next) => {
- PlaylistsModule.runJob("CREATE_READ_ONLY_PLAYLIST", {
- userId,
- displayName: "Disliked Songs",
- type: "user"
- })
- .then(dislikedSongsPlaylist => {
- next(null, { likedSongsPlaylist, dislikedSongsPlaylist }, userId);
- })
- .catch(err => next(err));
- },
- // associate liked + disliked songs playlist to the user object
- ({ likedSongsPlaylist, dislikedSongsPlaylist }, userId, next) => {
- userModel.updateOne(
- { _id: userId },
- { $set: { likedSongsPlaylist, dislikedSongsPlaylist } },
- { runValidators: true },
- err => {
- if (err) return next(err);
- return next(null, userId);
- }
- );
- }
- ],
- async (err, userId) => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "USER_PASSWORD_REGISTER",
- `Register failed with password for user "${username}"."${err}"`
- );
- return cb({ status: "failure", message: err });
- }
- ActivitiesModule.runJob("ADD_ACTIVITY", {
- userId,
- type: "user__joined",
- payload: { message: "Welcome to Musare!" }
- });
- this.log(
- "SUCCESS",
- "USER_PASSWORD_REGISTER",
- `Register successful with password for user "${username}".`
- );
- const result = await this.module.runJob(
- "RUN_ACTION2",
- {
- session,
- namespace: "users",
- action: "login",
- args: [email, password]
- },
- this
- );
- const obj = {
- status: "success",
- message: "Successfully registered."
- };
- if (result.status === "success") {
- obj.SID = result.SID;
- }
- return cb(obj);
- }
- );
- },
- /**
- * Logs out a user
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Function} cb - gets called with the result
- */
- logout(session, cb) {
- async.waterfall(
- [
- next => {
- CacheModule.runJob("HGET", { table: "sessions", key: session.sessionId }, this)
- .then(session => next(null, session))
- .catch(next);
- },
- (session, next) => {
- if (!session) return next("Session not found");
- return next(null, session);
- },
- (session, next) => {
- CacheModule.runJob("HDEL", { table: "sessions", key: session.sessionId }, this)
- .then(() => next())
- .catch(next);
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "USER_LOGOUT", `Logout failed. "${err}" `);
- cb({ status: "failure", message: err });
- } else {
- this.log("SUCCESS", "USER_LOGOUT", `Logout successful.`);
- cb({
- status: "success",
- message: "Successfully logged out."
- });
- }
- }
- );
- },
- /**
- * Removes all sessions for a user
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} userId - the id of the user we are trying to delete the sessions of
- * @param {Function} cb - gets called with the result
- */
- removeSessions: isLoginRequired(async function removeSessions(session, userId, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.findOne({ _id: session.userId }, (err, user) => {
- if (err) return next(err);
- if (user.role !== "admin" && session.userId !== userId)
- return next("Only admins and the owner of the account can remove their sessions.");
- return next();
- });
- },
- next => {
- CacheModule.runJob("HGETALL", { table: "sessions" }, this)
- .then(sessions => {
- next(null, sessions);
- })
- .catch(next);
- },
- (sessions, next) => {
- if (!sessions) return next("There are no sessions for this user to remove.");
- const keys = Object.keys(sessions);
- return next(null, keys, sessions);
- },
- (keys, sessions, next) => {
- CacheModule.runJob("PUB", {
- channel: "user.removeSessions",
- value: userId
- });
- async.each(
- keys,
- (sessionId, callback) => {
- const session = sessions[sessionId];
- if (session.userId === userId) {
- // TODO Also maybe add this to this runJob
- CacheModule.runJob("HDEL", {
- channel: "sessions",
- key: sessionId
- })
- .then(() => {
- callback(null);
- })
- .catch(next);
- }
- },
- err => {
- next(err);
- }
- );
- }
- ],
- async err => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "REMOVE_SESSIONS_FOR_USER",
- `Couldn't remove all sessions for user "${userId}". "${err}"`
- );
- return cb({ status: "failure", message: err });
- }
- this.log("SUCCESS", "REMOVE_SESSIONS_FOR_USER", `Removed all sessions for user "${userId}".`);
- return cb({
- status: "success",
- message: "Successfully removed all sessions."
- });
- }
- );
- }),
- /**
- * Updates the order of a user's favorite stations
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Array} favoriteStations - array of station ids (with a specific order)
- * @param {Function} cb - gets called with the result
- */
- updateOrderOfFavoriteStations: isLoginRequired(async function updateOrderOfFavoriteStations(
- session,
- favoriteStations,
- cb
- ) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.updateOne(
- { _id: session.userId },
- { $set: { favoriteStations } },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_ORDER_OF_USER_FAVORITE_STATIONS",
- `Couldn't update order of favorite stations for user "${session.userId}" to "${favoriteStations}". "${err}"`
- );
- return cb({ status: "failure", message: err });
- }
- CacheModule.runJob("PUB", {
- channel: "user.updateOrderOfFavoriteStations",
- value: {
- favoriteStations,
- userId: session.userId
- }
- });
- this.log(
- "SUCCESS",
- "UPDATE_ORDER_OF_USER_FAVORITE_STATIONS",
- `Updated order of favorite stations for user "${session.userId}" to "${favoriteStations}".`
- );
- return cb({
- status: "success",
- message: "Order of favorite stations successfully updated"
- });
- }
- );
- }),
- /**
- * Updates the order of a user's playlists
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Array} orderOfPlaylists - array of playlist ids (with a specific order)
- * @param {Function} cb - gets called with the result
- */
- updateOrderOfPlaylists: isLoginRequired(async function updateOrderOfPlaylists(session, orderOfPlaylists, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.updateOne(
- { _id: session.userId },
- { $set: { "preferences.orderOfPlaylists": orderOfPlaylists } },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_ORDER_OF_USER_PLAYLISTS",
- `Couldn't update order of playlists for user "${session.userId}" to "${orderOfPlaylists}". "${err}"`
- );
- return cb({ status: "failure", message: err });
- }
- CacheModule.runJob("PUB", {
- channel: "user.updateOrderOfPlaylists",
- value: {
- orderOfPlaylists,
- userId: session.userId
- }
- });
- this.log(
- "SUCCESS",
- "UPDATE_ORDER_OF_USER_PLAYLISTS",
- `Updated order of playlists for user "${session.userId}" to "${orderOfPlaylists}".`
- );
- return cb({
- status: "success",
- message: "Order of playlists successfully updated"
- });
- }
- );
- }),
- /**
- * Updates a user's preferences
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {object} preferences - object containing preferences
- * @param {boolean} preferences.nightmode - whether or not the user is using the night mode theme
- * @param {boolean} preferences.autoSkipDisliked - whether to automatically skip disliked songs
- * @param {boolean} preferences.activityLogPublic - whether or not a user's activity log can be publicly viewed
- * @param {boolean} preferences.anonymousSongRequests - whether or not a user's requested songs will be anonymous
- * @param {boolean} preferences.activityWatch - whether or not a user is using the ActivityWatch integration
- * @param {Function} cb - gets called with the result
- */
- updatePreferences: isLoginRequired(async function updatePreferences(session, preferences, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.findByIdAndUpdate(
- session.userId,
- {
- $set: {
- preferences: {
- nightmode: preferences.nightmode,
- autoSkipDisliked: preferences.autoSkipDisliked,
- activityLogPublic: preferences.activityLogPublic,
- anonymousSongRequests: preferences.anonymousSongRequests,
- activityWatch: preferences.activityWatch
- }
- }
- },
- { new: false },
- next
- );
- }
- ],
- async (err, user) => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_USER_PREFERENCES",
- `Couldn't update preferences for user "${session.userId}" to "${JSON.stringify(
- preferences
- )}". "${err}"`
- );
- return cb({ status: "failure", message: err });
- }
- CacheModule.runJob("PUB", {
- channel: "user.updatePreferences",
- value: {
- preferences,
- userId: session.userId
- }
- });
- if (preferences.nightmode !== user.preferences.nightmode)
- ActivitiesModule.runJob("ADD_ACTIVITY", {
- userId: session.userId,
- type: "user__toggle_nightmode",
- payload: { message: preferences.nightmode ? "Enabled nightmode" : "Disabled nightmode" }
- });
- if (preferences.autoSkipDisliked !== user.preferences.autoSkipDisliked)
- ActivitiesModule.runJob("ADD_ACTIVITY", {
- userId: session.userId,
- type: "user__toggle_autoskip_disliked_songs",
- payload: {
- message: preferences.autoSkipDisliked
- ? "Enabled the autoskipping of disliked songs"
- : "Disabled the autoskipping of disliked songs"
- }
- });
- if (preferences.activityWatch !== user.preferences.activityWatch)
- ActivitiesModule.runJob("ADD_ACTIVITY", {
- userId: session.userId,
- type: "user__toggle_activity_watch",
- payload: {
- message: preferences.activityWatch
- ? "Enabled ActivityWatch integration"
- : "Disabled ActivityWatch integration"
- }
- });
- this.log(
- "SUCCESS",
- "UPDATE_USER_PREFERENCES",
- `Updated preferences for user "${session.userId}" to "${JSON.stringify(preferences)}".`
- );
- return cb({
- status: "success",
- message: "Preferences successfully updated"
- });
- }
- );
- }),
- /**
- * Retrieves a user's preferences
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Function} cb - gets called with the result
- */
- getPreferences: isLoginRequired(async function updatePreferences(session, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.findById(session.userId).select({ preferences: -1 }).exec(next);
- }
- ],
- async (err, { preferences }) => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "GET_USER_PREFERENCES",
- `Couldn't retrieve preferences for user "${session.userId}". "${err}"`
- );
- return cb({ status: "failure", message: err });
- }
- this.log(
- "SUCCESS",
- "GET_USER_PREFERENCES",
- `Successfully obtained preferences for user "${session.userId}".`
- );
- return cb({
- status: "success",
- message: "Preferences successfully retrieved",
- data: preferences
- });
- }
- );
- }),
- /**
- * Gets user object from username (only a few properties)
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} username - the username of the user we are trying to find
- * @param {Function} cb - gets called with the result
- */
- findByUsername: async function findByUsername(session, username, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.findOne({ username: new RegExp(`^${username}$`, "i") }, next);
- },
- (account, next) => {
- if (!account) return next("User not found.");
- return next(null, account);
- }
- ],
- async (err, account) => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "FIND_BY_USERNAME", `User not found for username "${username}". "${err}"`);
- return cb({ status: "failure", message: err });
- }
- this.log("SUCCESS", "FIND_BY_USERNAME", `User found for username "${username}".`);
- return cb({
- status: "success",
- data: {
- _id: account._id,
- name: account.name,
- username: account.username,
- location: account.location,
- bio: account.bio,
- role: account.role,
- avatar: account.avatar,
- createdAt: account.createdAt
- }
- });
- }
- );
- },
- /**
- * Gets a username from an userId
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} userId - the userId of the person we are trying to get the username from
- * @param {Function} cb - gets called with the result
- */
- async getUsernameFromId(session, userId, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- userModel
- .findById(userId)
- .then(user => {
- if (user) {
- this.log("SUCCESS", "GET_USERNAME_FROM_ID", `Found username for userId "${userId}".`);
- return cb({
- status: "success",
- data: user.username
- });
- }
- this.log(
- "ERROR",
- "GET_USERNAME_FROM_ID",
- `Getting the username from userId "${userId}" failed. User not found.`
- );
- return cb({
- status: "failure",
- message: "Couldn't find the user."
- });
- })
- .catch(async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "GET_USERNAME_FROM_ID",
- `Getting the username from userId "${userId}" failed. "${err}"`
- );
- cb({ status: "failure", message: err });
- }
- });
- },
- /**
- * Gets a user from a userId
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} userId - the userId of the person we are trying to get the username from
- * @param {Function} cb - gets called with the result
- */
- getUserFromId: isAdminRequired(async function getUserFromId(session, userId, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- userModel
- .findById(userId)
- .then(user => {
- if (user) {
- this.log("SUCCESS", "GET_USER_FROM_ID", `Found user for userId "${userId}".`);
- return cb({
- status: "success",
- data: {
- _id: user._id,
- username: user.username,
- role: user.role,
- liked: user.liked,
- disliked: user.disliked,
- songsRequested: user.statistics.songsRequested,
- email: {
- address: user.email.address,
- verified: user.email.verified
- },
- hasPassword: !!user.services.password,
- services: { github: user.services.github }
- }
- });
- }
- this.log(
- "ERROR",
- "GET_USER_FROM_ID",
- `Getting the user from userId "${userId}" failed. User not found.`
- );
- return cb({
- status: "failure",
- message: "Couldn't find the user."
- });
- })
- .catch(async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "GET_USER_FROM_ID", `Getting the user from userId "${userId}" failed. "${err}"`);
- cb({ status: "failure", message: err });
- }
- });
- }),
- // TODO Fix security issues
- /**
- * Gets user info from session
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Function} cb - gets called with the result
- */
- async findBySession(session, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- CacheModule.runJob(
- "HGET",
- {
- table: "sessions",
- key: session.sessionId
- },
- this
- )
- .then(session => next(null, session))
- .catch(next);
- },
- (session, next) => {
- if (!session) return next("Session not found.");
- return next(null, session);
- },
- (session, next) => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- return next(null, user);
- }
- ],
- async (err, user) => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "FIND_BY_SESSION", `User not found. "${err}"`);
- return cb({ status: "failure", message: err });
- }
- const data = {
- email: {
- address: user.email.address
- },
- avatar: user.avatar,
- username: user.username,
- name: user.name,
- location: user.location,
- bio: user.bio
- };
- if (user.services.password && user.services.password.password) data.password = true;
- if (user.services.github && user.services.github.id) data.github = true;
- this.log("SUCCESS", "FIND_BY_SESSION", `User found. "${user.username}".`);
- return cb({
- status: "success",
- data
- });
- }
- );
- },
- /**
- * Updates a user's username
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} updatingUserId - the updating user's id
- * @param {string} newUsername - the new username
- * @param {Function} cb - gets called with the result
- */
- updateUsername: isLoginRequired(async function updateUsername(session, updatingUserId, newUsername, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- if (updatingUserId === session.userId) return next(null, true);
- return userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin")) return next("Invalid permissions.");
- return userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- if (user.username === newUsername)
- return next("New username can't be the same as the old username.");
- return next(null);
- },
- next => {
- userModel.findOne({ username: new RegExp(`^${newUsername}$`, "i") }, next);
- },
- (user, next) => {
- if (!user) return next();
- if (user._id === updatingUserId) return next();
- return next("That username is already in use.");
- },
- next => {
- userModel.updateOne(
- { _id: updatingUserId },
- { $set: { username: newUsername } },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_USERNAME",
- `Couldn't update username for user "${updatingUserId}" to username "${newUsername}". "${err}"`
- );
- return cb({ status: "failure", message: err });
- }
- CacheModule.runJob("PUB", {
- channel: "user.updateUsername",
- value: {
- username: newUsername,
- _id: updatingUserId
- }
- });
- this.log(
- "SUCCESS",
- "UPDATE_USERNAME",
- `Updated username for user "${updatingUserId}" to username "${newUsername}".`
- );
- return cb({
- status: "success",
- message: "Username updated successfully"
- });
- }
- );
- }),
- /**
- * Updates a user's email
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} updatingUserId - the updating user's id
- * @param {string} newEmail - the new email
- * @param {Function} cb - gets called with the result
- */
- updateEmail: isLoginRequired(async function updateEmail(session, updatingUserId, newEmail, cb) {
- newEmail = newEmail.toLowerCase();
- const verificationToken = await UtilsModule.runJob("GENERATE_RANDOM_STRING", { length: 64 }, this);
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- const verifyEmailSchema = await MailModule.runJob("GET_SCHEMA", { schemaName: "verifyEmail" }, this);
- async.waterfall(
- [
- next => {
- if (updatingUserId === session.userId) return next(null, true);
- return userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin")) return next("Invalid permissions.");
- return userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- if (user.email.address === newEmail)
- return next("New email can't be the same as your the old email.");
- return next();
- },
- next => {
- userModel.findOne({ "email.address": newEmail }, next);
- },
- (user, next) => {
- if (!user) return next();
- if (user._id === updatingUserId) return next();
- return next("That email is already in use.");
- },
- // regenerate the url for gravatar avatar
- next => {
- UtilsModule.runJob("CREATE_GRAVATAR", { email: newEmail }, this).then(url => {
- next(null, url);
- });
- },
- (newAvatarUrl, next) => {
- userModel.updateOne(
- { _id: updatingUserId },
- {
- $set: {
- "avatar.url": newAvatarUrl,
- "email.address": newEmail,
- "email.verified": false,
- "email.verificationToken": verificationToken
- }
- },
- { runValidators: true },
- next
- );
- },
- (res, next) => {
- userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- verifyEmailSchema(newEmail, user.username, verificationToken, err => {
- next(err);
- });
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_EMAIL",
- `Couldn't update email for user "${updatingUserId}" to email "${newEmail}". '${err}'`
- );
- return cb({ status: "failure", message: err });
- }
- this.log(
- "SUCCESS",
- "UPDATE_EMAIL",
- `Updated email for user "${updatingUserId}" to email "${newEmail}".`
- );
- return cb({
- status: "success",
- message: "Email updated successfully."
- });
- }
- );
- }),
- /**
- * Updates a user's name
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} updatingUserId - the updating user's id
- * @param {string} newBio - the new name
- * @param {Function} cb - gets called with the result
- */
- updateName: isLoginRequired(async function updateName(session, updatingUserId, newName, cb) {
- const userModel = await DBModule.runJob(
- "GET_MODEL",
- {
- modelName: "user"
- },
- this
- );
- async.waterfall(
- [
- next => {
- if (updatingUserId === session.userId) return next(null, true);
- return userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin")) return next("Invalid permissions.");
- return userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- return userModel.updateOne(
- { _id: updatingUserId },
- { $set: { name: newName } },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_NAME",
- `Couldn't update name for user "${updatingUserId}" to name "${newName}". "${err}"`
- );
- return cb({ status: "failure", message: err });
- }
- ActivitiesModule.runJob("ADD_ACTIVITY", {
- userId: updatingUserId,
- type: "user__edit_name",
- payload: { message: `Changed name to ${newName}` }
- });
- this.log("SUCCESS", "UPDATE_NAME", `Updated name for user "${updatingUserId}" to name "${newName}".`);
- return cb({
- status: "success",
- message: "Name updated successfully"
- });
- }
- );
- }),
- /**
- * Updates a user's location
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} updatingUserId - the updating user's id
- * @param {string} newLocation - the new location
- * @param {Function} cb - gets called with the result
- */
- updateLocation: isLoginRequired(async function updateLocation(session, updatingUserId, newLocation, cb) {
- const userModel = await DBModule.runJob(
- "GET_MODEL",
- {
- modelName: "user"
- },
- this
- );
- async.waterfall(
- [
- next => {
- if (updatingUserId === session.userId) return next(null, true);
- return userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin")) return next("Invalid permissions.");
- return userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- return userModel.updateOne(
- { _id: updatingUserId },
- { $set: { location: newLocation } },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_LOCATION",
- `Couldn't update location for user "${updatingUserId}" to location "${newLocation}". "${err}"`
- );
- return cb({ status: "failure", message: err });
- }
- ActivitiesModule.runJob("ADD_ACTIVITY", {
- userId: updatingUserId,
- type: "user__edit_location",
- payload: { message: `Changed location to ${newLocation}` }
- });
- this.log(
- "SUCCESS",
- "UPDATE_LOCATION",
- `Updated location for user "${updatingUserId}" to location "${newLocation}".`
- );
- return cb({
- status: "success",
- message: "Location updated successfully"
- });
- }
- );
- }),
- /**
- * Updates a user's bio
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} updatingUserId - the updating user's id
- * @param {string} newBio - the new bio
- * @param {Function} cb - gets called with the result
- */
- updateBio: isLoginRequired(async function updateBio(session, updatingUserId, newBio, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- if (updatingUserId === session.userId) return next(null, true);
- return userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin")) return next("Invalid permissions.");
- return userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- return userModel.updateOne(
- { _id: updatingUserId },
- { $set: { bio: newBio } },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_BIO",
- `Couldn't update bio for user "${updatingUserId}" to bio "${newBio}". "${err}"`
- );
- return cb({ status: "failure", message: err });
- }
- ActivitiesModule.runJob("ADD_ACTIVITY", {
- userId: updatingUserId,
- type: "user__edit_bio",
- payload: { message: `Changed bio to ${newBio}` }
- });
- this.log("SUCCESS", "UPDATE_BIO", `Updated bio for user "${updatingUserId}" to bio "${newBio}".`);
- return cb({
- status: "success",
- message: "Bio updated successfully"
- });
- }
- );
- }),
- /**
- * Updates the type of a user's avatar
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} updatingUserId - the updating user's id
- * @param {string} newType - the new type
- * @param {Function} cb - gets called with the result
- */
- updateAvatarType: isLoginRequired(async function updateAvatarType(session, updatingUserId, newAvatar, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- if (updatingUserId === session.userId) return next(null, true);
- return userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin")) return next("Invalid permissions.");
- return userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- return userModel.findOneAndUpdate(
- { _id: updatingUserId },
- { $set: { "avatar.type": newAvatar.type, "avatar.color": newAvatar.color } },
- { new: true, runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_AVATAR_TYPE",
- `Couldn't update avatar type for user "${updatingUserId}" to type "${newAvatar.type}". "${err}"`
- );
- return cb({ status: "failure", message: err });
- }
- ActivitiesModule.runJob("ADD_ACTIVITY", {
- userId: updatingUserId,
- type: "user__edit_avatar",
- payload: { message: `Changed avatar to use ${newAvatar.type}` }
- });
- this.log(
- "SUCCESS",
- "UPDATE_AVATAR_TYPE",
- `Updated avatar type for user "${updatingUserId}" to type "${newAvatar.type}".`
- );
- return cb({
- status: "success",
- message: "Avatar type updated successfully"
- });
- }
- );
- }),
- /**
- * Updates a user's role
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} updatingUserId - the updating user's id
- * @param {string} newRole - the new role
- * @param {Function} cb - gets called with the result
- */
- updateRole: isAdminRequired(async function updateRole(session, updatingUserId, newRole, cb) {
- newRole = newRole.toLowerCase();
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- if (user.role === newRole) return next("New role can't be the same as the old role.");
- return next();
- },
- next => {
- userModel.updateOne(
- { _id: updatingUserId },
- { $set: { role: newRole } },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_ROLE",
- `User "${session.userId}" couldn't update role for user "${updatingUserId}" to role "${newRole}". "${err}"`
- );
- return cb({ status: "failure", message: err });
- }
- this.log(
- "SUCCESS",
- "UPDATE_ROLE",
- `User "${session.userId}" updated the role of user "${updatingUserId}" to role "${newRole}".`
- );
- return cb({
- status: "success",
- message: "Role successfully updated."
- });
- }
- );
- }),
- /**
- * Updates a user's password
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} previousPassword - the previous password
- * @param {string} newPassword - the new password
- * @param {Function} cb - gets called with the result
- */
- updatePassword: isLoginRequired(async function updatePassword(session, previousPassword, newPassword, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user.services.password) return next("This account does not have a password set.");
- return next(null, user.services.password.password);
- },
- (storedPassword, next) => {
- bcrypt.compare(sha256(previousPassword), storedPassword).then(res => {
- if (res) return next();
- return next("Please enter the correct previous password.");
- });
- },
- next => {
- if (!DBModule.passwordValid(newPassword))
- return next("Invalid new password. Check if it meets all the requirements.");
- return next();
- },
- next => {
- bcrypt.genSalt(10, next);
- },
- // hash the password
- (salt, next) => {
- bcrypt.hash(sha256(newPassword), salt, next);
- },
- (hashedPassword, next) => {
- userModel.updateOne(
- { _id: session.userId },
- {
- $set: {
- "services.password.password": hashedPassword
- }
- },
- next
- );
- }
- ],
- async err => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_PASSWORD",
- `Failed updating user password of user '${session.userId}'. '${err}'.`
- );
- return cb({ status: "failure", message: err });
- }
- this.log("SUCCESS", "UPDATE_PASSWORD", `User '${session.userId}' updated their password.`);
- return cb({
- status: "success",
- message: "Password successfully updated."
- });
- }
- );
- }),
- /**
- * Requests a password for a session
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} email - the email of the user that requests a password reset
- * @param {Function} cb - gets called with the result
- */
- requestPassword: isLoginRequired(async function requestPassword(session, cb) {
- const code = await UtilsModule.runJob("GENERATE_RANDOM_STRING", { length: 8 }, this);
- const passwordRequestSchema = await MailModule.runJob(
- "GET_SCHEMA",
- {
- schemaName: "passwordRequest"
- },
- this
- );
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- if (user.services.password && user.services.password.password)
- return next("You already have a password set.");
- return next(null, user);
- },
- (user, next) => {
- const expires = new Date();
- expires.setDate(expires.getDate() + 1);
- userModel.findOneAndUpdate(
- { "email.address": user.email.address },
- {
- $set: {
- "services.password": {
- set: { code, expires }
- }
- }
- },
- { runValidators: true },
- next
- );
- },
- (user, next) => {
- passwordRequestSchema(user.email.address, user.username, code, next);
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "REQUEST_PASSWORD",
- `UserId '${session.userId}' failed to request password. '${err}'`
- );
- return cb({ status: "failure", message: err });
- }
- this.log(
- "SUCCESS",
- "REQUEST_PASSWORD",
- `UserId '${session.userId}' successfully requested a password.`
- );
- return cb({
- status: "success",
- message: "Successfully requested password."
- });
- }
- );
- }),
- /**
- * Verifies a password code
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} code - the password code
- * @param {Function} cb - gets called with the result
- */
- verifyPasswordCode: isLoginRequired(async function verifyPasswordCode(session, code, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- if (!code || typeof code !== "string") return next("Invalid code.");
- return userModel.findOne(
- {
- "services.password.set.code": code,
- _id: session.userId
- },
- next
- );
- },
- (user, next) => {
- if (!user) return next("Invalid code.");
- if (user.services.password.set.expires < new Date()) return next("That code has expired.");
- return next(null);
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "VERIFY_PASSWORD_CODE", `Code '${code}' failed to verify. '${err}'`);
- cb({ status: "failure", message: err });
- } else {
- this.log("SUCCESS", "VERIFY_PASSWORD_CODE", `Code '${code}' successfully verified.`);
- cb({
- status: "success",
- message: "Successfully verified password code."
- });
- }
- }
- );
- }),
- /**
- * Adds a password to a user with a code
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} code - the password code
- * @param {string} newPassword - the new password code
- * @param {Function} cb - gets called with the result
- */
- changePasswordWithCode: isLoginRequired(async function changePasswordWithCode(session, code, newPassword, cb) {
- const userModel = await DBModule.runJob(
- "GET_MODEL",
- {
- modelName: "user"
- },
- this
- );
- async.waterfall(
- [
- next => {
- if (!code || typeof code !== "string") return next("Invalid code.");
- return userModel.findOne({ "services.password.set.code": code }, next);
- },
- (user, next) => {
- if (!user) return next("Invalid code.");
- if (!user.services.password.set.expires > new Date()) return next("That code has expired.");
- return next();
- },
- next => {
- if (!DBModule.passwordValid(newPassword))
- return next("Invalid password. Check if it meets all the requirements.");
- return next();
- },
- next => {
- bcrypt.genSalt(10, next);
- },
- // hash the password
- (salt, next) => {
- bcrypt.hash(sha256(newPassword), salt, next);
- },
- (hashedPassword, next) => {
- userModel.updateOne(
- { "services.password.set.code": code },
- {
- $set: {
- "services.password.password": hashedPassword
- },
- $unset: { "services.password.set": "" }
- },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "ADD_PASSWORD_WITH_CODE", `Code '${code}' failed to add password. '${err}'`);
- return cb({ status: "failure", message: err });
- }
- this.log("SUCCESS", "ADD_PASSWORD_WITH_CODE", `Code '${code}' successfully added password.`);
- CacheModule.runJob("PUB", {
- channel: "user.linkPassword",
- value: session.userId
- });
- return cb({
- status: "success",
- message: "Successfully added password."
- });
- }
- );
- }),
- /**
- * Unlinks password from user
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Function} cb - gets called with the result
- */
- unlinkPassword: isLoginRequired(async function unlinkPassword(session, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user) return next("Not logged in.");
- if (!user.services.github || !user.services.github.id)
- return next("You can't remove password login without having GitHub login.");
- return userModel.updateOne({ _id: session.userId }, { $unset: { "services.password": "" } }, next);
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UNLINK_PASSWORD",
- `Unlinking password failed for userId '${session.userId}'. '${err}'`
- );
- return cb({ status: "failure", message: err });
- }
- this.log("SUCCESS", "UNLINK_PASSWORD", `Unlinking password successful for userId '${session.userId}'.`);
- CacheModule.runJob("PUB", {
- channel: "user.unlinkPassword",
- value: session.userId
- });
- return cb({
- status: "success",
- message: "Successfully unlinked password."
- });
- }
- );
- }),
- /**
- * Unlinks GitHub from user
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Function} cb - gets called with the result
- */
- unlinkGitHub: isLoginRequired(async function unlinkGitHub(session, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user) return next("Not logged in.");
- if (!user.services.password || !user.services.password.password)
- return next("You can't remove GitHub login without having password login.");
- return userModel.updateOne({ _id: session.userId }, { $unset: { "services.github": "" } }, next);
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UNLINK_GITHUB",
- `Unlinking GitHub failed for userId '${session.userId}'. '${err}'`
- );
- return cb({ status: "failure", message: err });
- }
- this.log("SUCCESS", "UNLINK_GITHUB", `Unlinking GitHub successful for userId '${session.userId}'.`);
- CacheModule.runJob("PUB", {
- channel: "user.unlinkGithub",
- value: session.userId
- });
- return cb({
- status: "success",
- message: "Successfully unlinked GitHub."
- });
- }
- );
- }),
- /**
- * Requests a password reset for an email
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} email - the email of the user that requests a password reset
- * @param {Function} cb - gets called with the result
- */
- async requestPasswordReset(session, email, cb) {
- const code = await UtilsModule.runJob("GENERATE_RANDOM_STRING", { length: 8 }, this);
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- const resetPasswordRequestSchema = await MailModule.runJob(
- "GET_SCHEMA",
- { schemaName: "resetPasswordRequest" },
- this
- );
- async.waterfall(
- [
- next => {
- if (!email || typeof email !== "string") return next("Invalid email.");
- email = email.toLowerCase();
- return userModel.findOne({ "email.address": email }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- if (!user.services.password || !user.services.password.password)
- return next("User does not have a password set, and probably uses GitHub to log in.");
- return next(null, user);
- },
- (user, next) => {
- const expires = new Date();
- expires.setDate(expires.getDate() + 1);
- userModel.findOneAndUpdate(
- { "email.address": email },
- {
- $set: {
- "services.password.reset": {
- code,
- expires
- }
- }
- },
- { runValidators: true },
- next
- );
- },
- (user, next) => {
- resetPasswordRequestSchema(user.email.address, user.username, code, next);
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "REQUEST_PASSWORD_RESET",
- `Email '${email}' failed to request password reset. '${err}'`
- );
- return cb({ status: "failure", message: err });
- }
- this.log(
- "SUCCESS",
- "REQUEST_PASSWORD_RESET",
- `Email '${email}' successfully requested a password reset.`
- );
- return cb({
- status: "success",
- message: "Successfully requested password reset."
- });
- }
- );
- },
- /**
- * Verifies a reset code
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} code - the password reset code
- * @param {Function} cb - gets called with the result
- */
- async verifyPasswordResetCode(session, code, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- if (!code || typeof code !== "string") return next("Invalid code.");
- return userModel.findOne({ "services.password.reset.code": code }, next);
- },
- (user, next) => {
- if (!user) return next("Invalid code.");
- if (!user.services.password.reset.expires > new Date()) return next("That code has expired.");
- return next(null);
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "VERIFY_PASSWORD_RESET_CODE", `Code '${code}' failed to verify. '${err}'`);
- return cb({ status: "failure", message: err });
- }
- this.log("SUCCESS", "VERIFY_PASSWORD_RESET_CODE", `Code '${code}' successfully verified.`);
- return cb({
- status: "success",
- message: "Successfully verified password reset code."
- });
- }
- );
- },
- /**
- * Changes a user's password with a reset code
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} code - the password reset code
- * @param {string} newPassword - the new password reset code
- * @param {Function} cb - gets called with the result
- */
- async changePasswordWithResetCode(session, code, newPassword, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- if (!code || typeof code !== "string") return next("Invalid code.");
- return userModel.findOne({ "services.password.reset.code": code }, next);
- },
- (user, next) => {
- if (!user) return next("Invalid code.");
- if (!user.services.password.reset.expires > new Date()) return next("That code has expired.");
- return next();
- },
- next => {
- if (!DBModule.passwordValid(newPassword))
- return next("Invalid password. Check if it meets all the requirements.");
- return next();
- },
- next => {
- bcrypt.genSalt(10, next);
- },
- // hash the password
- (salt, next) => {
- bcrypt.hash(sha256(newPassword), salt, next);
- },
- (hashedPassword, next) => {
- userModel.updateOne(
- { "services.password.reset.code": code },
- {
- $set: {
- "services.password.password": hashedPassword
- },
- $unset: { "services.password.reset": "" }
- },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "CHANGE_PASSWORD_WITH_RESET_CODE",
- `Code '${code}' failed to change password. '${err}'`
- );
- return cb({ status: "failure", message: err });
- }
- this.log("SUCCESS", "CHANGE_PASSWORD_WITH_RESET_CODE", `Code '${code}' successfully changed password.`);
- return cb({
- status: "success",
- message: "Successfully changed password."
- });
- }
- );
- },
- /**
- * Bans a user by userId
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} value - the user id that is going to be banned
- * @param {string} reason - the reason for the ban
- * @param {string} expiresAt - the time the ban expires
- * @param {Function} cb - gets called with the result
- */
- banUserById: isAdminRequired(function banUserById(session, userId, reason, expiresAt, cb) {
- async.waterfall(
- [
- next => {
- if (!userId) return next("You must provide a userId to ban.");
- if (!reason) return next("You must provide a reason for the ban.");
- return next();
- },
- next => {
- if (!expiresAt || typeof expiresAt !== "string") return next("Invalid expire date.");
- const date = new Date();
- switch (expiresAt) {
- case "1h":
- expiresAt = date.setHours(date.getHours() + 1);
- break;
- case "12h":
- expiresAt = date.setHours(date.getHours() + 12);
- break;
- case "1d":
- expiresAt = date.setDate(date.getDate() + 1);
- break;
- case "1w":
- expiresAt = date.setDate(date.getDate() + 7);
- break;
- case "1m":
- expiresAt = date.setMonth(date.getMonth() + 1);
- break;
- case "3m":
- expiresAt = date.setMonth(date.getMonth() + 3);
- break;
- case "6m":
- expiresAt = date.setMonth(date.getMonth() + 6);
- break;
- case "1y":
- expiresAt = date.setFullYear(date.getFullYear() + 1);
- break;
- case "never":
- expiresAt = new Date(3093527980800000);
- break;
- default:
- return next("Invalid expire date.");
- }
- return next();
- },
- next => {
- PunishmentsModule.runJob(
- "ADD_PUNISHMENT",
- {
- type: "banUserId",
- value: userId,
- reason,
- expiresAt,
- punishedBy: "" // needs changed
- },
- this
- )
- .then(punishment => next(null, punishment))
- .catch(next);
- },
- (punishment, next) => {
- CacheModule.runJob("PUB", {
- channel: "user.ban",
- value: { userId, punishment }
- });
- next();
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "BAN_USER_BY_ID",
- `User ${session.userId} failed to ban user ${userId} with the reason ${reason}. '${err}'`
- );
- return cb({ status: "failure", message: err });
- }
- this.log(
- "SUCCESS",
- "BAN_USER_BY_ID",
- `User ${session.userId} has successfully banned user ${userId} with the reason ${reason}.`
- );
- return cb({
- status: "success",
- message: "Successfully banned user."
- });
- }
- );
- })
- };
|