| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100 |
- "use strict";
- const async = require("async");
- const config = require("config");
- const request = require("request");
- const bcrypt = require("bcrypt");
- const sha256 = require("sha256");
- const hooks = require("./hooks");
- // const moduleManager = require("../../index");
- const db = require("../db");
- const mail = require("../mail");
- const cache = require("../cache");
- const punishments = require("../punishments");
- const utils = require("../utils");
- // const logger = require("../logger");
- const activities = require("../activities");
- cache.runJob("SUB", {
- channel: "user.updateUsername",
- cb: (user) => {
- utils.runJob("SOCKETS_FROM_USER", { userId: user._id }).then(response => {
- response.sockets.forEach((socket) => {
- socket.emit("event:user.username.changed", user.username);
- });
- });
- },
- });
- cache.runJob("SUB", {
- channel: "user.removeSessions",
- cb: (userId) => {
- utils.runJob("SOCKETS_FROM_USER_WITHOUT_CACHE", { userId }).then(response => {
- response.sockets.forEach((socket) => {
- socket.emit("keep.event:user.session.removed");
- });
- });
- },
- });
- cache.runJob("SUB", {
- channel: "user.linkPassword",
- cb: (userId) => {
- utils.runJob("SOCKETS_FROM_USER", { userId }).then(response => {
- response.sockets.forEach((socket) => {
- socket.emit("event:user.linkPassword");
- });
- });
- },
- });
- cache.runJob("SUB", {
- channel: "user.unlinkPassword",
- cb: userId => {
- utils.runJob("SOCKETS_FROM_USER", { userId }).then(response => {
- response.sockets.forEach((socket) => {
- socket.emit("event:user.unlinkPassword");
- });
- });
- },
- });
- cache.runJob("SUB", {
- channel: "user.linkGithub",
- cb: (userId) => {
- utils.runJob("SOCKETS_FROM_USER", { userId }).then(response => {
- response.sockets.forEach((socket) => {
- socket.emit("event:user.linkGithub");
- });
- });
- },
- });
- cache.runJob("SUB", {
- channel: "user.unlinkGithub",
- cb: userId => {
- utils.runJob("SOCKETS_FROM_USER", { userId }).then(response => {
- response.sockets.forEach((socket) => {
- socket.emit("event:user.unlinkGithub");
- });
- });
- },
- });
- cache.runJob("SUB", {
- channel: "user.ban",
- cb: (data) => {
- utils.runJob("SOCKETS_FROM_USER", { userId: data.userId }).then(response => {
- response.sockets.forEach((socket) => {
- socket.emit("keep.event:banned", data.punishment);
- socket.disconnect(true);
- });
- });
- },
- });
- cache.runJob("SUB", {
- channel: "user.favoritedStation",
- cb: (data) => {
- utils.runJob("SOCKETS_FROM_USER", { userId: data.userId }).then(response => {
- response.sockets.forEach((socket) => {
- socket.emit("event:user.favoritedStation", data.stationId);
- });
- });
- },
- });
- cache.runJob("SUB", {
- channel: "user.unfavoritedStation",
- cb: (data) => {
- utils.runJob("SOCKETS_FROM_USER", { userId: data.userId }).then(response => {
- response.sockets.forEach((socket) => {
- socket.emit(
- "event:user.unfavoritedStation",
- data.stationId
- );
- });
- });
- },
- });
- module.exports = {
- /**
- * Lists all Users
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {Function} cb - gets called with the result
- */
- index: hooks.adminRequired(async (session, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- userModel.find({}).exec(next);
- },
- ],
- async (err, users) => {
- if (err) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "USER_INDEX",
- `Indexing users failed. "${err}"`
- );
- return cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "USER_INDEX",
- `Indexing users successful.`
- );
- let filteredUsers = [];
- users.forEach((user) => {
- filteredUsers.push({
- _id: user._id,
- username: user.username,
- role: user.role,
- liked: user.liked,
- disliked: user.disliked,
- songsRequested: user.statistics.songsRequested,
- email: {
- address: user.email.address,
- verified: user.email.verified,
- },
- hasPassword: !!user.services.password,
- services: { github: user.services.github },
- });
- });
- return cb({ status: "success", data: filteredUsers });
- }
- }
- );
- }),
- /**
- * Logs user in
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} identifier - the email of the user
- * @param {String} password - the plaintext of the user
- * @param {Function} cb - gets called with the result
- */
- login: async (session, identifier, password, cb) => {
- identifier = identifier.toLowerCase();
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- const sessionSchema = await cache.runJob("GET_SCHEMA", {
- schemaName: "session",
- });
- async.waterfall(
- [
- // check if a user with the requested identifier exists
- (next) => {
- userModel.findOne(
- {
- $or: [{ "email.address": identifier }],
- },
- next
- );
- },
- // if the user doesn't exist, respond with a failure
- // otherwise compare the requested password and the actual users password
- (user, next) => {
- if (!user) return next("User not found");
- if (
- !user.services.password ||
- !user.services.password.password
- )
- return next(
- "The account you are trying to access uses GitHub to log in."
- );
- bcrypt.compare(
- sha256(password),
- user.services.password.password,
- (err, match) => {
- if (err) return next(err);
- if (!match) return next("Incorrect password");
- next(null, user);
- }
- );
- },
- (user, next) => {
- utils.runJob("GUID", {}).then((sessionId) => {
- next(null, user, sessionId);
- });
- },
- (user, sessionId, next) => {
- cache
- .runJob("HSET", {
- table: "sessions",
- key: sessionId,
- value: sessionSchema(sessionId, user._id),
- })
- .then(() => {
- next(null, sessionId);
- })
- .catch(next);
- },
- ],
- async (err, sessionId) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "USER_PASSWORD_LOGIN",
- `Login failed with password for user "${identifier}". "${err}"`
- );
- return cb({ status: "failure", message: err });
- }
- console.log(
- "SUCCESS",
- "USER_PASSWORD_LOGIN",
- `Login successful with password for user "${identifier}"`
- );
- cb({
- status: "success",
- message: "Login successful",
- user: {},
- SID: sessionId,
- });
- }
- );
- },
- /**
- * Registers a new user
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} username - the username for the new user
- * @param {String} email - the email for the new user
- * @param {String} password - the plaintext password for the new user
- * @param {Object} recaptcha - the recaptcha data
- * @param {Function} cb - gets called with the result
- */
- register: async function(
- session,
- username,
- email,
- password,
- recaptcha,
- cb
- ) {
- email = email.toLowerCase();
- let verificationToken = await utils.runJob("GENERATE_RANDOM_STRING", {
- length: 64,
- });
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- const verifyEmailSchema = await mail.runJob("GET_SCHEMA", {
- schemaName: "verifyEmail",
- });
- async.waterfall(
- [
- (next) => {
- if (config.get("registrationDisabled") === true)
- return next("Registration is not allowed at this time.");
- return next();
- },
- (next) => {
- if (!db.passwordValid(password))
- return next(
- "Invalid password. Check if it meets all the requirements."
- );
- return next();
- },
- // verify the request with google recaptcha
- (next) => {
- if (config.get("apis.recaptcha.enabled") === true)
- request(
- {
- url:
- "https://www.google.com/recaptcha/api/siteverify",
- method: "POST",
- form: {
- secret: config.get("apis").recaptcha.secret,
- response: recaptcha,
- },
- },
- next
- );
- else next(null, null, null);
- },
- // check if the response from Google recaptcha is successful
- // if it is, we check if a user with the requested username already exists
- (response, body, next) => {
- if (config.get("apis.recaptcha.enabled") === true) {
- let json = JSON.parse(body);
- if (json.success !== true)
- return next(
- "Response from recaptcha was not successful."
- );
- }
- userModel.findOne(
- { username: new RegExp(`^${username}$`, "i") },
- next
- );
- },
- // if the user already exists, respond with that
- // otherwise check if a user with the requested email already exists
- (user, next) => {
- if (user)
- return next(
- "A user with that username already exists."
- );
- userModel.findOne({ "email.address": email }, next);
- },
- // if the user already exists, respond with that
- // otherwise, generate a salt to use with hashing the new users password
- (user, next) => {
- if (user)
- return next("A user with that email already exists.");
- bcrypt.genSalt(10, next);
- },
- // hash the password
- (salt, next) => {
- bcrypt.hash(sha256(password), salt, next);
- },
- (hash, next) => {
- utils
- .runJob("GENERATE_RANDOM_STRING", { length: 12 })
- .then((_id) => {
- next(null, hash, _id);
- });
- },
- // create the user object
- (hash, _id, next) => {
- next(null, {
- _id,
- username,
- email: {
- address: email,
- verificationToken,
- },
- services: {
- password: {
- password: hash,
- },
- },
- });
- },
- // generate the url for gravatar avatar
- (user, next) => {
- utils
- .runJob("CREATE_GRAVATAR", {
- email: user.email.address,
- })
- .then((url) => {
- user.avatar = url;
- next(null, user);
- });
- },
- // save the new user to the database
- (user, next) => {
- userModel.create(user, next);
- },
- // respond with the new user
- (newUser, next) => {
- verifyEmailSchema(
- email,
- username,
- verificationToken,
- () => {
- next(null, newUser);
- }
- );
- },
- ],
- async (err, user) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "USER_PASSWORD_REGISTER",
- `Register failed with password for user "${username}"."${err}"`
- );
- return cb({ status: "failure", message: err });
- } else {
- module.exports.login(session, email, password, (result) => {
- let obj = {
- status: "success",
- message: "Successfully registered.",
- };
- if (result.status === "success") {
- obj.SID = result.SID;
- }
- activities.runJob("ADD_ACTIVITY", {
- userId: user._id,
- activityType: "created_account",
- });
- console.log(
- "SUCCESS",
- "USER_PASSWORD_REGISTER",
- `Register successful with password for user "${username}".`
- );
- return cb(obj);
- });
- }
- }
- );
- },
- /**
- * Logs out a user
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {Function} cb - gets called with the result
- */
- logout: (session, cb) => {
- async.waterfall(
- [
- (next) => {
- cache
- .runJob("HGET", {
- table: "sessions",
- key: session.sessionId,
- })
- .then((session) => {
- next(null, session);
- })
- .catch(next);
- },
- (session, next) => {
- if (!session) return next("Session not found");
- next(null, session);
- },
- (session, next) => {
- cache
- .runJob("HDEL", {
- table: "sessions",
- key: session.sessionId,
- })
- .then(() => {
- next();
- })
- .catch(next);
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "USER_LOGOUT",
- `Logout failed. "${err}" `
- );
- cb({ status: "failure", message: err });
- } else {
- console.log("SUCCESS", "USER_LOGOUT", `Logout successful.`);
- cb({
- status: "success",
- message: "Successfully logged out.",
- });
- }
- }
- );
- },
- /**
- * Removes all sessions for a user
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} userId - the id of the user we are trying to delete the sessions of
- * @param {Function} cb - gets called with the result
- */
- removeSessions: hooks.loginRequired(async (session, userId, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- userModel.findOne({ _id: session.userId }, (err, user) => {
- if (err) return next(err);
- if (user.role !== "admin" && session.userId !== userId)
- return next(
- "Only admins and the owner of the account can remove their sessions."
- );
- else return next();
- });
- },
- (next) => {
- cache
- .runJob("HGETALL", { table: "sessions" })
- .then((sessions) => {
- next(null, sessions);
- })
- .catch(next);
- },
- (sessions, next) => {
- if (!sessions)
- return next(
- "There are no sessions for this user to remove."
- );
- else {
- let keys = Object.keys(sessions);
- next(null, keys, sessions);
- }
- },
- (keys, sessions, next) => {
- cache.runJob("PUB", {
- channel: "user.removeSessions",
- value: userId,
- });
- async.each(
- keys,
- (sessionId, callback) => {
- let session = sessions[sessionId];
- if (session.userId === userId) {
- cache
- .runJob("HDEL", {
- channel: "sessions",
- key: sessionId,
- })
- .then(() => {
- callback(null);
- })
- .catch(next);
- }
- },
- (err) => {
- next(err);
- }
- );
- },
- ],
- async (err) => {
- if (err) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "REMOVE_SESSIONS_FOR_USER",
- `Couldn't remove all sessions for user "${userId}". "${err}"`
- );
- return cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "REMOVE_SESSIONS_FOR_USER",
- `Removed all sessions for user "${userId}".`
- );
- return cb({
- status: "success",
- message: "Successfully removed all sessions.",
- });
- }
- }
- );
- }),
- /**
- * Gets user object from username (only a few properties)
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} username - the username of the user we are trying to find
- * @param {Function} cb - gets called with the result
- */
- findByUsername: async (session, username, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- userModel.findOne(
- { username: new RegExp(`^${username}$`, "i") },
- next
- );
- },
- (account, next) => {
- if (!account) return next("User not found.");
- next(null, account);
- },
- ],
- async (err, account) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "FIND_BY_USERNAME",
- `User not found for username "${username}". "${err}"`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "FIND_BY_USERNAME",
- `User found for username "${username}".`
- );
- return cb({
- status: "success",
- data: {
- _id: account._id,
- name: account.name,
- username: account.username,
- location: account.location,
- bio: account.bio,
- role: account.role,
- avatar: account.avatar,
- createdAt: account.createdAt,
- },
- });
- }
- }
- );
- },
- /**
- * Gets a username from an userId
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} userId - the userId of the person we are trying to get the username from
- * @param {Function} cb - gets called with the result
- */
- getUsernameFromId: async (session, userId, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- userModel
- .findById(userId)
- .then((user) => {
- if (user) {
- console.log(
- "SUCCESS",
- "GET_USERNAME_FROM_ID",
- `Found username for userId "${userId}".`
- );
- return cb({
- status: "success",
- data: user.username,
- });
- } else {
- console.log(
- "ERROR",
- "GET_USERNAME_FROM_ID",
- `Getting the username from userId "${userId}" failed. User not found.`
- );
- cb({
- status: "failure",
- message: "Couldn't find the user.",
- });
- }
- })
- .catch(async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "GET_USERNAME_FROM_ID",
- `Getting the username from userId "${userId}" failed. "${err}"`
- );
- cb({ status: "failure", message: err });
- }
- });
- },
- //TODO Fix security issues
- /**
- * Gets user info from session
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {Function} cb - gets called with the result
- */
- findBySession: async (session, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- cache
- .runJob("HGET", {
- table: "sessions",
- key: session.sessionId,
- })
- .then((session) => {
- next(null, session);
- })
- .catch(next);
- },
- (session, next) => {
- if (!session) return next("Session not found.");
- next(null, session);
- },
- (session, next) => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- next(null, user);
- },
- ],
- async (err, user) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "FIND_BY_SESSION",
- `User not found. "${err}"`
- );
- cb({ status: "failure", message: err });
- } else {
- let data = {
- email: {
- address: user.email.address,
- },
- avatar: user.avatar,
- username: user.username,
- name: user.name,
- location: user.location,
- bio: user.bio,
- };
- if (
- user.services.password &&
- user.services.password.password
- )
- data.password = true;
- if (user.services.github && user.services.github.id)
- data.github = true;
- console.log(
- "SUCCESS",
- "FIND_BY_SESSION",
- `User found. "${user.username}".`
- );
- return cb({
- status: "success",
- data,
- });
- }
- }
- );
- },
- /**
- * Updates a user's username
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} updatingUserId - the updating user's id
- * @param {String} newUsername - the new username
- * @param {Function} cb - gets called with the result
- */
- updateUsername: hooks.loginRequired(
- async (session, updatingUserId, newUsername, cb) => {
- const userModel = await db.runJob("GET_MODEL", {
- modelName: "user",
- });
- async.waterfall(
- [
- (next) => {
- if (updatingUserId === session.userId)
- return next(null, true);
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin"))
- return next("Invalid permissions.");
- userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- if (user.username === newUsername)
- return next(
- "New username can't be the same as the old username."
- );
- next(null);
- },
- (next) => {
- userModel.findOne(
- { username: new RegExp(`^${newUsername}$`, "i") },
- next
- );
- },
- (user, next) => {
- if (!user) return next();
- if (user._id === updatingUserId) return next();
- next("That username is already in use.");
- },
- (next) => {
- userModel.updateOne(
- { _id: updatingUserId },
- { $set: { username: newUsername } },
- { runValidators: true },
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "UPDATE_USERNAME",
- `Couldn't update username for user "${updatingUserId}" to username "${newUsername}". "${err}"`
- );
- cb({ status: "failure", message: err });
- } else {
- cache.runJob("PUB", {
- channel: "user.updateUsername",
- value: {
- username: newUsername,
- _id: updatingUserId,
- },
- });
- console.log(
- "SUCCESS",
- "UPDATE_USERNAME",
- `Updated username for user "${updatingUserId}" to username "${newUsername}".`
- );
- cb({
- status: "success",
- message: "Username updated successfully",
- });
- }
- }
- );
- }
- ),
- /**
- * Updates a user's email
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} updatingUserId - the updating user's id
- * @param {String} newEmail - the new email
- * @param {Function} cb - gets called with the result
- */
- updateEmail: hooks.loginRequired(
- async (session, updatingUserId, newEmail, cb) => {
- newEmail = newEmail.toLowerCase();
- let verificationToken = await utils.runJob(
- "GENERATE_RANDOM_STRING",
- { length: 64 }
- );
- const userModel = await db.runJob("GET_MODEL", {
- modelName: "user",
- });
- const verifyEmailSchema = await mail.runJob("GET_SCHEMA", {
- schemaName: "verifyEmail",
- });
- async.waterfall(
- [
- (next) => {
- if (updatingUserId === session.userId)
- return next(null, true);
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin"))
- return next("Invalid permissions.");
- userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- if (user.email.address === newEmail)
- return next(
- "New email can't be the same as your the old email."
- );
- next();
- },
- (next) => {
- userModel.findOne({ "email.address": newEmail }, next);
- },
- (user, next) => {
- if (!user) return next();
- if (user._id === updatingUserId) return next();
- next("That email is already in use.");
- },
- // regenerate the url for gravatar avatar
- (next) => {
- utils
- .runJob("CREATE_GRAVATAR", { email: newEmail })
- .then((url) => {
- next(null, url);
- });
- },
- (avatar, next) => {
- userModel.updateOne(
- { _id: updatingUserId },
- {
- $set: {
- avatar: avatar,
- "email.address": newEmail,
- "email.verified": false,
- "email.verificationToken": verificationToken,
- },
- },
- { runValidators: true },
- next
- );
- },
- (res, next) => {
- userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- verifyEmailSchema(
- newEmail,
- user.username,
- verificationToken,
- () => {
- next();
- }
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "UPDATE_EMAIL",
- `Couldn't update email for user "${updatingUserId}" to email "${newEmail}". '${err}'`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "UPDATE_EMAIL",
- `Updated email for user "${updatingUserId}" to email "${newEmail}".`
- );
- cb({
- status: "success",
- message: "Email updated successfully.",
- });
- }
- }
- );
- }
- ),
- /**
- * Updates a user's name
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} updatingUserId - the updating user's id
- * @param {String} newBio - the new name
- * @param {Function} cb - gets called with the result
- */
- updateName: hooks.loginRequired(
- async (session, updatingUserId, newName, cb) => {
- const userModel = await db.runJob("GET_MODEL", {
- modelName: "user",
- });
- async.waterfall(
- [
- (next) => {
- if (updatingUserId === session.userId)
- return next(null, true);
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin"))
- return next("Invalid permissions.");
- userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- userModel.updateOne(
- { _id: updatingUserId },
- { $set: { name: newName } },
- { runValidators: true },
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "UPDATE_NAME",
- `Couldn't update name for user "${updatingUserId}" to name "${newName}". "${err}"`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "UPDATE_NAME",
- `Updated name for user "${updatingUserId}" to name "${newName}".`
- );
- cb({
- status: "success",
- message: "Name updated successfully",
- });
- }
- }
- );
- }
- ),
- /**
- * Updates a user's location
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} updatingUserId - the updating user's id
- * @param {String} newLocation - the new location
- * @param {Function} cb - gets called with the result
- */
- updateLocation: hooks.loginRequired(
- async (session, updatingUserId, newLocation, cb) => {
- const userModel = await db.runJob("GET_MODEL", {
- modelName: "user",
- });
- async.waterfall(
- [
- (next) => {
- if (updatingUserId === session.userId)
- return next(null, true);
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin"))
- return next("Invalid permissions.");
- userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- userModel.updateOne(
- { _id: updatingUserId },
- { $set: { location: newLocation } },
- { runValidators: true },
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "UPDATE_LOCATION",
- `Couldn't update location for user "${updatingUserId}" to location "${newLocation}". "${err}"`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "UPDATE_LOCATION",
- `Updated location for user "${updatingUserId}" to location "${newLocation}".`
- );
- cb({
- status: "success",
- message: "Location updated successfully",
- });
- }
- }
- );
- }
- ),
- /**
- * Updates a user's bio
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} updatingUserId - the updating user's id
- * @param {String} newBio - the new bio
- * @param {Function} cb - gets called with the result
- */
- updateBio: hooks.loginRequired(
- async (session, updatingUserId, newBio, cb) => {
- const userModel = await db.runJob("GET_MODEL", {
- modelName: "user",
- });
- async.waterfall(
- [
- (next) => {
- if (updatingUserId === session.userId)
- return next(null, true);
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin"))
- return next("Invalid permissions.");
- userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- userModel.updateOne(
- { _id: updatingUserId },
- { $set: { bio: newBio } },
- { runValidators: true },
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "UPDATE_BIO",
- `Couldn't update bio for user "${updatingUserId}" to bio "${newBio}". "${err}"`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "UPDATE_BIO",
- `Updated bio for user "${updatingUserId}" to bio "${newBio}".`
- );
- cb({
- status: "success",
- message: "Bio updated successfully",
- });
- }
- }
- );
- }
- ),
- /**
- * Updates the type of a user's avatar
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} updatingUserId - the updating user's id
- * @param {String} newType - the new type
- * @param {Function} cb - gets called with the result
- */
- updateAvatarType: hooks.loginRequired(
- async (session, updatingUserId, newType, cb) => {
- const userModel = await db.runJob("GET_MODEL", {
- modelName: "user",
- });
- async.waterfall(
- [
- (next) => {
- if (updatingUserId === session.userId)
- return next(null, true);
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin"))
- return next("Invalid permissions.");
- userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- userModel.updateOne(
- { _id: updatingUserId },
- { $set: { "avatar.type": newType } },
- { runValidators: true },
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "UPDATE_AVATAR_TYPE",
- `Couldn't update avatar type for user "${updatingUserId}" to type "${newType}". "${err}"`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "UPDATE_AVATAR_TYPE",
- `Updated avatar type for user "${updatingUserId}" to type "${newType}".`
- );
- cb({
- status: "success",
- message: "Avatar type updated successfully",
- });
- }
- }
- );
- }
- ),
- /**
- * Updates a user's role
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} updatingUserId - the updating user's id
- * @param {String} newRole - the new role
- * @param {Function} cb - gets called with the result
- */
- updateRole: hooks.adminRequired(
- async (session, updatingUserId, newRole, cb) => {
- newRole = newRole.toLowerCase();
- const userModel = await db.runJob("GET_MODEL", {
- modelName: "user",
- });
- async.waterfall(
- [
- (next) => {
- userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- else if (user.role === newRole)
- return next(
- "New role can't be the same as the old role."
- );
- else return next();
- },
- (next) => {
- userModel.updateOne(
- { _id: updatingUserId },
- { $set: { role: newRole } },
- { runValidators: true },
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "UPDATE_ROLE",
- `User "${session.userId}" couldn't update role for user "${updatingUserId}" to role "${newRole}". "${err}"`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "UPDATE_ROLE",
- `User "${session.userId}" updated the role of user "${updatingUserId}" to role "${newRole}".`
- );
- cb({
- status: "success",
- message: "Role successfully updated.",
- });
- }
- }
- );
- }
- ),
- /**
- * Updates a user's password
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} previousPassword - the previous password
- * @param {String} newPassword - the new password
- * @param {Function} cb - gets called with the result
- */
- updatePassword: hooks.loginRequired(async (session, previousPassword, newPassword, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user.services.password)
- return next(
- "This account does not have a password set."
- );
- return next(null, user.services.password.password);
- },
- (storedPassword, next) => {
- bcrypt.compare(sha256(previousPassword), storedPassword).then(res => {
- if (res) return next();
- else return next("Please enter the correct previous password.")
- });
- },
- (next) => {
- if (!db.passwordValid(newPassword))
- return next(
- "Invalid new password. Check if it meets all the requirements."
- );
- return next();
- },
- (next) => {
- bcrypt.genSalt(10, next);
- },
- // hash the password
- (salt, next) => {
- bcrypt.hash(sha256(newPassword), salt, next);
- },
- (hashedPassword, next) => {
- userModel.updateOne(
- { _id: session.userId },
- {
- $set: {
- "services.password.password": hashedPassword,
- },
- },
- next
- );
- },
- ],
- async (err) => {
- if (err) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "UPDATE_PASSWORD",
- `Failed updating user password of user '${session.userId}'. '${err}'.`
- );
- return cb({ status: "failure", message: err });
- }
- console.log(
- "SUCCESS",
- "UPDATE_PASSWORD",
- `User '${session.userId}' updated their password.`
- );
- cb({
- status: "success",
- message: "Password successfully updated.",
- });
- }
- );
- }),
- /**
- * Requests a password for a session
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} email - the email of the user that requests a password reset
- * @param {Function} cb - gets called with the result
- */
- requestPassword: hooks.loginRequired(async (session, cb) => {
- let code = await utils.runJob("GENERATE_RANDOM_STRING", { length: 8 });
- const passwordRequestSchema = await mail.runJob("GET_SCHEMA", {
- schemaName: "passwordRequest",
- });
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- if (
- user.services.password &&
- user.services.password.password
- )
- return next("You already have a password set.");
- next(null, user);
- },
- (user, next) => {
- let expires = new Date();
- expires.setDate(expires.getDate() + 1);
- userModel.findOneAndUpdate(
- { "email.address": user.email.address },
- {
- $set: {
- "services.password": {
- set: { code: code, expires },
- },
- },
- },
- { runValidators: true },
- next
- );
- },
- (user, next) => {
- passwordRequestSchema(
- user.email.address,
- user.username,
- code,
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "REQUEST_PASSWORD",
- `UserId '${session.userId}' failed to request password. '${err}'`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "REQUEST_PASSWORD",
- `UserId '${session.userId}' successfully requested a password.`
- );
- cb({
- status: "success",
- message: "Successfully requested password.",
- });
- }
- }
- );
- }),
- /**
- * Verifies a password code
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} code - the password code
- * @param {Function} cb - gets called with the result
- */
- verifyPasswordCode: hooks.loginRequired(async (session, code, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- if (!code || typeof code !== "string")
- return next("Invalid code.");
- userModel.findOne(
- {
- "services.password.set.code": code,
- _id: session.userId,
- },
- next
- );
- },
- (user, next) => {
- if (!user) return next("Invalid code.");
- if (user.services.password.set.expires < new Date())
- return next("That code has expired.");
- next(null);
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "VERIFY_PASSWORD_CODE",
- `Code '${code}' failed to verify. '${err}'`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "VERIFY_PASSWORD_CODE",
- `Code '${code}' successfully verified.`
- );
- cb({
- status: "success",
- message: "Successfully verified password code.",
- });
- }
- }
- );
- }),
- /**
- * Adds a password to a user with a code
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} code - the password code
- * @param {String} newPassword - the new password code
- * @param {Function} cb - gets called with the result
- */
- changePasswordWithCode: hooks.loginRequired(
- async (session, code, newPassword, cb) => {
- const userModel = await db.runJob("GET_MODEL", {
- modelName: "user",
- });
- async.waterfall(
- [
- (next) => {
- if (!code || typeof code !== "string")
- return next("Invalid code.");
- userModel.findOne(
- { "services.password.set.code": code },
- next
- );
- },
- (user, next) => {
- if (!user) return next("Invalid code.");
- if (!user.services.password.set.expires > new Date())
- return next("That code has expired.");
- next();
- },
- (next) => {
- if (!db.passwordValid(newPassword))
- return next(
- "Invalid password. Check if it meets all the requirements."
- );
- return next();
- },
- (next) => {
- bcrypt.genSalt(10, next);
- },
- // hash the password
- (salt, next) => {
- bcrypt.hash(sha256(newPassword), salt, next);
- },
- (hashedPassword, next) => {
- userModel.updateOne(
- { "services.password.set.code": code },
- {
- $set: {
- "services.password.password": hashedPassword,
- },
- $unset: { "services.password.set": "" },
- },
- { runValidators: true },
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "ADD_PASSWORD_WITH_CODE",
- `Code '${code}' failed to add password. '${err}'`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "ADD_PASSWORD_WITH_CODE",
- `Code '${code}' successfully added password.`
- );
- cache.runJob("PUB", {
- channel: "user.linkPassword",
- value: session.userId,
- });
- cb({
- status: "success",
- message: "Successfully added password.",
- });
- }
- }
- );
- }
- ),
- /**
- * Unlinks password from user
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {Function} cb - gets called with the result
- */
- unlinkPassword: hooks.loginRequired(async (session, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user) return next("Not logged in.");
- if (!user.services.github || !user.services.github.id)
- return next(
- "You can't remove password login without having GitHub login."
- );
- userModel.updateOne(
- { _id: session.userId },
- { $unset: { "services.password": "" } },
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "UNLINK_PASSWORD",
- `Unlinking password failed for userId '${session.userId}'. '${err}'`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "UNLINK_PASSWORD",
- `Unlinking password successful for userId '${session.userId}'.`
- );
- cache.runJob("PUB", {
- channel: "user.unlinkPassword",
- value: session.userId,
- });
- cb({
- status: "success",
- message: "Successfully unlinked password.",
- });
- }
- }
- );
- }),
- /**
- * Unlinks GitHub from user
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {Function} cb - gets called with the result
- */
- unlinkGitHub: hooks.loginRequired(async (session, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user) return next("Not logged in.");
- if (
- !user.services.password ||
- !user.services.password.password
- )
- return next(
- "You can't remove GitHub login without having password login."
- );
- userModel.updateOne(
- { _id: session.userId },
- { $unset: { "services.github": "" } },
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "UNLINK_GITHUB",
- `Unlinking GitHub failed for userId '${session.userId}'. '${err}'`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "UNLINK_GITHUB",
- `Unlinking GitHub successful for userId '${session.userId}'.`
- );
- cache.runJob("PUB", {
- channel: "user.unlinkGithub",
- value: session.userId,
- });
- cb({
- status: "success",
- message: "Successfully unlinked GitHub.",
- });
- }
- }
- );
- }),
- /**
- * Requests a password reset for an email
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} email - the email of the user that requests a password reset
- * @param {Function} cb - gets called with the result
- */
- requestPasswordReset: async (session, email, cb) => {
- let code = await utils.runJob("GENERATE_RANDOM_STRING", { length: 8 });
- console.log(111, code);
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- const resetPasswordRequestSchema = await mail.runJob("GET_SCHEMA", {
- schemaName: "resetPasswordRequest",
- });
- async.waterfall(
- [
- (next) => {
- if (!email || typeof email !== "string")
- return next("Invalid email.");
- email = email.toLowerCase();
- userModel.findOne({ "email.address": email }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- if (
- !user.services.password ||
- !user.services.password.password
- )
- return next(
- "User does not have a password set, and probably uses GitHub to log in."
- );
- next(null, user);
- },
- (user, next) => {
- let expires = new Date();
- expires.setDate(expires.getDate() + 1);
- userModel.findOneAndUpdate(
- { "email.address": email },
- {
- $set: {
- "services.password.reset": {
- code: code,
- expires,
- },
- },
- },
- { runValidators: true },
- next
- );
- },
- (user, next) => {
- resetPasswordRequestSchema(
- user.email.address,
- user.username,
- code,
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "REQUEST_PASSWORD_RESET",
- `Email '${email}' failed to request password reset. '${err}'`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "REQUEST_PASSWORD_RESET",
- `Email '${email}' successfully requested a password reset.`
- );
- cb({
- status: "success",
- message: "Successfully requested password reset.",
- });
- }
- }
- );
- },
- /**
- * Verifies a reset code
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} code - the password reset code
- * @param {Function} cb - gets called with the result
- */
- verifyPasswordResetCode: async (session, code, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- if (!code || typeof code !== "string")
- return next("Invalid code.");
- userModel.findOne(
- { "services.password.reset.code": code },
- next
- );
- },
- (user, next) => {
- if (!user) return next("Invalid code.");
- if (!user.services.password.reset.expires > new Date())
- return next("That code has expired.");
- next(null);
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "VERIFY_PASSWORD_RESET_CODE",
- `Code '${code}' failed to verify. '${err}'`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "VERIFY_PASSWORD_RESET_CODE",
- `Code '${code}' successfully verified.`
- );
- cb({
- status: "success",
- message: "Successfully verified password reset code.",
- });
- }
- }
- );
- },
- /**
- * Changes a user's password with a reset code
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} code - the password reset code
- * @param {String} newPassword - the new password reset code
- * @param {Function} cb - gets called with the result
- */
- changePasswordWithResetCode: async (session, code, newPassword, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- if (!code || typeof code !== "string")
- return next("Invalid code.");
- userModel.findOne(
- { "services.password.reset.code": code },
- next
- );
- },
- (user, next) => {
- if (!user) return next("Invalid code.");
- if (!user.services.password.reset.expires > new Date())
- return next("That code has expired.");
- next();
- },
- (next) => {
- if (!db.passwordValid(newPassword))
- return next(
- "Invalid password. Check if it meets all the requirements."
- );
- return next();
- },
- (next) => {
- bcrypt.genSalt(10, next);
- },
- // hash the password
- (salt, next) => {
- bcrypt.hash(sha256(newPassword), salt, next);
- },
- (hashedPassword, next) => {
- userModel.updateOne(
- { "services.password.reset.code": code },
- {
- $set: {
- "services.password.password": hashedPassword,
- },
- $unset: { "services.password.reset": "" },
- },
- { runValidators: true },
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "CHANGE_PASSWORD_WITH_RESET_CODE",
- `Code '${code}' failed to change password. '${err}'`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "CHANGE_PASSWORD_WITH_RESET_CODE",
- `Code '${code}' successfully changed password.`
- );
- cb({
- status: "success",
- message: "Successfully changed password.",
- });
- }
- }
- );
- },
- /**
- * Bans a user by userId
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} value - the user id that is going to be banned
- * @param {String} reason - the reason for the ban
- * @param {String} expiresAt - the time the ban expires
- * @param {Function} cb - gets called with the result
- */
- banUserById: hooks.adminRequired(
- (session, userId, reason, expiresAt, cb) => {
- async.waterfall(
- [
- (next) => {
- if (!userId)
- return next("You must provide a userId to ban.");
- else if (!reason)
- return next(
- "You must provide a reason for the ban."
- );
- else return next();
- },
- (next) => {
- if (!expiresAt || typeof expiresAt !== "string")
- return next("Invalid expire date.");
- let date = new Date();
- switch (expiresAt) {
- case "1h":
- expiresAt = date.setHours(date.getHours() + 1);
- break;
- case "12h":
- expiresAt = date.setHours(date.getHours() + 12);
- break;
- case "1d":
- expiresAt = date.setDate(date.getDate() + 1);
- break;
- case "1w":
- expiresAt = date.setDate(date.getDate() + 7);
- break;
- case "1m":
- expiresAt = date.setMonth(date.getMonth() + 1);
- break;
- case "3m":
- expiresAt = date.setMonth(date.getMonth() + 3);
- break;
- case "6m":
- expiresAt = date.setMonth(date.getMonth() + 6);
- break;
- case "1y":
- expiresAt = date.setFullYear(
- date.getFullYear() + 1
- );
- break;
- case "never":
- expiresAt = new Date(3093527980800000);
- break;
- default:
- return next("Invalid expire date.");
- }
- next();
- },
- (next) => {
- punishments
- .runJob("ADD_PUNISHMENT", {
- type: "banUserId",
- value: userId,
- reason,
- expiresAt,
- punishedBy,
- })
- .then((punishment) => {
- next(null, punishment);
- })
- .catch(next);
- },
- (punishment, next) => {
- cache.runJob("PUB", {
- channel: "user.ban",
- value: { userId, punishment },
- });
- next();
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "BAN_USER_BY_ID",
- `User ${session.userId} failed to ban user ${userId} with the reason ${reason}. '${err}'`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "BAN_USER_BY_ID",
- `User ${session.userId} has successfully banned user ${userId} with the reason ${reason}.`
- );
- cb({
- status: "success",
- message: "Successfully banned user.",
- });
- }
- }
- );
- }
- ),
- getFavoriteStations: hooks.loginRequired(async (session, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- next(null, user);
- },
- ],
- async (err, user) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "GET_FAVORITE_STATIONS",
- `User ${session.userId} failed to get favorite stations. '${err}'`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "GET_FAVORITE_STATIONS",
- `User ${session.userId} got favorite stations.`
- );
- cb({
- status: "success",
- favoriteStations: user.favoriteStations,
- });
- }
- }
- );
- }),
- };
|
