| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102 |
- "use strict";
- const async = require("async");
- const config = require("config");
- const request = require("request");
- const bcrypt = require("bcrypt");
- const sha256 = require("sha256");
- const hooks = require("./hooks");
- // const moduleManager = require("../../index");
- const db = require("../db");
- const mail = require("../mail");
- const cache = require("../cache");
- const punishments = require("../punishments");
- const utils = require("../utils");
- // const logger = require("../logger");
- const activities = require("../activities");
- cache.runJob("SUB", {
- channel: "user.updateUsername",
- cb: (user) => {
- utils.runJob("SOCKETS_FROM_USER", {
- userId: user._id,
- cb: (response) => {
- response.sockets.forEach((socket) => {
- socket.emit("event:user.username.changed", user.username);
- });
- },
- });
- },
- });
- cache.runJob("SUB", {
- channel: "user.removeSessions",
- cb: (userId) => {
- utils.runJob("SOCKETS_FROM_USER_WITHOUT_CACHE", {
- userId: userId,
- cb: (response) => {
- response.sockets.forEach((socket) => {
- socket.emit("keep.event:user.session.removed");
- });
- },
- });
- },
- });
- cache.runJob("SUB", {
- channel: "user.linkPassword",
- cb: (userId) => {
- utils.runJob("SOCKETS_FROM_USER", {
- userId: userId,
- cb: (response) => {
- response.sockets.forEach((socket) => {
- socket.emit("event:user.linkPassword");
- });
- },
- });
- },
- });
- cache.runJob("SUB", {
- channel: "user.linkGitHub",
- cb: (userId) => {
- utils.runJob("SOCKETS_FROM_USER", {
- userId: userId,
- cb: (response) => {
- response.sockets.forEach((socket) => {
- socket.emit("event:user.linkGitHub");
- });
- },
- });
- },
- });
- cache.runJob("SUB", {
- channel: "user.unlinkPassword",
- cb: (userId) => {
- utils.runJob("SOCKETS_FROM_USER", {
- userId: userId,
- cb: (response) => {
- response.sockets.forEach((socket) => {
- socket.emit("event:user.unlinkPassword");
- });
- },
- });
- },
- });
- cache.runJob("SUB", {
- channel: "user.unlinkGitHub",
- cb: (userId) => {
- utils.runJob("SOCKETS_FROM_USER", {
- userId: userId,
- cb: (response) => {
- response.sockets.forEach((socket) => {
- socket.emit("event:user.unlinkGitHub");
- });
- },
- });
- },
- });
- cache.runJob("SUB", {
- channel: "user.ban",
- cb: (data) => {
- utils.runJob("SOCKETS_FROM_USER", {
- userId: data.userId,
- cb: (response) => {
- response.sockets.forEach((socket) => {
- socket.emit("keep.event:banned", data.punishment);
- socket.disconnect(true);
- });
- },
- });
- },
- });
- cache.runJob("SUB", {
- channel: "user.favoritedStation",
- cb: (data) => {
- utils.runJob("SOCKETS_FROM_USER", {
- userId: data.userId,
- cb: (response) => {
- response.sockets.forEach((socket) => {
- socket.emit("event:user.favoritedStation", data.stationId);
- });
- },
- });
- },
- });
- cache.runJob("SUB", {
- channel: "user.unfavoritedStation",
- cb: (data) => {
- utils.runJob("SOCKETS_FROM_USER", {
- userId: data.userId,
- cb: (response) => {
- response.sockets.forEach((socket) => {
- socket.emit(
- "event:user.unfavoritedStation",
- data.stationId
- );
- });
- },
- });
- },
- });
- module.exports = {
- /**
- * Lists all Users
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {Function} cb - gets called with the result
- */
- index: hooks.adminRequired(async (session, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- userModel.find({}).exec(next);
- },
- ],
- async (err, users) => {
- if (err) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "USER_INDEX",
- `Indexing users failed. "${err}"`
- );
- return cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "USER_INDEX",
- `Indexing users successful.`
- );
- let filteredUsers = [];
- users.forEach((user) => {
- filteredUsers.push({
- _id: user._id,
- username: user.username,
- role: user.role,
- liked: user.liked,
- disliked: user.disliked,
- songsRequested: user.statistics.songsRequested,
- email: {
- address: user.email.address,
- verified: user.email.verified,
- },
- hasPassword: !!user.services.password,
- services: { github: user.services.github },
- });
- });
- return cb({ status: "success", data: filteredUsers });
- }
- }
- );
- }),
- /**
- * Logs user in
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} identifier - the email of the user
- * @param {String} password - the plaintext of the user
- * @param {Function} cb - gets called with the result
- */
- login: async (session, identifier, password, cb) => {
- identifier = identifier.toLowerCase();
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- const sessionSchema = await cache.runJob("GET_SCHEMA", {
- schemaName: "session",
- });
- async.waterfall(
- [
- // check if a user with the requested identifier exists
- (next) => {
- userModel.findOne(
- {
- $or: [{ "email.address": identifier }],
- },
- next
- );
- },
- // if the user doesn't exist, respond with a failure
- // otherwise compare the requested password and the actual users password
- (user, next) => {
- if (!user) return next("User not found");
- if (
- !user.services.password ||
- !user.services.password.password
- )
- return next(
- "The account you are trying to access uses GitHub to log in."
- );
- bcrypt.compare(
- sha256(password),
- user.services.password.password,
- (err, match) => {
- if (err) return next(err);
- if (!match) return next("Incorrect password");
- next(null, user);
- }
- );
- },
- (user, next) => {
- utils.runJob("GUID", {}).then((sessionId) => {
- next(null, user, sessionId);
- });
- },
- (user, sessionId, next) => {
- cache
- .runJob("HSET", {
- table: "sessions",
- key: sessionId,
- value: sessionSchema(sessionId, user._id),
- })
- .then(() => next(null, sessionId))
- .catch(next);
- },
- ],
- async (err, sessionId) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "USER_PASSWORD_LOGIN",
- `Login failed with password for user "${identifier}". "${err}"`
- );
- return cb({ status: "failure", message: err });
- }
- console.log(
- "SUCCESS",
- "USER_PASSWORD_LOGIN",
- `Login successful with password for user "${identifier}"`
- );
- cb({
- status: "success",
- message: "Login successful",
- user: {},
- SID: sessionId,
- });
- }
- );
- },
- /**
- * Registers a new user
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} username - the username for the new user
- * @param {String} email - the email for the new user
- * @param {String} password - the plaintext password for the new user
- * @param {Object} recaptcha - the recaptcha data
- * @param {Function} cb - gets called with the result
- */
- register: async function(
- session,
- username,
- email,
- password,
- recaptcha,
- cb
- ) {
- email = email.toLowerCase();
- let verificationToken = await utils.runJob("GENERATE_RANDOM_STRING", {
- length: 64,
- });
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- const verifyEmailSchema = await mail.runJob("GET_SCHEMA", {
- schemaName: "verifyEmail",
- });
- async.waterfall(
- [
- (next) => {
- if (config.get("registrationDisabled") === true)
- return next("Registration is not allowed at this time.");
- return next();
- },
- (next) => {
- if (!db.passwordValid(password))
- return next(
- "Invalid password. Check if it meets all the requirements."
- );
- return next();
- },
- // verify the request with google recaptcha
- (next) => {
- if (config.get("apis.recaptcha.enabled") === true)
- request(
- {
- url:
- "https://www.google.com/recaptcha/api/siteverify",
- method: "POST",
- form: {
- secret: config.get("apis").recaptcha.secret,
- response: recaptcha,
- },
- },
- next
- );
- else next(null, null, null);
- },
- // check if the response from Google recaptcha is successful
- // if it is, we check if a user with the requested username already exists
- (response, body, next) => {
- if (config.get("apis.recaptcha.enabled") === true) {
- let json = JSON.parse(body);
- if (json.success !== true)
- return next(
- "Response from recaptcha was not successful."
- );
- }
- userModel.findOne(
- { username: new RegExp(`^${username}$`, "i") },
- next
- );
- },
- // if the user already exists, respond with that
- // otherwise check if a user with the requested email already exists
- (user, next) => {
- if (user)
- return next(
- "A user with that username already exists."
- );
- userModel.findOne({ "email.address": email }, next);
- },
- // if the user already exists, respond with that
- // otherwise, generate a salt to use with hashing the new users password
- (user, next) => {
- if (user)
- return next("A user with that email already exists.");
- bcrypt.genSalt(10, next);
- },
- // hash the password
- (salt, next) => {
- bcrypt.hash(sha256(password), salt, next);
- },
- (hash, next) => {
- utils
- .runJob("GENERATE_RANDOM_STRING", { length: 12 })
- .then((_id) => {
- next(null, hash, _id);
- });
- },
- // create the user object
- (hash, _id, next) => {
- next(null, {
- _id,
- username,
- email: {
- address: email,
- verificationToken,
- },
- services: {
- password: {
- password: hash,
- },
- },
- });
- },
- // generate the url for gravatar avatar
- (user, next) => {
- utils
- .runJob("CREATE_GRAVATAR", {
- email: user.email.address,
- })
- .then((url) => {
- user.avatar = url;
- next(null, user);
- });
- },
- // save the new user to the database
- (user, next) => {
- userModel.create(user, next);
- },
- // respond with the new user
- (newUser, next) => {
- verifyEmailSchema(
- email,
- username,
- verificationToken,
- () => {
- next(null, newUser);
- }
- );
- },
- ],
- async (err, user) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "USER_PASSWORD_REGISTER",
- `Register failed with password for user "${username}"."${err}"`
- );
- return cb({ status: "failure", message: err });
- } else {
- module.exports.login(session, email, password, (result) => {
- let obj = {
- status: "success",
- message: "Successfully registered.",
- };
- if (result.status === "success") {
- obj.SID = result.SID;
- }
- activities.runJob("ADD_ACTIVITY", {
- userId: user._id,
- activityType: "created_account",
- });
- console.log(
- "SUCCESS",
- "USER_PASSWORD_REGISTER",
- `Register successful with password for user "${username}".`
- );
- return cb(obj);
- });
- }
- }
- );
- },
- /**
- * Logs out a user
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {Function} cb - gets called with the result
- */
- logout: (session, cb) => {
- async.waterfall(
- [
- (next) => {
- cache
- .runJob("HGET", {
- table: "sessions",
- key: session.sessionId,
- })
- .then((session) => next(null, session))
- .catch(next);
- },
- (session, next) => {
- if (!session) return next("Session not found");
- next(null, session);
- },
- (session, next) => {
- cache
- .runJob("HDEL", {
- table: "sessions",
- key: session.sessionId,
- })
- .then(() => next())
- .catch(next);
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "USER_LOGOUT",
- `Logout failed. "${err}" `
- );
- cb({ status: "failure", message: err });
- } else {
- console.log("SUCCESS", "USER_LOGOUT", `Logout successful.`);
- cb({
- status: "success",
- message: "Successfully logged out.",
- });
- }
- }
- );
- },
- /**
- * Removes all sessions for a user
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} userId - the id of the user we are trying to delete the sessions of
- * @param {Function} cb - gets called with the result
- */
- removeSessions: hooks.loginRequired(async (session, userId, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- userModel.findOne({ _id: session.userId }, (err, user) => {
- if (err) return next(err);
- if (user.role !== "admin" && session.userId !== userId)
- return next(
- "Only admins and the owner of the account can remove their sessions."
- );
- else return next();
- });
- },
- (next) => {
- cache
- .runJob("HGETALL", { table: "sessions" })
- .then((sessions) => next(null, sessions))
- .catch(next);
- },
- (sessions, next) => {
- if (!sessions)
- return next(
- "There are no sessions for this user to remove."
- );
- else {
- let keys = Object.keys(sessions);
- next(null, keys, sessions);
- }
- },
- (keys, sessions, next) => {
- cache.runJob("PUB", {
- channel: "user.removeSessions",
- value: userId,
- });
- async.each(
- keys,
- (sessionId, callback) => {
- let session = sessions[sessionId];
- if (session.userId === userId) {
- cache
- .runJob("HDEL", {
- channel: "sessions",
- key: sessionId,
- })
- .then(() => callback(null))
- .catch(next);
- }
- },
- (err) => {
- next(err);
- }
- );
- },
- ],
- async (err) => {
- if (err) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "REMOVE_SESSIONS_FOR_USER",
- `Couldn't remove all sessions for user "${userId}". "${err}"`
- );
- return cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "REMOVE_SESSIONS_FOR_USER",
- `Removed all sessions for user "${userId}".`
- );
- return cb({
- status: "success",
- message: "Successfully removed all sessions.",
- });
- }
- }
- );
- }),
- /**
- * Gets user object from username (only a few properties)
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} username - the username of the user we are trying to find
- * @param {Function} cb - gets called with the result
- */
- findByUsername: async (session, username, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- userModel.findOne(
- { username: new RegExp(`^${username}$`, "i") },
- next
- );
- },
- (account, next) => {
- if (!account) return next("User not found.");
- next(null, account);
- },
- ],
- async (err, account) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "FIND_BY_USERNAME",
- `User not found for username "${username}". "${err}"`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "FIND_BY_USERNAME",
- `User found for username "${username}".`
- );
- return cb({
- status: "success",
- data: {
- _id: account._id,
- name: account.name,
- username: account.username,
- location: account.location,
- bio: account.bio,
- role: account.role,
- avatar: account.avatar,
- createdAt: account.createdAt,
- },
- });
- }
- }
- );
- },
- /**
- * Gets a username from an userId
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} userId - the userId of the person we are trying to get the username from
- * @param {Function} cb - gets called with the result
- */
- getUsernameFromId: async (session, userId, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- userModel
- .findById(userId)
- .then((user) => {
- if (user) {
- console.log(
- "SUCCESS",
- "GET_USERNAME_FROM_ID",
- `Found username for userId "${userId}".`
- );
- return cb({
- status: "success",
- data: user.username,
- });
- } else {
- console.log(
- "ERROR",
- "GET_USERNAME_FROM_ID",
- `Getting the username from userId "${userId}" failed. User not found.`
- );
- cb({
- status: "failure",
- message: "Couldn't find the user.",
- });
- }
- })
- .catch(async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "GET_USERNAME_FROM_ID",
- `Getting the username from userId "${userId}" failed. "${err}"`
- );
- cb({ status: "failure", message: err });
- }
- });
- },
- //TODO Fix security issues
- /**
- * Gets user info from session
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {Function} cb - gets called with the result
- */
- findBySession: async (session, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- cache
- .runJob("HGET", {
- table: "sessions",
- key: session.sessionId,
- })
- .then((session) => next(null, session))
- .catch(next);
- },
- (session, next) => {
- if (!session) return next("Session not found.");
- next(null, session);
- },
- (session, next) => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- next(null, user);
- },
- ],
- async (err, user) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "FIND_BY_SESSION",
- `User not found. "${err}"`
- );
- cb({ status: "failure", message: err });
- } else {
- let data = {
- email: {
- address: user.email.address,
- },
- avatar: user.avatar,
- username: user.username,
- name: user.name,
- location: user.location,
- bio: user.bio,
- };
- if (
- user.services.password &&
- user.services.password.password
- )
- data.password = true;
- if (user.services.github && user.services.github.id)
- data.github = true;
- console.log(
- "SUCCESS",
- "FIND_BY_SESSION",
- `User found. "${user.username}".`
- );
- return cb({
- status: "success",
- data,
- });
- }
- }
- );
- },
- /**
- * Updates a user's username
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} updatingUserId - the updating user's id
- * @param {String} newUsername - the new username
- * @param {Function} cb - gets called with the result
- */
- updateUsername: hooks.loginRequired(
- async (session, updatingUserId, newUsername, cb) => {
- const userModel = await db.runJob("GET_MODEL", {
- modelName: "user",
- });
- async.waterfall(
- [
- (next) => {
- if (updatingUserId === session.userId)
- return next(null, true);
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin"))
- return next("Invalid permissions.");
- userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- if (user.username === newUsername)
- return next(
- "New username can't be the same as the old username."
- );
- next(null);
- },
- (next) => {
- userModel.findOne(
- { username: new RegExp(`^${newUsername}$`, "i") },
- next
- );
- },
- (user, next) => {
- if (!user) return next();
- if (user._id === updatingUserId) return next();
- next("That username is already in use.");
- },
- (next) => {
- userModel.updateOne(
- { _id: updatingUserId },
- { $set: { username: newUsername } },
- { runValidators: true },
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "UPDATE_USERNAME",
- `Couldn't update username for user "${updatingUserId}" to username "${newUsername}". "${err}"`
- );
- cb({ status: "failure", message: err });
- } else {
- cache.runJob("PUB", {
- channel: "user.updateUsername",
- value: {
- username: newUsername,
- _id: updatingUserId,
- },
- });
- console.log(
- "SUCCESS",
- "UPDATE_USERNAME",
- `Updated username for user "${updatingUserId}" to username "${newUsername}".`
- );
- cb({
- status: "success",
- message: "Username updated successfully",
- });
- }
- }
- );
- }
- ),
- /**
- * Updates a user's email
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} updatingUserId - the updating user's id
- * @param {String} newEmail - the new email
- * @param {Function} cb - gets called with the result
- */
- updateEmail: hooks.loginRequired(
- async (session, updatingUserId, newEmail, cb) => {
- newEmail = newEmail.toLowerCase();
- let verificationToken = await utils.runJob(
- "GENERATE_RANDOM_STRING",
- { length: 64 }
- );
- const userModel = await db.runJob("GET_MODEL", {
- modelName: "user",
- });
- const verifyEmailSchema = await mail.runJob("GET_SCHEMA", {
- schemaName: "verifyEmail",
- });
- async.waterfall(
- [
- (next) => {
- if (updatingUserId === session.userId)
- return next(null, true);
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin"))
- return next("Invalid permissions.");
- userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- if (user.email.address === newEmail)
- return next(
- "New email can't be the same as your the old email."
- );
- next();
- },
- (next) => {
- userModel.findOne({ "email.address": newEmail }, next);
- },
- (user, next) => {
- if (!user) return next();
- if (user._id === updatingUserId) return next();
- next("That email is already in use.");
- },
- // regenerate the url for gravatar avatar
- (next) => {
- utils
- .runJob("CREATE_GRAVATAR", { email: newEmail })
- .then((url) => next(null, url));
- },
- (avatar, next) => {
- userModel.updateOne(
- { _id: updatingUserId },
- {
- $set: {
- avatar: avatar,
- "email.address": newEmail,
- "email.verified": false,
- "email.verificationToken": verificationToken,
- },
- },
- { runValidators: true },
- next
- );
- },
- (res, next) => {
- userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- verifyEmailSchema(
- newEmail,
- user.username,
- verificationToken,
- () => {
- next();
- }
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "UPDATE_EMAIL",
- `Couldn't update email for user "${updatingUserId}" to email "${newEmail}". '${err}'`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "UPDATE_EMAIL",
- `Updated email for user "${updatingUserId}" to email "${newEmail}".`
- );
- cb({
- status: "success",
- message: "Email updated successfully.",
- });
- }
- }
- );
- }
- ),
- /**
- * Updates a user's name
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} updatingUserId - the updating user's id
- * @param {String} newBio - the new name
- * @param {Function} cb - gets called with the result
- */
- updateName: hooks.loginRequired(
- async (session, updatingUserId, newName, cb) => {
- const userModel = await db.runJob("GET_MODEL", {
- modelName: "user",
- });
- async.waterfall(
- [
- (next) => {
- if (updatingUserId === session.userId)
- return next(null, true);
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin"))
- return next("Invalid permissions.");
- userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- userModel.updateOne(
- { _id: updatingUserId },
- { $set: { name: newName } },
- { runValidators: true },
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "UPDATE_NAME",
- `Couldn't update name for user "${updatingUserId}" to name "${newName}". "${err}"`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "UPDATE_NAME",
- `Updated name for user "${updatingUserId}" to name "${newName}".`
- );
- cb({
- status: "success",
- message: "Name updated successfully",
- });
- }
- }
- );
- }
- ),
- /**
- * Updates a user's location
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} updatingUserId - the updating user's id
- * @param {String} newLocation - the new location
- * @param {Function} cb - gets called with the result
- */
- updateLocation: hooks.loginRequired(
- async (session, updatingUserId, newLocation, cb) => {
- const userModel = await db.runJob("GET_MODEL", {
- modelName: "user",
- });
- async.waterfall(
- [
- (next) => {
- if (updatingUserId === session.userId)
- return next(null, true);
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin"))
- return next("Invalid permissions.");
- userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- userModel.updateOne(
- { _id: updatingUserId },
- { $set: { location: newLocation } },
- { runValidators: true },
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "UPDATE_LOCATION",
- `Couldn't update location for user "${updatingUserId}" to location "${newLocation}". "${err}"`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "UPDATE_LOCATION",
- `Updated location for user "${updatingUserId}" to location "${newLocation}".`
- );
- cb({
- status: "success",
- message: "Location updated successfully",
- });
- }
- }
- );
- }
- ),
- /**
- * Updates a user's bio
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} updatingUserId - the updating user's id
- * @param {String} newBio - the new bio
- * @param {Function} cb - gets called with the result
- */
- updateBio: hooks.loginRequired(
- async (session, updatingUserId, newBio, cb) => {
- const userModel = await db.runJob("GET_MODEL", {
- modelName: "user",
- });
- async.waterfall(
- [
- (next) => {
- if (updatingUserId === session.userId)
- return next(null, true);
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin"))
- return next("Invalid permissions.");
- userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- userModel.updateOne(
- { _id: updatingUserId },
- { $set: { bio: newBio } },
- { runValidators: true },
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "UPDATE_BIO",
- `Couldn't update bio for user "${updatingUserId}" to bio "${newBio}". "${err}"`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "UPDATE_BIO",
- `Updated bio for user "${updatingUserId}" to bio "${newBio}".`
- );
- cb({
- status: "success",
- message: "Bio updated successfully",
- });
- }
- }
- );
- }
- ),
- /**
- * Updates the type of a user's avatar
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} updatingUserId - the updating user's id
- * @param {String} newType - the new type
- * @param {Function} cb - gets called with the result
- */
- updateAvatarType: hooks.loginRequired(
- async (session, updatingUserId, newType, cb) => {
- const userModel = await db.runJob("GET_MODEL", {
- modelName: "user",
- });
- async.waterfall(
- [
- (next) => {
- if (updatingUserId === session.userId)
- return next(null, true);
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin"))
- return next("Invalid permissions.");
- userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- userModel.updateOne(
- { _id: updatingUserId },
- { $set: { "avatar.type": newType } },
- { runValidators: true },
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "UPDATE_AVATAR_TYPE",
- `Couldn't update avatar type for user "${updatingUserId}" to type "${newType}". "${err}"`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "UPDATE_AVATAR_TYPE",
- `Updated avatar type for user "${updatingUserId}" to type "${newType}".`
- );
- cb({
- status: "success",
- message: "Avatar type updated successfully",
- });
- }
- }
- );
- }
- ),
- /**
- * Updates a user's role
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} updatingUserId - the updating user's id
- * @param {String} newRole - the new role
- * @param {Function} cb - gets called with the result
- */
- updateRole: hooks.adminRequired(
- async (session, updatingUserId, newRole, cb) => {
- newRole = newRole.toLowerCase();
- const userModel = await db.runJob("GET_MODEL", {
- modelName: "user",
- });
- async.waterfall(
- [
- (next) => {
- userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- else if (user.role === newRole)
- return next(
- "New role can't be the same as the old role."
- );
- else return next();
- },
- (next) => {
- userModel.updateOne(
- { _id: updatingUserId },
- { $set: { role: newRole } },
- { runValidators: true },
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "UPDATE_ROLE",
- `User "${session.userId}" couldn't update role for user "${updatingUserId}" to role "${newRole}". "${err}"`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "UPDATE_ROLE",
- `User "${session.userId}" updated the role of user "${updatingUserId}" to role "${newRole}".`
- );
- cb({
- status: "success",
- message: "Role successfully updated.",
- });
- }
- }
- );
- }
- ),
- /**
- * Updates a user's password
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} newPassword - the new password
- * @param {Function} cb - gets called with the result
- */
- updatePassword: hooks.loginRequired(async (session, newPassword, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user.services.password)
- return next(
- "This account does not have a password set."
- );
- next();
- },
- (next) => {
- if (!db.passwordValid(newPassword))
- return next(
- "Invalid password. Check if it meets all the requirements."
- );
- return next();
- },
- (next) => {
- bcrypt.genSalt(10, next);
- },
- // hash the password
- (salt, next) => {
- bcrypt.hash(sha256(newPassword), salt, next);
- },
- (hashedPassword, next) => {
- userModel.updateOne(
- { _id: session.userId },
- {
- $set: {
- "services.password.password": hashedPassword,
- },
- },
- next
- );
- },
- ],
- async (err) => {
- if (err) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "UPDATE_PASSWORD",
- `Failed updating user password of user '${session.userId}'. '${err}'.`
- );
- return cb({ status: "failure", message: err });
- }
- console.log(
- "SUCCESS",
- "UPDATE_PASSWORD",
- `User '${session.userId}' updated their password.`
- );
- cb({
- status: "success",
- message: "Password successfully updated.",
- });
- }
- );
- }),
- /**
- * Requests a password for a session
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} email - the email of the user that requests a password reset
- * @param {Function} cb - gets called with the result
- */
- requestPassword: hooks.loginRequired(async (session, cb) => {
- let code = await utils.runJob("GENERATE_RANDOM_STRING", { length: 8 });
- const passwordRequestSchema = await mail.runJob("GET_SCHEMA", {
- schemaName: "passwordRequest",
- });
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- if (
- user.services.password &&
- user.services.password.password
- )
- return next("You already have a password set.");
- next(null, user);
- },
- (user, next) => {
- let expires = new Date();
- expires.setDate(expires.getDate() + 1);
- userModel.findOneAndUpdate(
- { "email.address": user.email.address },
- {
- $set: {
- "services.password": {
- set: { code: code, expires },
- },
- },
- },
- { runValidators: true },
- next
- );
- },
- (user, next) => {
- passwordRequestSchema(
- user.email.address,
- user.username,
- code,
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "REQUEST_PASSWORD",
- `UserId '${session.userId}' failed to request password. '${err}'`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "REQUEST_PASSWORD",
- `UserId '${session.userId}' successfully requested a password.`
- );
- cb({
- status: "success",
- message: "Successfully requested password.",
- });
- }
- }
- );
- }),
- /**
- * Verifies a password code
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} code - the password code
- * @param {Function} cb - gets called with the result
- */
- verifyPasswordCode: hooks.loginRequired(async (session, code, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- if (!code || typeof code !== "string")
- return next("Invalid code1.");
- userModel.findOne(
- {
- "services.password.set.code": code,
- _id: session.userId,
- },
- next
- );
- },
- (user, next) => {
- if (!user) return next("Invalid code2.");
- if (user.services.password.set.expires < new Date())
- return next("That code has expired.");
- next(null);
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "VERIFY_PASSWORD_CODE",
- `Code '${code}' failed to verify. '${err}'`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "VERIFY_PASSWORD_CODE",
- `Code '${code}' successfully verified.`
- );
- cb({
- status: "success",
- message: "Successfully verified password code.",
- });
- }
- }
- );
- }),
- /**
- * Adds a password to a user with a code
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} code - the password code
- * @param {String} newPassword - the new password code
- * @param {Function} cb - gets called with the result
- */
- changePasswordWithCode: hooks.loginRequired(
- async (session, code, newPassword, cb) => {
- const userModel = await db.runJob("GET_MODEL", {
- modelName: "user",
- });
- async.waterfall(
- [
- (next) => {
- if (!code || typeof code !== "string")
- return next("Invalid code1.");
- userModel.findOne(
- { "services.password.set.code": code },
- next
- );
- },
- (user, next) => {
- if (!user) return next("Invalid code2.");
- if (!user.services.password.set.expires > new Date())
- return next("That code has expired.");
- next();
- },
- (next) => {
- if (!db.passwordValid(newPassword))
- return next(
- "Invalid password. Check if it meets all the requirements."
- );
- return next();
- },
- (next) => {
- bcrypt.genSalt(10, next);
- },
- // hash the password
- (salt, next) => {
- bcrypt.hash(sha256(newPassword), salt, next);
- },
- (hashedPassword, next) => {
- userModel.updateOne(
- { "services.password.set.code": code },
- {
- $set: {
- "services.password.password": hashedPassword,
- },
- $unset: { "services.password.set": "" },
- },
- { runValidators: true },
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "ADD_PASSWORD_WITH_CODE",
- `Code '${code}' failed to add password. '${err}'`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "ADD_PASSWORD_WITH_CODE",
- `Code '${code}' successfully added password.`
- );
- cache.runJob("PUB", {
- channel: "user.linkPassword",
- value: session.userId,
- });
- cb({
- status: "success",
- message: "Successfully added password.",
- });
- }
- }
- );
- }
- ),
- /**
- * Unlinks password from user
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {Function} cb - gets called with the result
- */
- unlinkPassword: hooks.loginRequired(async (session, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user) return next("Not logged in.");
- if (!user.services.github || !user.services.github.id)
- return next(
- "You can't remove password login without having GitHub login."
- );
- userModel.updateOne(
- { _id: session.userId },
- { $unset: { "services.password": "" } },
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "UNLINK_PASSWORD",
- `Unlinking password failed for userId '${session.userId}'. '${err}'`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "UNLINK_PASSWORD",
- `Unlinking password successful for userId '${session.userId}'.`
- );
- cache.runJob("PUB", {
- channel: "user.unlinkPassword",
- value: session.userId,
- });
- cb({
- status: "success",
- message: "Successfully unlinked password.",
- });
- }
- }
- );
- }),
- /**
- * Unlinks GitHub from user
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {Function} cb - gets called with the result
- */
- unlinkGitHub: hooks.loginRequired(async (session, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user) return next("Not logged in.");
- if (
- !user.services.password ||
- !user.services.password.password
- )
- return next(
- "You can't remove GitHub login without having password login."
- );
- userModel.updateOne(
- { _id: session.userId },
- { $unset: { "services.github": "" } },
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "UNLINK_GITHUB",
- `Unlinking GitHub failed for userId '${session.userId}'. '${err}'`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "UNLINK_GITHUB",
- `Unlinking GitHub successful for userId '${session.userId}'.`
- );
- cache.runJob("PUB", {
- channel: "user.unlinkGithub",
- value: session.userId,
- });
- cb({
- status: "success",
- message: "Successfully unlinked GitHub.",
- });
- }
- }
- );
- }),
- /**
- * Requests a password reset for an email
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} email - the email of the user that requests a password reset
- * @param {Function} cb - gets called with the result
- */
- requestPasswordReset: async (session, email, cb) => {
- let code = await utils.runJob("GENERATE_RANDOM_STRING", { length: 8 });
- console.log(111, code);
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- const resetPasswordRequestSchema = await mail.runJob("GET_SCHEMA", {
- schemaName: "resetPasswordRequest",
- });
- async.waterfall(
- [
- (next) => {
- if (!email || typeof email !== "string")
- return next("Invalid email.");
- email = email.toLowerCase();
- userModel.findOne({ "email.address": email }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- if (
- !user.services.password ||
- !user.services.password.password
- )
- return next(
- "User does not have a password set, and probably uses GitHub to log in."
- );
- next(null, user);
- },
- (user, next) => {
- let expires = new Date();
- expires.setDate(expires.getDate() + 1);
- userModel.findOneAndUpdate(
- { "email.address": email },
- {
- $set: {
- "services.password.reset": {
- code: code,
- expires,
- },
- },
- },
- { runValidators: true },
- next
- );
- },
- (user, next) => {
- resetPasswordRequestSchema(
- user.email.address,
- user.username,
- code,
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "REQUEST_PASSWORD_RESET",
- `Email '${email}' failed to request password reset. '${err}'`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "REQUEST_PASSWORD_RESET",
- `Email '${email}' successfully requested a password reset.`
- );
- cb({
- status: "success",
- message: "Successfully requested password reset.",
- });
- }
- }
- );
- },
- /**
- * Verifies a reset code
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} code - the password reset code
- * @param {Function} cb - gets called with the result
- */
- verifyPasswordResetCode: async (session, code, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- if (!code || typeof code !== "string")
- return next("Invalid code.");
- userModel.findOne(
- { "services.password.reset.code": code },
- next
- );
- },
- (user, next) => {
- if (!user) return next("Invalid code.");
- if (!user.services.password.reset.expires > new Date())
- return next("That code has expired.");
- next(null);
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "VERIFY_PASSWORD_RESET_CODE",
- `Code '${code}' failed to verify. '${err}'`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "VERIFY_PASSWORD_RESET_CODE",
- `Code '${code}' successfully verified.`
- );
- cb({
- status: "success",
- message: "Successfully verified password reset code.",
- });
- }
- }
- );
- },
- /**
- * Changes a user's password with a reset code
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} code - the password reset code
- * @param {String} newPassword - the new password reset code
- * @param {Function} cb - gets called with the result
- */
- changePasswordWithResetCode: async (session, code, newPassword, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- if (!code || typeof code !== "string")
- return next("Invalid code.");
- userModel.findOne(
- { "services.password.reset.code": code },
- next
- );
- },
- (user, next) => {
- if (!user) return next("Invalid code.");
- if (!user.services.password.reset.expires > new Date())
- return next("That code has expired.");
- next();
- },
- (next) => {
- if (!db.passwordValid(newPassword))
- return next(
- "Invalid password. Check if it meets all the requirements."
- );
- return next();
- },
- (next) => {
- bcrypt.genSalt(10, next);
- },
- // hash the password
- (salt, next) => {
- bcrypt.hash(sha256(newPassword), salt, next);
- },
- (hashedPassword, next) => {
- userModel.updateOne(
- { "services.password.reset.code": code },
- {
- $set: {
- "services.password.password": hashedPassword,
- },
- $unset: { "services.password.reset": "" },
- },
- { runValidators: true },
- next
- );
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "CHANGE_PASSWORD_WITH_RESET_CODE",
- `Code '${code}' failed to change password. '${err}'`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "CHANGE_PASSWORD_WITH_RESET_CODE",
- `Code '${code}' successfully changed password.`
- );
- cb({
- status: "success",
- message: "Successfully changed password.",
- });
- }
- }
- );
- },
- /**
- * Bans a user by userId
- *
- * @param {Object} session - the session object automatically added by socket.io
- * @param {String} value - the user id that is going to be banned
- * @param {String} reason - the reason for the ban
- * @param {String} expiresAt - the time the ban expires
- * @param {Function} cb - gets called with the result
- */
- banUserById: hooks.adminRequired(
- (session, userId, reason, expiresAt, cb) => {
- async.waterfall(
- [
- (next) => {
- if (!userId)
- return next("You must provide a userId to ban.");
- else if (!reason)
- return next(
- "You must provide a reason for the ban."
- );
- else return next();
- },
- (next) => {
- if (!expiresAt || typeof expiresAt !== "string")
- return next("Invalid expire date.");
- let date = new Date();
- switch (expiresAt) {
- case "1h":
- expiresAt = date.setHours(date.getHours() + 1);
- break;
- case "12h":
- expiresAt = date.setHours(date.getHours() + 12);
- break;
- case "1d":
- expiresAt = date.setDate(date.getDate() + 1);
- break;
- case "1w":
- expiresAt = date.setDate(date.getDate() + 7);
- break;
- case "1m":
- expiresAt = date.setMonth(date.getMonth() + 1);
- break;
- case "3m":
- expiresAt = date.setMonth(date.getMonth() + 3);
- break;
- case "6m":
- expiresAt = date.setMonth(date.getMonth() + 6);
- break;
- case "1y":
- expiresAt = date.setFullYear(
- date.getFullYear() + 1
- );
- break;
- case "never":
- expiresAt = new Date(3093527980800000);
- break;
- default:
- return next("Invalid expire date.");
- }
- next();
- },
- (next) => {
- punishments
- .runJob("ADD_PUNISHMENT", {
- type: "banUserId",
- value: userId,
- reason,
- expiresAt,
- punishedBy,
- })
- .then((punishment) => next(null, punishment))
- .catch(next);
- },
- (punishment, next) => {
- cache.runJob("PUB", {
- channel: "user.ban",
- value: { userId, punishment },
- });
- next();
- },
- ],
- async (err) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "BAN_USER_BY_ID",
- `User ${session.userId} failed to ban user ${userId} with the reason ${reason}. '${err}'`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "BAN_USER_BY_ID",
- `User ${session.userId} has successfully banned user ${userId} with the reason ${reason}.`
- );
- cb({
- status: "success",
- message: "Successfully banned user.",
- });
- }
- }
- );
- }
- ),
- getFavoriteStations: hooks.loginRequired(async (session, cb) => {
- const userModel = await db.runJob("GET_MODEL", { modelName: "user" });
- async.waterfall(
- [
- (next) => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- next(null, user);
- },
- ],
- async (err, user) => {
- if (err && err !== true) {
- err = await utils.runJob("GET_ERROR", { error: err });
- console.log(
- "ERROR",
- "GET_FAVORITE_STATIONS",
- `User ${session.userId} failed to get favorite stations. '${err}'`
- );
- cb({ status: "failure", message: err });
- } else {
- console.log(
- "SUCCESS",
- "GET_FAVORITE_STATIONS",
- `User ${session.userId} got favorite stations.`
- );
- cb({
- status: "success",
- favoriteStations: user.favoriteStations,
- });
- }
- }
- );
- }),
- };
|
