123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426 |
- import config from "config";
- import async from "async";
- import mongoose from "mongoose";
- import axios from "axios";
- import bcrypt from "bcrypt";
- import sha256 from "sha256";
- import isLoginRequired from "../hooks/loginRequired";
- import { hasPermission, useHasPermission } from "../hooks/hasPermission";
- // eslint-disable-next-line
- import moduleManager from "../../index";
- const DBModule = moduleManager.modules.db;
- const UtilsModule = moduleManager.modules.utils;
- const WSModule = moduleManager.modules.ws;
- const CacheModule = moduleManager.modules.cache;
- const MailModule = moduleManager.modules.mail;
- const PunishmentsModule = moduleManager.modules.punishments;
- const ActivitiesModule = moduleManager.modules.activities;
- const PlaylistsModule = moduleManager.modules.playlists;
- const MediaModule = moduleManager.modules.media;
- CacheModule.runJob("SUB", {
- channel: "user.updatePreferences",
- cb: res => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId: res.userId }, this).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("keep.event:user.preferences.updated", { data: { preferences: res.preferences } });
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.updateOrderOfFavoriteStations",
- cb: res => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId: res.userId }, this).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.orderOfFavoriteStations.updated", {
- data: { order: res.favoriteStations }
- });
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.updateOrderOfPlaylists",
- cb: res => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId: res.userId }, this).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.orderOfPlaylists.updated", { data: { order: res.orderOfPlaylists } });
- });
- });
- WSModule.runJob("EMIT_TO_ROOM", {
- room: `profile.${res.userId}.playlists`,
- args: ["event:user.orderOfPlaylists.updated", { data: { order: res.orderOfPlaylists } }]
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.updateUsername",
- cb: user => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId: user._id }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("keep.event:user.username.updated", { data: { username: user.username } });
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.removeSessions",
- cb: userId => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId }).then(sockets =>
- sockets.forEach(socket => socket.dispatch("keep.event:user.session.deleted"))
- );
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.linkPassword",
- cb: userId => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.password.linked");
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.unlinkPassword",
- cb: userId => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.password.unlinked");
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.linkGithub",
- cb: userId => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.github.linked");
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.unlinkGithub",
- cb: userId => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.github.unlinked");
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.ban",
- cb: data => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId: data.userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("keep.event:user.banned", { data: { ban: data.punishment } });
- socket.close();
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.favoritedStation",
- cb: data => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId: data.userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.station.favorited", { data: { stationId: data.stationId } });
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.unfavoritedStation",
- cb: data => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId: data.userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.station.unfavorited", { data: { stationId: data.stationId } });
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.removeAccount",
- cb: userId => {
- WSModule.runJob("EMIT_TO_ROOMS", {
- rooms: ["admin.users", `edit-user.${userId}`],
- args: ["event:user.removed", { data: { userId } }]
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.updateRole",
- cb: ({ user }) => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId: user._id }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("keep.event:user.role.updated", { data: { role: user.role } });
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.updated",
- cb: async data => {
- const userModel = await DBModule.runJob("GET_MODEL", {
- modelName: "user"
- });
- userModel.findOne(
- { _id: data.userId },
- [
- "_id",
- "name",
- "username",
- "avatar",
- "services.github.id",
- "role",
- "email.address",
- "email.verified",
- "statistics.songsRequested",
- "services.password.password"
- ],
- (err, user) => {
- const newUser = { ...user._doc, hasPassword: !!user.services.password.password };
- delete newUser.services.password;
- WSModule.runJob("EMIT_TO_ROOMS", {
- rooms: ["admin.users", `edit-user.${data.userId}`],
- args: ["event:admin.user.updated", { data: { user: newUser } }]
- });
- }
- );
- }
- });
- CacheModule.runJob("SUB", {
- channel: "longJob.removed",
- cb: ({ jobId, userId }) => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("keep.event:longJob.removed", {
- data: {
- jobId
- }
- });
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "longJob.added",
- cb: ({ jobId, userId }) => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("keep.event:longJob.added", {
- data: {
- jobId
- }
- });
- });
- });
- }
- });
- export default {
- /**
- * Gets users, used in the admin users page by the AdvancedTable component
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param page - the page
- * @param pageSize - the size per page
- * @param properties - the properties to return for each user
- * @param sort - the sort object
- * @param queries - the queries array
- * @param operator - the operator for queries
- * @param cb
- */
- getData: useHasPermission(
- "users.get",
- async function getSet(session, page, pageSize, properties, sort, queries, operator, cb) {
- async.waterfall(
- [
- next => {
- DBModule.runJob(
- "GET_DATA",
- {
- page,
- pageSize,
- properties,
- sort,
- queries,
- operator,
- modelName: "user",
- blacklistedProperties: [
- "services.password.password",
- "services.password.reset.code",
- "services.password.reset.expires",
- "services.password.set.code",
- "services.password.set.expires",
- "services.github.access_token",
- "email.verificationToken"
- ],
- specialProperties: {
- hasPassword: [
- {
- $addFields: {
- hasPassword: {
- $cond: [
- { $eq: [{ $type: "$services.password.password" }, "string"] },
- true,
- false
- ]
- }
- }
- }
- ]
- },
- specialQueries: {}
- },
- this
- )
- .then(response => {
- next(null, response);
- })
- .catch(err => {
- next(err);
- });
- }
- ],
- async (err, response) => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "USERS_GET_DATA", `Failed to get data from users. "${err}"`);
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "USERS_GET_DATA", `Got data from users successfully.`);
- return cb({
- status: "success",
- message: "Successfully got data from users.",
- data: response
- });
- }
- );
- }
- ),
- /**
- * Removes all data held on a user, including their ability to login
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Function} cb - gets called with the result
- */
- remove: isLoginRequired(async function remove(session, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- const dataRequestModel = await DBModule.runJob("GET_MODEL", { modelName: "dataRequest" }, this);
- const stationModel = await DBModule.runJob("GET_MODEL", { modelName: "station" }, this);
- const playlistModel = await DBModule.runJob("GET_MODEL", { modelName: "playlist" }, this);
- const activityModel = await DBModule.runJob("GET_MODEL", { modelName: "activity" }, this);
- const dataRequestEmail = await MailModule.runJob("GET_SCHEMA", { schemaName: "dataRequest" }, this);
- const songsToAdjustRatings = [];
- async.waterfall(
- [
- // activities related to the user
- next => {
- activityModel.deleteMany({ userId: session.userId }, next);
- },
- // user's stations
- (res, next) => {
- stationModel.find({ owner: session.userId }, (err, stations) => {
- if (err) return next(err);
- return async.each(
- stations,
- (station, callback) => {
- // delete the station
- stationModel.deleteOne({ _id: station._id }, err => {
- if (err) return callback(err);
- CacheModule.runJob("HDEL", { table: "stations", key: station._id });
- // if applicable, delete the corresponding playlist for the station
- if (station.playlist)
- return PlaylistsModule.runJob("DELETE_PLAYLIST", {
- playlistId: station.playlist
- })
- .then(() => callback())
- .catch(callback);
- return callback();
- });
- },
- err => next(err)
- );
- });
- },
- // remove user as station DJ
- next => {
- stationModel.updateMany({ djs: session.userId }, { $pull: { djs: session.userId } }, next);
- },
- (res, next) => {
- playlistModel.findOne({ createdBy: session.userId, type: "user-liked" }, next);
- },
- // get all liked songs (as the global rating values for these songs will need adjusted)
- (playlist, next) => {
- if (!playlist) return next();
- playlist.songs.forEach(song =>
- songsToAdjustRatings.push({ songId: song._id, mediaSource: song.mediaSource })
- );
- return next();
- },
- next => {
- playlistModel.findOne({ createdBy: session.userId, type: "user-disliked" }, next);
- },
- // get all disliked songs (as the global rating values for these songs will need adjusted)
- (playlist, next) => {
- if (!playlist) return next();
- playlist.songs.forEach(song => songsToAdjustRatings.push({ mediaSource: song.mediaSource }));
- return next();
- },
- // user's playlists
- next => {
- playlistModel.deleteMany({ createdBy: session.userId }, next);
- },
- (res, next) => {
- async.each(
- songsToAdjustRatings,
- (song, next) => {
- const { mediaSource } = song;
- MediaModule.runJob("RECALCULATE_RATINGS", { mediaSource })
- .then(() => next())
- .catch(next);
- },
- err => next(err)
- );
- },
- // user object
- next => {
- userModel.deleteMany({ _id: session.userId }, next);
- },
- // session
- (res, next) => {
- CacheModule.runJob("PUB", {
- channel: "user.removeSessions",
- value: session.userId
- });
- async.waterfall(
- [
- next => {
- CacheModule.runJob("HGETALL", { table: "sessions" }, this)
- .then(sessions => {
- next(null, sessions);
- })
- .catch(next);
- },
- (sessions, next) => {
- if (!sessions) return next(null, [], {});
- const keys = Object.keys(sessions);
- return next(null, keys, sessions);
- },
- (keys, sessions, next) => {
- // temp fix, need to wait properly for the SUB/PUB refactor (on wekan)
- const { userId } = session;
- setTimeout(
- () =>
- async.each(
- keys,
- (sessionId, callback) => {
- const session = sessions[sessionId];
- if (session && session.userId === userId) {
- CacheModule.runJob(
- "HDEL",
- {
- table: "sessions",
- key: sessionId
- },
- this
- )
- .then(() => callback(null))
- .catch(callback);
- } else callback();
- },
- err => {
- next(err);
- }
- ),
- 50
- );
- }
- ],
- next
- );
- },
- // request data removal for user
- next => {
- dataRequestModel.create({ userId: session.userId, type: "remove" }, next);
- },
- (request, next) => {
- WSModule.runJob("EMIT_TO_ROOM", {
- room: "admin.users",
- args: ["event:admin.dataRequests.created", { data: { request } }]
- });
- return next();
- },
- next => userModel.find({ role: "admin" }, next),
- // send email to all admins of a data removal request
- (users, next) => {
- if (!config.get("sendDataRequestEmails")) return next();
- if (users.length === 0) return next();
- const to = [];
- users.forEach(user => to.push(user.email.address));
- return dataRequestEmail(to, session.userId, "remove", err => next(err));
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "USER_REMOVE",
- `Removing data and account for user "${session.userId}" failed. "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- this.log(
- "SUCCESS",
- "USER_REMOVE",
- `Successfully removed data and account for user "${session.userId}"`
- );
- CacheModule.runJob("PUB", {
- channel: "user.removeAccount",
- value: session.userId
- });
- return cb({
- status: "success",
- message: "Successfully removed data and account."
- });
- }
- );
- }),
- /**
- * Removes all data held on a user, including their ability to login, by userId
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} userId - the user id that is going to be banned
- * @param {Function} cb - gets called with the result
- */
- adminRemove: useHasPermission("users.remove", async function adminRemove(session, userId, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- const dataRequestModel = await DBModule.runJob("GET_MODEL", { modelName: "dataRequest" }, this);
- const stationModel = await DBModule.runJob("GET_MODEL", { modelName: "station" }, this);
- const playlistModel = await DBModule.runJob("GET_MODEL", { modelName: "playlist" }, this);
- const activityModel = await DBModule.runJob("GET_MODEL", { modelName: "activity" }, this);
- const dataRequestEmail = await MailModule.runJob("GET_SCHEMA", { schemaName: "dataRequest" }, this);
- const songsToAdjustRatings = [];
- async.waterfall(
- [
- next => {
- if (!userId) return next("You must provide a userId to remove.");
- return next();
- },
- // activities related to the user
- next => {
- activityModel.deleteMany({ userId }, next);
- },
- // user's stations
- (res, next) => {
- stationModel.find({ owner: userId }, (err, stations) => {
- if (err) return next(err);
- return async.each(
- stations,
- (station, callback) => {
- // delete the station
- stationModel.deleteOne({ _id: station._id }, err => {
- if (err) return callback(err);
- // if applicable, delete the corresponding playlist for the station
- if (station.playlist)
- return PlaylistsModule.runJob("DELETE_PLAYLIST", {
- playlistId: station.playlist
- })
- .then(() => callback())
- .catch(callback);
- return callback();
- });
- },
- err => next(err)
- );
- });
- },
- // remove user as station DJ
- next => {
- stationModel.updateMany({ djs: userId }, { $pull: { djs: userId } }, next);
- },
- (res, next) => {
- playlistModel.findOne({ createdBy: userId, type: "user-liked" }, next);
- },
- // get all liked songs (as the global rating values for these songs will need adjusted)
- (playlist, next) => {
- if (!playlist) return next();
- playlist.songs.forEach(song =>
- songsToAdjustRatings.push({ songId: song._id, mediaSource: song.mediaSource })
- );
- return next();
- },
- next => {
- playlistModel.findOne({ createdBy: userId, type: "user-disliked" }, next);
- },
- // get all disliked songs (as the global rating values for these songs will need adjusted)
- (playlist, next) => {
- if (!playlist) return next();
- playlist.songs.forEach(song => songsToAdjustRatings.push({ mediaSource: song.mediaSource }));
- return next();
- },
- // user's playlists
- next => {
- playlistModel.deleteMany({ createdBy: userId }, next);
- },
- (res, next) => {
- async.each(
- songsToAdjustRatings,
- (song, next) => {
- const { mediaSource } = song;
- MediaModule.runJob("RECALCULATE_RATINGS", { mediaSource })
- .then(() => next())
- .catch(next);
- },
- err => next(err)
- );
- },
- // user object
- next => {
- userModel.deleteMany({ _id: userId }, next);
- },
- // session
- (res, next) => {
- CacheModule.runJob("PUB", {
- channel: "user.removeSessions",
- value: userId
- });
- async.waterfall(
- [
- next => {
- CacheModule.runJob("HGETALL", { table: "sessions" }, this)
- .then(sessions => {
- next(null, sessions);
- })
- .catch(next);
- },
- (sessions, next) => {
- if (!sessions) return next(null, [], {});
- const keys = Object.keys(sessions);
- return next(null, keys, sessions);
- },
- (keys, sessions, next) => {
- // temp fix, need to wait properly for the SUB/PUB refactor (on wekan)
- setTimeout(
- () =>
- async.each(
- keys,
- (sessionId, callback) => {
- const session = sessions[sessionId];
- if (session && session.userId === userId) {
- CacheModule.runJob(
- "HDEL",
- {
- table: "sessions",
- key: sessionId
- },
- this
- )
- .then(() => callback(null))
- .catch(callback);
- } else callback();
- },
- err => {
- next(err);
- }
- ),
- 50
- );
- }
- ],
- next
- );
- },
- // request data removal for user
- next => {
- dataRequestModel.create({ userId, type: "remove" }, next);
- },
- (request, next) => {
- WSModule.runJob("EMIT_TO_ROOM", {
- room: "admin.users",
- args: ["event:admin.dataRequests.created", { data: { request } }]
- });
- return next();
- },
- next => userModel.find({ role: "admin" }, next),
- // send email to all admins of a data removal request
- (users, next) => {
- if (!config.get("sendDataRequestEmails")) return next();
- if (users.length === 0) return next();
- const to = [];
- users.forEach(user => to.push(user.email.address));
- return dataRequestEmail(to, userId, "remove", err => next(err));
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "USER_ADMIN_REMOVE",
- `Removing data and account for user "${userId}" failed. "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "USER_ADMIN_REMOVE", `Successfully removed data and account for user "${userId}"`);
- CacheModule.runJob("PUB", {
- channel: "user.removeAccount",
- value: userId
- });
- return cb({
- status: "success",
- message: "Successfully removed data and account."
- });
- }
- );
- }),
- /**
- * Logs user in
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} identifier - the username or email of the user
- * @param {string} password - the plaintext of the user
- * @param {Function} cb - gets called with the result
- */
- async login(session, identifier, password, cb) {
- identifier = identifier.toLowerCase();
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- const sessionSchema = await CacheModule.runJob("GET_SCHEMA", { schemaName: "session" }, this);
- async.waterfall(
- [
- // check if a user with the requested identifier exists
- next => {
- const query = {};
- if (identifier.indexOf("@") !== -1) query["email.address"] = identifier;
- else query.username = { $regex: `^${identifier}$`, $options: "i" };
- userModel.findOne(query, next);
- },
- // if the user doesn't exist, respond with a failure
- // otherwise compare the requested password and the actual users password
- (user, next) => {
- if (!user) return next("User not found");
- if (!user.services.password || !user.services.password.password)
- return next("The account you are trying to access uses GitHub to log in.");
- return bcrypt.compare(sha256(password), user.services.password.password, (err, match) => {
- if (err) return next(err);
- if (!match) return next("Incorrect password");
- return next(null, user);
- });
- },
- (user, next) => {
- UtilsModule.runJob("GUID", {}, this).then(sessionId => {
- next(null, user, sessionId);
- });
- },
- (user, sessionId, next) => {
- CacheModule.runJob(
- "HSET",
- {
- table: "sessions",
- key: sessionId,
- value: sessionSchema(sessionId, user._id)
- },
- this
- )
- .then(() => next(null, sessionId))
- .catch(next);
- }
- ],
- async (err, sessionId) => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "USER_PASSWORD_LOGIN",
- `Login failed with password for user "${identifier}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "USER_PASSWORD_LOGIN", `Login successful with password for user "${identifier}"`);
- return cb({
- status: "success",
- message: "Login successful",
- data: { SID: sessionId }
- });
- }
- );
- },
- /**
- * Registers a new user
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} username - the username for the new user
- * @param {string} email - the email for the new user
- * @param {string} password - the plaintext password for the new user
- * @param {object} recaptcha - the recaptcha data
- * @param {Function} cb - gets called with the result
- */
- async register(session, username, email, password, recaptcha, cb) {
- email = email.toLowerCase().trim();
- const verificationToken = await UtilsModule.runJob("GENERATE_RANDOM_STRING", { length: 64 }, this);
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- const verifyEmailSchema = await MailModule.runJob("GET_SCHEMA", { schemaName: "verifyEmail" }, this);
- async.waterfall(
- [
- next => {
- if (config.get("registrationDisabled") === true)
- return next("Registration is not allowed at this time.");
- if (config.get("experimental.registration_email_whitelist")) {
- const experimentalRegistrationEmailWhitelist = config.get(
- "experimental.registration_email_whitelist"
- );
- if (!Array.isArray(experimentalRegistrationEmailWhitelist)) return next();
- let anyPassed = false;
- experimentalRegistrationEmailWhitelist.forEach(regex => {
- const newRegex = new RegExp(regex);
- if (newRegex.test(email)) anyPassed = true;
- });
- if (!anyPassed) next("Your email is not allowed to register.");
- }
- return next();
- },
- next => {
- if (!DBModule.passwordValid(password))
- return next("Invalid password. Check if it meets all the requirements.");
- return next();
- },
- // verify the request with google recaptcha
- next => {
- if (config.get("apis.recaptcha.enabled") === true)
- axios
- .post("https://www.google.com/recaptcha/api/siteverify", {
- data: {
- secret: config.get("apis").recaptcha.secret,
- response: recaptcha
- }
- })
- .then(res => next(null, res.data))
- .catch(err => next(err));
- else next(null, null);
- },
- // check if the response from Google recaptcha is successful
- // if it is, we check if a user with the requested username already exists
- (body, next) => {
- if (config.get("apis.recaptcha.enabled") === true)
- if (body.success !== true) return next("Response from recaptcha was not successful.");
- return userModel.findOne({ username: new RegExp(`^${username}$`, "i") }, next);
- },
- // if the user already exists, respond with that
- // otherwise check if a user with the requested email already exists
- (user, next) => {
- if (user) return next("A user with that username already exists.");
- return userModel.findOne({ "email.address": email }, next);
- },
- // if the user already exists, respond with that
- // otherwise, generate a salt to use with hashing the new users password
- (user, next) => {
- if (user) return next("A user with that email already exists.");
- return bcrypt.genSalt(10, next);
- },
- // hash the password
- (salt, next) => {
- bcrypt.hash(sha256(password), salt, next);
- },
- (hash, next) => {
- UtilsModule.runJob("GENERATE_RANDOM_STRING", { length: 12 }, this).then(_id => {
- next(null, hash, _id);
- });
- },
- // create the user object
- (hash, _id, next) => {
- next(null, {
- _id,
- name: username,
- username,
- email: {
- address: email,
- verificationToken
- },
- services: {
- password: {
- password: hash
- }
- }
- });
- },
- // generate the url for gravatar avatar
- (user, next) => {
- UtilsModule.runJob("CREATE_GRAVATAR", { email: user.email.address }, this).then(url => {
- const avatarColors = ["blue", "orange", "green", "purple", "teal"];
- user.avatar = {
- type: "initials",
- color: avatarColors[Math.floor(Math.random() * avatarColors.length)],
- url
- };
- next(null, user);
- });
- },
- // save the new user to the database
- (user, next) => {
- userModel.create(user, next);
- },
- // respond with the new user
- (user, next) => {
- verifyEmailSchema(email, username, verificationToken, err => {
- next(err, user._id);
- });
- },
- // create a liked songs playlist for the new user
- (userId, next) => {
- PlaylistsModule.runJob("CREATE_USER_PLAYLIST", {
- userId,
- displayName: "Liked Songs",
- type: "user-liked"
- })
- .then(likedSongsPlaylist => {
- next(null, likedSongsPlaylist, userId);
- })
- .catch(err => next(err));
- },
- // create a disliked songs playlist for the new user
- (likedSongsPlaylist, userId, next) => {
- PlaylistsModule.runJob("CREATE_USER_PLAYLIST", {
- userId,
- displayName: "Disliked Songs",
- type: "user-disliked"
- })
- .then(dislikedSongsPlaylist => {
- next(null, { likedSongsPlaylist, dislikedSongsPlaylist }, userId);
- })
- .catch(err => next(err));
- },
- // associate liked + disliked songs playlist to the user object
- ({ likedSongsPlaylist, dislikedSongsPlaylist }, userId, next) => {
- userModel.updateOne(
- { _id: userId },
- { $set: { likedSongsPlaylist, dislikedSongsPlaylist } },
- { runValidators: true },
- err => {
- if (err) return next(err);
- return next(null, userId);
- }
- );
- }
- ],
- async (err, userId) => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "USER_PASSWORD_REGISTER",
- `Register failed with password for user "${username}"."${err}"`
- );
- return cb({ status: "error", message: err });
- }
- ActivitiesModule.runJob("ADD_ACTIVITY", {
- userId,
- type: "user__joined",
- payload: { message: "Welcome to Musare!" }
- });
- this.log(
- "SUCCESS",
- "USER_PASSWORD_REGISTER",
- `Register successful with password for user "${username}".`
- );
- const res = await this.module.runJob(
- "RUN_ACTION2",
- {
- session,
- namespace: "users",
- action: "login",
- args: [email, password]
- },
- this
- );
- const obj = {
- status: "success",
- message: "Successfully registered."
- };
- if (res.status === "success") {
- obj.SID = res.data.SID;
- }
- return cb(obj);
- }
- );
- },
- /**
- * Logs out a user
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Function} cb - gets called with the result
- */
- logout(session, cb) {
- async.waterfall(
- [
- next => {
- CacheModule.runJob("HGET", { table: "sessions", key: session.sessionId }, this)
- .then(session => next(null, session))
- .catch(next);
- },
- (session, next) => {
- if (!session) return next("Session not found");
- return next(null, session);
- },
- (session, next) => {
- CacheModule.runJob("PUB", {
- channel: "user.removeSessions",
- value: session.userId
- });
- // temp fix, need to wait properly for the SUB/PUB refactor (on wekan)
- setTimeout(() => {
- CacheModule.runJob("HDEL", { table: "sessions", key: session.sessionId }, this)
- .then(() => next())
- .catch(next);
- }, 50);
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "USER_LOGOUT", `Logout failed. "${err}" `);
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "USER_LOGOUT", `Logout successful.`);
- return cb({
- status: "success",
- message: "Successfully logged out."
- });
- }
- );
- },
- /**
- * Checks if user's password is correct (e.g. before a sensitive action)
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} password - the password the user entered that we need to validate
- * @param {Function} cb - gets called with the result
- */
- confirmPasswordMatch: isLoginRequired(async function confirmPasswordMatch(session, password, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- return async.waterfall(
- [
- next => {
- if (!password || password === "") return next("Please provide a valid password.");
- return next();
- },
- next => {
- userModel.findOne({ _id: session.userId }, (err, user) =>
- next(err, user.services.password.password)
- );
- },
- (passwordHash, next) => {
- if (!passwordHash) return next("Your account doesn't have a password linked.");
- return bcrypt.compare(sha256(password), passwordHash, (err, match) => {
- if (err) return next(err);
- if (!match) return next(null, false);
- return next(null, true);
- });
- }
- ],
- async (err, match) => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "USER_CONFIRM_PASSWORD",
- `Couldn't confirm password for user "${session.userId}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- if (match) {
- this.log(
- "SUCCESS",
- "USER_CONFIRM_PASSWORD",
- `Successfully checked for password match (it matched) for user "${session.userId}".`
- );
- return cb({
- status: "success",
- message: "Your password matches."
- });
- }
- this.log(
- "SUCCESS",
- "USER_CONFIRM_PASSWORD",
- `Successfully checked for password match (it didn't match) for user "${session.userId}".`
- );
- return cb({
- status: "error",
- message: "Unfortunately your password doesn't match."
- });
- }
- );
- }),
- /**
- * Checks if user's github access token has expired or not (ie. if their github account is still linked)
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Function} cb - gets called with the result
- */
- confirmGithubLink: isLoginRequired(async function confirmGithubLink(session, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- return async.waterfall(
- [
- next => {
- if (!config.get("apis.github.enabled")) return next("GitHub authentication is disabled.");
- return userModel.findOne({ _id: session.userId }, (err, user) => next(err, user));
- },
- (user, next) => {
- if (!user.services.github) return next("You don't have GitHub linked to your account.");
- return axios
- .get(`https://api.github.com/user/emails`, {
- headers: {
- "User-Agent": "request",
- Authorization: `token ${user.services.github.access_token}`
- }
- })
- .then(res => next(null, res))
- .catch(err => next(err));
- },
- (res, next) => next(null, res.status === 200)
- ],
- async (err, linked) => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "USER_CONFIRM_GITHUB_LINK",
- `Couldn't confirm github link for user "${session.userId}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- this.log(
- "SUCCESS",
- "USER_CONFIRM_GITHUB_LINK",
- `GitHub is ${linked ? "linked" : "not linked"} for user "${session.userId}".`
- );
- return cb({
- status: "success",
- data: { linked },
- message: "Successfully checked if GitHub accounty was linked."
- });
- }
- );
- }),
- /**
- * Removes all sessions for a user
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} userId - the id of the user we are trying to delete the sessions of
- * @param {Function} cb - gets called with the result
- */
- removeSessions: isLoginRequired(async function removeSessions(session, userId, cb) {
- async.waterfall(
- [
- next => {
- if (session.userId === userId) return next();
- return hasPermission("users.remove.sessions", session)
- .then(() => next())
- .catch(() => next("Only admins and the owner of the account can remove their sessions."));
- },
- next => {
- CacheModule.runJob("HGETALL", { table: "sessions" }, this)
- .then(sessions => {
- next(null, sessions);
- })
- .catch(next);
- },
- (sessions, next) => {
- if (!sessions) return next("There are no sessions for this user to remove.");
- const keys = Object.keys(sessions);
- return next(null, keys, sessions);
- },
- (keys, sessions, next) => {
- CacheModule.runJob("PUB", {
- channel: "user.removeSessions",
- value: userId
- });
- // temp fix, need to wait properly for the SUB/PUB refactor (on wekan)
- setTimeout(
- () =>
- async.each(
- keys,
- (sessionId, callback) => {
- const session = sessions[sessionId];
- if (session && session.userId === userId) {
- // TODO Also maybe add this to this runJob
- CacheModule.runJob("HDEL", {
- table: "sessions",
- key: sessionId
- })
- .then(() => callback(null))
- .catch(callback);
- } else callback();
- },
- err => {
- next(err);
- }
- ),
- 50
- );
- }
- ],
- async err => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "REMOVE_SESSIONS_FOR_USER",
- `Couldn't remove all sessions for user "${userId}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "REMOVE_SESSIONS_FOR_USER", `Removed all sessions for user "${userId}".`);
- return cb({
- status: "success",
- message: "Successfully removed all sessions."
- });
- }
- );
- }),
- /**
- * Updates the order of a user's favorite stations
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Array} favoriteStations - array of station ids (with a specific order)
- * @param {Function} cb - gets called with the result
- */
- updateOrderOfFavoriteStations: isLoginRequired(async function updateOrderOfFavoriteStations(
- session,
- favoriteStations,
- cb
- ) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.updateOne(
- { _id: session.userId },
- { $set: { favoriteStations } },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_ORDER_OF_USER_FAVORITE_STATIONS",
- `Couldn't update order of favorite stations for user "${session.userId}" to "${favoriteStations}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- CacheModule.runJob("PUB", {
- channel: "user.updateOrderOfFavoriteStations",
- value: {
- favoriteStations,
- userId: session.userId
- }
- });
- this.log(
- "SUCCESS",
- "UPDATE_ORDER_OF_USER_FAVORITE_STATIONS",
- `Updated order of favorite stations for user "${session.userId}" to "${favoriteStations}".`
- );
- return cb({
- status: "success",
- message: "Order of favorite stations successfully updated"
- });
- }
- );
- }),
- /**
- * Updates the order of a user's playlists
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Array} orderOfPlaylists - array of playlist ids (with a specific order)
- * @param {Function} cb - gets called with the result
- */
- updateOrderOfPlaylists: isLoginRequired(async function updateOrderOfPlaylists(session, orderOfPlaylists, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.updateOne(
- { _id: session.userId },
- { $set: { "preferences.orderOfPlaylists": orderOfPlaylists } },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_ORDER_OF_USER_PLAYLISTS",
- `Couldn't update order of playlists for user "${session.userId}" to "${orderOfPlaylists}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- CacheModule.runJob("PUB", {
- channel: "user.updateOrderOfPlaylists",
- value: {
- orderOfPlaylists,
- userId: session.userId
- }
- });
- this.log(
- "SUCCESS",
- "UPDATE_ORDER_OF_USER_PLAYLISTS",
- `Updated order of playlists for user "${session.userId}" to "${orderOfPlaylists}".`
- );
- return cb({
- status: "success",
- message: "Order of playlists successfully updated"
- });
- }
- );
- }),
- /**
- * Updates a user's preferences
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {object} preferences - object containing preferences
- * @param {boolean} preferences.nightmode - whether or not the user is using the night mode theme
- * @param {boolean} preferences.autoSkipDisliked - whether to automatically skip disliked songs
- * @param {boolean} preferences.activityLogPublic - whether or not a user's activity log can be publicly viewed
- * @param {boolean} preferences.anonymousSongRequests - whether or not a user's requested songs will be anonymous
- * @param {boolean} preferences.activityWatch - whether or not a user is using the ActivityWatch integration
- * @param {Function} cb - gets called with the result
- */
- updatePreferences: isLoginRequired(async function updatePreferences(session, preferences, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- const $set = {};
- Object.keys(preferences).forEach(preference => {
- $set[`preferences.${preference}`] = preferences[preference];
- });
- return next(null, $set);
- },
- ($set, next) => {
- userModel.findByIdAndUpdate(session.userId, { $set }, { new: false, upsert: true }, next);
- }
- ],
- async err => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_USER_PREFERENCES",
- `Couldn't update preferences for user "${session.userId}" to "${JSON.stringify(
- preferences
- )}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- CacheModule.runJob("PUB", {
- channel: "user.updatePreferences",
- value: {
- preferences,
- userId: session.userId
- }
- });
- // if (preferences.nightmode !== undefined && preferences.nightmode !== user.preferences.nightmode)
- // ActivitiesModule.runJob("ADD_ACTIVITY", {
- // userId: session.userId,
- // type: "user__toggle_nightmode",
- // payload: { message: preferences.nightmode ? "Enabled nightmode" : "Disabled nightmode" }
- // });
- // if (
- // preferences.autoSkipDisliked !== undefined &&
- // preferences.autoSkipDisliked !== user.preferences.autoSkipDisliked
- // )
- // ActivitiesModule.runJob("ADD_ACTIVITY", {
- // userId: session.userId,
- // type: "user__toggle_autoskip_disliked_songs",
- // payload: {
- // message: preferences.autoSkipDisliked
- // ? "Enabled the autoskipping of disliked songs"
- // : "Disabled the autoskipping of disliked songs"
- // }
- // });
- // if (
- // preferences.activityWatch !== undefined &&
- // preferences.activityWatch !== user.preferences.activityWatch
- // )
- // ActivitiesModule.runJob("ADD_ACTIVITY", {
- // userId: session.userId,
- // type: "user__toggle_activity_watch",
- // payload: {
- // message: preferences.activityWatch
- // ? "Enabled ActivityWatch integration"
- // : "Disabled ActivityWatch integration"
- // }
- // });
- this.log(
- "SUCCESS",
- "UPDATE_USER_PREFERENCES",
- `Updated preferences for user "${session.userId}" to "${JSON.stringify(preferences)}".`
- );
- return cb({
- status: "success",
- message: "Preferences successfully updated"
- });
- }
- );
- }),
- /**
- * Retrieves a user's preferences
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Function} cb - gets called with the result
- */
- getPreferences: isLoginRequired(async function updatePreferences(session, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.findById(session.userId).select({ preferences: -1 }).exec(next);
- },
- (user, next) => {
- if (!user) next("User not found");
- else next(null, user);
- }
- ],
- async (err, user) => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "GET_USER_PREFERENCES",
- `Couldn't retrieve preferences for user "${session.userId}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- this.log(
- "SUCCESS",
- "GET_USER_PREFERENCES",
- `Successfully obtained preferences for user "${session.userId}".`
- );
- return cb({
- status: "success",
- message: "Preferences successfully retrieved",
- data: { preferences: user.preferences }
- });
- }
- );
- }),
- /**
- * Gets user object from ObjectId or username (only a few properties)
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} identifier - the ObjectId or username of the user we are trying to find
- * @param {Function} cb - gets called with the result
- */
- getBasicUser: async function getBasicUser(session, identifier, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- if (mongoose.Types.ObjectId.isValid(identifier)) userModel.findOne({ _id: identifier }, next);
- else userModel.findOne({ username: new RegExp(`^${identifier}$`, "i") }, next);
- },
- (account, next) => {
- if (!account) return next("User not found.");
- return next(null, account);
- }
- ],
- async (err, account) => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "GET_BASIC_USER", `User not found for "${identifier}". "${err}"`);
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "GET_BASIC_USER", `User found for "${identifier}".`);
- return cb({
- status: "success",
- data: {
- _id: account._id,
- name: account.name,
- username: account.username,
- location: account.location,
- bio: account.bio,
- role: account.role,
- avatar: account.avatar,
- createdAt: account.createdAt
- }
- });
- }
- );
- },
- /**
- * Gets a list of long jobs, including onprogress events when those long jobs have progress
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Function} cb - gets called with the result
- */
- getLongJobs: isLoginRequired(async function getLongJobs(session, cb) {
- async.waterfall(
- [
- next => {
- CacheModule.runJob(
- "LRANGE",
- {
- key: `longJobs.${session.userId}`
- },
- this
- )
- .then(longJobUuids => next(null, longJobUuids))
- .catch(next);
- },
- (longJobUuids, next) => {
- next(
- null,
- longJobUuids
- .map(longJobUuid => moduleManager.jobManager.getJob(longJobUuid))
- .filter(longJob => !!longJob)
- );
- },
- (longJobs, next) => {
- longJobs.forEach(longJob => {
- if (longJob.onProgress)
- longJob.onProgress.on("progress", data => {
- this.publishProgress(
- {
- id: longJob.toString(),
- ...data
- },
- true
- );
- });
- });
- next(
- null,
- longJobs.map(longJob => ({
- id: longJob.toString(),
- name: longJob.longJobTitle,
- status: longJob.lastProgressData.status,
- message: longJob.lastProgressData.message
- }))
- );
- }
- ],
- async (err, longJobs) => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "GET_LONG_JOBS", `Couldn't get long jobs for user "${session.userId}". "${err}"`);
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "GET_LONG_JOBS", `Got long jobs for user "${session.userId}".`);
- return cb({
- status: "success",
- data: {
- longJobs
- }
- });
- }
- );
- }),
- /**
- * Gets a specific long job, including onprogress events when that long job has progress
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} jobId - the if id the long job
- * @param {Function} cb - gets called with the result
- */
- getLongJob: isLoginRequired(async function getLongJobs(session, jobId, cb) {
- async.waterfall(
- [
- next => {
- CacheModule.runJob(
- "LRANGE",
- {
- key: `longJobs.${session.userId}`
- },
- this
- )
- .then(longJobUuids => next(null, longJobUuids))
- .catch(next);
- },
- (longJobUuids, next) => {
- if (longJobUuids.indexOf(jobId) === -1) return next("Long job not found.");
- const longJob = moduleManager.jobManager.getJob(jobId);
- if (!longJob) return next("Long job not found.");
- return next(null, longJob);
- },
- (longJob, next) => {
- if (longJob.onProgress)
- longJob.onProgress.on("progress", data => {
- this.publishProgress(
- {
- id: longJob.toString(),
- ...data
- },
- true
- );
- });
- next(null, {
- id: longJob.toString(),
- name: longJob.longJobTitle,
- status: longJob.lastProgressData.status,
- message: longJob.lastProgressData.message
- });
- }
- ],
- async (err, longJob) => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "GET_LONG_JOB",
- `Couldn't get long job for user "${session.userId}" with id "${jobId}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "GET_LONG_JOB", `Got long job for user "${session.userId}" with id "${jobId}".`);
- return cb({
- status: "success",
- data: {
- longJob
- }
- });
- }
- );
- }),
- /**
- * Removes active long job for a user
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} jobId - array of playlist ids (with a specific order)
- * @param {Function} cb - gets called with the result
- */
- removeLongJob: isLoginRequired(async function removeLongJob(session, jobId, cb) {
- async.waterfall(
- [
- next => {
- CacheModule.runJob(
- "LREM",
- {
- key: `longJobs.${session.userId}`,
- value: jobId
- },
- this
- )
- .then(() => next())
- .catch(next);
- },
- next => {
- const job = moduleManager.jobManager.getJob(jobId);
- if (job && job.status === "FINISHED") job.forgetLongJob();
- next();
- }
- ],
- async err => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "REMOVE_LONG_JOB",
- `Couldn't remove long job for user "${session.userId}" with id ${jobId}. "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- this.log(
- "SUCCESS",
- "REMOVE_LONG_JOB",
- `Removed long job for user "${session.userId}" with id ${jobId}.`
- );
- CacheModule.runJob("PUB", {
- channel: "longJob.removed",
- value: { jobId, userId: session.userId }
- });
- return cb({
- status: "success",
- message: "Removed long job successfully."
- });
- }
- );
- }),
- /**
- * Gets a user from a userId
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} userId - the userId of the person we are trying to get the username from
- * @param {Function} cb - gets called with the result
- */
- getUserFromId: useHasPermission("users.get", async function getUserFromId(session, userId, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- userModel
- .findById(userId)
- .then(user => {
- if (user) {
- this.log("SUCCESS", "GET_USER_FROM_ID", `Found user for userId "${userId}".`);
- return cb({
- status: "success",
- data: {
- _id: user._id,
- username: user.username,
- role: user.role,
- liked: user.liked,
- disliked: user.disliked,
- songsRequested: user.statistics.songsRequested,
- email: {
- address: user.email.address,
- verified: user.email.verified
- },
- hasPassword: !!user.services.password,
- services: { github: user.services.github }
- }
- });
- }
- this.log(
- "ERROR",
- "GET_USER_FROM_ID",
- `Getting the user from userId "${userId}" failed. User not found.`
- );
- return cb({
- status: "error",
- message: "Couldn't find the user."
- });
- })
- .catch(async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "GET_USER_FROM_ID", `Getting the user from userId "${userId}" failed. "${err}"`);
- cb({ status: "error", message: err });
- }
- });
- }),
- /**
- * Gets user info from session
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Function} cb - gets called with the result
- */
- findBySession: isLoginRequired(async function findBySession(session, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- CacheModule.runJob(
- "HGET",
- {
- table: "sessions",
- key: session.sessionId
- },
- this
- )
- .then(session => next(null, session))
- .catch(next);
- },
- (session, next) => {
- if (!session) return next("Session not found.");
- return next(null, session);
- },
- (session, next) => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- return next(null, user);
- }
- ],
- async (err, user) => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "FIND_BY_SESSION", `User not found. "${err}"`);
- return cb({ status: "error", message: err });
- }
- const sanitisedUser = {
- email: {
- address: user.email.address
- },
- avatar: user.avatar,
- username: user.username,
- name: user.name,
- location: user.location,
- bio: user.bio
- };
- if (user.services.password && user.services.password.password) sanitisedUser.password = true;
- if (user.services.github && user.services.github.id) sanitisedUser.github = true;
- this.log("SUCCESS", "FIND_BY_SESSION", `User found. "${user.username}".`);
- return cb({
- status: "success",
- data: { user: sanitisedUser }
- });
- }
- );
- }),
- /**
- * Updates a user's username
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} updatingUserId - the updating user's id
- * @param {string} newUsername - the new username
- * @param {Function} cb - gets called with the result
- */
- updateUsername: isLoginRequired(async function updateUsername(session, updatingUserId, newUsername, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- if (updatingUserId === session.userId) return next();
- return hasPermission("users.update", session)
- .then(() => next())
- .catch(() => next("Invalid permissions."));
- },
- next => userModel.findOne({ _id: updatingUserId }, next),
- (user, next) => {
- if (!user) return next("User not found.");
- if (user.username === newUsername)
- return next("New username can't be the same as the old username.");
- return next(null);
- },
- next => {
- userModel.findOne({ username: new RegExp(`^${newUsername}$`, "i") }, next);
- },
- (user, next) => {
- if (!user) return next();
- if (user._id.toString() === updatingUserId) return next();
- return next("That username is already in use.");
- },
- next => {
- userModel.updateOne(
- { _id: updatingUserId },
- { $set: { username: newUsername } },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_USERNAME",
- `Couldn't update username for user "${updatingUserId}" to username "${newUsername}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- CacheModule.runJob("PUB", {
- channel: "user.updateUsername",
- value: {
- username: newUsername,
- _id: updatingUserId
- }
- });
- CacheModule.runJob("PUB", {
- channel: "user.updated",
- value: { userId: updatingUserId }
- });
- this.log(
- "SUCCESS",
- "UPDATE_USERNAME",
- `Updated username for user "${updatingUserId}" to username "${newUsername}".`
- );
- return cb({
- status: "success",
- message: "Username updated successfully"
- });
- }
- );
- }),
- /**
- * Updates a user's email
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} updatingUserId - the updating user's id
- * @param {string} newEmail - the new email
- * @param {Function} cb - gets called with the result
- */
- updateEmail: isLoginRequired(async function updateEmail(session, updatingUserId, newEmail, cb) {
- newEmail = newEmail.toLowerCase();
- const verificationToken = await UtilsModule.runJob("GENERATE_RANDOM_STRING", { length: 64 }, this);
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- const verifyEmailSchema = await MailModule.runJob("GET_SCHEMA", { schemaName: "verifyEmail" }, this);
- async.waterfall(
- [
- next => {
- if (updatingUserId === session.userId) return next();
- return hasPermission("users.update.restricted", session)
- .then(() => next())
- .catch(() => next("Invalid permissions."));
- },
- next => userModel.findOne({ _id: updatingUserId }, next),
- (user, next) => {
- if (!user) return next("User not found.");
- if (user.email.address === newEmail)
- return next("New email can't be the same as your the old email.");
- return next();
- },
- next => {
- userModel.findOne({ "email.address": newEmail }, next);
- },
- (user, next) => {
- if (!user) return next();
- if (user._id === updatingUserId) return next();
- return next("That email is already in use.");
- },
- // regenerate the url for gravatar avatar
- next => {
- UtilsModule.runJob("CREATE_GRAVATAR", { email: newEmail }, this).then(url => {
- next(null, url);
- });
- },
- (newAvatarUrl, next) => {
- userModel.updateOne(
- { _id: updatingUserId },
- {
- $set: {
- "avatar.url": newAvatarUrl,
- "email.address": newEmail,
- "email.verified": false,
- "email.verificationToken": verificationToken
- }
- },
- { runValidators: true },
- next
- );
- },
- (res, next) => {
- userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- verifyEmailSchema(newEmail, user.username, verificationToken, err => {
- next(err);
- });
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_EMAIL",
- `Couldn't update email for user "${updatingUserId}" to email "${newEmail}". '${err}'`
- );
- return cb({ status: "error", message: err });
- }
- this.log(
- "SUCCESS",
- "UPDATE_EMAIL",
- `Updated email for user "${updatingUserId}" to email "${newEmail}".`
- );
- CacheModule.runJob("PUB", {
- channel: "user.updated",
- value: { userId: updatingUserId }
- });
- return cb({
- status: "success",
- message: "Email updated successfully."
- });
- }
- );
- }),
- /**
- * Updates a user's name
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} updatingUserId - the updating user's id
- * @param {string} newBio - the new name
- * @param {Function} cb - gets called with the result
- */
- updateName: isLoginRequired(async function updateName(session, updatingUserId, newName, cb) {
- const userModel = await DBModule.runJob(
- "GET_MODEL",
- {
- modelName: "user"
- },
- this
- );
- async.waterfall(
- [
- next => {
- if (updatingUserId === session.userId) return next();
- return hasPermission("users.update", session)
- .then(() => next())
- .catch(() => next("Invalid permissions."));
- },
- next => userModel.findOne({ _id: updatingUserId }, next),
- (user, next) => {
- if (!user) return next("User not found.");
- return userModel.updateOne(
- { _id: updatingUserId },
- { $set: { name: newName } },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_NAME",
- `Couldn't update name for user "${updatingUserId}" to name "${newName}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- ActivitiesModule.runJob("ADD_ACTIVITY", {
- userId: updatingUserId,
- type: "user__edit_name",
- payload: { message: `Changed name to ${newName}` }
- });
- this.log("SUCCESS", "UPDATE_NAME", `Updated name for user "${updatingUserId}" to name "${newName}".`);
- CacheModule.runJob("PUB", {
- channel: "user.updated",
- value: { userId: updatingUserId }
- });
- return cb({
- status: "success",
- message: "Name updated successfully"
- });
- }
- );
- }),
- /**
- * Updates a user's location
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} updatingUserId - the updating user's id
- * @param {string} newLocation - the new location
- * @param {Function} cb - gets called with the result
- */
- updateLocation: isLoginRequired(async function updateLocation(session, updatingUserId, newLocation, cb) {
- const userModel = await DBModule.runJob(
- "GET_MODEL",
- {
- modelName: "user"
- },
- this
- );
- async.waterfall(
- [
- next => {
- if (updatingUserId === session.userId) return next();
- return hasPermission("users.update", session)
- .then(() => next())
- .catch(() => next("Invalid permissions."));
- },
- next => userModel.findOne({ _id: updatingUserId }, next),
- (user, next) => {
- if (!user) return next("User not found.");
- return userModel.updateOne(
- { _id: updatingUserId },
- { $set: { location: newLocation } },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_LOCATION",
- `Couldn't update location for user "${updatingUserId}" to location "${newLocation}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- ActivitiesModule.runJob("ADD_ACTIVITY", {
- userId: updatingUserId,
- type: "user__edit_location",
- payload: { message: `Changed location to ${newLocation}` }
- });
- this.log(
- "SUCCESS",
- "UPDATE_LOCATION",
- `Updated location for user "${updatingUserId}" to location "${newLocation}".`
- );
- CacheModule.runJob("PUB", {
- channel: "user.updated",
- value: { userId: updatingUserId }
- });
- return cb({
- status: "success",
- message: "Location updated successfully"
- });
- }
- );
- }),
- /**
- * Updates a user's bio
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} updatingUserId - the updating user's id
- * @param {string} newBio - the new bio
- * @param {Function} cb - gets called with the result
- */
- updateBio: isLoginRequired(async function updateBio(session, updatingUserId, newBio, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- if (updatingUserId === session.userId) return next();
- return hasPermission("users.update", session)
- .then(() => next())
- .catch(() => next("Invalid permissions."));
- },
- next => userModel.findOne({ _id: updatingUserId }, next),
- (user, next) => {
- if (!user) return next("User not found.");
- return userModel.updateOne(
- { _id: updatingUserId },
- { $set: { bio: newBio } },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_BIO",
- `Couldn't update bio for user "${updatingUserId}" to bio "${newBio}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- ActivitiesModule.runJob("ADD_ACTIVITY", {
- userId: updatingUserId,
- type: "user__edit_bio",
- payload: { message: `Changed bio to ${newBio}` }
- });
- this.log("SUCCESS", "UPDATE_BIO", `Updated bio for user "${updatingUserId}" to bio "${newBio}".`);
- CacheModule.runJob("PUB", {
- channel: "user.updated",
- value: { userId: updatingUserId }
- });
- return cb({
- status: "success",
- message: "Bio updated successfully"
- });
- }
- );
- }),
- /**
- * Updates a user's avatar
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} updatingUserId - the updating user's id
- * @param {string} newAvatar - the new avatar object
- * @param {Function} cb - gets called with the result
- */
- updateAvatar: isLoginRequired(async function updateAvatarType(session, updatingUserId, newAvatar, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- if (updatingUserId === session.userId) return next();
- return hasPermission("users.update", session)
- .then(() => next())
- .catch(() => next("Invalid permissions."));
- },
- next => userModel.findOne({ _id: updatingUserId }, next),
- (user, next) => {
- if (!user) return next("User not found.");
- return userModel.findOneAndUpdate(
- { _id: updatingUserId },
- { $set: { "avatar.type": newAvatar.type, "avatar.color": newAvatar.color } },
- { new: true, runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_AVATAR",
- `Couldn't update avatar for user "${updatingUserId}" to type "${newAvatar.type}" and color "${newAvatar.color}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- ActivitiesModule.runJob("ADD_ACTIVITY", {
- userId: updatingUserId,
- type: "user__edit_avatar",
- payload: { message: `Changed avatar to use ${newAvatar.type} and ${newAvatar.color}` }
- });
- this.log(
- "SUCCESS",
- "UPDATE_AVATAR",
- `Updated avatar for user "${updatingUserId}" to type "${newAvatar.type} and color ${newAvatar.color}".`
- );
- CacheModule.runJob("PUB", {
- channel: "user.updated",
- value: { userId: updatingUserId }
- });
- return cb({
- status: "success",
- message: "Avatar updated successfully"
- });
- }
- );
- }),
- /**
- * Updates a user's role
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} updatingUserId - the updating user's id
- * @param {string} newRole - the new role
- * @param {Function} cb - gets called with the result
- */
- updateRole: useHasPermission(
- "users.update.restricted",
- async function updateRole(session, updatingUserId, newRole, cb) {
- newRole = newRole.toLowerCase();
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- if (user.role === newRole) return next("New role can't be the same as the old role.");
- return next(null, user);
- },
- (user, next) => {
- userModel.updateOne(
- { _id: updatingUserId },
- { $set: { role: newRole } },
- { runValidators: true },
- err => next(err, user)
- );
- }
- ],
- async (err, user) => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_ROLE",
- `User "${session.userId}" couldn't update role for user "${updatingUserId}" to role "${newRole}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- this.log(
- "SUCCESS",
- "UPDATE_ROLE",
- `User "${session.userId}" updated the role of user "${updatingUserId}" to role "${newRole}".`
- );
- CacheModule.runJob("PUB", {
- channel: "user.updated",
- value: { userId: updatingUserId }
- });
- CacheModule.runJob("PUB", {
- channel: "user.updateRole",
- value: { user }
- });
- return cb({
- status: "success",
- message: "Role successfully updated."
- });
- }
- );
- }
- ),
- /**
- * Updates a user's password
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} previousPassword - the previous password
- * @param {string} newPassword - the new password
- * @param {Function} cb - gets called with the result
- */
- updatePassword: isLoginRequired(async function updatePassword(session, previousPassword, newPassword, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user.services.password) return next("This account does not have a password set.");
- return next(null, user.services.password.password);
- },
- (storedPassword, next) => {
- bcrypt.compare(sha256(previousPassword), storedPassword).then(res => {
- if (res) return next();
- return next("Please enter the correct previous password.");
- });
- },
- next => {
- if (!DBModule.passwordValid(newPassword))
- return next("Invalid new password. Check if it meets all the requirements.");
- return next();
- },
- next => {
- bcrypt.genSalt(10, next);
- },
- // hash the password
- (salt, next) => {
- bcrypt.hash(sha256(newPassword), salt, next);
- },
- (hashedPassword, next) => {
- userModel.updateOne(
- { _id: session.userId },
- {
- $set: {
- "services.password.password": hashedPassword
- }
- },
- next
- );
- }
- ],
- async err => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_PASSWORD",
- `Failed updating user password of user '${session.userId}'. '${err}'.`
- );
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "UPDATE_PASSWORD", `User '${session.userId}' updated their password.`);
- return cb({
- status: "success",
- message: "Password successfully updated."
- });
- }
- );
- }),
- /**
- * Requests a password for a session
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} email - the email of the user that requests a password reset
- * @param {Function} cb - gets called with the result
- */
- requestPassword: isLoginRequired(async function requestPassword(session, cb) {
- const code = await UtilsModule.runJob("GENERATE_RANDOM_STRING", { length: 8 }, this);
- const passwordRequestSchema = await MailModule.runJob(
- "GET_SCHEMA",
- {
- schemaName: "passwordRequest"
- },
- this
- );
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- if (user.services.password && user.services.password.password)
- return next("You already have a password set.");
- return next(null, user);
- },
- (user, next) => {
- const expires = new Date();
- expires.setDate(expires.getDate() + 1);
- userModel.findOneAndUpdate(
- { "email.address": user.email.address },
- {
- $set: {
- "services.password": {
- set: { code, expires }
- }
- }
- },
- { runValidators: true },
- next
- );
- },
- (user, next) => {
- passwordRequestSchema(user.email.address, user.username, code, next);
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "REQUEST_PASSWORD",
- `UserId '${session.userId}' failed to request password. '${err}'`
- );
- return cb({ status: "error", message: err });
- }
- this.log(
- "SUCCESS",
- "REQUEST_PASSWORD",
- `UserId '${session.userId}' successfully requested a password.`
- );
- return cb({
- status: "success",
- message: "Successfully requested password."
- });
- }
- );
- }),
- /**
- * Verifies a password code
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} code - the password code
- * @param {Function} cb - gets called with the result
- */
- verifyPasswordCode: isLoginRequired(async function verifyPasswordCode(session, code, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- if (!code || typeof code !== "string") return next("Invalid code.");
- return userModel.findOne(
- {
- "services.password.set.code": code,
- _id: session.userId
- },
- next
- );
- },
- (user, next) => {
- if (!user) return next("Invalid code.");
- if (user.services.password.set.expires < new Date()) return next("That code has expired.");
- return next(null);
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "VERIFY_PASSWORD_CODE", `Code '${code}' failed to verify. '${err}'`);
- cb({ status: "error", message: err });
- } else {
- this.log("SUCCESS", "VERIFY_PASSWORD_CODE", `Code '${code}' successfully verified.`);
- cb({
- status: "success",
- message: "Successfully verified password code."
- });
- }
- }
- );
- }),
- /**
- * Adds a password to a user with a code
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} code - the password code
- * @param {string} newPassword - the new password code
- * @param {Function} cb - gets called with the result
- */
- changePasswordWithCode: isLoginRequired(async function changePasswordWithCode(session, code, newPassword, cb) {
- const userModel = await DBModule.runJob(
- "GET_MODEL",
- {
- modelName: "user"
- },
- this
- );
- async.waterfall(
- [
- next => {
- if (!code || typeof code !== "string") return next("Invalid code.");
- return userModel.findOne({ "services.password.set.code": code }, next);
- },
- (user, next) => {
- if (!user) return next("Invalid code.");
- if (!user.services.password.set.expires > new Date()) return next("That code has expired.");
- return next();
- },
- next => {
- if (!DBModule.passwordValid(newPassword))
- return next("Invalid password. Check if it meets all the requirements.");
- return next();
- },
- next => {
- bcrypt.genSalt(10, next);
- },
- // hash the password
- (salt, next) => {
- bcrypt.hash(sha256(newPassword), salt, next);
- },
- (hashedPassword, next) => {
- userModel.updateOne(
- { "services.password.set.code": code },
- {
- $set: {
- "services.password.password": hashedPassword
- },
- $unset: { "services.password.set": "" }
- },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "ADD_PASSWORD_WITH_CODE", `Code '${code}' failed to add password. '${err}'`);
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "ADD_PASSWORD_WITH_CODE", `Code '${code}' successfully added password.`);
- CacheModule.runJob("PUB", {
- channel: "user.linkPassword",
- value: session.userId
- });
- CacheModule.runJob("PUB", {
- channel: "user.updated",
- value: { userId: session.userId }
- });
- return cb({
- status: "success",
- message: "Successfully added password."
- });
- }
- );
- }),
- /**
- * Unlinks password from user
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Function} cb - gets called with the result
- */
- unlinkPassword: isLoginRequired(async function unlinkPassword(session, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user) return next("Not logged in.");
- if (!config.get("apis.github.enabled")) return next("Unlinking password is disabled.");
- if (!user.services.github || !user.services.github.id)
- return next("You can't remove password login without having GitHub login.");
- return userModel.updateOne({ _id: session.userId }, { $unset: { "services.password": "" } }, next);
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UNLINK_PASSWORD",
- `Unlinking password failed for userId '${session.userId}'. '${err}'`
- );
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "UNLINK_PASSWORD", `Unlinking password successful for userId '${session.userId}'.`);
- CacheModule.runJob("PUB", {
- channel: "user.unlinkPassword",
- value: session.userId
- });
- CacheModule.runJob("PUB", {
- channel: "user.updated",
- value: { userId: session.userId }
- });
- return cb({
- status: "success",
- message: "Successfully unlinked password."
- });
- }
- );
- }),
- /**
- * Unlinks GitHub from user
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Function} cb - gets called with the result
- */
- unlinkGitHub: isLoginRequired(async function unlinkGitHub(session, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user) return next("Not logged in.");
- if (!user.services.password || !user.services.password.password)
- return next("You can't remove GitHub login without having password login.");
- return userModel.updateOne({ _id: session.userId }, { $unset: { "services.github": "" } }, next);
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UNLINK_GITHUB",
- `Unlinking GitHub failed for userId '${session.userId}'. '${err}'`
- );
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "UNLINK_GITHUB", `Unlinking GitHub successful for userId '${session.userId}'.`);
- CacheModule.runJob("PUB", {
- channel: "user.unlinkGithub",
- value: session.userId
- });
- CacheModule.runJob("PUB", {
- channel: "user.updated",
- value: { userId: session.userId }
- });
- return cb({
- status: "success",
- message: "Successfully unlinked GitHub."
- });
- }
- );
- }),
- /**
- * Requests a password reset for an email
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} email - the email of the user that requests a password reset
- * @param {Function} cb - gets called with the result
- */
- async requestPasswordReset(session, email, cb) {
- const code = await UtilsModule.runJob("GENERATE_RANDOM_STRING", { length: 8 }, this);
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- const resetPasswordRequestSchema = await MailModule.runJob(
- "GET_SCHEMA",
- { schemaName: "resetPasswordRequest" },
- this
- );
- async.waterfall(
- [
- next => {
- if (!config.get("mail.enabled")) return next("Password resets are disabled.");
- if (!email || typeof email !== "string") return next("Invalid email.");
- email = email.toLowerCase();
- return userModel.findOne({ "email.address": email }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- if (!user.services.password || !user.services.password.password)
- return next("User does not have a password set, and probably uses GitHub to log in.");
- return next(null, user);
- },
- (user, next) => {
- const expires = new Date();
- expires.setDate(expires.getDate() + 1);
- userModel.findOneAndUpdate(
- { "email.address": email },
- {
- $set: {
- "services.password.reset": {
- code,
- expires
- }
- }
- },
- { runValidators: true },
- next
- );
- },
- (user, next) => {
- resetPasswordRequestSchema(user.email.address, user.username, code, next);
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "REQUEST_PASSWORD_RESET",
- `Email '${email}' failed to request password reset. '${err}'`
- );
- return cb({ status: "error", message: err });
- }
- this.log(
- "SUCCESS",
- "REQUEST_PASSWORD_RESET",
- `Email '${email}' successfully requested a password reset.`
- );
- return cb({
- status: "success",
- message: "Successfully requested password reset."
- });
- }
- );
- },
- /**
- * Requests a password reset for a a user as an admin
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} email - the email of the user for which the password reset is intended
- * @param {Function} cb - gets called with the result
- */
- adminRequestPasswordReset: useHasPermission(
- "users.requestPasswordReset",
- async function adminRequestPasswordReset(session, userId, cb) {
- const code = await UtilsModule.runJob("GENERATE_RANDOM_STRING", { length: 8 }, this);
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- const resetPasswordRequestSchema = await MailModule.runJob(
- "GET_SCHEMA",
- { schemaName: "resetPasswordRequest" },
- this
- );
- async.waterfall(
- [
- next => userModel.findOne({ _id: userId }, next),
- (user, next) => {
- if (!user) return next("User not found.");
- if (!user.services.password || !user.services.password.password)
- return next("User does not have a password set, and probably uses GitHub to log in.");
- return next();
- },
- next => {
- const expires = new Date();
- expires.setDate(expires.getDate() + 1);
- userModel.findOneAndUpdate(
- { _id: userId },
- {
- $set: {
- "services.password.reset": {
- code,
- expires
- }
- }
- },
- { runValidators: true },
- next
- );
- },
- (user, next) => {
- resetPasswordRequestSchema(user.email.address, user.username, code, next);
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "ADMINREQUEST_PASSWORD_RESET",
- `User '${userId}' failed to get a password reset. '${err}'`
- );
- return cb({ status: "error", message: err });
- }
- this.log(
- "SUCCESS",
- "ADMIN_REQUEST_PASSWORD_RESET",
- `User '${userId}' successfully got sent a password reset.`
- );
- return cb({
- status: "success",
- message: "Successfully requested password reset for user."
- });
- }
- );
- }
- ),
- /**
- * Verifies a reset code
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} code - the password reset code
- * @param {Function} cb - gets called with the result
- */
- async verifyPasswordResetCode(session, code, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- if (!code || typeof code !== "string") return next("Invalid code.");
- return userModel.findOne({ "services.password.reset.code": code }, next);
- },
- (user, next) => {
- if (!user) return next("Invalid code.");
- if (!user.services.password.reset.expires > new Date()) return next("That code has expired.");
- return next(null);
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "VERIFY_PASSWORD_RESET_CODE", `Code '${code}' failed to verify. '${err}'`);
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "VERIFY_PASSWORD_RESET_CODE", `Code '${code}' successfully verified.`);
- return cb({
- status: "success",
- message: "Successfully verified password reset code."
- });
- }
- );
- },
- /**
- * Changes a user's password with a reset code
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} code - the password reset code
- * @param {string} newPassword - the new password reset code
- * @param {Function} cb - gets called with the result
- */
- async changePasswordWithResetCode(session, code, newPassword, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- if (!code || typeof code !== "string") return next("Invalid code.");
- return userModel.findOne({ "services.password.reset.code": code }, next);
- },
- (user, next) => {
- if (!user) return next("Invalid code.");
- if (!user.services.password.reset.expires > new Date()) return next("That code has expired.");
- return next();
- },
- next => {
- if (!DBModule.passwordValid(newPassword))
- return next("Invalid password. Check if it meets all the requirements.");
- return next();
- },
- next => {
- bcrypt.genSalt(10, next);
- },
- // hash the password
- (salt, next) => {
- bcrypt.hash(sha256(newPassword), salt, next);
- },
- (hashedPassword, next) => {
- userModel.updateOne(
- { "services.password.reset.code": code },
- {
- $set: {
- "services.password.password": hashedPassword
- },
- $unset: { "services.password.reset": "" }
- },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "CHANGE_PASSWORD_WITH_RESET_CODE",
- `Code '${code}' failed to change password. '${err}'`
- );
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "CHANGE_PASSWORD_WITH_RESET_CODE", `Code '${code}' successfully changed password.`);
- return cb({
- status: "success",
- message: "Successfully changed password."
- });
- }
- );
- },
- /**
- * Resends the verify email email
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} userId - the user id of the person to resend the email to
- * @param {Function} cb - gets called with the result
- */
- resendVerifyEmail: useHasPermission(
- "users.resendVerifyEmail",
- async function resendVerifyEmail(session, userId, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- const verifyEmailSchema = await MailModule.runJob("GET_SCHEMA", { schemaName: "verifyEmail" }, this);
- async.waterfall(
- [
- next => userModel.findOne({ _id: userId }, next),
- (user, next) => {
- if (!user) return next("User not found.");
- if (user.email.verified) return next("The user's email is already verified.");
- return next(null, user);
- },
- (user, next) => {
- verifyEmailSchema(user.email.address, user.username, user.email.verificationToken, err => {
- next(err);
- });
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "RESEND_VERIFY_EMAIL",
- `Couldn't resend verify email for user "${userId}". '${err}'`
- );
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "RESEND_VERIFY_EMAIL", `Resent verify email for user "${userId}".`);
- return cb({
- status: "success",
- message: "Email resent successfully."
- });
- }
- );
- }
- ),
- /**
- * Bans a user by userId
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} value - the user id that is going to be banned
- * @param {string} reason - the reason for the ban
- * @param {string} expiresAt - the time the ban expires
- * @param {Function} cb - gets called with the result
- */
- banUserById: useHasPermission("users.ban", function banUserById(session, userId, reason, expiresAt, cb) {
- async.waterfall(
- [
- next => {
- if (!userId) return next("You must provide a userId to ban.");
- if (!reason) return next("You must provide a reason for the ban.");
- return next();
- },
- next => {
- if (!expiresAt || typeof expiresAt !== "string") return next("Invalid expire date.");
- const date = new Date();
- switch (expiresAt) {
- case "1h":
- expiresAt = date.setHours(date.getHours() + 1);
- break;
- case "12h":
- expiresAt = date.setHours(date.getHours() + 12);
- break;
- case "1d":
- expiresAt = date.setDate(date.getDate() + 1);
- break;
- case "1w":
- expiresAt = date.setDate(date.getDate() + 7);
- break;
- case "1m":
- expiresAt = date.setMonth(date.getMonth() + 1);
- break;
- case "3m":
- expiresAt = date.setMonth(date.getMonth() + 3);
- break;
- case "6m":
- expiresAt = date.setMonth(date.getMonth() + 6);
- break;
- case "1y":
- expiresAt = date.setFullYear(date.getFullYear() + 1);
- break;
- case "never":
- expiresAt = new Date(3093527980800000);
- break;
- default:
- return next("Invalid expire date.");
- }
- return next();
- },
- next => {
- PunishmentsModule.runJob(
- "ADD_PUNISHMENT",
- {
- type: "banUserId",
- value: userId,
- reason,
- expiresAt,
- punishedBy: session.userId
- },
- this
- )
- .then(punishment => next(null, punishment))
- .catch(next);
- },
- (punishment, next) => {
- CacheModule.runJob("PUB", {
- channel: "user.ban",
- value: { userId, punishment }
- });
- next();
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "BAN_USER_BY_ID",
- `User ${session.userId} failed to ban user ${userId} with the reason ${reason}. '${err}'`
- );
- return cb({ status: "error", message: err });
- }
- this.log(
- "SUCCESS",
- "BAN_USER_BY_ID",
- `User ${session.userId} has successfully banned user ${userId} with the reason ${reason}.`
- );
- return cb({
- status: "success",
- message: "Successfully banned user."
- });
- }
- );
- }),
- /**
- * Search for a user by username or name
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} query - the query
- * @param {string} page - page
- * @param {Function} cb - gets called with the result
- */
- search: isLoginRequired(async function search(session, query, page, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- if ((!query && query !== "") || typeof query !== "string") next("Invalid query.");
- else next();
- },
- next => {
- const findQuery = {
- $or: [{ name: new RegExp(`${query}`, "i"), username: new RegExp(`${query}`, "i") }]
- };
- const pageSize = 15;
- const skipAmount = pageSize * (page - 1);
- userModel.find(findQuery).count((err, count) => {
- if (err) next(err);
- else {
- userModel
- .find(findQuery, { _id: true, name: true, username: true, avatar: true })
- .skip(skipAmount)
- .limit(pageSize)
- .exec((err, users) => {
- if (err) next(err);
- else {
- next(null, {
- users,
- page,
- pageSize,
- skipAmount,
- count
- });
- }
- });
- }
- });
- }
- ],
- async (err, data) => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "USERS_SEARCH", `Searching users failed. "${err}"`);
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "USERS_SEARCH", "Searching users successful.");
- return cb({ status: "success", data });
- }
- );
- })
- };
|