1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890 |
- import config from "config";
- import async from "async";
- import axios from "axios";
- import bcrypt from "bcrypt";
- import sha256 from "sha256";
- import { isAdminRequired, isLoginRequired } from "./hooks";
- import moduleManager from "../../index";
- const DBModule = moduleManager.modules.db;
- const UtilsModule = moduleManager.modules.utils;
- const WSModule = moduleManager.modules.ws;
- const CacheModule = moduleManager.modules.cache;
- const MailModule = moduleManager.modules.mail;
- const PunishmentsModule = moduleManager.modules.punishments;
- const SongsModule = moduleManager.modules.songs;
- const ActivitiesModule = moduleManager.modules.activities;
- const PlaylistsModule = moduleManager.modules.playlists;
- CacheModule.runJob("SUB", {
- channel: "user.updatePreferences",
- cb: res => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId: res.userId }, this).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("keep.event:user.preferences.updated", { data: { preferences: res.preferences } });
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.updateOrderOfFavoriteStations",
- cb: res => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId: res.userId }, this).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.orderOfFavoriteStations.updated", {
- data: { order: res.favoriteStations }
- });
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.updateOrderOfPlaylists",
- cb: res => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId: res.userId }, this).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.orderOfPlaylists.updated", { data: { order: res.orderOfPlaylists } });
- });
- });
- WSModule.runJob("EMIT_TO_ROOM", {
- room: `profile.${res.userId}.playlists`,
- args: ["event:user.orderOfPlaylists.updated", { data: { order: res.orderOfPlaylists } }]
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.updateUsername",
- cb: user => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId: user._id }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.username.updated", { data: { username: user.username } });
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.removeSessions",
- cb: userId => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId }).then(sockets =>
- sockets.forEach(socket => socket.dispatch("keep.event:user.session.deleted"))
- );
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.linkPassword",
- cb: userId => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.password.linked");
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.unlinkPassword",
- cb: userId => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.password.unlinked");
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.linkGithub",
- cb: userId => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.github.linked");
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.unlinkGithub",
- cb: userId => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.github.unlinked");
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.ban",
- cb: data => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId: data.userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("keep.event:user.banned", { data: { ban: data.punishment } });
- socket.disconnect(true);
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.favoritedStation",
- cb: data => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId: data.userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.station.favorited", { data: { stationId: data.stationId } });
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.unfavoritedStation",
- cb: data => {
- WSModule.runJob("SOCKETS_FROM_USER", { userId: data.userId }).then(sockets => {
- sockets.forEach(socket => {
- socket.dispatch("event:user.station.unfavorited", { data: { stationId: data.stationId } });
- });
- });
- }
- });
- CacheModule.runJob("SUB", {
- channel: "user.removeAccount",
- cb: userId => {
- WSModule.runJob("EMIT_TO_ROOMS", {
- rooms: ["admin.users", `edit-user.${userId}`],
- args: ["event:user.removed", { data: { userId } }]
- });
- }
- });
- export default {
- /**
- * Lists all Users
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Function} cb - gets called with the result
- */
- index: isAdminRequired(async function index(session, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.find({}).exec(next);
- }
- ],
- async (err, users) => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "USER_INDEX", `Indexing users failed. "${err}"`);
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "USER_INDEX", `Indexing users successful.`);
- const filteredUsers = [];
- users.forEach(user => {
- filteredUsers.push({
- _id: user._id,
- name: user.name,
- username: user.username,
- role: user.role,
- liked: user.liked,
- disliked: user.disliked,
- songsRequested: user.statistics.songsRequested,
- email: {
- address: user.email.address,
- verified: user.email.verified
- },
- avatar: {
- type: user.avatar.type,
- url: user.avatar.url,
- color: user.avatar.color
- },
- hasPassword: !!user.services.password,
- services: { github: user.services.github }
- });
- });
- return cb({ status: "success", data: { users: filteredUsers } });
- }
- );
- }),
- /**
- * Removes all data held on a user, including their ability to login
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Function} cb - gets called with the result
- */
- remove: isLoginRequired(async function remove(session, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- const dataRequestModel = await DBModule.runJob("GET_MODEL", { modelName: "dataRequest" }, this);
- const stationModel = await DBModule.runJob("GET_MODEL", { modelName: "station" }, this);
- const playlistModel = await DBModule.runJob("GET_MODEL", { modelName: "playlist" }, this);
- const activityModel = await DBModule.runJob("GET_MODEL", { modelName: "activity" }, this);
- const dataRequestEmail = await MailModule.runJob("GET_SCHEMA", { schemaName: "dataRequest" }, this);
- const songsToAdjustRatings = [];
- async.waterfall(
- [
- // activities related to the user
- next => {
- activityModel.deleteMany({ userId: session.userId }, next);
- },
- // user's stations
- (res, next) => {
- stationModel.find({ owner: session.userId }, (err, stations) => {
- if (err) return next(err);
- return async.each(
- stations,
- (station, callback) => {
- // delete the station
- stationModel.deleteOne({ _id: station._id }, err => {
- if (err) return callback(err);
- CacheModule.runJob("HDEL", { table: "stations", key: station._id });
- // if applicable, delete the corresponding playlist for the station
- if (station.playlist)
- return PlaylistsModule.runJob("DELETE_PLAYLIST", {
- playlistId: station.playlist
- })
- .then(() => callback())
- .catch(callback);
- return callback();
- });
- },
- err => next(err)
- );
- });
- },
- next => {
- playlistModel.findOne({ createdBy: session.userId, type: "user-liked" }, next);
- },
- // get all liked songs (as the global rating values for these songs will need adjusted)
- (playlist, next) => {
- if (!playlist) return next();
- playlist.songs.forEach(song =>
- songsToAdjustRatings.push({ songId: song._id, youtubeId: song.youtubeId })
- );
- return next();
- },
- next => {
- playlistModel.findOne({ createdBy: session.userId, type: "user-disliked" }, next);
- },
- // get all disliked songs (as the global rating values for these songs will need adjusted)
- (playlist, next) => {
- if (!playlist) return next();
- playlist.songs.forEach(song =>
- songsToAdjustRatings.push({ songId: song._id, youtubeId: song.youtubeId })
- );
- return next();
- },
- // user's playlists
- next => {
- playlistModel.deleteMany({ createdBy: session.userId }, next);
- },
- (res, next) => {
- async.each(
- songsToAdjustRatings,
- (song, next) => {
- const { songId, youtubeId } = song;
- SongsModule.runJob("RECALCULATE_SONG_RATINGS", { songId, youtubeId })
- .then(() => next())
- .catch(next);
- },
- err => next(err)
- );
- },
- // user object
- next => {
- userModel.deleteMany({ _id: session.userId }, next);
- },
- // request data removal for user
- (res, next) => {
- dataRequestModel.create({ userId: session.userId, type: "remove" }, next);
- },
- (request, next) => {
- WSModule.runJob("EMIT_TO_ROOM", {
- room: "admin.users",
- args: ["event:admin.dataRequests.created", { data: { request } }]
- });
- return next();
- },
- next => userModel.find({ role: "admin" }, next),
- // send email to all admins of a data removal request
- (users, next) => {
- if (!config.get("sendDataRequestEmails")) return next();
- if (users.length === 0) return next();
- const to = [];
- users.forEach(user => to.push(user.email.address));
- return dataRequestEmail(to, session.userId, "remove", err => next(err));
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "USER_REMOVE",
- `Removing data and account for user "${session.userId}" failed. "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- this.log(
- "SUCCESS",
- "USER_REMOVE",
- `Successfully removed data and account for user "${session.userId}"`
- );
- CacheModule.runJob("PUB", {
- channel: "user.removeAccount",
- value: session.userId
- });
- return cb({
- status: "success",
- message: "Successfully removed data and account."
- });
- }
- );
- }),
- /**
- * Removes all data held on a user, including their ability to login, by userId
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} userId - the user id that is going to be banned
- * @param {Function} cb - gets called with the result
- */
- adminRemove: isAdminRequired(async function adminRemove(session, userId, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- const dataRequestModel = await DBModule.runJob("GET_MODEL", { modelName: "dataRequest" }, this);
- const stationModel = await DBModule.runJob("GET_MODEL", { modelName: "station" }, this);
- const playlistModel = await DBModule.runJob("GET_MODEL", { modelName: "playlist" }, this);
- const activityModel = await DBModule.runJob("GET_MODEL", { modelName: "activity" }, this);
- const dataRequestEmail = await MailModule.runJob("GET_SCHEMA", { schemaName: "dataRequest" }, this);
- const songsToAdjustRatings = [];
- async.waterfall(
- [
- next => {
- if (!userId) return next("You must provide a userId to remove.");
- return next();
- },
- // activities related to the user
- next => {
- activityModel.deleteMany({ userId }, next);
- },
- // user's stations
- (res, next) => {
- stationModel.find({ owner: userId }, (err, stations) => {
- if (err) return next(err);
- return async.each(
- stations,
- (station, callback) => {
- // delete the station
- stationModel.deleteOne({ _id: station._id }, err => {
- if (err) return callback(err);
- // if applicable, delete the corresponding playlist for the station
- if (station.playlist)
- return PlaylistsModule.runJob("DELETE_PLAYLIST", {
- playlistId: station.playlist
- })
- .then(() => callback())
- .catch(callback);
- return callback();
- });
- },
- err => next(err)
- );
- });
- },
- next => {
- playlistModel.findOne({ createdBy: userId, type: "user-liked" }, next);
- },
- // get all liked songs (as the global rating values for these songs will need adjusted)
- (playlist, next) => {
- if (!playlist) return next();
- playlist.songs.forEach(song =>
- songsToAdjustRatings.push({ songId: song._id, youtubeId: song.youtubeId })
- );
- return next();
- },
- next => {
- playlistModel.findOne({ createdBy: userId, type: "user-disliked" }, next);
- },
- // get all disliked songs (as the global rating values for these songs will need adjusted)
- (playlist, next) => {
- if (!playlist) return next();
- playlist.songs.forEach(song =>
- songsToAdjustRatings.push({ songId: song._id, youtubeId: song.youtubeId })
- );
- return next();
- },
- // user's playlists
- next => {
- playlistModel.deleteMany({ createdBy: userId }, next);
- },
- (res, next) => {
- async.each(
- songsToAdjustRatings,
- (song, next) => {
- const { songId, youtubeId } = song;
- SongsModule.runJob("RECALCULATE_SONG_RATINGS", { songId, youtubeId })
- .then(() => next())
- .catch(next);
- },
- err => next(err)
- );
- },
- // user object
- next => {
- userModel.deleteMany({ _id: userId }, next);
- },
- // request data removal for user
- (res, next) => {
- dataRequestModel.create({ userId, type: "remove" }, next);
- },
- (request, next) => {
- WSModule.runJob("EMIT_TO_ROOM", {
- room: "admin.users",
- args: ["event:admin.dataRequests.created", { data: { request } }]
- });
- return next();
- },
- next => userModel.find({ role: "admin" }, next),
- // send email to all admins of a data removal request
- (users, next) => {
- if (!config.get("sendDataRequestEmails")) return next();
- if (users.length === 0) return next();
- const to = [];
- users.forEach(user => to.push(user.email.address));
- return dataRequestEmail(to, userId, "remove", err => next(err));
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "USER_ADMIN_REMOVE",
- `Removing data and account for user "${userId}" failed. "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "USER_ADMIN_REMOVE", `Successfully removed data and account for user "${userId}"`);
- CacheModule.runJob("PUB", {
- channel: "user.removeAccount",
- value: userId
- });
- return cb({
- status: "success",
- message: "Successfully removed data and account."
- });
- }
- );
- }),
- /**
- * Logs user in
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} identifier - the email of the user
- * @param {string} password - the plaintext of the user
- * @param {Function} cb - gets called with the result
- */
- async login(session, identifier, password, cb) {
- identifier = identifier.toLowerCase();
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- const sessionSchema = await CacheModule.runJob("GET_SCHEMA", { schemaName: "session" }, this);
- async.waterfall(
- [
- // check if a user with the requested identifier exists
- next => {
- userModel.findOne(
- {
- $or: [{ "email.address": identifier }]
- },
- next
- );
- },
- // if the user doesn't exist, respond with a failure
- // otherwise compare the requested password and the actual users password
- (user, next) => {
- if (!user) return next("User not found");
- if (!user.services.password || !user.services.password.password)
- return next("The account you are trying to access uses GitHub to log in.");
- return bcrypt.compare(sha256(password), user.services.password.password, (err, match) => {
- if (err) return next(err);
- if (!match) return next("Incorrect password");
- return next(null, user);
- });
- },
- (user, next) => {
- UtilsModule.runJob("GUID", {}, this).then(sessionId => {
- next(null, user, sessionId);
- });
- },
- (user, sessionId, next) => {
- CacheModule.runJob(
- "HSET",
- {
- table: "sessions",
- key: sessionId,
- value: sessionSchema(sessionId, user._id)
- },
- this
- )
- .then(() => next(null, sessionId))
- .catch(next);
- }
- ],
- async (err, sessionId) => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "USER_PASSWORD_LOGIN",
- `Login failed with password for user "${identifier}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "USER_PASSWORD_LOGIN", `Login successful with password for user "${identifier}"`);
- return cb({
- status: "success",
- message: "Login successful",
- data: { SID: sessionId }
- });
- }
- );
- },
- /**
- * Registers a new user
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} username - the username for the new user
- * @param {string} email - the email for the new user
- * @param {string} password - the plaintext password for the new user
- * @param {object} recaptcha - the recaptcha data
- * @param {Function} cb - gets called with the result
- */
- async register(session, username, email, password, recaptcha, cb) {
- email = email.toLowerCase();
- const verificationToken = await UtilsModule.runJob("GENERATE_RANDOM_STRING", { length: 64 }, this);
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- const verifyEmailSchema = await MailModule.runJob("GET_SCHEMA", { schemaName: "verifyEmail" }, this);
- async.waterfall(
- [
- next => {
- if (config.get("registrationDisabled") === true)
- return next("Registration is not allowed at this time.");
- return next();
- },
- next => {
- if (!DBModule.passwordValid(password))
- return next("Invalid password. Check if it meets all the requirements.");
- return next();
- },
- // verify the request with google recaptcha
- next => {
- if (config.get("apis.recaptcha.enabled") === true)
- axios
- .post("https://www.google.com/recaptcha/api/siteverify", {
- data: {
- secret: config.get("apis").recaptcha.secret,
- response: recaptcha
- }
- })
- .then(res => next(null, res.data))
- .catch(err => next(err));
- else next(null, null);
- },
- // check if the response from Google recaptcha is successful
- // if it is, we check if a user with the requested username already exists
- (body, next) => {
- if (config.get("apis.recaptcha.enabled") === true)
- if (body.success !== true) return next("Response from recaptcha was not successful.");
- return userModel.findOne({ username: new RegExp(`^${username}$`, "i") }, next);
- },
- // if the user already exists, respond with that
- // otherwise check if a user with the requested email already exists
- (user, next) => {
- if (user) return next("A user with that username already exists.");
- return userModel.findOne({ "email.address": email }, next);
- },
- // if the user already exists, respond with that
- // otherwise, generate a salt to use with hashing the new users password
- (user, next) => {
- if (user) return next("A user with that email already exists.");
- return bcrypt.genSalt(10, next);
- },
- // hash the password
- (salt, next) => {
- bcrypt.hash(sha256(password), salt, next);
- },
- (hash, next) => {
- UtilsModule.runJob("GENERATE_RANDOM_STRING", { length: 12 }, this).then(_id => {
- next(null, hash, _id);
- });
- },
- // create the user object
- (hash, _id, next) => {
- next(null, {
- _id,
- name: username,
- username,
- email: {
- address: email,
- verificationToken
- },
- services: {
- password: {
- password: hash
- }
- }
- });
- },
- // generate the url for gravatar avatar
- (user, next) => {
- UtilsModule.runJob("CREATE_GRAVATAR", { email: user.email.address }, this).then(url => {
- const avatarColors = ["blue", "orange", "green", "purple", "teal"];
- user.avatar = {
- type: "initials",
- color: avatarColors[Math.floor(Math.random() * avatarColors.length)],
- url
- };
- next(null, user);
- });
- },
- // save the new user to the database
- (user, next) => {
- userModel.create(user, next);
- },
- // respond with the new user
- (user, next) => {
- verifyEmailSchema(email, username, verificationToken, err => {
- next(err, user._id);
- });
- },
- // create a liked songs playlist for the new user
- (userId, next) => {
- PlaylistsModule.runJob("CREATE_USER_PLAYLIST", {
- userId,
- displayName: "Liked Songs",
- type: "user-liked"
- })
- .then(likedSongsPlaylist => {
- next(null, likedSongsPlaylist, userId);
- })
- .catch(err => next(err));
- },
- // create a disliked songs playlist for the new user
- (likedSongsPlaylist, userId, next) => {
- PlaylistsModule.runJob("CREATE_USER_PLAYLIST", {
- userId,
- displayName: "Disliked Songs",
- type: "user-disliked"
- })
- .then(dislikedSongsPlaylist => {
- next(null, { likedSongsPlaylist, dislikedSongsPlaylist }, userId);
- })
- .catch(err => next(err));
- },
- // associate liked + disliked songs playlist to the user object
- ({ likedSongsPlaylist, dislikedSongsPlaylist }, userId, next) => {
- userModel.updateOne(
- { _id: userId },
- { $set: { likedSongsPlaylist, dislikedSongsPlaylist } },
- { runValidators: true },
- err => {
- if (err) return next(err);
- return next(null, userId);
- }
- );
- }
- ],
- async (err, userId) => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "USER_PASSWORD_REGISTER",
- `Register failed with password for user "${username}"."${err}"`
- );
- return cb({ status: "error", message: err });
- }
- ActivitiesModule.runJob("ADD_ACTIVITY", {
- userId,
- type: "user__joined",
- payload: { message: "Welcome to Musare!" }
- });
- this.log(
- "SUCCESS",
- "USER_PASSWORD_REGISTER",
- `Register successful with password for user "${username}".`
- );
- const res = await this.module.runJob(
- "RUN_ACTION2",
- {
- session,
- namespace: "users",
- action: "login",
- args: [email, password]
- },
- this
- );
- const obj = {
- status: "success",
- message: "Successfully registered."
- };
- if (res.status === "success") {
- obj.SID = res.data.SID;
- }
- return cb(obj);
- }
- );
- },
- /**
- * Logs out a user
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Function} cb - gets called with the result
- */
- logout(session, cb) {
- async.waterfall(
- [
- next => {
- CacheModule.runJob("HGET", { table: "sessions", key: session.sessionId }, this)
- .then(session => next(null, session))
- .catch(next);
- },
- (session, next) => {
- if (!session) return next("Session not found");
- return next(null, session);
- },
- (session, next) => {
- CacheModule.runJob("PUB", {
- channel: "user.removeSessions",
- value: session.userId
- });
- // temp fix, need to wait properly for the SUB/PUB refactor (on wekan)
- setTimeout(() => {
- CacheModule.runJob("HDEL", { table: "sessions", key: session.sessionId }, this)
- .then(() => next())
- .catch(next);
- }, 50);
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "USER_LOGOUT", `Logout failed. "${err}" `);
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "USER_LOGOUT", `Logout successful.`);
- return cb({
- status: "success",
- message: "Successfully logged out."
- });
- }
- );
- },
- /**
- * Checks if user's password is correct (e.g. before a sensitive action)
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} password - the password the user entered that we need to validate
- * @param {Function} cb - gets called with the result
- */
- confirmPasswordMatch: isLoginRequired(async function confirmPasswordMatch(session, password, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- return async.waterfall(
- [
- next => {
- if (!password || password === "") return next("Please provide a valid password.");
- return next();
- },
- next => {
- userModel.findOne({ _id: session.userId }, (err, user) =>
- next(err, user.services.password.password)
- );
- },
- (passwordHash, next) => {
- if (!passwordHash) return next("Your account doesn't have a password linked.");
- return bcrypt.compare(sha256(password), passwordHash, (err, match) => {
- if (err) return next(err);
- if (!match) return next(null, false);
- return next(null, true);
- });
- }
- ],
- async (err, match) => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "USER_CONFIRM_PASSWORD",
- `Couldn't confirm password for user "${session.userId}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- if (match) {
- this.log(
- "SUCCESS",
- "USER_CONFIRM_PASSWORD",
- `Successfully checked for password match (it matched) for user "${session.userId}".`
- );
- return cb({
- status: "success",
- message: "Your password matches."
- });
- }
- this.log(
- "SUCCESS",
- "USER_CONFIRM_PASSWORD",
- `Successfully checked for password match (it didn't match) for user "${session.userId}".`
- );
- return cb({
- status: "error",
- message: "Unfortunately your password doesn't match."
- });
- }
- );
- }),
- /**
- * Checks if user's github access token has expired or not (ie. if their github account is still linked)
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Function} cb - gets called with the result
- */
- confirmGithubLink: isLoginRequired(async function confirmGithubLink(session, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- return async.waterfall(
- [
- next => {
- userModel.findOne({ _id: session.userId }, (err, user) => next(err, user));
- },
- (user, next) => {
- if (!user.services.github) return next("You don't have GitHub linked to your account.");
- return axios
- .get(`https://api.github.com/user/emails`, {
- headers: {
- "User-Agent": "request",
- Authorization: `token ${user.services.github.access_token}`
- }
- })
- .then(res => next(null, res))
- .catch(err => next(err));
- },
- (res, next) => next(null, res.status === 200)
- ],
- async (err, linked) => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "USER_CONFIRM_GITHUB_LINK",
- `Couldn't confirm github link for user "${session.userId}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- this.log(
- "SUCCESS",
- "USER_CONFIRM_GITHUB_LINK",
- `GitHub is ${linked ? "linked" : "not linked"} for user "${session.userId}".`
- );
- return cb({
- status: "success",
- data: { linked },
- message: "Successfully checked if GitHub accounty was linked."
- });
- }
- );
- }),
- /**
- * Removes all sessions for a user
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} userId - the id of the user we are trying to delete the sessions of
- * @param {Function} cb - gets called with the result
- */
- removeSessions: isLoginRequired(async function removeSessions(session, userId, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.findOne({ _id: session.userId }, (err, user) => {
- if (err) return next(err);
- if (user.role !== "admin" && session.userId !== userId)
- return next("Only admins and the owner of the account can remove their sessions.");
- return next();
- });
- },
- next => {
- CacheModule.runJob("HGETALL", { table: "sessions" }, this)
- .then(sessions => {
- next(null, sessions);
- })
- .catch(next);
- },
- (sessions, next) => {
- if (!sessions) return next("There are no sessions for this user to remove.");
- const keys = Object.keys(sessions);
- return next(null, keys, sessions);
- },
- (keys, sessions, next) => {
- CacheModule.runJob("PUB", {
- channel: "user.removeSessions",
- value: userId
- });
- // temp fix, need to wait properly for the SUB/PUB refactor (on wekan)
- setTimeout(
- () =>
- async.each(
- keys,
- (sessionId, callback) => {
- const session = sessions[sessionId];
- if (session.userId === userId) {
- // TODO Also maybe add this to this runJob
- CacheModule.runJob("HDEL", {
- table: "sessions",
- key: sessionId
- })
- .then(() => callback(null))
- .catch(callback);
- }
- },
- err => {
- next(err);
- }
- ),
- 50
- );
- }
- ],
- async err => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "REMOVE_SESSIONS_FOR_USER",
- `Couldn't remove all sessions for user "${userId}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "REMOVE_SESSIONS_FOR_USER", `Removed all sessions for user "${userId}".`);
- return cb({
- status: "success",
- message: "Successfully removed all sessions."
- });
- }
- );
- }),
- /**
- * Updates the order of a user's favorite stations
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Array} favoriteStations - array of station ids (with a specific order)
- * @param {Function} cb - gets called with the result
- */
- updateOrderOfFavoriteStations: isLoginRequired(async function updateOrderOfFavoriteStations(
- session,
- favoriteStations,
- cb
- ) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.updateOne(
- { _id: session.userId },
- { $set: { favoriteStations } },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_ORDER_OF_USER_FAVORITE_STATIONS",
- `Couldn't update order of favorite stations for user "${session.userId}" to "${favoriteStations}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- CacheModule.runJob("PUB", {
- channel: "user.updateOrderOfFavoriteStations",
- value: {
- favoriteStations,
- userId: session.userId
- }
- });
- this.log(
- "SUCCESS",
- "UPDATE_ORDER_OF_USER_FAVORITE_STATIONS",
- `Updated order of favorite stations for user "${session.userId}" to "${favoriteStations}".`
- );
- return cb({
- status: "success",
- message: "Order of favorite stations successfully updated"
- });
- }
- );
- }),
- /**
- * Updates the order of a user's playlists
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Array} orderOfPlaylists - array of playlist ids (with a specific order)
- * @param {Function} cb - gets called with the result
- */
- updateOrderOfPlaylists: isLoginRequired(async function updateOrderOfPlaylists(session, orderOfPlaylists, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.updateOne(
- { _id: session.userId },
- { $set: { "preferences.orderOfPlaylists": orderOfPlaylists } },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_ORDER_OF_USER_PLAYLISTS",
- `Couldn't update order of playlists for user "${session.userId}" to "${orderOfPlaylists}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- CacheModule.runJob("PUB", {
- channel: "user.updateOrderOfPlaylists",
- value: {
- orderOfPlaylists,
- userId: session.userId
- }
- });
- this.log(
- "SUCCESS",
- "UPDATE_ORDER_OF_USER_PLAYLISTS",
- `Updated order of playlists for user "${session.userId}" to "${orderOfPlaylists}".`
- );
- return cb({
- status: "success",
- message: "Order of playlists successfully updated"
- });
- }
- );
- }),
- /**
- * Updates a user's preferences
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {object} preferences - object containing preferences
- * @param {boolean} preferences.nightmode - whether or not the user is using the night mode theme
- * @param {boolean} preferences.autoSkipDisliked - whether to automatically skip disliked songs
- * @param {boolean} preferences.activityLogPublic - whether or not a user's activity log can be publicly viewed
- * @param {boolean} preferences.anonymousSongRequests - whether or not a user's requested songs will be anonymous
- * @param {boolean} preferences.activityWatch - whether or not a user is using the ActivityWatch integration
- * @param {Function} cb - gets called with the result
- */
- updatePreferences: isLoginRequired(async function updatePreferences(session, preferences, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- const $set = {};
- Object.keys(preferences).forEach(preference => {
- $set[`preferences.${preference}`] = preferences[preference];
- });
- return next(null, $set);
- },
- ($set, next) => {
- userModel.findByIdAndUpdate(session.userId, { $set }, { new: false, upsert: true }, next);
- }
- ],
- async (err, user) => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_USER_PREFERENCES",
- `Couldn't update preferences for user "${session.userId}" to "${JSON.stringify(
- preferences
- )}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- CacheModule.runJob("PUB", {
- channel: "user.updatePreferences",
- value: {
- preferences,
- userId: session.userId
- }
- });
- if (preferences.nightmode !== undefined && preferences.nightmode !== user.preferences.nightmode)
- ActivitiesModule.runJob("ADD_ACTIVITY", {
- userId: session.userId,
- type: "user__toggle_nightmode",
- payload: { message: preferences.nightmode ? "Enabled nightmode" : "Disabled nightmode" }
- });
- if (
- preferences.autoSkipDisliked !== undefined &&
- preferences.autoSkipDisliked !== user.preferences.autoSkipDisliked
- )
- ActivitiesModule.runJob("ADD_ACTIVITY", {
- userId: session.userId,
- type: "user__toggle_autoskip_disliked_songs",
- payload: {
- message: preferences.autoSkipDisliked
- ? "Enabled the autoskipping of disliked songs"
- : "Disabled the autoskipping of disliked songs"
- }
- });
- if (
- preferences.activityWatch !== undefined &&
- preferences.activityWatch !== user.preferences.activityWatch
- )
- ActivitiesModule.runJob("ADD_ACTIVITY", {
- userId: session.userId,
- type: "user__toggle_activity_watch",
- payload: {
- message: preferences.activityWatch
- ? "Enabled ActivityWatch integration"
- : "Disabled ActivityWatch integration"
- }
- });
- this.log(
- "SUCCESS",
- "UPDATE_USER_PREFERENCES",
- `Updated preferences for user "${session.userId}" to "${JSON.stringify(preferences)}".`
- );
- return cb({
- status: "success",
- message: "Preferences successfully updated"
- });
- }
- );
- }),
- /**
- * Retrieves a user's preferences
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Function} cb - gets called with the result
- */
- getPreferences: isLoginRequired(async function updatePreferences(session, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.findById(session.userId).select({ preferences: -1 }).exec(next);
- }
- ],
- async (err, { preferences }) => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "GET_USER_PREFERENCES",
- `Couldn't retrieve preferences for user "${session.userId}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- this.log(
- "SUCCESS",
- "GET_USER_PREFERENCES",
- `Successfully obtained preferences for user "${session.userId}".`
- );
- return cb({
- status: "success",
- message: "Preferences successfully retrieved",
- data: { preferences }
- });
- }
- );
- }),
- /**
- * Gets user object from username (only a few properties)
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} username - the username of the user we are trying to find
- * @param {Function} cb - gets called with the result
- */
- findByUsername: async function findByUsername(session, username, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.findOne({ username: new RegExp(`^${username}$`, "i") }, next);
- },
- (account, next) => {
- if (!account) return next("User not found.");
- return next(null, account);
- }
- ],
- async (err, account) => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "FIND_BY_USERNAME", `User not found for username "${username}". "${err}"`);
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "FIND_BY_USERNAME", `User found for username "${username}".`);
- return cb({
- status: "success",
- data: {
- _id: account._id,
- name: account.name,
- username: account.username,
- location: account.location,
- bio: account.bio,
- role: account.role,
- avatar: account.avatar,
- createdAt: account.createdAt
- }
- });
- }
- );
- },
- /**
- * Gets a username from an userId
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} userId - the userId of the person we are trying to get the username from
- * @param {Function} cb - gets called with the result
- */
- async getUsernameFromId(session, userId, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- userModel
- .findById(userId)
- .then(user => {
- if (user) {
- this.log("SUCCESS", "GET_USERNAME_FROM_ID", `Found username for userId "${userId}".`);
- return cb({
- status: "success",
- data: { username: user.username }
- });
- }
- this.log(
- "ERROR",
- "GET_USERNAME_FROM_ID",
- `Getting the username from userId "${userId}" failed. User not found.`
- );
- return cb({
- status: "error",
- message: "Couldn't find the user."
- });
- })
- .catch(async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "GET_USERNAME_FROM_ID",
- `Getting the username from userId "${userId}" failed. "${err}"`
- );
- cb({ status: "error", message: err });
- }
- });
- },
- /**
- * Gets a user from a userId
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} userId - the userId of the person we are trying to get the username from
- * @param {Function} cb - gets called with the result
- */
- getUserFromId: isAdminRequired(async function getUserFromId(session, userId, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- userModel
- .findById(userId)
- .then(user => {
- if (user) {
- this.log("SUCCESS", "GET_USER_FROM_ID", `Found user for userId "${userId}".`);
- return cb({
- status: "success",
- data: {
- _id: user._id,
- username: user.username,
- role: user.role,
- liked: user.liked,
- disliked: user.disliked,
- songsRequested: user.statistics.songsRequested,
- email: {
- address: user.email.address,
- verified: user.email.verified
- },
- hasPassword: !!user.services.password,
- services: { github: user.services.github }
- }
- });
- }
- this.log(
- "ERROR",
- "GET_USER_FROM_ID",
- `Getting the user from userId "${userId}" failed. User not found.`
- );
- return cb({
- status: "error",
- message: "Couldn't find the user."
- });
- })
- .catch(async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "GET_USER_FROM_ID", `Getting the user from userId "${userId}" failed. "${err}"`);
- cb({ status: "error", message: err });
- }
- });
- }),
- /**
- * Gets user info from session
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Function} cb - gets called with the result
- */
- findBySession: isLoginRequired(async function findBySession(session, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- CacheModule.runJob(
- "HGET",
- {
- table: "sessions",
- key: session.sessionId
- },
- this
- )
- .then(session => next(null, session))
- .catch(next);
- },
- (session, next) => {
- if (!session) return next("Session not found.");
- return next(null, session);
- },
- (session, next) => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- return next(null, user);
- }
- ],
- async (err, user) => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "FIND_BY_SESSION", `User not found. "${err}"`);
- return cb({ status: "error", message: err });
- }
- const sanitisedUser = {
- email: {
- address: user.email.address
- },
- avatar: user.avatar,
- username: user.username,
- name: user.name,
- location: user.location,
- bio: user.bio
- };
- if (user.services.password && user.services.password.password) sanitisedUser.password = true;
- if (user.services.github && user.services.github.id) sanitisedUser.github = true;
- this.log("SUCCESS", "FIND_BY_SESSION", `User found. "${user.username}".`);
- return cb({
- status: "success",
- data: { user: sanitisedUser }
- });
- }
- );
- }),
- /**
- * Updates a user's username
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} updatingUserId - the updating user's id
- * @param {string} newUsername - the new username
- * @param {Function} cb - gets called with the result
- */
- updateUsername: isLoginRequired(async function updateUsername(session, updatingUserId, newUsername, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- if (updatingUserId === session.userId) return next(null, true);
- return userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin")) return next("Invalid permissions.");
- return userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- if (user.username === newUsername)
- return next("New username can't be the same as the old username.");
- return next(null);
- },
- next => {
- userModel.findOne({ username: new RegExp(`^${newUsername}$`, "i") }, next);
- },
- (user, next) => {
- if (!user) return next();
- if (user._id === updatingUserId) return next();
- return next("That username is already in use.");
- },
- next => {
- userModel.updateOne(
- { _id: updatingUserId },
- { $set: { username: newUsername } },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_USERNAME",
- `Couldn't update username for user "${updatingUserId}" to username "${newUsername}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- CacheModule.runJob("PUB", {
- channel: "user.updateUsername",
- value: {
- username: newUsername,
- _id: updatingUserId
- }
- });
- this.log(
- "SUCCESS",
- "UPDATE_USERNAME",
- `Updated username for user "${updatingUserId}" to username "${newUsername}".`
- );
- return cb({
- status: "success",
- message: "Username updated successfully"
- });
- }
- );
- }),
- /**
- * Updates a user's email
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} updatingUserId - the updating user's id
- * @param {string} newEmail - the new email
- * @param {Function} cb - gets called with the result
- */
- updateEmail: isLoginRequired(async function updateEmail(session, updatingUserId, newEmail, cb) {
- newEmail = newEmail.toLowerCase();
- const verificationToken = await UtilsModule.runJob("GENERATE_RANDOM_STRING", { length: 64 }, this);
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- const verifyEmailSchema = await MailModule.runJob("GET_SCHEMA", { schemaName: "verifyEmail" }, this);
- async.waterfall(
- [
- next => {
- if (updatingUserId === session.userId) return next(null, true);
- return userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin")) return next("Invalid permissions.");
- return userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- if (user.email.address === newEmail)
- return next("New email can't be the same as your the old email.");
- return next();
- },
- next => {
- userModel.findOne({ "email.address": newEmail }, next);
- },
- (user, next) => {
- if (!user) return next();
- if (user._id === updatingUserId) return next();
- return next("That email is already in use.");
- },
- // regenerate the url for gravatar avatar
- next => {
- UtilsModule.runJob("CREATE_GRAVATAR", { email: newEmail }, this).then(url => {
- next(null, url);
- });
- },
- (newAvatarUrl, next) => {
- userModel.updateOne(
- { _id: updatingUserId },
- {
- $set: {
- "avatar.url": newAvatarUrl,
- "email.address": newEmail,
- "email.verified": false,
- "email.verificationToken": verificationToken
- }
- },
- { runValidators: true },
- next
- );
- },
- (res, next) => {
- userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- verifyEmailSchema(newEmail, user.username, verificationToken, err => {
- next(err);
- });
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_EMAIL",
- `Couldn't update email for user "${updatingUserId}" to email "${newEmail}". '${err}'`
- );
- return cb({ status: "error", message: err });
- }
- this.log(
- "SUCCESS",
- "UPDATE_EMAIL",
- `Updated email for user "${updatingUserId}" to email "${newEmail}".`
- );
- return cb({
- status: "success",
- message: "Email updated successfully."
- });
- }
- );
- }),
- /**
- * Updates a user's name
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} updatingUserId - the updating user's id
- * @param {string} newBio - the new name
- * @param {Function} cb - gets called with the result
- */
- updateName: isLoginRequired(async function updateName(session, updatingUserId, newName, cb) {
- const userModel = await DBModule.runJob(
- "GET_MODEL",
- {
- modelName: "user"
- },
- this
- );
- async.waterfall(
- [
- next => {
- if (updatingUserId === session.userId) return next(null, true);
- return userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin")) return next("Invalid permissions.");
- return userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- return userModel.updateOne(
- { _id: updatingUserId },
- { $set: { name: newName } },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_NAME",
- `Couldn't update name for user "${updatingUserId}" to name "${newName}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- ActivitiesModule.runJob("ADD_ACTIVITY", {
- userId: updatingUserId,
- type: "user__edit_name",
- payload: { message: `Changed name to ${newName}` }
- });
- this.log("SUCCESS", "UPDATE_NAME", `Updated name for user "${updatingUserId}" to name "${newName}".`);
- return cb({
- status: "success",
- message: "Name updated successfully"
- });
- }
- );
- }),
- /**
- * Updates a user's location
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} updatingUserId - the updating user's id
- * @param {string} newLocation - the new location
- * @param {Function} cb - gets called with the result
- */
- updateLocation: isLoginRequired(async function updateLocation(session, updatingUserId, newLocation, cb) {
- const userModel = await DBModule.runJob(
- "GET_MODEL",
- {
- modelName: "user"
- },
- this
- );
- async.waterfall(
- [
- next => {
- if (updatingUserId === session.userId) return next(null, true);
- return userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin")) return next("Invalid permissions.");
- return userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- return userModel.updateOne(
- { _id: updatingUserId },
- { $set: { location: newLocation } },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_LOCATION",
- `Couldn't update location for user "${updatingUserId}" to location "${newLocation}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- ActivitiesModule.runJob("ADD_ACTIVITY", {
- userId: updatingUserId,
- type: "user__edit_location",
- payload: { message: `Changed location to ${newLocation}` }
- });
- this.log(
- "SUCCESS",
- "UPDATE_LOCATION",
- `Updated location for user "${updatingUserId}" to location "${newLocation}".`
- );
- return cb({
- status: "success",
- message: "Location updated successfully"
- });
- }
- );
- }),
- /**
- * Updates a user's bio
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} updatingUserId - the updating user's id
- * @param {string} newBio - the new bio
- * @param {Function} cb - gets called with the result
- */
- updateBio: isLoginRequired(async function updateBio(session, updatingUserId, newBio, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- if (updatingUserId === session.userId) return next(null, true);
- return userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin")) return next("Invalid permissions.");
- return userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- return userModel.updateOne(
- { _id: updatingUserId },
- { $set: { bio: newBio } },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_BIO",
- `Couldn't update bio for user "${updatingUserId}" to bio "${newBio}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- ActivitiesModule.runJob("ADD_ACTIVITY", {
- userId: updatingUserId,
- type: "user__edit_bio",
- payload: { message: `Changed bio to ${newBio}` }
- });
- this.log("SUCCESS", "UPDATE_BIO", `Updated bio for user "${updatingUserId}" to bio "${newBio}".`);
- return cb({
- status: "success",
- message: "Bio updated successfully"
- });
- }
- );
- }),
- /**
- * Updates a user's avatar
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} updatingUserId - the updating user's id
- * @param {string} newAvatar - the new avatar object
- * @param {Function} cb - gets called with the result
- */
- updateAvatar: isLoginRequired(async function updateAvatarType(session, updatingUserId, newAvatar, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- if (updatingUserId === session.userId) return next(null, true);
- return userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (user !== true && (!user || user.role !== "admin")) return next("Invalid permissions.");
- return userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- return userModel.findOneAndUpdate(
- { _id: updatingUserId },
- { $set: { "avatar.type": newAvatar.type, "avatar.color": newAvatar.color } },
- { new: true, runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_AVATAR",
- `Couldn't update avatar for user "${updatingUserId}" to type "${newAvatar.type}" and color "${newAvatar.color}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- ActivitiesModule.runJob("ADD_ACTIVITY", {
- userId: updatingUserId,
- type: "user__edit_avatar",
- payload: { message: `Changed avatar to use ${newAvatar.type} and ${newAvatar.color}` }
- });
- this.log(
- "SUCCESS",
- "UPDATE_AVATAR",
- `Updated avatar for user "${updatingUserId}" to type "${newAvatar.type} and color ${newAvatar.color}".`
- );
- return cb({
- status: "success",
- message: "Avatar updated successfully"
- });
- }
- );
- }),
- /**
- * Updates a user's role
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} updatingUserId - the updating user's id
- * @param {string} newRole - the new role
- * @param {Function} cb - gets called with the result
- */
- updateRole: isAdminRequired(async function updateRole(session, updatingUserId, newRole, cb) {
- newRole = newRole.toLowerCase();
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.findOne({ _id: updatingUserId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- if (user.role === newRole) return next("New role can't be the same as the old role.");
- return next();
- },
- next => {
- userModel.updateOne(
- { _id: updatingUserId },
- { $set: { role: newRole } },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_ROLE",
- `User "${session.userId}" couldn't update role for user "${updatingUserId}" to role "${newRole}". "${err}"`
- );
- return cb({ status: "error", message: err });
- }
- this.log(
- "SUCCESS",
- "UPDATE_ROLE",
- `User "${session.userId}" updated the role of user "${updatingUserId}" to role "${newRole}".`
- );
- return cb({
- status: "success",
- message: "Role successfully updated."
- });
- }
- );
- }),
- /**
- * Updates a user's password
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} previousPassword - the previous password
- * @param {string} newPassword - the new password
- * @param {Function} cb - gets called with the result
- */
- updatePassword: isLoginRequired(async function updatePassword(session, previousPassword, newPassword, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user.services.password) return next("This account does not have a password set.");
- return next(null, user.services.password.password);
- },
- (storedPassword, next) => {
- bcrypt.compare(sha256(previousPassword), storedPassword).then(res => {
- if (res) return next();
- return next("Please enter the correct previous password.");
- });
- },
- next => {
- if (!DBModule.passwordValid(newPassword))
- return next("Invalid new password. Check if it meets all the requirements.");
- return next();
- },
- next => {
- bcrypt.genSalt(10, next);
- },
- // hash the password
- (salt, next) => {
- bcrypt.hash(sha256(newPassword), salt, next);
- },
- (hashedPassword, next) => {
- userModel.updateOne(
- { _id: session.userId },
- {
- $set: {
- "services.password.password": hashedPassword
- }
- },
- next
- );
- }
- ],
- async err => {
- if (err) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UPDATE_PASSWORD",
- `Failed updating user password of user '${session.userId}'. '${err}'.`
- );
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "UPDATE_PASSWORD", `User '${session.userId}' updated their password.`);
- return cb({
- status: "success",
- message: "Password successfully updated."
- });
- }
- );
- }),
- /**
- * Requests a password for a session
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} email - the email of the user that requests a password reset
- * @param {Function} cb - gets called with the result
- */
- requestPassword: isLoginRequired(async function requestPassword(session, cb) {
- const code = await UtilsModule.runJob("GENERATE_RANDOM_STRING", { length: 8 }, this);
- const passwordRequestSchema = await MailModule.runJob(
- "GET_SCHEMA",
- {
- schemaName: "passwordRequest"
- },
- this
- );
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- if (user.services.password && user.services.password.password)
- return next("You already have a password set.");
- return next(null, user);
- },
- (user, next) => {
- const expires = new Date();
- expires.setDate(expires.getDate() + 1);
- userModel.findOneAndUpdate(
- { "email.address": user.email.address },
- {
- $set: {
- "services.password": {
- set: { code, expires }
- }
- }
- },
- { runValidators: true },
- next
- );
- },
- (user, next) => {
- passwordRequestSchema(user.email.address, user.username, code, next);
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "REQUEST_PASSWORD",
- `UserId '${session.userId}' failed to request password. '${err}'`
- );
- return cb({ status: "error", message: err });
- }
- this.log(
- "SUCCESS",
- "REQUEST_PASSWORD",
- `UserId '${session.userId}' successfully requested a password.`
- );
- return cb({
- status: "success",
- message: "Successfully requested password."
- });
- }
- );
- }),
- /**
- * Verifies a password code
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} code - the password code
- * @param {Function} cb - gets called with the result
- */
- verifyPasswordCode: isLoginRequired(async function verifyPasswordCode(session, code, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- if (!code || typeof code !== "string") return next("Invalid code.");
- return userModel.findOne(
- {
- "services.password.set.code": code,
- _id: session.userId
- },
- next
- );
- },
- (user, next) => {
- if (!user) return next("Invalid code.");
- if (user.services.password.set.expires < new Date()) return next("That code has expired.");
- return next(null);
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "VERIFY_PASSWORD_CODE", `Code '${code}' failed to verify. '${err}'`);
- cb({ status: "error", message: err });
- } else {
- this.log("SUCCESS", "VERIFY_PASSWORD_CODE", `Code '${code}' successfully verified.`);
- cb({
- status: "success",
- message: "Successfully verified password code."
- });
- }
- }
- );
- }),
- /**
- * Adds a password to a user with a code
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} code - the password code
- * @param {string} newPassword - the new password code
- * @param {Function} cb - gets called with the result
- */
- changePasswordWithCode: isLoginRequired(async function changePasswordWithCode(session, code, newPassword, cb) {
- const userModel = await DBModule.runJob(
- "GET_MODEL",
- {
- modelName: "user"
- },
- this
- );
- async.waterfall(
- [
- next => {
- if (!code || typeof code !== "string") return next("Invalid code.");
- return userModel.findOne({ "services.password.set.code": code }, next);
- },
- (user, next) => {
- if (!user) return next("Invalid code.");
- if (!user.services.password.set.expires > new Date()) return next("That code has expired.");
- return next();
- },
- next => {
- if (!DBModule.passwordValid(newPassword))
- return next("Invalid password. Check if it meets all the requirements.");
- return next();
- },
- next => {
- bcrypt.genSalt(10, next);
- },
- // hash the password
- (salt, next) => {
- bcrypt.hash(sha256(newPassword), salt, next);
- },
- (hashedPassword, next) => {
- userModel.updateOne(
- { "services.password.set.code": code },
- {
- $set: {
- "services.password.password": hashedPassword
- },
- $unset: { "services.password.set": "" }
- },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "ADD_PASSWORD_WITH_CODE", `Code '${code}' failed to add password. '${err}'`);
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "ADD_PASSWORD_WITH_CODE", `Code '${code}' successfully added password.`);
- CacheModule.runJob("PUB", {
- channel: "user.linkPassword",
- value: session.userId
- });
- return cb({
- status: "success",
- message: "Successfully added password."
- });
- }
- );
- }),
- /**
- * Unlinks password from user
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Function} cb - gets called with the result
- */
- unlinkPassword: isLoginRequired(async function unlinkPassword(session, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user) return next("Not logged in.");
- if (!user.services.github || !user.services.github.id)
- return next("You can't remove password login without having GitHub login.");
- return userModel.updateOne({ _id: session.userId }, { $unset: { "services.password": "" } }, next);
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UNLINK_PASSWORD",
- `Unlinking password failed for userId '${session.userId}'. '${err}'`
- );
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "UNLINK_PASSWORD", `Unlinking password successful for userId '${session.userId}'.`);
- CacheModule.runJob("PUB", {
- channel: "user.unlinkPassword",
- value: session.userId
- });
- return cb({
- status: "success",
- message: "Successfully unlinked password."
- });
- }
- );
- }),
- /**
- * Unlinks GitHub from user
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {Function} cb - gets called with the result
- */
- unlinkGitHub: isLoginRequired(async function unlinkGitHub(session, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- userModel.findOne({ _id: session.userId }, next);
- },
- (user, next) => {
- if (!user) return next("Not logged in.");
- if (!user.services.password || !user.services.password.password)
- return next("You can't remove GitHub login without having password login.");
- return userModel.updateOne({ _id: session.userId }, { $unset: { "services.github": "" } }, next);
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "UNLINK_GITHUB",
- `Unlinking GitHub failed for userId '${session.userId}'. '${err}'`
- );
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "UNLINK_GITHUB", `Unlinking GitHub successful for userId '${session.userId}'.`);
- CacheModule.runJob("PUB", {
- channel: "user.unlinkGithub",
- value: session.userId
- });
- return cb({
- status: "success",
- message: "Successfully unlinked GitHub."
- });
- }
- );
- }),
- /**
- * Requests a password reset for an email
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} email - the email of the user that requests a password reset
- * @param {Function} cb - gets called with the result
- */
- async requestPasswordReset(session, email, cb) {
- const code = await UtilsModule.runJob("GENERATE_RANDOM_STRING", { length: 8 }, this);
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- const resetPasswordRequestSchema = await MailModule.runJob(
- "GET_SCHEMA",
- { schemaName: "resetPasswordRequest" },
- this
- );
- async.waterfall(
- [
- next => {
- if (!email || typeof email !== "string") return next("Invalid email.");
- email = email.toLowerCase();
- return userModel.findOne({ "email.address": email }, next);
- },
- (user, next) => {
- if (!user) return next("User not found.");
- if (!user.services.password || !user.services.password.password)
- return next("User does not have a password set, and probably uses GitHub to log in.");
- return next(null, user);
- },
- (user, next) => {
- const expires = new Date();
- expires.setDate(expires.getDate() + 1);
- userModel.findOneAndUpdate(
- { "email.address": email },
- {
- $set: {
- "services.password.reset": {
- code,
- expires
- }
- }
- },
- { runValidators: true },
- next
- );
- },
- (user, next) => {
- resetPasswordRequestSchema(user.email.address, user.username, code, next);
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "REQUEST_PASSWORD_RESET",
- `Email '${email}' failed to request password reset. '${err}'`
- );
- return cb({ status: "error", message: err });
- }
- this.log(
- "SUCCESS",
- "REQUEST_PASSWORD_RESET",
- `Email '${email}' successfully requested a password reset.`
- );
- return cb({
- status: "success",
- message: "Successfully requested password reset."
- });
- }
- );
- },
- /**
- * Requests a password reset for a a user as an admin
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} email - the email of the user for which the password reset is intended
- * @param {Function} cb - gets called with the result
- */
- adminRequestPasswordReset: isAdminRequired(async function adminRequestPasswordReset(session, userId, cb) {
- const code = await UtilsModule.runJob("GENERATE_RANDOM_STRING", { length: 8 }, this);
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- const resetPasswordRequestSchema = await MailModule.runJob(
- "GET_SCHEMA",
- { schemaName: "resetPasswordRequest" },
- this
- );
- async.waterfall(
- [
- next => userModel.findOne({ _id: userId }, next),
- (user, next) => {
- if (!user) return next("User not found.");
- if (!user.services.password || !user.services.password.password)
- return next("User does not have a password set, and probably uses GitHub to log in.");
- return next();
- },
- next => {
- const expires = new Date();
- expires.setDate(expires.getDate() + 1);
- userModel.findOneAndUpdate(
- { _id: userId },
- {
- $set: {
- "services.password.reset": {
- code,
- expires
- }
- }
- },
- { runValidators: true },
- next
- );
- },
- (user, next) => {
- resetPasswordRequestSchema(user.email.address, user.username, code, next);
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "ADMINREQUEST_PASSWORD_RESET",
- `User '${userId}' failed to get a password reset. '${err}'`
- );
- return cb({ status: "error", message: err });
- }
- this.log(
- "SUCCESS",
- "ADMIN_REQUEST_PASSWORD_RESET",
- `User '${userId}' successfully got sent a password reset.`
- );
- return cb({
- status: "success",
- message: "Successfully requested password reset for user."
- });
- }
- );
- }),
- /**
- * Verifies a reset code
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} code - the password reset code
- * @param {Function} cb - gets called with the result
- */
- async verifyPasswordResetCode(session, code, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- if (!code || typeof code !== "string") return next("Invalid code.");
- return userModel.findOne({ "services.password.reset.code": code }, next);
- },
- (user, next) => {
- if (!user) return next("Invalid code.");
- if (!user.services.password.reset.expires > new Date()) return next("That code has expired.");
- return next(null);
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log("ERROR", "VERIFY_PASSWORD_RESET_CODE", `Code '${code}' failed to verify. '${err}'`);
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "VERIFY_PASSWORD_RESET_CODE", `Code '${code}' successfully verified.`);
- return cb({
- status: "success",
- message: "Successfully verified password reset code."
- });
- }
- );
- },
- /**
- * Changes a user's password with a reset code
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} code - the password reset code
- * @param {string} newPassword - the new password reset code
- * @param {Function} cb - gets called with the result
- */
- async changePasswordWithResetCode(session, code, newPassword, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- async.waterfall(
- [
- next => {
- if (!code || typeof code !== "string") return next("Invalid code.");
- return userModel.findOne({ "services.password.reset.code": code }, next);
- },
- (user, next) => {
- if (!user) return next("Invalid code.");
- if (!user.services.password.reset.expires > new Date()) return next("That code has expired.");
- return next();
- },
- next => {
- if (!DBModule.passwordValid(newPassword))
- return next("Invalid password. Check if it meets all the requirements.");
- return next();
- },
- next => {
- bcrypt.genSalt(10, next);
- },
- // hash the password
- (salt, next) => {
- bcrypt.hash(sha256(newPassword), salt, next);
- },
- (hashedPassword, next) => {
- userModel.updateOne(
- { "services.password.reset.code": code },
- {
- $set: {
- "services.password.password": hashedPassword
- },
- $unset: { "services.password.reset": "" }
- },
- { runValidators: true },
- next
- );
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "CHANGE_PASSWORD_WITH_RESET_CODE",
- `Code '${code}' failed to change password. '${err}'`
- );
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "CHANGE_PASSWORD_WITH_RESET_CODE", `Code '${code}' successfully changed password.`);
- return cb({
- status: "success",
- message: "Successfully changed password."
- });
- }
- );
- },
- /**
- * Resends the verify email email
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} userId - the user id of the person to resend the email to
- * @param {Function} cb - gets called with the result
- */
- resendVerifyEmail: isAdminRequired(async function resendVerifyEmail(session, userId, cb) {
- const userModel = await DBModule.runJob("GET_MODEL", { modelName: "user" }, this);
- const verifyEmailSchema = await MailModule.runJob("GET_SCHEMA", { schemaName: "verifyEmail" }, this);
- async.waterfall(
- [
- next => userModel.findOne({ _id: userId }, next),
- (user, next) => {
- if (!user) return next("User not found.");
- if (user.email.verified) return next("The user's email is already verified.");
- return next(null, user);
- },
- (user, next) => {
- verifyEmailSchema(user.email.address, user.username, user.email.verificationToken, err => {
- next(err);
- });
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "RESEND_VERIFY_EMAIL",
- `Couldn't resend verify email for user "${userId}". '${err}'`
- );
- return cb({ status: "error", message: err });
- }
- this.log("SUCCESS", "RESEND_VERIFY_EMAIL", `Resent verify email for user "${userId}".`);
- return cb({
- status: "success",
- message: "Email resent successfully."
- });
- }
- );
- }),
- /**
- * Bans a user by userId
- *
- * @param {object} session - the session object automatically added by the websocket
- * @param {string} value - the user id that is going to be banned
- * @param {string} reason - the reason for the ban
- * @param {string} expiresAt - the time the ban expires
- * @param {Function} cb - gets called with the result
- */
- banUserById: isAdminRequired(function banUserById(session, userId, reason, expiresAt, cb) {
- async.waterfall(
- [
- next => {
- if (!userId) return next("You must provide a userId to ban.");
- if (!reason) return next("You must provide a reason for the ban.");
- return next();
- },
- next => {
- if (!expiresAt || typeof expiresAt !== "string") return next("Invalid expire date.");
- const date = new Date();
- switch (expiresAt) {
- case "1h":
- expiresAt = date.setHours(date.getHours() + 1);
- break;
- case "12h":
- expiresAt = date.setHours(date.getHours() + 12);
- break;
- case "1d":
- expiresAt = date.setDate(date.getDate() + 1);
- break;
- case "1w":
- expiresAt = date.setDate(date.getDate() + 7);
- break;
- case "1m":
- expiresAt = date.setMonth(date.getMonth() + 1);
- break;
- case "3m":
- expiresAt = date.setMonth(date.getMonth() + 3);
- break;
- case "6m":
- expiresAt = date.setMonth(date.getMonth() + 6);
- break;
- case "1y":
- expiresAt = date.setFullYear(date.getFullYear() + 1);
- break;
- case "never":
- expiresAt = new Date(3093527980800000);
- break;
- default:
- return next("Invalid expire date.");
- }
- return next();
- },
- next => {
- PunishmentsModule.runJob(
- "ADD_PUNISHMENT",
- {
- type: "banUserId",
- value: userId,
- reason,
- expiresAt,
- punishedBy: session.userId
- },
- this
- )
- .then(punishment => next(null, punishment))
- .catch(next);
- },
- (punishment, next) => {
- CacheModule.runJob("PUB", {
- channel: "user.ban",
- value: { userId, punishment }
- });
- next();
- }
- ],
- async err => {
- if (err && err !== true) {
- err = await UtilsModule.runJob("GET_ERROR", { error: err }, this);
- this.log(
- "ERROR",
- "BAN_USER_BY_ID",
- `User ${session.userId} failed to ban user ${userId} with the reason ${reason}. '${err}'`
- );
- return cb({ status: "error", message: err });
- }
- this.log(
- "SUCCESS",
- "BAN_USER_BY_ID",
- `User ${session.userId} has successfully banned user ${userId} with the reason ${reason}.`
- );
- return cb({
- status: "success",
- message: "Successfully banned user."
- });
- }
- );
- })
- };
|