mifi/pfosi-looking-api
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Mike Fitzpatrick
2018-03-02 03:00:51 -05:00
commit 834c66b216
21 changed files with 3365 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

208
routes/auth.js Normal file
View File

@@ -0,0 +1,208 @@
const EventEmitter = require('events');
const Express = require('express');
const ResetModel = require('../models/reset');
const Router = Express.Router();
const Token = require('../modules/token');
const UserModel = require('../models/user');
Router.route('/login')
.post((req, res, next) => {
var AuthEvents = new EventEmitter();
var data = req.body;
var headers = req.headers;
AuthEvents.once('authenticateUser', (err, result) => {
console.log('[AuthRoute::POST::/auth/login] User Authenticated', { err: err, result: result });
login = result || {};
login.status = result.status || 500;
if (err) {
login.err = err;
res.status(login.status).json(login);
}
if (login) {
// Authenticated - create session
if (login.authorized) {
var TokenEvents = new EventEmitter();
TokenEvents.once('token:create', (err, token) => {
if (err) {
login = {
status: 500,
authorized: false,
err: err
};
}
if (token) {
login.token = token;
res.status(login.status).json(login);
}
});
Token.create(TokenEvents, login.user);
}
// Authentication failed
else {
res.status(login.status).json(login);
}
}
});
UserModel.authenticateUser(AuthEvents, data, headers);
});
Router.route('/reset/godmode')
.get((req, res) => {
var ResetEvents = new EventEmitter();
ResetEvents.once('getResets', (err, result) => {
if (err) {
res.status(500).json({ message: 'There was a problem executing your request', err: err });
}
if (result) {
res.status(200).json(result);
}
});
ResetModel.getResets(ResetEvents);
});
Router.route('/reset/:id?/:token?')
.get((req, res) => {
var id = req.params.id ? decodeURIComponent(req.params.id) : false;
var token = req.params.token ? decodeURIComponent(req.params.token) : false;
var ResetEvents = new EventEmitter();
ResetEvents.once('checkReset', (err, result) => {
if (err) {
res.status(500).json({ message: 'There was an error validating the password reset', err: err });
}
if (result) {
res.status(200).json(result);
}
});
ResetModel.checkReset(ResetEvents, id, token);
})
.post((req, res) => {
var username = req.body.username;
var ResetEvents = new EventEmitter();
ResetEvents.once('sendReset', (err, result) => {
if (err) {
console.log('[routes/auth::sendReset] Error: ', { err: err });
res.status(500).json({ message: 'There was an error requesting the password reset', err: err });
}
if (result) {
console.log('[routes/auth::sendReset] Success: ', { result: result });
res.status(200).json(result);
}
});
UserModel.findUser({ userName: username }, (err, user) => {
ResetModel.sendReset(ResetEvents, user);
});
})
.put((req, res) => {
var id = req.params.id ? decodeURIComponent(req.params.id) : false;
var token = req.params.token ? decodeURIComponent(req.params.token) : false;
var data = req.body;
var UserEvents = new EventEmitter();
UserEvents.once('updatePassword', (err, result) => {
if (err) {
res.status(500).json({ message: err.message, err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.updatePassword(UserEvents, id, token, data);
});
Router.route('/godmode/:username?')
.patch((req, res) => {
var username = req.params.username ? decodeURIComponent(req.params.username) : false;
var password = req.body;
var UserEvents = new EventEmitter();
UserEvents.once('adminUpdatePassword', (err, result) => {
if (err) {
res.status(500).json({ message: err.message, err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.adminUpdatePassword(UserEvents, username, password);
});
Router.route('/session')
.get((req, res) => {
var AuthEvents = new EventEmitter();
var token = req.get('authorization');
AuthEvents.once('token:validate', (err, result) => {
if (err) {
res.status(500).json({ message: 'There was an error validating the token', err: err });
}
if (result) {
res.status(200).json(result);
}
});
Token.validate(AuthEvents, token);
})
.post((req, res) => {
var AuthEvents = new EventEmitter();
AuthEvents.once('token:create', (err, token) => {
if (err) {
res.status(500).json({
status: 500,
authorized: false,
err: err
});
}
if (token) {
res.status(200).json({
status: 200,
authorized: false,
token: token
});
}
});
Token.anonymous(AuthEvents);
})
.put((req, res) => {
var AuthEvents = new EventEmitter();
var token = req.get('authorization');
AuthEvents.once('token:refresh', (err, token) => {
if (err) {
res.status(500).json({ message: 'There was an error refreshing the token', err: err });
}
if (token) {
res.status(200).json(token);
}
});
Token.refresh(AuthEvents, token);
});
module.exports = Router;

86
routes/geocache.js Normal file
View File

@@ -0,0 +1,86 @@
var EventEmitter = require('events');
var Express = require('express');
var GeocacheModel = require('../models/geocache');
var Router = Express.Router();
var Token = require('../modules/token');
function updateGeocache (req, res, next) {
Token.verifyThen(req.get('authorization'), 'manageAppPreferences', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var GeoEvents = new EventEmitter();
var id = req.params.id;
var data = req.body;
GeoEvents.once('update', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not get geodata' + (id ? ' for id: ' + id : ''), err: err });
}
if (result) {
res.status(200).json(result);
}
});
GeocacheModel.update(GeoEvents, id, geodata);
});
}
Router.route('/populate/:field')
.get((req, res, next) => {
Token.verifyThen(req.get('authorization'), 'manageAppPreferences', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var GeoEvents = new EventEmitter();
var method = 'populate' + (req.params.field[0].toUpperCase() + req.params.field.substring(1));
GeoEvents.once(method, (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not get geodata' + (id ? ' for id: ' + id : ''), err: err });
}
if (result) {
res.status(200).json(result);
}
});
GeocacheModel[method](GeoEvents);
});
});
Router.route('/:id?')
.get((req, res, next) => {
Token.verifyThen(req.get('authorization'), 'viewPublicDetails', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var GeoEvents = new EventEmitter();
var id = req.params.id || false;
var method = id ? 'getGeo' : 'getGeos';
GeoEvents.once(method, (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not get geodata' + (id ? ' for id: ' + id : ''), err: err });
}
if (result) {
res.status(200).json(result);
}
});
GeocacheModel[method](GeoEvents, id || null);
});
})
.patch( updateGeocache )
.post( updateGeocache )
.put( updateGeocache );
module.exports = Router;

224
routes/profiles.js Normal file
View File

@@ -0,0 +1,224 @@
var EventEmitter = require('events');
var Express = require('express');
var Profiles = require('../models/profile');
var Router = Express.Router();
var Token = require('../modules/token');
function update (req, res, next) {
Token.verifyThen(req.get('authorization'), 'edit', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var ProfileEvents = new EventEmitter();
var id = req.params.id;
var data = req.body;
if (!id || !data) {
res.status(500).json({ message: 'No profile id or data specified.', err: err });
return;
}
ProfileEvents.once('update', (err, result) => {
if (err) {
res.status(500).json({message: 'Could not update profile id: ' + id, err: err});
}
if (result) {
res.status(200).json(result);
}
});
Profiles.update(ProfileEvents, id, data);
});
}
function updateMessage (req, res, next) {
Token.verifyThen(req.get('authorization'), 'edit', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var ProfileEvents = new EventEmitter();
var profileId = req.params.profileId;
var messageId = req.params.messageId;
var data = req.body;
if (!id || !data) {
res.status(500).json({ message: 'No profile id or data specified.', err: err });
return;
}
ProfileEvents.once('updateMessage', (err, result) => {
if (err) {
res.status(500).json({message: 'Could not update profile id: ' + id, err: err});
}
if (result) {
res.status(200).json(result);
}
});
Profiles.updateMessage(ProfileEvents, profileId, messageId, data);
});
}
Router.route('/')
.post((req, res) => {
// Token.verifyThen(req.get('authorization'), 'add', (err, decoded) => {
// if (err) {
// res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
// return;
// }
var ProfileEvents = new EventEmitter();
var profile = Array.isArray(req.body) ? req.body : [ req.body ];
var multi = profile.length > 1;
ProfileEvents.once('create', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not create profile' + (multi ? 's' : ''), err: err, profile: profile });
}
if (result) {
res.status(200).json(result);
}
});
Profiles.create(ProfileEvents, profile);
// });
});
Router.route('/find/:limit?/:skip?/:min?/:max?/:pos?/:lkng?/:tribes?/:ethnos?')
.get((req, res) => {
Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var ProfileEvents = new EventEmitter();
var find = processQueryParams(req.params);
var query = {
find: find,
select: null,
options: {
limit: 0,
skip: 0,
sort: { 'order': 1 }
}
};
ProfileEvents.once('find', (err, result) => {
if (err) {
res.status(500).json({ message: 'There was an error getting the vendor list', err: err });
}
if (result) {
res.status(200).json(result);
}
});
Profiles.find(ProfileEvents, query);
});
});
Router.route('/list/:limit?/:skip?/:min?/:max?/:pos?/:lkng?/:tribes?/:ethnos?')
.get((req, res) => {
Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var ProfileEvents = new EventEmitter();
var find = processQueryParams(req.params);
var query = {
find: find,
select: '_id order details.name details.pics.thumbnail',
options: {
limit: 0,
skip: 0,
sort: { 'order': 1 }
}
};
ProfileEvents.once('find', (err, result) => {
if (err) {
res.status(500).json({ message: 'There was an error getting the vendor list', err: err });
}
if (result) {
res.status(200).json(result);
}
});
Profiles.find(ProfileEvents, query);
});
});
Router.route('/:profileId?/messages/:messageId?')
.delete((req, res) => {
})
.get((req, res) => {
})
.patch( updateMessage )
.put( updateMessage );
Router.route('/:id?')
.delete( (req, res) => {
Token.verifyThen(req.get('authorization'), 'delete', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var ProfileEvents = new EventEmitter();
var id = req.params.id;
ProfileEvents.once('delete', (err, result) => {
if (err) {
res.status(500).json({message: 'Could not delete profile id: ' + id, err: err});
}
if (result) {
res.status(204).json({});
}
});
Profiles.delete(ProfileEvents, id);
});
})
.get( (req, res) => {
Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var ProfileEvents = new EventEmitter();
var id = req.params.id || null;
ProfileEvents.once(method, (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not get profile' + (id ? '' : 's'), err: err });
}
if (result) {
res.status(200).json(result);
}
});
Profiles.get(ProfileEvents, id || null);
});
})
.patch( update )
.put( update );
module.exports = Router;

152
routes/roles.js Normal file
View File

@@ -0,0 +1,152 @@
var Express = require('express');
var Router = Express.Router();
var EventEmitter = require('events');
var RoleModel = require('../models/role');
var Token = require('../modules/token');
function updateRole (req, res, next) {
Token.verifyThen(req.get('authorization'), 'super', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var RoleEvents = new EventEmitter();
var id = req.params.id;
var data = req.body;
RoleEvents.once('updateRole', (err, result) => {
if (err) {
res.status(500).json({message: 'Could not update role id ' + id, err: err});
}
if (result) {
res.status(200).json(result);
}
});
RoleModel.updateRole(RoleEvents, id, data);
});
}
Router.route('/')
.post((req, res, next) => {
Token.verifyThen(req.get('authorization'), 'super', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var RoleEvents = new EventEmitter();
var role = req.body;
RoleEvents.once('createRole', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not create role', err: err });
}
if (result) {
res.status(200).json(result);
}
});
RoleModel.createRole(RoleEvents, role);
});
});
Router.route('/search/:find?')
.get((req, res, next) => {
Token.verifyThen(req.get('authorization'), 'super', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var RoleEvents = new EventEmitter();
// Process parameters
var find = req.params.find ? decodeURIComponent(req.params.find) : false;
if (find) {
find = {
'name': new RegExp(find, 'i')
};
}
// Setup query object
var query = {
find: find || (req.query.find ? JSON.parse(decodeURIComponent(req.query.find)) : {}),
select: req.query.select ? decodeURIComponent(req.query.select) : null,
options: {
limit: req.query.limit ? parseInt(req.query.limit) : 0,
skip: req.query.ski ? parseInt(req.query.skip) : 0,
sort: req.query.sort ? JSON.parse(decodeURIComponent(req.query.sort)) : { 'value': 1 }
}
};
RoleEvents.once('getRoles', (err, result) => {
if (err) {
res.status(500).json({ message: 'There was an error performing the role search', err: err });
}
if (result) {
res.status(200).json(result);
}
});
RoleModel.getRoles(RoleEvents, query);
});
});
Router.route('/:id?')
.get( (req, res, next) => {
Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var RoleEvents = new EventEmitter();
var id = req.params.id || false;
var method = id ? 'getRole' : 'getRoles';
RoleEvents.once(method, (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not get role' + (id ? '' : 's'), err: err });
}
if (result) {
res.status(200).json(result);
}
});
RoleModel[method](RoleEvents, id || null);
});
})
.put( updateRole )
.patch( updateRole )
.delete( (req, res, next) => {
Token.verifyThen(req.get('authorization'), 'super', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var RoleEvents = new EventEmitter();
var id = req.params.id;
RoleEvents.once('deleteRole', (err, result) => {
if (err) {
res.status(500).json({message: 'Could not delete role id ' + id, err: err});
}
if (result) {
res.status(204).json({});
}
});
RoleModel.deleteRole(RoleEvents, id);
});
});
module.exports = Router;

312
routes/users.js Normal file
View File

@@ -0,0 +1,312 @@
var EventEmitter = require('events');
var Express = require('express');
var Router = Express.Router();
var Token = require('../modules/token');
var UserModel = require('../models/user');
function updateUser (req, res, next) {
Token.verifyThen(req.get('authorization'), ['view', 'super'], (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var UserEvents = new EventEmitter();
var id = req.params.id;
var data = req.body;
if (id === decoded.data.uid || decoded.canElevate) {
if (!decoded.canElevate) {
delete data.permission;
}
UserEvents.once('updateUser', (err, result) => {
if (err) {
res.status(500).json({message: 'Could not update user id ' + id, err: err});
}
if (result) {
res.status(200).json(result);
}
});
UserModel.updateUser(UserEvents, id, data);
} else {
res.status(403).json({ message: 'User not authorized to perform this action.' });
}
});
}
function updateUserSetting (req, res, next) {
console.log('[UsersRoute::updateUserSetting]');
console.log('req.params: ', req.params);
console.log('req.body: ', req.body);
Token.verifyThen(req.get('authorization'), 'viewPublicDetails', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var UserEvents = new EventEmitter();
var userId = req.params.userId;
var settingsId = req.params.settingsId;
var data = req.body;
UserEvents.once('updateUserSetting', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not update setting' + (data.key ? ' key:' + data.key : 's') + ' for user ' + (userId ? userId : ''), err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.updateUserSetting(UserEvents, userId, settingsId, data);
});
}
Router.route('/')
.post((req, res, next) => {
Token.verifyThen(req.get('authorization'), 'manageUsers', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var UserEvents = new EventEmitter();
var user = req.body;
UserEvents.once('createUser', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not create user', err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.createUser(UserEvents, user);
});
});
Router.route('/search/:find?')
.get((req, res, next) => {
Token.verifyThen(req.get('authorization'), 'manageUsers', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var UserEvents = new EventEmitter();
// Process parameters
var find = req.params.find ? decodeURIComponent(req.params.find) : false;
if (find) {
find = {
'userName': new RegExp(find, 'i'),
'name.last': new RegExp(find, 'i'),
'name.first': new RegExp(find, 'i'),
'email': new RegExp(find, 'i')
};
}
// Setup query object
var query = {
find: find || (req.query.find ? JSON.parse(decodeURIComponent(req.query.find)) : {}),
select: req.query.select ? decodeURIComponent(req.query.select) : null,
options: {
limit: req.query.limit ? parseInt(req.query.limit) : 0,
skip: req.query.ski ? parseInt(req.query.skip) : 0,
sort: req.query.sort ? JSON.parse(decodeURIComponent(req.query.sort)) : { 'userName': 1 }
}
};
UserEvents.once('getUsers', (err, result) => {
if (err) {
res.status(500).json({ message: 'There was an error performing the user search', err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.getUsers(UserEvents, query);
});
});
Router.route('/validate/:username?')
.get((req, res) => {
Token.verifyThen(req.get('authorization'), 'viewPublicDetails', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var UserEvents = new EventEmitter();
var username = req.params.username || '';
if (username && username.length >= 4) {
UserEvents.once('isUserNameUnique', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not validate username: ' + username, err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.isUserNameUnique(UserEvents, username);
} else {
res.status(200).json({ unique: null, length: false });
}
});
});
Router.route('/force-password-reset/:id')
.post( (req, res, next) => {
Token.verifyThen(req.get('authorization'), 'manageUsers', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var UserEvents = new EventEmitter();
var id = req.params.id;
UserEvents.once('forcePasswordReset', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not force password reset for the user', err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.forcePasswordReset(UserEvents, id);
});
});
Router.route('/:id/settings/:key?')
.get( (req, res, next) => {
Token.verifyThen(req.get('authorization'), 'viewPublicDetails', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var UserEvents = new EventEmitter();
var id = req.params.id;
var key = req.params.key || false;
var method = key ? 'getUserSetting' : 'getUserSettings';
UserEvents.once(method, (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not get setting' + (key ? ' key:' + key : 's') + ' for user ' + (id ? id : ''), err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel[method](UserEvents, id, key);
});
});
Router.route('/:userId/settings/:settingsId?')
.patch( updateUserSetting )
.post( (req, res, next) => {
Token.verifyThen(req.get('authorization'), 'viewPublicDetails', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var UserEvents = new EventEmitter();
var userId = req.params.userId;
var data = req.body;
UserEvents.once('createUserSetting', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not create setting' + (data.key ? ' key:' + data.key : 's') + ' for user ' + (userId ? userId : ''), err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.createUserSetting(UserEvents, userId, data);
});
})
.put( updateUserSetting );
Router.route('/:id?')
.get( (req, res, next) => {
Token.verifyThen(req.get('authorization'), ['viewPublicDetails', 'manageUsers'], (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action. ' + err, err: err });
return;
}
var UserEvents = new EventEmitter();
var id = req.params.id || false;
var method = id ? 'getUser' : 'getUsers';
if ((id === decoded.data.uid && method === 'getUser') || decoded.canElevate) {
UserEvents.once(method, (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not get user' + (id ? '' : 's'), err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel[method](UserEvents, id || false, !decoded.canElevate);
} else {
res.status(403).json({ message: 'User not authorized to perform this action.' });
}
});
})
.put( updateUser )
.patch( updateUser )
.delete( (req, res, next) => {
Token.verifyThen(req.get('authorization'), 'manageUsers', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var UserEvents = new EventEmitter();
var id = req.params.id;
if (id === decoded.data.uid) {
res.status(403).json({ message: 'You cannot delete yourself. Surely it isn\'t that bad?!' });
return;
}
UserEvents.once('deleteUser', (err, result) => {
if (err) {
res.status(500).json({message: 'Could not delete user id ' + id, err: err});
}
if (result) {
res.status(204).json({});
}
});
UserModel.deleteUser(UserEvents, id);
});
});
module.exports = Router;