christmas/routes/adminSettings/index.js

156 lines
5.4 KiB
JavaScript
Raw Normal View History

2020-11-08 13:54:08 -08:00
const verifyAuth = require('../../middlewares/verifyAuth')
const express = require('express')
2020-10-29 20:50:36 -07:00
const { nanoid } = require('nanoid')
2020-10-30 08:15:00 -07:00
const SECRET_TOKEN_LENGTH = 32
const SECRET_TOKEN_LIFETIME =
2020-10-29 20:50:36 -07:00
// One week, approximately. Doesn't need to be perfect.
2020-11-08 13:54:08 -08:00
1000 * // milliseconds
60 * // seconds
60 * // minutes
24 * // hours
7 // days
2018-11-20 11:19:58 -08:00
module.exports = (db) => {
2020-11-08 13:54:08 -08:00
const router = express.Router()
2018-11-20 11:19:58 -08:00
router.get('/', verifyAuth(), (req, res) => {
2020-11-08 13:54:08 -08:00
if (!req.user.admin) return res.redirect('/')
2018-11-20 11:19:58 -08:00
db.allDocs({ include_docs: true })
.then(docs => {
res.render('adminSettings', { title: 'Admin Settings', users: docs.rows })
})
2020-11-08 13:54:08 -08:00
.catch(err => { throw err })
})
2018-11-20 11:19:58 -08:00
router.post('/add', verifyAuth(), async (req, res) => {
2020-11-08 13:54:08 -08:00
if (!req.user.admin) return res.redirect('/')
2020-10-29 20:50:36 -07:00
await db.put({
_id: req.body.newUserUsername.trim(),
admin: false,
wishlist: [],
2020-10-30 08:15:00 -07:00
signupToken: nanoid(SECRET_TOKEN_LENGTH),
expiry: new Date().getTime() + SECRET_TOKEN_LIFETIME
2020-11-08 13:54:08 -08:00
})
2020-10-29 20:50:36 -07:00
res.redirect(`/admin-settings/edit/${req.body.newUserUsername.trim()}`)
2020-11-08 13:54:08 -08:00
})
2018-11-20 11:19:58 -08:00
2020-10-29 20:50:36 -07:00
router.get('/edit/:userToEdit', verifyAuth(), async (req, res) => {
2020-11-08 13:54:08 -08:00
if (!req.user.admin) return res.redirect('/')
2020-10-29 20:50:36 -07:00
const doc = await db.get(req.params.userToEdit)
delete doc.password
2020-11-08 13:54:08 -08:00
res.render('admin-user-edit', { user: doc })
})
2018-11-20 11:19:58 -08:00
2020-10-29 20:50:36 -07:00
router.post('/edit/refresh-signup-token/:userToEdit', verifyAuth(), async (req, res) => {
2020-11-08 13:54:08 -08:00
if (!req.user.admin) return res.redirect('/')
2020-10-29 20:50:36 -07:00
const doc = await db.get(req.params.userToEdit)
2020-10-30 08:15:00 -07:00
doc.signupToken = nanoid(SECRET_TOKEN_LENGTH)
doc.expiry = new Date().getTime() + SECRET_TOKEN_LIFETIME
await db.put(doc)
return res.redirect(`/admin-settings/edit/${req.params.userToEdit}`)
2020-11-08 13:54:08 -08:00
})
2020-10-30 08:15:00 -07:00
router.post('/edit/resetpw/:userToEdit', verifyAuth(), async (req, res) => {
2020-11-08 13:54:08 -08:00
if (!req.user.admin) return res.redirect('/')
2020-10-30 08:15:00 -07:00
const doc = await db.get(req.params.userToEdit)
doc.pwToken = nanoid(SECRET_TOKEN_LENGTH)
doc.pwExpiry = new Date().getTime() + SECRET_TOKEN_LIFETIME
await db.put(doc)
return res.redirect(`/admin-settings/edit/${req.params.userToEdit}`)
2020-11-08 13:54:08 -08:00
})
2020-10-30 08:15:00 -07:00
router.post('/edit/cancelresetpw/:userToEdit', verifyAuth(), async (req, res) => {
2020-11-08 13:54:08 -08:00
if (!req.user.admin) return res.redirect('/')
2020-10-30 08:15:00 -07:00
const doc = await db.get(req.params.userToEdit)
delete doc.pwToken
delete doc.pwExpiry
2020-10-29 20:50:36 -07:00
await db.put(doc)
return res.redirect(`/admin-settings/edit/${req.params.userToEdit}`)
2020-11-08 13:54:08 -08:00
})
2020-10-29 20:50:36 -07:00
router.post('/edit/rename/:userToRename', verifyAuth(), async (req, res) => {
if (!req.user.admin && req.user._id !== req.params.userToRename) return res.redirect('/')
if (!req.body.newUsername) {
req.flash('error', 'No username provided')
return res.redirect(`/admin-settings/edit/${req.params.userToRename}`)
}
if (req.body.newUsername === req.params.userToRename) {
req.flash('error', 'Username is same as new username.')
return res.redirect(`/admin-settings/edit/${req.params.userToRename}`)
}
const oldName = req.params.userToRename
const newName = req.body.newUsername
const userDoc = await db.get(oldName)
userDoc._id = newName
delete userDoc._rev
try {
await db.put(userDoc)
try {
const usersBulk = []
const users = (await db.allDocs({ include_docs: true })).rows
for (const { doc: user } of users) {
for (const item of user.wishlist) {
if (item.pledgedBy === oldName) item.pledgedBy = newName
if (item.addedBy === oldName) item.addedBy = newName
}
usersBulk.push(user)
}
await db.bulkDocs(usersBulk)
await db.remove(await db.get(oldName))
2020-11-08 13:54:08 -08:00
2020-10-29 20:50:36 -07:00
await req.flash('success', 'Renamed user!')
return res.redirect(`/wishlist/${newName}`)
} catch (error) {
console.log(error, error.stack)
await db.remove(await db.get(newName))
throw error
}
} catch (error) {
req.flash('error', error.message)
return res.redirect(`/admin-settings/edit/${oldName}`)
}
})
2020-11-03 17:25:20 -08:00
router.post('/edit/impersonate/:userToEdit', verifyAuth(), async (req, res) => {
2020-11-08 13:54:08 -08:00
if (!req.user.admin) return res.redirect('/')
2020-11-03 17:25:20 -08:00
req.login({ _id: req.params.userToEdit }, err => {
if (err) {
req.flash('error', err.message)
return res.redirect(`/admin-settings/edit/${req.params.userToEdit}`)
}
req.flash('success', `You are now ${req.params.userToEdit}.`)
res.redirect('/')
})
2020-11-08 13:54:08 -08:00
})
2020-11-03 17:25:20 -08:00
2020-10-29 20:50:36 -07:00
router.post('/edit/remove/:userToRemove', verifyAuth(), async (req, res) => {
2020-11-08 13:54:08 -08:00
if (!req.user.admin) return res.redirect('/')
const doc = await db.get(req.params.userToRemove)
2018-11-20 11:19:58 -08:00
if (doc.admin) {
2020-11-08 13:54:08 -08:00
req.flash('error', 'Failed to remove: user is admin.')
return res.redirect('/admin-settings')
2018-11-20 11:19:58 -08:00
}
2020-11-08 13:54:08 -08:00
await db.remove(doc)
const { rows } = await db.allDocs({ include_docs: true })
for (let i = 0; i < rows.length; i++) {
for (let j = 0; j < rows[i].doc.wishlist.length; j++) {
if (rows[i].doc.wishlist[j].pledgedBy === req.params.userToRemove) {
rows[i].doc.wishlist[j].pledgedBy = undefined
if (rows[i].doc.wishlist[j].addedBy === req.params.userToRemove) rows[i].doc.wishlist.splice(j, 1)
await db.put(rows[i].doc)
2018-11-20 11:19:58 -08:00
}
}
}
2020-11-08 13:54:08 -08:00
req.flash('success', `Successfully removed user ${req.params.userToRemove}`)
2018-11-20 11:19:58 -08:00
res.redirect('/admin-settings')
2020-11-08 13:54:08 -08:00
})
2018-11-20 11:19:58 -08:00
2020-11-08 13:54:08 -08:00
return router
}