spacedeck-open/routes/api/teams.js

"use strict";

var config = require('config');
require('../../models/schema');

var redis = require('../../helpers/redis');
var mailer = require('../../helpers/mailer');

var fs = require('fs');
var _ = require('underscore');
var crypto = require('crypto');
var bcrypt = require('bcryptjs');

var express = require('express');
var router = express.Router();
var userMapping = { '_id': 1, 'nickname': 1, 'email': 1};

router.get('/:id', (req, res) => {
  res.status(200).json(req.user.team);
});

router.put('/:id', (req, res) => {
  var team = req.user.team;
  if (!team) {
    res.status(400).json({"error": "user in no team"});
  } else {
    var newAttr = req.body;
    newAttr.updated_at = new Date();
    delete newAttr['_id'];

    if(newAttr['subdomain']) {
      newAttr['subdomain'] = newAttr['subdomain'].toLowerCase();
    }
    const new_subdomain = newAttr['subdomain'];
    var forbidden_subdomains = [];

    function updateTeam() {
      Team.findOneAndUpdate({"_id": team._id}, {"$set": newAttr}, {"new": true}, (err, team) => {
        if (err) res.status(400).json(err);
        else {
          res.status(200).json(team);
        }
      });  
    }
    
    var isForbidden = forbidden_subdomains.indexOf(new_subdomain) > -1;
    if (isForbidden) {
      res.bad_request("subdomain not valid");
    } else {
      if (new_subdomain) {
        Team.findOne({"domain": new_subdomain}).exec((err, team) => {
          if(team) {
            res.bad_request("subdomain already used");
          } else {
            updateTeam()
          }
        });
      } else {
        updateTeam()
      }
    }
  }
});

router.get('/:id/memberships', (req, res) => {
  User
    .find({team: req.user.team})
    .populate("team")
    .exec(function(err, users){
      if (err) res.status(400).json(err);
      else {
        res.status(200).json(users);
      }
    });
});

router.post('/:id/memberships', (req, res, next) => {
  if (req.body.email) {
    const email = req.body.email.toLowerCase();
    const team  = req.user.team;

    User.findOne({"email": email}).populate('team').exec((err, user) => {
      if (user) {
        const code = crypto.randomBytes(64).toString('hex').substring(0,7);
        team.invitation_codes.push(code);
        team.save((err) => {
          if (err){ res.status(400).json(err); }
          else {
            mailer.sendMail(email, req.i18n.__("team_invite_membership_subject", team.name), req.i18n.__("team_invite_membership_body", team.name), { action: {
              link: config.endpoint + "/teams/" + req.user.team._id + "/join?code=" + code,
              name: req.i18n.__("team_invite_membership_action"),
              teamname: team.name
            }});

            res.status(201).json(user);
          }
        });

      } else {
        // complete new user
        const password = crypto.randomBytes(64).toString('hex').substring(0,7);
        const confirmation_token = crypto.randomBytes(64).toString('hex').substring(0,7);

        bcrypt.genSalt(10, (err, salt) => {
          bcrypt.hash(password, salt, (err, hash) => {
            crypto.randomBytes(16, (ex, buf) => {
              const token = buf.toString('hex');

              var u = new User({
                email: email,
                account_type: "email",
                nickname: email,
                team: team._id,
                password_hash: hash,
                payment_plan_key: team.payment_plan_key,
                confirmation_token: confirmation_token,
                preferences: {
                  language: req.i18n.locale
                }
              });

              u.save((err) => {
                if(err) res.sendStatus(400);
                else {
                  var homeSpace = new Space({
                    name: req.i18n.__("home"),
                    space_type: "folder",
                    creator: u
                  });

                  homeSpace.save((err, homeSpace) => {
                    if (err) res.sendStatus(400);
                    else {
                      u.home_folder_id = homeSpace._id;
                      u.save((err) => {

                        User.find({"_id": {"$in": team.admins }}).exec((err, admins) => {
                          admins.forEach((admin) => {
                            var i18n = req.i18n;
                            if(admin.preferences && admin.preferences.language){
                              i18n.setLocale(admin.preferences.language || "en");
                            }
                            mailer.sendMail(admin.email, i18n.__("team_invite_membership_subject", team.name), i18n.__("team_invite_admin_body",  email, team.name, password), { teamname: team.name });
                          });
                        });

                        mailer.sendMail(email, req.i18n.__("team_invite_membership_subject", team.name), req.i18n.__("team_invite_user_body", team.name, password), { action: {
                          link: config.endpoint + "/users/byteam/" + req.user.team._id + "/join?confirmation_token=" + confirmation_token,
                          name: req.i18n.__("team_invite_membership_action")
                        }, teamname: team.name });

                        if (err) res.status(400).json(err);
                        else{
                          res.status(201).json(u)
                        }
                      });
                    }
                  });
                }
              });
            });
          });    
        });
      }
    });
  } else {
    res.status(400).json({"error": "email missing"});
  }
});

router.put('/:id/memberships/:user_id', (req, res) => {
  User.findOne({_id: req.params.user_id}, (err,mem) => {
    if (err) res.sendStatus(400);
    else {
      if(user.team._id == req.user.team._id){
        user['team'] = req.user.team._id;
        user.save((err) => {
          res.sendStatus(204);
        });
      } else {
        res.sendStatus(403);
      }
    }
  });
});

router.get('/:id/memberships/:user_id/promote', (req, res) => {
  User.findOne({_id: req.params.user_id}, (err,user) => {
    if (err) res.sendStatus(400);
    else {
      if (user.team.toString() == req.user.team._id.toString()) {
        var team = req.user.team;
        var adminIndex = team.admins.indexOf(user._id);

        if (adminIndex == -1) {
          team.admins.push(user._id);
          team.save((err, team) => {
            res.status(204).json(team);
          });
        } else {
          res.status(400).json({"error": "already admin"});
        }
      } else {
        res.status(403).json({"error": "team id not correct"});
      }
    }
  });
});

router.get('/:id/memberships/:user_id/demote', (req, res, next) => {
  User.findOne({_id: req.params.user_id}, (err,user) => {
    if (err) res.sendStatus(400);
    else {
      if (user.team.toString() == req.user.team._id.toString()) {
        const team = req.user.team;
        const adminIndex = team.admins.indexOf(user._id);

        if(adminIndex > -1) {
          team.admins.splice(adminIndex,1);
          team.save((err, team) => {
            res.status(204).json(team);
          });
        } else {
          res.sendStatus(404);
        }
      } else {
        res.sendStatus(403);
      }
    }
  });
});

router.delete('/:id/memberships/:user_id', (req, res) => {
  User.findOne({_id: req.params.user_id}).populate('team').exec((err,user) => {
    if (err) res.sendStatus(400);
    else {
      const currentUserId = req.user._id.toString();
      const team = req.user.team;

      const isAdmin = (req.user.team.admins.filter( mem => { 
        return mem == currentUserId; 
      }).length == 1)
      
      if (isAdmin) {
        user.team = null;
        user.payment_plan_key = "free";
        user.save( err => {
          const adminIndex = team.admins.indexOf(user._id);
          if(adminIndex > -1) {
            team.admins.splice(adminIndex,1);
            team.save((err, team) => {
              console.log("admin removed");
            });
          }

          res.sendStatus(204);
        });
      } else {
        res.status(403).json({"error": "not admin"});
      }
    }
  });
});

module.exports = router;
initial commit. 2017-04-07 01:29:05 +02:00			`"use strict";`

			`var config = require('config');`
			`require('../../models/schema');`

			`var redis = require('../../helpers/redis');`
			`var mailer = require('../../helpers/mailer');`

			`var fs = require('fs');`
			`var _ = require('underscore');`
			`var crypto = require('crypto');`
update packages 2017-04-07 10:39:35 +02:00			`var bcrypt = require('bcryptjs');`
initial commit. 2017-04-07 01:29:05 +02:00
			`var express = require('express');`
			`var router = express.Router();`
			`var userMapping = { '_id': 1, 'nickname': 1, 'email': 1};`

			`router.get('/:id', (req, res) => {`
			`res.status(200).json(req.user.team);`
			`});`

			`router.put('/:id', (req, res) => {`
			`var team = req.user.team;`
			`if (!team) {`
			`res.status(400).json({"error": "user in no team"});`
			`} else {`
			`var newAttr = req.body;`
			`newAttr.updated_at = new Date();`
			`delete newAttr['_id'];`

			`if(newAttr['subdomain']) {`
			`newAttr['subdomain'] = newAttr['subdomain'].toLowerCase();`
			`}`
			`const new_subdomain = newAttr['subdomain'];`
			`var forbidden_subdomains = [];`

			`function updateTeam() {`
			`Team.findOneAndUpdate({"_id": team._id}, {"$set": newAttr}, {"new": true}, (err, team) => {`
			`if (err) res.status(400).json(err);`
			`else {`
			`res.status(200).json(team);`
			`}`
			`});`
			`}`

			`var isForbidden = forbidden_subdomains.indexOf(new_subdomain) > -1;`
			`if (isForbidden) {`
			`res.bad_request("subdomain not valid");`
			`} else {`
			`if (new_subdomain) {`
			`Team.findOne({"domain": new_subdomain}).exec((err, team) => {`
			`if(team) {`
			`res.bad_request("subdomain already used");`
			`} else {`
			`updateTeam()`
			`}`
			`});`
			`} else {`
			`updateTeam()`
			`}`
			`}`
			`}`
			`});`

			`router.get('/:id/memberships', (req, res) => {`
			`User`
			`.find({team: req.user.team})`
			`.populate("team")`
			`.exec(function(err, users){`
			`if (err) res.status(400).json(err);`
			`else {`
			`res.status(200).json(users);`
			`}`
			`});`
			`});`

			`router.post('/:id/memberships', (req, res, next) => {`
			`if (req.body.email) {`
			`const email = req.body.email.toLowerCase();`
			`const team = req.user.team;`

			`User.findOne({"email": email}).populate('team').exec((err, user) => {`
			`if (user) {`
			`const code = crypto.randomBytes(64).toString('hex').substring(0,7);`
			`team.invitation_codes.push(code);`
			`team.save((err) => {`
			`if (err){ res.status(400).json(err); }`
			`else {`
			`mailer.sendMail(email, req.i18n.__("team_invite_membership_subject", team.name), req.i18n.__("team_invite_membership_body", team.name), { action: {`
			`link: config.endpoint + "/teams/" + req.user.team._id + "/join?code=" + code,`
			`name: req.i18n.__("team_invite_membership_action"),`
			`teamname: team.name`
			`}});`

			`res.status(201).json(user);`
			`}`
			`});`

			`} else {`
			`// complete new user`
			`const password = crypto.randomBytes(64).toString('hex').substring(0,7);`
			`const confirmation_token = crypto.randomBytes(64).toString('hex').substring(0,7);`

			`bcrypt.genSalt(10, (err, salt) => {`
			`bcrypt.hash(password, salt, (err, hash) => {`
			`crypto.randomBytes(16, (ex, buf) => {`
			`const token = buf.toString('hex');`

			`var u = new User({`
			`email: email,`
			`account_type: "email",`
			`nickname: email,`
			`team: team._id,`
			`password_hash: hash,`
			`payment_plan_key: team.payment_plan_key,`
			`confirmation_token: confirmation_token,`
			`preferences: {`
			`language: req.i18n.locale`
			`}`
			`});`

			`u.save((err) => {`
			`if(err) res.sendStatus(400);`
			`else {`
			`var homeSpace = new Space({`
			`name: req.i18n.__("home"),`
			`space_type: "folder",`
			`creator: u`
			`});`

			`homeSpace.save((err, homeSpace) => {`
			`if (err) res.sendStatus(400);`
			`else {`
			`u.home_folder_id = homeSpace._id;`
			`u.save((err) => {`

			`User.find({"_id": {"$in": team.admins }}).exec((err, admins) => {`
			`admins.forEach((admin) => {`
			`var i18n = req.i18n;`
			`if(admin.preferences && admin.preferences.language){`
			`i18n.setLocale(admin.preferences.language \|\| "en");`
			`}`
			`mailer.sendMail(admin.email, i18n.__("team_invite_membership_subject", team.name), i18n.__("team_invite_admin_body", email, team.name, password), { teamname: team.name });`
			`});`
			`});`

			`mailer.sendMail(email, req.i18n.__("team_invite_membership_subject", team.name), req.i18n.__("team_invite_user_body", team.name, password), { action: {`
			`link: config.endpoint + "/users/byteam/" + req.user.team._id + "/join?confirmation_token=" + confirmation_token,`
			`name: req.i18n.__("team_invite_membership_action")`
			`}, teamname: team.name });`

			`if (err) res.status(400).json(err);`
			`else{`
			`res.status(201).json(u)`
			`}`
			`});`
			`}`
			`});`
			`}`
			`});`
			`});`
			`});`
			`});`
			`}`
			`});`
			`} else {`
			`res.status(400).json({"error": "email missing"});`
			`}`
			`});`

			`router.put('/:id/memberships/:user_id', (req, res) => {`
			`User.findOne({_id: req.params.user_id}, (err,mem) => {`
			`if (err) res.sendStatus(400);`
			`else {`
			`if(user.team._id == req.user.team._id){`
			`user['team'] = req.user.team._id;`
			`user.save((err) => {`
			`res.sendStatus(204);`
			`});`
			`} else {`
			`res.sendStatus(403);`
			`}`
			`}`
			`});`
			`});`

			`router.get('/:id/memberships/:user_id/promote', (req, res) => {`
			`User.findOne({_id: req.params.user_id}, (err,user) => {`
			`if (err) res.sendStatus(400);`
			`else {`
			`if (user.team.toString() == req.user.team._id.toString()) {`
			`var team = req.user.team;`
			`var adminIndex = team.admins.indexOf(user._id);`

			`if (adminIndex == -1) {`
			`team.admins.push(user._id);`
			`team.save((err, team) => {`
			`res.status(204).json(team);`
			`});`
			`} else {`
			`res.status(400).json({"error": "already admin"});`
			`}`
			`} else {`
			`res.status(403).json({"error": "team id not correct"});`
			`}`
			`}`
			`});`
			`});`

			`router.get('/:id/memberships/:user_id/demote', (req, res, next) => {`
			`User.findOne({_id: req.params.user_id}, (err,user) => {`
			`if (err) res.sendStatus(400);`
			`else {`
			`if (user.team.toString() == req.user.team._id.toString()) {`
			`const team = req.user.team;`
			`const adminIndex = team.admins.indexOf(user._id);`

			`if(adminIndex > -1) {`
			`team.admins.splice(adminIndex,1);`
			`team.save((err, team) => {`
			`res.status(204).json(team);`
			`});`
			`} else {`
			`res.sendStatus(404);`
			`}`
			`} else {`
			`res.sendStatus(403);`
			`}`
			`}`
			`});`
			`});`

			`router.delete('/:id/memberships/:user_id', (req, res) => {`
			`User.findOne({_id: req.params.user_id}).populate('team').exec((err,user) => {`
			`if (err) res.sendStatus(400);`
			`else {`
			`const currentUserId = req.user._id.toString();`
			`const team = req.user.team;`

			`const isAdmin = (req.user.team.admins.filter( mem => {`
			`return mem == currentUserId;`
			`}).length == 1)`

			`if (isAdmin) {`
			`user.team = null;`
			`user.payment_plan_key = "free";`
			`user.save( err => {`
			`const adminIndex = team.admins.indexOf(user._id);`
			`if(adminIndex > -1) {`
			`team.admins.splice(adminIndex,1);`
			`team.save((err, team) => {`
			`console.log("admin removed");`
			`});`
			`}`

			`res.sendStatus(204);`
			`});`
			`} else {`
			`res.status(403).json({"error": "not admin"});`
			`}`
			`}`
			`});`
			`});`

			`module.exports = router;`