266 lines
8.1 KiB
JavaScript
266 lines
8.1 KiB
JavaScript
|
"use strict";
|
||
|
|
||
|
var config = require('config');
|
||
|
require('../../models/schema');
|
||
|
|
||
|
var redis = require('../../helpers/redis');
|
||
|
var mailer = require('../../helpers/mailer');
|
||
|
|
||
|
var fs = require('fs');
|
||
|
var _ = require('underscore');
|
||
|
var crypto = require('crypto');
|
||
|
var bcrypt = require('bcrypt');
|
||
|
|
||
|
var express = require('express');
|
||
|
var router = express.Router();
|
||
|
var userMapping = { '_id': 1, 'nickname': 1, 'email': 1};
|
||
|
|
||
|
router.get('/:id', (req, res) => {
|
||
|
res.status(200).json(req.user.team);
|
||
|
});
|
||
|
|
||
|
router.put('/:id', (req, res) => {
|
||
|
var team = req.user.team;
|
||
|
if (!team) {
|
||
|
res.status(400).json({"error": "user in no team"});
|
||
|
} else {
|
||
|
var newAttr = req.body;
|
||
|
newAttr.updated_at = new Date();
|
||
|
delete newAttr['_id'];
|
||
|
|
||
|
if(newAttr['subdomain']) {
|
||
|
newAttr['subdomain'] = newAttr['subdomain'].toLowerCase();
|
||
|
}
|
||
|
const new_subdomain = newAttr['subdomain'];
|
||
|
var forbidden_subdomains = [];
|
||
|
|
||
|
function updateTeam() {
|
||
|
Team.findOneAndUpdate({"_id": team._id}, {"$set": newAttr}, {"new": true}, (err, team) => {
|
||
|
if (err) res.status(400).json(err);
|
||
|
else {
|
||
|
res.status(200).json(team);
|
||
|
}
|
||
|
});
|
||
|
}
|
||
|
|
||
|
var isForbidden = forbidden_subdomains.indexOf(new_subdomain) > -1;
|
||
|
if (isForbidden) {
|
||
|
res.bad_request("subdomain not valid");
|
||
|
} else {
|
||
|
if (new_subdomain) {
|
||
|
Team.findOne({"domain": new_subdomain}).exec((err, team) => {
|
||
|
if(team) {
|
||
|
res.bad_request("subdomain already used");
|
||
|
} else {
|
||
|
updateTeam()
|
||
|
}
|
||
|
});
|
||
|
} else {
|
||
|
updateTeam()
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
});
|
||
|
|
||
|
router.get('/:id/memberships', (req, res) => {
|
||
|
User
|
||
|
.find({team: req.user.team})
|
||
|
.populate("team")
|
||
|
.exec(function(err, users){
|
||
|
if (err) res.status(400).json(err);
|
||
|
else {
|
||
|
res.status(200).json(users);
|
||
|
}
|
||
|
});
|
||
|
});
|
||
|
|
||
|
router.post('/:id/memberships', (req, res, next) => {
|
||
|
if (req.body.email) {
|
||
|
const email = req.body.email.toLowerCase();
|
||
|
const team = req.user.team;
|
||
|
|
||
|
User.findOne({"email": email}).populate('team').exec((err, user) => {
|
||
|
if (user) {
|
||
|
const code = crypto.randomBytes(64).toString('hex').substring(0,7);
|
||
|
team.invitation_codes.push(code);
|
||
|
team.save((err) => {
|
||
|
if (err){ res.status(400).json(err); }
|
||
|
else {
|
||
|
mailer.sendMail(email, req.i18n.__("team_invite_membership_subject", team.name), req.i18n.__("team_invite_membership_body", team.name), { action: {
|
||
|
link: config.endpoint + "/teams/" + req.user.team._id + "/join?code=" + code,
|
||
|
name: req.i18n.__("team_invite_membership_action"),
|
||
|
teamname: team.name
|
||
|
}});
|
||
|
|
||
|
res.status(201).json(user);
|
||
|
}
|
||
|
});
|
||
|
|
||
|
} else {
|
||
|
// complete new user
|
||
|
const password = crypto.randomBytes(64).toString('hex').substring(0,7);
|
||
|
const confirmation_token = crypto.randomBytes(64).toString('hex').substring(0,7);
|
||
|
|
||
|
bcrypt.genSalt(10, (err, salt) => {
|
||
|
bcrypt.hash(password, salt, (err, hash) => {
|
||
|
crypto.randomBytes(16, (ex, buf) => {
|
||
|
const token = buf.toString('hex');
|
||
|
|
||
|
var u = new User({
|
||
|
email: email,
|
||
|
account_type: "email",
|
||
|
nickname: email,
|
||
|
team: team._id,
|
||
|
password_hash: hash,
|
||
|
payment_plan_key: team.payment_plan_key,
|
||
|
confirmation_token: confirmation_token,
|
||
|
preferences: {
|
||
|
language: req.i18n.locale
|
||
|
}
|
||
|
});
|
||
|
|
||
|
u.save((err) => {
|
||
|
if(err) res.sendStatus(400);
|
||
|
else {
|
||
|
var homeSpace = new Space({
|
||
|
name: req.i18n.__("home"),
|
||
|
space_type: "folder",
|
||
|
creator: u
|
||
|
});
|
||
|
|
||
|
homeSpace.save((err, homeSpace) => {
|
||
|
if (err) res.sendStatus(400);
|
||
|
else {
|
||
|
u.home_folder_id = homeSpace._id;
|
||
|
u.save((err) => {
|
||
|
|
||
|
User.find({"_id": {"$in": team.admins }}).exec((err, admins) => {
|
||
|
admins.forEach((admin) => {
|
||
|
var i18n = req.i18n;
|
||
|
if(admin.preferences && admin.preferences.language){
|
||
|
i18n.setLocale(admin.preferences.language || "en");
|
||
|
}
|
||
|
mailer.sendMail(admin.email, i18n.__("team_invite_membership_subject", team.name), i18n.__("team_invite_admin_body", email, team.name, password), { teamname: team.name });
|
||
|
});
|
||
|
});
|
||
|
|
||
|
mailer.sendMail(email, req.i18n.__("team_invite_membership_subject", team.name), req.i18n.__("team_invite_user_body", team.name, password), { action: {
|
||
|
link: config.endpoint + "/users/byteam/" + req.user.team._id + "/join?confirmation_token=" + confirmation_token,
|
||
|
name: req.i18n.__("team_invite_membership_action")
|
||
|
}, teamname: team.name });
|
||
|
|
||
|
if (err) res.status(400).json(err);
|
||
|
else{
|
||
|
res.status(201).json(u)
|
||
|
}
|
||
|
});
|
||
|
}
|
||
|
});
|
||
|
}
|
||
|
});
|
||
|
});
|
||
|
});
|
||
|
});
|
||
|
}
|
||
|
});
|
||
|
} else {
|
||
|
res.status(400).json({"error": "email missing"});
|
||
|
}
|
||
|
});
|
||
|
|
||
|
router.put('/:id/memberships/:user_id', (req, res) => {
|
||
|
User.findOne({_id: req.params.user_id}, (err,mem) => {
|
||
|
if (err) res.sendStatus(400);
|
||
|
else {
|
||
|
if(user.team._id == req.user.team._id){
|
||
|
user['team'] = req.user.team._id;
|
||
|
user.save((err) => {
|
||
|
res.sendStatus(204);
|
||
|
});
|
||
|
} else {
|
||
|
res.sendStatus(403);
|
||
|
}
|
||
|
}
|
||
|
});
|
||
|
});
|
||
|
|
||
|
router.get('/:id/memberships/:user_id/promote', (req, res) => {
|
||
|
User.findOne({_id: req.params.user_id}, (err,user) => {
|
||
|
if (err) res.sendStatus(400);
|
||
|
else {
|
||
|
if (user.team.toString() == req.user.team._id.toString()) {
|
||
|
var team = req.user.team;
|
||
|
var adminIndex = team.admins.indexOf(user._id);
|
||
|
|
||
|
if (adminIndex == -1) {
|
||
|
team.admins.push(user._id);
|
||
|
team.save((err, team) => {
|
||
|
res.status(204).json(team);
|
||
|
});
|
||
|
} else {
|
||
|
res.status(400).json({"error": "already admin"});
|
||
|
}
|
||
|
} else {
|
||
|
res.status(403).json({"error": "team id not correct"});
|
||
|
}
|
||
|
}
|
||
|
});
|
||
|
});
|
||
|
|
||
|
router.get('/:id/memberships/:user_id/demote', (req, res, next) => {
|
||
|
User.findOne({_id: req.params.user_id}, (err,user) => {
|
||
|
if (err) res.sendStatus(400);
|
||
|
else {
|
||
|
if (user.team.toString() == req.user.team._id.toString()) {
|
||
|
const team = req.user.team;
|
||
|
const adminIndex = team.admins.indexOf(user._id);
|
||
|
|
||
|
if(adminIndex > -1) {
|
||
|
team.admins.splice(adminIndex,1);
|
||
|
team.save((err, team) => {
|
||
|
res.status(204).json(team);
|
||
|
});
|
||
|
} else {
|
||
|
res.sendStatus(404);
|
||
|
}
|
||
|
} else {
|
||
|
res.sendStatus(403);
|
||
|
}
|
||
|
}
|
||
|
});
|
||
|
});
|
||
|
|
||
|
router.delete('/:id/memberships/:user_id', (req, res) => {
|
||
|
User.findOne({_id: req.params.user_id}).populate('team').exec((err,user) => {
|
||
|
if (err) res.sendStatus(400);
|
||
|
else {
|
||
|
const currentUserId = req.user._id.toString();
|
||
|
const team = req.user.team;
|
||
|
|
||
|
const isAdmin = (req.user.team.admins.filter( mem => {
|
||
|
return mem == currentUserId;
|
||
|
}).length == 1)
|
||
|
|
||
|
if (isAdmin) {
|
||
|
user.team = null;
|
||
|
user.payment_plan_key = "free";
|
||
|
user.save( err => {
|
||
|
const adminIndex = team.admins.indexOf(user._id);
|
||
|
if(adminIndex > -1) {
|
||
|
team.admins.splice(adminIndex,1);
|
||
|
team.save((err, team) => {
|
||
|
console.log("admin removed");
|
||
|
});
|
||
|
}
|
||
|
|
||
|
res.sendStatus(204);
|
||
|
});
|
||
|
} else {
|
||
|
res.status(403).json({"error": "not admin"});
|
||
|
}
|
||
|
}
|
||
|
});
|
||
|
});
|
||
|
|
||
|
module.exports = router;
|