"use strict"; const config = require('config'); require('../models/schema'); const redis = require('../helpers/redis'); const express = require('express'); const crypto = require('crypto'); const router = express.Router(); const mailer = require('../helpers/mailer'); const _ = require('underscore'); const qr = require('qr-image'); router.get('/', (req, res) => { res.render('index', { title: 'Spaces' }); }); router.get('/ping', (req, res) => { res.status(200).json({"status": "ok"}) }); router.get('/spaces', (req, res) => { res.render('spacedeck', { title: 'Spaces' }); }); router.get('/not_found', (req, res) => { res.render('not_found', { title: 'Spaces' }); }); router.get('/confirm/:token', (req, res) => { res.render('spacedeck', { title: 'Space' }); }); router.get('/folders/:id', (req, res) => { res.render('spacedeck', {}); }); router.get('/signup', (req, res) => { res.render('spacedeck', {}); }); router.get('/accept/:id', (req, res) => { res.render('spacedeck', {}); }); router.get('/password-reset', (req, res) => { res.render('spacedeck', { title: 'Signup' }); }); router.get('/password-confirm/:token', (req, res) => { res.render('spacedeck', { title: 'Signup' }); }); router.get('/team', (req, res) => { res.render('spacedeck'); }); router.get('/de/*', (req, res) => { res.redirect("/t/de"); }); router.get('/de', (req, res) => { res.redirect("/t/de"); }); router.get('/fr/*', (req, res) => { res.redirect("/t/fr"); }); router.get('/fr', (req, res) => { res.redirect("/t/fr"); }); router.get('/en/*', (req, res) => { res.redirect("/t/en"); }); router.get('/en', (req, res) => { res.redirect("/t/end"); }); router.get('/it', (req, res) => { res.redirect("/t/en"); }); router.get('/account', (req, res) => { res.render('spacedeck'); }); router.get('/login', (req, res) => { res.render('spacedeck'); }); router.get('/logout', (req, res) => { res.render('spacedeck'); }); router.get('/users/oauth2callback', (req, res) => { res.render('spacedeck'); }); router.get('/contact', (req, res) => { res.render('public/contact'); }); router.get('/about', (req, res) => { res.render('public/about'); }); router.get('/terms', (req, res) => { res.render('public/terms'); }); router.get('/privacy', (req, res) => { res.render('public/privacy'); }); router.get('/t/:id', (req, res) => { res.cookie('spacedeck_locale', req.params.id, { maxAge: 900000, httpOnly: true }); var path = "/"; if (req.query.r=="login" || req.query.r=="signup") { path = "/"+req.query.r; } res.redirect(path); }); router.get('/s/:token', (req, res) => { redis.rateLimit(req.real_ip, "token", function(ok) { if (ok) { var token = req.params.token; if (token.split("-").length > 0) { token = token.split("-")[0]; } Space.findOne({"edit_hash": token}).exec(function (err, space) { if (err) { res.status(404).render('not_found', { title: 'Page Not Found.' }); } else { if (space) { if(req.accepts('text/html')){ res.redirect("/spaces/"+space._id + "?spaceAuth=" + token); }else{ res.status(200).json(space); } } else { if(req.accepts('text/html')){ res.status(404).render('not_found', { title: 'Page Not Found.' }); } else { res.status(404).json({}); } } } }); } else { res.status(429).json({"error": "Too Many Requests"}); } }); }); router.get('/spaces/:id', (req, res) => { if (req.headers['user-agent']) { if (req.headers['user-agent'].match(/facebook/)) { Space.findOne({"_id": req.params.id }).exec(function (err, space) { if (err) { res.status(400).json(err); } else { if (space) { if (space.access_mode == "public") { Artifact.find({"space_id": req.params.id }).populate("creator").exec(function(err, artifacts) { space.artifacts = artifacts; res.render('facebook', { space: space }); }); } else { res.redirect("/?error=space_not_accessible"); } } else { res.render('not_found', { title: 'Spaces' }); } } }); } else { // not facebook, render javascript res.render('spacedeck', { title: 'Space' }); } } else res.render('spacedeck', { title: 'Space' }); }); router.get('/users/byteam/:team_id/join', (req, res) => { if (!req.user) { const q = {confirmation_token: req.query.confirmation_token, account_type: "email", team: req.params.team_id}; User.findOne(q, (err, user) => { if (err) { res.status(400).json({"error":"session.users"}); } else { if (user) { crypto.randomBytes(48, function(ex, buf) { const token = buf.toString('hex'); var session = { token: token, ip: req.ip, device: "web", created_at: new Date() }; if (!user.sessions) user.sessions = []; user.sessions.push(session); user.confirmed_at = new Date(); user.confirmation_token = null; user.save(function(err, result) { // FIXME const secure = process.env.NODE_ENV == "production" || process.env.NODE_ENV == "staging"; const domain = (process.env.NODE_ENV == "production") ? ".spacedeck.com" : ".spacedecklocal.de"; res.cookie('sdsession', token, { domain: domain, httpOnly: true, secure: secure}); res.redirect("/spaces"); }); }); } else { res.status(404).json({"error": "not found"}); } } }); } else { res.redirect("/spaces"); } }); router.get('/teams/:id/join', function(req, res, next) { if (req.user) { if (!req.user.team) { Team.findOne({"_id": req.params.id}, function(err, team) { if (team) { const idx = team.invitation_codes.indexOf(req.query.code); if (idx >= 0) { const u = req.user; u.team = team; if(!u.confirmed_at) { u.confirmed_at = new Date(); } u.payment_plan_key = team.payment_plan_key; u.save(function(err) { if (err) res.status(400).json(err); else { team.invitation_condes = team.invitation_codes.slice(idx); team.save(function(err) { team.invitation_codes = null; var finish = function(team, users) { User.find({"_id": {"$in": team.admins}}).exec((err, admins) => { if(admins) { admins.forEach((admin) => { mailer.sendMail( admin.email, req.i18n.__("team_new_member_subject", team.name), req.i18n.__("team_new_member_body", u.email, team.name) ); }); } }); } User.find({team: team}, function(err, users) { finish(team, users); res.redirect("/spaces"); }); }); } }); } else { res.redirect("/spaces?error=team_code_notfound"); } } else { res.redirect("/spaces?error=team_notfound"); } }); } else { res.redirect("/spaces?error=team_already"); } } else res.redirect("/login"); }); router.get('/qrcode/:id', function(req, res) { Space.findOne({"_id": req.params.id}).exec(function(err, space) { if (space) { const url = config.get("endpoint") + "/s/"+space.edit_hash; const code = qr.image(url, { type: 'svg' }); res.type('svg'); code.pipe(res); } else { res.status(404).json({ "error": "not_found" }); } }); }); module.exports = router;