Trang chủ Khám phá Trợ giúp
Đăng nhập
mirrors
/
wikijs
mirror of https://github.com/Requarks/wiki.git
2
0
Fork 0
Các tập tin Các vấn đề 0 Wiki
Tree: c6853a0315
Branches Tags
wikijs
/
controllers
/
admin.js

admin.js 6.1 KB
Lịch sử Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224 
  1. 'use strict'
    2. 

  2. 

  3. var express = require('express')
    4. 

  4. var router = express.Router()
    5. 

  5. const Promise = require('bluebird')
    6. 

  6. const validator = require('validator')
    7. 

  7. const _ = require('lodash')
    8. 

  8. 

  9. /**
    10. 

  10.  * Admin
    11. 

  11.  */
    12. 

  12. router.get('/', (req, res) => {
    13. 

  13.   res.redirect('/admin/profile')
    14. 

  14. })
    15. 

  15. 

  16. router.get('/profile', (req, res) => {
    17. 

  17.   if (res.locals.isGuest) {
    18. 

  18.     return res.render('error-forbidden')
    19. 

  19.   }
    20. 

  20. 

  21.   res.render('pages/admin/profile', { adminTab: 'profile' })
    22. 

  22. })
    23. 

  23. 

  24. router.post('/profile', (req, res) => {
    25. 

  25.   if (res.locals.isGuest) {
    26. 

  26.     return res.render('error-forbidden')
    27. 

  27.   }
    28. 

  28. 

  29.   return db.User.findById(req.user.id).then((usr) => {
    30. 

  30.     usr.name = _.trim(req.body.name)
    31. 

  31.     if (usr.provider === 'local' && req.body.password !== '********') {
    32. 

  32.       let nPwd = _.trim(req.body.password)
    33. 

  33.       if (nPwd.length < 6) {
    34. 

  34.         return Promise.reject(new Error('New Password too short!'))
    35. 

  35.       } else {
    36. 

  36.         return db.User.hashPassword(nPwd).then((pwd) => {
    37. 

  37.           usr.password = pwd
    38. 

  38.           return usr.save()
    39. 

  39.         })
    40. 

  40.       }
    41. 

  41.     } else {
    42. 

  42.       return usr.save()
    43. 

  43.     }
    44. 

  44.   }).then(() => {
    45. 

  45.     return res.json({ msg: 'OK' })
    46. 

  46.   }).catch((err) => {
    47. 

  47.     res.status(400).json({ msg: err.message })
    48. 

  48.   })
    49. 

  49. })
    50. 

  50. 

  51. router.get('/stats', (req, res) => {
    52. 

  52.   if (res.locals.isGuest) {
    53. 

  53.     return res.render('error-forbidden')
    54. 

  54.   }
    55. 

  55. 

  56.   Promise.all([
    57. 

  57.     db.Entry.count(),
    58. 

  58.     db.UplFile.count(),
    59. 

  59.     db.User.count()
    60. 

  60.   ]).spread((totalEntries, totalUploads, totalUsers) => {
    61. 

  61.     return res.render('pages/admin/stats', {
    62. 

  62.       totalEntries, totalUploads, totalUsers, adminTab: 'stats'
    63. 

  63.     }) || true
    64. 

  64.   }).catch((err) => {
    65. 

  65.     throw err
    66. 

  66.   })
    67. 

  67. })
    68. 

  68. 

  69. router.get('/users', (req, res) => {
    70. 

  70.   if (!res.locals.rights.manage) {
    71. 

  71.     return res.render('error-forbidden')
    72. 

  72.   }
    73. 

  73. 

  74.   db.User.find({})
    75. 

  75.     .select('-password -rights')
    76. 

  76.     .sort('name email')
    77. 

  77.     .exec().then((usrs) => {
    78. 

  78.       res.render('pages/admin/users', { adminTab: 'users', usrs })
    79. 

  79.     })
    80. 

  80. })
    81. 

  81. 

  82. router.get('/users/:id', (req, res) => {
    83. 

  83.   if (!res.locals.rights.manage) {
    84. 

  84.     return res.render('error-forbidden')
    85. 

  85.   }
    86. 

  86. 

  87.   if (!validator.isMongoId(req.params.id)) {
    88. 

  88.     return res.render('error-forbidden')
    89. 

  89.   }
    90. 

  90. 

  91.   db.User.findById(req.params.id)
    92. 

  92.     .select('-password -providerId')
    93. 

  93.     .exec().then((usr) => {
    94. 

  94.       let usrOpts = {
    95. 

  95.         canChangeEmail: (usr.email !== 'guest' && usr.provider === 'local' && usr.email !== req.app.locals.appconfig.admin),
    96. 

  96.         canChangeName: (usr.email !== 'guest'),
    97. 

  97.         canChangePassword: (usr.email !== 'guest' && usr.provider === 'local'),
    98. 

  98.         canChangeRole: (usr.email !== 'guest' && !(usr.provider === 'local' && usr.email === req.app.locals.appconfig.admin)),
    99. 

  99.         canBeDeleted: (usr.email !== 'guest' && !(usr.provider === 'local' && usr.email === req.app.locals.appconfig.admin))
    100. 

  100.       }
    101. 

  101. 

  102.       res.render('pages/admin/users-edit', { adminTab: 'users', usr, usrOpts })
    103. 

  103.     })
    104. 

  104. })
    105. 

  105. 

  106. /**
    107. 

  107.  * Create / Authorize a new user
    108. 

  108.  */
    109. 

  109. router.post('/users/create', (req, res) => {
    110. 

  110.   if (!res.locals.rights.manage) {
    111. 

  111.     return res.status(401).json({ msg: 'Unauthorized' })
    112. 

  112.   }
    113. 

  113. 

  114.   let nUsr = {
    115. 

  115.     email: _.trim(req.body.email),
    116. 

  116.     provider: _.trim(req.body.provider),
    117. 

  117.     password: req.body.password,
    118. 

  118.     name: _.trim(req.body.name)
    119. 

  119.   }
    120. 

  120. 

  121.   if (!validator.isEmail(nUsr.email)) {
    122. 

  122.     return res.status(400).json({ msg: 'Invalid email address' })
    123. 

  123.   } else if (!validator.isIn(nUsr.provider, ['local', 'google', 'windowslive', 'facebook'])) {
    124. 

  124.     return res.status(400).json({ msg: 'Invalid provider' })
    125. 

  125.   } else if (nUsr.provider === 'local' && !validator.isLength(nUsr.password, { min: 6 })) {
    126. 

  126.     return res.status(400).json({ msg: 'Password too short or missing' })
    127. 

  127.   } else if (nUsr.provider === 'local' && !validator.isLength(nUsr.name, { min: 2 })) {
    128. 

  128.     return res.status(400).json({ msg: 'Name is missing' })
    129. 

  129.   }
    130. 

  130. 

  131.   db.User.findOne({ email: nUsr.email, provider: nUsr.provider }).then(exUsr => {
    132. 

  132.     if (exUsr) {
    133. 

  133.       return res.status(400).json({ msg: 'User already exists!' }) || true
    134. 

  134.     }
    135. 

  135. 

  136.     let pwdGen = (nUsr.provider === 'local') ? db.User.hashPassword(nUsr.password) : Promise.resolve(true)
    137. 

  137.     return pwdGen.then(nPwd => {
    138. 

  138.       if (nUsr.provider !== 'local') {
    139. 

  139.         nUsr.password = ''
    140. 

  140.         nUsr.name = '-- pending --'
    141. 

  141.       } else {
    142. 

  142.         nUsr.password = nPwd
    143. 

  143.       }
    144. 

  144. 

  145.       nUsr.rights = [{
    146. 

  146.         role: 'read',
    147. 

  147.         path: '/',
    148. 

  148.         exact: false,
    149. 

  149.         deny: false
    150. 

  150.       }]
    151. 

  151. 

  152.       return db.User.create(nUsr).then(() => {
    153. 

  153.         return res.json({ ok: true })
    154. 

  154.       })
    155. 

  155.     }).catch(err => {
    156. 

  156.       winston.warn(err)
    157. 

  157.       return res.status(500).json({ msg: err })
    158. 

  158.     })
    159. 

  159.   }).catch(err => {
    160. 

  160.     winston.warn(err)
    161. 

  161.     return res.status(500).json({ msg: err })
    162. 

  162.   })
    163. 

  163. })
    164. 

  164. 

  165. router.post('/users/:id', (req, res) => {
    166. 

  166.   if (!res.locals.rights.manage) {
    167. 

  167.     return res.status(401).json({ msg: 'Unauthorized' })
    168. 

  168.   }
    169. 

  169. 

  170.   if (!validator.isMongoId(req.params.id)) {
    171. 

  171.     return res.status(400).json({ msg: 'Invalid User ID' })
    172. 

  172.   }
    173. 

  173. 

  174.   return db.User.findById(req.params.id).then((usr) => {
    175. 

  175.     usr.name = _.trim(req.body.name)
    176. 

  176.     usr.rights = JSON.parse(req.body.rights)
    177. 

  177.     if (usr.provider === 'local' && req.body.password !== '********') {
    178. 

  178.       let nPwd = _.trim(req.body.password)
    179. 

  179.       if (nPwd.length < 6) {
    180. 

  180.         return Promise.reject(new Error('New Password too short!'))
    181. 

  181.       } else {
    182. 

  182.         return db.User.hashPassword(nPwd).then((pwd) => {
    183. 

  183.           usr.password = pwd
    184. 

  184.           return usr.save()
    185. 

  185.         })
    186. 

  186.       }
    187. 

  187.     } else {
    188. 

  188.       return usr.save()
    189. 

  189.     }
    190. 

  190.   }).then(() => {
    191. 

  191.     return res.json({ msg: 'OK' })
    192. 

  192.   }).catch((err) => {
    193. 

  193.     res.status(400).json({ msg: err.message })
    194. 

  194.   })
    195. 

  195. })
    196. 

  196. 

  197. /**
    198. 

  198.  * Delete / Deauthorize a user
    199. 

  199.  */
    200. 

  200. router.delete('/users/:id', (req, res) => {
    201. 

  201.   if (!res.locals.rights.manage) {
    202. 

  202.     return res.status(401).json({ msg: 'Unauthorized' })
    203. 

  203.   }
    204. 

  204. 

  205.   if (!validator.isMongoId(req.params.id)) {
    206. 

  206.     return res.status(400).json({ msg: 'Invalid User ID' })
    207. 

  207.   }
    208. 

  208. 

  209.   return db.User.findByIdAndRemove(req.params.id).then(() => {
    210. 

  210.     return res.json({ msg: 'OK' })
    211. 

  211.   }).catch((err) => {
    212. 

  212.     res.status(500).json({ msg: err.message })
    213. 

  213.   })
    214. 

  214. })
    215. 

  215. 

  216. router.get('/settings', (req, res) => {
    217. 

  217.   if (!res.locals.rights.manage) {
    218. 

  218.     return res.render('error-forbidden')
    219. 

  219.   }
    220. 

  220. 

  221.   res.render('pages/admin/settings', { adminTab: 'settings' })
    222. 

  222. })
    223. 

  223. 

  224. module.exports = router
    225.