Domů Procházet Nápověda
Registrovat se Přihlásit se
alancnet
/
rss-unlimited
1
0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Větev: master
Větve Značky
rss-unlimited
/
server
/
server.js

server.js 4.3 KB
Trvalý odkaz Historie Surový

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150 
  1. const app = require('./app')
    2. 

  2. const db = require('./db')
    3. 

  3. const log = require('./log')
    4. 

  4. const { hashPassword, genSeed, genKey, authorize, createToken } = require('./security')
    5. 

  5. const { sendmail } = require('./mail')
    6. 

  6. const uuid = require('uuid/v4')
    7. 

  7. const { getRss } = require('./rss')
    8. 

  8. 

  9. app.post('/signup', async (req, res) => {
    10. 

  10.   if (!req.body.name) throw new Error('Missing name')
    11. 

  11.   if (!req.body.password) throw new Error('Missing password')
    12. 

  12.   if (!req.body.email) throw new Error('Missing email')
    13. 

  13.   const email = req.body.email.toLowerCase().trim()
    14. 

  14.   const existing = await db.users.get(email)
    15. 

  15.   if (existing && existing.confirmed) throw new Error('User already exists.')
    16. 

  16.   const seed = genSeed()
    17. 

  17.   const password = hashPassword({password: req.body.password, email, seed})
    18. 

  18.   const confirmKey = genKey()
    19. 

  19.   const user = {
    20. 

  20.     name: req.body.name,
    21. 

  21.     email: req.body.email,
    22. 

  22.     password,
    23. 

  23.     seed,
    24. 

  24.     ip: req.ip,
    25. 

  25.     confirmed: false,
    26. 

  26.     confirmKey,
    27. 

  27.     keyCreated: Date.now(),
    28. 

  28.     failCount: 0,
    29. 

  29.     created: Date.now()
    30. 

  30.   }
    31. 

  31. 

  32.   const mailResult = await sendmail({
    33. 

  33.     to: `${user.name} <${user.email}>`,
    34. 

  34.     from: `RSS Unlimited <noreply@rssunlimited.com>`,
    35. 

  35.     subject: `Please verify your email address.`,
    36. 

  36.     text: `Enter the following code to confirm your email address on RSSUnlimited.com:\n\n${confirmKey}`
    37. 

  37.   })
    38. 

  38. 

  39.   await db.users.put(email, user)
    40. 

  40. 

  41.   log({
    42. 

  42.     type: 'user-created',
    43. 

  43.     user
    44. 

  44.   })
    45. 

  45. 

  46.   res.status(200).send({})
    47. 

  47. })
    48. 

  48. 

  49. app.post('/confirm', async (req, res) => {
    50. 

  50.   if (!req.body.confirmKey) throw new Error('Missing confirmKey')
    51. 

  51.   if (!req.body.email) throw new Error('Missing email')
    52. 

  52.   const email = req.body.email.toLowerCase().trim()
    53. 

  53.   const user = await db.users.get(email)
    54. 

  54.   if (user && !user.confirmed && user.confirmKey.toUpperCase() === req.body.confirmKey.toUpperCase().trim()) {
    55. 

  55.     user.confirmed = true
    56. 

  56.     db.users.put(email, user)
    57. 

  57.     res.status(200).send({
    58. 

  58.       token: createToken(user)
    59. 

  59.     })
    60. 

  60.   } else {
    61. 

  61.     res.status(400).send({
    62. 

  62.       error: 'Something went wrong :('
    63. 

  63.     })
    64. 

  64.   }
    65. 

  65. })
    66. 

  66. 

  67. app.post('/login', async (req, res) => {
    68. 

  68.   if (!req.body.password) throw new Error('Missing password')
    69. 

  69.   if (!req.body.email) throw new Error('Missing email')
    70. 

  70.   const email = req.body.email.toLowerCase().trim()
    71. 

  71.   const user = await db.users.get(email)
    72. 

  72.   if (user) {
    73. 

  73.     const password = hashPassword({
    74. 

  74.       password: req.body.password,
    75. 

  75.       seed: user.seed,
    76. 

  76.       email
    77. 

  77.     })
    78. 

  78.     if (password === user.password) {
    79. 

  79.       log({ type: 'login', user})
    80. 

  80.       res.status(200).send({
    81. 

  81.         token: createToken(user)
    82. 

  82.       })
    83. 

  83.       return
    84. 

  84.     }
    85. 

  85.   }
    86. 

  86.   res.status(400).send({
    87. 

  87.     error: 'Login failed'
    88. 

  88.   })
    89. 

  89. })
    90. 

  90. 

  91. app.post('/renew', authorize(), async (req, res) => {
    92. 

  92.   log({
    93. 

  93.     type: 'renew',
    94. 

  94.     user: req.identity
    95. 

  95.   })
    96. 

  96.   const identity = {...req.identity}
    97. 

  97.   delete identity.exp
    98. 

  98.   delete identity.iat
    99. 

  99.   res.status(200).send({
    100. 

  100.     token: createToken(identity)
    101. 

  101.   })
    102. 

  102. })
    103. 

  103. 

  104. app.post('/feeds', authorize(), async (req, res) => {
    105. 

  105.   if (!req.body.url) throw new Error('Missing url')
    106. 

  106.   const doc = await getRss(req.body.url)
    107. 

  107.   let title
    108. 

  108.   try {
    109. 

  109.     title = doc.rss.channel[0].title[0]
    110. 

  110.   } catch (err) {}
    111. 

  111.   if (!title) throw new Error('RSS has no channel or title.')
    112. 

  112.   const userFeeds = (await db.userFeeds.get(req.identity.email)) || []
    113. 

  113.   const feed = {
    114. 

  114.     id: uuid(),
    115. 

  115.     url: req.body.url,
    116. 

  116.     email: req.identity.email,
    117. 

  117.     title,
    118. 

  118.     confirmed: false,
    119. 

  119.     confirmKey: genKey({format: '[###-###-###-###]' }),
    120. 

  120.     created: Date.now()
    121. 

  121.   }
    122. 

  122.   userFeeds.push(feed.id)
    123. 

  123.   await db.userFeeds.put(req.identity.email, userFeeds)
    124. 

  124.   await db.feeds.put(feed.id, feed)
    125. 

  125.   res.status('200').send({
    126. 

  126.     id: feed.id
    127. 

  127.   })
    128. 

  128. })
    129. 

  129. 

  130. app.get('/feeds/:id', authorize(), async (req, res) => {
    131. 

  131.   const feed = await db.feeds.get(req.params.id)
    132. 

  132.   if (!feed) return res.status(404).send('Feed not found')
    133. 

  133.   if (feed.email !== req.identity.email) return res.status(403).send('This feed does not belong to you.')
    134. 

  134.   res.status(200).send(feed)
    135. 

  135. })
    136. 

  136. 

  137. app.patch('/feeds/:id', authorize(), async (req, res) => {
    138. 

  138.   const feed = await db.feeds.get(req.params.id)
    139. 

  139.   if (!feed) return res.status(404).send('Feed not found')
    140. 

  140.   if (feed.email !== req.identity.email) return res.status(403).send('This feed does not belong to you.')
    141. 

  141.   const allowedKeys = new Set([
    142. 

  142.     'title'
    143. 

  143.   ])
    144. 

  144.   Object.entries(req.body).forEach(([key, value]) => {
    145. 

  145.     if (allowedKeys.has(key)) feed[key] = value
    146. 

  146.   })
    147. 

  147.   await db.feeds.put(feed.id, feed)
    148. 

  148.   res.status(200).send(feed)
    149. 

  149. })
    150. 

  150. app.start()
    151.