freeplanet_serverside/src/server/router/users_router.js

const express = require('express');
const router = express.Router();

const { User } = require('../models/user');

// const { Nave } = require('../models/nave');
const Hours = require('../models/hours');
//const { NavePersistente } = require('../models/navepersistente');
//const { ListaIngresso } = require('../models/listaingresso');
//const { Graduatoria } = require('../models/graduatoria');
// const { ExtraList } = require('../models/extralist');
const { ObjectId } = require('mongodb');

const sendemail = require('../sendemail');

const { Settings } = require('../models/settings');
const CronMod = require('../modules/CronMod');

const { SendNotif } = require('../models/sendnotif');
const { MyElem } = require('../models/myelem');

const { MyBot } = require('../models/bot');

const tools = require('../tools/general');
const shared_consts = require('../tools/shared_nodejs');

const server_constants = require('../tools/server_constants');

const telegrambot = require('../telegram/telegrambot');

const _ = require('lodash');

const reg = require('../reg/registration');

const { authenticate, authenticate_noerror, authenticate_withUser } = require('../middleware/authenticate');

const Cart = require('../models/cart');
const CartClass = require('../modules/Cart');
const Product = require('../models/product');
const ProductInfo = require('../models/productInfo');
const CatProd = require('../models/catprod');
const SubCatProd = require('../models/subcatprod');
const Order = require('../models/order');
const OrdersCart = require('../models/orderscart');
const Variant = require('../models/variant');
const TypedError = require('../modules/ErrorHandler');

const { MyGroup } = require('../models/mygroup');
const { Circuit } = require('../models/circuit');
const { Province } = require('../models/province');
const { City } = require('../models/city');
const { Account } = require('../models/account');

const mongoose = require('mongoose').set('debug', false);

const Subscription = require('../models/subscribers');
const Macro = require('../modules/Macro');

async function existSubScribe(userId, access, browser) {
  try {
    const itemsub = await Subscription.findOne({ userId, access, browser }).lean();
    return itemsub;
  } catch (err) {
    return null;
  }
}

function getMobileComplete(user) {
  let str = user.profile.intcode_cell + user.profile.cell;
  str = str.replace(/\s+/g, '');
  // str = str.replace(/.+/g, '');
  // str = str.replace(/-+/g, '');

  return str;
}

router.post('/test1', async (req, res) => {
  const user = await User.findOne({
    idapp: 1,
    username: 'paoloar77',
  });

  await sendemail.sendEmail_Registration(user.lang, user.email, user, user.idapp, user.linkreg);
});

// POST /users
router.post('/', async (req, res) => {
  try {
    tools.mylog('POST /users');
    const body = _.pick(req.body, [
      'email',
      'password',
      'username',
      'group',
      'name',
      'surname',
      'idapp',
      'keyappid',
      'lang',
      'profile',
      'aportador_solidario',
    ]);
    body.email = body.email.toLowerCase();

    const user = new User(body);
    user.ipaddr = tools.getiPAddressUser(req);

    user.email = user.email.trim();
    user.username = user.username.trim();
    user.name = user.name.trim();
    user.surname = user.surname.trim();

    if (user.aportador_solidario === 'tuo_username' || user.aportador_solidario === '{username}') {
      user.aportador_solidario = 'surya1977';
    }

    // tools.mylog("LANG PASSATO = " + user.lang, "IDAPP", user.idapp);

    if (
      !tools.isAlphaNumericAndSpecialCharacter(body.username) ||
      body.email.length < 6 ||
      body.username.length < 4 ||
      body.password.length < 5
    ) {
      await tools.snooze(5000);
      console.log('Username non valido in Registrazione: ' + body.username);
      res.status(400).send({ code: server_constants.RIS_CODE_USERNAME_NOT_VALID, msg: '' });
      return 1;
    }

    if (tools.blockwords(body.username) || tools.blockwords(body.name) || tools.blockwords(body.surname)) {
      // tools.writeIPToBan(user.ipaddr + ': [' + user.username + '] ' + user.name + ' ' + user.surname);
      await tools.snooze(5000);
      return res.status(404).send();
    }

    user.linkreg = reg.getlinkregByEmail(body.idapp, body.email, body.username);
    user.verified_email = false;
    user.lasttimeonline = new Date();
    user.date_reg = new Date();
    user.aportador_iniziale = user.aportador_solidario;

    let regexpire = req.body['regexpire'];
    let nonchiedereverifica = false;
    if (regexpire) {
      nonchiedereverifica = await User.getifRegTokenIsValid(body.idapp, regexpire);
    }

    if (!nonchiedereverifica) regexpire = '';

    if (!tools.getAskToVerifyReg(body.idapp) || nonchiedereverifica) {
      // Se non devo chiedere di verificare all'Invitato, allora lo verifico direttamente
      user.verified_by_aportador = true;
    }

    /* if (user.idapp === tools.AYNI) {
      user.profile.paymenttypes = ['paypal'];
    } */

    // Controlla se anche l'ultimo record era dallo stesso IP:
    const lastrec = await User.getLastRec(body.idapp);
    if (!!lastrec) {
      if (process.env.LOCALE !== '1') {
        if (lastrec.ipaddr === user.ipaddr) {
          // Se l'ha fatto troppo ravvicinato
          if (lastrec.date_reg) {
            let ris = tools.isdiffSecDateLess(lastrec.date_reg, 3);
            if (ris) {
              const msg = user.ipaddr + ': [' + user.username + '] ' + user.name + ' ' + user.surname;
              tools.writeIPToBan(msg);

              await User.findOneAndUpdate({ _id: user._id }, { $set: { banIp: true } });

              await telegrambot.sendMsgTelegramToTheAdmin(body.idapp, '‼️ BAN: ' + msg, true);

              await tools.snooze(5000);
              res.status(400).send({ code: server_constants.RIS_CODE_BANIP, msg: '' });
              return 1;
            }
          }
        }
      }
    }

    // user.perm = 3;
    // if (tools.testing()) {
    //   user.verified_email = true;
    // }

    // if (user.profile.intcode_cell) {
    //   if (user.profile.cell.substring(0, user.profile.intcode_cell.length) === user.profile.intcode_cell) {
    //     user.profile.cell = user.profile.cell.substring(user.profile.intcode_cell.length)
    //   }
    // }
    let exit;

    let utentenonancoraVerificato = false;

    const trovarec = await User.findByCredentials(user.idapp, user.username, user.password, true);

    // Check if already esist email or username
    exit = await User.findByUsername(user.idapp, user.username).then((useralreadyexist) => {
      if (useralreadyexist) {
        if (tools.getAskToVerifyReg(useralreadyexist.idapp)) {
          if (!useralreadyexist.verified_by_aportador && useralreadyexist.profile.teleg_id > 0) {
            if (trovarec) {
              utentenonancoraVerificato = true;
            }
          }
        }

        if (!utentenonancoraVerificato) {
          res.status(400).send({
            code: server_constants.RIS_CODE_USERNAME_ALREADY_EXIST,
            msg: '',
          });
          return 1;
        }
      }
    });

    if (!utentenonancoraVerificato) {
      if (exit === 1) return;

      exit = await User.findByEmail(user.idapp, user.email).then((useralreadyexist) => {
        if (useralreadyexist) {
          res.status(400).send({
            code: server_constants.RIS_CODE_EMAIL_ALREADY_EXIST,
            msg: '',
          });
          return 1;
        }
      });

      if (exit === 1) return;

      let recuser = null;

      recuser = await User.findByCellAndNameSurname(user.idapp, user.profile.cell, user.name, user.surname);
      if (recuser && user.name !== '' && user.surname !== '' && user.profile.cell !== '') {
        console.log('UTENTE GIA ESISTENTE:\n');
        console.log(user);
        // User already registered!
        res.status(400).send({ code: server_constants.RIS_CODE_USER_ALREADY_EXIST, msg: '' });
        return 1;
      }
    }

    let recextra = null;

    user.aportador_solidario = user.aportador_solidario.trim();

    user.aportador_solidario = user.aportador_solidario.replace('@', '');

    let id_aportador = await User.getIdByUsername(user.idapp, user.aportador_solidario);
    if (!id_aportador) {
      // Cerca se esiste l'aportador solidario con l'username Telegram
      const useraportador = await User.getUserByUsernameTelegram(user.idapp, user.aportador_solidario);
      if (useraportador) {
        id_aportador = useraportador._id;
        user.aportador_solidario = useraportador.username;
      }
    }

    let idMyGroupSite = tools.getidMyGroupBySite(body.idapp);
    user.idMyGroup = idMyGroupSite ? idMyGroupSite : '';

    if (id_aportador) {
      // Ottiene l'username "corretto" (senza maiuscole o minuscole)
      user.aportador_solidario = await User.getRealUsernameByUsername(user.idapp, user.aportador_solidario);
    }

    if (!id_aportador && tools.getAskToVerifyReg(body.idapp)) {
      // Si sta tentando di registrare una persona sotto che non corrisponde!
      let msg =
        'Il link di registrazione non sembra risultare valido.<br>invitante: ' +
        user.aportador_solidario +
        '<br>username: ' +
        user.username;

      await telegrambot.sendMsgTelegramToTheManagers(user.idapp, msg);
      res.status(400).send({
        code: server_constants.RIS_CODE_USER_APORTADOR_NOT_VALID,
        msg: '',
      });
      return 1;
    }

    if (utentenonancoraVerificato) {
      if (id_aportador) {
        // Se mi sono registrato ma l'invitante non mi abilita, allora il posso registrarmi nuovamente, con lo stesso username e password,
        // con un'altro link di un'altro invitante !
        await User.setaportador_solidario(user.idapp, user.username, user.aportador_solidario);

        const myuser = await User.findOne({ _id: trovarec._id });
        if (myuser) {
          await telegrambot.askConfirmationUser(myuser.idapp, shared_consts.CallFunz.REGISTRATION, myuser);

          const { token, refreshToken } = await myuser.generateAuthToken(req);
          res.header('x-auth', token).header('x-refrtok', refreshToken).send(myuser);
          return true;
        }
      }
    }

    // let already_registered = (recextra || user.aportador_solidario === tools.APORTADOR_NONE) && (user.idapp === tools.AYNI);

    // Check if is an other people aportador_solidario

    /*if (already_registered) {
      // Check in the extraList if is present!
      const msg = 'Utente non trovato: ' + user.name + ' ' + user.surname + ' ' + user.profile.nationality + ' ' + user.profile.cell + ' email: ' + user.email + ' username: ' + user.username;
      console.log('Utente non trovato; ', msg);
      await telegrambot.sendMsgTelegramToTheManagers(user.idapp, msg);
      res.status(400).send({
        code: server_constants.RIS_CODE_USER_EXTRALIST_NOTFOUND,
        msg: 'Controlla se il numero ' + user.profile.cell + ' è corretto.'
      });
      return 1;
    } */

    return user
      .save()
      .then(async () => {
        return User.findByUsername(user.idapp, user.username, false)
          .then((usertrovato) => {
            // tools.mylog("TROVATO USERNAME ? ", user.username, usertrovato);
            if (usertrovato !== null) {
              return user.generateAuthToken(req);
            } else {
              res.status(400).send();
              return 0;
            }
          })
          .then(async (ris) => {
            // tools.mylog("passo il TOKEN: ", token);

            if (recextra) {
              recextra.registered = true;
              recextra.username = user.username;
              await recextra.save();

              // await User.fixUsername(user.idapp, user.ind_order, user.username);
            }
            return ris;
          })
          .then(async (ris) => {
            // tools.mylog("LINKREG = " + user.linkreg);
            // Invia un'email all'utente
            // tools.mylog('process.env.TESTING_ON', process.env.TESTING_ON);
            console.log('res.locale', res.locale);

            await telegrambot.askConfirmationUser(
              user.idapp,
              shared_consts.CallFunz.REGISTRATION,
              user,
              '',
              '',
              '',
              regexpire
            );

            // if (!tools.testing()) {
            await sendemail.sendEmail_Registration(user.lang, user.email, user, user.idapp, user.linkreg);
            // }
            res.header('x-auth', ris.token).header('x-refrtok', ris.refreshToken).send(user);
            return true;
          });
      })
      .catch((e) => {
        console.error(e.message);
        res.status(400).send(e);
      });
  } catch (e) {
    console.error('Error: /users REG: ' + e.message);
  }
});

router.get('/:idapp/:username', async (req, res) => {
  var username = req.params.username;
  const idapp = req.params.idapp;

  // if (username === 'pippo') {
  //   return res.status(200).send();
  // }

  await User.findByUsername(idapp, username, false, true)
    .then(async (user) => {
      if (!user) {
        user = await User.findByUsernameTelegram(idapp, username, false, true);
        if (!user) return res.status(404).send();
      }
      // console.log('TROVATO!')
      return res.status(200).send();
    })
    .catch((e) => {
      return res.status(400).send();
    });
});

router.patch('/:id', authenticate, (req, res) => {
  const id = req.params.id;
  const body = _.pick(req.body.user, shared_consts.fieldsUserToChange());

  tools.mylogshow('PATCH USER: ', id);

  if (!User.isAdmin(req.user.perm)) {
    // If without permissions, exit
    return res.status(404).send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' });
  }

  User.findByIdAndUpdate(id, { $set: body })
    .then((user) => {
      tools.mylogshow(' USER TO MODIFY: ', user);
      if (!user) {
        return res.status(404).send();
      } else {
        res.send({ code: server_constants.RIS_CODE_OK, msg: '' });
      }
    })
    .catch((e) => {
      tools.mylogserr('Error patch USER: ', e);
      res.status(400).send();
    });
});

router.post('/lastmovs', authenticate, async (req, res) => {
  const nummov = req.body.nummov;
  const idapp = req.body.idapp;

  try {
    const { Movement } = require('../models/movement');

    if (nummov) {
      last_transactions = await Movement.getLastN_Transactions(idapp, nummov);
    }

    res.send({ code: server_constants.RIS_CODE_OK, last_transactions });
  } catch (e) {
    tools.mylogserr('Error lastmovs: ', e);
    res.status(400).send();
  }
});

router.post('/receiveris', authenticate, (req, res) => {
  const username = req.user ? req.user.username : '';
  const groupname = req.body.groupname;
  const idapp = req.body.idapp;

  try {
    if (!username) return res.send({ code: server_constants.RIS_CODE_ERR });

    if (groupname) {
      return MyGroup.setReceiveRisGroup(idapp, groupname)
        .then((risult) => {
          res.send({ code: server_constants.RIS_CODE_OK });
        })
        .catch((err) => {
          tools.mylog('ERRORE IN receiveris: ' + err.message);
          res.status(400).send();
        });
    } else if (username) {
      return User.setReceiveRis(idapp, username)
        .then((risult) => {
          res.send({ code: server_constants.RIS_CODE_OK });
        })
        .catch((err) => {
          tools.mylog('ERRORE IN receiveris: ' + err.message);
          res.status(400).send();
        });
    }
  } catch (e) {
    res.status(400).send();
  }
});

router.post('/listlinkreg', authenticate, (req, res) => {
  const username = req.user ? req.user.username : '';
  const groupname = req.body.groupname;
  const idapp = req.body.idapp;

  try {
    if (!username) return res.send({ code: server_constants.RIS_CODE_ERR });

    return User.setLinkReg(idapp, username)
      .then((risult) => {
        res.send({ code: server_constants.RIS_CODE_OK });
      })
      .catch((err) => {
        tools.mylog('ERRORE IN listlinkreg: ' + err.message);
        res.status(400).send();
      });
  } catch (e) {
    res.status(400).send();
  }
});

router.post('/profile', authenticate, (req, res) => {
  const usernameOrig = req.user ? req.user.username : '';
  const perm = req.user ? req.user.perm : tools.Perm.PERM_NONE;
  const username = req.body['username'];
  const idapp = req.body.idapp;

  //++Todo: controlla che tipo di dati ha il permesso di leggere

  try {
    // Check if ìs a Notif to read
    const idnotif = req.body['idnotif'] ? req.body['idnotif'] : '';
    SendNotif.setNotifAsRead(idapp, usernameOrig, idnotif);

    return User.getUserProfileByUsername(idapp, username, usernameOrig, false, perm)
      .then((ris) => {
        return User.getFriendsByUsername(idapp, usernameOrig)
          .then(async (friends) => {
            if (username === usernameOrig) {
              const userprofile = await User.getExtraInfoByUsername(idapp, ris.username);
              ris.profile = userprofile;
            }

            return { ris, friends };
          })
          .then((tot) => {
            return res.send({ user: tot.ris, friends: tot.friends });
          });
      })
      .catch((e) => {
        tools.mylog('ERRORE IN Profile: ' + e.message);
        res.status(400).send();
      });
  } catch (e) {
    tools.mylogserr('Error profile: ', e);
    res.status(400).send();
  }
});

router.post('/activities', authenticate_noerror, (req, res) => {
  const usernameOrig = req.user ? req.user.username : '';
  const perm = req.user ? req.user.perm : tools.Perm.PERM_NONE;
  const username = req.body['username'];
  const idapp = req.body.idapp;
  const locale = req.body.locale;

  //++Todo: controlla che tipo di dati ha il permesso di leggere

  try {
    // Check if ìs a Notif to read
    const idnotif = req.body['idnotif'] ? req.body['idnotif'] : '';
    SendNotif.setNotifAsRead(idapp, usernameOrig, idnotif);

    return User.getUserProfileByUsername(idapp, username, usernameOrig, false, perm)
      .then((ris) => {
        return User.getFriendsByUsername(idapp, usernameOrig)
          .then(async (friends) => {
            let userprofile = null;
            if (req.user) {
              userprofile = await User.getExtraInfoByUsername(idapp, ris.username);
            } else {
              userprofile = await User.getProfilePerActivitiesByUsername(idapp, ris.username);
              ris.aportador_solidario = '';
              ris.date_reg = '';
              ris.email = '';
            }
            ris.profile = userprofile;

            return { ris, friends };
          })
          .then((tot) => {
            return res.send({ user: tot.ris, friends: tot.friends });
          });
      })
      .catch((e) => {
        tools.mylog('ERRORE IN Profile: ' + e.message);
        res.status(400).send();
      });
  } catch (e) {
    tools.mylogserr('Error profile: ', e);
    res.status(400).send();
  }
});

router.post('/panel', authenticate, async (req, res) => {
  const username = req.body['username'];
  idapp = req.body.idapp;
  locale = req.body.locale;

  if (!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm)) {
    // If without permissions, exit
    return res.status(404).send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' });
  }

  try {
    const myuser = await User.findOne(
      { idapp, username },
      {
        username: 1,
        name: 1,
        surname: 1,
        email: 1,
        verified_by_aportador: 1,
        aportador_solidario: 1,
        lasttimeonline: 1,
        deleted: 1,
        sospeso: 1,
        blocked: 1,
        reported: 1,
        username_who_report: 1,
        date_report: 1,
        profile: 1,
      }
    ).lean();
    if (!!myuser) {
      res.send(myuser);
    } else {
      tools.mylog('ERRORE IN panel: ');
      res.status(400).send();
    }
  } catch (e) {
    tools.mylogserr('Error profile: ', e);
    res.status(400).send();
  }
});

router.post('/notifs', authenticate, async (req, res) => {
  /* const notifs = req.body['notifs'];
  idapp = req.body.idapp;
  locale = req.body.locale;
 
  const myuser = req.user;
  if (!myuser) {
    return res.status(404).
        send({code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: ''});
  }
 
  try {
    if (!!myuser) {
      if (tools.isArray(notifs) && notifs.length >= 0) {
        myuser.profile.notifs = notifs;
        myuser.save();
        return res.send({code: server_constants.RIS_CODE_OK, msg: ''});
      }
    }
    return res.send({code: server_constants.RIS_CODE_OK, msg: ''});
  } catch (e) {
    tools.mylogserr('Error profile: ', e);
    res.status(400).send();
  }
 
   */
});

router.post('/newtok', async (req, res) => {
  try {
    const refreshToken = req.body.refreshToken;

    // return res.status(403).send({ error: 'Refresh token non valido' });

    if (!refreshToken) {
      return res.status(400).send({ error: 'Refresh token mancante' });
    }

    const recFound = await User.findOne({ 'tokens.refreshToken': refreshToken });

    if (!recFound) {
      return res.status(403).send({ error: 'Refresh token non valido' });
    }

    const { token, refreshToken: newRefreshToken } = await recFound.generateAuthToken(req);

    return res.status(200).send({
      token,
      refreshToken: newRefreshToken,
    });
  } catch (e) {
    console.error('Errore durante il refresh token:', e);
    return res.status(500).send({ error: 'Errore interno del server' });
  }
});

// Dizionario per tenere traccia dei tentativi di accesso falliti per ogni utente
const failedLoginAttempts = {};

// Costante per il numero massimo di tentativi di accesso falliti prima del blocco
const MAX_FAILED_ATTEMPTS = 30;

// Costante per la durata del blocco in millisecondi (ad esempio 30 minuti)
const BLOCK_DURATION = 30 * 60 * 1000; // 30 minuti

// Funzione per bloccare un utente per un periodo di tempo dopo un numero specificato di tentativi falliti
function blockUser(username) {
  failedLoginAttempts[username] = Date.now() + BLOCK_DURATION;
}

// Middleware per controllare se l'utente è bloccato
function checkBlocked(req, res, next) {
  const { username } = req.body;
  const now = Date.now();

  if (failedLoginAttempts[username] && failedLoginAttempts[username] > now) {
    text = 'Utente bloccato. Riprova più tardi. (username=' + username + ')';
    console.log(text);
    return res.status(403).json({ message: 'Utente bloccato. Riprova più tardi.' });
  }

  next();
}

router.post('/login', checkBlocked, async (req, res) => {
  const body = _.pick(req.body, ['username', 'password', 'idapp', 'keyappid', 'lang']);
  const userpass = new User(body);
  // const subs = _.pick(req.body, ['subs']);

  // tools.mylog("LOG: u: " + user.username + " p:" + user.password);

  // tools.mylog("user REC:", user);

  if (body.keyappid !== process.env.KEY_APP_ID) return res.status(400).send();

  let resalreadysent = false;

  try {
    const user = await User.findByCredentials(userpass.idapp, userpass.username, userpass.password);

    if (!user) {
      const rislogin = await User.tooManyLoginWrong(body.idapp, body.username, true);

      if (rislogin.troppilogin) {
        let text =
          'Troppe richieste di Login ERRATE: ' +
          body.username +
          ' [IP: ' +
          tools.getiPAddressUser(req) +
          '] Tentativi: ' +
          rislogin.retry_pwd;
        telegrambot.sendMsgTelegramToTheManagers(body.idapp, text);
        console.log('/login', text);
        res.status(400).send({ code: server_constants.RIS_CODE_ERR, msg: text });
        return;
      }

      await tools.snooze(2000);

      if (!failedLoginAttempts[body.username]) {
        failedLoginAttempts[body.username] = 1;
      } else {
        failedLoginAttempts[body.username]++;
      }

      let numvolteerrati = failedLoginAttempts[body.username];

      if (numvolteerrati > 2) {
        const msg =
          'Tentativo (' +
          numvolteerrati +
          ') di Login ERRATO [' +
          body.username +
          ' , ' +
          ']\n' +
          '[IP: ' +
          tools.getiPAddressUser(req) +
          ']';
        tools.mylogshow(msg);
        await telegrambot.sendMsgTelegramToTheAdmin(req.body.idapp, msg, true);
        tools.writeErrorLog(msg);
      }

      if (failedLoginAttempts[body.username] >= MAX_FAILED_ATTEMPTS) {
        blockUser(body.username);
        text =
          'Troppi tentativi di accesso falliti. Utente bloccato (' +
          body.username +
          ')' +
          ' [IP: ' +
          tools.getiPAddressUser(req) +
          ']';
        tools.mylogshow(text);
        telegrambot.sendMsgTelegramToTheManagers(req.body.idapp, text);
        res.status(403).json({ message: text });
        resalreadysent = true;
      }

      return res.status(401).send({ code: server_constants.RIS_CODE_LOGIN_ERR });
    } else {
      const myris = await user.generateAuthToken(req);

      const usertosend = new User();

      shared_consts.fieldsUserToChange().forEach((field) => {
        usertosend[field] = user[field];
      });

      const subsExistonDb = await existSubScribe(usertosend._id, 'auth', req.get('User-Agent'));

      res.header('x-auth', myris.token).header('x-refrtok', myris.refreshToken).send({
        usertosend,
        code: server_constants.RIS_CODE_OK,
        subsExistonDb,
      });
    }
  } catch (e) {
    console.error('ERRORE IN LOGIN: ' + e.message);
    if (!resalreadysent) res.status(400).send({ code: server_constants.RIS_CODE_LOGIN_ERR_GENERIC, msgerr: e.message });
  }
});

router.delete('/me/token', authenticate_withUser, (req, res) => {
  // tools.mylog("TOKENREM = " + req.token);
  try {
    req.user.removeToken(req.token).then(
      () => {
        res.status(200).send();
      },
      () => {
        res.status(400).send();
      }
    );
  } catch (e) {
    console.log('delete(/me/token', e.message);
  }
});

router.post('/setperm', authenticate, (req, res) => {
  const body = _.pick(req.body, ['idapp', 'username', 'perm']);
  tools.mylog('SETPERM = ' + req.token);

  User.setPermissionsById(req.user._id, body).then(
    () => {
      res.status(200).send();
    },
    () => {
      res.status(400).send();
    }
  );
});

router.post('/import_extralist', async (req, res) => {
  const strdata = req.body.strdata;
  idapp = req.body.idapp;
  locale = req.body.locale;

  // const ris = await ExtraList.ImportData(locale, idapp, strdata);
  console.log('ris', ris);

  res.send(ris);
});

router.post('/friends', authenticate, (req, res) => {
  const username = req.user.username;
  idapp = req.body.idapp;
  locale = req.body.locale;

  return User.getFriendsByUsername(idapp, username)
    .then((ris) => {
      res.send(ris);
    })
    .catch((e) => {
      tools.mylog('ERRORE IN Profile: ' + e.message);
      res.status(400).send();
    });
});

router.post('/groups', authenticate, (req, res) => {
  const username = req.user.username;
  idapp = req.body.idapp;
  locale = req.body.locale;

  return MyGroup.getGroupsByUsername(idapp, username, req)
    .then((ris) => {
      res.send(ris);
    })
    .catch((e) => {
      tools.mylog('ERRORE IN groups: ' + e.message);
      res.status(400).send();
    });
});

router.post('/circuits', authenticate_withUser, (req, res) => {
  const username = req.user.username;
  idapp = req.body.idapp;
  locale = req.body.locale;
  nummovTodownload = req.body.nummovTodownload;

  return Circuit.getCircuitsByUsername(idapp, username, req.user, nummovTodownload)
    .then((ris) => {
      res.send(ris);
    })
    .catch((e) => {
      tools.mylog('ERRORE IN circuits: ' + e.message);
      res.status(400).send();
    });
});

router.post('/updatesaldo', authenticate, async (req, res) => {
  const username = req.user.username;
  idapp = req.body.idapp;
  locale = req.body.locale;
  circuitId = req.body.circuitId;
  groupname = req.body.groupname;
  const lastdr = req.body['lastdr'] ? req.body['lastdr'] : '';

  try {
    const userprofile = await User.getExtraInfoByUsername(idapp, username);
    let ris = {
      userprofile,
    };

    ris.arrrecnotif = await SendNotif.findAllNotifByUsernameIdAndIdApp(
      username,
      lastdr,
      idapp,
      shared_consts.LIMIT_NOTIF_FOR_USER,
      shared_consts.QualiNotifs.OTHERS
    );
    ris.arrrecnotifcoins = await SendNotif.findAllNotifByUsernameIdAndIdApp(
      username,
      lastdr,
      idapp,
      shared_consts.LIMIT_NOTIFCOINS_FOR_USER,
      shared_consts.QualiNotifs.CIRCUITS
    );

    return res.send({ ris });
  } catch (e) {
    tools.mylog('ERRORE IN updatesaldo: ' + e);
    res.status(400).send();
  }
});

router.post('/friends/cmd', authenticate, async (req, res) => {
  const usernameLogged = req.user.username;
  const idapp = req.body.idapp;
  const locale = req.body.locale;
  let usernameOrig = req.body.usernameOrig;
  let usernameDest = req.body.usernameDest;
  const cmd = req.body.cmd;
  const value = req.body.value;

  if (!User.isAdmin(req.user.perm) || !User.isManager(req.user.perm)) {
    // If without permissions, exit
    if (
      usernameOrig !== usernameLogged &&
      usernameDest !== usernameLogged &&
      (cmd === shared_consts.FRIENDSCMD.SETFRIEND || cmd === shared_consts.FRIENDSCMD.SETHANDSHAKE)
    ) {
      return res.status(404).send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' });
    }
  }

  usernameOrig = await User.getRealUsernameByUsername(idapp, usernameOrig);
  usernameDest = await User.getRealUsernameByUsername(idapp, usernameDest);

  return User.setFriendsCmd(req, idapp, usernameOrig, usernameDest, cmd, value)
    .then((ris) => {
      res.send(ris);
    })
    .catch((e) => {
      tools.mylog('ERRORE IN Friends/cmd: ' + e.message);
      res.status(400).send();
    });
});

router.post('/sendcmd', authenticate, async (req, res) => {
  const usernameLogged = req.user.username;
  const idapp = req.body.idapp;
  const locale = req.body.locale;
  let usernameOrig = req.body.usernameOrig;
  let usernameDest = req.body.usernameDest;
  const cmd = req.body.cmd;
  const value = req.body.value;

  usernameOrig = await User.getRealUsernameByUsername(idapp, usernameOrig);
  usernameDest = await User.getRealUsernameByUsername(idapp, usernameDest);

  return User.sendCmd(req, idapp, usernameOrig, usernameDest, cmd, value)
    .then((ris) => {
      res.send(ris);
    })
    .catch((e) => {
      tools.mylog('ERRORE IN sendcmd: ' + e.message);
      res.status(400).send();
    });
});

router.post('/groups/cmd', authenticate, (req, res) => {
  const usernameLogged = req.user.username;
  const idapp = req.body.idapp;
  const locale = req.body.locale;
  const usernameOrig = req.body.usernameOrig;
  const groupnameDest = req.body.groupnameDest;
  const cmd = req.body.cmd;
  const value = req.body.value;

  /*if (!User.isAdmin(req.user.perm) || !User.isManager(req.user.perm)) {
    // If without permissions, exit
    if (usernameOrig !== usernameLogged) {
      return res.status(404).
          send({code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: ''});
    }
  }*/

  return User.setGroupsCmd(idapp, usernameOrig, groupnameDest, cmd, value, usernameLogged)
    .then((ris) => {
      res.send(ris);
    })
    .catch((e) => {
      tools.mylog('ERRORE IN groups/cmd: ' + e.message);
      res.status(400).send();
    });
});

router.post('/circuits/cmd', authenticate, async (req, res) => {
  const usernameLogged = req.user.username;
  const idapp = req.body.idapp;
  const locale = req.body.locale;
  const usernameOrig = req.body.usernameOrig;
  const circuitname = req.body.circuitname;
  const cmd = req.body.cmd;
  const value = req.body.value;
  const extrarec = req.body.extrarec;

  /*if (!User.isAdmin(req.user.perm) || !User.isManager(req.user.perm)) {
    // If without permissions, exit
    if (usernameOrig !== usernameLogged) {
      return res.status(404).
          send({code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: ''});
    }
  }*/

  return await User.setCircuitCmd(idapp, usernameOrig, circuitname, cmd, value, usernameLogged, extrarec)
    .then(async (ris) => {
      // Check if ìs a Notif to read
      if (extrarec && extrarec.hasOwnProperty('idnotif')) {
        const idnotif = extrarec['idnotif'] ? extrarec['idnotif'] : '';
        await SendNotif.setNotifAsRead(idapp, usernameOrig, idnotif);
      }

      return res.send(ris);
    })
    .catch((e) => {
      tools.mylog('ERRORE IN circuits/cmd: ' + e.message);
      res.status(400).send();
    });
});

async function ConvertiDaIntAStr(mytable) {
  try {
    console.log('INIZIO - ConvertiDaIntAStr ', mytable.modelName);

    return await mytable.find({ _id: { $type: 16 } }).then(async (arr) => {
      console.log('num record ', arr.length);

      let ind = 0;
      for (let x of arr) {
        const idnew = x._id;

        if (idnew < 10000) {
          const idint = parseInt(x._id, 10) + 10000;

          const myrec = new mytable(x._doc);

          myrec._doc.date_created = x._doc.date_created;
          myrec._doc.date_updated = x._doc.date_updated;

          if (!myrec._doc.date_updated) {
            if (myrec.hasOwnProperty('date_created')) myrec._doc.date_updated = myrec._doc.date_created;
          }
          if (myrec.hasOwnProperty('date_updated') && !myrec._doc.date_created)
            myrec._doc.date_created = myrec._doc.date_updated;
          myrec._doc._id = idint + '';

          try {
            const doc = await myrec.save();
            ind++;
            console.log('++Add (', ind, ')', doc._id);
          } catch (err) {
            const myid = parseInt(err.keyValue._id, 10) + 0;
            const canc = await mytable.findOneAndDelete({ _id: myid });
            if (canc) console.log('err', err.message, 'canc', canc._doc._id);
          }
        }
      }
      console.log('FINE - ConvertiDaIntAStr ', mytable.modelName);
    });
  } catch (err) {
    console.error(err);
  }
}
async function RimuoviInteri(mytable) {
  try {
    console.log('INIZIO - RimuoviInteri ', mytable.modelName);

    const arr = await mytable.find({ _id: { $lte: 10000 } });
    console.log('   search interi...', arr.length);

    const ris = await mytable.deleteMany({ _id: { $lte: 10000 } });

    console.log('FINE - RimuoviInteri ', mytable.modelName, ris);
  } catch (err) {
    console.error(err);
  }
}

async function eseguiDbOpUser(idapp, mydata, locale, req, res) {
  let ris = await User.DbOp(idapp, mydata);

  const populate = require('../populate/populate');

  const globalTables = require('../tools/globalTables');

  let mystr = '';

  try {
    if (mydata.dbop === 'CreateAccountCircuits') {
      const allcirc = await Circuit.find({ idapp });

      for (const mycirc of allcirc) {
        // Il Conto Comunitario prende il nome del circuito !
        await Account.createAccount(idapp, '', mycirc.name, true, '', mycirc.path);
      }
    } else if (mydata.dbop === 'saveStepTut') {
      await User.findOneAndUpdate({ _id: mydata._id }, { $set: { 'profile.stepTutorial': mydata.value } });
    } else if (mydata.dbop === 'noNameSurname') {
      await User.findOneAndUpdate({ _id: mydata._id }, { $set: { 'profile.noNameSurname': mydata.value } });
    } else if (mydata.dbop === 'noCircuit') {
      await User.findOneAndUpdate({ _id: mydata._id }, { $set: { 'profile.noCircuit': mydata.value } });
    } else if (mydata.dbop === 'noCircIta') {
      await User.findOneAndUpdate({ _id: mydata._id }, { $set: { 'profile.noCircIta': mydata.value } });
    } else if (mydata.dbop === 'noFoto') {
      await User.findOneAndUpdate({ _id: mydata._id }, { $set: { 'profile.noFoto': mydata.value } });
    }
  } catch (e) {
    console.log(e.message);
  }
}

router.post('/dbop', authenticate, async (req, res) => {
  const mydata = req.body.mydata;
  idapp = req.body.idapp;
  locale = req.body.locale;

  if (!User.isCollaboratore(req.user.perm)) {
    return res.status(404).send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED });
  }

  try {
    const cronMod = new CronMod();
    const risOp = await cronMod.eseguiDbOp(idapp, mydata, req, res);

    return res.send({ code: server_constants.RIS_CODE_OK, data: risOp });
  } catch (e) {
    console.log(e.message);
    return res.status(400).send({ code: server_constants.RIS_CODE_ERR, msg: e.message });
  }
});

router.post('/dbopuser', authenticate, async (req, res) => {
  const mydata = req.body.mydata;
  idapp = req.body.idapp;
  locale = req.body.locale;

  try {
    let ris = await eseguiDbOpUser(idapp, mydata, locale, req, res);

    if (!ris) {
      ris = {};
    }

    ris = await User.updateMyData(ris, idapp, req.user.username);

    res.send({ code: server_constants.RIS_CODE_OK, ris });
  } catch (e) {
    res.status(400).send({ code: server_constants.RIS_CODE_ERR, msg: e });

    console.log(e.message);
  }
});

router.post('/infomap', authenticate, async (req, res) => {
  const idapp = req.body.idapp;
  const raggruppa = true;

  try {
    let myquery = [
      {
        $match: {
          idapp,
          $or: [{ deleted: { $exists: false } }, { deleted: { $exists: true, $eq: false } }],
        },
      },
      {
        $lookup: {
          from: 'provinces', // Collezione delle province
          localField: 'profile.resid_province', // Campo nella collezione User che contiene l'ID della provincia
          foreignField: 'prov', // Campo nella collezione Province che identifica l'ID della provincia
          as: 'provinceInfo', // Nome del campo in cui verranno memorizzate le informazioni della provincia
        },
      },
      {
        $addFields: {
          provinceInfo: { $arrayElemAt: ['$provinceInfo', 0] }, // Estrae il primo elemento dell'array provinceInfo
        },
      },
      {
        $project: {
          username: 1,
          name: 1,
          surname: 1,
          email: 1,
          verified_by_aportador: 1,
          aportador_solidario: 1,
          lasttimeonline: 1,
          'profile.img': 1,
          'profile.resid_province': 1,
          lat: '$provinceInfo.lat', // Aggiunge il campo lat preso dalla provincia
          long: '$provinceInfo.long', // Aggiunge il campo long preso dalla provincia
        },
      },
    ];

    let ris = null;

    if (raggruppa) {
      const myquery = [
        {
          $lookup: {
            from: 'users', // Collezione degli utenti
            localField: 'prov', // Campo nella collezione Province che identifica l'ID della provincia
            foreignField: 'profile.resid_province', // Campo nella collezione User che contiene l'ID della provincia
            as: 'users', // Nome del campo in cui verranno memorizzati gli utenti della provincia
          },
        },
        {
          $addFields: {
            userCount: { $size: '$users' }, // Aggiunge il numero di utenti nella provincia
          },
        },
        {
          $lookup: {
            from: 'provinces', // Collezione delle province
            localField: 'prov', // Campo nella collezione Province che identifica l'ID della provincia
            foreignField: 'prov', // Campo nella collezione Province che identifica l'ID della provincia
            as: 'provinceInfo', // Nome del campo in cui verranno memorizzate le informazioni della provincia
          },
        },
        {
          $addFields: {
            provinceDescr: { $arrayElemAt: ['$provinceInfo.descr', 0] }, // Aggiunge il campo descr preso dalla provincia
          },
        },
        {
          $project: {
            _id: 0, // Esclude il campo _id
            province: '$prov', // Rinomina il campo prov come province
            descr: '$provinceDescr',
            userCount: 1,
            lat: 1, // Include il campo lat
            long: 1, // Include il campo long
          },
        },
      ];

      ris = await Province.aggregate(myquery);
    } else {
      ris = await User.aggregate(myquery);
    }

    if (!ris) {
      ris = {};
    }

    res.send({ code: server_constants.RIS_CODE_OK, ris });
  } catch (e) {
    res.status(400).send({ code: server_constants.RIS_CODE_ERR, msg: e });

    console.log(e.message);
  }
});

router.post('/mgt', authenticate_withUser, async (req, res) => {
  const mydata = req.body.mydata;
  idapp = req.body.idapp;
  locale = req.body.locale;

  try {
    const { nummsgsent, numrec, textsent, text } = await telegrambot.sendMsgFromSiteToBotTelegram(
      idapp,
      req.user,
      mydata
    );

    return res.send({ numrec, nummsgsent, textsent, text });
  } catch (e) {
    res.status(400).send();
    res.send({ code: server_constants.RIS_CODE_ERR, msg: e });

    console.log(e.message);
  }
});

module.exports = router;