freeplanet_serverside/src/server/router/index_router.js

const express = require('express');
const router = express.Router(),
    fs = require('fs'),
    path = require('path');

const jwt = require('jsonwebtoken');

const telegrambot = require('../telegram/telegrambot');

const sendemail = require('../sendemail');

const {authenticate, authenticate_noerror} = require(
    '../middleware/authenticate');

const {ObjectID} = require('mongodb');
const {ListaIngresso} = require('../models/listaingresso');
const {Graduatoria} = require('../models/graduatoria');

const mongoose = require('mongoose').set('debug', false);
const cfgserver = mongoose.model('cfgserver');

const ftp = require('../ftp/FTPClient'),
    formidable = require('formidable'),
    folder = path.join(__dirname, 'upload');

if (!fs.existsSync(folder)) {
  fs.mkdirSync(folder);
}

const _ = require('lodash');

const {User} = require('../models/user');
const {Nave} = require('../models/nave');
const {Flotta} = require('../models/flotta');
const {NavePersistente} = require('../models/navepersistente');
// const { ExtraList } = require('../models/extralist');
const {Booking} = require('../models/booking');
const {Operator} = require('../models/operator');
const {Where} = require('../models/where');
const {MyEvent} = require('../models/myevent');
const {Contribtype} = require('../models/contribtype');
const {PaymentType} = require('../models/paymenttype');
const {Discipline} = require('../models/discipline');
const {Skill} = require('../models/skill');
const {MySkill} = require('../models/myskill');
const {StatusSkill} = require('../models/statusSkill');
const {City} = require('../models/city');
const {Sector} = require('../models/sector');
const {Level} = require('../models/level');
const {Newstosent} = require('../models/newstosent');
const {MyPage} = require('../models/mypage');
const {CalZoom} = require('../models/calzoom');
const {Gallery} = require('../models/gallery');
const {TemplEmail} = require('../models/templemail');
const {OpzEmail} = require('../models/opzemail');
const {MailingList} = require('../models/mailinglist');
const {Settings} = require('../models/settings');
const {SendMsg} = require('../models/sendmsg');
const {Permission} = require('../models/permission');
const {MsgTemplate} = require('../models/msg_template');
const Product = require('../models/product');
const Producer = require('../models/producer');
const Cart = require('../models/cart');
const OrdersCart = require('../models/orderscart');
const Storehouse = require('../models/storehouse');
const Department = require('../models/department');
const ShareWithUs = require('../models/sharewithus');
const Site = require('../models/site');
const IscrittiConacreis = require('../models/iscrittiConacreis');
const Group = require('../models/group');
const {Todo} = require('../models/todo');
const Hours = require('../models/hours');
const Order = require('../models/order');
const Cash = require('../models/cash');
const CashCategory = require('../models/cashCategory');
const CashSubCategory = require('../models/cashSubCategory');

const tools = require('../tools/general');

const server_constants = require('../tools/server_constants');
const actions = require('./api/actions');

const shared_consts = require('../tools/shared_nodejs');

const UserCost = {
  FIELDS_REQUISITI: [
    'verified_email',
    'profile.teleg_id',
    'profile.saw_and_accepted',
    'profile.revolut',
    'profile.payeer_id',
    'profile.advcash_id',
    'profile.link_payment',
    'profile.email_paypal',
    'profile.paymenttypes'],
};

router.post(process.env.LINKVERIF_REG, (req, res) => {
  const body = _.pick(req.body, ['idapp', 'idlink']);
  const idapp = body.idapp;
  const idlink = body.idlink;
  // console.log("LINKVERIF_REG POST " + process.env.LINKVERIF_REG + " idapp= " + idapp + " idlink = " + idlink);

  // Cerco l'idlink se è ancora da Verificare

  User.findByLinkreg(idapp, idlink).then((user) => {
    if (!user) {
      //console.log("NON TROVATO!");
      return res.status(404).send();
    } else {
      console.log('user', user);
      if (user.verified_email) {
        res.send({
          code: server_constants.RIS_CODE_EMAIL_ALREADY_VERIFIED,
          msg: tools.getres__('L\'Email è già stata Verificata', res),
        });
      } else {
        user.verified_email = true;
        user.lasttimeonline = new Date();
        user.save().then(() => {
          //console.log("TROVATOOOOOO!");
          res.send({
            code: server_constants.RIS_CODE_EMAIL_VERIFIED,
            msg: tools.getres__('EMAIL', res) + ' ' +
                tools.getres__('VERIF', res),
          });
        });
      }
    }
  }).catch((e) => {
    console.log(e.message);
    res.status(400).send();
  });

});

// Faccio richiesta di una Nuova Password
router.post(process.env.LINK_REQUEST_NEWPASSWORD, (req, res) => {
  const body = _.pick(req.body, ['idapp', 'email']);
  const idapp = body.idapp;
  const email = body.email.toLowerCase().trim();
  console.log(
      'POST ' + process.env.LINK_REQUEST_NEWPASSWORD + ' idapp= ' + idapp +
      ' email = ' + email);

  User.findByEmail(idapp, email).then(async (user) => {
    if (!user) {
      await tools.snooze(5000);
      return res.status(200).
          send({code: server_constants.RIS_CODE_EMAIL_NOT_EXIST, msg: ''});
    } else {
      // Creo il tokenforgot
      user.tokenforgot = jwt.sign(user._id.toHexString(), process.env.SIGNCODE).
          toString();
      user.date_tokenforgot = new Date();
      user.lasttimeonline = new Date();
      user.save().then(async () => {
        await sendemail.sendEmail_RequestNewPassword(res.locale, user,
            user.email, user.idapp, user.tokenforgot);
        res.send({code: server_constants.RIS_CODE_OK, msg: ''});
      });
    }
  }).catch((e) => {
    console.log(e.message);
    res.status(400).send();
    res.send({code: server_constants.RIS_CODE_ERR, msg: e});
  });

});

// Invio la Nuova Password richiesta dal reset!
// Ritorna il token per poter effettuare le chiamate...
router.post(process.env.LINK_UPDATE_PWD, (req, res) => {
  const body = _.pick(req.body, ['idapp', 'email', 'tokenforgot', 'password']);
  const idapp = body.idapp;
  const email = body.email.toLowerCase().trim();
  const tokenforgot = body.tokenforgot;
  const password = body.password;
  const msg = 'Richiesta Nuova Password: idapp= ' + idapp + ' email = ' + email;
  console.log(msg);

  // telegrambot.sendMsgTelegramToTheManagers(body.idapp, msg);

  User.findByLinkTokenforgot(idapp, email, tokenforgot).then((user) => {
    if (!user) {
      return res.send(
          {code: server_constants.RIS_CODE_TOKEN_RESETPASSWORD_NOT_FOUND});
    } else {
      // aggiorna la nuova password
      user.password = password;
      user.lasttimeonline = new Date();

      // Crea token
      user.generateAuthToken(req).then(token => {
        user.tokenforgot = '';  // Svuota il tokenforgot perché non ti servirà più...

        // Salva lo User
        user.save().then(() => {
          res.header('x-auth', token).
              send({code: server_constants.RIS_CODE_OK});   // Ritorna il token di ritorno
        });
      });
    }
  }).catch((e) => {
    console.log(e.message);
    res.status(400).send();
  });

});

function getTableByTableName(tablename) {

  let mytable = '';
  if (tablename === 'users')
    mytable = User;
  else if (tablename === 'tessitura')
    mytable = Tessitura;
      // else if (tablename === 'extralist')
  //   mytable = ExtraList;
  else if (tablename === 'bookings')
    mytable = Booking;
  else if (tablename === 'operators')
    mytable = Operator;
  else if (tablename === 'products')
    mytable = Product;
  else if (tablename === 'storehouses')
    mytable = Storehouse;
  else if (tablename === 'departments')
    mytable = Department;
  else if (tablename === 'sharewithus')
    mytable = ShareWithUs;
  else if (tablename === 'sites')
    mytable = Site;
  else if (tablename === 'iscritticonacreis')
    mytable = IscrittiConacreis;
  else if (tablename === 'groups')
    mytable = Group;
  else if (tablename === 'todos')
    mytable = Todo;
  else if (tablename === 'hours')
    mytable = Hours;
  else if (tablename === 'orders')
    mytable = Order;
  else if (tablename === 'cashs')
    mytable = Cash;
  else if (tablename === 'cashCategorys')
    mytable = CashCategory;
  else if (tablename === 'cashSubCategorys')
    mytable = CashSubCategory;
  else if (tablename === 'producers')
    mytable = Producer;
  else if (tablename === 'carts')
    mytable = Cart;
  else if (tablename === 'orderscart')
    mytable = OrdersCart;
  else if (tablename === 'sendmsgs')
    mytable = SendMsg;
  else if (tablename === 'wheres')
    mytable = Where;
  else if (tablename === 'myevents')
    mytable = MyEvent;
  else if (tablename === 'contribtype')
    mytable = Contribtype;
  else if (tablename === 'paymenttypes')
    mytable = PaymentType;
  else if (tablename === 'disciplines')
    mytable = Discipline;
  else if (tablename === 'newstosent')
    mytable = Newstosent;
  else if (tablename === 'gallery')
    mytable = Gallery;
  else if (tablename === 'mypage')
    mytable = MyPage;
  else if (tablename === 'calzoom')
    mytable = CalZoom;
  else if (tablename === 'templemail')
    mytable = TemplEmail;
  else if (tablename === 'opzemail')
    mytable = OpzEmail;
  else if (tablename === 'settings')
    mytable = Settings;
  else if (tablename === 'permissions')
    mytable = Permission;
  else if (tablename === 'mailinglist')
    mytable = MailingList;
  else if (tablename === 'navi')
    mytable = Nave;
  else if (tablename === 'flotte')
    mytable = Flotta;
  else if (tablename === 'msg_templates')
    mytable = MsgTemplate;
  else if (tablename === 'navepersistente')
    mytable = NavePersistente;
  else if (tablename === 'listaingressos')
    mytable = ListaIngresso;
  else if (tablename === 'graduatorias')
    mytable = Graduatoria;
  else if (tablename === 'skills')
    mytable = Skill;
  else if (tablename === 'myskills')
    mytable = MySkill;
  else if (tablename === 'statusSkills')
    mytable = StatusSkill;
  else if (tablename === 'cities')
    mytable = City;
  else if (tablename === 'sectors')
    mytable = Sector;
  else if (tablename === 'levels')
    mytable = Level;

  return mytable;
}

router.post('/settable', authenticate, (req, res) => {
  const params = req.body;
  const mytable = getTableByTableName(params.table);
  const mydata = req.body.data;

  mydata.idapp = req.user.idapp;

  if (shared_consts.TABLES_ID_NUMBER.includes(params.table)) {
    if (mydata['_id'] === undefined) {
      mydata._id = 1;
    }
  } else if (params.table === 'hours') {

  } else {
    if (mydata['_id'] === undefined) {
      mydata._id = new ObjectID();
    }
  }

  if (shared_consts.TABLES_USER_ID.includes(params.table)) {
    mydata.userId = req.user._id;
  }

  delete mydata['__v'];
  delete mydata['__proto__'];

  let mytablerec = new mytable(mydata);
  // console.log('mytablerec', mytablerec);

  const mytablestrutt = getTableByTableName(params.table);

  if (mydata['_id'] !== undefined && mydata['_id'] !== 0) {
    mytablerec.isNew = false;
  }

  return mytablerec.save().then(rec => {
    // tools.mylog('rec', rec);
    return res.send(rec);

  }).catch((e) => {
    if (e.code === 11000) {
      const id = mytablerec._id;
      delete mytablerec._doc['_id'];
      const myfields = mytablerec._doc;
      if (!myfields.userId) {
        myfields.userId = req.user._id.toString();
      }
      return mytablestrutt.findByIdAndUpdate(id, {$set: myfields}).
          then(async (rec) => {
            return res.send(rec);
          }).
          catch((err) => {
            tools.mylog('error: ', err.message);
            return res.status(400).send(err);
          });
    } else {
      console.log(e.message);
    }
  });

});

router.post('/setsubrec', authenticate, (req, res) => {
  const params = req.body;
  const mytable = getTableByTableName(params.table);
  const mydata = req.body.data;

  mydata.idapp = req.user.idapp;

  let mytablerec = new mytable(mydata);
  // console.log('mytablerec', mytablerec);

  const mytablestrutt = getTableByTableName(params.table);

  const rec = mytablestrutt.createNewSubRecord(mydata.idapp, req).then(rec => {
    // tools.mylog('rec', rec);
    return res.send(rec);

  }).catch((e) => {

  });

  return res.send(rec);

  return mytablerec.save().then(rec => {
    // tools.mylog('rec', rec);
    return res.send(rec);

  }).catch((e) => {
    if (e.code === 11000) {
      const id = mytablerec._id;
      delete mytablerec._doc['_id'];
      const myfields = mytablerec._doc;
      if (!myfields.userId) {
        myfields.userId = req.user._id.toString();
      }
      return mytablestrutt.findByIdAndUpdate(id, {$set: myfields}).
          then(async (rec) => {
            return res.send(rec);
          }).
          catch((err) => {
            tools.mylog('error: ', err.message);
            return res.status(400).send(err);
          });
    } else {
      console.log(e.message);
    }
  });

});

router.post('/gettable', authenticate, (req, res) => {
  const params = req.body;
  const mytable = getTableByTableName(params.table);
  // console.log('mytable', mytable);
  if (!mytable) {
    console.log(`Table ${params.table} not found`);
    return res.status(400).send({});
  }

  return mytable.executeQueryTable(req.user.idapp, params).then(ris => {
    return res.send(ris);

  }).catch((e) => {
    console.log(e.message);
    res.status(400).send(e);
  });

});

router.post('/getpage', async (req, res) => {
  const params = req.body;
  const idapp = req.body.idapp;
  const mypath = params.path;

  return MyPage.findOne({idapp, path: mypath}).then((ris) => {
    return res.send({mypage: ris});
  }).catch((e) => {
    console.log(e.message);
    res.status(400).send(e);
  });

});

router.patch('/setlang', authenticate, async (req, res) => {
  const username = req.body.data.username;
  const idapp = req.body.idapp;
  const mydata = req.body.data;

  const lang = mydata.lang;

  const fieldsvalue = {
    lang,
  };

  if (!!lang) {
    const rec = await User.findByUsername(idapp, username, false);
    let ris = null;
    if (!!rec)
      ris = await User.findByIdAndUpdate(rec.id, {$set: fieldsvalue});

    if (!!ris) {
      return res.send({code: server_constants.RIS_CODE_OK, msg: ''});
    }

    res.status(400).send();
  }

});

router.patch('/chval', authenticate, async (req, res) => {
  // const idapp = req.body.idapp;
  const id = req.body.data.id;
  const idapp = req.body.idapp;
  const mydata = req.body.data;

  const mytable = getTableByTableName(mydata.table);
  const fieldsvalue = mydata.fieldsvalue;
  const unset = mydata.unset;

  // tools.mylogshow('PATCH CHVAL: ', id, fieldsvalue);

  // If I change my record...
  if ((!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm) &&
      !User.isEditor(req.user.perm) && !User.isTutor(req.user.perm)) &&
      (req.user._id.toString() !== id) &&
      !tools.ModificheConsentite(mydata.table, fieldsvalue)) {
    // If without permissions, exit
    return res.status(404).
        send({code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: ''});
  }

  const camporequisiti = UserCost.FIELDS_REQUISITI.includes(
      Object.keys(fieldsvalue)[0]);

  let allData = {};
  if (mydata.table === 'users') {
    if (camporequisiti) {
      allData = {};
      allData.myuser = await User.getUserById(idapp, id);
      if (!!allData.myuser)
        allData.precDataUser = await User.getInfoUser(idapp,
            allData.myuser.username);
      else
        allData.precDataUser = null;
      // allData.useraportador = await ListaIngresso.getUserByInvitante_Username(idapp, allData.myuser.aportador_solidario);
      // allData.precDataAportador = await getInfoUser(idapp, allData.myuser.aportador_solidario);
    }
  }

  let index = 0;

  let recoldnave = null;

  let myuser = null;
  let mydatamsg = {};

  let flotta = null;
  let strflotta = '';

  if (mydata.table === 'navi') {
    if (!!id) {
      recoldnave = await mytable.findOne({_id: ObjectID(id)});

      let mypos = {
        idapp,
        riga: recoldnave.riga,
        col: recoldnave.col,
        numup: 3,
      };
      tools.getRigaColByPosUp(mypos);
      mydatamsg = {
        navemediatore: {riga: mypos.riga, col: mypos.col},
      };

      if (!!fieldsvalue.riga) {
        flotta = await Flotta.getFlottaByRigaColDonatore(idapp,
            fieldsvalue.riga, fieldsvalue.col);
        if (!!flotta) {
          strflotta = Flotta.getStrFlotta(flotta);
        }
        myuser = await User.findByIndOrder(idapp, recoldnave.ind_order);
      }
    }
  }

  if (shared_consts.TABLES_UPDATE_LASTMODIFIED.includes(mydata.table)) {
    fieldsvalue.date_updated = new Date();
  }

  await mytable.findByIdAndUpdate(id, {$set: fieldsvalue}).then(async (rec) => {
    // tools.mylogshow(' REC TO MODIFY: ', rec);
    if (!rec) {
      return res.status(404).send();
    } else {
      let addmsg = '';

      if (mydata.table === 'navi' && ('made_gift' in fieldsvalue)) {

        if (fieldsvalue['made_gift'] && !rec.received_gift) {
          if (mydata.tipomsg) {

            if (!!myuser) {
              mydatamsg.tipomsg = tools.TipoMsg.SEND_MSG_DONO_RICEVUTO_CORRETTAMENTE;
              const rismsg = await telegrambot.getMsgByTipoMsg(mydatamsg,
                  myuser.lang, myuser, false);
              addmsg = rismsg.body;
            }
          }

          await mytable.findByIdAndUpdate(id, {$set: {received_gift: true}});
        }

        if (!!unset) {
          const risunset = await mytable.findByIdAndUpdate(id, {$unset: unset});
          if (!!risunset) {
            if ('date_made_gift' in unset) {
              let addtext = strflotta +
                  ` E' stato annullato l'invio del dono di ${myuser.name} ${myuser.surname} (${myuser.username}) da parte di ${req.user.name} ${req.user.surname} - [Posiz: ${fieldsvalue.riga}.${fieldsvalue.col}]`;
              telegrambot.sendMsgTelegramToTheManagers(idapp, addtext, false);
              tools.writeFlottaLog(idapp, addtext, flotta.riga,
                  flotta.col_prima);

              if (!!recoldnave) {
                if (!!recoldnave.date_made_gift) {
                  // Se l'utente aveva confermato il Dono, allora gli mando un msg che non è stato ricevuto ...
                  mydatamsg.tipomsg = tools.TipoMsg.SEND_MSG_DONO_NON_RICEVUTO;
                  const rismsg = await telegrambot.getMsgByTipoMsg(mydatamsg,
                      myuser.lang, myuser, false);
                  let mymsg = rismsg.body;
                  if (!!mymsg) {
                    await telegrambot.sendMsgTelegram(idapp, myuser.username,
                        mymsg);
                  }
                }
              }
            }
          }
        }
      }

      // SEND_MSG_DONO_RICEVUTO_CORRETTAMENTE

      if (mydata.notifBot) {
        // Send Notification to the BOT
        await telegrambot.sendMsgTelegram(idapp, mydata.notifBot.un,
            mydata.notifBot.txt);
        if (!!addmsg)
          await telegrambot.sendMsgTelegram(idapp, mydata.notifBot.un, addmsg);
        let addtext = '[Msg Inviato a ' + mydata.notifBot.un + ']:' + '\n' +
            mydata.notifBot.txt;
        telegrambot.sendMsgTelegramToTheManagers(idapp, addtext, true);

        if (!!flotta)
          tools.writeFlottaLog(idapp, addtext, flotta.riga, flotta.col_prima);
      }

      if (mydata.table === 'users') {
        if (camporequisiti) {
          await User.checkIfSbloccatiRequisiti(idapp, allData, id);
        }
      }

      if (mydata.table === 'flotte') {
        if (('date_start' in fieldsvalue) || ('date_close' in fieldsvalue)) {
          await NavePersistente.changeField(idapp, rec, fieldsvalue);
        }
      }

      if (mydata.table === 'users') {
        /*if ('saw_zoom_presentation' in fieldsvalue) {
          if (fieldsvalue['saw_zoom_presentation']) {
            const messaggio = tools.get__('ZOOM_CONFERMATO');
            await telegrambot.sendMsgTelegram(idapp, myuser.username, messaggio);
            await telegrambot.sendMsgTelegramToTheManagersAndZoomeri(idapp, `L\'utente ${rec.name} ${rec.surname} (${rec.username}) è stato confermato per aver visto lo Zoom di Benvenuto`);
          }
        }*/

        if ('aportador_solidario' in fieldsvalue) {
          let ind_order_ingr = mydata.ind_order_ingr;
          // SERVE SE CI METTO LE MINUSCOLE/MAIUSCOLE SBAGLIATE in invitante_username!
          const myuserfound = await User.findByUsername(idapp,
              fieldsvalue.aportador_solidario, false);
          if (!!myuserfound) {
            if (!!myuserfound._id && !myuserfound.deleted) {
              const aportador = await User.getUsernameById(idapp,
                  myuserfound._id);
              fieldsvalue.aportador_solidario = aportador;
              //Aggiorna record !
              await mytable.findByIdAndUpdate(id, {$set: fieldsvalue});

              const myfirstrec = await ListaIngresso.findOne(
                  {username: rec.username, ind_order: ind_order_ingr});
              if (!!myfirstrec) {
                if (!!myfirstrec._id && !myfirstrec.deleted) {
                  let fieldsv2 = {
                    invitante_username: aportador,
                  };
                  //Aggiorna record !
                  await ListaIngresso.findByIdAndUpdate(
                      myfirstrec._id.toString(), {$set: fieldsv2});
                }
              }
            }
          } else {
            res.send(
                {code: server_constants.RIS_CODE_ERR, msg: 'Non aggiornato'});
            res.status(400).send();
            return false;
          }
        } else if ('deleted' in fieldsvalue) {
          let msg = '';
          if (fieldsvalue.deleted)
            msg = 'cancellato (nascosto)';
          else
            msg = 'Ripristinato';

          await telegrambot.sendMsgTelegramToTheManagers(idapp,
              `L\'utente ${rec.name} ${rec.surname} (${rec.username}) è stato ${msg} da ${req.user.name} ${req.user.surname}`);
        }
      }

      if (mydata.table === 'listaingressos') {
        if ('invitante_username' in fieldsvalue) {
          // SERVE SE CI METTO LE MINUSCOLE/MAIUSCOLE SBAGLIATE in invitante_username!
          const myuserfound = await User.findByUsername(idapp,
              fieldsvalue.invitante_username, false);
          if (!!myuserfound) {
            if (!!myuserfound._id && !myuserfound.deleted) {
              fieldsvalue.invitante_username = await User.getUsernameById(idapp,
                  myuserfound._id);
              //Aggiorna record !
              const ris = await mytable.findByIdAndUpdate(id,
                  {$set: fieldsvalue});
              if (!!ris) {
                /*let fieldsv2 = {
                  aportador_solidario: fieldsvalue.invitante_username
                };

                //Aggiorna record !
                await User.findByIdAndUpdate(myuserfound._id, { $set: fieldsv2 });
                */
              }
            }
          } else {
            // res.send({ code: server_constants.RIS_CODE_ERR, msg: 'Non aggiornato' });
            // res.status(400).send();
            // return false;
          }
        }
        if ('note' in fieldsvalue) {
          // Aggiornalo anche in Graduatorie
          await Graduatoria.findOneAndUpdate({
            idapp,
            idListaIngresso: id,
          }, {$set: {note: fieldsvalue.note}}, {new: false});
        }
      }

      if (tools.ModificheConsentite(mydata.table, fieldsvalue)) {
        let msg = '';
        if (mydata.table === 'users') {
          if ('aportador_solidario' in fieldsvalue) {
            const nomecognomenuovo = await User.getNameSurnameByUsername(idapp,
                fieldsvalue.aportador_solidario);
            const nomecognomeas = await User.getNameSurnameByUsername(idapp,
                rec.aportador_solidario);
            msg = `Variato l'invitante di ` + rec.name + ' ' + rec.surname +
                '\nmodificato da ' + req.user.name + ' ' + req.user.surname +
                ' \n' +
                'Prima: ' + nomecognomeas + ' (' + rec.aportador_solidario +
                ')\n' +
                'Dopo: ' + nomecognomenuovo + ' (' +
                fieldsvalue.aportador_solidario + ') ]';

            // Metti l'iniziale
            if (!await User.AportadorOrig(id)) {
              await mytable.findByIdAndUpdate(id,
                  {$set: {aportador_iniziale: fieldsvalue.aportador_solidario}},
                  {new: false});
            }
          }

        } else if (mydata.table === 'navi') {
          if ('made_gift' in fieldsvalue) {
            if (!!fieldsvalue.riga) {
              const navepers = await Nave.ricalcolaNave(idapp, null,
                  fieldsvalue.riga, fieldsvalue.col, true, index);

              if (!!navepers)
                await NavePersistente.aggiornaFlottaByNavePersistente(idapp,
                    navepers);
            }
          }
        }

        if (msg !== '')
          telegrambot.sendMsgTelegramToTheManagers(idapp, msg);
      }

      res.send({code: server_constants.RIS_CODE_OK, msg: ''});

    }

  }).catch((e) => {
    tools.mylogserr('Error patch USER: ', e.message);
    res.status(400).send();
  });

});

router.patch('/askfunz', authenticate, async (req, res) => {
  // const idapp = req.body.idapp;
  const id = req.body.data.id;
  // const ind_order = req.body.data.ind_order;
  // const username = req.body.data.username;
  const idapp = req.body.idapp;
  const mydata = req.body.data;

  let entra = false;
  if (!entra) {
    // If I change my record...
    if ((!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm) &&
        !User.isTutor(req.user.perm)) && (req.user._id.toString() !== id)) {
      // If without permissions, exit
      return res.status(404).
          send({code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: ''});
    }
  }

  if (mydata.myfunc === shared_consts.CallFunz.DAMMI_PRIMO_UTENTE_LIBERO) {
    const userfree = await Graduatoria.getFirstUserGradFree(idapp);

    if (!!userfree)
      return res.send({code: server_constants.RIS_CODE_OK, out: userfree});
    /*} else if (mydata.myfunc === shared_consts.CallFunz.GET_VALBYTABLE) {
      const mytable = getTableByTableName(mydata.table);
      const coltoshow = {
        [mydata.coltoshow]: 1
      };

      const ris = await mytable.findOne({ _id: id }, coltoshow);

      return ris;
    } else if (mydata.myfunc === shared_consts.CallFunz.SET_VALBYTABLE) {
      const mytable = getTableByTableName(mydata.table);
      const value = mydata.value;
      const coltoset = {
        [mydata.coltoshow]: value
      };

      const ris = await mytable.findOneAndUpdate({ _id: id }, { $set: coltoset }, { new: false });
      if (!!ris)
        return res.send({ code: server_constants.RIS_CODE_OK });*/
  }

  return res.send({code: server_constants.RIS_CODE_ERR});

});

router.patch('/callfunz', authenticate, async (req, res) => {
  // const idapp = req.body.idapp;
  const id = req.body.data.id;
  // const ind_order = req.body.data.ind_order;
  const username = req.body.data.username;
  const idapp = req.body.idapp;
  const mydata = req.body.data;

  // const telegrambot = require('../telegram/telegrambot');

  try {
    let entra = false;
    if (mydata.myfunc === shared_consts.CallFunz.AGGIUNGI_NUOVO_IMBARCO ||
        mydata.myfunc === shared_consts.CallFunz.CANCELLA_IMBARCO) {
      entra = true;
    }
    if (!entra) {
      // If I change my record...
      if ((!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm) &&
          !User.isTutor(req.user.perm)) && (req.user._id.toString() !== id)) {
        // If without permissions, exit
        return res.status(404).
            send({code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: ''});
      }
    }

    let myuser = await User.findOne({idapp, username});

    let fieldsvalue = {};

    if (mydata.myfunc === shared_consts.CallFunz.SOSTITUISCI) { // SOSTITUISCI

      let username_da_sostituire = mydata.data.username_da_sostituire;

      let myuservecchio = await User.findOne(
          {idapp, username: username_da_sostituire});

      let mianavedasost = await Nave.findOne(
          {idapp, riga: mydata.data.riga, col: mydata.data.col});
      if (!!mianavedasost) {

        // Sostituisci l'Utente
        let myusernuovo = await User.getUserShortDataByUsername(idapp,
            mydata.data.username);
        let navepersistente = await NavePersistente.findByRigaColByDonatore(
            idapp, mydata.data.riga, mydata.data.col, 0);

        if (myusernuovo) {

          if (!mydata.data.AddImbarco && mianavedasost.ind_order > 0) {

            // Controlla prima se è in una Nave Temporanea, allora lo elimina dall'ultima Nave Temporanea

            let miaarrnavi = await Nave.getArrPosizioniByUsername(idapp,
                username);
            if (miaarrnavi) {
              miaarrnavi = miaarrnavi.reverse();  // parto dall'ultima
              for (const mianave of miaarrnavi) {
                let persistente = await NavePersistente.findByRigaColByDonatore(
                    idapp, mianave.riga, mianave.col, 0);
                if (persistente.provvisoria) {
                  fieldsvalue = {
                    ind_order: -1,
                  };

                  let ris = await Nave.findByIdAndUpdate(mianave._id,
                      {$set: fieldsvalue});
                  if (!!ris) {
                    // rimosso++;
                    break; // Rimuovilo solo 1 !
                  }
                }
              }
            }
          }

          if (mianavedasost.ind_order >= 0) {

            // ELIMINO LA LISTAINGRESSO CHE STO SOSTITUENDO (SOLO SE NON VIENE USATA DA ALTRA NAVE!)
            let eliminatoingr = await ListaIngresso.eliminaListaIngresso(idapp,
                mianavedasost.ind_order, req, mianavedasost.num_tess);

            if (!eliminatoingr) {
              return res.send({
                code: server_constants.RIS_CODE_ERR,
                msg: 'La Sostituzione non può avvenire ! Contattare Paolo. (ind_order=' +
                    mianavedasost.ind_order + ')',
              });
            }
          }

          if (!!myuservecchio) {
            if (mydata.data.notifBot) {

              const mydatamsg = {
                tipomsg: tools.TipoMsg.SEND_MSG_A_UTENTE_SOSTITUITO,
                navemediatore: {
                  riga: navepersistente.riga,
                  col: navepersistente.col,
                },
              };

              mydatamsg.flotta = await Flotta.getFlottaByNavePersistente(idapp,
                  navepersistente);

              const rismsg = await telegrambot.getMsgByTipoMsg(mydatamsg,
                  myuservecchio.lang, myuservecchio, false);

              if (!!rismsg) {
                let messaggio = rismsg.body;
                // let mytitle = rismsg.title;
                if (!!messaggio) {
                  await telegrambot.sendMsgTelegram(idapp, myusernuovo.username,
                      messaggio);
                }
              }
            }

            // Se ha gia delle altre navi, non cancellarlo!
            if (!await Nave.checkIfMadeGift(idapp, myuservecchio.username)) {

              if (mydata.data.deleteUser && mianavedasost.ind_order > 0) {
                // Metti Deleted allo User
                fieldsvalue = {
                  deleted: true,
                  date_deleted: new Date(),
                };

                await User.findByIdAndUpdate(myuservecchio.id,
                    {$set: fieldsvalue});
                await telegrambot.sendMsgTelegramToTheManagers(idapp,
                    `L\'utente ${myuservecchio.name} ${myuservecchio.surname} (${myuservecchio.username}) è stato cancellato (nascosto) perchè sostituito (da ${req.user.name} ${req.user.surname} )`);
              }
            }

          }

          let ind_order = -1;
          let myingr = null;
          // Estrai un ind_order dalla Lista, se era ancora in attesa
          if (!mydata.data.AddImbarco)
            myingr = await ListaIngresso.findOne(
                {idapp, added: false, username: myusernuovo.username});

          if (!!myingr) {
            ind_order = myingr.ind_order;

            myingr.added = true;
            await myingr.save();
          } else {
            // Crea un nuovo Ingresso
            myingr = await ListaIngresso.addUserInListaIngresso(idapp,
                myuser.username, myuser.username, myuser.lang, false, true,
                null, null, true);
            ind_order = myingr.ind_order;

            await myingr.save();

          }

          // Togliolo dalla Graduatoria!
          await Graduatoria.findOneAndUpdate({
            idapp,
            idListaIngresso: myingr._id,
          }, {$set: {ind_order: -1}}, {new: false});

          // Aggiorna la Nave con il Nuovo
          fieldsvalue = {
            ind_order,
          };

          const dachi = req.user.name + ' ' + req.user.surname;

          return await Nave.findByIdAndUpdate(mianavedasost.id,
              {$set: fieldsvalue}).then(async (nave) => {
            // tools.mylogshow(' REC TO MODIFY: ', rec);
            if (!nave) {
              return res.status(404).send();
            } else {

              const mydatamsg = {
                tipomsg: tools.TipoMsg.SEND_MSG_EFFETTUA_IL_DONO,
                navemediatore: {
                  riga: navepersistente.riga,
                  col: navepersistente.col,
                },
              };

              mydatamsg.flotta = await Flotta.getFlottaByNavePersistente(idapp,
                  navepersistente);

              const rismsg = await telegrambot.getMsgByTipoMsg(mydatamsg,
                  myusernuovo.lang, myusernuovo, false);

              let messaggio = rismsg.body;
              let mytitle = rismsg.title;

              // const myplacca = await Nave.getNavePos(idapp, navepersistente.riga, navepersistente.col);
              // messaggio += tools.ACAPO + myplacca;

              let testostaff = '';
              if (mydata.notifBot)
                testostaff = mydata.notifBot.txt;

              const mymsg = testostaff + ' ' + myusernuovo.name + ' ' +
                  myusernuovo.surname + ' [da ' + dachi + ']' + tools.ACAPO +
                  'Inviato messaggio: ' + messaggio;

              if (mydata.data.notifBot) {

                await telegrambot.sendMsgTelegram(idapp, myusernuovo.username,
                    messaggio);

                if (mydata.data.inviaemail) {
                  await sendemail.sendEmail_ByText(myusernuovo.lang,
                      myusernuovo.email, myusernuovo, idapp, {
                        emailbody: messaggio,
                        emailtitle: mytitle,
                      });
                }

                await telegrambot.sendMsgTelegramToTheManagers(idapp,
                    testostaff);
                await telegrambot.sendMsgTelegram(idapp, req.user.username,
                    testostaff);
                // await telegrambot.sendMsgTelegram(idapp, req.user.username, myplacca);
              } else {
                tools.writeManagersLog(mymsg);
              }

              const msgsost = '[NAVE ' + navepersistente.riga + '.' +
                  navepersistente.col + '] Sostituito ' +
                  myuservecchio.username + ' (' + myuservecchio.name + ' ' +
                  myuservecchio.surname + ') ' + ' con -> ' +
                  myusernuovo.username + ' (' + myusernuovo.name + ' ' +
                  myusernuovo.surname + '' +
                  ') [Posiz. ' + nave.riga + '.' + nave.col + ' ind_order=' +
                  nave.ind_order + '] ' + ' [da ' + dachi + ']';
              tools.writeSostituzioniLog(msgsost);
              tools.writeFlottaLog(idapp, msgsost, mydatamsg.flotta.riga,
                  mydatamsg.flotta.col_prima);
              await telegrambot.sendMsgTelegramToTheManagers(idapp, msgsost,
                  false);

              // const nomecognomeprima = myuser.name + ' ' + myuser.surname + '(' + myuser.username + ')';
              // const nomecognomenuovo = await User.getNameSurnameByUsername(idapp,);

              res.send({code: server_constants.RIS_CODE_OK, msg: ''});
            }

          }).catch((e) => {
            tools.mylogserr('Error patch USER: ', e.message);
            res.status(400).send();
          });
        }
      }
    } else if (mydata.myfunc ===
        shared_consts.CallFunz.AGGIUNGI_NUOVO_IMBARCO) {
      // Ottieni il prossimo Numero di Tessitura
      //let num_tess = await Nave.getNextNumTess(idapp, ind_order);
      // const num_tess = 1;

      /*
      let listaingr = await ListaIngresso.find({ idapp, ind_order }).sort({ num_tess: 1 });
      const trovato = listaingr.find((rec) => rec.num_tess === num_tess);
      if (trovato) {
        num_tess = listaingr.slice(-1)[0].num_tess + 2;
      }
      */

      // metti l'invitante inizialmente a Te stesso !
      const invitante_username = req.body.data.invitante_username;

      await ListaIngresso.addUserInListaIngresso(idapp, username,
          invitante_username, myuser.lang, true, true);

      let arrimbarchi = await ListaIngresso.findAllByUsername(idapp, username);
      return res.send({code: server_constants.RIS_CODE_OK, arrimbarchi});

    } else if (mydata.myfunc === shared_consts.CallFunz.CANCELLA_IMBARCO) {

      const myrec = await ListaIngresso.getIngrEUserByFilter(idapp,
          {idapp, _id: ObjectID(mydata.data.id)});

      if (!!myrec) {
        await ListaIngresso.find({_id: mydata.data.id});

        const risdel = await ListaIngresso.eliminaListaIngresso(idapp,
            mydata.ind_order, req, mydata.data.num_tess);

        if (risdel) {
          return res.send({code: server_constants.RIS_CODE_OK, msg: ''});
        }
      }

    } else if (mydata.myfunc === shared_consts.CallFunz.ZOOM_GIA_PARTECIPATO) {

      if (!!myuser.username) {
        let FormDaMostrare = telegrambot.getFormDaMostrare(idapp, mydata.myfunc,
            myuser);

        await telegrambot.sendMsgTelegramToTheManagers(idapp,
            `L\'utente ${myuser.name} ${myuser.surname} (${myuser.username}) ha detto di aver già visto lo Zoom di Benvenuto`,
            false, FormDaMostrare);

        const ris = await User.findByIdAndUpdate(myuser.id,
            {$set: {'profile.ask_zoom_partecipato': true}});
        if (ris)
          return res.send({code: server_constants.RIS_CODE_OK, msg: ''});
      }
    }

    return res.send({code: server_constants.RIS_CODE_ERR});

  } catch (e) {
    console.log(e.message);
    res.status(400).send();
  }
});

router.get('/copyfromapptoapp/:idapporig/:idappdest', async (req, res) => {
//   const idapporig = req.params.idapporig;
//   const idappdest = req.params.idappdest;
//   if (!idapporig || !idappdest)
//     res.status(400).send();
//
//   const mytablesstr = ['settings', 'users', 'templemail', 'contribtype'];
//
//   try {
//     let numrectot = 0;
//     for (const table of mytablesstr) {
//       const mytable = getTableByTableName(table);
//
//       tools.mylogshow('copyfromapptoapp: ', table, mytable);
//
//       await mytable.DuplicateAllRecords(idapporig, idappdest).then((numrec) => {
//         // tools.mylogshow(' REC TO MODIFY: ', rec);
//         numrectot += numrec
//       });
//     }
//
//     res.send({ code: server_constants.RIS_CODE_OK, msg: '', numrectot });
//
//   } catch (e) {
//     tools.mylogserr('Error copyfromapptoapp: ', e);
//     res.status(400).send();
//   }
});

router.delete('/delrec/:table/:id', authenticate, async (req, res) => {
  const id = req.params.id;
  // const idapp = req.user.idapp;
  const tablename = req.params.table;
  // let notifBot = false;
  // const idapp = req.body.idapp;

  console.log('id', id, 'table', tablename);

  const mytable = getTableByTableName(tablename);

  const fields = {'ALL': 1};

  if ((!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm)) &&
      (tablename !== 'extralist') &&
      !tools.ModificheConsentite(tablename, fields, id, req.user)) {
    // If without permissions, exit
    return res.status(404).
        send({code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: ''});
  }

  let cancellato = false;

  // tools.NotifyIfDelRecord(tablename);

  if (!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm)) {
    if (tablename === 'users') {

      let fieldsvalue = {
        deleted: true,
        date_deleted: new Date(),
      };

      await mytable.findByIdAndUpdate(id, {$set: fieldsvalue});

      cancellato = true;
    }
  }

  let ris = null;

  if (!cancellato) {
    ris = await mytable.findByIdAndRemove(id).then((rec) => {
      if (!rec) {
        // res.status(404).send();
        return false;
      }

      cancellato = true;

      tools.mylog('DELETED ', rec._id);

      return true;

    }).catch((e) => {
      console.log(e.message);
      res.status(400).send();
    });
  }

  if (cancellato) {
    // Do extra things after deleted
    //let ris2 = await actions.doOtherlasThingsAfterDeleted(tablename, myrec, notifBot, req);
    if (!!ris) {
      return res.send({code: server_constants.RIS_CODE_OK, msg: ''});
    }
  }

  res.send({code: server_constants.RIS_CODE_ERR, msg: ''});
  return ris;

});

router.post('/duprec/:table/:id', authenticate, (req, res) => {
  const id = req.params.id;
  const tablename = req.params.table;
  // const idapp = req.body.idapp;

  console.log('id', id, 'table', tablename);

  const mytable = getTableByTableName(tablename);

  if (!req.user) {
    return res.status(404).
        send({code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: ''});
  }

  if (!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm)) {
    // If without permissions, exit
    return res.status(404).
        send({code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: ''});
  }

  return mytable.findById(id).then((mydata) => {

    const datadup = tools.CloneRecordToNew(mydata);
    const mynewrec = new mytable(datadup);

    return mynewrec.save().then((rec) => {
      if (!rec) {
        return res.status(404).send();
      }

      tools.mylog('DUPLICATED ', rec);

      // Do extra things after deleted
      return actions.doOtherThingsAfterDuplicated(tablename, rec).
          then(({myrec}) => {
            // ...
            mytable.findById(myrec._id).then((record) => {
              return res.send(
                  {code: server_constants.RIS_CODE_OK, record, msg: ''});
            });

          });

    }).catch((e) => {
      console.error(e.message);
      res.status(400).send();
    });
  });

});

router.get('/loadsite/:userId/:idapp', authenticate_noerror, (req, res) => {
  load(req, res, '0');
});

router.get('/loadsite/:userId/:idapp/:vers', authenticate_noerror,
    (req, res) => {
      let versionstr = req.params.vers;

      let version = tools.getVersionint(versionstr);

      load(req, res, version);
    });

function load(req, res, version) {
  const userId = req.params.userId;
  const idapp = req.params.idapp;

  if (!version) {
    version = '0';
  }

  let sall = '0';
  if (!!req.user) {
    sall = (User.isAdmin(req.user.perm) || User.isManager(req.user.perm) ||
        User.isEditor(req.user.perm)) ? '1' : '0';
  }

  // var category = req.params.category;

  // tools.mylog('loadsite : ', req.params);

  let bookedevent = [];
  // let msgs = [];

  let socioresidente = false;

  if (!!req.user)
    socioresidente = req.user.profile.socioresidente;

  if (userId !== '0') {
    // LOGGED WITH USERID
    bookedevent = Booking.findAllByUserIdAndIdApp(userId, idapp, sall);
  }

  // Extract all the todos of the userId only
  const eventlist = MyEvent.findAllIdApp(socioresidente, idapp);
  const operators = Operator.findAllIdApp(idapp);
  const internalpages = MyPage.findInternalPages(idapp);
  const wheres = Where.findAllIdApp(idapp);
  const contribtype = Contribtype.findAllIdApp(idapp);
  const paymenttype = PaymentType.findAllIdApp(idapp);
  const disciplines = Discipline.findAllIdApp(idapp);
  const settings = Settings.findAllIdApp(idapp, false);

  const permissions = Permission.findAllIdApp();

  let newstosent = Promise.resolve([]);
  let mailinglist = Promise.resolve([]);
  let mypage;
  if (version > 91)
    mypage = MyPage.findOnlyStruttRec(idapp);
  else
    mypage = MyPage.findAllIdApp(idapp);
  let calzoom = CalZoom.findAllIdApp(idapp);
  let gallery = Gallery.findAllIdApp(idapp);
  let producers = Producer.findAllIdApp(idapp);
  let groups = Group.findAllIdApp(idapp);
  let resps = User.getusersRespList(idapp);
  let workers = User.getusersWorkersList(idapp);
  let storehouses = Storehouse.findAllIdApp(idapp);
  let departments = Department.findAllIdApp(idapp);
  let levels = Level.findAllIdApp(idapp);
  let skills = Skill.findAllIdApp(idapp);
  let statusSkills = StatusSkill.findAllIdApp(idapp);
  let sectors = Sector.findAllIdApp(idapp);
  let cities = City.findAllIdApp(idapp);
  let cart = null;
  let orderscart = null;
  if (sall) {
    newstosent = Newstosent.findAllIdApp(idapp);
  }

  let calcstat = null;
  if (req.user) {
    calcstat = User.calculateStat(idapp, req.user.username);
    cart = Cart.getCartByUserId(req.user.id, idapp);
    if (User.isManager(req.user.perm)) {
      // Prende Tutti gli Ordini !
      orderscart = OrdersCart.getOrdersCartByUserId('ALL', idapp, 0);
    } else {
      orderscart = OrdersCart.getOrdersCartByUserId(req.user.id, idapp, 0);
    }
  }

  return Promise.all([
    bookedevent,
    eventlist,
    operators,
    wheres,
    contribtype,
    settings,
    permissions,
    disciplines,
    newstosent,
    mailinglist,
    mypage,
    gallery,
    paymenttype,
    calcstat,
    calzoom,
    producers,
    cart,
    storehouses,
    departments,
    orderscart,
    groups,
    resps,
    workers,
    internalpages,
    levels,
    skills,
    sectors,
    statusSkills,
    cities]).then((arrdata) => {
    // console.table(arrdata);
    const myuser = req.user;
    if (myuser) {
      myuser.password = '';
      myuser._doc.calcstat = arrdata[13];
    }
    if (version < 91) {
      res.send({
        bookedevent: arrdata[0],
        eventlist: arrdata[1],
        operators: arrdata[2],
        wheres: arrdata[3],
        contribtype: arrdata[4],
        settings: arrdata[5],
        permissions: arrdata[6],
        disciplines: arrdata[7],
        newstosent: arrdata[8],
        mailinglist: arrdata[9],
        mypage: arrdata[10],
        gallery: arrdata[11],
        paymenttypes: arrdata[12],
        calzoom: arrdata[14],
        producers: arrdata[15],
        cart: arrdata[16],
        storehouses: arrdata[17],
        departments: arrdata[18],
        orders: arrdata[19],
        groups: arrdata[20],
        resps: arrdata[21],
        workers: arrdata[22],
        myuser,
        internalpages: arrdata[23],
      });
    } else {
      res.send({
        bookedevent: arrdata[0],
        eventlist: arrdata[1],
        operators: arrdata[2],
        wheres: arrdata[3],
        contribtype: arrdata[4],
        settings: arrdata[5],
        permissions: arrdata[6],
        disciplines: arrdata[7],
        newstosent: arrdata[8],
        mailinglist: arrdata[9],
        mypage: arrdata[10],
        gallery: arrdata[11],
        paymenttypes: arrdata[12],
        calzoom: arrdata[14],
        producers: arrdata[15],
        cart: arrdata[16],
        storehouses: arrdata[17],
        departments: arrdata[18],
        orders: arrdata[19],
        groups: arrdata[20],
        resps: arrdata[21],
        workers: arrdata[22],
        myuser,
        internalpages: arrdata[23],
        levels: arrdata[24],
        skills: arrdata[25],
        sectors: arrdata[26],
        statusSkills: arrdata[27],
        cities: arrdata[28],
      });
    }

  }).catch((e) => {
    console.log(e.message);
    res.status(400).send(e);
  });

}

router.get(process.env.LINK_CHECK_UPDATES, authenticate, async (req, res) => {
  const userId = req.user._id;
  const idapp = req.query.idapp;

  // console.log("POST " + process.env.LINK_CHECK_UPDATES + " userId=" + userId);

  if (!ObjectID.isValid(userId)) {
    return res.status(404).send();
  }

  await cfgserver.find({idapp}).then((arrcfgrec) => {

    if (!arrcfgrec)
      return res.status(404).send();

    // ++Todo: Add to Log Stat ....

    // const sall = '0';

    // msgs = SendMsg.findAllByUserIdAndIdApp(userId, req.user.username, req.user.idapp);
    let last_msgs = SendMsg.findLastGroupByUserIdAndIdApp(userId,
        req.user.username, req.user.idapp);

    let usersList = null;

    if (req.user) {
      // If User is Admin, then send user Lists
      if (User.isAdmin(req.user.perm) || User.isEditor(req.user.perm) ||
          User.isManager(req.user.perm)) {
        // Send UsersList
        usersList = User.getUsersList(req.user.idapp);
        // usersList = null;
      }
    }

    return Promise.all([usersList, last_msgs]).then((arrdata) => {
      // console.table(arrdata);
      return res.send({
        cfgServer: arrcfgrec,
        usersList: arrdata[0],
        last_msgs: arrdata[1],
      });
    });

  }).catch((e) => {
    console.log(e.message);
    res.status(400).send({code: server_constants.RIS_CODE_ERR, msg: e});
  });

});

router.post('/upload_from_other_server/:dir', authenticate, (req, res) => {
  // const dir = req.params.dir;
  // const idapp = req.user.idapp;

  /*
    const form = new formidable.IncomingForm();

    form.parse(req);

    const client = new ftp(process.env.FTPSERVER_HOST, process.env.FTPSERVER_PORT, process.env.FTPSERVER_USER + idapp + '@associazioneshen.it', process.env.FTPSERVER_PWD + idapp, false, 134217728);

    // SSL_OP_NO_TLSv1_2 = 134217728

    // console.log('client', client);

    form.uploadDir = folder + '/' + dir;
    try {

      form.on('fileBegin', async function (name, file){
        file.path = folder + '/' + file.name;
      });

      form.on('file', async function (name, file){
        try {
          // Create directory remote

          if (!!dir)
            await client.createDir(dir);

          const miofile = (dir) ? dir + ` / ` + file.name : file.name;
          console.log('Upload...');
          const ret = await client.upload(file.path, miofile, 755);
          console.log('Uploaded ' + file.name, 'status:', ret);
          if (!ret)
            res.status(400).send();
          else {
            // Delete file from local directory
            fs.unlinkSync(file.path);
            res.end();
          }
        }catch (e) {
          console.log('error', e);
          res.status(400).send();
        }
      });

      form.on('aborted', () => {
        console.error('Request aborted by the user');
        res.status(400).send();
      });

      form.on('error', (err) => {
        console.error('Error Uploading', err);
        res.status(400).send();
      });

    } catch (e) {
      console.log('Error', e)
    }
  */

});

function uploadFile(req, res, version) {
  // console.log('/upload dir:' + dir);
  const dir = tools.invertescapeslash(req.params.dir);
  const idapp = req.user.idapp;

  const form = new formidable.IncomingForm();

  form.parse(req);

  let dirmain = '/statics';
  if (version > 0) {
    if (process.env.PROD === 1) {
      dirmain = '';
    } else {
      dirmain = '/public';
    }
  }

  form.uploadDir = folder + '/' + dir;
  try {

    form.on('fileBegin', async function(name, file) {
      file.path = folder + '/' + file.name;
    });

    form.on('file', async function(name, file) {
      try {
        console.log('Uploaded ' + file.name);
        const mydir = tools.getdirByIdApp(idapp) + dirmain + '/upload/' + dir;

        // Create Dir if doesn't exist:
        tools.mkdirpath(mydir);
        let newname = mydir + '/' + file.name;

        console.log('move from ', file.path, 'to :', newname);

        // For local: ... resolve this... sending through the static folder...
        // res.sendFile(path.resolve(file.name));

        // Move in the folder application !
        tools.move(file.path, newname, (err) => {
          if (err)
            console.log('err:', err);
          res.end();
        });

      } catch (e) {
        console.log('error', e);
        res.status(400).send();
      }
    });

    form.on('aborted', () => {
      console.error('Request aborted by the user');
      res.status(400).send();
    });

    form.on('error', (err) => {
      console.error('Error Uploading', err);
      res.status(400).send();
    });

  } catch (e) {
    console.log('Error', e);
  }
}

router.post('/upload/:dir', authenticate, (req, res) => {
  uploadFile(req, res, 0);

});

router.post('/uploadnew/:vers/:dir/', authenticate, (req, res) => {
  let versionstr = req.params.vers;
  let version = tools.getVersionint(versionstr);

  uploadFile(req, res, version);

});

router.delete('/delfile/:vers', authenticate, (req, res) => {
  let versionstr = req.params.vers;
  let version = tools.getVersionint(versionstr);
  deleteFile(req, res, version);
});

router.delete('/delfile', authenticate, (req, res) => {
  deleteFile(req, res, 0);
});

function deleteFile(req, res, version) {
  const relativefile = req.query.filename;
  const idapp = req.user.idapp;

  try {
    let dirmain = '';
    if (version > 0) {
      if (process.env.PROD !== 1) {
        dirmain = '/public';
      }
    }

    try {
      console.log('Delete file ' + relativefile);
      // ++ Move in the folder application !
      let fullpathfile = tools.getdirByIdApp(idapp) + dirmain + '/' + relativefile;

      tools.delete(fullpathfile, (err) => {
        if (err) console.log('err', err);
        if (err === undefined || err.errno === -2)
          res.send({code: server_constants.RIS_CODE_OK, msg: ''});
      });

    } catch (e) {
      console.log('error', e);
      res.status(400).send();
    }
  } catch (e) {
    console.log('Error', e);
  }

}

module.exports = router;