- risolto problema della non attesa della PWA durante la chiamata a Node.js.

- risolto problema dell'ambiente in Locale HTTPS certificato installato aggiornato.
2025-03-13 12:05:16 +01:00
parent 65b29a6eee
commit 0017f04e45
12 changed files with 370 additions and 223 deletions
--- a/src/server/router/users_router.js
+++ b/src/server/router/users_router.js
@@ -31,7 +31,7 @@ const _ = require('lodash');

 const reg = require('../reg/registration');

-const { authenticate, authenticate_noerror } = require('../middleware/authenticate');
+const { authenticate, authenticate_noerror, authenticate_withUser } = require('../middleware/authenticate');


 const Cart = require('../models/cart');
@@ -55,13 +55,13 @@ const mongoose = require('mongoose').set('debug', false);

 const Subscription = require('../models/subscribers');

-function existSubScribe(userId, access, browser) {
-  return Subscription.findOne({ userId, access, browser }).then(itemsub => {
+async function existSubScribe(userId, access, browser) {
+  try {
+    const itemsub = await Subscription.findOne({ userId, access, browser }).lean();
    return itemsub;
-  }).catch(err => {
+  } catch (err) {
    return null;
-  });
-
+  }
 }

 function getMobileComplete(user) {
@@ -445,7 +445,6 @@ router.patch('/:id', authenticate, (req, res) => {
 });

 router.post('/lastmovs', authenticate, async (req, res) => {
-  const username = req.user ? req.user.username : '';
  const nummov = req.body.nummov;
  const idapp = req.body.idapp;

@@ -502,7 +501,6 @@ router.post('/profile', authenticate, (req, res) => {
  const perm = req.user ? req.user.perm : tools.Perm.PERM_NONE;
  const username = req.body['username'];
  const idapp = req.body.idapp;
-  const locale = req.body.locale;

  //++Todo: controlla che tipo di dati ha il permesso di leggere

@@ -712,11 +710,10 @@ function checkBlocked(req, res, next) {
  next();
 }

-
-router.post('/login', checkBlocked, (req, res) => {
-  var body = _.pick(req.body,
+router.post('/login', checkBlocked, async (req, res) => {
+  const body = _.pick(req.body,
    ['username', 'password', 'idapp', 'keyappid', 'lang']);
-  var user = new User(body);
+  const userpass = new User(body);
  // const subs = _.pick(req.body, ['subs']);

  // tools.mylog("LOG: u: " + user.username + " p:" + user.password);
@@ -728,135 +725,89 @@ router.post('/login', checkBlocked, (req, res) => {

  let resalreadysent = false;

-  const myuser = user;
+  try {
+    const user = await User.findByCredentials(userpass.idapp, userpass.username, userpass.password);

-  return User.findByCredentials(user.idapp, user.username, user.password).
-    then(async (user) => {
-      // tools.mylog("CREDENZIALI ! ");
-      if (!user) {
+    if (!user) {
+      const rislogin = await User.tooManyLoginWrong(body.idapp, body.username, true);

-        const rislogin = await User.tooManyLoginWrong(body.idapp, body.username, true);
-        if (rislogin.troppilogin) {
-          let text = 'Troppe richieste di Login ERRATE: ' + body.username + ' [IP: ' + tools.getiPAddressUser(req) + '] Tentativi: ' + rislogin.retry_pwd;
-          telegrambot.sendMsgTelegramToTheManagers(body.idapp, text);
-          console.log('/login', text);
-          res.status(400).send({ code: server_constants.RIS_CODE_ERR, msg: text });
-          return false;
-        }
+      if (rislogin.troppilogin) {
+        let text = 'Troppe richieste di Login ERRATE: ' + body.username + ' [IP: ' + tools.getiPAddressUser(req) + '] Tentativi: ' + rislogin.retry_pwd;
+        telegrambot.sendMsgTelegramToTheManagers(body.idapp, text);
+        console.log('/login', text);
+        res.status(400).send({ code: server_constants.RIS_CODE_ERR, msg: text });
+        return;
+      }

-        await tools.snooze(3000);
+      await tools.snooze(2000);

-        if (!failedLoginAttempts[body.username]) {
-          failedLoginAttempts[body.username] = 1;
-        } else {
-          failedLoginAttempts[body.username]++;
-        }
+      if (!failedLoginAttempts[body.username]) {
+        failedLoginAttempts[body.username] = 1;
+      } else {
+        failedLoginAttempts[body.username]++;
+      }

-        let numvolteerrati = failedLoginAttempts[body.username];
+      let numvolteerrati = failedLoginAttempts[body.username];

-        if (numvolteerrati > 2) {
-          const msg = 'Tentativo (' + numvolteerrati + ') di Login ERRATO [' + body.username + ' , ' + ']\n' + '[IP: ' + tools.getiPAddressUser(req) + ']';
-          tools.mylogshow(msg);
-          await telegrambot.sendMsgTelegramToTheAdmin(myuser.idapp, msg, true);
-          tools.writeErrorLog(msg);
-        }
-        // telegrambot.sendMsgTelegramToTheManagers(body.idapp, msg);
+      if (numvolteerrati > 2) {
+        const msg = 'Tentativo (' + numvolteerrati + ') di Login ERRATO [' + body.username + ' , ' + ']\n' + '[IP: ' + tools.getiPAddressUser(req) + ']';
+        tools.mylogshow(msg);
+        await telegrambot.sendMsgTelegramToTheAdmin(myuser.idapp, msg, true);
+        tools.writeErrorLog(msg);
+      }

-        if (failedLoginAttempts[body.username] >= MAX_FAILED_ATTEMPTS) {
-          blockUser(body.username);
-          text = 'Troppi tentativi di accesso falliti. Utente bloccato (' + body.username + ')' + ' [IP: ' + tools.getiPAddressUser(req) + ']';
-          tools.mylogshow(text);
-          telegrambot.sendMsgTelegramToTheManagers(req.body.idapp, text);
-          res.status(403).json({ message: text });
-          resalreadysent = true;
-        }
-
-        res.status(401).send({ code: server_constants.RIS_CODE_LOGIN_ERR });
+      if (failedLoginAttempts[body.username] >= MAX_FAILED_ATTEMPTS) {
+        blockUser(body.username);
+        text = 'Troppi tentativi di accesso falliti. Utente bloccato (' + body.username + ')' + ' [IP: ' + tools.getiPAddressUser(req) + ']';
+        tools.mylogshow(text);
+        telegrambot.sendMsgTelegramToTheManagers(req.body.idapp, text);
+        res.status(403).json({ message: text });
        resalreadysent = true;
-
      }
-      return user;
-    }).
-    then(user => {
-      // console.log('Lgn-Ok');
-      if (user) {
-        return user.generateAuthToken(req).then((ris) => {
-          var usertosend = new User();

-          shared_consts.fieldsUserToChange().forEach((field) => {
-            usertosend[field] = user[field];
-          });
+      res.status(401).send({ code: server_constants.RIS_CODE_LOGIN_ERR });
+      resalreadysent = true;
+    }

-          // usertosend._id = user._id.toHexString();
-          // if (!User.isAdmin(req.user)) {
-          //   usertosend.ipaddr = user.ipaddr;
-          // }

-          // tools.mylog("user.verified_email:" + user.verified_email);
-          // tools.mylog("usertosend.userId", usertosend.userId);
+    const myris = await user.generateAuthToken(req);

-          return { usertosend, token: ris.token, refreshToken: ris.refreshToken };
+    const usertosend = new User();

-        }).then((myris) => {
-          const access = 'auth';
-          const browser = req.get('User-Agent');
-
-          // Check if already exist Subscribe
-          return existSubScribe(myris.usertosend._id, access, browser).
-            then(subscribe => {
-              return (subscribe !== null);
-            }).
-            then(subsExistonDb => {
-              // console.log('ESEGUITO OK')
-              return {
-                usertosend: myris.usertosend,
-                token: myris.token,
-                refreshToken: myris.refreshToken,
-                subsExistonDb,
-              };
-            }).
-            catch(err => {
-              return {
-                usertosend: myris.usertosend,
-                token: myris.token,
-                refreshToken: myris.refreshToken,
-                subsExistonDb: false,
-              };
-            });
-        }).then(myris => {
-          // console.log('res', myris.token, myris.usertosend);
-
-          // SEND TOKEN AND CODE RESULT
-          return res
-            .header('x-auth', myris.token)
-            .header('x-refrtok', myris.refreshToken)
-            .send({
-              usertosend: myris.usertosend,
-              code: server_constants.RIS_CODE_OK,
-              subsExistonDb: myris.subsExistonDb,
-            });
-
-          // tools.mylog("TROVATOOO!");
-
-          // tools.mylog('FINE LOGIN')
-        });
-      }
-    }).
-    catch((e) => {
-      console.error('ERRORE IN LOGIN: ' + e.message);
-      if (!resalreadysent)
-        res.status(400).
-          send({ code: server_constants.RIS_CODE_LOGIN_ERR_GENERIC, msgerr: e.message });
+    shared_consts.fieldsUserToChange().forEach((field) => {
+      usertosend[field] = user[field];
    });
+
+    const subsExistonDb = await existSubScribe(usertosend._id, 'auth', req.get('User-Agent'));
+
+    res
+      .header('x-auth', myris.token)
+      .header('x-refrtok', myris.refreshToken)
+      .send({
+        usertosend,
+        code: server_constants.RIS_CODE_OK,
+        subsExistonDb,
+      });
+
+  } catch (e) {
+    console.error('ERRORE IN LOGIN: ' + e.message);
+    if (!resalreadysent)
+      res.status(400).
+        send({ code: server_constants.RIS_CODE_LOGIN_ERR_GENERIC, msgerr: e.message });
+  }
 });

-router.delete('/me/token', authenticate, (req, res) => {
+router.delete('/me/token', authenticate_withUser, (req, res) => {
  // tools.mylog("TOKENREM = " + req.token);
-  req.user.removeToken(req.token).then(() => {
-    res.status(200).send();
-  }, () => {
-    res.status(400).send();
-  });
+  try {
+    req.user.removeToken(req.token).then(() => {
+      res.status(200).send();
+    }, () => {
+      res.status(400).send();
+    });
+  } catch (e) {
+    console.log('delete(/me/token', e.message);
+  }
 });

 router.post('/setperm', authenticate, (req, res) => {