surya/freeplanet_serverside
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- aggiornato la guida per installare la App

Browse Source 
- aggiornato la Guida Completa e Breve di RISO.
- pagina per ricevere i RIS.
- sistemato problema creazione nuovi Circuiti (admin non corretti).
- corretto giro delle email, invitante, invitato e ricezione msg su telegram.
This commit is contained in:
Surya Paolo
2025-11-23 01:13:32 +01:00
parent 5b1f3eafbc
commit 00bdc278d8
23 changed files with 2765 additions and 701 deletions
Download Patch File Download Diff File Expand all files Collapse all files

254
src/controllers/UserController.js
View File

@@ -21,14 +21,14 @@ class UserController {
async register(req, res) {
try {
tools.mylog('POST /users - Registration');
// Validate input
const validationError = validateRegistration(req.body);
if (validationError) {
await tools.snooze(5000);
return res.status(400).send({
code: validationError.code,
msg: validationError.message
return res.status(400).send({
code: validationError.code,
msg: validationError.message,
});
}
@@ -38,33 +38,29 @@ class UserController {
// Check security (IP bans, block words, etc.)
const securityCheck = await this._performSecurityChecks(userData, req);
if (securityCheck.blocked) {
return res.status(securityCheck.status).send({
code: securityCheck.code,
msg: securityCheck.message
return res.status(securityCheck.status).send({
code: securityCheck.code,
msg: securityCheck.message,
});
}
// Process registration
const result = await this.registrationService.registerUser(userData, req);
if (result.error) {
return res.status(400).send({
code: result.code,
msg: result.message
return res.status(400).send({
code: result.code,
msg: result.message,
});
}
// Send response with tokens
res
.header('x-auth', result.token)
.header('x-refrtok', result.refreshToken)
.send(result.user);
res.header('x-auth', result.token).header('x-refrtok', result.refreshToken).send(result.user);
} catch (error) {
console.error('Error in registration:', error.message);
res.status(400).send({
code: server_constants.RIS_CODE_ERR,
msg: error.message
res.status(400).send({
code: server_constants.RIS_CODE_ERR,
msg: error.message,
});
}
}
@@ -75,6 +71,7 @@ class UserController {
*/
async login(req, res) {
try {
console.log('LOGIN');
const { username, password, idapp, keyappid } = req.body;
// Validate API key
@@ -85,42 +82,35 @@ class UserController {
// Validate input
const validationError = validateLogin(req.body);
if (validationError) {
return res.status(400).send({
code: validationError.code,
msg: validationError.message
return res.status(400).send({
code: validationError.code,
msg: validationError.message,
});
}
// Attempt login
const result = await this.authService.authenticate(
idapp,
username,
password,
req
);
const result = await this.authService.authenticate(idapp, username, password, req);
console.log('attempt...', result);
if (result.error) {
return res.status(result.status).send({
code: result.code,
msg: result.message
return res.status(result.status).send({
code: result.code,
msg: result.message,
});
}
// Send response with tokens
res
.header('x-auth', result.token)
.header('x-refrtok', result.refreshToken)
.send({
usertosend: result.user,
code: server_constants.RIS_CODE_OK,
subsExistonDb: result.subsExistonDb
});
res.header('x-auth', result.token).header('x-refrtok', result.refreshToken).send({
usertosend: result.user,
code: server_constants.RIS_CODE_OK,
subsExistonDb: result.subsExistonDb,
});
} catch (error) {
console.error('Error in login:', error.message);
res.status(400).send({
code: server_constants.RIS_CODE_LOGIN_ERR_GENERIC,
msgerr: error.message
res.status(400).send({
code: server_constants.RIS_CODE_LOGIN_ERR_GENERIC,
msgerr: error.message,
});
}
}
@@ -141,20 +131,14 @@ class UserController {
}
// Get user profile
const profile = await this.userService.getUserProfile(
idapp,
username,
usernameOrig,
perm
);
const profile = await this.userService.getUserProfile(idapp, username, usernameOrig, perm);
res.send(profile);
} catch (error) {
console.error('Error in getProfile:', error.message);
res.status(400).send({
code: server_constants.RIS_CODE_ERR,
msg: error.message
res.status(400).send({
code: server_constants.RIS_CODE_ERR,
msg: error.message,
});
}
}
@@ -168,21 +152,14 @@ class UserController {
const username = req.user.username;
const { idapp, circuitId, groupname, lastdr } = req.body;
const result = await this.userService.updateUserBalance(
idapp,
username,
circuitId,
groupname,
lastdr
);
const result = await this.userService.updateUserBalance(idapp, username, circuitId, groupname, lastdr);
res.send({ ris: result });
} catch (error) {
console.error('Error in updateSaldo:', error.message);
res.status(400).send({
code: server_constants.RIS_CODE_ERR,
msg: error.message
res.status(400).send({
code: server_constants.RIS_CODE_ERR,
msg: error.message,
});
}
}
@@ -197,14 +174,13 @@ class UserController {
const { idapp } = req.body;
const friends = await this.userService.getUserFriends(idapp, username);
res.send(friends);
res.send(friends);
} catch (error) {
console.error('Error in getFriends:', error.message);
res.status(400).send({
code: server_constants.RIS_CODE_ERR,
msg: error.message
res.status(400).send({
code: server_constants.RIS_CODE_ERR,
msg: error.message,
});
}
}
@@ -220,28 +196,20 @@ class UserController {
// Security check
if (!this._canExecuteFriendCommand(req.user, usernameOrig, usernameDest, cmd)) {
return res.status(server_constants.RIS_CODE_ERR_UNAUTHORIZED).send({
code: server_constants.RIS_CODE_ERR_UNAUTHORIZED,
msg: ''
return res.status(server_constants.RIS_CODE_ERR_UNAUTHORIZED).send({
code: server_constants.RIS_CODE_ERR_UNAUTHORIZED,
msg: '',
});
}
const result = await this.userService.executeFriendCommand(
req,
idapp,
usernameOrig,
usernameDest,
cmd,
value
);
const result = await this.userService.executeFriendCommand(req, idapp, usernameOrig, usernameDest, cmd, value);
res.send(result);
} catch (error) {
console.error('Error in executeFriendCommand:', error.message);
res.status(400).send({
code: server_constants.RIS_CODE_ERR,
msg: error.message
res.status(400).send({
code: server_constants.RIS_CODE_ERR,
msg: error.message,
});
}
}
@@ -256,14 +224,13 @@ class UserController {
const { idapp } = req.body;
const groups = await this.userService.getUserGroups(idapp, username, req);
res.send(groups);
res.send(groups);
} catch (error) {
console.error('Error in getGroups:', error.message);
res.status(400).send({
code: server_constants.RIS_CODE_ERR,
msg: error.message
res.status(400).send({
code: server_constants.RIS_CODE_ERR,
msg: error.message,
});
}
}
@@ -277,20 +244,14 @@ class UserController {
const username = req.user.username;
const { idapp, nummovTodownload } = req.body;
const circuits = await this.userService.getUserCircuits(
idapp,
username,
req.user,
nummovTodownload
);
res.send(circuits);
const circuits = await this.userService.getUserCircuits(idapp, username, req.user, nummovTodownload);
res.send(circuits);
} catch (error) {
console.error('Error in getCircuits:', error.message);
res.status(400).send({
code: server_constants.RIS_CODE_ERR,
msg: error.message
res.status(400).send({
code: server_constants.RIS_CODE_ERR,
msg: error.message,
});
}
}
@@ -315,9 +276,8 @@ class UserController {
res.status(200).send({
token: result.token,
refreshToken: result.refreshToken
refreshToken: result.refreshToken,
});
} catch (error) {
console.error('Error in refreshToken:', error.message);
res.status(500).send({ error: 'Errore interno del server' });
@@ -353,7 +313,6 @@ class UserController {
}
res.status(200).send();
} catch (error) {
console.error('Error in checkUsername:', error.message);
res.status(400).send();
@@ -371,11 +330,10 @@ class UserController {
await this.userService.setUserPermissions(req.user._id, {
idapp,
username,
perm
perm,
});
res.status(200).send();
} catch (error) {
console.error('Error in setPermissions:', error.message);
res.status(400).send();
@@ -392,28 +350,22 @@ class UserController {
// Check permissions
if (!this._hasAdminPermissions(req.user)) {
return res.status(404).send({
code: server_constants.RIS_CODE_ERR_UNAUTHORIZED
return res.status(404).send({
code: server_constants.RIS_CODE_ERR_UNAUTHORIZED,
});
}
const result = await this.userService.executeDbOperation(
idapp,
mydata,
req,
res
);
const result = await this.userService.executeDbOperation(idapp, mydata, req, res);
res.send({
code: server_constants.RIS_CODE_OK,
data: result
res.send({
code: server_constants.RIS_CODE_OK,
data: result,
});
} catch (error) {
console.error('Error in executeDbOperation:', error.message);
res.status(400).send({
code: server_constants.RIS_CODE_ERR,
msg: error.message
res.status(400).send({
code: server_constants.RIS_CODE_ERR,
msg: error.message,
});
}
}
@@ -428,16 +380,15 @@ class UserController {
const mapData = await this.userService.getMapInformation(idapp);
res.send({
code: server_constants.RIS_CODE_OK,
ris: mapData
res.send({
code: server_constants.RIS_CODE_OK,
ris: mapData,
});
} catch (error) {
console.error('Error in getMapInfo:', error.message);
res.status(400).send({
code: server_constants.RIS_CODE_ERR,
msg: error.message
res.status(400).send({
code: server_constants.RIS_CODE_ERR,
msg: error.message,
});
}
}
@@ -446,13 +397,21 @@ class UserController {
_extractUserData(body) {
const fields = [
'email', 'password', 'username', 'group', 'name',
'surname', 'idapp', 'keyappid', 'lang', 'profile',
'aportador_solidario'
'email',
'password',
'username',
'group',
'name',
'surname',
'idapp',
'keyappid',
'lang',
'profile',
'aportador_solidario',
];
const userData = {};
fields.forEach(field => {
fields.forEach((field) => {
if (body[field] !== undefined) {
userData[field] = body[field];
}
@@ -469,16 +428,14 @@ class UserController {
async _performSecurityChecks(userData, req) {
const { User } = require('../models/user');
// Check for blocked words
if (tools.blockwords(userData.username) ||
tools.blockwords(userData.name) ||
tools.blockwords(userData.surname)) {
if (tools.blockwords(userData.username) || tools.blockwords(userData.name) || tools.blockwords(userData.surname)) {
await tools.snooze(5000);
return {
blocked: true,
status: 404,
code: server_constants.RIS_CODE_ERR
return {
blocked: true,
status: 404,
code: server_constants.RIS_CODE_ERR,
};
}
@@ -492,11 +449,11 @@ class UserController {
tools.writeIPToBan(msg);
await telegrambot.sendMsgTelegramToTheAdmin(userData.idapp, '‼️ BAN: ' + msg, true);
await tools.snooze(5000);
return {
blocked: true,
status: 400,
code: server_constants.RIS_CODE_BANIP
return {
blocked: true,
status: 400,
code: server_constants.RIS_CODE_BANIP,
};
}
}
@@ -507,15 +464,12 @@ class UserController {
_canExecuteFriendCommand(user, usernameOrig, usernameDest, cmd) {
const { User } = require('../models/user');
if (User.isAdmin(user.perm) || User.isManager(user.perm)) {
return true;
}
const allowedCommands = [
shared_consts.FRIENDSCMD.SETFRIEND,
shared_consts.FRIENDSCMD.SETHANDSHAKE
];
const allowedCommands = [shared_consts.FRIENDSCMD.SETFRIEND, shared_consts.FRIENDSCMD.SETHANDSHAKE];
if (allowedCommands.includes(cmd)) {
return usernameOrig === user.username || usernameDest === user.username;
@@ -530,4 +484,4 @@ class UserController {
}
}
module.exports = UserController;
module.exports = UserController;

2
src/controllers/telegram.controller.js
View File

@@ -90,7 +90,7 @@ exports.checkVerification = async (req, res) => {
// Controlla se è stato verificato
const verified = !!(user.profile?.teleg_id && user.profile?.username_telegram);
res.json({
return res.json({
verified: verified,
username_telegram: user.profile?.username_telegram || null,
teleg_id: user.profile?.teleg_id || null,

41
src/middleware/securityMiddleware.js
View File

@@ -37,21 +37,23 @@ function clearFailedAttempts(username) {
*/
function checkBlocked(req, res, next) {
const { username } = req.body;
console.log('checkBlocked');
if (!username) {
return res.status(400).json({
message: 'Username mancante'
return res.status(400).json({
message: 'Username mancante',
});
}
if (isUserBlocked(username)) {
const text = `Utente bloccato. Riprova più tardi. (username=${username})`;
console.log(text);
return res.status(403).json({
message: 'Utente bloccato. Riprova più tardi.'
return res.status(403).json({
message: 'Utente bloccato. Riprova più tardi.',
});
}
next();
}
@@ -92,30 +94,30 @@ function rateLimitByIP(req, res, next) {
const tools = require('../tools/general');
const ip = tools.getiPAddressUser(req);
const now = Date.now();
if (!requestCounts[ip]) {
requestCounts[ip] = {
count: 1,
resetTime: now + REQUEST_WINDOW
resetTime: now + REQUEST_WINDOW,
};
return next();
}
if (now > requestCounts[ip].resetTime) {
// Reset window
requestCounts[ip] = {
count: 1,
resetTime: now + REQUEST_WINDOW
resetTime: now + REQUEST_WINDOW,
};
return next();
}
if (requestCounts[ip].count >= MAX_REQUESTS) {
return res.status(429).json({
message: 'Troppi tentativi. Riprova più tardi.'
return res.status(429).json({
message: 'Troppi tentativi. Riprova più tardi.',
});
}
requestCounts[ip].count++;
next();
}
@@ -125,9 +127,8 @@ function rateLimitByIP(req, res, next) {
*/
function cleanupBlockedUsers() {
const now = Date.now();
Object.keys(failedLoginAttempts).forEach(username => {
if (typeof failedLoginAttempts[username] === 'number' &&
failedLoginAttempts[username] < now) {
Object.keys(failedLoginAttempts).forEach((username) => {
if (typeof failedLoginAttempts[username] === 'number' && failedLoginAttempts[username] < now) {
delete failedLoginAttempts[username];
}
});
@@ -146,5 +147,5 @@ module.exports = {
shouldBlockUser,
rateLimitByIP,
MAX_FAILED_ATTEMPTS,
BLOCK_DURATION
};
BLOCK_DURATION,
};

7
src/models/circuit.js
View File

@@ -899,7 +899,7 @@ CircuitSchema.statics.sendCoins = async function (onlycheck, idapp, usernameOrig
let myuserDest = await User.getUserByUsername(idapp, extrarec.dest);
// Invia una email al destinatario !
await sendemail.sendEmail_RisRicevuti(myuserDest.lang, myuserDest, myuserDest.email, idapp, paramsrec);
await sendemail.sendEmail_RisRicevuti(myuserDest.lang, myuserDest, myuserDest.email, idapp, paramsrec, extrarec);
} else if (extrarec.groupdest || extrarec.contoComDest) {
const groupDestoContoCom = extrarec.groupdest
? extrarec.groupdest
@@ -1142,7 +1142,8 @@ CircuitSchema.statics.getCircuitMyProvince = async function (idapp, username) {
CircuitSchema.statics.createCircuitIfNotExist = async function (req, idapp, province, card) {
const { User } = require('../models/user');
const useradmin = shared_consts.USER_ADMIN_CIRCUITS;
const admins = shared_consts.USER_ADMIN_CIRCUITS;
const useradmin = shared_consts.USER_ADMIN_SINGOLO;
let myrec = null;
try {
@@ -1174,7 +1175,7 @@ CircuitSchema.statics.createCircuitIfNotExist = async function (req, idapp, prov
totTransato: 0,
totCircolante: 0,
date_created: new Date(),
admins: useradmin.map((username) => ({ username })),
admins: admins.map((username) => ({ username })),
askManagerToEnter: false,
sendEmailAfterAskingToEnter: false,
circuitoIndipendente: false,

1579
src/router/users_router.js
View File

File diff suppressed because it is too large Load Diff

375
src/router/users_router_new.js Executable file
View File

@@ -0,0 +1,375 @@
const express = require('express');
const router = express.Router();
const UserController = require('../controllers/UserController');
const { authenticate, authenticate_noerror, authenticate_withUser } = require('../middleware/authenticate');
const { checkBlocked } = require('../middleware/securityMiddleware');
// Initialize controller
const userController = new UserController();
// ===== PUBLIC ROUTES =====
/**
* Register new user
* POST /users
*/
router.post('/', (req, res) => userController.register(req, res));
/**
* Check if username exists
* GET /users/:idapp/:username
*/
router.get('/:idapp/:username', (req, res) => userController.checkUsername(req, res));
/**
* User login
* POST /users/login
*/
router.post('/login', checkBlocked, (req, res) => userController.login(req, res));
/**
* Refresh authentication token
* POST /users/newtok
*/
router.post('/newtok', (req, res) => userController.refreshToken(req, res));
/**
* Get user activities (public profile)
* POST /users/activities
*/
router.post('/activities', authenticate_noerror, (req, res) =>
userController.getProfile(req, res)
);
// ===== AUTHENTICATED ROUTES =====
/**
* Get user profile
* POST /users/profile
*/
router.post('/profile', authenticate, (req, res) =>
userController.getProfile(req, res)
);
/**
* Get user panel info (admin/manager only)
* POST /users/panel
*/
router.post('/panel', authenticate, (req, res) => {
const { User } = require('../models/user');
const server_constants = require('../tools/server_constants');
if (!req.user || (!User.isAdmin(req.user.perm) &&
!User.isManager(req.user.perm) &&
!User.isFacilitatore(req.user.perm))) {
return res.status(server_constants.RIS_CODE_ERR_UNAUTHORIZED).send({
code: server_constants.RIS_CODE_ERR_UNAUTHORIZED,
msg: ''
});
}
userController.getProfile(req, res);
});
/**
* Update user balance
* POST /users/updatesaldo
*/
router.post('/updatesaldo', authenticate, (req, res) =>
userController.updateSaldo(req, res)
);
/**
* Get user's friends
* POST /users/friends
*/
router.post('/friends', authenticate, (req, res) =>
userController.getFriends(req, res)
);
/**
* Execute friend command
* POST /users/friends/cmd
*/
router.post('/friends/cmd', authenticate, (req, res) =>
userController.executeFriendCommand(req, res)
);
/**
* Send command to user
* POST /users/sendcmd
*/
router.post('/sendcmd', authenticate, (req, res) => {
const usernameLogged = req.user.username;
const { idapp, usernameOrig, usernameDest, cmd, value } = req.body;
userController.userService.sendCommand(
req, idapp, usernameOrig, usernameDest, cmd, value
).then(result => res.send(result))
.catch(error => res.status(400).send({ error: error.message }));
});
/**
* Get user's groups
* POST /users/groups
*/
router.post('/groups', authenticate, (req, res) =>
userController.getGroups(req, res)
);
/**
* Execute group command
* POST /users/groups/cmd
*/
router.post('/groups/cmd', authenticate, (req, res) => {
const usernameLogged = req.user.username;
const { idapp, usernameOrig, groupnameDest, cmd, value } = req.body;
userController.userService.executeGroupCommand(
idapp, usernameOrig, groupnameDest, cmd, value, usernameLogged
).then(result => res.send(result))
.catch(error => res.status(400).send({ error: error.message }));
});
/**
* Get user's circuits
* POST /users/circuits
*/
router.post('/circuits', authenticate_withUser, (req, res) =>
userController.getCircuits(req, res)
);
/**
* Execute circuit command
* POST /users/circuits/cmd
*/
router.post('/circuits/cmd', authenticate, async (req, res) => {
const usernameLogged = req.user.username;
const { idapp, usernameOrig, circuitname, cmd, value, extrarec } = req.body;
try {
const result = await userController.userService.executeCircuitCommand(
idapp, usernameOrig, circuitname, cmd, value, usernameLogged, extrarec
);
res.send(result);
} catch (error) {
res.status(400).send({ error: error.message });
}
});
/**
* Logout user
* DELETE /users/me/token
*/
router.delete('/me/token', authenticate_withUser, (req, res) =>
userController.logout(req, res)
);
/**
* Set user permissions
* POST /users/setperm
*/
router.post('/setperm', authenticate, (req, res) =>
userController.setPermissions(req, res)
);
/**
* Get last movements/transactions
* POST /users/lastmovs
*/
router.post('/lastmovs', authenticate, async (req, res) => {
const { nummov, nummov_uscita, idapp } = req.body;
const server_constants = require('../tools/server_constants');
const tools = require('../tools/general');
try {
const { Movement } = require('../models/movement');
let last_transactions = [];
if (nummov) {
last_transactions = await Movement.getLastN_Transactions(idapp, nummov, nummov_uscita);
}
res.send({ code: server_constants.RIS_CODE_OK, last_transactions });
} catch (e) {
tools.mylogserr('Error lastmovs: ', e);
res.status(400).send();
}
});
/**
* Set receive RIS flag
* POST /users/receiveris
*/
router.post('/receiveris', authenticate, async (req, res) => {
const username = req.user?.username || '';
const { groupname, idapp } = req.body;
const { User } = require('../models/user');
const { MyGroup } = require('../models/mygroup');
const server_constants = require('../tools/server_constants');
const tools = require('../tools/general');
try {
if (!username) {
return res.send({ code: server_constants.RIS_CODE_ERR });
}
if (groupname) {
await MyGroup.setReceiveRisGroup(idapp, groupname);
} else {
await User.setReceiveRis(idapp, username);
}
res.send({ code: server_constants.RIS_CODE_OK });
} catch (err) {
tools.mylog('ERRORE IN receiveris: ' + err.message);
res.status(400).send();
}
});
/**
* List registration links
* POST /users/listlinkreg
*/
router.post('/listlinkreg', authenticate, async (req, res) => {
const username = req.user?.username || '';
const { idapp } = req.body;
const { User } = require('../models/user');
const server_constants = require('../tools/server_constants');
const tools = require('../tools/general');
try {
if (!username) {
return res.send({ code: server_constants.RIS_CODE_ERR });
}
await User.setLinkReg(idapp, username);
res.send({ code: server_constants.RIS_CODE_OK });
} catch (err) {
tools.mylog('ERRORE IN listlinkreg: ' + err.message);
res.status(400).send();
}
});
// ===== ADMIN ROUTES =====
/**
* Update user (admin only)
* PATCH /users/:id
*/
router.patch('/:id', authenticate, (req, res) => {
const { User } = require('../models/user');
const _ = require('lodash');
const shared_consts = require('../tools/shared_nodejs');
const server_constants = require('../tools/server_constants');
const tools = require('../tools/general');
const id = req.params.id;
const body = _.pick(req.body.user, shared_consts.fieldsUserToChange());
tools.mylogshow('PATCH USER: ', id);
if (!User.isAdmin(req.user.perm)) {
return res.status(server_constants.RIS_CODE_ERR_UNAUTHORIZED).send({
code: server_constants.RIS_CODE_ERR_UNAUTHORIZED,
msg: ''
});
}
User.findByIdAndUpdate(id, { $set: body })
.then((user) => {
tools.mylogshow(' USER TO MODIFY: ', user);
if (!user) {
return res.status(404).send();
}
res.send({ code: server_constants.RIS_CODE_OK, msg: '' });
})
.catch((e) => {
tools.mylogserr('Error patch USER: ', e);
res.status(400).send();
});
});
/**
* Execute database operation (admin only)
* POST /users/dbop
*/
router.post('/dbop', authenticate, (req, res) =>
userController.executeDbOperation(req, res)
);
/**
* Execute user database operation
* POST /users/dbopuser
*/
router.post('/dbopuser', authenticate, async (req, res) => {
const { mydata, idapp } = req.body;
const server_constants = require('../tools/server_constants');
try {
const result = await userController.userService.executeUserDbOperation(
idapp,
mydata,
req.user.username
);
res.send({ code: server_constants.RIS_CODE_OK, ris: result });
} catch (e) {
res.status(400).send({ code: server_constants.RIS_CODE_ERR, msg: e.message });
}
});
/**
* Get map information
* POST /users/infomap
*/
router.post('/infomap', authenticate, (req, res) =>
userController.getMapInfo(req, res)
);
/**
* Management telegram operations
* POST /users/mgt
*/
router.post('/mgt', authenticate_withUser, async (req, res) => {
const { mydata, idapp } = req.body;
const telegrambot = require('../telegram/telegrambot');
try {
const { nummsgsent, numrec, textsent, text } =
await telegrambot.sendMsgFromSiteToBotTelegram(idapp, req.user, mydata);
res.send({ numrec, nummsgsent, textsent, text });
} catch (e) {
res.status(400).send({ error: e.message });
}
});
// ===== TEST ROUTES (Development only) =====
if (process.env.NODE_ENV === 'development' || process.env.LOCALE === '1') {
router.post('/test1', async (req, res) => {
const { User } = require('../models/user');
const sendemail = require('../sendemail');
const user = await User.findOne({
idapp: 1,
username: 'paoloar77'
});
if (user) {
await sendemail.sendEmail_Registration(
user.lang,
user.email,
user,
user.idapp,
user.linkreg
);
}
res.send({ success: true });
});
}
module.exports = router;

19
src/sendemail.js
View File

@@ -500,10 +500,12 @@ module.exports = {
},
getPathEmail(idapp, email_template) {
const RISO_TEMPLATES = ['reg_notifica_all_invitante'];
const RISO_TEMPLATES = ['reg_notifica_all_invitante', 'reg_email_benvenuto_ammesso'];
if (RISO_TEMPLATES.includes(email_template)) {
return tools.RISO_STR_PATH + '/' + email_template;
if (idapp === '13') {
if (RISO_TEMPLATES.includes(email_template)) {
return tools.RISO_STR_PATH + '/' + email_template;
}
}
return 'defaultSite/' + email_template;
},
@@ -525,6 +527,8 @@ module.exports = {
usernameInvitante: user.aportador_solidario,
nomeInvitante: nomecognomeInvitante.trim(),
nomeInvitato: await User.getNameSurnameEUsernameByUsername(idapp, user.username),
usernameInvitato: user.username,
emailInvitato: user.email,
user,
};
@@ -534,7 +538,7 @@ module.exports = {
if (user.verified_email) {
// se l'utente è già stato verificata la sua email, allora gli mando direttamente la email di invito.
quale_email_inviare = 'reg_email_benvenuto_ammesso/' + lang;
quale_email_inviare = this.getPathEmail(idapp, 'reg_email_benvenuto_ammesso') + '/' + lang;
} else {
// altrimenti gli mando l'email con la richiesta di Verifica email
quale_email_inviare = tools.getpathregByIdApp(idapp, lang);
@@ -583,7 +587,7 @@ module.exports = {
sendEmail_InvitaAmico: async function (lang, emailto, user, idapp, dati) {
try {
const nomecognomeInvitante = await User.getNameSurnameByUsername(idapp, dati.usernameInvitante, true);
let mylocalsconf = {
idapp,
dataemail: await this.getdataemail(idapp),
@@ -621,6 +625,7 @@ module.exports = {
linkRegistrazione: this.getlinkInvitoReg(idapp, dati),
emailto: emailto,
usernameInvitante: dati.usernameInvitante,
ammessoUtente: true,
};
const ris = await this.sendEmail_base('reg_email_benvenuto_ammesso/' + lang, emailto, mylocalsconf, '');
@@ -705,17 +710,19 @@ module.exports = {
await this.sendEmail_base('resetpwd/' + lang, emailto, mylocalsconf, '');
},
sendEmail_RisRicevuti: async function (lang, userDest, emailto, idapp, myrec) {
sendEmail_RisRicevuti: async function (lang, userDest, emailto, idapp, myrec, extrarec) {
console.log('sendEmail_RisRicevuti');
let mylocalsconf = {
idapp,
baseurl: tools.getHostByIdApp(idapp),
dataemail: await this.getdataemail(idapp),
locale: lang,
nomeapp: tools.getNomeAppByIdApp(idapp),
strlinksito: tools.getHostByIdApp(idapp),
emailto: emailto,
qty: myrec.qty,
saldoAttuale: extrarec.saldoDest,
mittente: decode(myrec.mittente),
nomecircuito: decode(myrec.nomecircuito),
transactionDate: tools.getstrDate_DD_MM_YYYY(myrec.transactionDate),

53
src/services/AuthService.js
View File

@@ -16,6 +16,7 @@ class AuthService {
*/
async authenticate(idapp, username, password, req) {
try {
console.log('STO FACENDO LOGIN...');
// Check if user is blocked
if (this.isUserBlocked(username)) {
const text = `Utente bloccato. Riprova più tardi. (username=${username})`;
@@ -24,13 +25,15 @@ class AuthService {
error: true,
status: 403,
code: server_constants.RIS_CODE_ERR,
message: text
message: text,
};
}
// Find user by credentials
const user = await User.findByCredentials(idapp, username, password);
console.log('user', user);
if (!user) {
return await this._handleFailedLogin(idapp, username, req);
}
@@ -44,27 +47,25 @@ class AuthService {
// Prepare user data to send
const userToSend = this._prepareUserData(user);
console.log('userToSend', userToSend);
// Check subscription
const subsExistonDb = await this._checkSubscription(
user._id,
req.get('User-Agent')
);
const subsExistonDb = await this._checkSubscription(user._id, req.get('User-Agent'));
return {
error: false,
token,
refreshToken,
user: userToSend,
subsExistonDb
subsExistonDb,
};
} catch (error) {
console.error('Error in authenticate:', error.message);
return {
error: true,
status: 400,
code: server_constants.RIS_CODE_LOGIN_ERR_GENERIC,
message: error.message
message: error.message,
};
}
}
@@ -78,7 +79,7 @@ class AuthService {
return {
error: true,
status: 400,
message: 'Refresh token mancante'
message: 'Refresh token mancante',
};
}
@@ -88,7 +89,7 @@ class AuthService {
return {
error: true,
status: 403,
message: 'Refresh token non valido'
message: 'Refresh token non valido',
};
}
@@ -97,15 +98,14 @@ class AuthService {
return {
error: false,
token,
refreshToken: newRefreshToken
refreshToken: newRefreshToken,
};
} catch (error) {
console.error('Error in refreshToken:', error.message);
return {
error: true,
status: 500,
message: 'Errore interno del server'
message: 'Errore interno del server',
};
}
}
@@ -128,8 +128,7 @@ class AuthService {
*/
isUserBlocked(username) {
const now = Date.now();
return this.failedLoginAttempts[username] &&
this.failedLoginAttempts[username] > now;
return this.failedLoginAttempts[username] && this.failedLoginAttempts[username] > now;
}
/**
@@ -148,15 +147,17 @@ class AuthService {
const loginCheck = await User.tooManyLoginWrong(idapp, username, true);
if (loginCheck.troppilogin) {
const text = `Troppe richieste di Login ERRATE: ${username} [IP: ${tools.getiPAddressUser(req)}] Tentativi: ${loginCheck.retry_pwd}`;
const text = `Troppe richieste di Login ERRATE: ${username} [IP: ${tools.getiPAddressUser(req)}] Tentativi: ${
loginCheck.retry_pwd
}`;
await telegrambot.sendMsgTelegramToTheManagers(idapp, text);
console.log('/login', text);
return {
error: true,
status: 400,
code: server_constants.RIS_CODE_ERR,
message: text
message: text,
};
}
@@ -182,15 +183,17 @@ class AuthService {
// Block user after max attempts
if (this.failedLoginAttempts[username] >= this.MAX_FAILED_ATTEMPTS) {
this.blockUser(username);
const text = `Troppi tentativi di accesso falliti. Utente bloccato (${username}) [IP: ${tools.getiPAddressUser(req)}]`;
const text = `Troppi tentativi di accesso falliti. Utente bloccato (${username}) [IP: ${tools.getiPAddressUser(
req
)}]`;
tools.mylogshow(text);
await telegrambot.sendMsgTelegramToTheManagers(idapp, text);
return {
error: true,
status: 403,
code: server_constants.RIS_CODE_ERR,
message: text
message: text,
};
}
@@ -198,7 +201,7 @@ class AuthService {
error: true,
status: 401,
code: server_constants.RIS_CODE_LOGIN_ERR,
message: 'Credenziali non valide'
message: 'Credenziali non valide',
};
}
@@ -210,7 +213,7 @@ class AuthService {
const shared_consts = require('../tools/shared_nodejs');
const userToSend = new User();
shared_consts.fieldsUserToChange().forEach(field => {
shared_consts.fieldsUserToChange().forEach((field) => {
userToSend[field] = user[field];
});
@@ -226,7 +229,7 @@ class AuthService {
const subscription = await Subscription.findOne({
userId,
access: 'auth',
browser: userAgent
browser: userAgent,
}).lean();
return !!subscription;
@@ -237,4 +240,4 @@ class AuthService {
}
}
module.exports = AuthService;
module.exports = AuthService;

104
src/telegram/telegrambot.js
View File

@@ -447,6 +447,7 @@ const txt = {
MSG_APORTADOR_USER_REGISTERED: emo.FIRE + ' Si è appena Registrato "%s" (n. %s)\nInvitato da %s',
MSG_APORTADOR_ASK_CONFIRM:
'🆕💥 🧍‍♂️ %s si sta registrando su %s e ti chiede di poter entrare. Confermi di conoscerla ?',
MSG_APORTADOR_INVITED_REGISTERED: '🆕💥 🧍‍♂️ Complimenti! Il tuo invitato %s si è appena registrato su %s !',
MSG_ACCEPT_NEWENTRY_INGROUP: '❇️👥 🧍‍♂️ Accetta Ingresso nel GRUPPO %s:',
MSG_FRIENDS_NOT_ACCEPTED_CONFIRMED: '🚫 Hai rifiutato la richiesta di Amicizia di %s !',
MSG_HANDSHAKE_NOT_ACCEPTED_CONFIRMED: '🚫 Hai rifiutato la richiesta di Stretta di mano di %s !',
@@ -795,7 +796,6 @@ const MyTelegramBot = {
text = printf(getstr(langdest, 'MSG_APORTADOR_USER_REGISTERED'), nome, numutenti, aportador);
}
} else if (phase === this.phase.INVITA_AMICO) {
}
let addtext = '';
@@ -903,25 +903,31 @@ const MyTelegramBot = {
// Non chiedi la verifica Registrazione
await setVerifiedReg(myuser.idapp, myuser.lang, myuser.username, userDest);
} else {
msg_notifpush = getstr(langdest, 'MSG_APORTADOR_ASK_CONFIRM', myuser.username, nomeapp);
domanda = getstr(langdest, 'MSG_APORTADOR_ASK_CONFIRM', myuser.username, nomeapp) + '<br>' + struserinfomsg;
keyb = cl.getInlineKeyboard(myuser.lang, [
{
text: '✅ Ammetti ' + myuser.username,
callback_data: InlineConferma.RISPOSTA_SI + myfunc + tools.SEP + myuser.username + tools.SEP + userDest,
},
/*{
if (myuser.verified_by_aportador) {
msg_notifpush = getstr(langdest, 'MSG_APORTADOR_INVITED_REGISTERED', myuser.username, nomeapp);
domanda =
getstr(langdest, 'MSG_APORTADOR_INVITED_REGISTERED', myuser.username, nomeapp) + '<br>' + struserinfomsg;
} else {
msg_notifpush = getstr(langdest, 'MSG_APORTADOR_ASK_CONFIRM', myuser.username, nomeapp);
domanda = getstr(langdest, 'MSG_APORTADOR_ASK_CONFIRM', myuser.username, nomeapp) + '<br>' + struserinfomsg;
keyb = cl.getInlineKeyboard(myuser.lang, [
{
text: '✅ Ammetti ' + myuser.username,
callback_data: InlineConferma.RISPOSTA_SI + myfunc + tools.SEP + myuser.username + tools.SEP + userDest,
},
]);
}
/*{
text: '🚫 Rifiuta ' + myuser.username,
callback_data: InlineConferma.RISPOSTA_NO + myfunc + tools.SEP + myuser.username + tools.SEP + userDest,
}, */
]);
}
send_notif = true;
} else if (myfunc === shared_consts.CallFunz.VERIFICA_TELEGRAM) {
if (telegid > 0) {
cl.setPhotoProfile(myuser, telegid, false);
const rismsg = await MsgTemplate.getMsgByLang(
idapp,
myuser,
@@ -930,6 +936,23 @@ const MyTelegramBot = {
);
await cl.sendMsgLog(telegid, rismsg.body);
// Invia notifica Teelgram all'Invitante che il suo invitato si è Verificato con Telegram.
userDest = myuser.aportador_solidario;
let useraportador = await User.getUserShortDataByUsername(idapp, userDest);
const rismsg2 = await MsgTemplate.getMsgByLang(
idapp,
myuser,
shared_consts.TypeMsgTemplate.MSG_VERIFICA_TELEGRAM_COMPLETATA_NOTIF_INVITANTE,
myuser.lang
);
const telegidInvitante = useraportador.profile.teleg_id;
await cl.sendMsgLog(telegidInvitante, rismsg2.body);
}
} else if (myfunc === shared_consts.CallFunz.RICHIESTA_GRUPPO) {
msg_notifpush = printf(getstr(langdest, 'MSG_ACCEPT_NEWENTRY_INGROUP'), name);
@@ -1091,6 +1114,7 @@ const MyTelegramBot = {
}
},
askConfirmationUserFriend: async function (idapp, myfunc, myuser, userDest = '', username = '') {
try {
const cl = getclTelegByidapp(idapp);
@@ -1255,22 +1279,7 @@ const MyTelegramBot = {
let title = '';
let msg = '';
if (mydata.tipomsg === tools.TipoMsg.SEND_LINK_CHAT_DONATORI) {
if (sonosognatore)
msg = printf(
tools.gettranslate('SEND_LINK_CHAT_SOGNATORE', lang),
user.name,
mydata.navemediatore.riga + '.' + mydata.navemediatore.col,
mydata.msgpar1
);
else
msg = printf(
tools.gettranslate('SEND_LINK_CHAT_DONATORI', lang),
user.name,
mydata.navemediatore.riga + '.' + mydata.navemediatore.col,
mydata.msgpar1
);
} else if (mydata.tipomsg === tools.TipoMsg.SEND_MSG || mydata.tipomsg === tools.TipoMsg.SEND_MSG_SINGOLO) {
if (mydata.tipomsg === tools.TipoMsg.SEND_MSG || mydata.tipomsg === tools.TipoMsg.SEND_MSG_SINGOLO) {
if (!!mydata.username_mitt) {
msg = '[' + tools.gettranslate('MSG_SEND_FROM', lang) + ' ' + mydata.username_mitt + ']:' + tools.ACAPO;
}
@@ -1285,32 +1294,6 @@ const MyTelegramBot = {
if (cl) {
msg = await tools.convertSpecialTags(rec.user, msg);
}
if (!!mydata.flotta) {
// SOSTITUISCI LE PAROLE CHIAVI
if (!!mydata.flotta.date_start)
msg = msg.replace('{date_start}', tools.getstrDateLongTot(new Date(mydata.flotta.date_start), user.lang));
if (!!mydata.flotta.date_close)
msg = msg.replace('{date_close}', tools.getstrDateLongTot(new Date(mydata.flotta.date_close), user.lang));
if (!!mydata.flotta.link_superchat) msg = msg.replace('{link_superchat}', mydata.flotta.link_superchat);
if (!!mydata.flotta.tutor1) msg = msg.replace('{tutor1}', mydata.flotta.tutor1);
if (!!mydata.flotta.tutor2) msg = msg.replace('{tutor2}', mydata.flotta.tutor2);
if (!!mydata.flotta.tutor3) msg = msg.replace('{tutor3}', mydata.flotta.tutor3);
if (!!mydata.flotta.tutorslo) msg = msg.replace('{tutorslo}', mydata.flotta.tutorslo);
if (!!mydata.flotta.sognatore_nomecognome) msg = msg.replace('{sognatore}', mydata.flotta.sognatore_nomecognome);
if (!!mydata.flotta.sognatore_nomecognome)
msg = msg.replace(
'{flotta}',
mydata.flotta.riga +
'.' +
Math.ceil(mydata.flotta.col_prima / 8) +
' - ' +
mydata.flotta.riga +
'.' +
Math.ceil(mydata.flotta.col_ultima / 8)
);
}
return { body: msg, title };
},
@@ -1926,7 +1909,7 @@ class Telegram {
risp = 'Siiiii ! Davvero! ' + emo.DREAM;
} else if (MsgBot.PAROLACCE.find((rec) => testo.indexOf(rec) > -1)) {
risp = "Da te non me l'aspettavo proprio !! " + emo.INNOCENT + emo.CROSS_ROSSA;
// } else if (MsgBot.OK.find((rec) => testo.indexOf(rec) > -1)) {
// } else if (MsgBot.OK.find((rec) => testo.indexOf(rec) > -1)) {
// risp = '👍🏻';
} else if (MsgBot.CUORE.find((rec) => testo.indexOf(rec) > -1)) {
risp = '❤️💚💜';
@@ -3332,27 +3315,27 @@ class Telegram {
if (!msg.from.username) {
rec.cmdAfterVerified === shared_consts.CallFunz.VERIFICA_TELEGRAM;
} else {
await this.verificaTelegramCompleted(msg);
await this.verificaTelegramCompleted(msg, recuser);
}
}
}
}
async verificaTelegramCompleted(msg) {
async verificaTelegramCompleted(msg, recuser) {
try {
const rec = this.getRecInMem(msg);
const id = msg.chat.id;
const recuser = this.getRecInMemById(id);
if (recuser) {
if (rec && recuser) {
await User.setUsernameTelegram(
this.idapp,
recuser.user._id,
recuser._id,
msg.from.username || '',
msg.from.first_name || '',
msg.from.last_name || ''
);
rec.status = Status.VERIFIED;
rec.datemenu_updated = null;
rec.menuDb = null;
@@ -4595,7 +4578,6 @@ if (true) {
);
// Invia una email alla persona che è stata ammessa
await local_sendMsgTelegram(user.idapp, data.username, msgOrig);
await local_sendMsgTelegram(user.idapp, data.userDest, msgDest);

86
src/tools/general.js
View File

@@ -2145,7 +2145,6 @@ module.exports = {
}
},
getTelegramKeyByIdApp: function (idapp) {
if (this.MYAPPS.length === 0) {
console.error('❌ this.MYAPPS VUOTI!!', this.MYAPPS);
@@ -3942,7 +3941,7 @@ module.exports = {
try {
return await this.readfilecontent(__dirname + '/../version.txt');
} catch (e) {
return ''
return '';
}
},
@@ -4450,12 +4449,34 @@ module.exports = {
},
getNomeCognomeEUserNameByUser(user) {
let nome = `${user.name} ${user.surname} (${user.username})`;
if (!user.name) {
nome = user.username;
if (!user) return '';
const name = user.name?.trim() || '';
const surname = user.surname?.trim() || '';
const username = user.username?.trim() || '';
// Se ci sono nome e cognome
if (name && surname) {
return username ? `${name} ${surname} (${username})` : `${name} ${surname}`;
}
return nome;
// Se c'è solo il nome
if (name) {
return username ? `${name} (${username})` : name;
}
// Se c'è solo il cognome
if (surname) {
return username ? `${surname} (${username})` : surname;
}
// Se c'è solo username
if (username) {
return username;
}
// Nessun dato disponibile
return '';
},
sulServer() {
@@ -4527,31 +4548,45 @@ module.exports = {
try {
if (!msg) return msg;
if (!!user) {
if (user) {
// Usa replaceAll() per sostituire TUTTE le occorrenze (non solo la prima)
if (msg.includes('{host}')) {
msg = msg.replace('{host}', this.getHostByIdApp(user.idapp));
msg = msg.replaceAll('{host}', this.getHostByIdApp(user.idapp));
}
if (msg.includes('{appname}')) {
msg = msg.replaceAll('{appname}', this.getNomeAppByIdApp(user.idapp));
}
if (msg.includes('{appname}')) msg = msg.replace('{appname}', this.getNomeAppByIdApp(user.idapp));
msg = msg.replace('{username}', user.username);
// msg = await this.checkStr(msg, '{time_exp_reg}', user, 1);
msg = msg.replace('{name}', user.name ? user.name : user.username);
msg = msg.replace('{surname}', user.surname ? user.surname : '');
msg = msg.replace('{urlunsubscribe_user}', this.getUnsubsribeUrl_User(user));
msg = msg.replaceAll('{username}', user.username || '');
msg = msg.replaceAll('{name}', user.name || user.username || '');
msg = msg.replaceAll('{surname}', user.surname || '');
msg = msg.replaceAll('{urlunsubscribe_user}', this.getUnsubsribeUrl_User(user));
msg = msg.replaceAll('{aportador_solidario}', user.aportador_solidario || '');
msg = msg.replace('{aportador_solidario}', user.aportador_solidario ? user.aportador_solidario : '');
if (!!user.profile.link_payment) msg = msg.replace('{link_paypalme}', user.profile.link_payment);
if (!!user.profile.revolut) msg = msg.replace('{revolut}', user.profile.revolut);
if (!!user.profile.payeer_id) msg = msg.replace('{payeer_id}', user.profile.payeer_id);
if (!!user.profile.advcash_id) msg = msg.replace('{advcash_id}', user.profile.advcash_id);
if (!!user.profile.email_paypal) msg = msg.replace('{email_paypal}', user.profile.email_paypal);
if (!!user.profile.note_payment) msg = msg.replace('{note_payment}', user.profile.note_payment);
// Usa optional chaining per evitare errori se user.profile è undefined
if (user.profile?.link_payment) {
msg = msg.replaceAll('{link_paypalme}', user.profile.link_payment);
}
if (user.profile?.revolut) {
msg = msg.replaceAll('{revolut}', user.profile.revolut);
}
if (user.profile?.payeer_id) {
msg = msg.replaceAll('{payeer_id}', user.profile.payeer_id);
}
if (user.profile?.advcash_id) {
msg = msg.replaceAll('{advcash_id}', user.profile.advcash_id);
}
if (user.profile?.email_paypal) {
msg = msg.replaceAll('{email_paypal}', user.profile.email_paypal);
}
if (user.profile?.note_payment) {
msg = msg.replaceAll('{note_payment}', user.profile.note_payment);
}
}
// const cl = getclTelegByidapp(user.idapp);
msg = msg.replace('{link_chathelp}', this.HELP_CHAT);
msg = msg.replaceAll('{link_chathelp}', this.HELP_CHAT);
} catch (e) {
console.log(e);
console.error('Errore in convertSpecialTags:', e);
}
return msg;
@@ -4965,7 +5000,7 @@ module.exports = {
mystr = i18n.__(
'DATE_1DAY',
this.getstrDateLong(myevent.dateTimeStart),
this.getstrTime(myevent.dateTimeStart),
this.getstrTime(myevent.dateTimeStart)
);
} else {
mystr = i18n.__(
@@ -6305,7 +6340,6 @@ module.exports = {
getTokenRandom() {
return crypto.randomBytes(32).toString('hex');
},
async ensureDir(fullnamepath) {

1
src/tools/shared_nodejs.js
View File

@@ -597,6 +597,7 @@ module.exports = {
MSG_BENV_REGISTRATO: 2020,
MSG_INVITE_WHATSAPP: 2040,
MSG_VERIFICA_TELEGRAM_COMPLETATA: 2050,
MSG_VERIFICA_TELEGRAM_COMPLETATA_NOTIF_INVITANTE: 2060,
},
TypeSend: {