- aggiornamento refreshtoken (parte 1)

- PCB: fix listino
2024-04-09 21:56:50 +02:00
parent 3221cf8d25
commit 07c210c59e
17 changed files with 280 additions and 112 deletions
--- a/src/server/router/admin_router.js
+++ b/src/server/router/admin_router.js
@@ -402,6 +402,9 @@ router.post('/import', authenticate, async (req, res) => {
        }

      }
+
+      return res.status(200).send({ updated, imported, errors });
+
    } else if (cmd === shared_consts.Cmd.PRODUCTS_V2) {
      let mydata = `[${data.arrdata}]`;
      dataObjects = mydata.replace(/\n/g, '');
--- a/src/server/router/index_router.js
+++ b/src/server/router/index_router.js
@@ -253,14 +253,15 @@ router.post(process.env.LINK_UPDATE_PWD, async (req, res) => {
    user.lasttimeonline = new Date();

    // Crea token
-    user.generateAuthToken(req).then(token => {
+    user.generateAuthToken(req).then(ris => {
      user.tokenforgot = '';  // Svuota il tokenforgot perché non ti servirà più...
      user.tokenforgot_code = '';  // Svuota il tokenforgot perché non ti servirà più...

      // Salva lo User
      user.save().then(() => {
-        res.header('x-auth', token).
-          send({ code: server_constants.RIS_CODE_OK });   // Ritorna il token di ritorno
+        res.header('x-auth', ris.token)
+          .header('x-refrTok', ris.refreshToken)
+          .send({ code: server_constants.RIS_CODE_OK });   // Ritorna il token di ritorno
      });
    });
  }
@@ -344,7 +345,7 @@ router.post('/settable', authenticate, async (req, res) => {
      && !User.isEditor(req.user.perm)
      && !User.isFacilitatore(req.user.perm))
      &&
-      await !tools.ModificheConsentite(req, params.table, fieldsvalue, mydata ? mydata._id: '')) {
+      await !tools.ModificheConsentite(req, params.table, fieldsvalue, mydata ? mydata._id : '')) {
      // If without permissions, exit
      return res.status(404).
        send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' });
@@ -768,14 +769,15 @@ router.post('/getpage', async (req, res) => {
  const mypath = params.path;

  let found = await MyPage.findOne({ idapp, path: mypath }).then((ris) => {
-    if (ris)
-      return res.send({ mypage: ris });
+    if (ris && ris._doc)
+      return res.send({ mypage: ris._doc });
    else
      return null;
  }).catch((e) => {
    console.log(e.message);
    res.status(400).send(e);
  });
+
  if (!found) {
    // trova quelli con il :
    let regexp = new RegExp(`:`, 'ig')
@@ -1415,7 +1417,7 @@ function load(req, res, version) {

  let socioresidente = false;

-  if (!!req.user)
+  if (req.user)
    socioresidente = req.user.profile.socioresidente;

  if (userId !== '0') {
@@ -1673,13 +1675,11 @@ function load(req, res, version) {

 }

-router.get(process.env.LINK_CHECK_UPDATES, authenticate, async (req, res) => {
-  const userId = req.user._id;
+router.get(process.env.LINK_CHECK_UPDATES, authenticate_noerror, async (req, res) => {
  const idapp = req.query.idapp;

  // console.log("POST " + process.env.LINK_CHECK_UPDATES + " userId=" + userId);
-
-  if (!ObjectID.isValid(userId)) {
+  if (!req.user) {
    return res.status(404).send();
  }

@@ -1690,22 +1690,31 @@ router.get(process.env.LINK_CHECK_UPDATES, authenticate, async (req, res) => {

    // ++Add to Log Stat ....

+    let last_msgs = null;
+    let last_notifs = null;
+    let usersList = null;
    // const sall = '0';

    // msgs = SendMsg.findAllByUserIdAndIdApp(userId, req.user.username, req.user.idapp);
-    let last_msgs = SendMsg.findLastGroupByUserIdAndIdApp(userId, req.user.username, idapp);
-    let last_notifs = SendNotif.findLastNotifsByUserIdAndIdApp(req.user.username, idapp, 40);
-
-    let usersList = null;
-
    if (req.user) {
-      // If User is Admin, then send user Lists
-      if (User.isAdmin(req.user.perm) || User.isEditor(req.user.perm) ||
-        User.isManager(req.user.perm)) {

-        // Send UsersList
-        usersList = User.getUsersList(idapp);
-        // usersList = null;
+      const userId = req.user._id;
+      if (!ObjectID.isValid(userId)) {
+        return res.status(404).send();
+      }
+    
+      last_msgs = SendMsg.findLastGroupByUserIdAndIdApp(userId, req.user.username, idapp);
+      last_notifs = SendNotif.findLastNotifsByUserIdAndIdApp(req.user.username, idapp, 40);
+
+      if (req.user) {
+        // If User is Admin, then send user Lists
+        if (User.isAdmin(req.user.perm) || User.isEditor(req.user.perm) ||
+          User.isManager(req.user.perm)) {
+
+          // Send UsersList
+          usersList = User.getUsersList(idapp);
+          // usersList = null;
+        }
      }
    }

--- a/src/server/router/subscribe_router.js
+++ b/src/server/router/subscribe_router.js
@@ -5,7 +5,7 @@ const Subscription = require('../models/subscribers');

 const tools = require('../tools/general');

-var {authenticate} = require('../middleware/authenticate');
+var { authenticate } = require('../middleware/authenticate');

 const isValidSaveRequest = (req, res) => {
  try {
@@ -79,7 +79,7 @@ router.post('/', authenticate, async (req, res) => {
          tools.sendBackNotif(subscription, req.body.options);
        }
        // console.log('Subscription saved... ')
-        return res.send({data: 'Subscription saved.'});
+        return res.send({ data: 'Subscription saved.' });
      }
    });
  });
@@ -88,13 +88,19 @@ router.post('/', authenticate, async (req, res) => {

 router.delete('/del', authenticate, (req, res) => {
  // tools.mylog("TOKENREM = " + req.token);
-  const browser = req.get('User-Agent');
-  Subscription.findOneAndRemove(
-      {userId: req.user._id, access: req.access, browser}).then(() => {
-    res.status(200).send();
-  }, () => {
-    res.status(400).send();
-  });
+  try {
+
+
+    const browser = req.get('User-Agent');
+    Subscription.findOneAndRemove(
+      { userId: req.user._id, access: req.access, browser }).then(() => {
+        res.status(200).send();
+      }, () => {
+        res.status(400).send();
+      });
+  } catch (e) {
+    
+  }
 });

 router.get('/', (req, res) => {
--- a/src/server/router/users_router.js
+++ b/src/server/router/users_router.js
@@ -298,8 +298,11 @@ router.post('/', async (req, res) => {

        await telegrambot.askConfirmationUser(myuser.idapp, shared_consts.CallFunz.REGISTRATION, myuser);

-        const token = await myuser.generateAuthToken(req);
-        res.header('x-auth', token).send(myuser);
+        const { token, refreshToken } = await myuser.generateAuthToken(req);
+        res
+          .header('x-auth', token)
+          .header('x-refrTok', refreshToken)
+          .send(myuser);
        return true;
      }
    }
@@ -333,7 +336,7 @@ router.post('/', async (req, res) => {
          return 0;
        }
      }).
-      then(async (token) => {
+      then(async (ris) => {
        // tools.mylog("passo il TOKEN: ", token);

        if (recextra) {
@@ -343,9 +346,9 @@ router.post('/', async (req, res) => {

          // await User.fixUsername(user.idapp, user.ind_order, user.username);
        }
-        return token;
+        return ris;
      }).
-      then(async (token) => {
+      then(async (ris) => {

        // tools.mylog("LINKREG = " + user.linkreg);
        // Invia un'email all'utente
@@ -358,7 +361,10 @@ router.post('/', async (req, res) => {
        await sendemail.sendEmail_Registration(user.lang, user.email, user,
          user.idapp, user.linkreg);
        // }
-        res.header('x-auth', token).send(user);
+        res
+          .header('x-auth', ris.token)
+          .header('x-refrTok', ris.refreshToken)
+          .send(user);
        return true;
      });
  }).catch((e) => {
@@ -605,6 +611,33 @@ router.post('/notifs', authenticate, async (req, res) => {

 });

+router.post('/newtok', async (req, res) => {
+
+  try {
+    const refreshToken = req.body.refreshToken;
+
+    // Ottieni l'utente in base al refreshtoken
+    const recFound = await User.findOne({ 'tokens.refreshToken': refreshToken });
+
+    if (recFound) {
+      return recFound.generateAuthToken(req)
+        .then((ris) => {
+          return res.status(200).send({
+            usertosend,
+            token: ris.token,
+            refreshToken: ris.refreshToken
+          });
+        })
+    }
+
+  } catch (e) {
+    console.error('Err', e);
+  }
+
+  res.status(404).send({ code: server_constants.RIS_CODE_LOGIN_ERR });
+
+});
+
 router.post('/login', (req, res) => {
  var body = _.pick(req.body,
    ['username', 'password', 'idapp', 'keyappid', 'lang']);
@@ -640,7 +673,7 @@ router.post('/login', (req, res) => {
    then(user => {
      // console.log('Lgn-Ok');
      if (user) {
-        return user.generateAuthToken(req).then((token) => {
+        return user.generateAuthToken(req).then((ris) => {
          var usertosend = new User();

          shared_consts.fieldsUserToChange().forEach((field) => {
@@ -655,7 +688,7 @@ router.post('/login', (req, res) => {
          // tools.mylog("user.verified_email:" + user.verified_email);
          // tools.mylog("usertosend.userId", usertosend.userId);

-          return { usertosend, token };
+          return { usertosend, token: ris.token, refreshToken: ris.refreshToken };

        }).then((myris) => {
          const access = 'auth';
@@ -671,6 +704,7 @@ router.post('/login', (req, res) => {
              return {
                usertosend: myris.usertosend,
                token: myris.token,
+                refreshToken: myris.refreshToken,
                subsExistonDb,
              };
            }).
@@ -678,6 +712,7 @@ router.post('/login', (req, res) => {
              return {
                usertosend: myris.usertosend,
                token: myris.token,
+                refreshToken: myris.refreshToken,
                subsExistonDb: false,
              };
            });
@@ -685,11 +720,14 @@ router.post('/login', (req, res) => {
          // console.log('res', myris.token, myris.usertosend);

          // SEND TOKEN AND CODE RESULT
-          return res.header('x-auth', myris.token).send({
-            usertosend: myris.usertosend,
-            code: server_constants.RIS_CODE_OK,
-            subsExistonDb: myris.subsExistonDb,
-          });
+          return res
+            .header('x-auth', myris.token)
+            .header('x-refrTok', myris.refreshToken)
+            .send({
+              usertosend: myris.usertosend,
+              code: server_constants.RIS_CODE_OK,
+              subsExistonDb: myris.subsExistonDb,
+            });

          // tools.mylog("TROVATOOO!");